palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixfmt: reformat all files

Browse source
This commit is contained in:
Ingolf Wagner 2019-12-20 17:54:26 +13:00
parent fccbc04336
commit 42d30d7edf
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
192 changed files with 5276 additions and 5151 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
configs/pepe/configuration.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [
@ -16,18 +14,16 @@
custom.samba-share = {
enable = false;
folders = {
public = "/home/palo/movies";
};
folders = { public = "/home/palo/movies"; };
};
system.custom.wifi.interfaces = ["wlp3s0"];
system.custom.wifi.interfaces = [ "wlp3s0" ];
networking.hostName = "pepe";
networking.hostName = "pepe";
security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
};
# keybase
@ -41,16 +37,16 @@
# fonts
# -----
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
system.custom.fonts.dpi = 100;
virtualisation = {
docker.enable = false;
virtualbox = {
host.enable = false;
guest.x11 = false;
host.enable = false;
guest.x11 = false;
guest.enable = false;
};
};
@ -62,4 +58,3 @@
}

38
configs/pepe/hardware-configuration.nix
View file

@ -4,18 +4,17 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.grub = {
enable = true;
enable = true;
version = 2;
device = "/dev/sda";
device = "/dev/sda";
};
zramSwap = {
@ -34,37 +33,31 @@
#device = "/dev/ram2";
#fsType = "tmpfs";
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/secure_vg/browser";
fsType = "ext4";
device = "/dev/secure_vg/browser";
fsType = "ext4";
};
nix.maxJobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# lvm volume group
# ----------------
boot.initrd.luks.devices = [
{
name = "secure_vg";
device = "/dev/sda2";
preLVM = true;
}
];
boot.initrd.luks.devices = [{
name = "secure_vg";
device = "/dev/sda2";
preLVM = true;
}];
# NTFS support
# ------------
environment.systemPackages = [
pkgs.ntfs3g
];
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/secure_vg/root";
fsType = "ext4";
device = "/dev/secure_vg/root";
fsType = "ext4";
};
# boot
@ -74,5 +67,4 @@
fsType = "ext4";
};
}

1
configs/pepe/samba.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
{
}

3
configs/pepe/syncthing.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
test.services.syncthing = {
enable = true;

51
configs/pepe/wifi-access-point.nix
View file

@ -1,22 +1,21 @@
{lib, pkgs, ... }:
{ lib, pkgs, ... }:
let
wifi = "wlp0s29u1u2";
ipAddress = "10.123.145.1";
prefixLength = 24;
servedAddressRange = "10.123.145.2,10.123.145.150,12h";
ssid="bumbumbum";
wifiPassword=lib.fileContents <secrets/wifi-access-point>;
in
ssid = "bumbumbum";
wifiPassword = lib.fileContents <secrets/wifi-access-point>;
{
in {
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [ {
networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress;
prefixLength = prefixLength;
}];
@ -35,25 +34,33 @@ in
# start manual
# wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''}";
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''
}";
Restart = "always";
};
};

3
configs/porani/configuration.nix
View file

@ -1,5 +1,4 @@
{ pkgs, lib, config, ... }:
{
{ pkgs, lib, config, ... }: {
imports = [
<system/server>

52
configs/porani/hardware-configuration.nix
View file

@ -1,10 +1,8 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
{ config, lib, pkgs, ... }: {
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@ -12,33 +10,29 @@
# grub configuration
# ------------------
boot.loader.grub = {
device = "/dev/sda";
enable = true;
device = "/dev/sda";
enable = true;
version = 2;
};
# lvm volume group
# ----------------
boot.initrd.luks.devices = [
{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}
];
boot.initrd.luks.devices = [{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}];
# NTFS support
# ------------
environment.systemPackages = [
pkgs.ntfs3g
];
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/root";
fsType = "ext4";
device = "/dev/vg/root";
fsType = "ext4";
};
# boot
@ -59,16 +53,14 @@
#"x-systemd.device-timeout=1ms"
];
};
systemd.mounts = [
{
enable = true;
options = "nofail,noauto";
type = "ext4";
wantedBy = ["multi-user.target"];
what = "/dev/disk/by-uuid/162c2f9e-8baa-4433-99fd-bb7e7b69472f";
where = "/media";
}
];
systemd.mounts = [{
enable = true;
options = "nofail,noauto";
type = "ext4";
wantedBy = [ "multi-user.target" ];
what = "/dev/disk/by-uuid/162c2f9e-8baa-4433-99fd-bb7e7b69472f";
where = "/media";
}];
swapDevices = [ ];

305
configs/porani/home-assistant.nix
View file

@ -1,6 +1,5 @@
{ pkgs, config, lib, ... }:
let
unstablePkgs = import <nixpkgs-unstable> {};
let unstablePkgs = import <nixpkgs-unstable> { };
in {
imports = [
@ -15,175 +14,167 @@ in {
./home-assistant/zigbee2mqtt.nix
];
services.homeAssistantConfig = {
# turn on to edit GUI
# lovelace = {};
# turn on to edit GUI
# lovelace = {};
homeassistant = {
latitude = 51.444847;
longitude = 6.967006;
elevation = 116;
homeassistant = {
latitude = 51.444847;
longitude = 6.967006;
elevation = 116;
auth_providers = [{
type = "trusted_networks";
trusted_networks =
[ config.module.cluster.services.tinc."private".networkSubnet ];
}];
};
auth_providers = [
{
type = "trusted_networks";
trusted_networks = [
config.module.cluster.services.tinc."private".networkSubnet
];
}
prometheus.namespace = "hass";
automation = [
# todo when ich weis ich bin zuhause
#{
# alias = "Licht and wenn Dunkel";
# trigger = {
# platform = "state";
# entity_id = [ "binary_sensor.night" ];
# from = "off";
# to = "on";
# };
# action = [
# {
# service = "switch.turn_on";
# entity_id = "group.kitchen";
# }
# {
# service = "switch.turn_on";
# entity_id = "group.living_room";
# }
# ];
#}
#{
# alias = "Küchen Sensor An";
# trigger = {
# platform = "state";
# entity_id = [ "binary_sensor.motion_1" ];
# to = "on";
# };
# action = {
# service = "switch.turn_on";
# entity_id = "group.kitchen";
# };
#}
#{
# alias = "Küchen Sensor aus";
# trigger = {
# platform = "state";
# entity_id = [ "binary_sensor.motion_1" ];
# to = "off";
# for = "00:00:25";
# };
# action = {
# service = "switch.turn_off";
# entity_id = "group.kitchen";
# };
#}
];
group = {
bed_room = {
name = "Schlafzimmer";
view = false;
};
tv = {
name = "TV";
view = false;
};
living_room = {
name = "Wohnzimmer";
view = false;
};
kitchen = {
name = "Küche";
view = false;
};
today = {
control = "hidden";
name = "Today";
view = false;
entities = [ "sensor.weather_temperature" "sun.sun" ];
};
all_lights = {
name = "All Lights";
view = false;
};
unknown = {
control = "hidden";
name = "Not Used";
view = false;
};
view_rooms = {
name = "Räume";
view = true;
entities = [
"group.all_lights"
"group.bed_room"
"group.living_room"
"group.kitchen"
"group.tv"
];
};
prometheus.namespace = "hass";
automation = [
# todo when ich weis ich bin zuhause
#{
# alias = "Licht and wenn Dunkel";
# trigger = {
# platform = "state";
# entity_id = [ "binary_sensor.night" ];
# from = "off";
# to = "on";
# };
# action = [
# {
# service = "switch.turn_on";
# entity_id = "group.kitchen";
# }
# {
# service = "switch.turn_on";
# entity_id = "group.living_room";
# }
# ];
#}
#{
# alias = "Küchen Sensor An";
# trigger = {
# platform = "state";
# entity_id = [ "binary_sensor.motion_1" ];
# to = "on";
# };
# action = {
# service = "switch.turn_on";
# entity_id = "group.kitchen";
# };
#}
#{
# alias = "Küchen Sensor aus";
# trigger = {
# platform = "state";
# entity_id = [ "binary_sensor.motion_1" ];
# to = "off";
# for = "00:00:25";
# };
# action = {
# service = "switch.turn_off";
# entity_id = "group.kitchen";
# };
#}
];
group = {
bed_room = {
name = "Schlafzimmer";
view = false;
};
tv = {
name = "TV";
view = false;
};
living_room = {
name = "Wohnzimmer";
view = false;
};
kitchen = {
name = "Küche";
view = false;
};
today = {
control = "hidden";
name = "Today";
view = false;
entities = [
"sensor.weather_temperature"
"sun.sun"
];
};
all_lights = {
name = "All Lights";
view = false;
};
unknown = {
control = "hidden";
name = "Not Used";
view = false;
};
view_rooms = {
name = "Räume";
view = true;
entities = [
"group.all_lights"
"group.bed_room"
"group.living_room"
"group.kitchen"
"group.tv"
];
};
view_overview = {
name = "Übersicht";
view = true;
entities = [ "group.today" ];
};
view_overview = {
name = "Übersicht";
view = true;
entities = [ "group.today" ];
};
sun = {};
};
script.turn_all_off.sequence = [ ];
sun = { };
script.turn_all_on.sequence = [ ];
script.turn_all_off.sequence = [ ];
sensor = [
# Weather prediction
{ platform = "zamg";
name = "Weather";
}
];
script.turn_all_on.sequence = [ ];
# todo: add holidays package to home-assiatnt
binary_sensor = [
{
name = "before_workday";
platform = "workday";
country = "DE";
province = "NW";
workdays = [ "mon" "tue" "wed" "thu" "fri" ];
days_offset = 1;
}
{
name = "workday";
platform = "workday";
country = "DE";
province = "NW";
workdays = [ "mon" "tue" "wed" "thu" "fri" ];
}
];
sensor = [
# Weather prediction
{
platform = "zamg";
name = "Weather";
}
];
# todo: add holidays package to home-assiatnt
binary_sensor = [
{
name = "before_workday";
platform = "workday";
country = "DE";
province = "NW";
workdays = [ "mon" "tue" "wed" "thu" "fri" ];
days_offset = 1;
}
{
name = "workday";
platform = "workday";
country = "DE";
province = "NW";
workdays = [ "mon" "tue" "wed" "thu" "fri" ];
}
];
};
services.home-assistant = {
enable = true;
package = unstablePkgs.home-assistant.override{
package = unstablePkgs.home-assistant.override {
python3 = unstablePkgs.python36;
extraPackages = python: [
# todo : check which is still needed
@ -196,22 +187,20 @@ in {
python.paho-mqtt
# needed for platform workday
(python.buildPythonPackage rec{
(python.buildPythonPackage rec {
pname = "holidays";
version = "0.9.10";
src = python.fetchPypi {
inherit pname version;
sha256 = "9f06d143eb708e8732230260636938f2f57114e94defd8fa2082408e0d422d6f";
sha256 =
"9f06d143eb708e8732230260636938f2f57114e94defd8fa2082408e0d422d6f";
};
doCheck = false;
buildInputs = [ pkgs.dateutils ];
propagatedBuildInputs = [
python."python-dateutil"
python."six"
];
propagatedBuildInputs = [ python."python-dateutil" python."six" ];
meta = with pkgs.stdenv.lib; {
homepage = "https://github.com/dr-prodigy/python-holidays";
license = licenses.mit;

23
configs/porani/home-assistant/chaospott.nix
View file

@ -43,10 +43,7 @@ in {
"${name}" = {
name = "ChaosPott (Essen)";
control = "hidden";
entities = [
"sensor.${name}_aerie"
"sensor.${name}_cellar"
];
entities = [ "sensor.${name}_aerie" "sensor.${name}_cellar" ];
};
view_overview.entities = [ "group.${name}" ];
};
@ -62,14 +59,15 @@ in {
Type = "oneshot";
};
description = "set ${name} for homeassistant";
script = /* sh */ ''
${pkgs.curl}/bin/curl -Ls https://status.chaospott.de/api \
| ${pkgs.jq}/bin/jq --compact-output \
'.sensors.door_locked |
[.[] | { "\(.location)" : (if .value then "closed" else "open" end) }] |
reduce .[] as $item ({}; . + $item) ' \
>> ${filePath}
'';
script = # sh
''
${pkgs.curl}/bin/curl -Ls https://status.chaospott.de/api \
| ${pkgs.jq}/bin/jq --compact-output \
'.sensors.door_locked |
[.[] | { "\(.location)" : (if .value then "closed" else "open" end) }] |
reduce .[] as $item ({}; . + $item) ' \
>> ${filePath}
'';
};
systemd.timers."${name}" = {
@ -81,5 +79,4 @@ in {
};
};
}

27
configs/porani/home-assistant/dayOfWeek.nix
View file

@ -7,13 +7,12 @@ let
in {
services.homeAssistantConfig = {
sensor = [
{ platform = "file";
name = "day_of_week";
file_path = filePath;
value_template = "{{ value_json.dayOfWeek }}";
}
];
sensor = [{
platform = "file";
name = "day_of_week";
file_path = filePath;
value_template = "{{ value_json.dayOfWeek }}";
}];
homeassistant = {
whitelist_external_dirs = [ folderPath ];
@ -23,11 +22,7 @@ in {
};
};
group = {
overview.entities = [
"sensor.day_of_week"
];
};
group = { overview.entities = [ "sensor.day_of_week" ]; };
};
@ -40,9 +35,10 @@ in {
Type = "oneshot";
};
description = "set day of wek for homeassistant";
script = /* sh */ ''
date +'{"dayOfWeek":"%A"}' >> ${filePath}
'';
script = # sh
''
date +'{"dayOfWeek":"%A"}' >> ${filePath}
'';
};
systemd.timers.dayOfWeek = {
enable = true;
@ -53,5 +49,4 @@ in {
};
};
}

37
configs/porani/home-assistant/holiday.nix
View file

@ -13,12 +13,14 @@ in {
# todo : use the python tool
sensor = [
{ platform = "file";
{
platform = "file";
name = "${name}_date";
file_path = filePath;
value_template = "{{ value_json.date }}";
}
{ platform = "file";
{
platform = "file";
name = "${name}_name";
file_path = filePath;
value_template = "{{ value_json.name }}";
@ -45,10 +47,7 @@ in {
name = "Feiertage";
view = false;
control = "hidden";
entities = [
"sensor.${name}_date"
"sensor.${name}_name"
];
entities = [ "sensor.${name}_date" "sensor.${name}_name" ];
};
view_overview.entities = [ "group.holidays" ];
@ -66,18 +65,19 @@ in {
Type = "oneshot";
};
description = "set ${name} for homeassistant";
script = /* sh */ ''
${pkgs.curl}/bin/curl \
-Ls "https://feiertage-api.de/api/?jahr=$( date +%Y )&nur_land=${state}" \
| ${pkgs.jq}/bin/jq --compact-output '
map_values( .datum ) |
to_entries |
map( { date: .value, name : .key } ) |
sort_by( .date ) |
map(select ( .date >= "'`date +%Y-%m-%d`'" )) |
.[0]' \
>> ${filePath}
'';
script = # sh
''
${pkgs.curl}/bin/curl \
-Ls "https://feiertage-api.de/api/?jahr=$( date +%Y )&nur_land=${state}" \
| ${pkgs.jq}/bin/jq --compact-output '
map_values( .datum ) |
to_entries |
map( { date: .value, name : .key } ) |
sort_by( .date ) |
map(select ( .date >= "'`date +%Y-%m-%d`'" )) |
.[0]' \
>> ${filePath}
'';
};
systemd.timers."${name}" = {
@ -89,5 +89,4 @@ in {
};
};
}

26
configs/porani/home-assistant/kodi.nix
View file

@ -1,23 +1,19 @@
{ pkgs, config, lib, ... }:
{
{ pkgs, config, lib, ... }: {
services.homeAssistantConfig = {
group.view_overview.entities = [
"media_player.kodi"
];
group.view_overview.entities = [ "media_player.kodi" ];
media_player = [
{
platform = "kodi";
host = "127.0.0.1";
turn_on_action.service = "script.watch_tv";
turn_off_action.service = "script.stop_watch_tv";
}
];
media_player = [{
platform = "kodi";
host = "127.0.0.1";
turn_on_action.service = "script.watch_tv";
turn_off_action.service = "script.stop_watch_tv";
}];
shell_command = {
start_display = "sudo ${pkgs.systemd}/bin/systemctl start display-manager";
start_display =
"sudo ${pkgs.systemd}/bin/systemctl start display-manager";
stop_display = "sudo ${pkgs.systemd}/bin/systemctl stop display-manager";
};
@ -50,7 +46,7 @@
service = "switch.turn_on";
data.entity_id = "group.tv";
}
{ delay.minutes = 1;}
{ delay.minutes = 1; }
{
alias = "start kodi";
service = "shell_command.start_display";

26
configs/porani/home-assistant/mpd.nix
View file

@ -3,24 +3,18 @@
{
services.homeAssistantConfig = {
group.view_overview.entities = [
"media_player.mpd"
];
group.view_overview.entities = [ "media_player.mpd" ];
media_player = [
{
platform = "mpd";
host = "localhost";
}
];
media_player = [{
platform = "mpd";
host = "localhost";
}];
script.turn_all_off.sequence = [
{
alias = "turn mpd off";
service = "media_player.turn_off";
data.entity_id = "media_player.mpd";
}
];
script.turn_all_off.sequence = [{
alias = "turn mpd off";
service = "media_player.turn_off";
data.entity_id = "media_player.mpd";
}];
script.turn_all_on.sequence = [
{

214
configs/porani/home-assistant/sonoff.nix
View file

@ -1,118 +1,120 @@
{ pkgs, config, lib, ... }:
let
unstablePkgs = import <nixpkgs-unstable> {};
let unstablePkgs = import <nixpkgs-unstable> { };
in {
services.homeAssistantConfig =
let
services.homeAssistantConfig = let
sonoffSwitches = {
"pal01" = { label = "Bett"; icon = "mdi:lightbulb-on"; };
"pal02" = { label = "Lampe"; icon = "mdi:lightbulb-on"; };
"pal03" = { label = "Couche"; icon = "mdi:lightbulb-on"; };
"pal06" = { label = "Küche"; icon = "mdi:lightbulb-on"; };
"pal05" = { label = "TV"; icon = "mdi:television"; };
"pal04" = { label = "Nummer 4"; icon = "mdi:power-plug-off"; };
"pal07" = { label = "Nummer 7"; icon = "mdi:power-plug-off"; };
"pal08" = { label = "Nummer 8"; icon = "mdi:power-plug-off"; };
sonoffSwitches = {
"pal01" = {
label = "Bett";
icon = "mdi:lightbulb-on";
};
"pal02" = {
label = "Lampe";
icon = "mdi:lightbulb-on";
};
"pal03" = {
label = "Couche";
icon = "mdi:lightbulb-on";
};
"pal06" = {
label = "Küche";
icon = "mdi:lightbulb-on";
};
"pal05" = {
label = "TV";
icon = "mdi:television";
};
toSwitch = name: "switch.${name}";
in {
homeassistant = {
customize = lib.mapAttrs' (
entity: value:
{
name = toSwitch entity;
value = {
friendly_name = value.label;
icon = value.icon;
};
}
) sonoffSwitches;
"pal04" = {
label = "Nummer 4";
icon = "mdi:power-plug-off";
};
script.turn_all_off.sequence = [
{
alias = "turn off sonoff";
service = "switch.turn_off";
data.entity_id = "group.all_lights";
}
{
alias = "turn off sonoff";
service = "switch.turn_off";
data.entity_id = "group.tv";
}
];
script.turn_all_on.sequence = [
{
alias = "turn on all lights";
service = "switch.turn_on";
data.entity_id = "group.all_lights";
}
];
group = {
bed_room = {
entities = builtins.map toSwitch [ "pal01" ];
};
living_room = {
entities = builtins.map toSwitch [ "pal03" "pal02" ];
};
tv = {
entities = builtins.map toSwitch [ "pal05" ];
};
kitchen = {
entities = builtins.map toSwitch [ "pal06" ];
};
unknown = {
entities = builtins.map toSwitch [ "pal04" "pal07" "pal08" ];
};
all_lights = {
entities = builtins.map toSwitch [ "pal01" "pal02" "pal03" "pal06" ];
};
"pal07" = {
label = "Nummer 7";
icon = "mdi:power-plug-off";
};
"pal08" = {
label = "Nummer 8";
icon = "mdi:power-plug-off";
};
switch =
let
sonoffConfigurations = builtins.map (name:
{
name = name;
platform = "mqtt";
command_topic = "cmnd/${lib.toUpper name}/POWER";
state_topic = "stat/${lib.toUpper name}/POWER";
payload_on = "ON";
payload_off = "OFF";
state_on = "ON";
state_off = "OFF";
}) (builtins.attrNames sonoffSwitches) ;
in
sonoffConfigurations;
# discover state on init
automation = [
{
alias = "Sonoff initial Power state";
trigger = {
platform = "homeassistant";
event = "start";
};
action = builtins.map ( name:
{
service = "mqtt.publish";
data = {
topic = "cmnd/${lib.toUpper name}/power";
payload = "";
};
})
(builtins.attrNames sonoffSwitches);
}
];
};
toSwitch = name: "switch.${name}";
in {
homeassistant = {
customize = lib.mapAttrs' (entity: value: {
name = toSwitch entity;
value = {
friendly_name = value.label;
icon = value.icon;
};
}) sonoffSwitches;
};
script.turn_all_off.sequence = [
{
alias = "turn off sonoff";
service = "switch.turn_off";
data.entity_id = "group.all_lights";
}
{
alias = "turn off sonoff";
service = "switch.turn_off";
data.entity_id = "group.tv";
}
];
script.turn_all_on.sequence = [{
alias = "turn on all lights";
service = "switch.turn_on";
data.entity_id = "group.all_lights";
}];
group = {
bed_room = { entities = builtins.map toSwitch [ "pal01" ]; };
living_room = { entities = builtins.map toSwitch [ "pal03" "pal02" ]; };
tv = { entities = builtins.map toSwitch [ "pal05" ]; };
kitchen = { entities = builtins.map toSwitch [ "pal06" ]; };
unknown = {
entities = builtins.map toSwitch [ "pal04" "pal07" "pal08" ];
};
all_lights = {
entities = builtins.map toSwitch [ "pal01" "pal02" "pal03" "pal06" ];
};
};
switch = let
sonoffConfigurations = builtins.map (name: {
name = name;
platform = "mqtt";
command_topic = "cmnd/${lib.toUpper name}/POWER";
state_topic = "stat/${lib.toUpper name}/POWER";
payload_on = "ON";
payload_off = "OFF";
state_on = "ON";
state_off = "OFF";
}) (builtins.attrNames sonoffSwitches);
in sonoffConfigurations;
# discover state on init
automation = [{
alias = "Sonoff initial Power state";
trigger = {
platform = "homeassistant";
event = "start";
};
action = builtins.map (name: {
service = "mqtt.publish";
data = {
topic = "cmnd/${lib.toUpper name}/power";
payload = "";
};
}) (builtins.attrNames sonoffSwitches);
}];
};
}

122
configs/porani/home-assistant/timer.nix
View file

@ -1,41 +1,35 @@
{ config, ... }:
{
{ config, ... }: {
imports = [ ./mpd.nix ];
services.homeAssistantConfig = {
sensor = [
{
platform = "time_date";
display_options = [
"time"
"date"
];
}
];
sensor = [{
platform = "time_date";
display_options = [ "time" "date" ];
}];
input_datetime = {
wakeup = {
name = "Arbeitswecker";
name = "Arbeitswecker";
has_time = true;
has_date = false;
icon = "mdi:alarm";
};
leave = {
name = "Turn off Time";
name = "Turn off Time";
has_time = true;
has_date = false;
icon = "mdi:alarm";
};
return = {
name = "Return home";
name = "Return home";
has_time = true;
has_date = false;
icon = "mdi:alarm";
};
sleep = {
name = "Turn off Time";
name = "Turn off Time";
has_time = true;
has_date = false;
icon = "mdi:alarm";
@ -63,7 +57,7 @@
input_select = {
wakeup = {
name = "Playlist";
name = "Playlist";
icon = "mdi:library-music";
options = [ "wakeup" "wakeup1" "wakeup2" ];
};
@ -72,13 +66,13 @@
binary_sensor = [
{
platform = "tod";
name = "night";
name = "night";
after = "sunset";
before = "sunrise";
}
{
platform = "tod";
name = "daytime";
name = "daytime";
after = "sunrise";
before = "sunset";
}
@ -101,30 +95,21 @@
view = false;
name = "Leave Time";
control = "hidden";
entities = [
"input_boolean.leave"
"input_datetime.leave"
];
entities = [ "input_boolean.leave" "input_datetime.leave" ];
};
timer_return = {
view = false;
name = "Nach Hause kommen";
control = "hidden";
entities = [
"input_boolean.return"
"input_datetime.return"
];
entities = [ "input_boolean.return" "input_datetime.return" ];
};
timer_sleep = {
view = false;
name = "Einschlafen";
control = "hidden";
entities = [
"input_boolean.sleep"
"input_datetime.sleep"
];
entities = [ "input_boolean.sleep" "input_datetime.sleep" ];
};
timers.entities = [
@ -136,10 +121,7 @@
"binary_sensor.daytime"
];
today.entities = [
"sensor.date"
"sensor.time"
];
today.entities = [ "sensor.date" "sensor.time" ];
view_overview.entities = [
"group.timer_wakeup"
@ -199,21 +181,17 @@
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "input_boolean.leave";
state = "on";
}
];
conditions = [{
condition = "state";
entity_id = "input_boolean.leave";
state = "on";
}];
};
action = [
{
alias = "turn all off";
service = "script.turn_on";
entity_id = "script.turn_all_off";
}
];
action = [{
alias = "turn all off";
service = "script.turn_on";
entity_id = "script.turn_all_off";
}];
}
{
@ -225,21 +203,17 @@
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "input_boolean.return";
state = "on";
}
];
conditions = [{
condition = "state";
entity_id = "input_boolean.return";
state = "on";
}];
};
action = [
{
alias = "turn all on";
service = "script.turn_on";
entity_id = "script.turn_all_on";
}
];
action = [{
alias = "turn all on";
service = "script.turn_on";
entity_id = "script.turn_all_on";
}];
}
{
@ -251,21 +225,17 @@
};
condition = {
condition = "and";
conditions = [
{
condition = "state";
entity_id = "input_boolean.sleep";
state = "on";
}
];
conditions = [{
condition = "state";
entity_id = "input_boolean.sleep";
state = "on";
}];
};
action = [
{
alias = "turn all off";
service = "script.turn_on";
entity_id = "script.turn_all_off";
}
];
action = [{
alias = "turn all off";
service = "script.turn_on";
entity_id = "script.turn_all_off";
}];
}
];

243
configs/porani/home-assistant/zigbee2mqtt.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, config , ... }:
{ pkgs, lib, config, ... }:
let
# allow new devices to join
@ -17,9 +17,7 @@ let
"temperature_sensor_1".id = "0x00158d0002d79220";
"temperature_sensor_2".id = "0x00158d0002d7913d";
};
motion = {
"motion_sensor_1".id = "0x00158d0002fbd451";
};
motion = { "motion_sensor_1".id = "0x00158d0002fbd451"; };
};
# todo : rename with allSensors
@ -41,7 +39,7 @@ let
# MQTT server URL
server = "mqtt://127.0.0.1:1883";
# MQTT server authentication, uncomment if required:
user = "zigbee";
user = "zigbee";
password = lib.fileContents <secrets/zigbee/password>;
};
@ -52,21 +50,19 @@ let
disable_led = true;
};
devices = lib.mapAttrs' (
name: { id , ... }:
{
devices = lib.mapAttrs' (name:
{ id, ... }: {
name = id;
value = {
retain = false;
friendly_name = name;
};
}
) allSensors;
}) allSensors;
};
configurationYaml = pkgs.writeText "configuration.yml" (builtins.toJSON zigBee2MqttConfig);
in
{
configurationYaml =
pkgs.writeText "configuration.yml" (builtins.toJSON zigBee2MqttConfig);
in {
imports = [ ./mqtt.nix ];
services.homeAssistantConfig = {
@ -74,55 +70,51 @@ in
# group.unknown.entities = [ "sensor.button_1" ];
sensor = let
buttons = with lib; mapAttrsToList (
name: {...}:
{
platform = "mqtt";
name = name;
icon = "mdi:toggle-switch";
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
value_template = "{{ value_json.click }}";
}
) sensors.buttons;
temperature = with lib; mapAttrsToList (
name: {...}:
[
{
buttons = with lib;
mapAttrsToList (name:
{ ... }: {
platform = "mqtt";
name = name;
icon = "mdi:toggle-switch";
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
unit_of_measurement = "°C";
device_class = "temperature";
value_template = "{{ value_json.temperature }}";
}
{
platform = "mqtt";
name = "humidity_${name}";
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
unit_of_measurement = "%";
device_class = "humidity";
value_template = "{{ value_json.humidity }}";
}
{
platform = "mqtt";
name = "pressure_${name}";
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
unit_of_measurement = "hPa";
device_class = "pressure";
value_template = "{{ value_json.pressure }}";
}
]
) sensors.temperature;
value_template = "{{ value_json.click }}";
}) sensors.buttons;
informations = lib.mapAttrsToList (
name: {...}:
[
temperature = with lib;
mapAttrsToList (name:
{ ... }: [
{
platform = "mqtt";
name = name;
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
unit_of_measurement = "°C";
device_class = "temperature";
value_template = "{{ value_json.temperature }}";
}
{
platform = "mqtt";
name = "humidity_${name}";
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
unit_of_measurement = "%";
device_class = "humidity";
value_template = "{{ value_json.humidity }}";
}
{
platform = "mqtt";
name = "pressure_${name}";
state_topic = "zigbee2mqtt/${name}";
availability_topic = "zigbee2mqtt/bridge/state";
unit_of_measurement = "hPa";
device_class = "pressure";
value_template = "{{ value_json.pressure }}";
}
]) sensors.temperature;
informations = lib.mapAttrsToList (name:
{ ... }: [
{
platform = "mqtt";
name = "battery_${name}";
@ -140,17 +132,14 @@ in
unit_of_measurement = "-";
value_template = "{{ value_json.linkquality }}";
}
]
) allSensors;
]) allSensors;
in
lib.flatten ( buttons ++ temperature ++ informations );
in lib.flatten (buttons ++ temperature ++ informations);
binary_sensor = let
motion = lib.mapAttrsToList (
name: { ... }:
{
motion = lib.mapAttrsToList (name:
{ ... }: {
name = name;
platform = "mqtt";
device_class = "motion";
@ -160,31 +149,24 @@ in
payload_on = true;
payload_off = false;
value_template = "{{ value_json.occupancy }}";
}
) sensors.motion;
in
lib.flatten ( motion );
}) sensors.motion;
in lib.flatten (motion);
group = let
information = name: [ "sensor.battery_${name}" "sensor.link_${name}" ];
sensor = lib.mapAttrs' (
name: {...}:
{
sensor = lib.mapAttrs' (name:
{ ... }: {
name = name;
value = {
control = "hidden";
entities = ["sensor.${name}"] ++ (information name);
entities = [ "sensor.${name}" ] ++ (information name);
};
}
) (sensors.buttons);
}) (sensors.buttons);
sensorTemperature = lib.mapAttrs' (
name: { ... }:
{
sensorTemperature = lib.mapAttrs' (name:
{ ... }: {
name = name;
value = {
control = "hidden";
@ -194,69 +176,62 @@ in
"sensor.pressure_${name}"
] ++ (information name);
};
}
) (sensors.temperature);
}) (sensors.temperature);
binarySensor = lib.mapAttrs' (
name: { ... }:
{
binarySensor = lib.mapAttrs' (name:
{ ... }: {
name = name;
value = {
control = "hidden";
entities = [ "binary_sensor.${name}" ] ++ (information name);
};
}
) (sensors.motion);
}) (sensors.motion);
views = {
view_sensors = {
name = "Sensoren";
control = "hidden";
view = true;
entities = lib.mapAttrsToList (name: { ... }: "group.${name}") allSensors;
entities =
lib.mapAttrsToList (name: { ... }: "group.${name}") allSensors;
};
};
in
views // sensor // binarySensor // sensorTemperature ;
in views // sensor // binarySensor // sensorTemperature;
automation =
let
lights = map (button:
{
alias = "Toggle all lights, on click";
trigger = {
platform = "mqtt";
topic = "zigbee2mqtt/${button}";
};
condition = {
condition = "template";
value_template = ''{{ "single" == trigger.payload_json.click }}'';
};
action = {
service = "switch.toggle";
entity_id = "group.all_lights";
};
}) ["button_1" "button_2" "button_3"];
mpd = map (button:
{
alias = "Toggle mpd, on double click";
trigger = {
platform = "mqtt";
topic = "zigbee2mqtt/${button}";
};
condition = {
condition = "template";
value_template = ''{{ "double" == trigger.payload_json.click }}'';
};
action = {
service = "media_player.toggle";
# todo use a group here
entity_id = "media_player.mpd";
};
}) ["button_1" "button_2" "button_3"];
in
lights ++ mpd;
automation = let
lights = map (button: {
alias = "Toggle all lights, on click";
trigger = {
platform = "mqtt";
topic = "zigbee2mqtt/${button}";
};
condition = {
condition = "template";
value_template = ''{{ "single" == trigger.payload_json.click }}'';
};
action = {
service = "switch.toggle";
entity_id = "group.all_lights";
};
}) [ "button_1" "button_2" "button_3" ];
mpd = map (button: {
alias = "Toggle mpd, on double click";
trigger = {
platform = "mqtt";
topic = "zigbee2mqtt/${button}";
};
condition = {
condition = "template";
value_template = ''{{ "double" == trigger.payload_json.click }}'';
};
action = {
service = "media_player.toggle";
# todo use a group here
entity_id = "media_player.mpd";
};
}) [ "button_1" "button_2" "button_3" ];
in lights ++ mpd;
# click = double => music an aus
@ -270,19 +245,20 @@ in
systemd.services."zigbee2mqtt" = {
enable = true;
description = "Allows you to use your Zigbee devices without the vendors bridge/gateway.";
description =
"Allows you to use your Zigbee devices without the vendors bridge/gateway.";
after = [ "docker.service" ];
requires = [ "docker.service" ];
# todo : udev rule erstellen, die diesen service erst startet, dieses wanted by ist labil
wantedBy = [ "home-assistant.service" ];
preStart = ''
if [ -f ${dataFolder}/configuration.yaml ]
then
rm ${dataFolder}/configuration.yaml
fi
mkdir -p ${dataFolder}
cat ${configurationYaml} | ${pkgs.yq}/bin/yq --yaml-output '.' > ${dataFolder}/configuration.yaml
if [ -f ${dataFolder}/configuration.yaml ]
then
rm ${dataFolder}/configuration.yaml
fi
mkdir -p ${dataFolder}
cat ${configurationYaml} | ${pkgs.yq}/bin/yq --yaml-output '.' > ${dataFolder}/configuration.yaml
'';
restartTriggers = [ configurationYaml ];
@ -300,5 +276,4 @@ in
'';
};
}

8
configs/porani/kodi.nix
View file

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
services.xserver = {
enable = true;
@ -10,7 +8,7 @@
default = "kodi";
xterm.enable = false;
};
displayManager ={
displayManager = {
sddm = {
enable = true;
autoLogin = {
@ -24,7 +22,7 @@
users = {
# mutableUsers = true;
users.kodi= {
users.kodi = {
isNormalUser = true;
name = "kodi";
uid = 1338;

3
configs/porani/mpd.nix
View file

@ -1,5 +1,4 @@
{ config, lib, ... }:
{
{ config, lib, ... }: {
sound.enable = true;

6
configs/porani/packages.nix
View file

@ -1,7 +1,5 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
environment.systemPackages = [
];
environment.systemPackages = [ ];
}

10
configs/porani/syncthing.nix
View file

@ -1,11 +1,11 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
custom.samba-share = {
enable = true;
folders = {
movies = config.test.services.syncthing.declarative.folders.movies.path;
series = config.test.services.syncthing.declarative.folders.series.path;
music = config.test.services.syncthing.declarative.folders.music-library.path;
music =
config.test.services.syncthing.declarative.folders.music-library.path;
};
};
@ -58,7 +58,7 @@
enable = true;
path = "/media/series";
};
smartphone-music= {
smartphone-music = {
enable = true;
path = "/media/smartphone-music";
};
@ -82,7 +82,7 @@
users.groups."syncthing".members = [ "mpd" "syncthing" "kodi" "palo" ];
backup.all.restic.dirs = ["/var/lib/syncthing/finance"];
backup.all.restic.dirs = [ "/var/lib/syncthing/finance" ];
}

3
configs/porani/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
module.cluster.services.tinc = {
"private" = {

54
configs/porani/wifi-access-point.nix
View file

@ -1,23 +1,23 @@
{lib, pkgs, ... }:
{ lib, pkgs, ... }:
let
wifi = "wlp0s29u1u2";
ipAddress = "10.23.45.1";
prefixLength = 24;
servedAddressRange = "10.23.45.2,10.23.45.150,12h";
ssid="palosiot";
wifiPassword=lib.fileContents <secrets/iot_wifi>;
in
ssid = "palosiot";
wifiPassword = lib.fileContents <secrets/iot_wifi>;
{
in {
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [ {
address = ipAddress; prefixLength = prefixLength;
networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress;
prefixLength = prefixLength;
}];
systemd.services.hostapd = {
@ -25,25 +25,33 @@ in
path = [ pkgs.hostapd ];
wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''}";
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''
}";
Restart = "always";
};
};

13
configs/sputnik/configuration.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [
<system/proxy>
@ -12,14 +11,14 @@
];
networking.hostName = "sputnik";
networking.hostName = "sputnik";
networking.useDHCP = true;
boot.kernelParams = [ "net.ifnames=0" ];
boot.loader.grub = {
enable = true;
enable = true;
version = 2;
device = "/dev/sda";
device = "/dev/sda";
};
# nix-shell -p speedtest_cli --run speedtest
@ -31,7 +30,8 @@
balance = false;
};
services.custom.ssh.sshd.rootKeyFiles = [ (toString <secrets/ssh/jenkins_rsa.pub>) ];
services.custom.ssh.sshd.rootKeyFiles =
[ (toString <secrets/ssh/jenkins_rsa.pub>) ];
# make sure ssh is only available trough the tinc
networking.firewall.extraCommands = ''
@ -40,4 +40,3 @@
}

15
configs/sputnik/hardware-configuration.nix
View file

@ -4,18 +4,17 @@
{ config, lib, pkgs, ... }:
{
imports =
[ <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
];
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/8f2986a3-d2b0-4735-be98-9ec081b87984";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/8f2986a3-d2b0-4735-be98-9ec081b87984";
fsType = "ext4";
};
swapDevices = [ ];

17
configs/sputnik/mail-server.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [
(builtins.fetchTarball {
url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
url =
"https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz";
sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx";
})
];
@ -16,22 +16,21 @@
# nix-shell -p mkpasswd --run 'mkpasswd -m sha-512 "super secret password"'
loginAccounts = {
"root@gaykraft.com" = {
hashedPassword = lib.fileContents <secrets/mailserver/hashedPasswords/root_at_gaykraft.com>;
hashedPassword = lib.fileContents
<secrets/mailserver/hashedPasswords/root_at_gaykraft.com>;
#aliases = [
# "postmaster@gaykraft.com"
#];
# Make this user the catchAll address for domains
catchAll = [
"gaykraft.com"
];
catchAll = [ "gaykraft.com" ];
};
};
# Extra virtual aliases. These are email addresses that are forwarded to
# loginAccounts addresses.
#extraVirtualAliases = {
# address = forward address;
#"abuse@example.com" = "user1@example.com";
# address = forward address;
#"abuse@example.com" = "user1@example.com";
#};
# Use Let's Encrypt certificates. Note that this needs to set up a stripped

117
configs/sputnik/nginx.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -9,26 +8,38 @@
"git.ingolf-wagner.de" = {
listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://workhorse.private:3000";
};
locations."/" = { proxyPass = "http://workhorse.private:3000"; };
};
"paste.ingolf-wagner.de" = {
listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://workhorse.private:8000";
};
locations."/" = { proxyPass = "http://workhorse.private:8000"; };
};
#"landing.ingolf-wagner.de" = {
@ -46,10 +57,18 @@
"tech.ingolf-wagner.de" = {
listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/srv/www/tech";
@ -63,10 +82,18 @@
"terranix.org" = {
listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/srv/www/terranix";
@ -78,13 +105,20 @@
};
};
"seafile.gaykraft.com" = {
listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://workhorse.private:3030";
@ -105,14 +139,20 @@
"gaykraft.com" = {
listen = [
{ addr = "0.0.0.0"; port = 4443; ssl = true; }
{ addr = "0.0.0.0"; port = 80; ssl = false; }
{
addr = "0.0.0.0";
port = 4443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 80;
ssl = false;
}
];
forceSSL = true;
forceSSL = true;
enableACME = true;
locations."/" = {
root = "/srv/www/gaykraft";
};
locations."/" = { root = "/srv/www/gaykraft"; };
};
};
@ -124,14 +164,15 @@
port = 443;
verbose = false;
transparent = true;
appendConfig = /* json */ ''
protocols:
(
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },
{ name: "ssl"; host: "localhost"; port: "4443"; probe: "builtin"; },
{ name: "tinc"; host: "localhost"; port: "655"; probe: "builtin"; }
);
'';
appendConfig = # json
''
protocols:
(
{ name: "ssh"; service: "ssh"; host: "localhost"; port: "2222"; probe: "builtin"; },
{ name: "ssl"; host: "localhost"; port: "4443"; probe: "builtin"; },
{ name: "tinc"; host: "localhost"; port: "655"; probe: "builtin"; }
);
'';
};
systemd.services."socat-proxy" = {

3
configs/sputnik/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
module.cluster.services.tinc = {
"private" = {
enable = true;

21
configs/sterni/configuration.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
imports = [
@ -15,13 +13,13 @@
];
networking.hostName = "sterni";
networking.hostName = "sterni";
system.custom.wifi.interfaces = ["wlp3s0"];
system.custom.wifi.interfaces = [ "wlp3s0" ];
security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
};
# keybase
@ -35,16 +33,16 @@
# fonts
# -----
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
system.custom.fonts.dpi = 100;
virtualisation = {
docker.enable = false;
virtualbox = {
host.enable = false;
guest.x11 = false;
host.enable = false;
guest.x11 = false;
guest.enable = false;
};
};
@ -71,4 +69,3 @@
}

36
configs/sterni/hardware-configuration.nix
View file

@ -5,11 +5,10 @@
{
imports =
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
];
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@ -34,8 +33,8 @@
#device = "/dev/ram2";
#fsType = "tmpfs";
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/browser";
fsType = "ext4";
device = "/dev/vg/browser";
fsType = "ext4";
};
nix.maxJobs = lib.mkDefault 4;
@ -43,34 +42,30 @@
# lvm volume group
# ----------------
boot.initrd.luks.devices = [
{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}
];
boot.initrd.luks.devices = [{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}];
# NTFS support
# ------------
environment.systemPackages = [
pkgs.ntfs3g
];
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/root";
fsType = "ext4";
device = "/dev/vg/root";
fsType = "ext4";
};
# home
# ----
fileSystems."/home" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/home";
fsType = "ext4";
device = "/dev/vg/home";
fsType = "ext4";
};
# /home/palo/private/.fotos.ct
@ -88,5 +83,4 @@
fsType = "vfat";
};
}

8
configs/sterni/packages.nix
View file

@ -1,9 +1,5 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
environment.systemPackages = with pkgs ; [
bitwig-studio
sononym
];
environment.systemPackages = with pkgs; [ bitwig-studio sononym ];
}

5
configs/sterni/syncthing.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
test.services.syncthing = {
enable = true;
@ -43,7 +42,7 @@
enable = true;
path = "/home/palo/smartphone-fotos";
};
smartphone-music= {
smartphone-music = {
enable = true;
path = "/home/palo/smartphone-music";
};

51
configs/sterni/wifi-access-point.nix
View file

@ -1,22 +1,21 @@
{lib, pkgs, ... }:
{ lib, pkgs, ... }:
let
wifi = "wlp0s29u1u2";
ipAddress = "10.123.145.1";
prefixLength = 24;
servedAddressRange = "10.123.145.2,10.123.145.150,12h";
ssid="bumbumbum";
wifiPassword=lib.fileContents <secrets/wifi-access-point>;
in
ssid = "bumbumbum";
wifiPassword = lib.fileContents <secrets/wifi-access-point>;
{
in {
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [ {
networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress;
prefixLength = prefixLength;
}];
@ -35,25 +34,33 @@ in
# start manual
# wantedBy = [ "network.target" ];
after = [ "${wifi}-cfg.service" "nat.service" "bind.service" "dhcpd.service" "sys-subsystem-net-devices-${wifi}.device" ];
after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''}";
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''
}";
Restart = "always";
};
};

22
configs/workhorse/bepasty.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }:
with lib;
let
port = 8000;
let port = 8000;
in {
# configure nginx
@ -18,7 +17,9 @@ in {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://localhost:${toString port} https://paste.workhorse.private/;
proxy_redirect http://localhost:${
toString port
} https://paste.workhorse.private/;
'';
};
};
@ -38,19 +39,20 @@ in {
secretKeyFile = config.krops.userKeys."bepasty".target;
extraConfig = ''
PERMISSIONS = {
'${lib.fileContents <common_secrets/bepasty/admin-password>}': 'admin,list,create,read,delete',
'${
lib.fileContents <common_secrets/bepasty/admin-password>
}': 'admin,list,create,read,delete',
}
'';
};
};
/* fix bepasty service */
# fix bepasty service
nixpkgs.overlays = let
overlay = self: super:
{
bepasty = super.bepasty.override { python3Packages = pkgs.python27Packages; };
overlay = self: super: {
bepasty =
super.bepasty.override { python3Packages = pkgs.python27Packages; };
};
in
[ overlay ];
in [ overlay ];
}

17
configs/workhorse/configuration.nix
View file

@ -1,5 +1,4 @@
{ lib, config, pkgs, ... }:
{
{ lib, config, pkgs, ... }: {
imports = [
<system/server>
@ -29,7 +28,7 @@
];
networking.hostName = "workhorse";
networking.hostName = "workhorse";
# enable initrd ssh
configuration.init-ssh = {
@ -48,8 +47,8 @@
};
security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
};
services.logind.lidSwitch = lib.mkForce "ignore";
@ -59,8 +58,8 @@
# font
# ----
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
system.custom.fonts.dpi = 140;
services.printing.enable = true;
@ -69,8 +68,8 @@
virtualisation = {
docker.enable = true;
virtualbox = {
host.enable = true;
guest.x11 = true;
host.enable = true;
guest.x11 = true;
guest.enable = true;
};
};

11
configs/workhorse/gogs.nix
View file

@ -1,14 +1,15 @@
{ config, lib, ... }:
{
{ config, lib, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"gogs.${config.networking.hostName}.private" = {
serverAliases = ["git.${config.networking.hostName}.private"];
serverAliases = [ "git.${config.networking.hostName}.private" ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.gogs.httpPort}";
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.gogs.httpPort
}";
};
};
};
@ -31,7 +32,7 @@
SSH_PORT = 443
START_SSH_SERVER = true
SSH_LISTEN_PORT = 2222
'';
'';
};
backup.all.restic.dirs = [ config.services.gogs.repositoryRoot ];

26
configs/workhorse/grafana.nix
View file

@ -1,13 +1,14 @@
{ config, ... }:
{
{ config, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"grafana.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.grafana.port}";
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.grafana.port
}";
};
};
};
@ -16,7 +17,8 @@
services.grafana = {
enable = true;
port = 5656;
addr = config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp;
addr =
config.module.cluster.services.tinc."private".hosts."${config.networking.hostName}".tincIp;
auth.anonymous = {
enable = true;
org_role = "Editor";
@ -24,14 +26,12 @@
};
provision = {
enable = true;
datasources = [
{
type = "prometheus";
isDefault = true;
name = "Prometheus Workhorse";
url = "http://workhorse.private:9090";
}
];
datasources = [{
type = "prometheus";
isDefault = true;
name = "Prometheus Workhorse";
url = "http://workhorse.private:9090";
}];
};
};

19
configs/workhorse/graylog.nix
View file

@ -1,8 +1,6 @@
{ config, lib, pkgs, ... }:
let
port = 9000;
in
{
let port = 9000;
in {
# configure nginx
services.nginx = {
enable = true;
@ -16,7 +14,9 @@ in
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://localhost:${toString port} https://graylog.workhorse.private/;
proxy_redirect http://localhost:${
toString port
} https://graylog.workhorse.private/;
'';
};
};
@ -27,7 +27,8 @@ in
services.mongodb.enable = true;
services.graylog.enable = true;
services.graylog.elasticsearchHosts = [ "http://${config.services.elasticsearch.listenAddress}:9200" ];
services.graylog.elasticsearchHosts =
[ "http://${config.services.elasticsearch.listenAddress}:9200" ];
# https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
services.graylog.extraConfig = ''
@ -39,10 +40,12 @@ in
services.graylog.nodeIdFile = "/var/lib/graylog/node-id";
# pwgen -N 1 -s 96
services.graylog.passwordSecret = lib.fileContents <secrets/graylog/password-secret>;
services.graylog.passwordSecret =
lib.fileContents <secrets/graylog/password-secret>;
# echo -n yourpassword | shasum -a 256
services.graylog.rootPasswordSha2 = lib.fileContents <secrets/graylog/root-password-hash>;
services.graylog.rootPasswordSha2 =
lib.fileContents <secrets/graylog/root-password-hash>;
environment.etc."graylog/server/GeoLite2-City.mmdb" = {
enable = true;

72
configs/workhorse/hardware-configuration.nix
View file

@ -1,40 +1,34 @@
{ config, lib, pkgs, ... }:
let
mainUserHome = "/home/palo";
in
{
let mainUserHome = "/home/palo";
in {
# grub configuration
# ------------------
boot.loader.grub = {
device = "/dev/sda";
enable = true;
device = "/dev/sda";
enable = true;
version = 2;
};
# lvm volume group
# ----------------
boot.initrd.luks.devices = [
{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}
];
boot.initrd.luks.devices = [{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}];
# NTFS support
# ------------
environment.systemPackages = [
pkgs.ntfs3g
];
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/root";
fsType = "ext4";
device = "/dev/vg/root";
fsType = "ext4";
};
# boot
@ -47,28 +41,28 @@ in
# home
# ----
fileSystems."/home" = {
options = [ "noatime" "nodiratime" ];
device = "/dev/mapper/decrypted_home";
fsType = "ext4";
options = [ "noatime" "nodiratime" ];
device = "/dev/mapper/decrypted_home";
fsType = "ext4";
encrypted = {
enable = true;
enable = true;
keyFile = "/mnt-root/root/keys/home.key";
label = "decrypted_home";
blkDev = "/dev/mapper/store-home";
label = "decrypted_home";
blkDev = "/dev/mapper/store-home";
};
};
# var/lib/docker
# --------------
fileSystems."/var/lib/docker" = {
options = [ "noatime" "nodiratime" ];
device = "/dev/mapper/decrypted_docker";
fsType = "ext4";
options = [ "noatime" "nodiratime" ];
device = "/dev/mapper/decrypted_docker";
fsType = "ext4";
encrypted = {
enable = true;
enable = true;
keyFile = "/mnt-root/root/keys/docker.key";
label = "decrypted_docker";
blkDev = "/dev/mapper/store-docker";
label = "decrypted_docker";
blkDev = "/dev/mapper/store-docker";
};
};
@ -83,16 +77,14 @@ in
#"x-systemd.device-timeout=1ms"
];
};
systemd.mounts = [
{
enable = true;
options = "nofail,noauto";
type = "ext4";
wantedBy = ["multi-user.target"];
what = "/dev/disk/by-uuid/f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89";
where = "/media";
}
];
systemd.mounts = [{
enable = true;
options = "nofail,noauto";
type = "ext4";
wantedBy = [ "multi-user.target" ];
what = "/dev/disk/by-uuid/f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89";
where = "/media";
}];
}

261
configs/workhorse/jenkins.nix
View file

@ -18,7 +18,8 @@ in {
virtualHosts = {
"jenkins.${config.networking.hostName}.private" = {
locations."/" = {
proxyPass = "http://localhost:${toString config.services.jenkins.port}";
proxyPass =
"http://localhost:${toString config.services.jenkins.port}";
extraConfig = ''
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
@ -26,7 +27,9 @@ in {
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://localhost:${toString config.services.jenkins.port} https://jenkins.${config.networking.hostName}.private/;
proxy_redirect http://localhost:${
toString config.services.jenkins.port
} https://jenkins.${config.networking.hostName}.private/;
'';
};
};
@ -56,183 +59,177 @@ in {
accessUser = "admin";
# https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules
nixJobs =
let
# ssh username + key
gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7";
nixJobs = let
# ssh username + key
gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7";
sync-to-github =
name: source: target:
sync-repo name
{
url = source;
credentialsId = gogs-id;
}
{
url = target;
credentialsId = github-id;
};
sync-to-github = name: source: target:
sync-repo name {
url = source;
credentialsId = gogs-id;
} {
url = target;
credentialsId = github-id;
};
in [
in [
(job "deploy-gaykraft" {
url = "ssh://gogs@workhorse.private:2222/palo/gaykraft.git";
credentialsId = gogs-id;
} [
{ "build" = [ "nix-shell --run build" ]; }
{
"publish" = [{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}];
}
])
(job "deploy-gaykraft"
{ url = "ssh://gogs@workhorse.private:2222/palo/gaykraft.git";
credentialsId = gogs-id; }
[
{ "build" = [
"nix-shell --run build"
];
}
{ "publish" = [
{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}
];
}
]
)
(job "deploy-techblock" {
url =
"ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git";
credentialsId = gogs-id;
} [
{ "build" = [ "nix-shell --run build" ]; }
{
"publish" = [{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}];
}
])
(job "deploy-techblock"
{ url = "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git";
credentialsId = gogs-id; }
[
{ "build" = ["nix-shell --run build"];}
{ "publish" = [
{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}
];}
])
(job "deploy-terranix" {
url = "ssh://gogs@workhorse.private:2222/terranix/terranix.org.git";
credentialsId = gogs-id;
} [
{ "build" = [ "nix-shell --run build" ]; }
{
"publish" = [{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}];
}
])
(job "deploy-terranix"
{ url = "ssh://gogs@workhorse.private:2222/terranix/terranix.org.git";
credentialsId = gogs-id; }
[
{ "build" = ["nix-shell --run build"];}
{ "publish" = [
{
script = "nix-shell --run publish";
credentialsId = sshSputnik;
}
];}
])
(job "sync-retiolum"
{ url = "git@github.com:krebs/retiolum.git";
(job "sync-retiolum" {
url = "git@github.com:krebs/retiolum.git";
credentialsId = github-id;
triggers = [ { timed = "H/30 * * * *"; } ];}
[
{ "Download Files" = [
''chmod 755 hosts''
''chmod 755 -R hosts''
''nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"''
''chmod 755 -R etc.hosts''
''nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"''
];}
{ "update repo" = [
triggers = [{ timed = "H/30 * * * *"; }];
} [
{
"Download Files" = [
"chmod 755 hosts"
"chmod 755 -R hosts"
''
nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"''
"chmod 755 -R etc.hosts"
''
nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"''
];
}
{
"update repo" = [
''nix-shell -p git --run "git add ."''
''nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"''
];}
{ Push = [
{ script = ''nix-shell -p git --run "git push origin master"'';
credentialsId = github-id; }
];}
])
''
nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"''
];
}
{
Push = [{
script = ''nix-shell -p git --run "git push origin master"'';
credentialsId = github-id;
}];
}
])
(job "test-terranix"
{ url = "ssh://gogs@workhorse.private:2222/terranix/terranix.git";
(job "test-terranix" {
url = "ssh://gogs@workhorse.private:2222/terranix/terranix.git";
credentialsId = github-id;
branch = "develop";}
[
{ "run Tests" = [
''nix-shell tests/shell.nix --run "test-terranix"''
];}
])
branch = "develop";
} [{
"run Tests" = [ ''nix-shell tests/shell.nix --run "test-terranix"'' ];
}])
(job "test-taskninja"
{ url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git";
credentialsId = gogs-id; }
[
{ "Create Shell" = [
''nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"''
];}
{ Update = [
''nix-shell ./jenkins.nix --run "cabal update"''
];}
{ Configure = [
(job "test-taskninja" {
url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git";
credentialsId = gogs-id;
} [
{
"Create Shell" = [
''
nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"''
];
}
{ Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; }
{
Configure = [
''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"''
''nix-shell ./jenkins.nix --run "cabal install --only-dependencies"''
];}
{ Build = [
''nix-shell ./jenkins.nix --run "cabal build"''
];}
{ Test = [
''nix-shell ./jenkins.nix --run "cabal test"''
];}
])
''
nix-shell ./jenkins.nix --run "cabal install --only-dependencies"''
];
}
{ Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; }
{ Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; }
])
# sync to me
# ----------
(sync-to-github "sync-nixwriters"
"https://cgit.krebsco.de/nix-writers/"
# sync to me
# ----------
(sync-to-github "sync-nixwriters" "https://cgit.krebsco.de/nix-writers/"
"ssh://gogs@workhorse.private:2222/krebs/nix-writers.git")
(sync-to-github "sync-krops"
"https://cgit.krebsco.de/krops/"
(sync-to-github "sync-krops" "https://cgit.krebsco.de/krops/"
"ssh://gogs@workhorse.private:2222/krebs/krops.git")
# sync to github
# --------------
(sync-to-github "sync-radiodj"
# sync to github
# --------------
(sync-to-github "sync-radiodj"
"ssh://gogs@workhorse.private:2222/crashburn_radio/radio_dj.git"
"git@github.com:crashburn-radio/radio-dj.git")
(sync-to-github "sync-krops-module"
(sync-to-github "sync-krops-module"
"ssh://gogs@workhorse.private:2222/nix-modules/krops.git"
"git@github.com:mrVanDalo/module.krops.git")
(sync-to-github "sync-cluster-module"
(sync-to-github "sync-cluster-module"
"ssh://gogs@workhorse.private:2222/nix-modules/cluster.git"
"git@github.com:mrVanDalo/module.cluster.git")
(sync-to-github "sync-backup-module"
(sync-to-github "sync-backup-module"
"ssh://gogs@workhorse.private:2222/nix-modules/backup.git"
"git@github.com:mrVanDalo/module.backup.git")
(sync-to-github "sync-module-tinc"
(sync-to-github "sync-module-tinc"
"ssh://gogs@workhorse.private:2222/palo/nixos-tinc.git"
"git@github.com:mrVanDalo/nixos-tinc.git")
(sync-to-github "sync-memo"
(sync-to-github "sync-memo"
"ssh://gogs@workhorse.private:2222/palo/memo.git"
"git@github.com:mrVanDalo/memo.git")
(sync-to-github "sync-diagrams-template"
(sync-to-github "sync-diagrams-template"
"ssh://gogs@workhorse.private:2222/palo/diagrams-template.git"
"git@github.com:mrVanDalo/diagrams.git")
(sync-to-github "sync-terranix"
(sync-to-github "sync-terranix"
"ssh://gogs@workhorse.private:2222/terranix/terranix.git"
"git@github.com:mrVanDalo/terranix.git")
(sync-to-github "sync-plops"
(sync-to-github "sync-plops"
"ssh://gogs@workhorse.private:2222/palo/plops.git"
"git@github.com:mrVanDalo/plops.git")
(sync-to-github "sync-image-generator"
(sync-to-github "sync-image-generator"
"ssh://gogs@workhorse.private:2222/palo/image-generator.git"
"git@github.com:mrVanDalo/image-generator.git")
];
];
};
};

9
configs/workhorse/kibana.nix
View file

@ -1,13 +1,14 @@
{ config, ... }:
{
{ config, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"kibana.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.kibana.port}";
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.kibana.port
}";
};
};
};

31
configs/workhorse/lektor-gaykraft.nix
View file

@ -14,9 +14,10 @@ in {
statusPage = true;
virtualHosts = {
"${containerName}.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString port}";
proxyPass =
"http://${config.networking.hostName}.private:${toString port}";
};
};
};
@ -32,23 +33,23 @@ in {
};
autoStart = true;
config =
{ config, pkgs, ... }:
{
imports = [ <system/all> ];
services.lektor = {
enable = true;
host = "git.ingolf-wagner.de";
sshKey = sshKey;
repository = repository;
port = port;
additionalScript = pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
};
config = { config, pkgs, ... }: {
imports = [ <system/all> ];
services.lektor = {
enable = true;
host = "git.ingolf-wagner.de";
sshKey = sshKey;
repository = repository;
port = port;
additionalScript =
pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
};
};
};
# it might take some time will this thing is up
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec = lib.mkForce "infinity";
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec =
lib.mkForce "infinity";
}

34
configs/workhorse/lektor-techblog.nix
View file

@ -4,7 +4,8 @@ let
containerName = "techblog";
port = 5002;
repository = "ssh://gogs@git.ingolf-wagner.de:443/palo/tech.ingolf-wagner.de.git";
repository =
"ssh://gogs@git.ingolf-wagner.de:443/palo/tech.ingolf-wagner.de.git";
sshKey = toString <secrets/lektor/techblog>;
in {
@ -14,9 +15,10 @@ in {
statusPage = true;
virtualHosts = {
"${containerName}.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString port}";
proxyPass =
"http://${config.networking.hostName}.private:${toString port}";
};
};
};
@ -32,23 +34,23 @@ in {
};
autoStart = true;
config =
{ config, pkgs, ... }:
{
imports = [ <system/all> ];
services.lektor = {
enable = true;
host = "git.ingolf-wagner.de";
sshKey = sshKey;
repository = repository;
port = port;
additionalScript = pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
};
config = { config, pkgs, ... }: {
imports = [ <system/all> ];
services.lektor = {
enable = true;
host = "git.ingolf-wagner.de";
sshKey = sshKey;
repository = repository;
port = port;
additionalScript =
pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
};
};
};
# it might take some time will this thing is up
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec = lib.mkForce "infinity";
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec =
lib.mkForce "infinity";
}

31
configs/workhorse/lektor-terranix.nix
View file

@ -14,9 +14,10 @@ in {
statusPage = true;
virtualHosts = {
"${containerName}.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString port}";
proxyPass =
"http://${config.networking.hostName}.private:${toString port}";
};
};
};
@ -32,23 +33,23 @@ in {
};
autoStart = true;
config =
{ config, pkgs, ... }:
{
imports = [ <system/all> ];
services.lektor = {
enable = true;
host = "git.ingolf-wagner.de";
sshKey = sshKey;
repository = repository;
port = port;
additionalScript = pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
};
config = { config, pkgs, ... }: {
imports = [ <system/all> ];
services.lektor = {
enable = true;
host = "git.ingolf-wagner.de";
sshKey = sshKey;
repository = repository;
port = port;
additionalScript =
pkgs.writeScript "build" "${pkgs.nix}/bin/nix-shell --run build";
};
};
};
# it might take some time will this thing is up
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec = lib.mkForce "infinity";
systemd.services."container@${containerName}".serviceConfig.TimeoutStartSec =
lib.mkForce "infinity";
}

548
configs/workhorse/mail-fetcher.nix
View file

@ -1,51 +1,50 @@
# fetches mails for me
{ lib, pkgs, config, ... }:
{
{ lib, pkgs, config, ... }: {
users.users.mailUser = {
isNormalUser = true;
description = "collects mails for me";
hashedPassword = "!";
name = "mailfetcher";
openssh.authorizedKeys.keyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles;
openssh.authorizedKeys.keyFiles =
config.users.users.root.openssh.authorizedKeys.keyFiles;
};
# configure passwords
krops.userKeys = {
"gmail.palipalo9" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/gmail/palipalo9>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
"gmx.palo_van_dalo" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/gmx/palo_van_dalo>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
"gmx.ingolf_wagner" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/gmx/ingolf.wagner>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
"web.pali_palo" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/web.de/pali_palo>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
"siteground.contact" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/siteground/contact>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
"gaykraft.root" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/gaykraft/root>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
"c-base.palo" = {
user = config.users.users.mailUser.name;
source = toString <secrets/mail/c-base/palo>;
requiredBy = ["fetchmail.service"];
requiredBy = [ "fetchmail.service" ];
};
};
@ -60,7 +59,8 @@
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palo_van_dalo@gmx.de";
passwordCommand = "cat ${toString config.krops.userKeys."gmx.palo_van_dalo".target}";
passwordCommand =
"cat ${toString config.krops.userKeys."gmx.palo_van_dalo".target}";
imap = {
host = "imap.gmx.net";
port = 993;
@ -77,7 +77,8 @@
aliases = [ ];
realName = "Ingolf Wagner";
userName = "ingolf.wagner@gmx.de";
passwordCommand = "cat ${toString config.krops.userKeys."gmx.ingolf_wagner".target}";
passwordCommand =
"cat ${toString config.krops.userKeys."gmx.ingolf_wagner".target}";
imap = {
host = "imap.gmx.net";
@ -136,7 +137,8 @@
aliases = [ ];
realName = "Ingolf Wagner";
userName = "pali_palo@web.de";
passwordCommand = "cat ${toString config.krops.userKeys."web.pali_palo".target}";
passwordCommand =
"cat ${toString config.krops.userKeys."web.pali_palo".target}";
imap = {
host = "imap.web.de";
port = 993;
@ -153,43 +155,43 @@
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palo";
passwordCommand = "cat ${toString config.krops.userKeys."c-base.palo".target}";
passwordCommand =
"cat ${toString config.krops.userKeys."c-base.palo".target}";
imap = {
host = "c-mail.c-base.org";
port = 993;
# fetched using : nix-shell -p openssl --run "openssl s_client -connect c-mail.c-base.org:993 -showcerts"
tls.certificatesFile =
pkgs.writeText "c-base.pem" ''
-----BEGIN CERTIFICATE-----
MIIFKDCCAxCgAwIBAgIDAtwrMA0GCSqGSIb3DQEBDQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkxMTA5MDgzMjUyWhcNMjExMTA4
MDgzMjUyWjBhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xFDASBgNVBAoTC2MtYmFzZSBlLlYuMRowGAYDVQQDExFjLW1haWwu
Yy1iYXNlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKR3XBxJ
72MayCS0D5GCoHcY0TQLs1DQSohCCobRdSowFJzNQw/2lL6bb+Q2rmevZQXuM4vP
YbFytvTDmY5y5MNXEqGLfi8D5TcaP/RdXWQU++yUunE6yMdqZNheeXPjM//PnoXG
DyT236BovEi3YipUUsLXFiRj+cAjrQE7a2YUs3fjV3P6grMH0V06J6P6+JJvRgp2
K33uhKhnKyb3s1tbdbu1KeGozx2ws9lg79XV+Py6PXxP6jTZ2PCsaxs3BThSdmsl
vQyk/zoW7tA1m2ntRCoyFHZqfOHsN3UOS/HDRlXqgSf0ah8cPYPsl0ayXhgOv0Tu
1PSMt4Ve2GajX8MCAwEAAaOB9TCB8jAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYK
KwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v
Y3NwLmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2Fj
ZXJ0Lm9yZy9jbGFzczMtcmV2b2tlLmNybDAtBgNVHREEJjAkghFjLW1haWwuYy1i
YXNlLm9yZ4IPbWFpbC5jLWJhc2Uub3JnMA0GCSqGSIb3DQEBDQUAA4ICAQBjTIa1
xdhUYXJidv1U0qaqSV1DzumakFY20OM4QCV0Qvlq+SQUqroGBTIGodxhTnjG5o01
4xBAnsTcMRNycXHu0j6XYqDS4QhaFcGdFmXP0EQfAFbvhwZdbvgiRHuUTSGEbcLp
Vk8sP8dpzx+zMAZ6PL7XMwPFPTHm7vw40qmTyCuUcnhIwHgwGxu4yu0tdsU+VwRD
RVsdZO4V2GhFTz8oRcHvmC2wmx+Zwx0RXWPXSN5yRDDZWwY4WbECa2MvojH1HlJG
YJkokq7nbYJix/RipSkAXgurcgppVmM5cf7uYgSrltW8pm3IMMPrlaFrlzMMMtdq
SYFk+FDp296B7CDyWpQhDcVjnGQ70JfMWT5S3Lsi8DnI2pul9ljxPOt+Q8XFh1oz
Ofr7y5Qjm72YToOX1j7N8ppCh0RJH4lOsouTPVdp859ch9FxZdceq+nC744wv+Nt
TQPw15Gk3RY5mVYBE/Cw2T7j7qDmBaEUKxkfW7q8t287FXM4XX6C+cKYr6jYx6s1
5/2p4gCuOALYqJ7kD2xjci0VTWu77H4J2QKEZF8AgdI36dIYr7GY0e/+xb/CScwr
uvu2R9jfPOMVu6CiavPGUtcvju4A+qMUDqIyH9dNwkMQRffAtmsF6KR4nMYxhr45
nKY1BaufWLD1UWrjaR1IF6L5qDHOXeMJEChYkg==
-----END CERTIFICATE-----'';
tls.certificatesFile = pkgs.writeText "c-base.pem" ''
-----BEGIN CERTIFICATE-----
MIIFKDCCAxCgAwIBAgIDAtwrMA0GCSqGSIb3DQEBDQUAMFQxFDASBgNVBAoTC0NB
Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV
BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkxMTA5MDgzMjUyWhcNMjExMTA4
MDgzMjUyWjBhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH
EwZCZXJsaW4xFDASBgNVBAoTC2MtYmFzZSBlLlYuMRowGAYDVQQDExFjLW1haWwu
Yy1iYXNlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKR3XBxJ
72MayCS0D5GCoHcY0TQLs1DQSohCCobRdSowFJzNQw/2lL6bb+Q2rmevZQXuM4vP
YbFytvTDmY5y5MNXEqGLfi8D5TcaP/RdXWQU++yUunE6yMdqZNheeXPjM//PnoXG
DyT236BovEi3YipUUsLXFiRj+cAjrQE7a2YUs3fjV3P6grMH0V06J6P6+JJvRgp2
K33uhKhnKyb3s1tbdbu1KeGozx2ws9lg79XV+Py6PXxP6jTZ2PCsaxs3BThSdmsl
vQyk/zoW7tA1m2ntRCoyFHZqfOHsN3UOS/HDRlXqgSf0ah8cPYPsl0ayXhgOv0Tu
1PSMt4Ve2GajX8MCAwEAAaOB9TCB8jAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYK
KwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v
Y3NwLmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2Fj
ZXJ0Lm9yZy9jbGFzczMtcmV2b2tlLmNybDAtBgNVHREEJjAkghFjLW1haWwuYy1i
YXNlLm9yZ4IPbWFpbC5jLWJhc2Uub3JnMA0GCSqGSIb3DQEBDQUAA4ICAQBjTIa1
xdhUYXJidv1U0qaqSV1DzumakFY20OM4QCV0Qvlq+SQUqroGBTIGodxhTnjG5o01
4xBAnsTcMRNycXHu0j6XYqDS4QhaFcGdFmXP0EQfAFbvhwZdbvgiRHuUTSGEbcLp
Vk8sP8dpzx+zMAZ6PL7XMwPFPTHm7vw40qmTyCuUcnhIwHgwGxu4yu0tdsU+VwRD
RVsdZO4V2GhFTz8oRcHvmC2wmx+Zwx0RXWPXSN5yRDDZWwY4WbECa2MvojH1HlJG
YJkokq7nbYJix/RipSkAXgurcgppVmM5cf7uYgSrltW8pm3IMMPrlaFrlzMMMtdq
SYFk+FDp296B7CDyWpQhDcVjnGQ70JfMWT5S3Lsi8DnI2pul9ljxPOt+Q8XFh1oz
Ofr7y5Qjm72YToOX1j7N8ppCh0RJH4lOsouTPVdp859ch9FxZdceq+nC744wv+Nt
TQPw15Gk3RY5mVYBE/Cw2T7j7qDmBaEUKxkfW7q8t287FXM4XX6C+cKYr6jYx6s1
5/2p4gCuOALYqJ7kD2xjci0VTWu77H4J2QKEZF8AgdI36dIYr7GY0e/+xb/CScwr
uvu2R9jfPOMVu6CiavPGUtcvju4A+qMUDqIyH9dNwkMQRffAtmsF6KR4nMYxhr45
nKY1BaufWLD1UWrjaR1IF6L5qDHOXeMJEChYkg==
-----END CERTIFICATE-----'';
};
mbsync = {
enable = true;
@ -204,7 +206,8 @@
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palipalo9@googlemail.com";
passwordCommand = "cat ${toString config.krops.userKeys."gmail.palipalo9".target}";
passwordCommand =
"cat ${toString config.krops.userKeys."gmail.palipalo9".target}";
imap = {
host = "imap.gmail.com";
port = 993;
@ -221,7 +224,8 @@
aliases = [ ];
realName = "Ingolf Wagner";
userName = "contact@ingolf-wagner.de";
passwordCommand = "cat ${toString config.krops.userKeys."siteground.contact".target}";
passwordCommand =
"cat ${toString config.krops.userKeys."siteground.contact".target}";
imap = {
host = "securees5.sgcpanel.com";
port = 143;
@ -261,15 +265,13 @@
};
};
# configure mbsync
home-manager.users.mailUser.programs.mbsync.enable = true;
systemd.services.fetchmail = {
enable = true;
serviceConfig = {
User = config.users.users.mailUser.name;
};
environment.NOTMUCH_CONFIG = "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
serviceConfig = { User = config.users.users.mailUser.name; };
environment.NOTMUCH_CONFIG =
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
script = ''
echo "run mbsync"
${pkgs.isync}/bin/mbsync \
@ -284,13 +286,13 @@
${pkgs.notmuch}/bin/notmuch new
echo "run afew"
${pkgs.afew}/bin/afew --new --tag -v
'';
'';
};
systemd.timers.fetchmail = {
enable = true;
# timerConfig.OnCalendar = " *-*-* *:00:00";
timerConfig.OnCalendar = "*:0/10";
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
};
# configure notmuch
@ -305,123 +307,361 @@
# a few config
home-manager.users.mailUser.programs.afew = {
enable = true;
extraConfig = with lib; let
enable = true;
extraConfig = with lib;
let
template = index: { tags, query, message ? "generic", ... }: ''
[Filter.${toString index}]
query = ${query}
tags = ${concatStringsSep ";" tags}
message = ${message}
'';
template = index:
{ tags, query, message ? "generic", ... }: ''
[Filter.${toString index}]
query = ${query}
tags = ${concatStringsSep ";" tags}
message = ${message}
'';
filters = [
{query = "from:linkedin.com"; tags = [ "+linked" "+jobs" ];}
{query = "from:computerfutures.com OR from:computerfutures.de"; tags = [ "+jobs" "-inbox" ];}
{query = "from:seek.com.au"; tags = [ "+jobs" ];}
{query = "from:xing.com"; tags = [ "+jobs" "-inbox" ];}
{query = "from:no-reply@backtrace.io"; tags = ["+sononym" "-inbox" "-unread"];}
{query = "from:ebay.com OR from:ebay.de OR from:ebay.net"; tags = [ "+ebay" "+shop" "+billing"];}
{query = "from:bahn.de"; tags = [ "+billing" "+bahn" ];}
{query = "from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com"; tags = [ "+mia" "+work" "-unread" "-inbox"];}
{query = "from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:getdigital.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:digitalo.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:puppet.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:mixcloudmail.com AND subject:Weekly Update"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:facebook.com OR from:facebookmail.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:getpocket.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:oknotify2.com"; tags = [ "+okcupid" ];}
{query = "from:oknotify2.com AND NOT subject:New message"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:paulaschoice.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:immobilienscout24.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:magix.net"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:booking.com"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:hackster.io"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:trade4less.de"; tags = [ "-inbox" "-unread" "+junk" ];}
{query = "from:taxback.de OR to:taxback.de"; tags = ["+steuer"] ;}
{query = "from:campact.de"; tags = ["+campact" "+politics"] ;}
{query = "from:menospese.com"; tags = ["+junk" "-unread" "-inbox"] ;}
{query = "from:aliexpress.com"; tags = ["+shop" "+aliexpress"] ;}
{query = "from:congstar.de"; tags = ["+billing" "+congstar" "-inbox" "-unread"] ;}
{query = "from:congstarnews.de"; tags = ["+congstar" "-inbox" "-unread" "+junk"] ;}
{query = "from:fitnessfirst.de"; tags = ["-inbox" "-unread" "+junk"] ;}
{query = "from:steampowered.com AND NOT ( subject:purchase OR subject:received )"; tags = ["-inbox" "-unread" ] ;}
{query = "from:steampowered.com AND ( subject:purchase OR subject:received )"; tags = ["+billing" "+steam" ] ;}
{query = "from:gog.com AND NOT subject:Bestellung"; tags = ["-inbox" "-unread" ] ;}
{query = "from:gog.com AND subject:Bestellung"; tags = ["+billing" "+gog" ] ;}
{query = "from:drive-now.com"; tags = ["+billing" "+drivenow" "-inbox" "-unread"] ;}
{query = "from:mindfactory.de"; tags = ["+shop" "+billing"] ;}
{query = "from:zalando.de"; tags = ["+shop" "+billing" "+zalando"] ;}
{query = "from:ing.de"; tags = ["+bank" "+ingdiba"] ;}
{query = "from:nab.com.au"; tags = ["+bank" "+nab" "-inbox" "-unread"] ;}
{query = "from:dkb.de"; tags = ["+bank" "+dkb"] ;}
{query = "from:o2online.de"; tags = ["+billing" "+o2"] ;}
{query = "from:betfair.com"; tags = ["+work" "+betfair"] ;}
{query = "from:ghostinspector.com"; tags = ["-unread" "-inbox" "+junk"] ;}
{query = "from:travis-ci.org AND subject:csv-to-qif"; tags = ["+development" "+csv-to-qif"] ;}
{query = "to:proaudio@lists.tuxfamily.org"; tags = ["-inbox" "-unread"] ;}
{query = "tag:lists AND from:nixos1@discoursemail.com"; tags = ["+nixos" "+discourse"] ;}
{query = "from:limebike.com AND (subject:Funds OR subject:Receipt)" ; tags = ["-inbox" "-unread" "+billing" "+limebike"] ;}
{query = "from:hetzner.com OR from:hetzner.de" ; tags = ["+hetzner"] ;}
{query = "from:freemusicarchive.org" ; tags = ["+FMA"] ;}
{query = "from:namecheap.com" ; tags = ["+namecheap" "+billing"] ;}
{query = "from:nintendo.com" ; tags = ["+nintendo" "+billing"] ;}
{query = "from:oculus.com AND subject:receipt" ; tags = ["+oculus" "+billing"] ;}
{query = "from:vstbuzz.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from:runtastic.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from:letterboxd.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from::microsoftstoreemail.com" ; tags = ["+junk" "-inbox" ] ;}
{query = "from:car2go.com" ; tags = ["-inbox" "-unread" ] ;}
{query = "from:sixt.de" ; tags = ["-inbox" "-unread" ] ;}
{query = "from:meetup.com" ; tags = ["-inbox" "-unread" "+meetup"] ;}
{query = "from:slack.com" ; tags = ["+slack"] ;}
{query = "from:keybase.io" ; tags = ["+keybase"] ;}
{query = "from:tumblr.com" ; tags = ["+junk" "-inbox" "-unread"];}
{query = "from:jobs2web.com" ; tags = ["+newzealand" "+jobs" "-inbox" ];}
{query = "from:mailings.gmx.net" ; tags = ["+junk" "-inbox" "-unread"];}
{query = "from:paypal.de AND subject:Bestätigung"; tags = ["-unread" "+paypal" "+billing"] ;}
{query = "to:c-base.org" ; tags = ["+cbase"] ;}
{query = "to:c-base.org AND subject=[auto-report]"; tags = ["-unread" "-inbox"] ;}
{query = "to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com"; tags = ["+renoise"] ;}
{query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com"; tags = ["+shop" "+amazon" "+billing"];}
{
query = "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
query = "from:linkedin.com";
tags = [ "+linked" "+jobs" ];
}
{
query = "from:computerfutures.com OR from:computerfutures.de";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:seek.com.au";
tags = [ "+jobs" ];
}
{
query = "from:xing.com";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:no-reply@backtrace.io";
tags = [ "+sononym" "-inbox" "-unread" ];
}
{
query = "from:ebay.com OR from:ebay.de OR from:ebay.net";
tags = [ "+ebay" "+shop" "+billing" ];
}
{
query = "from:bahn.de";
tags = [ "+billing" "+bahn" ];
}
{
query =
"from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com";
tags = [ "+mia" "+work" "-unread" "-inbox" ];
}
{
query =
"from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:getdigital.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:digitalo.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:puppet.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:mixcloudmail.com AND subject:Weekly Update";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:facebook.com OR from:facebookmail.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:getpocket.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:oknotify2.com";
tags = [ "+okcupid" ];
}
{
query = "from:oknotify2.com AND NOT subject:New message";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:paulaschoice.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query =
"from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:immobilienscout24.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:magix.net";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:booking.com";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:hackster.io";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:trade4less.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query = "from:taxback.de OR to:taxback.de";
tags = [ "+steuer" ];
}
{
query = "from:campact.de";
tags = [ "+campact" "+politics" ];
}
{
query = "from:menospese.com";
tags = [ "+junk" "-unread" "-inbox" ];
}
{
query = "from:aliexpress.com";
tags = [ "+shop" "+aliexpress" ];
}
{
query = "from:congstar.de";
tags = [ "+billing" "+congstar" "-inbox" "-unread" ];
}
{
query = "from:congstarnews.de";
tags = [ "+congstar" "-inbox" "-unread" "+junk" ];
}
{
query = "from:fitnessfirst.de";
tags = [ "-inbox" "-unread" "+junk" ];
}
{
query =
"from:steampowered.com AND NOT ( subject:purchase OR subject:received )";
tags = [ "-inbox" "-unread" ];
}
{
query =
"from:steampowered.com AND ( subject:purchase OR subject:received )";
tags = [ "+billing" "+steam" ];
}
{
query = "from:gog.com AND NOT subject:Bestellung";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:gog.com AND subject:Bestellung";
tags = [ "+billing" "+gog" ];
}
{
query = "from:drive-now.com";
tags = [ "+billing" "+drivenow" "-inbox" "-unread" ];
}
{
query = "from:mindfactory.de";
tags = [ "+shop" "+billing" ];
}
{
query = "from:zalando.de";
tags = [ "+shop" "+billing" "+zalando" ];
}
{
query = "from:ing.de";
tags = [ "+bank" "+ingdiba" ];
}
{
query = "from:nab.com.au";
tags = [ "+bank" "+nab" "-inbox" "-unread" ];
}
{
query = "from:dkb.de";
tags = [ "+bank" "+dkb" ];
}
{
query = "from:o2online.de";
tags = [ "+billing" "+o2" ];
}
{
query = "from:betfair.com";
tags = [ "+work" "+betfair" ];
}
{
query = "from:ghostinspector.com";
tags = [ "-unread" "-inbox" "+junk" ];
}
{
query = "from:travis-ci.org AND subject:csv-to-qif";
tags = [ "+development" "+csv-to-qif" ];
}
{
query = "to:proaudio@lists.tuxfamily.org";
tags = [ "-inbox" "-unread" ];
}
{
query = "tag:lists AND from:nixos1@discoursemail.com";
tags = [ "+nixos" "+discourse" ];
}
{
query = "from:limebike.com AND (subject:Funds OR subject:Receipt)";
tags = [ "-inbox" "-unread" "+billing" "+limebike" ];
}
{
query = "from:hetzner.com OR from:hetzner.de";
tags = [ "+hetzner" ];
}
{
query = "from:freemusicarchive.org";
tags = [ "+FMA" ];
}
{
query = "from:namecheap.com";
tags = [ "+namecheap" "+billing" ];
}
{
query = "from:nintendo.com";
tags = [ "+nintendo" "+billing" ];
}
{
query = "from:oculus.com AND subject:receipt";
tags = [ "+oculus" "+billing" ];
}
{
query = "from:vstbuzz.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from:runtastic.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from:letterboxd.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from::microsoftstoreemail.com";
tags = [ "+junk" "-inbox" ];
}
{
query = "from:car2go.com";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:sixt.de";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:meetup.com";
tags = [ "-inbox" "-unread" "+meetup" ];
}
{
query = "from:slack.com";
tags = [ "+slack" ];
}
{
query = "from:keybase.io";
tags = [ "+keybase" ];
}
{
query = "from:tumblr.com";
tags = [ "+junk" "-inbox" "-unread" ];
}
{
query = "from:jobs2web.com";
tags = [ "+newzealand" "+jobs" "-inbox" ];
}
{
query = "from:mailings.gmx.net";
tags = [ "+junk" "-inbox" "-unread" ];
}
{
query = "from:paypal.de AND subject:Bestätigung";
tags = [ "-unread" "+paypal" "+billing" ];
}
{
query = "to:c-base.org";
tags = [ "+cbase" ];
}
{
query = "to:c-base.org AND subject=[auto-report]";
tags = [ "-unread" "-inbox" ];
}
{
query =
"to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com";
tags = [ "+renoise" ];
}
{
query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com";
tags = [ "+shop" "+amazon" "+billing" ];
}
{
query =
"to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
}
# final rules to make imap sync stuff easier
# there can only be one output folder tag, and theses rules are prioritized
{ query = "tag:fraud" ; tags = ["-inbox" "-archive" "-junk" "-unread" ]; message = "clean up tag fraud";}
{ query = "tag:junk" ; tags = ["-inbox" "-archive" "-fraud" "-unread" ]; message = "clean up tag junk";}
{ query = "tag:archive" ; tags = ["-inbox" "-junk" "-fraud" "-unread" ]; message = "clean up tag archive";}
{ query = "tag:inbox" ; tags = ["-archive" "-junk" "-fraud"]; message = "clean up inbox";}
{ query = "tag:killed"; tags = ["-inbox" "-unread"]; message = "clean up tag killed" ;}
{
query = "tag:fraud";
tags = [ "-inbox" "-archive" "-junk" "-unread" ];
message = "clean up tag fraud";
}
{
query = "tag:junk";
tags = [ "-inbox" "-archive" "-fraud" "-unread" ];
message = "clean up tag junk";
}
{
query = "tag:archive";
tags = [ "-inbox" "-junk" "-fraud" "-unread" ];
message = "clean up tag archive";
}
{
query = "tag:inbox";
tags = [ "-archive" "-junk" "-fraud" ];
message = "clean up inbox";
}
{
query = "tag:killed";
tags = [ "-inbox" "-unread" ];
message = "clean up tag killed";
}
# remove new tag at the end
{ query = "tag:new"; tags = ["-new"]; message = "remove new tag at the end" ;}
{
query = "tag:new";
tags = [ "-new" ];
message = "remove new tag at the end";
}
];
in
''
# Tag mails which are mailing lists
[ListMailsFilter]
in ''
# Tag mails which are mailing lists
[ListMailsFilter]
# Tag mails as killed if the thread has been marked as "killed"
[KillThreadsFilter]
# Tag mails as killed if the thread has been marked as "killed"
[KillThreadsFilter]
${concatStringsSep "\n" (imap0 template filters)}
${concatStringsSep "\n" (imap0 template filters)}
'';
};
}

8
configs/workhorse/packages.nix
View file

@ -1,7 +1,3 @@
{ config, pkgs, ... }:
let
unstable = import <nixpkgs-unstable> {};
in {
environment.systemPackages = with pkgs ; [
];
}
let unstable = import <nixpkgs-unstable> { };
in { environment.systemPackages = with pkgs; [ ]; }

53
configs/workhorse/prometheus.nix
View file

@ -1,14 +1,11 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"prometheus.workhorse.private" = {
locations."/" = {
proxyPass = "http://workhorse.private:9090";
};
locations."/" = { proxyPass = "http://workhorse.private:9090"; };
};
};
};
@ -21,21 +18,21 @@
scrape_interval = "8s";
static_configs = [
{
targets = ["sputnik.private:9113"];
targets = [ "sputnik.private:9113" ];
labels = {
service = "nginx";
server = "sputnik";
};
}
{
targets = ["sputnik.private:9113"];
targets = [ "sputnik.private:9113" ];
labels = {
service = "nginx";
server = "sputnik";
};
}
{
targets = ["workhorse.private:9113"];
targets = [ "workhorse.private:9113" ];
labels = {
service = "nginx";
server = "sputnik";
@ -50,21 +47,21 @@
scrape_interval = "5s";
static_configs = [
{
targets = ["porani.private:19999"];
targets = [ "porani.private:19999" ];
labels = {
service = "netdata";
server = "porani";
};
}
{
targets = ["sputnik.private:19999"];
targets = [ "sputnik.private:19999" ];
labels = {
service = "netdata";
server = "sputnik";
};
}
{
targets = ["workhorse.private:19999"];
targets = [ "workhorse.private:19999" ];
labels = {
service = "netdata";
server = "workhorse";
@ -77,30 +74,26 @@
metrics_path = "/-/metrics";
params.format = [ "prometheus" ];
scrape_interval = "10s";
static_configs = [
{
targets = ["workhorse.private:3000"];
labels = {
service = "gogs";
server = "kruck";
};
}
];
static_configs = [{
targets = [ "workhorse.private:3000" ];
labels = {
service = "gogs";
server = "kruck";
};
}];
}
{
job_name = "home-assistant";
scrape_interval = "60s";
metrics_path = "/api/prometheus";
static_configs = [
{
targets = ["porani.private:8123"];
labels = {
service = "hass";
server = "porani";
city = "essen";
};
}
];
static_configs = [{
targets = [ "porani.private:8123" ];
labels = {
service = "hass";
server = "porani";
city = "essen";
};
}];
}
];
};

3
configs/workhorse/restic.nix
View file

@ -1,5 +1,4 @@
{ config, ... }:
{
{ config, ... }: {
backup.services.restic = {
"on-porani".enable = false;

9
configs/workhorse/seafile.nix
View file

@ -1,14 +1,15 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"seafile.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.custom.services.seafile.port}";
proxyPass = "http://${config.networking.hostName}.private:${
toString config.custom.services.seafile.port
}";
};
};
};

152
configs/workhorse/syncthing.nix
View file

@ -1,98 +1,98 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
custom.samba-share = {
enable = true;
folders = {
movies = config.test.services.syncthing.declarative.folders.movies.path;
series = config.test.services.syncthing.declarative.folders.series.path;
music = config.test.services.syncthing.declarative.folders.music-library.path;
music =
config.test.services.syncthing.declarative.folders.music-library.path;
};
};
test.services.syncthing = {
enable = true;
openDefaultPorts = false;
dataDir = "/home/syncthing";
configDir = "/home/syncthing";
declarative = {
cert = toString <secrets/syncthing/cert.pem>;
key = toString <secrets/syncthing/key.pem>;
overrideFolders = true;
test.services.syncthing = {
enable = true;
openDefaultPorts = false;
dataDir = "/home/syncthing";
configDir = "/home/syncthing";
declarative = {
cert = toString <secrets/syncthing/cert.pem>;
key = toString <secrets/syncthing/key.pem>;
overrideFolders = true;
folders = {
folders = {
# todo add podcast here
# todo add podcast here
# on encrypted hard drive
# -----------------------
private = {
# on encrypted hard drive
# -----------------------
private = {
enable = true;
path = "/home/syncthing/private";
versioning = {
type = "simple";
params.keep = "10";
};
};
desktop = {
enable = true;
path = "/home/syncthing/desktop";
};
finance = {
enable = true;
path = "/home/syncthing/finance";
versioning = {
type = "simple";
params.keep = "10";
};
};
fotos = {
enable = true;
path = "/home/syncthing/fotos";
};
lost-fotos = {
enable = true;
path = "/home/syncthing/lost-fotos.ct";
};
music-projects = {
enable = true;
path = "/home/syncthing/music-projects";
};
video-material = {
enable = true;
path = "/home/syncthing/video-material";
};
};
desktop = {
enable = true;
path = "/home/syncthing/desktop";
};
finance = {
enable = true;
path = "/home/syncthing/finance";
versioning = {
type = "simple";
params.keep = "10";
};
};
fotos = {
enable = true;
path = "/home/syncthing/fotos";
};
lost-fotos = {
enable = true;
path = "/home/syncthing/lost-fotos.ct";
};
music-projects = {
enable = true;
path = "/home/syncthing/music-projects";
};
video-material = {
enable = true;
path = "/home/syncthing/video-material";
};
# on media hard drive (not encrypted)
# -----------------------------------
music-library-free = {
enable = true;
path = "/media/syncthing/music-library-free";
};
samples = {
enable = true;
path = "/media/syncthing/samples";
};
movies = {
enable = true;
path = "/media/syncthing/movies";
};
music-library = {
enable = true;
path = "/media/syncthing/music-library";
};
podcasts = {
enable = true;
path = "/media/syncthing/podcasts";
};
series = {
enable = true;
path = "/media/syncthing/series";
};
# on media hard drive (not encrypted)
# -----------------------------------
music-library-free = {
enable = true;
path = "/media/syncthing/music-library-free";
};
samples = {
enable = true;
path = "/media/syncthing/samples";
};
movies = {
enable = true;
path = "/media/syncthing/movies";
};
music-library = {
enable = true;
path = "/media/syncthing/music-library";
};
podcasts = {
enable = true;
path = "/media/syncthing/podcasts";
};
series = {
enable = true;
path = "/media/syncthing/series";
};
};
};
};
};
};
};
systemd.services."permown._media_syncthing" = {
bindsTo = [ "media.mount" ];
@ -108,6 +108,6 @@
after = [ "media.mount" ];
};
backup.all.restic.dirs = ["/home/syncthing/finance"];
backup.all.restic.dirs = [ "/home/syncthing/finance" ];
}

5
configs/workhorse/taskserver.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
services.taskserver = {
enable = true;
@ -8,7 +7,7 @@
requestLimit = 104857600;
trust = "allow all";
dataDir = "/var/lib/taskserver";
organisations."orgie".users = ["palo"];
organisations."orgie".users = [ "palo" ];
};
}

3
configs/workhorse/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
module.cluster.services.tinc = {
"private" = {

17
configs/workhorse/transmission.nix
View file

@ -4,12 +4,10 @@ with lib;
let
allTincNetworks =
builtins.attrNames config.module.cluster.services.tinc;
allTincNetworks = builtins.attrNames config.module.cluster.services.tinc;
ipAddresses =
flatten (mapAttrsToList (_: data:
mapAttrsToList (_: hostConfig: hostConfig.tincIp) data.hosts)
ipAddresses = flatten (mapAttrsToList
(_: data: mapAttrsToList (_: hostConfig: hostConfig.tincIp) data.hosts)
config.module.cluster.services.tinc);
in {
@ -19,9 +17,11 @@ in {
statusPage = true;
virtualHosts = {
"transmission.${config.networking.hostName}.private" = {
serverAliases = ["torrent.${config.networking.hostName}.private"];
serverAliases = [ "torrent.${config.networking.hostName}.private" ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.transmission.port}";
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.transmission.port
}";
};
};
};
@ -36,7 +36,8 @@ in {
enable = true;
home = "/home/torrent";
store = "/home/torrent";
hosts = concatStringsSep "," (map (name: "${config.networking.hostName}.${name}") allTincNetworks);
hosts = concatStringsSep ","
(map (name: "${config.networking.hostName}.${name}") allTincNetworks);
whitelist = concatStringsSep "," ipAddresses;
user = "palo";
password = lib.fileContents <secrets/transmission/password>;

13
configs/workhorse/weechat.nix
View file

@ -9,9 +9,7 @@
{
# configure weechat
services.weechat = {
enable = true;
};
services.weechat = { enable = true; };
# configure bitlbee
services.bitlbee = {
@ -28,17 +26,12 @@
pkgs.telegram-purple
#pkgs.purple-lurch
];
plugins = [
pkgs.bitlbee-facebook
pkgs.bitlbee-steam
];
plugins = [ pkgs.bitlbee-facebook pkgs.bitlbee-steam ];
};
# otherwise xterm is the only thing that works
environment.systemPackages = [ pkgs.rxvt_unicode ];
backup.all.restic.dirs = [
config.services.weechat.root
];
backup.all.restic.dirs = [ config.services.weechat.root ];
}

17
configs/workout/configuration.nix
View file

@ -1,5 +1,4 @@
{ lib, config, pkgs, ... }:
{
{ lib, config, pkgs, ... }: {
imports = [
<system/desktop>
@ -13,13 +12,13 @@
];
networking.hostName = "workout";
networking.hostName = "workout";
services.logind.lidSwitch = lib.mkForce "ignore";
security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
};
# nix-shell -p speedtest_cli --run speedtest
@ -36,8 +35,8 @@
# font
# ----
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
system.custom.fonts.dpi = 140;
services.printing.enable = true;
@ -45,8 +44,8 @@
virtualisation = {
docker.enable = true;
virtualbox = {
host.enable = true;
guest.x11 = true;
host.enable = true;
guest.x11 = true;
guest.enable = true;
};
};

52
configs/workout/hardware-configuration.nix
View file

@ -1,40 +1,48 @@
{ config, lib, pkgs, ... }:
let
mainUserHome = "/home/palo";
in
{
let mainUserHome = "/home/palo";
in {
# fix fileSystems.<name>.encrypted - false overwrite
# --------------------------------------------------
boot.initrd.luks.cryptoModules = [ "aes" "aes_generic" "blowfish" "twofish" "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512" "aes_x86_64" ];
boot.initrd.luks.cryptoModules = [
"aes"
"aes_generic"
"blowfish"
"twofish"
"serpent"
"cbc"
"xts"
"lrw"
"sha1"
"sha256"
"sha512"
"aes_x86_64"
];
# todo : why should I use this here
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.kernelModules = [ "kvm-intel" ];
nix.maxJobs = lib.mkDefault 8;
# lvm volume group
# ----------------
boot.initrd.luks.devices = [
{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}
];
boot.initrd.luks.devices = [{
name = "vg";
device = "/dev/sda2";
preLVM = true;
}];
# NTFS support
# ------------
environment.systemPackages = [
pkgs.ntfs3g
];
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/root";
fsType = "ext4";
device = "/dev/vg/root";
fsType = "ext4";
};
# boot
@ -44,8 +52,8 @@ in
fsType = "ext4";
};
boot.loader.grub = {
device = "/dev/sda";
enable = true;
device = "/dev/sda";
enable = true;
version = 2;
};
@ -53,8 +61,8 @@ in
# ----
fileSystems."/home" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/vg/home";
fsType = "ext4";
device = "/dev/vg/home";
fsType = "ext4";
};
}

15
configs/workout/kibana.nix
View file

@ -1,22 +1,25 @@
{ config, ... }:
{
{ config, ... }: {
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"kibana.${config.networking.hostName}.private" = {
serverAliases = [];
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${toString config.services.kibana.port}";
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.kibana.port
}";
};
};
};
};
services.elasticsearch.enable = true;
services.elasticsearch.listenAddress = "${config.networking.hostName}.private";
services.elasticsearch.listenAddress =
"${config.networking.hostName}.private";
services.kibana.enable = true;
services.kibana.elasticsearch.hosts = [ "http://${config.networking.hostName}.private:9200" ];
services.kibana.elasticsearch.hosts =
[ "http://${config.networking.hostName}.private:9200" ];
services.kibana.listenAddress = "${config.networking.hostName}.private";
services.kibana.port = 5601;

21
configs/workout/packages.nix
View file

@ -1,19 +1,20 @@
{ config, pkgs, ... }:
let
unstable = import <nixpkgs-unstable> {};
let unstable = import <nixpkgs-unstable> { };
in {
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
nur = import (builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
environment.systemPackages = with pkgs ; [
bitwig-studio
#unstable.pypi2nix
#nur.repos.mic92.nixos-shell
];
environment.systemPackages = with pkgs;
[
bitwig-studio
#unstable.pypi2nix
#nur.repos.mic92.nixos-shell
];
programs.custom.q = {
enableIntelBacklight = false;

6
configs/workout/slack.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
programs.custom.slack = {
enable = true;
@ -7,7 +6,8 @@
};
programs.custom.browser.configList.google-chrome = {
inherit (config.programs.custom.browser.configList.development) home homeBackup user;
inherit (config.programs.custom.browser.configList.development)
home homeBackup user;
sudoUsers = [ "slack" ];
};

3
configs/workout/syncthing.nix
View file

@ -1,5 +1,4 @@
{ config, pkgs, lib, ... }:
{
{ config, pkgs, lib, ... }: {
test.services.syncthing = {
enable = true;

3
configs/workout/tinc.nix
View file

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }:
{
{ config, lib, pkgs, ... }: {
module.cluster.services.tinc = {
"private" = {
enable = true;

32
images/lib/remote-access.nix
View file

@ -1,56 +1,50 @@
{
# cat ~/.ssh/id_rsa.pub
publicSshKey ? "",
# remote-install-get-hiddenReceiver
hiddenReceiver ? "",
}:
{ config, lib, pkgs, ... }:
{
# cat ~/.ssh/id_rsa.pub
publicSshKey ? "",
# remote-install-get-hiddenReceiver
hiddenReceiver ? "", }:
{ config, lib, pkgs, ... }: {
imports = [
{ # system setup
networking.hostName = "liveos";
users.extraUsers = {
root = {
openssh.authorizedKeys.keys = [
publicSshKey
];
};
root = { openssh.authorizedKeys.keys = [ publicSshKey ]; };
};
}
{ # installed packages
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
#style
#style
most
rxvt_unicode.terminfo
#monitoring tools
#monitoring tools
htop
iotop
#network
#network
iptables
iftop
nmap
#stuff for dl
#stuff for dl
aria2
#neat utils
#neat utils
pciutils
psmisc
tmux
usbutils
git
#unpack stuff
#unpack stuff
p7zip
unzip
unrar
#data recovery
#data recovery
ddrescue
ntfs3g
dosfstools

6
images/remote-install/config.nix
View file

@ -1,8 +1,10 @@
{ pkgs, lib, ... }: let
{ pkgs, lib, ... }:
let
remote-access = import ../lib/remote-access.nix {
# cat ~/.ssh/id_rsa.pub
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
publicSshKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
# remote-install-get-hiddenReceiver
hiddenReceiver = "";

4
images/remote-install/remote-install.nix
View file

@ -3,9 +3,7 @@
services.tor = {
enable = true;
client.enable = true;
hiddenServices.liveos.map = [
{ port = 1337; }
];
hiddenServices.liveos.map = [{ port = 1337; }];
};
environment.systemPackages = [

11
images/windows-rescue/config.nix
View file

@ -1,23 +1,22 @@
# NixOS livesystem to reset windows passwords
# Step by step guide : https://opensource.com/article/18/3/how-reset-windows-password-linux
# $ nixos-generator -f iso -c config.nix
{ pkgs, ... }: let
{ pkgs, ... }:
let
wifi = {
ssid = "";
plainTextPassword = "";
};
remote-access = import ../lib/remote-access.nix {
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
publicSshKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
hiddenReceiver = "";
};
in {
imports = [ remote-access ];
environment.systemPackages = [
pkgs.chntpw
pkgs.ntfs3g
];
environment.systemPackages = [ pkgs.chntpw pkgs.ntfs3g ];
networking.dhcpcd.enable = true;
networking.wireless = {

14
images/yubikey-image.nix
View file

@ -7,10 +7,13 @@
if [ ! -d $GNUPGHOME ]; then
mkdir $GNUPGHOME
fi
cp ${pkgs.fetchurl {
url = "https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf";
sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la";
}} "$GNUPGHOME/gpg.conf"
cp ${
pkgs.fetchurl {
url =
"https://raw.githubusercontent.com/drduh/config/662c16404eef04f506a6a208f1253fee2f4895d9/gpg.conf";
sha256 = "118fmrsn28fz629y7wwwcx7r1wfn59h3mqz1snyhf8b5yh0sb8la";
}
} "$GNUPGHOME/gpg.conf"
echo "\$GNUPGHOME has been set up for you. Generated keys will be in $GNUPGHOME."
'';
@ -49,7 +52,8 @@
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
};
buildInputs = [ pkgs.pandoc ];
installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
installPhase =
"pandoc --highlight-style pygments -s --toc README.md -o $out";
};
in {
default = "xfce";

10
library/default.nix
View file

@ -1,8 +1,8 @@
{ pkgs, lib, ... }:
{
desktopFile = bin: { longName ? "Script", command ? "${bin}/bin/${bin.name}", ... }:
{ pkgs, lib, ... }: {
desktopFile = bin:
{ longName ? "Script", command ? "${bin}/bin/${bin.name}", ... }:
pkgs.writeTextFile {
name = "${bin.name}.desktop" ;
name = "${bin.name}.desktop";
destination = "/share/applications/${bin.name}.desktop";
text = ''
[Desktop Entry]
@ -14,7 +14,7 @@
GenericName=${longName}
StartupWMClass=${bin.name}
'';
};
};
jenkins = import ./jenkins.nix { inherit lib; };

127
library/jenkins.nix
View file

@ -4,77 +4,74 @@ with builtins;
{
# source container url and credentialsId
job = name: {
url,
credentialsId,
branch ? "master",
job = name:
{ url, credentialsId, branch ? "master",
# https://docs.openstack.org/infra/jenkins-job-builder/triggers.html
triggers ? [
{ pollscm = {
cron = "H/30 * * * *";
ignore-post-commit-hooks = true;
};}
], ... }: config: { job = {
inherit name triggers;
sandbox = true;
project-type = "pipeline";
dsl = let
stage = elem:
let
stageName = head ( attrNames elem );
stateScripts = map ( stage :
lib.getAttr (typeOf stage) {
string = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage}'
}'';
set =
let
script = ''
triggers ? [{
pollscm = {
cron = "H/30 * * * *";
ignore-post-commit-hooks = true;
};
}], ... }:
config: {
job = {
inherit name triggers;
sandbox = true;
project-type = "pipeline";
dsl = let
stage = elem:
let
stageName = head (attrNames elem);
stateScripts = map (stage:
lib.getAttr (typeOf stage) {
string = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage.script}'
}
'';
in
if (stage.credentialsId != null)
then ''
sh '${toString stage}'
}'';
set = let
script = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage.script}'
}
'';
in if (stage.credentialsId != null) then ''
sshagent(['${stage.credentialsId}']) { ${script} }
''
else script;
'' else
script;
}) (getAttr stageName elem);
in ''
stage('${stageName}') {
steps {
${concatStringsSep "\n" stateScripts}
}
}
)( getAttr stageName elem );
'';
stages = map stage config;
in ''
stage('${stageName}') {
steps {
${concatStringsSep "\n" stateScripts}
pipeline {
agent any
stages{
stage('Pull') {
steps {
checkout(
[$class: 'GitSCM'
, branches: [[name: '*/${branch}']]
, doGenerateSubmoduleConfigurations: false
, extensions: [[$class: 'LocalBranch', localBranch: 'master']]
, submoduleCfg: []
, userRemoteConfigs:
[[ credentialsId: '${credentialsId}'
, url: '${url}']]
]
)
}
}
${concatStringsSep "\n" stages}
}
}
'';
stages = map stage config;
in ''
pipeline {
agent any
stages{
stage('Pull') {
steps {
checkout(
[$class: 'GitSCM'
, branches: [[name: '*/${branch}']]
, doGenerateSubmoduleConfigurations: false
, extensions: [[$class: 'LocalBranch', localBranch: 'master']]
, submoduleCfg: []
, userRemoteConfigs:
[[ credentialsId: '${credentialsId}'
, url: '${url}']]
]
)
}
}
${concatStringsSep "\n" stages}
}
}
'';
};};
};
};
# creates a sync job
# source and target container url and credentialsId
@ -83,12 +80,12 @@ with builtins;
name = name;
sandbox = true;
project-type = "pipeline";
triggers = [ {
triggers = [{
pollscm = {
cron = "H/30 * * * *";
ignore-post-commit-hooks = true;
};
} ];
}];
dsl = ''
pipeline {
agent any

128
modules/later/syncthing.nix
View file

@ -11,18 +11,16 @@ let
inherit (device) name addresses introducer;
}) cfg.declarative.devices;
folders = mapAttrsToList ( _: folder: {
folders = mapAttrsToList (_: folder: {
inherit (folder) path id label type;
devices = map (device: { deviceId = cfg.declarative.devices.${device}.id; }) folder.devices;
devices = map (device: { deviceId = cfg.declarative.devices.${device}.id; })
folder.devices;
rescanIntervalS = folder.rescanInterval;
fsWatcherEnabled = folder.watch;
fsWatcherDelayS = folder.watchDelay;
ignorePerms = folder.ignorePerms;
versioning = folder.versioning;
}) (filterAttrs (
_: folder:
folder.enable
) cfg.declarative.folders);
}) (filterAttrs (_: folder: folder.enable) cfg.declarative.folders);
# get the api key by parsing the config.xml
getApiKey = pkgs.writers.writeDash "getAPIKey" ''
@ -45,8 +43,12 @@ let
# generate the new config by merging with the nixos config options
NEW_CFG=$(echo "$OLD_CFG" | ${pkgs.jq}/bin/jq -s '.[] as $in | $in * {
"devices": (${builtins.toJSON devices}${optionalString (! cfg.declarative.overrideDevices) " + $in.devices"}),
"folders": (${builtins.toJSON folders}${optionalString (! cfg.declarative.overrideFolders) " + $in.folders"})
"devices": (${builtins.toJSON devices}${
optionalString (!cfg.declarative.overrideDevices) " + $in.devices"
}),
"folders": (${builtins.toJSON folders}${
optionalString (!cfg.declarative.overrideFolders) " + $in.folders"
})
}')
# POST the new config to syncthing
@ -102,13 +104,14 @@ in {
};
devices = mkOption {
default = {};
default = { };
description = ''
Peers/devices which syncthing should communicate with.
'';
example = {
bigbox = {
id = "7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU";
id =
"7CFNTQM-IMTJBHJ-3UWRDIU-ZGQJFR6-VCXZ3NB-XUH3KZO-N52ITXR-LAIYUAU";
addresses = [ "tcp://192.168.0.10:51820" ];
};
};
@ -125,7 +128,7 @@ in {
addresses = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
description = ''
The addresses used to connect to the device.
If this is let empty, dynamic configuration is attempted
@ -165,7 +168,7 @@ in {
};
folders = mkOption {
default = {};
default = { };
description = ''
folders which should be shared by syncthing.
'';
@ -214,7 +217,7 @@ in {
devices = mkOption {
type = types.listOf types.str;
default = [];
default = [ ];
description = ''
The devices this folder should be shared with. Must be defined
in the <literal>declarative.devices</literal> attribute.
@ -262,16 +265,16 @@ in {
};
}
];
type = with types; nullOr (submodule {
options = {
type = mkOption {
type = enum [ "external" "simple" "staggered" "trashcan" ];
type = with types;
nullOr (submodule {
options = {
type = mkOption {
type =
enum [ "external" "simple" "staggered" "trashcan" ];
};
params = mkOption { type = attrsOf (either str path); };
};
params = mkOption {
type = attrsOf (either str path);
};
};
});
});
};
rescanInterval = mkOption {
@ -376,11 +379,10 @@ in {
description = ''
Path where the settings and keys will exist.
'';
default =
let
nixos = config.system.stateVersion;
cond = versionAtLeast nixos "19.03";
in cfg.dataDir + (optionalString cond "/.config/syncthing");
default = let
nixos = config.system.stateVersion;
cond = versionAtLeast nixos "19.03";
in cfg.dataDir + (optionalString cond "/.config/syncthing");
};
openDefaultPorts = mkOption {
@ -427,18 +429,17 @@ in {
systemd.packages = [ pkgs.syncthing ];
users.users = mkIf (cfg.systemService && cfg.user == defaultUser) {
${defaultUser} =
{ group = cfg.group;
home = cfg.dataDir;
createHome = true;
uid = config.ids.uids.syncthing;
description = "Syncthing daemon user";
};
${defaultUser} = {
group = cfg.group;
home = cfg.dataDir;
createHome = true;
uid = config.ids.uids.syncthing;
description = "Syncthing daemon user";
};
};
users.groups = mkIf (cfg.systemService && cfg.group == defaultUser) {
${defaultUser}.gid =
config.ids.gids.syncthing;
${defaultUser}.gid = config.ids.gids.syncthing;
};
systemd.services = {
@ -454,20 +455,26 @@ in {
serviceConfig = {
Restart = "on-failure";
SuccessExitStatus = "2 3 4";
RestartForceExitStatus="3 4";
RestartForceExitStatus = "3 4";
User = cfg.user;
Group = cfg.group;
ExecStartPre = mkIf (cfg.declarative.cert != null || cfg.declarative.key != null)
"+${pkgs.writers.writeBash "syncthing-copy-keys" ''
install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir}
${optionalString (cfg.declarative.cert != null) ''
install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.cert} ${cfg.configDir}/cert.pem
''}
${optionalString (cfg.declarative.key != null) ''
install -Dm400 -o ${cfg.user} -g ${cfg.group} ${toString cfg.declarative.key} ${cfg.configDir}/key.pem
''}
''}"
;
ExecStartPre =
mkIf (cfg.declarative.cert != null || cfg.declarative.key != null)
"+${
pkgs.writers.writeBash "syncthing-copy-keys" ''
install -dm700 -o ${cfg.user} -g ${cfg.group} ${cfg.configDir}
${optionalString (cfg.declarative.cert != null) ''
install -Dm400 -o ${cfg.user} -g ${cfg.group} ${
toString cfg.declarative.cert
} ${cfg.configDir}/cert.pem
''}
${optionalString (cfg.declarative.key != null) ''
install -Dm400 -o ${cfg.user} -g ${cfg.group} ${
toString cfg.declarative.key
} ${cfg.configDir}/key.pem
''}
''
}";
ExecStart = ''
${cfg.package}/bin/syncthing \
-no-browser \
@ -476,23 +483,20 @@ in {
'';
};
};
syncthing-init = mkIf (
cfg.declarative.devices != {} || cfg.declarative.folders != {}
) {
after = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];
syncthing-init = mkIf
(cfg.declarative.devices != { } || cfg.declarative.folders != { }) {
after = [ "syncthing.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
User = cfg.user;
RemainAfterExit = true;
Type = "oneshot";
ExecStart = updateConfig;
serviceConfig = {
User = cfg.user;
RemainAfterExit = true;
Type = "oneshot";
ExecStart = updateConfig;
};
};
};
syncthing-resume = {
wantedBy = [ "suspend.target" ];
};
syncthing-resume = { wantedBy = [ "suspend.target" ]; };
};
};
}

335
modules/programs/browser.nix
View file

@ -14,234 +14,219 @@ let
firefoxBin = "${pkgs.firefox}/bin/firefox";
tarBin = "${pkgs.gnutar}/bin/tar";
# desktop file
# ------------
# makes it possible to be used by other programs
desktopFile = bin: let
browserName = bin.name;
in pkgs.writeTextFile {
name = "${browserName}.desktop" ;
destination = "/share/applications/${browserName}.desktop";
text = ''
[Desktop Entry]
Type=Application
Exec=${bin}/bin/${browserName} %U
Icon=chromium
Comment=An open source web browser from Google
Terminal=false
Name=${browserName}
GenericName=Web browser
MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/webcal;x-scheme-handler/about
Categories=Network;WebBrowser
StartupWMClass=${browserName}
'';
};
desktopFile = bin:
let browserName = bin.name;
in pkgs.writeTextFile {
name = "${browserName}.desktop";
destination = "/share/applications/${browserName}.desktop";
text = ''
[Desktop Entry]
Type=Application
Exec=${bin}/bin/${browserName} %U
Icon=chromium
Comment=An open source web browser from Google
Terminal=false
Name=${browserName}
GenericName=Web browser
MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/ftp;x-scheme-handler/webcal;x-scheme-handler/about
Categories=Network;WebBrowser
StartupWMClass=${browserName}
'';
};
cleanBrowser = name: browser: home: homeBackup:
let
backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock";
in
pkgs.writeShellScriptBin "${name}-clean" /* sh */ ''
sudo killall -9 -u ${name}
sudo rm ${lockFile}
sudo rm -rf ${home}
'';
let
backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock";
in pkgs.writeShellScriptBin "${name}-clean" # sh
''
sudo killall -9 -u ${name}
sudo rm ${lockFile}
sudo rm -rf ${home}
'';
createBrowser = name: user: browser: home: homeBackup:
let
backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock";
in
pkgs.writeShellScriptBin "${name}" /* sh */ ''
# set -x
if [[ ! -e ${lockFile} ]]
then
# rollout backup
if [[ -e ${backupFile} ]]
let
backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock";
in pkgs.writeShellScriptBin "${name}" # sh
''
# set -x
if [[ ! -e ${lockFile} ]]
then
if [[ ! -d ${home} ]]
# rollout backup
if [[ -e ${backupFile} ]]
then
# todo : use make user
sudo mkdir -p ${home}
sudo chown -R ${user}:users ${home}
if [[ ! -d ${home} ]]
then
# todo : use make user
sudo mkdir -p ${home}
sudo chown -R ${user}:users ${home}
fi
cp ${backupFile} ${rolloutFile}
sudo -u ${user} ${tarBin} xf ${rolloutFile} --directory ${home}
rm ${rolloutFile}
touch ${lockFile}
fi
cp ${backupFile} ${rolloutFile}
sudo -u ${user} ${tarBin} xf ${rolloutFile} --directory ${home}
rm ${rolloutFile}
touch ${lockFile}
fi
fi
sudo -u ${user} ${browser}
'';
sudo -u ${user} ${browser}
'';
browserExecutableList =
let
allBrowser = flip mapAttrsToList cfg.configList (
name: config:
browserExecutableList = let
allBrowser = flip mapAttrsToList cfg.configList (name: config:
let
browser = if config.browserType == "chrome"
then "${chromiumBin} \"$@\""
else if config.browserType == "google"
then "${chromeBin} \"$@\""
else "${firefoxBin} \"$@\"";
in
createBrowser name config.user browser config.home config.homeBackup
);
browser = if config.browserType == "chrome" then
''${chromiumBin} "$@"''
else if config.browserType == "google" then
''${chromeBin} "$@"''
else
''${firefoxBin} "$@"'';
in createBrowser name config.user browser config.home config.homeBackup);
xclipBrowser = [
(pkgs.writeShellScriptBin "copy-to-xclip" /* sh */''
echo "$*" | ${pkgs.xclip}/bin/xclip
'')
(pkgs.writeShellScriptBin "copy-to-xclip" # sh
''
echo "$*" | ${pkgs.xclip}/bin/xclip
'')
];
in
allBrowser ++ xclipBrowser;
in allBrowser ++ xclipBrowser;
createBackupScript = name: home: backupHome:
pkgs.writeShellScriptBin "${name}-backup" /* sh */ ''
sudo -u ${name} \
${tarBin} \
--exclude=.cache \
--exclude=Downloads \
--create \
--verbos \
--lzma \
--file ${home}.tar.lzma \
--directory ${home} \
.
pkgs.writeShellScriptBin "${name}-backup" # sh
''
sudo -u ${name} \
${tarBin} \
--exclude=.cache \
--exclude=Downloads \
--create \
--verbos \
--lzma \
--file ${home}.tar.lzma \
--directory ${home} \
.
cp ${home}.tar.lzma ${backupHome}.tar.lzma
'';
cp ${home}.tar.lzma ${backupHome}.tar.lzma
'';
allBackupScripts =
let
filteredConfigs =
filterAttrs
(name: browserConfig: browserConfig.homeBackup != null)
cfg.configList;
in
mapAttrsToList
(name: browserConfig: createBackupScript name browserConfig.home browserConfig.homeBackup)
filteredConfigs;
allCleanScripts =
let
filteredConfigs =
filterAttrs
(name: browserConfig: browserConfig.homeBackup != null)
cfg.configList;
in
mapAttrsToList
(name: browserConfig: cleanBrowser name name browserConfig.home browserConfig.homeBackup)
filteredConfigs;
allBackupScripts = let
filteredConfigs =
filterAttrs (name: browserConfig: browserConfig.homeBackup != null)
cfg.configList;
in mapAttrsToList (name: browserConfig:
createBackupScript name browserConfig.home browserConfig.homeBackup)
filteredConfigs;
allCleanScripts = let
filteredConfigs =
filterAttrs (name: browserConfig: browserConfig.homeBackup != null)
cfg.configList;
in mapAttrsToList (name: browserConfig:
cleanBrowser name name browserConfig.home browserConfig.homeBackup)
filteredConfigs;
# browser chooser
# ---------------
browserSelect = pkgs.writeScriptBin "browser-select" ''
browserSelect = pkgs.writeScriptBin "browser-select" ''
# select a browser using dmenu
# ----------------------------
BROWSER=$( echo -e "${lib.concatMapStringsSep "\\n" (bin: bin.name) browserExecutableList}" \
BROWSER=$( echo -e "${
lib.concatMapStringsSep "\\n" (bin: bin.name) browserExecutableList
}" \
| ${pkgs.rofi}/bin/rofi -dmenu )
# start selected browser
# ----------------------
case $BROWSER in
${lib.concatStringsSep "\n"
(flip map browserExecutableList (bin: "${bin.name}) export BIN=${bin}/bin/${bin.name} ;;"))
}
${lib.concatStringsSep "\n" (flip map browserExecutableList
(bin: "${bin.name}) export BIN=${bin}/bin/${bin.name} ;;"))}
esac
$BIN "$@"
'';
in {
options.programs.custom.browser = {
enable = mkEnableOption "enable browsers";
configList = mkOption {
type = with types; attrsOf (submodule ({ name , ... }: {
options = {
browserType = mkOption {
type = with types; enum ["firefox" "chrome" "google"];
default = "chrome";
description = ''
the type of browser which is simulated
'';
type = with types;
attrsOf (submodule ({ name, ... }: {
options = {
browserType = mkOption {
type = with types; enum [ "firefox" "chrome" "google" ];
default = "chrome";
description = ''
the type of browser which is simulated
'';
};
home = mkOption {
type = with types; str;
description = ''
Home of the browser.
'';
};
user = mkOption {
default = name;
type = with types; str;
description = ''
user to run the browser as
'';
};
sudoUsers = mkOption {
default = [ config.users.users.mainUser.name ];
type = with types; listOf str;
description = ''
user allowed to run sudo without password to start the browser
'';
};
homeBackup = mkOption {
type = with types; nullOr str;
default = null;
example = "~/.my-browser-backup";
description = ''
backup of the home, which gets rolled out if the
home does not exists. usefull for homes in tmpfs.
dont use file endings!
'';
};
};
home = mkOption {
type = with types; str;
description = ''
Home of the browser.
'';
};
user = mkOption {
default = name;
type = with types; str;
description = ''
user to run the browser as
'';
};
sudoUsers = mkOption {
default = [ config.users.users.mainUser.name ];
type = with types; listOf str;
description = ''
user allowed to run sudo without password to start the browser
'';
};
homeBackup = mkOption {
type = with types; nullOr str;
default = null;
example = "~/.my-browser-backup";
description = ''
backup of the home, which gets rolled out if the
home does not exists. usefull for homes in tmpfs.
dont use file endings!
'';
};
};
}));
}));
};
};
config = mkIf cfg.enable {
# add sudo rights
security.sudo.extraConfig =
let
extraRules = flip mapAttrsToList cfg.configList (name: values:
concatStringsSep "\n" (map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL") values.sudoUsers)) ;
in
lib.concatStringsSep "\n" extraRules;
security.sudo.extraConfig = let
extraRules = flip mapAttrsToList cfg.configList (name: values:
concatStringsSep "\n"
(map (sudoUser: "${sudoUser} ALL=(${values.user}) NOPASSWD: ALL")
values.sudoUsers));
in lib.concatStringsSep "\n" extraRules;
# create users
users.users = flip mapAttrs cfg.configList (name: config:
{
home = config.home;
createHome = true;
initialPassword = "${name}-browser";
shell = pkgs.bashInteractive;
isNormalUser = true;
group = "users";
# enable video usage
extraGroups = [ "video" "audio" ];
}
);
users.users = flip mapAttrs cfg.configList (name: config: {
home = config.home;
createHome = true;
initialPassword = "${name}-browser";
shell = pkgs.bashInteractive;
isNormalUser = true;
group = "users";
# enable video usage
extraGroups = [ "video" "audio" ];
});
# add groups to mainUser
system.custom.mainUser.extraGroups = builtins.attrNames cfg.configList;
environment.systemPackages = [
browserSelect
( desktopFile browserSelect )
]
++ browserExecutableList
++ (map (bin: desktopFile bin) browserExecutableList)
++ allBackupScripts
++ allCleanScripts;
environment.systemPackages = [ browserSelect (desktopFile browserSelect) ]
++ browserExecutableList
++ (map (bin: desktopFile bin) browserExecutableList) ++ allBackupScripts
++ allCleanScripts;
};
}

17
modules/programs/citate.nix
View file

@ -11,9 +11,10 @@ let
xdotool = "${pkgs.xdotool}/bin/xdotool";
dmenu = "${pkgs.dmenu}/bin/dmenu";
citateScript = file: suffix: pkgs.writeShellScriptBin "citate-${suffix}" ''
${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )"
'';
citateScript = file: suffix:
pkgs.writeShellScriptBin "citate-${suffix}" ''
${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )"
'';
scriptAxel = citateScript (toString <assets/sprueche-axel>) "axel";
scriptSiw = citateScript (toString <assets/sprueche-siw>) "siw";
@ -27,9 +28,15 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [
scriptAxel
(library.desktopFile scriptAxel { longName = "Citate Axel"; command = "citate-axel"; })
(library.desktopFile scriptAxel {
longName = "Citate Axel";
command = "citate-axel";
})
scriptSiw
(library.desktopFile scriptSiw { longName = "Citate Sinnlos im Weltall"; command = "citate-siw"; })
(library.desktopFile scriptSiw {
longName = "Citate Sinnlos im Weltall";
command = "citate-siw";
})
];
};
}

13
modules/programs/curl-scripts.nix
View file

@ -12,7 +12,7 @@ let
${pkgs.curl}/bin/curl "qrenco.de/$1"
'';
cheatSheetScript = pkgs.writeShellScriptBin "cheatsheet" ''
cheatSheetScript = pkgs.writeShellScriptBin "cheatsheet" ''
${pkgs.curl}/bin/curl "cheat.sh/$1"
'';
@ -20,15 +20,12 @@ let
in {
options.programs.custom.curlScripts.enable = mkEnableOption "enable curl scripts";
options.programs.custom.curlScripts.enable =
mkEnableOption "enable curl scripts";
config = mkIf cfg.enable {
environment.systemPackages = [
weatherScript
qrCodeScript
cheatSheetScript
];
environment.systemPackages =
[ weatherScript qrCodeScript cheatSheetScript ];
};
}

8
modules/programs/easytag.nix
View file

@ -8,13 +8,11 @@ let
in {
options.programs.custom.easytag.enable = mkEnableOption "install easytag with dependencies";
options.programs.custom.easytag.enable =
mkEnableOption "install easytag with dependencies";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
easytag
gnome3.dconf
];
environment.systemPackages = with pkgs; [ easytag gnome3.dconf ];
};
}

2
modules/programs/elm.nix
View file

@ -11,7 +11,7 @@ in {
options.programs.custom.elm.enable = mkEnableOption "enable elm stack";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs ; [
environment.systemPackages = with pkgs; [
elmPackages.elm
elmPackages.elm-compiler
elmPackages.elm-format

6
modules/programs/espeak.nix
View file

@ -36,11 +36,12 @@ let
in {
options.programs.custom.espeak.enable = mkEnableOption "enable espeak scripts";
options.programs.custom.espeak.enable =
mkEnableOption "enable espeak scripts";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs ; [
environment.systemPackages = with pkgs; [
espeak
en_espeak
en_read
@ -51,4 +52,3 @@ in {
};
}

32
modules/programs/ffmpeg.nix
View file

@ -4,7 +4,8 @@ let
cfg = config.programs.custom.ffmpeg;
ffmpegTemplate = name: { profile, preset, tune ? null}:
ffmpegTemplate = name:
{ profile, preset, tune ? null }:
pkgs.writeShellScriptBin "ffmpeg-${name}" ''
if [ $# -eq 0 ]
@ -64,13 +65,15 @@ let
-acodec aac \
"$output" \
-hide_banner
'';
'';
ffmpegDescriptive = profile: preset:
ffmpegTemplate "${profile}-${preset}-720p" { inherit profile preset ; };
ffmpegTemplate "${profile}-${preset}-720p" { inherit profile preset; };
ffmpegDescriptiveTune = profile: preset: tune:
ffmpegTemplate "${profile}-${preset}-${tune}-720p" { inherit profile preset tune; };
ffmpegTemplate "${profile}-${preset}-${tune}-720p" {
inherit profile preset tune;
};
# https://en.wikipedia.org/wiki/H.264/MPEG-4_AVC#Profiles
profiles = [
@ -92,21 +95,11 @@ let
#"slower"
"veryslow"
];
tunes = [
"film"
"animation"
"grain"
"stillimage"
"fastdecode"
];
tunes = [ "film" "animation" "grain" "stillimage" "fastdecode" ];
ffmpegs = lib.crossLists
ffmpegDescriptive
[ profiles presets ];
ffmpegs = lib.crossLists ffmpegDescriptive [ profiles presets ];
ffmpegsTune = lib.crossLists
ffmpegDescriptiveTune
[ profiles presets tunes ];
ffmpegsTune = lib.crossLists ffmpegDescriptiveTune [ profiles presets tunes ];
in {
@ -114,7 +107,6 @@ in {
enable = mkEnableOption "enable programs.custom.ffmpeg";
};
config = mkIf cfg.enable {
environment.systemPackages = ffmpegs ++ ffmpegsTune;
};
config =
mkIf cfg.enable { environment.systemPackages = ffmpegs ++ ffmpegsTune; };
}

5
modules/programs/git.nix
View file

@ -8,11 +8,12 @@ let
in {
options.programs.custom.git.enable = mkEnableOption "install git and all its tools";
options.programs.custom.git.enable =
mkEnableOption "install git and all its tools";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs ; [
environment.systemPackages = with pkgs; [
git
tig
git-crypt

2
modules/programs/q.nix
View file

@ -27,7 +27,7 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [
(pkgs.q.override{
(pkgs.q.override {
timeZones = cfg.timeZones;
enableIntelBacklight = cfg.enableIntelBacklight;
enableBattery = cfg.enableBattery;

101
modules/programs/shell-bash.nix
View file

@ -1,6 +1,5 @@
{ config, pkgs, lib, ... }:
let
cfg = config.programs.custom.bash;
let cfg = config.programs.custom.bash;
in {
options.programs.custom.bash.enable = lib.mkEnableOption "enable bash config";
@ -15,64 +14,66 @@ in {
# Configure Shell
# ---------------
interactiveShellInit = /* sh */ ''
# use vi shortcuts
# ----------------
set -o vi
interactiveShellInit = # sh
''
# use vi shortcuts
# ----------------
set -o vi
# Configure ls-colors
# -------------------
export LS_COLORS='rs=0:di=01;35:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;33:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35::*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'
'';
# Configure ls-colors
# -------------------
export LS_COLORS='rs=0:di=01;35:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;33:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35::*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:'
'';
# Configure Prompt
# ----------------
promptInit = /* sh */ ''
# PS1 content functions
# ---------------------
function nonzero_return() {
RETVAL=$?
[ $RETVAL -ne 0 ] && echo "[> $RETVAL <] "
}
promptInit = # sh
''
# PS1 content functions
# ---------------------
function nonzero_return() {
RETVAL=$?
[ $RETVAL -ne 0 ] && echo "[> $RETVAL <] "
}
# Provide a nice prompt
# ---------------------
case $TERM in
xterm*|rxvt*|Eterm)
# used : http://ezprompt.net/
USER_COLOR="\[\e[36m\]\u\[\e[m\]\[\e[32m\]@\[\e[m\]\[\e[36m\]\h\[\e[m\]"
CURRENT_PATH="\[\e[33m\][\[\e[m\]\[\e[33m\]\w\[\e[m\]\[\e[33m\]]\[\e[m\]"
if [[ $UID -eq 0 ]]
then
USER_COLOR="\[\e[31m\]\u\[\e[m\]\[\e[32m\]@\[\e[m\]\[\e[31m\]\h\[\e[m\]"
fi
export PS1="\[\e[31m\]\`nonzero_return\`\[\e[m\]\[\e[35m\]\A\[\e[m\] $USER_COLOR $CURRENT_PATH\[\e[31m\]\\$\[\e[m\] "
;;
screen)
export PS1="\[\e[31m\]\`nonzero_return\`\[\e[m\]\[\e[35m\]\A\[\e[m\] \[\e[36m\]\u\[\e[m\]\[\e[32m\]@\[\e[m\]\[\e[36m\]\h\[\e[m\] \[\e[33m\][\[\e[m\]\[\e[33m\]\W\[\e[m\]\[\e[33m\]]\[\e[m\]\[\e[31m\]\\$\[\e[m\] "
;;
esac
'';
# Provide a nice prompt
# ---------------------
case $TERM in
xterm*|rxvt*|Eterm)
# used : http://ezprompt.net/
USER_COLOR="\[\e[36m\]\u\[\e[m\]\[\e[32m\]@\[\e[m\]\[\e[36m\]\h\[\e[m\]"
CURRENT_PATH="\[\e[33m\][\[\e[m\]\[\e[33m\]\w\[\e[m\]\[\e[33m\]]\[\e[m\]"
if [[ $UID -eq 0 ]]
then
USER_COLOR="\[\e[31m\]\u\[\e[m\]\[\e[32m\]@\[\e[m\]\[\e[31m\]\h\[\e[m\]"
fi
export PS1="\[\e[31m\]\`nonzero_return\`\[\e[m\]\[\e[35m\]\A\[\e[m\] $USER_COLOR $CURRENT_PATH\[\e[31m\]\\$\[\e[m\] "
;;
screen)
export PS1="\[\e[31m\]\`nonzero_return\`\[\e[m\]\[\e[35m\]\A\[\e[m\] \[\e[36m\]\u\[\e[m\]\[\e[32m\]@\[\e[m\]\[\e[36m\]\h\[\e[m\] \[\e[33m\][\[\e[m\]\[\e[33m\]\W\[\e[m\]\[\e[33m\]]\[\e[m\]\[\e[31m\]\\$\[\e[m\] "
;;
esac
'';
# Shell Aliases
# -------------
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";
la = "ls -Ah";
ll = "ls -lh" ;
lt = "ls -lct --reverse";
less = "less -S";
top = "htop";
todo = "task todo";
active = "task active";
ls = "ls --color=tty";
l = "ls -CFh";
la = "ls -Ah";
ll = "ls -lh";
lt = "ls -lct --reverse";
less = "less -S";
top = "htop";
todo = "task todo";
active = "task active";
version = "date '+%Y%m%d%H%M%S'";
vclip = "xclip -selection clipboard";
df = "df -h";
vclip = "xclip -selection clipboard";
df = "df -h";
nix-search = "nix-env -qaP";
nix-list = "nix-env -qaP \"*\" --description";
nix-list-haskell = "nix-env -f \"<nixpkgs>\" -qaP -A haskellPackages";
nix-search = "nix-env -qaP";
nix-list = ''nix-env -qaP "*" --description'';
nix-list-haskell = ''nix-env -f "<nixpkgs>" -qaP -A haskellPackages'';
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
@ -83,5 +84,3 @@ in {
};
}

47
modules/programs/shell-tools.nix
View file

@ -5,39 +5,38 @@ with lib;
let
xterm-colors = pkgs.writeShellScriptBin "256-xterm-colors"
/* sh */ ''
for i in {0..255} ; do
printf "\x1b[38;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
printf "\n";
fi
done
'';
xterm-background-colors = pkgs.writeShellScriptBin "256-xterm-colors-background"
/* sh */ ''
for i in {0..255} ; do
printf "\x1b[48;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
printf "\n";
fi
done
'';
# sh
''
for i in {0..255} ; do
printf "\x1b[38;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
printf "\n";
fi
done
'';
xterm-background-colors = pkgs.writeShellScriptBin
"256-xterm-colors-background"
# sh
''
for i in {0..255} ; do
printf "\x1b[48;5;%sm%3d\e[0m " "$i" "$i"
if (( i == 15 )) || (( i > 15 )) && (( (i-15) % 6 == 0 )); then
printf "\n";
fi
done
'';
cfg = config.programs.custom.shellTools;
in {
options.programs.custom.shellTools.enable = mkEnableOption "enable shell tools";
options.programs.custom.shellTools.enable =
mkEnableOption "enable shell tools";
config = mkIf cfg.enable {
environment.systemPackages = [
xterm-colors
xterm-background-colors
];
environment.systemPackages = [ xterm-colors xterm-background-colors ];
};
}

168
modules/programs/shell-zsh.nix
View file

@ -12,7 +12,7 @@ in {
enable = mkEnableOption "enable zsh";
mainUser = mkOption {
type = with types; nullOr str;
type = with types; nullOr str;
default = null;
description = ''
the main User if available
@ -25,8 +25,8 @@ in {
programs.zsh = {
enable = true;
enableCompletion = true;
enable = true;
enableCompletion = true;
#autosuggestions.enable = true;
syntaxHighlighting.enable = true;
@ -56,26 +56,26 @@ in {
export TERM="xterm-256color"
'';
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";
la = "ls -Ah";
ll = "ls -lh" ;
lt = "ls -lct --reverse";
less = "less -S";
top = "htop";
todo = "task todo";
active = "task active";
ls = "ls --color=tty";
l = "ls -CFh";
la = "ls -Ah";
ll = "ls -lh";
lt = "ls -lct --reverse";
less = "less -S";
top = "htop";
todo = "task todo";
active = "task active";
version = "date '+%Y%m%d%H%M%S'";
vclip = "xclip -selection clipboard";
df = "df -h";
vclip = "xclip -selection clipboard";
df = "df -h";
timestamp = "date +%Y%m%d%H%M%S";
nix-search = "nix-env -qaP";
nix-list = "nix-env -qaP \"*\" --description";
nix-list-haskell = "nix-env -f \"<nixpkgs>\" -qaP -A haskellPackages";
nix-list-node = "nix-env -f \"<nixpkgs>\" -qaP -A nodePackages";
nix-list-beam = "nix-env -f \"<nixpkgs>\" -qaP -A beamPackages";
nix-search = "nix-env -qaP";
nix-list = ''nix-env -qaP "*" --description'';
nix-list-haskell = ''nix-env -f "<nixpkgs>" -qaP -A haskellPackages'';
nix-list-node = ''nix-env -f "<nixpkgs>" -qaP -A nodePackages'';
nix-list-beam = ''nix-env -f "<nixpkgs>" -qaP -A beamPackages'';
# nix-find = "clear ; ${pkgs.nix-index}/bin/nix-locate -1 -w";
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
@ -90,90 +90,88 @@ in {
# only used to make quick config changes
# --------------------------------------
environment.etc."zshcustom/mainuser.zsh".source =
pkgs.writeText "mainuser-zsh" (
if ( cfg.mainUser != null )
then
''
source ${config.users.users.mainUser.home}/.zshrc
''
else '' # programs.custom.zsh.mainUser not set '' );
pkgs.writeText "mainuser-zsh" (if (cfg.mainUser != null) then ''
source ${config.users.users.mainUser.home}/.zshrc
'' else
"# programs.custom.zsh.mainUser not set ");
# Theme
# -----
# make sure powerline-fonts is set in `fonts.fonts`
environment.etc."zshcustom/themes/powerlevel9k".source = pkgs.fetchFromGitHub {
owner = "bhilburn";
repo = "powerlevel9k";
rev = "v0.6.4";
sha256 = "104wvlni3rilpw9v1dk848lnw8cm8qxl64xs70j04ly4s959dyb5";
};
environment.etc."zshcustom/powerlevel9kpatch.zsh".source = pkgs.writeText "powerlevel9kpatch.zsh" ''
environment.etc."zshcustom/themes/powerlevel9k".source =
pkgs.fetchFromGitHub {
owner = "bhilburn";
repo = "powerlevel9k";
rev = "v0.6.4";
sha256 = "104wvlni3rilpw9v1dk848lnw8cm8qxl64xs70j04ly4s959dyb5";
};
environment.etc."zshcustom/powerlevel9kpatch.zsh".source =
pkgs.writeText "powerlevel9kpatch.zsh" ''
# this shows all the colors which are available
# ---------------------------------------------
# for code ({000..255}) print -P -- "$code: %F{$code}This is how your text would look like%f"
# this shows all the colors which are available
# ---------------------------------------------
# for code ({000..255}) print -P -- "$code: %F{$code}This is how your text would look like%f"
# prompt elements
# ---------------
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vi_mode context dir vcs custom_jail background_jobs time status)
POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=()
# prompt elements
# ---------------
POWERLEVEL9K_LEFT_PROMPT_ELEMENTS=(vi_mode context dir vcs custom_jail background_jobs time status)
POWERLEVEL9K_RIGHT_PROMPT_ELEMENTS=()
# vi mode
# -------
POWERLEVEL9K_VI_MODE_INSERT_FOREGROUND="black"
POWERLEVEL9K_VI_MODE_INSERT_BACKGROUND="blue"
POWERLEVEL9K_VI_MODE_NORMAL_FOREGROUND="black"
POWERLEVEL9K_VI_MODE_NORMAL_BACKGROUND="yellow"
# vi mode
# -------
POWERLEVEL9K_VI_MODE_INSERT_FOREGROUND="black"
POWERLEVEL9K_VI_MODE_INSERT_BACKGROUND="blue"
POWERLEVEL9K_VI_MODE_NORMAL_FOREGROUND="black"
POWERLEVEL9K_VI_MODE_NORMAL_BACKGROUND="yellow"
# context
# -------
POWERLEVEL9K_CONTEXT_DEFAULT_FOREGROUND="green"
POWERLEVEL9K_CONTEXT_DEFAULT_BACKGROUND="008"
POWERLEVEL9K_CONTEXT_ROOT_FOREGROUND="008"
POWERLEVEL9K_CONTEXT_ROOT_BACKGROUND="red"
POWERLEVEL9K_CONTEXT_REMOTE_FOREGROUND="008"
POWERLEVEL9K_CONTEXT_REMOTE_BACKGROUND="red"
# context
# -------
POWERLEVEL9K_CONTEXT_DEFAULT_FOREGROUND="green"
POWERLEVEL9K_CONTEXT_DEFAULT_BACKGROUND="008"
POWERLEVEL9K_CONTEXT_ROOT_FOREGROUND="008"
POWERLEVEL9K_CONTEXT_ROOT_BACKGROUND="red"
POWERLEVEL9K_CONTEXT_REMOTE_FOREGROUND="008"
POWERLEVEL9K_CONTEXT_REMOTE_BACKGROUND="red"
# dir
# ---
POWERLEVEL9K_DIR_HOME_FOREGROUND="black"
POWERLEVEL9K_DIR_HOME_BACKGROUND="yellow"
POWERLEVEL9K_DIR_HOME_SUBFOLDER_FOREGROUND="black"
POWERLEVEL9K_DIR_HOME_SUBFOLDER_BACKGROUND="yellow"
POWERLEVEL9K_DIR_DEFAULT_FOREGROUND="black"
POWERLEVEL9K_DIR_DEFAULT_BACKGROUND="green"
# dir
# ---
POWERLEVEL9K_DIR_HOME_FOREGROUND="black"
POWERLEVEL9K_DIR_HOME_BACKGROUND="yellow"
POWERLEVEL9K_DIR_HOME_SUBFOLDER_FOREGROUND="black"
POWERLEVEL9K_DIR_HOME_SUBFOLDER_BACKGROUND="yellow"
POWERLEVEL9K_DIR_DEFAULT_FOREGROUND="black"
POWERLEVEL9K_DIR_DEFAULT_BACKGROUND="green"
# root_indicator
# --------------
POWERLEVEL9K_ROOT_ICON="#"
POWERLEVEL9K_ROOT_INDICATOR_FOREGROUND="black"
POWERLEVEL9K_ROOT_INDICATOR_BACKGROUND="red"
# root_indicator
# --------------
POWERLEVEL9K_ROOT_ICON="#"
POWERLEVEL9K_ROOT_INDICATOR_FOREGROUND="black"
POWERLEVEL9K_ROOT_INDICATOR_BACKGROUND="red"
# background_jobs
# ---------------
POWERLEVEL9K_BACKGROUND_JOBS_ICON=""
# background_jobs
# ---------------
POWERLEVEL9K_BACKGROUND_JOBS_ICON=""
# status
# ------
POWERLEVEL9K_STATUS_OK_BACKGROUND="008"
POWERLEVEL9K_STATUS_ERROR_BACKGROUND="008"
# status
# ------
POWERLEVEL9K_STATUS_OK_BACKGROUND="008"
POWERLEVEL9K_STATUS_ERROR_BACKGROUND="008"
# time
# ----
POWERLEVEL9K_TIME_FOREGROUND="008"
POWERLEVEL9K_TIME_BACKGROUND="006"
# time
# ----
POWERLEVEL9K_TIME_FOREGROUND="008"
POWERLEVEL9K_TIME_BACKGROUND="006"
# jail indicator
# --------------
POWERLEVEL9K_CUSTOM_JAIL="[ -z $JAIL ] || echo $JAIL"
POWERLEVEL9K_CUSTOM_JAIL_BACKGROUND="red"
POWERLEVEL9K_CUSTOM_JAIL_FOREGROUND="black"
# jail indicator
# --------------
POWERLEVEL9K_CUSTOM_JAIL="[ -z $JAIL ] || echo $JAIL"
POWERLEVEL9K_CUSTOM_JAIL_BACKGROUND="red"
POWERLEVEL9K_CUSTOM_JAIL_FOREGROUND="black"
'';
'';
};
}

145
modules/programs/slack.nix
View file

@ -14,72 +14,64 @@ let
# ---------------------------
command = "${pkgs.slack}/bin/slack";
desktopFile =
let
name = program;
comment = "Chat Programm";
in
pkgs.writeTextFile {
name = "${name}.desktop" ;
destination = "/share/applications/${name}.desktop";
text = ''
[Desktop Entry]
Categories=Application;Utility;
Comment=${comment}
Encoding=UTF-8
Exec=${bin}/bin/${name}
Icon=gnome-lockscreen
Name=${name}
Terminal=false
Type=Application
'';
};
desktopFile = let
name = program;
comment = "Chat Programm";
in pkgs.writeTextFile {
name = "${name}.desktop";
destination = "/share/applications/${name}.desktop";
text = ''
[Desktop Entry]
Categories=Application;Utility;
Comment=${comment}
Encoding=UTF-8
Exec=${bin}/bin/${name}
Icon=gnome-lockscreen
Name=${name}
Terminal=false
Type=Application
'';
};
# the script
# ----------
bin =
let
backupFile = "${cfg.homeBackup}.tar.lzma";
rolloutFile = "${cfg.home}.tar.lzma";
lockFile = "${cfg.home}-lock";
in
pkgs.writeShellScriptBin "${program}" ''
# set -x
if [[ ! -e ${lockFile} ]]
then
# rollout backup
if [[ -e ${backupFile} ]]
then
cp ${backupFile} ${rolloutFile}
sudo -u ${program} ${tarBin} xf ${rolloutFile} --directory ${cfg.home}
rm ${rolloutFile}
touch ${lockFile}
fi
fi
bin = let
backupFile = "${cfg.homeBackup}.tar.lzma";
rolloutFile = "${cfg.home}.tar.lzma";
lockFile = "${cfg.home}-lock";
in pkgs.writeShellScriptBin "${program}" ''
# set -x
if [[ ! -e ${lockFile} ]]
then
# rollout backup
if [[ -e ${backupFile} ]]
then
cp ${backupFile} ${rolloutFile}
sudo -u ${program} ${tarBin} xf ${rolloutFile} --directory ${cfg.home}
rm ${rolloutFile}
touch ${lockFile}
fi
fi
sudo -u ${program} ${command}
'';
sudo -u ${program} ${command}
'';
backupScript = pkgs.writeShellScriptBin "${program}-backup" ''
sudo -u ${program} \
${tarBin} \
--exclude=.cache \
--exclude=".config/**/*Cache*" \
--exclude-cache-all \
--exclude=Downloads \
--create \
--verbos \
--lzma \
--file ${cfg.home}.tar.lzma \
--directory ${cfg.home} \
.
backupScript =
pkgs.writeShellScriptBin "${program}-backup" ''
sudo -u ${program} \
${tarBin} \
--exclude=.cache \
--exclude=".config/**/*Cache*" \
--exclude-cache-all \
--exclude=Downloads \
--create \
--verbos \
--lzma \
--file ${cfg.home}.tar.lzma \
--directory ${cfg.home} \
.
cp ${cfg.home}.tar.lzma ${cfg.homeBackup}.tar.lzma
'';
cp ${cfg.home}.tar.lzma ${cfg.homeBackup}.tar.lzma
'';
cfg = config.programs.custom.slack;
@ -89,7 +81,7 @@ in {
enable = mkEnableOption "install slack";
homeBackup = mkOption {
type = with types; nullOr string;
type = with types; nullOr string;
description = ''
folder where to backup
'';
@ -97,7 +89,7 @@ in {
# todo : make sure the folder /home/sudoers belongs to mainUser
home = mkOption {
type = with types; string;
type = with types; string;
default = "/home/sudoers/slack";
description = ''
home folder of this
@ -108,28 +100,23 @@ in {
config = mkIf cfg.enable {
security.sudo.extraConfig =
''
${config.users.users.mainUser.name} ALL=(${program}) NOPASSWD: ALL
'';
security.sudo.extraConfig = ''
${config.users.users.mainUser.name} ALL=(${program}) NOPASSWD: ALL
'';
# create users
users.users."${program}" = {
home = cfg.home;
createHome = true;
# initialPassword = "${program}";
shell = pkgs.bashInteractive;
isNormalUser = true;
group = "users";
# enable video usage
extraGroups = [ "video" "audio" ];
home = cfg.home;
createHome = true;
# initialPassword = "${program}";
shell = pkgs.bashInteractive;
isNormalUser = true;
group = "users";
# enable video usage
extraGroups = [ "video" "audio" ];
};
environment.systemPackages = [
bin
backupScript
desktopFile
];
environment.systemPackages = [ bin backupScript desktopFile ];
};
}

6
modules/programs/steam.nix
View file

@ -29,9 +29,9 @@ in {
users.users.steam = {
isNormalUser = true;
home = "/home/steam";
createHome = true;
extraGroups = [ "audio" "input" "video" ];
home = "/home/steam";
createHome = true;
extraGroups = [ "audio" "input" "video" ];
};
# for steam

25
modules/programs/taskwarrior.nix
View file

@ -6,21 +6,24 @@ let
cfg = config.programs.custom.taskwarrior;
taskNextWeek = pkgs.writeShellScriptBin "taskweek" /* sh */ ''
${pkgs.taskwarrior}/bin/task \
export \
status:pending and \( due.before:6days \) \
| ${pkgs.jq}/bin/jq '[.[] | { Day: .due, ID: .id, Description: .description } ] | sort_by(.Day)' \
| ${pkgs.miller}/bin/mlr --ijson --opprint put "\$Day = strftime(strptime(\$Day,\"%Y%m%dT%H%M%SZ\")$(date +%z)00,\"%A\")"
'';
taskNextWeek = pkgs.writeShellScriptBin "taskweek" # sh
''
${pkgs.taskwarrior}/bin/task \
export \
status:pending and \( due.before:6days \) \
| ${pkgs.jq}/bin/jq '[.[] | { Day: .due, ID: .id, Description: .description } ] | sort_by(.Day)' \
| ${pkgs.miller}/bin/mlr --ijson --opprint put "\$Day = strftime(strptime(\$Day,\"%Y%m%dT%H%M%SZ\")$(date +%z)00,\"%A\")"
'';
tsak = pkgs.writeShellScriptBin "tsak" /* sh */ ''
${pkgs.taskwarrior}/bin/task "$@"
'';
tsak = pkgs.writeShellScriptBin "tsak" # sh
''
${pkgs.taskwarrior}/bin/task "$@"
'';
in {
options.programs.custom.taskwarrior.enable = mkEnableOption "Enable Taskwarrior services";
options.programs.custom.taskwarrior.enable =
mkEnableOption "Enable Taskwarrior services";
config = mkIf cfg.enable {

89
modules/programs/urxvt.nix
View file

@ -13,15 +13,15 @@ in {
enable = mkEnableOption "configure and enable urxvt";
fontSize = mkOption {
type = types.int;
default = 17;
type = types.int;
default = 17;
description = ''
size of the terminal font
'';
};
colorTheme = mkOption {
type = types.enum[ "dark" "light" ];
type = types.enum [ "dark" "light" ];
default = "dark";
description = ''
solarized color theme
@ -64,31 +64,44 @@ in {
'';
"X11/Xresource.d/urxvt-font".source = let
fontFamily = "terminus";
normalFont = fontSize: "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize: "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont;
itallicBoldFont = boldFont;
backupFont = fontSize: "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
fontFamily = "terminus";
normalFont = fontSize:
"-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize:
"-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont;
itallicBoldFont = boldFont;
backupFont = fontSize:
"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
fontCommand = key: fontSize: ''
URxvt.keysym.M-${key}: command:\033]710;${normalFont fontSize},${backupFont fontSize}\007\033]711;${boldFont fontSize},${backupFont fontSize}\007
'';
fontCommand = key: fontSize: ''
URxvt.keysym.M-${key}: command:\033]710;${normalFont fontSize},${
backupFont fontSize
}\007\033]711;${boldFont fontSize},${backupFont fontSize}\007
'';
in pkgs.writeText "Xresource-urxvt-font" ''
in pkgs.writeText "Xresource-urxvt-font" ''
URxvt.allow_bold: true
URxvt.xftAntialias: true
!! use xfontsel or fontmatrix to choose line
!URxvt.font: ${normalFont cfg.fontSize},${backupFont cfg.fontSize}
!URxvt.boldFont: ${boldFont cfg.fontSize},${backupFont cfg.fontSize}
!URxvt.italicFont: ${italicFont cfg.fontSize},${backupFont cfg.fontSize}
!URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize},${backupFont cfg.fontSize}
!URxvt.font: ${normalFont cfg.fontSize},${
backupFont cfg.fontSize
}
!URxvt.boldFont: ${boldFont cfg.fontSize},${
backupFont cfg.fontSize
}
!URxvt.italicFont: ${italicFont cfg.fontSize},${
backupFont cfg.fontSize
}
!URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize},${
backupFont cfg.fontSize
}
URxvt.font: ${normalFont cfg.fontSize}
URxvt.boldFont: ${boldFont cfg.fontSize}
URxvt.italicFont: ${italicFont cfg.fontSize}
URxvt.font: ${normalFont cfg.fontSize}
URxvt.boldFont: ${boldFont cfg.fontSize}
URxvt.italicFont: ${italicFont cfg.fontSize}
URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize}
${fontCommand "F1" cfg.fontSize}
@ -97,26 +110,25 @@ in {
${fontCommand "F4" (cfg.fontSize + 20)}
'';
"X11/Xresource.d/urxvt-colors".source =
let
"X11/Xresource.d/urxvt-colors".source = let
colorTheme = if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
#define S_base00 #657b83
#define S_base0 #839496
#define S_base1 #93a1a1
#define S_base2 #eee8d5
#define S_base3 #fdf6e3
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
#define S_base00 #657b83
#define S_base0 #839496
#define S_base1 #93a1a1
#define S_base2 #eee8d5
#define S_base3 #fdf6e3
'' else ''
#define S_base03 #fdf6e3
#define S_base02 #eee8d5
#define S_base01 #93a1a1
#define S_base00 #839496
#define S_base0 #657b83
#define S_base1 #586e75
#define S_base2 #073642
#define S_base3 #002b36
#define S_base03 #fdf6e3
#define S_base02 #eee8d5
#define S_base01 #93a1a1
#define S_base00 #839496
#define S_base0 #657b83
#define S_base1 #586e75
#define S_base2 #073642
#define S_base3 #002b36
'';
in pkgs.writeText "Xresource-urxvt-colors" ''
@ -166,4 +178,3 @@ in {
};
}

555
modules/programs/vim.nix
View file

@ -5,313 +5,314 @@ let
cfg = config.programs.custom.vim;
nix-xptemplates = pkgs.writeTextFile {
name = "nix-xptemplates";
name = "nix-xptemplates";
destination = "/ftplugin/nix/nix.xpt.vim";
text = /* vim */ ''
XPTemplate priority=personal
text = # vim
''
XPTemplate priority=personal
XPT option " tips
`name^ = mkOption {
type = with types; `type^;
description = ${"''"}
`cursor^
${"''"};
};
XPT option " tips
`name^ = mkOption {
type = with types; `type^;
description = ${"''"}
`cursor^
${"''"};
};
XPT package " tips
{ config, lib, ... }:
{
`cursor^
}
XPT package " tips
{ config, lib, ... }:
{
`cursor^
}
XPT terranix" tips
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.`name^;
in {
XPT terranix" tips
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.`name^;
in {
options.`name^ = mkOption {
default = {};
type = with types; attrsOf (submodule ({ name, ... }:{
options = {
enable = mkEnableOption "`name^.name";
};
}));
options.`name^ = mkOption {
default = {};
type = with types; attrsOf (submodule ({ name, ... }:{
options = {
enable = mkEnableOption "`name^.name";
};
}));
};
config =
let
allConfigs = cfg
in
mkIf (cfg != {} ){
`cursor^
};
}
XPT module " tips
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.`name^;
in {
options.`name^ = {
enable = mkEnableOption "enable `name^";
};
config = mkIf cfg.enable {
`cursor^
};
}
XPT shell " tips
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
# needed pkgs
# -----------
buildInputs = with pkgs; [
`name^
];
# run this on start
# -----------------
shellHook = ${"''"}
HISTFILE=${"$"}{toString ./.}/.history
${"''"};
}
XPT fhsUser " tips
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv {
name = "fhs-user-env";
targetPkgs = pkgs: with pkgs; [
# core stuff
# ----------
vim silver-searcher curl coreutils git tig
# common X dependencies
# ---------------------
atk cairo dbus eudev expat fontconfig freetype gdk_pixbuf glib gnome3.GConf gtk2-x11
mesa_glu nspr nss pango xlibs.libXScrnSaver xlibs.libXcomposite xlibs.libXcursor
xlibs.libXdamage xlibs.libXfixes xlibs.libXi xlibs.libXrender xlibs.libXtst xorg.libX11
xorg.libXext xorg.libXinerama xorg.libxcb
liblo zlib fftw minixml libcxx alsaLib glibc
# new stuff
# ---------
`cursor^
];
# multilib packages
# -----------------
# these are packages compiled 32bit and 64bit
multiPkgs = pkgs: with pkgs; [
];
# environment variables
# ---------------------
profile = ${"''"}
export TERM="xterm"
${"''"};
}).env
'';
};
config =
let
allConfigs = cfg
in
mkIf (cfg != {} ){
`cursor^
};
}
XPT module " tips
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.`name^;
in {
options.`name^ = {
enable = mkEnableOption "enable `name^";
};
config = mkIf cfg.enable {
`cursor^
};
}
XPT shell " tips
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
# needed pkgs
# -----------
buildInputs = with pkgs; [
`name^
];
# run this on start
# -----------------
shellHook = ${"''"}
HISTFILE=${"$"}{toString ./.}/.history
${"''"};
}
XPT fhsUser " tips
{ pkgs ? import <nixpkgs> {} }:
(pkgs.buildFHSUserEnv {
name = "fhs-user-env";
targetPkgs = pkgs: with pkgs; [
# core stuff
# ----------
vim silver-searcher curl coreutils git tig
# common X dependencies
# ---------------------
atk cairo dbus eudev expat fontconfig freetype gdk_pixbuf glib gnome3.GConf gtk2-x11
mesa_glu nspr nss pango xlibs.libXScrnSaver xlibs.libXcomposite xlibs.libXcursor
xlibs.libXdamage xlibs.libXfixes xlibs.libXi xlibs.libXrender xlibs.libXtst xorg.libX11
xorg.libXext xorg.libXinerama xorg.libxcb
liblo zlib fftw minixml libcxx alsaLib glibc
# new stuff
# ---------
`cursor^
];
# multilib packages
# -----------------
# these are packages compiled 32bit and 64bit
multiPkgs = pkgs: with pkgs; [
];
# environment variables
# ---------------------
profile = ${"''"}
export TERM="xterm"
${"''"};
}).env
'';
};
vim-tv-plugin = with lib;
((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
"/syntax/haskell.vim".text = /* vim */ ''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
"/syntax/haskell.vim".text = # vim
''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
"/syntax/nix.vim".text = /* vim */ ''
"" Quit when a (custom) syntax file was already loaded
"if exists("b:current_syntax")
" finish
"endif
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
"/syntax/nix.vim".text = # vim
''
"" Quit when a (custom) syntax file was already loaded
"if exists("b:current_syntax")
" finish
"endif
"setf nix
"setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (name: {
extraStart ? null,
lang ? name
}:
let
startAlts = filter isString [
''/\* ${name} \*/''
extraStart
];
sigil = ''\(${concatStringsSep ''\|'' startAlts}\)[ \t\r\n]*'';
in /* vim */ ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
if exists("b:current_syntax")
unlet b:current_syntax
endif
syn match nix_${lang}_sigil
\ X${replaceStrings ["X"] ["\\X"] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (name:
{ extraStart ? null, lang ? name }:
let
startAlts = filter isString [ "/\\* ${name} \\*/" extraStart ];
sigil = "\\(${concatStringsSep "\\|" startAlts}\\)[ \\t\\r\\n]*";
# vim
in ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
if exists("b:current_syntax")
unlet b:current_syntax
endif
syn match nix_${lang}_sigil
\ X${replaceStrings [ "X" ] [ "\\X" ] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
" This is required because containedin isn't transitive.
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = { };
cabal = { };
diff = { };
haskell = { };
python = { };
lua = { };
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep "\\|" [
''
write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
"[a-z]*Phase[ \\t\\r\\n]*="
];
yaml = { };
vim.extraStart = ''
write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
xdefaults = { };
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
syn match NixQuote /'''\($\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
" This is required because containedin isn't transitive.
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = {};
cabal = {};
diff = {};
haskell = {};
python = {};
lua = {};
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep ''\|'' [
''write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
''[a-z]*Phase[ \t\r\n]*=''
];
yaml = {};
vim.extraStart =
''write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
xdefaults = {};
})}
syn match NixQuote /'''\('\|\\.\)/he=s+1
\ containedin=@nix_ind_strings
\ contained
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn sync fromstart
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
let b:current_syntax = "nix"
syn match NixQuote /'''\(''$\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /'''\('\|\\.\)/he=s+1
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
'';
"/syntax/sed.vim".text = /* vim */ ''
syn region sedBranch
\ matchgroup=sedFunction start="T"
\ matchgroup=sedSemicolon end=";\|$"
\ contains=sedWhitespace
'';
set isk=@,48-57,_,192-255,-,'
'';
"/syntax/sed.vim".text = # vim
''
syn region sedBranch
\ matchgroup=sedFunction start="T"
\ matchgroup=sedSemicolon end=";\|$"
\ contains=sedWhitespace
'';
}));
# active plugins
# --------------
extra-runtimepath = with pkgs; lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [
vimPlugins.Syntastic
vimPlugins.ack-vim
vimPlugins.airline
vimPlugins.vim-nix
vimPlugins.xptemplate
vim-tv-plugin
];
extra-runtimepath = with pkgs;
lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [
vimPlugins.Syntastic
vimPlugins.ack-vim
vimPlugins.airline
vimPlugins.vim-nix
vimPlugins.xptemplate
vim-tv-plugin
];
# the vimrc
# ---------
@ -392,9 +393,7 @@ in {
# install vim
# -----------
environment.systemPackages = [
pkgs.vim
];
environment.systemPackages = [ pkgs.vim ];
};
}

205
modules/programs/xterm.nix
View file

@ -8,17 +8,17 @@ let
in {
options.programs.custom.xterm= {
options.programs.custom.xterm = {
enable = mkEnableOption "configure and enable urxvt";
fontSize = mkOption {
type = types.int;
default = 17;
type = types.int;
default = 17;
description = ''
size of the terminal font
'';
};
colorTheme = mkOption {
type = types.enum[ "dark" "light" ];
type = types.enum [ "dark" "light" ];
default = "dark";
description = ''
solarized color theme
@ -32,113 +32,120 @@ in {
environment.etc = {
"X11/Xresource.d/xterm".source = pkgs.writeText "Xresource-xterm" ''
"X11/Xresource.d/xterm".source = pkgs.writeText "Xresource-xterm" ''
XTerm*termName: xterm-256color
XTerm*selectToClipboard: true
XTerm*termName: xterm-256color
XTerm*selectToClipboard: true
XTerm.*.bellIsUrgent: true
XTerm.*.bellIsUrgent: true
'';
"X11/Xresource.d/xterm-font".source = let
fontFamily = "terminus";
normalFont = fontSize: "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize: "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont;
itallicBoldFont = boldFont;
backupFont = fontSize: "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
in pkgs.writeText "Xresource-xterm-font" ''
XTerm.allow_bold: true
XTerm.xftAntialias: true
!! use xfontsel or fontmatrix to choose line
!XTerm.*.font: ${normalFont cfg.fontSize},${backupFont cfg.fontSize}
!XTerm.*.boldFont: ${boldFont cfg.fontSize},${backupFont cfg.fontSize}
!XTerm.*.italicFont: ${italicFont cfg.fontSize},${backupFont cfg.fontSize}
!XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize},${backupFont cfg.fontSize}
XTerm.*.font: ${normalFont cfg.fontSize}
XTerm.*.boldFont: ${boldFont cfg.fontSize}
XTerm.*.italicFont: ${italicFont cfg.fontSize}
XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize}
'';
"X11/Xresource.d/xterm-colors".source =
let
colorTheme = if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
#define S_base00 #657b83
#define S_base0 #839496
#define S_base1 #93a1a1
#define S_base2 #eee8d5
#define S_base3 #fdf6e3
''
else ''
#define S_base03 #fdf6e3
#define S_base02 #eee8d5
#define S_base01 #93a1a1
#define S_base00 #839496
#define S_base0 #657b83
#define S_base1 #586e75
#define S_base2 #073642
#define S_base3 #002b36
'';
in pkgs.writeText "Xresource-xterm-colors" ''
"X11/Xresource.d/xterm-font".source = let
fontFamily = "terminus";
normalFont = fontSize:
"-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize:
"-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont;
itallicBoldFont = boldFont;
backupFont = fontSize:
"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
in pkgs.writeText "Xresource-xterm-font" ''
!! Color Configuration
!! -------------------
XTerm.allow_bold: true
XTerm.xftAntialias: true
!! Common
!! ------
#define S_yellow #b58900
#define S_orange #cb4b16
#define S_red #dc322f
#define S_magenta #d33682
#define S_violet #6c71c4
#define S_blue #268bd2
#define S_cyan #2aa198
#define S_green #859900
!! use xfontsel or fontmatrix to choose line
!XTerm.*.font: ${normalFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.boldFont: ${boldFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.italicFont: ${italicFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize},${
backupFont cfg.fontSize
}
!! ColorTheme
!! ----------
${colorTheme}
XTerm.*.font: ${normalFont cfg.fontSize}
XTerm.*.boldFont: ${boldFont cfg.fontSize}
XTerm.*.italicFont: ${italicFont cfg.fontSize}
XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize}
'';
XTerm*background: S_base03
XTerm*foreground: S_base0
XTerm*fading: 40
XTerm*fadeColor: S_base03
XTerm*cursorColor: S_base1
XTerm*pointerColorBackground: S_base01
XTerm*pointerColorForeground: S_base1
"X11/Xresource.d/xterm-colors".source = let
colorTheme = if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
#define S_base00 #657b83
#define S_base0 #839496
#define S_base1 #93a1a1
#define S_base2 #eee8d5
#define S_base3 #fdf6e3
XTerm*color0: S_base02
XTerm*color1: S_red
XTerm*color2: S_green
XTerm*color3: S_yellow
XTerm*color4: S_blue
XTerm*color5: S_magenta
XTerm*color6: S_cyan
XTerm*color7: S_base2
XTerm*color9: S_orange
XTerm*color8: S_base03
XTerm*color10: S_base01
XTerm*color11: S_base00
XTerm*color12: S_base0
XTerm*color13: S_violet
XTerm*color14: S_base1
XTerm*color15: S_base3
'';
'' else ''
#define S_base03 #fdf6e3
#define S_base02 #eee8d5
#define S_base01 #93a1a1
#define S_base00 #839496
#define S_base0 #657b83
#define S_base1 #586e75
#define S_base2 #073642
#define S_base3 #002b36
'';
};
in pkgs.writeText "Xresource-xterm-colors" ''
!! Color Configuration
!! -------------------
!! Common
!! ------
#define S_yellow #b58900
#define S_orange #cb4b16
#define S_red #dc322f
#define S_magenta #d33682
#define S_violet #6c71c4
#define S_blue #268bd2
#define S_cyan #2aa198
#define S_green #859900
!! ColorTheme
!! ----------
${colorTheme}
XTerm*background: S_base03
XTerm*foreground: S_base0
XTerm*fading: 40
XTerm*fadeColor: S_base03
XTerm*cursorColor: S_base1
XTerm*pointerColorBackground: S_base01
XTerm*pointerColorForeground: S_base1
XTerm*color0: S_base02
XTerm*color1: S_red
XTerm*color2: S_green
XTerm*color3: S_yellow
XTerm*color4: S_blue
XTerm*color5: S_magenta
XTerm*color6: S_cyan
XTerm*color7: S_base2
XTerm*color9: S_orange
XTerm*color8: S_base03
XTerm*color10: S_base01
XTerm*color11: S_base00
XTerm*color12: S_base0
XTerm*color13: S_violet
XTerm*color14: S_base1
XTerm*color15: S_base3
'';
};
};
}

79
modules/services/castget.nix
View file

@ -11,47 +11,46 @@ in {
options.custom.services.castget = {
enable = mkEnableOption "enable custom.services.castget";
feeds = mkOption {
type = with types; attrsOf (submodule {
options = {
url = mkOption {
type = with types; str;
description = ''
url to the rss feed
'';
type = with types;
attrsOf (submodule {
options = {
url = mkOption {
type = with types; str;
description = ''
url to the rss feed
'';
};
spool = mkOption {
type = with types; path;
description = ''
download enclosures to this directory.
'';
};
};
spool = mkOption {
type = with types; path;
description = ''
download enclosures to this directory.
'';
};
};
});
});
description = ''
configurations for the cast
'';
};
user = mkOption {
type = with types; string;
type = with types; string;
description = ''
user to run the systemd service as
'';
};
timerConfig = mkOption {
type = with types; attrsOf str;
default = {
OnCalendar = "daily";
};
default = { OnCalendar = "daily"; };
example = {
OnCalendar = "00:05";
RandomizedDelaySec = "5h";
};
description = ''
When to run the polling script. See man systemd.timer for details.
'';
'';
};
serviceName = mkOption {
type = with types; string;
type = with types; string;
default = "castget";
description = ''
the name of the castget systemd service
@ -68,27 +67,25 @@ in {
restartIfChanged = false;
serviceConfig.User = cfg.user;
preStart =
let
mkSpools = mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds;
in
concatStringsSep "\n" mkSpools;
script =
let
channels = mapAttrsToList (key: ignore: key) cfg.feeds;
castget = "${pkgs.castget}/bin/castget";
preStart = let
mkSpools =
mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds;
in concatStringsSep "\n" mkSpools;
script = let
channels = mapAttrsToList (key: ignore: key) cfg.feeds;
castget = "${pkgs.castget}/bin/castget";
configurationFile =
let
configurations = mapAttrsToList (key: value: ''
[${key}]
url=${value.url}
spool=${value.spool}
'') cfg.feeds;
in
(pkgs.writeText "castget-configuration" (concatStringsSep "" configurations));
in
(concatMapStringsSep "\n" (channel: "${castget} --rcfile ${configurationFile} ${channel}") channels);
configurationFile = let
configurations = mapAttrsToList (key: value: ''
[${key}]
url=${value.url}
spool=${value.spool}
'') cfg.feeds;
in (pkgs.writeText "castget-configuration"
(concatStringsSep "" configurations));
in (concatMapStringsSep "\n"
(channel: "${castget} --rcfile ${configurationFile} ${channel}")
channels);
};
systemd.timers."${cfg.serviceName}" = {

490
modules/services/home-assistant.nix
View file

@ -10,265 +10,271 @@ in {
options.services.homeAssistantConfig = mkOption {
default = null;
type = with types; nullOr (submodule { options = {
group = mkOption {
default = null;
example = { schlafzimmer = { view = false; entities = [ "switch.pal01" ]; }; };
type = with types; nullOr (attrsOf ( submodule {
options = {
name = mkOption {
default = null;
type = with types; nullOr str;
description = ''
(string)(Optional)Name of the group.
'';
};
view = mkOption {
default = false;
type = with types; bool;
description = ''
(boolean)(Optional)If yes then the entry will be shown as a view (tab) at the top. Groups that are set to view: true cannot be used as entities in other views.
'';
};
icon = mkOption {
default = null;
type = with types; nullOr str;
description = ''
(string)(Optional)If the group is a view, this icon will show at the top in the frontend instead of the name. If the group is a view and both name and icon have been specified, the icon will appear at the top of the frontend and the name will be displayed as the mouse-over text. If its not a view, then the icon shows when this group is used in another group.
'';
};
control = mkOption {
default = null;
type = with types; nullOr str;
description = ''
(string)(Optional)Set value to hidden. If hidden then the group switch will be hidden.
'';
};
entities = mkOption {
type = with types; listOf str;
description = ''
(list)(Required)Array or comma delimited string, list of entities to group.
'';
};
all = mkOption {
default = true;
type = with types; bool;
description = ''
(boolean)(Optional)Set this to true if the group state should only turn on if all grouped entities are on.
'';
};
};
}));
};
homeassistant = mkOption {
type = with types; (submodule { options = {
name = mkOption {
default = "Home";
type = with types; str;
};
time_zone = mkOption {
default = config.time.timeZone;
type = with types; str;
};
latitude = mkOption {
default = 52.464031;
type = with types; float;
};
longitude = mkOption {
default = 13.381925;
type = with types; float;
};
elevation = mkOption {
default = 34;
type = with types; int;
};
unit_system = mkOption {
default = "metric";
type = with types; str;
};
whitelist_external_dirs = mkOption {
type = with types;
nullOr (submodule {
options = {
group = mkOption {
default = null;
type = with types; nullOr (listOf str);
example = {
schlafzimmer = {
view = false;
entities = [ "switch.pal01" ];
};
};
type = with types;
nullOr (attrsOf (submodule {
options = {
name = mkOption {
default = null;
type = with types; nullOr str;
description = ''
(string)(Optional)Name of the group.
'';
};
view = mkOption {
default = false;
type = with types; bool;
description = ''
(boolean)(Optional)If yes then the entry will be shown as a view (tab) at the top. Groups that are set to view: true cannot be used as entities in other views.
'';
};
icon = mkOption {
default = null;
type = with types; nullOr str;
description = ''
(string)(Optional)If the group is a view, this icon will show at the top in the frontend instead of the name. If the group is a view and both name and icon have been specified, the icon will appear at the top of the frontend and the name will be displayed as the mouse-over text. If its not a view, then the icon shows when this group is used in another group.
'';
};
control = mkOption {
default = null;
type = with types; nullOr str;
description = ''
(string)(Optional)Set value to hidden. If hidden then the group switch will be hidden.
'';
};
entities = mkOption {
type = with types; listOf str;
description = ''
(list)(Required)Array or comma delimited string, list of entities to group.
'';
};
all = mkOption {
default = true;
type = with types; bool;
description = ''
(boolean)(Optional)Set this to true if the group state should only turn on if all grouped entities are on.
'';
};
};
}));
};
auth_providers = mkOption {
homeassistant = mkOption {
type = with types;
(submodule {
options = {
name = mkOption {
default = "Home";
type = with types; str;
};
time_zone = mkOption {
default = config.time.timeZone;
type = with types; str;
};
latitude = mkOption {
default = 52.464031;
type = with types; float;
};
longitude = mkOption {
default = 13.381925;
type = with types; float;
};
elevation = mkOption {
default = 34;
type = with types; int;
};
unit_system = mkOption {
default = "metric";
type = with types; str;
};
whitelist_external_dirs = mkOption {
default = null;
type = with types; nullOr (listOf str);
};
auth_providers = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
customize = mkOption {
type = with types;
attrsOf (submodule {
options = {
friendly_name = mkOption { type = with types; str; };
entity_picture = mkOption {
default = null;
type = with types; nullOr str;
};
icon = mkOption {
default = null;
type = with types; nullOr str;
};
};
});
};
};
});
};
introduction = mkOption {
default = { };
type = with types; attrs;
};
frontend = mkOption {
default = { };
type = with types; attrs;
};
config = mkOption {
default = { };
type = with types; attrs;
};
http = mkOption {
default = null;
type = with types; nullOr attrs;
};
discovery = mkOption {
default = null;
type = with types; nullOr attrs;
};
history = mkOption {
default = null;
type = with types; nullOr attrs;
};
logbook = mkOption {
default = null;
type = with types; nullOr attrs;
};
logger = mkOption {
default = { };
type = with types; attrs;
};
lovelace = mkOption {
default = { mode = "yaml"; };
type = with types; nullOr attrs;
};
map = mkOption {
default = null;
type = with types; nullOr attrs;
};
mqtt = mkOption {
default = null;
type = with types; nullOr attrs;
};
sun = mkOption {
default = null;
type = with types; nullOr attrs;
};
switch = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
customize = mkOption {
type = with types; attrsOf (submodule{ options = {
friendly_name = mkOption {
type = with types; str;
};
entity_picture = mkOption {
default = null;
type = with types; nullOr str;
};
icon = mkOption {
default = null;
type = with types; nullOr str;
};
};});
binary_sensor = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
};});
};
introduction = mkOption {
default = {};
type = with types; attrs;
};
frontend = mkOption {
default = {};
type = with types; attrs;
};
config = mkOption {
default = {};
type = with types; attrs;
};
http = mkOption {
default = null;
type = with types; nullOr attrs;
};
discovery = mkOption {
default = null;
type = with types; nullOr attrs;
};
history = mkOption {
default = null;
type = with types; nullOr attrs;
};
logbook = mkOption {
default = null;
type = with types; nullOr attrs;
};
logger = mkOption {
default = {};
type = with types; attrs;
};
lovelace = mkOption {
default = { mode = "yaml"; };
type = with types; nullOr attrs;
};
map = mkOption {
default = null;
type = with types; nullOr attrs;
};
mqtt = mkOption {
default = null;
type = with types; nullOr attrs;
};
sun = mkOption {
default = null;
type = with types; nullOr attrs;
};
switch = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
binary_sensor = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
sensor = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
prometheus = mkOption {
default = null;
type = with types; nullOr attrs;
};
automation = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
media_player = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
mysensors = mkOption {
default = null;
type = with types; nullOr attrs;
};
script = mkOption {
default = null;
type = with types; nullOr (attrsOf (submodule {
options = {
alias = mkOption {
default = null;
type = with types; nullOr str;
};
sequence = mkOption {
default = [];
type = with types; listOf attrs;
};
sensor = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
prometheus = mkOption {
default = null;
type = with types; nullOr attrs;
};
automation = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
media_player = mkOption {
default = null;
type = with types; nullOr (listOf attrs);
};
mysensors = mkOption {
default = null;
type = with types; nullOr attrs;
};
script = mkOption {
default = null;
type = with types;
nullOr (attrsOf (submodule {
options = {
alias = mkOption {
default = null;
type = with types; nullOr str;
};
sequence = mkOption {
default = [ ];
type = with types; listOf attrs;
};
};
}));
};
input_number = mkOption {
default = null;
type = with types; nullOr (attrsOf attrs);
};
input_text = mkOption {
default = null;
type = with types; nullOr (attrsOf attrs);
};
input_select = mkOption {
default = null;
type = with types; nullOr (attrsOf attrs);
};
input_boolean = mkOption {
default = null;
type = with types; (attrsOf attrs);
};
input_datetime = mkOption {
default = null;
type = with types; (attrsOf attrs);
};
calendar = mkOption {
default = [ ];
type = with types; listOf attrs;
};
shell_command = mkOption {
default = null;
type = with types; nullOr (attrsOf str);
};
}));
};
input_number = mkOption {
default = null;
type = with types; nullOr (attrsOf attrs);
};
input_text = mkOption {
default = null;
type = with types; nullOr (attrsOf attrs);
};
input_select = mkOption {
default = null;
type = with types; nullOr (attrsOf attrs);
};
input_boolean = mkOption {
default = null;
type = with types; (attrsOf attrs);
};
input_datetime = mkOption {
default = null;
type = with types; (attrsOf attrs);
};
calendar = mkOption {
default = [];
type = with types; listOf attrs;
};
shell_command = mkOption {
default = null;
type = with types; nullOr (attrsOf str);
};
};});
};
});
description = ''
home-assistant configuration
'';
};
config = mkIf (cfg != null) {
services.home-assistant.config =
let
services.home-assistant.config = let
sanitize = configuration: lib.getAttr (builtins.typeOf configuration) {
bool = configuration;
int = configuration;
string = configuration;
str = configuration;
float = configuration;
list = map sanitize configuration;
set =
let
stripped = lib.flip lib.filterAttrs configuration
(name: value:
name != "_module"
&& name != "_ref"
&& value != null
);
sanitize = configuration:
lib.getAttr (builtins.typeOf configuration) {
bool = configuration;
int = configuration;
string = configuration;
str = configuration;
float = configuration;
list = map sanitize configuration;
set = let
stripped = lib.flip lib.filterAttrs configuration (name: value:
name != "_module" && name != "_ref" && value != null);
recursiveSanitized = lib.mapAttrs (lib.const sanitize) stripped;
in
if ( length ( attrNames configuration ) == 0 )
then
null
else
recursiveSanitized;
};
in if (length (attrNames configuration) == 0) then
null
else
recursiveSanitized;
};
in
sanitize cfg ;
in sanitize cfg;
};
}

66
modules/services/lektor.nix
View file

@ -104,29 +104,30 @@ in {
serviceConfig = {
User = cfg.user;
# todo : this is not working properly
TimeoutStartSec = "infinity"; # it might take some time will this thing is up
TimeoutStartSec =
"infinity"; # it might take some time will this thing is up
ExecStartPre =
let
ExecStartPre = let
sshKeyTarget = "/run/keys.lektor/id_rsa";
sshKeyTarget = "/run/keys.lektor/id_rsa";
sshConfig = pkgs.writeText "sshconfig" ''
Host ${cfg.host}
IdentityFile ${sshKeyTarget}
sshConfig = pkgs.writeText "sshconfig" ''
Host ${cfg.host}
IdentityFile ${sshKeyTarget}
Host *
ForwardAgent no
Compression no
ServerAliveInterval 0
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no
'';
Host *
ForwardAgent no
Compression no
ServerAliveInterval 0
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no
'';
sshKeyScript = pkgs.writers.writeDash "keyfile-gen" /* sh */ ''
sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh
''
set -x
# setup ~/.ssh
@ -146,7 +147,8 @@ in {
chmod 500 ${sshKeyTarget}
'';
cloneScript = pkgs.writers.writeDash "clone" /* sh */ ''
cloneScript = pkgs.writers.writeDash "clone" # sh
''
set -x
if [[ `ls ~/${cfg.user} | wc -l` == 0 ]]
then
@ -155,23 +157,23 @@ in {
${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user}
'';
in [
"+${sshKeyScript}"
"-${cloneScript}"
];
in [ "+${sshKeyScript}" "-${cloneScript}" ];
};
# todo : add restart ruling
script = /* sh */ ''
cd ~/${cfg.user} && \
${pkgs.git}/bin/git pull && \
${optionalString (cfg.additionalScript != null) "${cfg.additionalScript} &&"} \
${pkgs.python36Packages.lektor}/bin/lektor server \
--host ${cfg.bind} \
--port ${toString cfg.port}
'';
script = # sh
''
cd ~/${cfg.user} && \
${pkgs.git}/bin/git pull && \
${
optionalString (cfg.additionalScript != null)
"${cfg.additionalScript} &&"
} \
${pkgs.python36Packages.lektor}/bin/lektor server \
--host ${cfg.bind} \
--port ${toString cfg.port}
'';
};
};
}

26
modules/services/samba-share.nix
View file

@ -15,9 +15,7 @@ in {
description = ''
folders to share as readonly
'';
example = {
public = "/srv/downloads/movies";
};
example = { public = "/srv/downloads/movies"; };
};
};
@ -42,18 +40,16 @@ in {
disable spoolss = yes
'';
shares =
mapAttrs' (name: path:
{
name = name;
value = {
browsable = "yes";
comment = "read only share {name}";
path = path;
"read only" = "yes";
"guest ok" = "yes";
};
}) cfg.folders;
shares = mapAttrs' (name: path: {
name = name;
value = {
browsable = "yes";
comment = "read only share {name}";
path = path;
"read only" = "yes";
"guest ok" = "yes";
};
}) cfg.folders;
};
users.users.smbguest = {

41
modules/services/seafile.nix
View file

@ -11,25 +11,25 @@ in {
options.custom.services.seafile = {
enable = mkEnableOption "enable custom.services.seafile";
hostname = mkOption {
type = with types; string;
type = with types; string;
description = ''
hostname of the seafile server
'';
};
port = mkOption {
type = with types; int;
type = with types; int;
description = ''
port on where ther server runs on
'';
};
home = mkOption {
type = with types; path;
type = with types; path;
description = ''
folder in where the seafile stuff gets stored
'';
};
serviceName = mkOption {
type = with types; string;
type = with types; string;
default = "seafile-docker";
description = ''
name of the systemd service
@ -47,31 +47,31 @@ in {
after = [ "network.target" "docker.service" ];
requires = [ "docker.service" ];
wantedBy = [ "multi-user.target" ];
script = /* sh */''
# delete old instance to ensure update
${pkgs.docker}/bin/docker stop seafile || true && ${pkgs.docker}/bin/docker rm -f seafile || true
# start instance
${pkgs.docker}/bin/docker run \
--name seafile \
--env SEAFILE_SERVER_HOSTNAME=${cfg.hostname} \
--env SEAFILE_ADMIN_EMAIL="root@${cfg.hostname}" \
--env SEAFILE_ADMIN_PASSWORD="${lib.fileContents <secrets/seafile/root>}" \
--volume ${cfg.home}:/shared \
--publish ${toString cfg.port}:80 \
seafileltd/seafile:latest
'';
script = # sh
''
# delete old instance to ensure update
${pkgs.docker}/bin/docker stop seafile || true && ${pkgs.docker}/bin/docker rm -f seafile || true
# start instance
${pkgs.docker}/bin/docker run \
--name seafile \
--env SEAFILE_SERVER_HOSTNAME=${cfg.hostname} \
--env SEAFILE_ADMIN_EMAIL="root@${cfg.hostname}" \
--env SEAFILE_ADMIN_PASSWORD="${
lib.fileContents <secrets/seafile/root>
}" \
--volume ${cfg.home}:/shared \
--publish ${toString cfg.port}:80 \
seafileltd/seafile:latest
'';
};
};
}
# ! todo
# requires = [ "${config.module.backup.services.encfs."seafile".serviceName}.service" ];
# krops.keys."seafile".path = toString <keys/seafile/encfs>;
#
# module.backup.services.encfs = {
@ -84,4 +84,3 @@ in {
# };
# };

59
modules/services/sshd.nix
View file

@ -13,50 +13,47 @@ in {
sshd = {
enable = mkEnableOption "Start sshd server";
rootKeyFiles = mkOption {
type = with types; listOf path;
type = with types; listOf path;
description = "keys to root login";
default = [ ];
default = [ ];
};
};
};
config = mkMerge [
(mkIf cfg.tools.enable {
environment.systemPackages = with pkgs; [
# sshuttle
sshfs
];
})
(mkIf cfg.tools.enable {
environment.systemPackages = with pkgs;
[
# sshuttle
sshfs
];
})
(mkIf cfg.sshd.enable {
(mkIf cfg.sshd.enable {
services.openssh = {
enable = true;
forwardX11 = true;
passwordAuthentication = false;
};
services.openssh = {
enable = true;
forwardX11 = true;
passwordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles ;
users.users.root.openssh.authorizedKeys.keyFiles = cfg.sshd.rootKeyFiles;
services.openssh.extraConfig = ''
Banner /etc/sshd/banner-line
'';
services.openssh.extraConfig = ''
Banner /etc/sshd/banner-line
'';
environment.etc."sshd/banner-line".text =
let
text = config.networking.hostName;
size = 80 - (lib.stringLength text);
space = lib.fixedWidthString size " " "";
in ''
${ space }${ text }
'';
}
)
environment.etc."sshd/banner-line".text = let
text = config.networking.hostName;
size = 80 - (lib.stringLength text);
space = lib.fixedWidthString size " " "";
in ''
${space}${text}
'';
})
];

56
modules/services/transmission.nix
View file

@ -3,36 +3,34 @@
with lib;
let
cfg = config.services.custom.transmission;
in {
options.services.custom.transmission = {
enable = lib.mkEnableOption "transmission";
home = lib.mkOption {
type = lib.types.path;
type = lib.types.path;
description = "where the configs are";
};
store = lib.mkOption {
type = lib.types.path;
store = lib.mkOption {
type = lib.types.path;
description = "where to store";
};
hosts = lib.mkOption {
type = lib.types.str;
type = lib.types.str;
description = "allowed hostnames";
};
whitelist = lib.mkOption {
type = lib.types.str;
type = lib.types.str;
description = "Ip to listen to";
};
user = lib.mkOption {
type = lib.types.str;
type = lib.types.str;
description = "user to login";
};
password = lib.mkOption {
type = lib.types.str;
type = lib.types.str;
description = "password to login";
};
port = mkOption {
@ -60,23 +58,23 @@ in {
services.transmission = {
enable = true;
home = "${cfg.home}";
home = "${cfg.home}";
settings = {
# Downloads
download-dir = "${cfg.store}/downloads";
download-dir = "${cfg.store}/downloads";
incomplete-dir-enabled = true;
incomplete-dir = "${cfg.store}/incomplete";
incomplete-dir = "${cfg.store}/incomplete";
# RPC = UI connection
rpc-whitelist = "${cfg.whitelist}";
rpc-host-whitelist = "${cfg.hosts}";
rpc-user = "${cfg.user}";
rpc-username = "${cfg.user}";
rpc-password = "${cfg.password}";
rpc-whitelist = "${cfg.whitelist}";
rpc-host-whitelist = "${cfg.hosts}";
rpc-user = "${cfg.user}";
rpc-username = "${cfg.user}";
rpc-password = "${cfg.password}";
# Start torrents as soon as they are added
start-added-torrents = true;
start-added-torrents = true;
# Encryption may help get around some ISP filtering,
# but at the cost of slightly higher CPU use.
@ -86,36 +84,36 @@ in {
encryption = 2;
# Enable Local Peer Discovery (LPD).
lpd-enabled = true;
lpd-enabled = true;
# Enable UPnP or NAT-PMP.
peer-port = cfg.port;
port-forwarding-enabled = true;
port-forwarding-enabled = true;
# "normal" speed limits
speed-limit-down-enabled = true;
speed-limit-down = 800;
speed-limit-up-enabled = true ;
speed-limit-up = 50;
speed-limit-down = 800;
speed-limit-up-enabled = true;
speed-limit-up = 50;
upload-slots-per-torrent = 8;
# Queuing
# When true, Transmission will only download
# download-queue-size non-stalled torrents at once.
download-queue-enabled = true;
download-queue-size = 1;
download-queue-enabled = true;
download-queue-size = 1;
# When true, torrents that have not shared data for
# queue-stalled-minutes are treated as 'stalled'
# and are not counted against the queue-download-size
# and seed-queue-size limits.
queue-stalled-enabled = true;
queue-stalled-minutes = 60;
queue-stalled-enabled = true;
queue-stalled-minutes = 60;
# When true. Transmission will only seed seed-queue-size
# non-stalled torrents at once.
seed-queue-enabled = true;
seed-queue-size = 10;
seed-queue-enabled = true;
seed-queue-size = 10;
# umask of the moves that got downloaded
umask = 18;

64
modules/services/videoencoder.nix
View file

@ -7,7 +7,8 @@ let
cfg = config.service.videoencoder;
# todo : escape output and input File
createEncoder = tmpFolder: inputFile: outputFile: /* sh */ ''
createEncoder = tmpFolder: inputFile: outputFile: # sh
''
mkdir -p ${tmpFolder}
rm -rf ${tmpFolder}/*
TMP_FILE=`mktemp --dry-run ${tmpFolder}/XXXXXXXX.${cfg.format}`
@ -35,7 +36,7 @@ in {
enable = mkEnableOption "enable service.videoencoder";
profile = mkOption {
type = with types; string;
type = with types; string;
default = "main";
description = ''
-profile:v
@ -43,7 +44,8 @@ in {
};
tune = mkOption {
type = with types; nullOr (enum [ "film" "animation" "grain" "stillimage" ]);
type = with types;
nullOr (enum [ "film" "animation" "grain" "stillimage" ]);
default = null;
description = ''
-tune
@ -51,7 +53,7 @@ in {
};
format = mkOption {
type = with types; enum [ "mp4" "mkv" ];
type = with types; enum [ "mp4" "mkv" ];
default = "mp4";
description = ''
the format
@ -59,24 +61,25 @@ in {
};
fileConfig = mkOption {
type = with types; listOf (submodule {
options = {
inputFile = mkOption {
# todo make this path
type = with types; string;
description = ''
full path to the inputFile
'';
type = with types;
listOf (submodule {
options = {
inputFile = mkOption {
# todo make this path
type = with types; string;
description = ''
full path to the inputFile
'';
};
outputFile = mkOption {
type = with types; string;
description = ''
full path to the ouputFile
folder must exist
'';
};
};
outputFile = mkOption {
type = with types; string;
description = ''
full path to the ouputFile
folder must exist
'';
};
};
});
});
description = ''
list of files to encode.
'';
@ -86,17 +89,16 @@ in {
config = mkIf cfg.enable {
systemd.services."videoEncoding" = {
wantedBy = ["multi-user.target"];
wantedBy = [ "multi-user.target" ];
enable = true;
script =
let
myList = map ( value :
createEncoder "/tmp/videoencoder" value.inputFile value.outputFile
) cfg.fileConfig;
in ''
set -x
${concatStringsSep "\n" myList}
'';
script = let
myList = map (value:
createEncoder "/tmp/videoencoder" value.inputFile value.outputFile)
cfg.fileConfig;
in ''
set -x
${concatStringsSep "\n" myList}
'';
};

94
modules/system/audio.nix
View file

@ -6,20 +6,21 @@ let
ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa";
jackScript = pkgs.writeShellScriptBin "jack" (lib.fileContents <assets/jack.sh>);
jackScript =
pkgs.writeShellScriptBin "jack" (lib.fileContents <assets/jack.sh>);
queueElement = {
options = {
plugin = mkOption {
type = with types; str;
type = with types; str;
description = "file name without suffix of the plugin";
};
label = mkOption {
type = with types; str;
type = with types; str;
description = "label of the queue element (needs to be correct)";
};
control = mkOption {
type = with types; listOf str;
type = with types; listOf str;
description = "parameter of plugin";
};
};
@ -28,11 +29,11 @@ let
sinkElement = {
options = {
name = mkOption {
type = with types; str;
type = with types; str;
description = "name of the sink";
};
queue = mkOption {
type = with types; listOf (submodule queueElement);
type = with types; listOf (submodule queueElement);
description = "queues";
};
};
@ -44,8 +45,8 @@ in {
options.system.custom.audio = {
enable = mkEnableOption "use PluseAudio";
sinks = mkOption {
type = with types; listOf (submodule sinkElement);
sinks = mkOption {
type = with types; listOf (submodule sinkElement);
description = "list of sinks";
};
};
@ -66,16 +67,18 @@ in {
# LADSPA
# ------
programs.bash.interactiveShellInit = /* sh */ ''
# set ladspa library path
# about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath}
'';
programs.zsh.interactiveShellInit = /* sh */ ''
# set ladspa library path
# about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath}
'';
programs.bash.interactiveShellInit = # sh
''
# set ladspa library path
# about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath}
'';
programs.zsh.interactiveShellInit = # sh
''
# set ladspa library path
# about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath}
'';
# PulseAudio
# ----------
@ -84,7 +87,7 @@ in {
system.custom.mainUser.extraGroups = [ "audio" ];
hardware.pulseaudio = {
enable = true;
enable = true;
# all in audio group can do audio
systemWide = true;
@ -93,34 +96,42 @@ in {
extraConfig = ''
# automatically switch to newly-connected devices
load-module module-switch-on-connect
# automatically switch to newly-connected devices
load-module module-switch-on-connect
# http://plugin.org.uk/ladspa-swh/docs/ladspa-swh.html
# https://gavv.github.io/articles/pulseaudio-under-the-hood/#ladspa-plugin-sink
${builtins.toString (flip map cfg.sinks (sink : ''
# ladspa sink : ${sink.name}
# -------------
${builtins.toString (flip imap0 (reverseList sink.queue) (index : queua:
let
sinkName = suffix : "${sink.name}${builtins.toString suffix}";
sinkValue = "sink_name=${sinkName index}";
sinkDescription = "sink_properties=device.description=${sinkName index}-${queua.label}";
masterValue = if (index == 0) then "" else "master=${sinkName (index - 1)}";
pluginValue = "plugin=${ladspaPath}/${queua.plugin}";
labelValue = "label=${queua.label}";
controlValue = "control=${builtins.toString (foldl (a: b: "${a},${b}") (head queua.control) (tail queua.control))}";
in ''
# ${sinkName index} : ${queua.label}
load-module module-ladspa-sink ${sinkValue} ${sinkDescription} ${masterValue} ${pluginValue} ${labelValue} ${controlValue}
# http://plugin.org.uk/ladspa-swh/docs/ladspa-swh.html
# https://gavv.github.io/articles/pulseaudio-under-the-hood/#ladspa-plugin-sink
${builtins.toString (flip map cfg.sinks (sink: ''
# ladspa sink : ${sink.name}
# -------------
${builtins.toString (flip imap0 (reverseList sink.queue)
(index: queua:
let
sinkName = suffix: "${sink.name}${builtins.toString suffix}";
sinkValue = "sink_name=${sinkName index}";
sinkDescription = "sink_properties=device.description=${
sinkName index
}-${queua.label}";
masterValue =
if (index == 0) then "" else "master=${sinkName (index - 1)}";
pluginValue = "plugin=${ladspaPath}/${queua.plugin}";
labelValue = "label=${queua.label}";
controlValue = "control=${
builtins.toString
(foldl (a: b: "${a},${b}") (head queua.control)
(tail queua.control))
}";
in ''
# ${sinkName index} : ${queua.label}
load-module module-ladspa-sink ${sinkValue} ${sinkDescription} ${masterValue} ${pluginValue} ${labelValue} ${controlValue}
''))}
''))}
''))}
'';
'';
};
# Packages needed
# ---------------
environment.systemPackages = with pkgs ; [
environment.systemPackages = with pkgs; [
jackScript
@ -132,7 +143,6 @@ in {
# qjackctl
# LADSPA
# ------
ladspaPlugins

11
modules/system/bluetooth.nix
View file

@ -6,20 +6,21 @@ let
in {
options.system.custom.bluetooth.enable = lib.mkEnableOption "enable bluetooth support";
options.system.custom.bluetooth.enable =
lib.mkEnableOption "enable bluetooth support";
config = lib.mkIf cfg.enable {
hardware.bluetooth = {
enable = true;
enable = true;
powerOnBoot = true;
extraConfig = ''
[General]
AutoConnect=true
[General]
AutoConnect=true
'';
};
environment.systemPackages = with pkgs ; [
environment.systemPackages = with pkgs; [
# bluetooth audio
# ---------------

23
modules/system/font.nix
View file

@ -11,8 +11,8 @@ in {
options.system.custom.fonts = {
enable = mkEnableOption "enable fonts";
dpi = mkOption {
type = types.int;
default = 141;
type = types.int;
default = 141;
description = ''
dpi of the monitor
'';
@ -23,25 +23,23 @@ in {
fonts = {
enableCoreFonts = true;
enableFontDir = true;
enableCoreFonts = true;
enableFontDir = true;
enableGhostscriptFonts = true;
fontconfig = {
dpi = cfg.dpi;
dpi = cfg.dpi;
subpixel = {
lcdfilter = "default";
rgba = "rgb";
rgba = "rgb";
};
hinting = {
enable = true;
enable = true;
autohint = false;
};
enable = true;
antialias = true;
defaultFonts = {
monospace = [ "inconsolata" ];
};
enable = true;
antialias = true;
defaultFonts = { monospace = [ "inconsolata" ]; };
};
fonts = with pkgs; [
@ -73,4 +71,3 @@ in {
}

35
modules/system/mainUser.nix
View file

@ -7,14 +7,12 @@ let
cfg = config.system.custom.mainUser;
dockerGroup =
if (config.virtualisation.docker.enable)
then [ "docker" ]
else [];
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
vboxGroup =
if (config.virtualisation.virtualbox.host.enable)
then [ "vboxusers" ]
else [];
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
in {
@ -23,14 +21,14 @@ in {
enable = mkEnableOption "enable mainUser for a desktop system";
userName = mkOption {
type = with types; str;
type = with types; str;
description = ''
name of the main user
'';
};
uid = mkOption {
type = with types; int;
type = with types; int;
default = 1337;
description = ''
uid of main user
@ -38,7 +36,7 @@ in {
};
extraGroups = mkOption {
default = [];
default = [ ];
type = with types; listOf str;
description = ''
list of groups the main user should also be in
@ -46,7 +44,7 @@ in {
};
authorizedKeyFiles = mkOption {
default = [];
default = [ ];
type = with types; listOf str;
description = ''
list of keys allowed to login as this user
@ -59,17 +57,18 @@ in {
users = {
mutableUsers = true;
mutableUsers = true;
defaultUserShell = pkgs.zsh;
users.mainUser = {
isNormalUser = true;
name = cfg.userName;
uid = cfg.uid;
home = "/home/${cfg.userName}";
isNormalUser = true;
name = cfg.userName;
uid = cfg.uid;
home = "/home/${cfg.userName}";
initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" ] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles ;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" ]
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
};
};
};

84
modules/system/permown.nix
View file

@ -1,59 +1,53 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.system.permown;
let cfg = config.system.permown;
in {
options.system.permown = mkOption {
default = {};
type = with types; attrsOf (submodule ({ config, ... }: {
options = {
directory-mode = mkOption {
default = "=rwx";
type = types.str; # TODO
default = { };
type = with types;
attrsOf (submodule ({ config, ... }: {
options = {
directory-mode = mkOption {
default = "=rwx";
type = types.str; # TODO
};
file-mode = mkOption {
default = "=rw";
type = types.str; # TODO
};
group = mkOption {
apply = x: if x == null then "" else x;
default = null;
type = types.nullOr types.str;
};
owner = mkOption { type = types.str; };
path = mkOption {
default = config._module.args.name;
type = types.path;
};
umask = mkOption {
default = "0027";
type = types.str;
};
};
file-mode = mkOption {
default = "=rw";
type = types.str; # TODO
};
group = mkOption {
apply = x: if x == null then "" else x;
default = null;
type = types.nullOr types.str;
};
owner = mkOption {
type = types.str;
};
path = mkOption {
default = config._module.args.name;
type = types.path;
};
umask = mkOption {
default = "0027";
type = types.str;
};
};
}));
}));
};
config =
let
plans = lib.attrValues cfg;
in
mkIf (plans != []) {
config = let plans = lib.attrValues cfg;
in mkIf (plans != [ ]) {
system.activationScripts.permown = let
mkdir = plan: /* sh */ ''
${pkgs.coreutils}/bin/mkdir -p ${plan.path}
'';
in
concatMapStrings mkdir plans;
mkdir = plan: # sh
''
${pkgs.coreutils}/bin/mkdir -p ${plan.path}
'';
in concatMapStrings mkdir plans;
# genAttrs' = names: f: listToAttrs (map f names);
systemd.services = listToAttrs (flip map plans (plan: {
name = "permown.${replaceStrings ["/"] ["_"] plan.path}";
name = "permown.${replaceStrings [ "/" ] [ "_" ] plan.path}";
value = {
environment = {
DIR_MODE = plan.directory-mode;
@ -61,11 +55,7 @@ in {
OWNER_GROUP = "${plan.owner}:${plan.group}";
ROOT_PATH = plan.path;
};
path = [
pkgs.coreutils
pkgs.findutils
pkgs.inotifyTools
];
path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ];
serviceConfig = {
ExecStart = pkgs.writers.writeDash "permown" ''
set -efu

11
modules/system/wifi.nix
View file

@ -10,11 +10,11 @@ in {
options.system.custom.wifi = {
enable = mkEnableOption "enable wifi";
system = mkOption{
system = mkOption {
default = "wpa_supplicant";
type = with types; enum ["wpa_supplicant" "networkmanager"];
type = with types; enum [ "wpa_supplicant" "networkmanager" ];
};
configurationFile = mkOption{
configurationFile = mkOption {
default = null;
type = with types; nullOr path;
description = ''
@ -22,8 +22,8 @@ in {
'';
};
interfaces = mkOption {
type = with types; listOf string;
default = [];
type = with types; listOf string;
default = [ ];
description = ''
list of interfaces to take care of,
if empty it will test all interfaces
@ -73,4 +73,3 @@ in {
}

Some files were not shown because too many files have changed in this diff Show more