diff --git a/.channelStable.json b/.channelStable.json deleted file mode 100644 index fe8f27e..0000000 --- a/.channelStable.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "url": "https://github.com/NixOS/nixpkgs.git", - "rev": "6bfe71f2a4e2e425dee26b25d2309f341ff1600d", - "date": "2021-09-02T17:55:10+02:00", - "path": "/nix/store/wmg7a97b7ql8kj413wkvh2pmvl5m4nkd-nixpkgs", - "sha256": "1mpf700fqlzyj6vsy2c329zlgbk9g6giwiyb2g0yhc0a78h72g8l", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.channelUnstable.json b/.channelUnstable.json deleted file mode 100644 index 429e3d3..0000000 --- a/.channelUnstable.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "url": "https://github.com/NixOS/nixpkgs.git", - "rev": "a51aa6523bd8ee985bc70987909eff235900197a", - "date": "2021-09-04T10:19:48-03:00", - "path": "/nix/store/qylkdn96ah6r3mhh5m0p3yv236nxdbsa-nixpkgs", - "sha256": "1rpikl60v179gsshqfrr4xwz42db5g87scm2v2hk3v3jys9dqrgc", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.krops.json b/.krops.json deleted file mode 100644 index 03b044a..0000000 --- a/.krops.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "url": "https://git.ingolf-wagner.de/krebs/krops.git", - "rev": "2e93a93ac264a480b427acc2684993476732539d", - "date": "2018-09-19T19:57:26+02:00", - "sha256": "1s6b2cs60xa270ynhr32qj1rcy3prvf9pidap0qbbvgg008iafxk", - "fetchSubmodules": false -} diff --git a/.nix-writers.json b/.nix-writers.json deleted file mode 100644 index 5943e89..0000000 --- a/.nix-writers.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "url": "https://cgit.krebsco.de/nix-writers/", - "rev": "fc8a3802a0777a5f43a9a2fe0f5848ecaeb555a1", - "date": "2018-10-27T14:45:48+02:00", - "path": "/nix/store/81f2li00frwb29kzk7wjw7b87l65s8bg-nix-writers", - "sha256": "1iy207rcbz9nv9bf64025ypy38x8mwzl6snbmbrq347h6vvs0ksc", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/.nixos-generators.json b/.nixos-generators.json deleted file mode 100644 index 904eef2..0000000 --- a/.nixos-generators.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "url": "https://github.com/nix-community/nixos-generators.git", - "rev": "ef1e4480cf8af45cfdeac597b2f1b1af33923e93", - "date": "2019-01-18T10:41:01+01:00", - "path": "/nix/store/61wmz4fvlyxnxhw9smkl897rhavj06ry-nixos-generators-ef1e448", - "sha256": "0ymzp4pmpkjjjg5h8d45gv8avy4wh1dj0v238i2cz3jp3j489ik9", - "fetchSubmodules": false, - "deepClone": false, - "leaveDotGit": false -} diff --git a/configs/pepe/home-assistant/light-control.nix b/configs/pepe/home-assistant/light-control.nix deleted file mode 100644 index 7a9f8a5..0000000 --- a/configs/pepe/home-assistant/light-control.nix +++ /dev/null @@ -1,228 +0,0 @@ -{ pkgs, lib, config, ... }: { - - services.mqtt.light-control.enable = true; - services.mqtt.light-control.loglevel = "debug"; - services.mqtt.light-control.config = { - credentials = { - host = "tcp://localhost:1883"; - user = "homeassistant"; - password = "hallo"; - }; - scenes = [ - { - name = "up-dark"; - ignored_sensors = [ - "zigbee2mqtt/door_sensor_1" - "zigbee2mqtt/door_sensor_4" - "zigbee2mqtt/door_sensor_5" - ]; - } - { - name = "half"; - ignored_sensors = [ - "zigbee2mqtt/door_sensor_1" - "zigbee2mqtt/door_sensor_4" - "zigbee2mqtt/door_sensor_5" - ]; - disabled_switches = [ - "zigbee2mqtt/led_1" - "zigbee2mqtt/led_2" - "zigbee2mqtt/light_2" - "zigbee2mqtt/light_4" - "zigbee2mqtt/light_5" - "zigbee2mqtt/light_7" - ]; - } - { - name = "down"; - ignored_sensors = [ - "zigbee2mqtt/door_sensor_1" - "zigbee2mqtt/door_sensor_4" - "zigbee2mqtt/door_sensor_5" - ]; - } - { - name = "up-bright"; - disabled_switches = [ - "zigbee2mqtt/led_1" - "zigbee2mqtt/led_2" - "zigbee2mqtt/light_2" - "zigbee2mqtt/light_4" - "zigbee2mqtt/light_5" - "zigbee2mqtt/light_7" - ]; - ignored_sensors = [ "zigbee2mqtt/door_sensor_4" ]; - } - { - name = "outside"; - room_tracking_enabled = false; - ignored_sensors = [ "zigbee2mqtt/door_sensor_4" ]; - } - { - name = "night"; - room_tracking_enabled = false; - brightness = 25; - ignored_sensors = - [ "zigbee2mqtt/motion_sensor_7" "zigbee2mqtt/door_sensor_4" ]; - } - ]; - sensors = let - door = { topic, room }: { - topic = topic; - key = "contact"; - room = room; - invert_state = true; - delay = 90; - }; - motion = { topic, room }: { - topic = topic; - key = "occupancy"; - room = room; - delay = 60; - }; - in [ - - (motion { - topic = "zigbee2mqtt/motion_sensor_1"; - room = "office_room"; - }) - (motion { - topic = "zigbee2mqtt/motion_sensor_2"; - room = "office_room"; - }) - (motion { - topic = "zigbee2mqtt/motion_sensor_6"; - room = "office_room"; - }) - (motion { - topic = "zigbee2mqtt/motion_sensor_8"; - room = "office_room"; - }) - (motion { - topic = "zigbee2mqtt/motion_sensor_7"; - room = "sleeping_room"; - }) - (motion { - topic = "zigbee2mqtt/motion_sensor_5"; - room = "kitchen"; - }) - (motion { - topic = "zigbee2mqtt/motion_sensor_4"; - room = "storage_room"; - }) - - (door { - topic = "zigbee2mqtt/door_sensor_1"; - room = "storage_room"; - }) - (door { - topic = "zigbee2mqtt/door_sensor_5"; - room = "sleeping_room"; - }) - (door { - # house door - topic = "zigbee2mqtt/door_sensor_4"; - room = "floor"; - }) - - ]; - switches = let - sonoff = { id, rooms, delay ? 0 }: { - topic = "stat/${id}/RESULT"; - key = "POWER"; - rooms = rooms; - delay = delay; - command = { - command = "{{state}}"; - init_command = "(null)"; - topic = "cmnd/${id}/POWER"; - on = "ON"; - off = "OFF"; - }; - }; - light = { topic, rooms, delay ? 0 }: { - topic = topic; - key = "state"; - rooms = rooms; - delay = delay; - command = { - command = ''{"state":"{{state}}","brightness":{{brightness}}}''; - topic = "${topic}/set"; - on = "ON"; - off = "OFF"; - }; - }; - led = { topic, rooms, delay ? 0 }: { - topic = topic; - key = "state"; - rooms = rooms; - delay = delay; - command = { - # Configure it once to the color you like - # {"state":"{{state}}","brightness":{{brightness}},"color":{"hex":"#FFFFFF},"color_temp":255","transition":0} - command = '' - {"state":"{{state}}","brightness":{{brightness}},"transition":0}''; - topic = "${topic}/set"; - on = "ON"; - off = "OFF"; - }; - }; - in [ - - (light { - topic = "zigbee2mqtt/light_2"; - rooms = [ "office_room" ]; - }) - (light { - topic = "zigbee2mqtt/light_4"; - rooms = [ "office_room" ]; - }) - (light { - topic = "zigbee2mqtt/light_5"; - rooms = [ "storage_room" ]; - }) - (light { - topic = "zigbee2mqtt/light_7"; - rooms = [ "sleeping_room" ]; - }) - (led { - topic = "zigbee2mqtt/led_1"; - rooms = [ "office_room" ]; - }) - (led { - topic = "zigbee2mqtt/led_2"; - rooms = [ "kitchen" ]; - }) - - #(sonoff { - # id = "PAL01"; - # rooms = [ "bed_room" ]; - #}) - #(sonoff { - # id = "PAL03"; - # rooms = [ "living_room" ]; - #}) - #(sonoff { - # id = "PAL04"; - # rooms = [ "bed_room" ]; - #}) - #(sonoff { - # id = "PAL06"; - # rooms = [ "kitchen" ]; - #}) - ## monitor and speakers - #(sonoff { - # id = "PAL07"; - # rooms = [ "bed_room" ]; - # delay = 180; - #}) - #(sonoff { - # id = "PAL08"; - # rooms = [ "bed_room" ]; - # delay = 180; - #}) - - ]; - }; - -} diff --git a/configs/pepe/home-assistant/stocks.nix b/configs/pepe/home-assistant/stocks.nix deleted file mode 100644 index 7afd2dd..0000000 --- a/configs/pepe/home-assistant/stocks.nix +++ /dev/null @@ -1,173 +0,0 @@ -{ lib, config, pkgs, ... }: -let - - folderPath = config.services.home-assistant.configDir; - - # find symbols with - # https://www.alphavantage.co/query?function=SYMBOL_SEARCH&keywords=&apikey= - # as described here : https://www.alphavantage.co/documentation/#symbolsearch - # - # example: - # -------- - # stocks = [ - # { - # symbol = "GOOGL"; - # name = "google"; - # friendly_name = "Google"; - # currency = "$"; - # # I own 50 and bought at a price of 1000 - # own = { - # pieces = 50; - # price = 1000; - # }; - # } - # ]; - stocks = import ; - filePath = name: "${folderPath}/stock_${name}.json"; - - cleanup_list = list: lib.filter (entry: entry != { }) (lib.flatten list); - -in { - services.homeAssistantConfig = { - - sensor = cleanup_list (map ({ name, currency, own ? { }, ... }: [ - { - platform = "file"; - name = "stock_${name}"; - file_path = filePath name; - value_template = "{{ value_json.price}} ${currency}"; - - } - { - platform = "file"; - name = "stock_${name}_change"; - file_path = filePath name; - value_template = "{{ value_json.change}} ${currency}"; - - } - { - platform = "file"; - name = "stock_${name}_change_percent"; - file_path = filePath name; - value_template = "{{ value_json.change_percent}} %"; - } - (lib.optionalAttrs (own != { }) { - platform = "file"; - name = "stock_${name}_profit"; - file_path = filePath name; - value_template = '' - {{ "{:,.2f}".format( value_json.price * ${toString own.pieces} - ${ - toString (own.pieces * own.price) - } ) }} ${currency}''; - }) - ]) stocks); - - homeassistant = { - whitelist_external_dirs = [ folderPath ]; - customize = builtins.listToAttrs (cleanup_list (map - ({ name, own ? { }, ... }: [ - { - name = "sensor.stock_${name}"; - value = { - icon = "mdi:cash-usd-outline"; - friendly_name = "Price"; - }; - } - { - name = "sensor.stock_${name}_change"; - value = { - icon = "mdi:radar"; - friendly_name = "Difference"; - }; - } - { - name = "sensor.stock_${name}_change_percent"; - value = { - icon = "mdi:radar"; - friendly_name = "Percent"; - }; - } - (lib.optionalAttrs (own != { }) { - name = "sensor.stock_${name}_profit"; - value = { - icon = "mdi:radar"; - friendly_name = "Profit"; - }; - }) - ]) stocks)); - }; - - group = (builtins.listToAttrs (map - ({ name, friendly_name, own ? { }, ... }: { - name = "stock_${name}"; - value = { - name = "${friendly_name} Aktie"; - entities = [ - "sensor.stock_${name}" - "sensor.stock_${name}_change" - "sensor.stock_${name}_change_percent" - ] ++ (lib.optional (own != { }) "sensor.stock_${name}_profit"); - }; - }) stocks)); - - }; - - systemd.services = let - pullService = { name, symbol, currency, ... }: { - name = "pull_stock_${name}"; - value = { - enable = true; - before = [ "home-assistant.service" ]; - wantedBy = [ "home-assistant.service" ]; - serviceConfig = { - User = "hass"; - Type = "oneshot"; - }; - description = "pull stock_${name} for homeassistant"; - script = '' - SYMBOL="${symbol}" - CURRENCY="${currency}" - APIKEY=${ - lib.fileContents - } - - ${pkgs.curl}/bin/curl --location --silent \ - "https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \ - | ${pkgs.jq}/bin/jq --compact-output \ - '.["Global Quote"] | - { - price: .["05. price"] | tonumber, - currency: "'$CURRENCY'", - change_percent: .["10. change percent"] | .[0:-1] | tonumber, - change: .["09. change"] | tonumber, - last_date: .["07. latest trading day"], - }' \ - >> ${filePath name} - - # old and stupid - #${pkgs.curl}/bin/curl --location --silent \ - #"https://www.alphavantage.co/query?function=TIME_SERIES_INTRADAY&symbol=$SYMBOL&interval=5min&apikey=$APIKEY" \ - #| ${pkgs.jq}/bin/jq --compact-output \ - # '.["Time Series (5min)"] | to_entries | [ .[] - # | { date : .key , value : .value["4. close"], currency: "'$CURRENCY'" } ] - # | sort_by(.date) | reverse | .[0]' \ - ''; - }; - }; - in builtins.listToAttrs (map pullService stocks); - - systemd.timers = let - pullTimer = { name, ... }: { - name = "pull_stock_${name}"; - value = { - enable = true; - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = "hourly"; - Persistent = "true"; - }; - }; - }; - in builtins.listToAttrs (map pullTimer stocks); - -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix b/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix deleted file mode 100644 index 943f30c..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix +++ /dev/null @@ -1,226 +0,0 @@ -{ pkgs, lib, ... }: -let - - # we create 3 input_boolean which get toggled by the 3 types of buttons pressed. - # input_boolean.single_${name} : single click - # input_boolean.double_${name} : double click - # input_boolean.hold_${name} : hold - # if you override these input (via states) you have to create the input yourself - - # https://www.zigbee2mqtt.io/devices/WXKG12LM.html - allDevices = { - "button_a1" = { - id = "0x00158d0002b04f65"; - #groups = [ "living_room" ]; - states.single = "input_boolean.situation_toggle"; - states.hold = "input_boolean.printer_toggle"; - states.double = "input_boolean.windows_up"; - }; - "button_a2" = { - id = "0x00158d0002b04f09"; - #groups = [ "bed_room" ]; - states.single = "input_boolean.situation_toggle"; - states.hold = "input_boolean.printer_toggle"; - states.double = "input_boolean.windows_up"; - }; - "button_a3" = { - id = "0x00158d0002b00e04"; - #groups = [ "bed_room" ]; - states.single = "input_boolean.situation_toggle"; - states.hold = "input_boolean.printer_toggle"; - states.double = "input_boolean.windows_up"; - }; - }; - -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - }; - }) allDevices; - - services.homeAssistantConfig = { - - # define input_boolean - # -------------------- - # which get toggled by the buttons - input_boolean = let stripEmpty = lib.filter (a: a != { }); - in builtins.listToAttrs (stripEmpty (lib.flatten (lib.mapAttrsToList (name: - { states ? { }, ... }: [ - (lib.optionalAttrs (!lib.hasAttr "single" states) { - name = "single_${name}"; - value = { icon = "mdi:toggle-switch"; }; - }) - (lib.optionalAttrs (!lib.hasAttr "double" states) { - name = "double_${name}"; - value = { icon = "mdi:toggle-switch"; }; - }) - (lib.optionalAttrs (!lib.hasAttr "hold" states) { - name = "hold_${name}"; - value = { icon = "mdi:toggle-switch"; }; - }) - ]) allDevices))); - - # define meta information sensors - sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [ - { - platform = "mqtt"; - name = name; - icon = "mdi:toggle-switch"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - value_template = "{{ value_json.click }}"; - } - { - name = "battery_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - icon = "mdi:battery-10"; - value_template = "{{ value_json.battery }}"; - } - { - name = "link_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - icon = "mdi:signal"; - unit_of_measurement = "lqi"; - value_template = "{{ value_json.linkquality }}"; - } - ]) allDevices); - - binary_sensor = lib.mapAttrsToList (name: - { ... }: { - name = name; - platform = "mqtt"; - device_class = "motion"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - payload_on = true; - payload_off = false; - value_template = "{{ value_json.occupancy }}"; - }) allDevices; - - # create groups - # ------------- - #group = let - # # to have nice panels for every device - # sensorGroups = lib.mapAttrs (name: - # { states ? { }, ... }: - # let - # entityIds = { single ? "input_boolean.single_${name}" - # , double ? "input_boolean.double_${name}" - # , hold ? "input_boolean.hold_${name}", ... }: [ - # single - # double - # hold - # ]; - # in { - # entities = [ "sensor.${name}" ] ++ (entityIds states) - # ++ [ "sensor.battery_${name}" "sensor.link_${name}" ]; - # }) allDevices; - # # sort lights into given groups. - # sortedInGroups = let - # groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name: - # { groups ? [ ], states ? { }, ... }: - # map (groupName: { - # "${groupName}" = if (lib.hasAttr "single" states) then - # states.single - # else - # "input_boolean.single_${name}"; - # }) groups) allDevices)); - # in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; - #in sortedInGroups // sensorGroups // { - # all_sensors.entities = - # lib.mapAttrsToList (name: { ... }: "binary_sensor.${name}") allDevices; - #}; - - # create automation - # ----------------- - automation = let - - # single click - toggle_single_button_input = lib.mapAttrsToList (name: - { states ? { }, ... }: - let - entityId = if (lib.hasAttr "single" states) then - states.single - else - "input_boolean.single_${name}"; - in { - alias = "toggle single click ${name}"; - trigger = { - platform = "mqtt"; - topic = "zigbee2mqtt/${name}"; - }; - condition = { - condition = "template"; - value_template = ''{{ "single" == trigger.payload_json.click}}''; - }; - action = { - service = "input_boolean.toggle"; - data.entity_id = entityId; - }; - }) allDevices; - - # double click - toggle_double_button_input = lib.mapAttrsToList (name: - { states ? { }, ... }: - let - entityId = if (lib.hasAttr "double" states) then - states.double - else - "input_boolean.double_${name}"; - in { - alias = "toggle double click ${name}"; - trigger = { - platform = "mqtt"; - topic = "zigbee2mqtt/${name}"; - }; - condition = { - condition = "template"; - value_template = ''{{ "double" == trigger.payload_json.click}}''; - }; - action = { - service = "input_boolean.toggle"; - data.entity_id = entityId; - }; - }) allDevices; - - # hold - toggle_hold_button_input = lib.mapAttrsToList (name: - { states ? { }, ... }: - let - entityId = if (lib.hasAttr "hold" states) then - states.hold - else - "input_boolean.hold_${name}"; - in { - alias = "toggle hold ${name}"; - trigger = { - platform = "mqtt"; - topic = "zigbee2mqtt/${name}"; - }; - condition = { - condition = "template"; - value_template = ''{{ "hold" == trigger.payload_json.action}}''; - }; - action = { - service = "input_boolean.toggle"; - data.entity_id = entityId; - }; - }) allDevices; - - in lib.flatten (toggle_single_button_input ++ toggle_double_button_input - ++ toggle_hold_button_input); - - }; - -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/doors.nix b/configs/pepe/home-assistant/zigbee2mqtt/doors.nix deleted file mode 100644 index 634ecbf..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/doors.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ pkgs, lib, ... }: -let - - # https://www.zigbee2mqtt.io/devices/MCCGQ11LM.html - allDevices = { - "door_sensor_1" = { id = "0x00158d000312dc52"; }; - "door_sensor_2" = { id = "0x00158d000316d5bf"; }; - "door_sensor_3" = { id = "0x00158d0002f9516f"; }; - "door_sensor_4" = { id = "0x00158d00031383b9"; }; - "door_sensor_5" = { id = "0x00158d0003120d3e"; }; - }; - -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - }; - }) allDevices; - - services.homeAssistantConfig = { - - # define meta information sensors - sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [ - { - name = "battery_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - icon = "mdi:battery-10"; - value_template = "{{ value_json.battery }}"; - } - { - name = "link_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - icon = "mdi:signal"; - unit_of_measurement = "lqi"; - value_template = "{{ value_json.linkquality }}"; - } - ]) allDevices); - - binary_sensor = lib.mapAttrsToList (name: - { ... }: { - name = name; - platform = "mqtt"; - device_class = "door"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - payload_on = false; - payload_off = true; - value_template = "{{ value_json.contact}}"; - }) allDevices; - - # create groups - # ------------- - group = let - # to have nice panels for every device - sensorGroups = lib.mapAttrs (name: - { ... }: { - entities = [ - "binary_sensor.${name}" - "sensor.battery_${name}" - "sensor.link_${name}" - ]; - }) allDevices; - # sort lights into given groups. - sortedInGroups = let - groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name: - { groups ? [ ], ... }: - map (groupName: { "${groupName}" = "binary_sensor.${name}"; }) groups) - allDevices)); - in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; - in sortedInGroups // sensorGroups // { - all_sensors.entities = - lib.mapAttrsToList (name: { ... }: "binary_sensor.${name}") allDevices; - }; - - }; - -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix b/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix deleted file mode 100644 index 6001e5d..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ pkgs, lib, ... }: -let - - # https://www.zigbee2mqtt.io/devices/E1757.html - allDevices = { - "office_fyrtur_1" = { id = "0x680ae2fffe64fa40"; }; - "office_fyrtur_2" = { id = "0x680ae2fffe91d234"; }; - "bedroom_fyrtur_1" = { id = "0x680ae2fffe6e9f41"; }; - "broken_fyrtur_1" = { id = "0x680ae2fffe8f6411"; }; - }; - - # -t "zigbee2mqtt/fyrtur1/set" -m '{"position":100}' - # -t "zigbee2mqtt/fyrtur1/set" -m '{"position":15}' -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - transition = 0.1; - }; - }) allDevices; - - services.homeAssistantConfig = { - - sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [ - { - name = "battery_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - icon = "mdi:battery-10"; - value_template = "{{ value_json.battery }}"; - } - { - name = "link_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - icon = "mdi:signal"; - unit_of_measurement = "lqi"; - value_template = "{{ value_json.linkquality }}"; - } - ]) allDevices); - - }; - -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/heater.nix b/configs/pepe/home-assistant/zigbee2mqtt/heater.nix deleted file mode 100644 index 6166667..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/heater.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ pkgs, lib, ... }: -let - - # https://www.zigbee2mqtt.io/devices/SPZB0001.html - allDevices = { - "office_heater_1" = { id = "0x00158d00032f5ee4"; }; # office - "office_heater_2" = { id = "0x00158d00032f5f9f"; }; # office (kitchen) - "bedroom_heater_1" = { id = "0x00158d00032f6d1e"; }; # bed room - "storage_heater_1" = { id = "0x00158d00032f604d"; }; # abstell raum - }; - - # -t "zigbee2mqtt/heater3/set" -m '{"system_mode":"auto","current_heating_setpoint":23}' - # -t "zigbee2mqtt/heater3/set" -m '{"system_mode":"off"}' - -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - legacy = false; - retain = false; - friendly_name = name; - transition = 1; - debounce = 0.5; - filtered_attributes = [ - "battery_low" - "eurotronic_host_flags" - "eurotronic_system_mode" - #"occupied_heating_setpoint" - #"pi_heating_demand" - #"unoccupied_heating_setpoint" - ]; - }; - }) allDevices; - - services.homeAssistantConfig = { - - sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [ - { - name = "battery_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - icon = "mdi:battery-10"; - value_template = "{{ value_json.battery }}"; - } - { - name = "link_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - icon = "mdi:signal"; - unit_of_measurement = "lqi"; - value_template = "{{ value_json.linkquality }}"; - } - { - platform = "mqtt"; - name = "temperature_${name}"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "°C"; - device_class = "temperature"; - value_template = "{{ value_json.local_temperature }}"; - } - { - platform = "mqtt"; - name = "pi_heating_demand_${name}"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - value_template = "{{ value_json.pi_heating_demand }}"; - } - ]) allDevices); - - }; - -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/leds.nix b/configs/pepe/home-assistant/zigbee2mqtt/leds.nix deleted file mode 100644 index c78e54a..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/leds.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ pkgs, lib, ... }: -let - - # https://www.zigbee2mqtt.io/devices/GL-C-007-1ID.html - allDevices = { - "led_1" = { id = "0x00124b001f7a5be9"; }; - "led_2" = { id = "0x00124b001ee958b3"; }; - }; - - # -t "zigbee2mqtt/led_1/set" -m '{"state":"ON","transition":0, "color_temp":255}' - # -t "zigbee2mqtt/led_1/set" -m '{"state":"OFF","transition":0, "color_temp":255}' - # -t "zigbee2mqtt/led_1/set" -m '{"state":"ON","brightness":255,"color":{"hex":"#00FFFF"}}' - # -t "zigbee2mqtt/led_1/set" -m '{"state":"OFF"}' -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - transition = 1; - }; - }) allDevices; - - services.homeAssistantConfig = { - - light = lib.mapAttrsToList (name: - { ... }: { - platform = "mqtt"; - name = name; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - command_topic = "zigbee2mqtt/${name}/set"; - value_template = "{{ value_json.click }}"; - brightness = true; - color_temp = true; - schema = "json"; - }) allDevices; - - }; - -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/motion.nix b/configs/pepe/home-assistant/zigbee2mqtt/motion.nix deleted file mode 100644 index ea1376e..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/motion.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ pkgs, lib, ... }: -let - - # https://www.zigbee2mqtt.io/devices/RTCGQ01LM.html - allDevices = { - - "motion_sensor_1" = { id = "0x00158d0002fbd451"; }; - "motion_sensor_2" = { id = "0x00158d0002f9a6b8"; }; - "motion_sensor_3" = { id = "0x00158d0002f04522"; }; - "motion_sensor_4" = { id = "0x00158d0002f9a558"; }; - "motion_sensor_5" = { id = "0x00158d0002f9a56f"; }; - "motion_sensor_6" = { id = "0x00158d0002f9a5cb"; }; - "motion_sensor_7" = { id = "0x00158d0002f9a6aa"; }; - "motion_sensor_8" = { id = "0x00158d0002f04637"; }; - }; - -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, timeout ? 65, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - # should not be set below 60 seconds - occupancy_timeout = timeout; - }; - }) allDevices; - - services.homeAssistantConfig = { - - # define meta information sensors - binary_sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [{ - name = "${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - value_template = "{{ value_json.occupancy }}"; - #icon = "mdi:battery-10"; - payload_on = true; - payload_off = false; - device_class = "motion"; - }]) allDevices); - - # define meta information sensors - sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [ - { - name = "battery_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - icon = "mdi:battery-10"; - value_template = "{{ value_json.battery }}"; - } - { - name = "link_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - icon = "mdi:signal"; - unit_of_measurement = "lqi"; - value_template = "{{ value_json.linkquality }}"; - } - ]) allDevices); - }; -} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix b/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix deleted file mode 100644 index c9e9862..0000000 --- a/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ pkgs, lib, ... }: -let - - # https://www.zigbee2mqtt.io/devices/WSDCGQ11LM.html - allDevices = { - "temperature_sensor_1" = { - id = "0x00158d0002d79220"; - groups = [ "living_room" ]; - }; - "temperature_sensor_2" = { - id = "0x00158d0002d7913d"; - groups = [ "living_room" ]; - }; - }; - -in { - - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - }; - }) allDevices; - - services.homeAssistantConfig = { - - # define meta information sensors - sensor = lib.flatten (lib.mapAttrsToList (name: - { ... }: [ - { - platform = "mqtt"; - name = name; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "°C"; - device_class = "temperature"; - value_template = "{{ value_json.temperature }}"; - } - { - platform = "mqtt"; - name = "humidity_${name}"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - device_class = "humidity"; - value_template = "{{ value_json.humidity }}"; - } - #{ - # platform = "mqtt"; - # name = "pressure_${name}"; - # state_topic = "zigbee2mqtt/${name}"; - # availability_topic = "zigbee2mqtt/bridge/state"; - # unit_of_measurement = "hPa"; - # device_class = "pressure"; - # value_template = "{{ value_json.pressure }}"; - #} - { - name = "battery_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - unit_of_measurement = "%"; - icon = "mdi:battery-10"; - value_template = "{{ value_json.battery }}"; - } - { - name = "link_${name}"; - platform = "mqtt"; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - icon = "mdi:signal"; - unit_of_measurement = "lqi"; - value_template = "{{ value_json.linkquality }}"; - } - ]) allDevices); - - # create groups - # ------------- - #group = let - # # to have nice panels for every device - # sensorGroups = lib.mapAttrs (name: - # { ... }: { - # entities = [ - # "sensor.${name}" - # "sensor.humidity_${name}" - # #"sensor.pressure_${name}" - # "sensor.battery_${name}" - # "sensor.link_${name}" - # ]; - # }) allDevices; - # # sort lights into given groups. - # sortedInGroups = let - # groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name: - # { groups ? [ ], ... }: - # map (groupName: { "${groupName}" = "sensor.${name}"; }) groups) - # allDevices)); - # in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; - #in sortedInGroups // sensorGroups // { - # all_sensors.entities = - # lib.mapAttrsToList (name: { ... }: "sensor.${name}") allDevices; - #}; - - }; - -} diff --git a/configs/workhorse/bepasty.nix b/configs/workhorse/bepasty.nix deleted file mode 100644 index 81227e5..0000000 --- a/configs/workhorse/bepasty.nix +++ /dev/null @@ -1,50 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let port = 8000; -in { - - # configure nginx - services.nginx = { - enable = true; - virtualHosts = { - "paste.workhorse.private" = { - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - extraConfig = '' - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 90; - proxy_redirect http://localhost:${ - toString port - } https://paste.workhorse.private/; - ''; - }; - }; - }; - }; - - krops.userKeys."bepasty" = { - user = "bepasty"; - source = toString ; - requiredBy = [ "bepasty-server-ingolf-wagner.de-gunicorn.service" ]; - }; - - services.bepasty = { - enable = true; - servers."ingolf-wagner.de" = { - bind = "0.0.0.0:${toString port}"; - secretKeyFile = config.krops.userKeys."bepasty".target; - extraConfig = '' - PERMISSIONS = { - '${ - lib.fileContents - }': 'admin,list,create,read,delete', - } - ''; - }; - }; - -} diff --git a/configs/workhorse/jenkins.nix b/configs/workhorse/jenkins.nix deleted file mode 100644 index 637b3c5..0000000 --- a/configs/workhorse/jenkins.nix +++ /dev/null @@ -1,199 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - library = import { inherit pkgs lib; }; - - sync-repo = library.jenkins.syncJob; - job = library.jenkins.job; - -in { - - environment.systemPackages = [ pkgs.cabal-install ]; - - services.nginx = { - enable = true; - virtualHosts = { - "jenkins.${config.networking.hostName}.private" = { - locations."/" = { - proxyPass = - "http://localhost:${toString config.services.jenkins.port}"; - extraConfig = '' - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - - proxy_read_timeout 90; - proxy_redirect http://localhost:${ - toString config.services.jenkins.port - } https://jenkins.${config.networking.hostName}.private/; - ''; - }; - }; - }; - }; - - krops.userKeys."accessToken" = { - user = "jenkins"; - source = toString ; - requiredBy = [ "jenkins-job-builder.service" ]; - }; - - services.jenkins = { - enable = true; - home = "/home/jenkins"; - port = 10420; - - # Plugins to Install: - # - all the plugins recommended at the setup - # - Build pipeline - # - SSH Agent - # - mattermost plugin - jobBuilder = { - enable = true; - - # create an access token in the admin users panel - accessTokenFile = config.krops.userKeys."accessToken".target; - accessUser = "admin"; - - # https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules - nixJobs = let - # ssh username + key - gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; - # ssh username + key - github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; - # ssh username + key - sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7"; - - sync-to-github = name: source: target: - sync-repo name { - url = source; - credentialsId = gogs-id; - } { - url = target; - credentialsId = github-id; - }; - - in [ - - (job "sync-retiolum" { - url = "git@github.com:krebs/retiolum.git"; - credentialsId = github-id; - triggers = [{ timed = "H/30 * * * *"; }]; - } [ - { - "Download Files" = [ - "chmod 755 hosts" - "chmod 755 -R hosts" - '' - nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"'' - "chmod 755 -R etc.hosts" - '' - nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"'' - ]; - } - { - "update repo" = [ - ''nix-shell -p git --run "git add ."'' - '' - nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"'' - ]; - } - { - Push = [{ - script = ''nix-shell -p git --run "git push origin master"''; - credentialsId = github-id; - }]; - } - ]) - - (job "test-taskninja" { - url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git"; - credentialsId = gogs-id; - } [ - { - "Create Shell" = [ - '' - nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"'' - ]; - } - { Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; } - { - Configure = [ - ''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"'' - '' - nix-shell ./jenkins.nix --run "cabal install --only-dependencies"'' - ]; - } - { Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; } - { Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; } - ]) - - # sync to github - # -------------- - (sync-to-github "sync-radiodj" - "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj2.git" - "git@github.com:crashburn-radio/radio-dj.git") - (sync-to-github "sync-radiodj-tracks" - "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj-tracks.git" - "git@github.com:crashburn-radio/radio-dj-tracks.git") - - (sync-to-github "sync-krops-module" - "ssh://gogs@workhorse.private:2222/nix-modules/krops.git" - "git@github.com:mrVanDalo/module.krops.git") - - (sync-to-github "sync-cluster-module" - "ssh://gogs@workhorse.private:2222/nix-modules/cluster.git" - "git@github.com:mrVanDalo/module.cluster.git") - - (sync-to-github "sync-backup-module" - "ssh://gogs@workhorse.private:2222/nix-modules/backup.git" - "git@github.com:mrVanDalo/module.backup.git") - - (sync-to-github "sync-module-tinc" - "ssh://gogs@workhorse.private:2222/palo/nixos-tinc.git" - "git@github.com:mrVanDalo/nixos-tinc.git") - - (sync-to-github "sync-memo" - "ssh://gogs@workhorse.private:2222/palo/memo.git" - "git@github.com:mrVanDalo/memo.git") - - (sync-to-github "sync-diagrams-template" - "ssh://gogs@workhorse.private:2222/palo/diagrams-template.git" - "git@github.com:mrVanDalo/diagrams.git") - - (sync-to-github "sync-plops" - "ssh://gogs@workhorse.private:2222/palo/plops.git" - "git@github.com:mrVanDalo/plops.git") - - (sync-to-github "sync-image-generator" - "ssh://gogs@workhorse.private:2222/palo/image-generator2.git" - "git@github.com:mrVanDalo/image-generator.git") - - (sync-to-github "sync-image-generator-lib" - "ssh://gogs@workhorse.private:2222/palo/image-generator-lib.git" - "git@github.com:mrVanDalo/image-generator-examples.git") - - (sync-to-github "sync-tech.ingolf-wagner.de" - "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git" - "git@github.com:mrVanDalo/tech.ingolf-wagner.de.git") - - (sync-to-github "sync-LineageOS-build" - "ssh://gogs@git.ingolf-wagner.de:443/palo/LineagoOS-build.git" - "git@github.com:mrVanDalo/LineagoOS-build.git") - - (sync-to-github "sync-http-errors" - "ssh://gogs@git.ingolf-wagner.de:443/palo/http-errors.git" - "git@github.com:mrVanDalo/http-errors.git") - (sync-to-github "sync-light-control" - "ssh://gogs@git.ingolf-wagner.de:443/palo/light-control.git" - "git@github.com:mrVanDalo/light-control.git") - - ]; - }; - }; - -} diff --git a/configs/workhorse/mattermost.nix b/configs/workhorse/mattermost.nix deleted file mode 100644 index 1b05e28..0000000 --- a/configs/workhorse/mattermost.nix +++ /dev/null @@ -1,135 +0,0 @@ -{ pkgs, lib, ... }: -let - - hostAddress = "192.168.100.20"; - containerAddress = "192.168.100.21"; - -in { - - # backup mattermost - backup.dirs = [ "/home/mattermost" ]; - - containers.mattermost = { - - # mount host folders - bindMounts = { - home = { - # make sure this folder exist on the host - hostPath = toString "/home/mattermost/home"; - mountPoint = "/var/lib/mattermost"; - isReadOnly = false; - }; - db = { - # make sure this folder exist on the host - hostPath = toString "/home/mattermost/db"; - mountPoint = "/var/lib/postgresql"; - isReadOnly = false; - }; - }; - - # container network setup - # see also nating on host system. - privateNetwork = true; - hostAddress = hostAddress; - localAddress = containerAddress; - - autoStart = true; - - config = { config, pkgs, lib, ... }: { - - imports = [ ]; - - services.nginx = { - - # Use recommended settings - recommendedGzipSettings = lib.mkDefault true; - recommendedOptimisation = lib.mkDefault true; - recommendedProxySettings = lib.mkDefault true; - recommendedTlsSettings = lib.mkDefault true; - - # for graylog logging - commonHttpConfig = let - access_log_sink = "${hostAddress}:12304"; - error_log_sink = "${hostAddress}:12305"; - in '' - log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' - '"facility": "nginx", ' - '"src_addr": "$remote_addr", ' - '"body_bytes_sent": $body_bytes_sent, ' - '"request_time": $request_time, ' - '"response_status": $status, ' - '"request": "$request", ' - '"request_method": "$request_method", ' - '"host": "$host",' - '"upstream_cache_status": "$upstream_cache_status",' - '"upstream_addr": "$upstream_addr",' - '"http_x_forwarded_for": "$http_x_forwarded_for",' - '"http_referrer": "$http_referer", ' - '"http_user_agent": "$http_user_agent" }'; - - access_log syslog:server=${access_log_sink} graylog2_json; - error_log syslog:server=${error_log_sink}; - ''; - }; - - networking.firewall.allowedTCPPorts = [ 8065 6667 ]; - networking.firewall.allowedUDPPorts = [ 8065 ]; - - # setup matter most - services.mattermost = { - enable = true; - siteUrl = "https://chat.ingolf-wagner.de"; - localDatabaseName = "chat"; - localDatabaseUser = "chatty"; - listenAddress = ":8065"; - - matterircd = { - enable = true; - parameters = [ - "-mmserver chat.ingolf-wagner.de" - "-restrict chat.ingolf-wagner.de" - "-bind [::]:6667" - ]; - }; - }; - - # send log to host systems graylog (use tinc or wireguard if host is not graylog) - services.SystemdJournal2Gelf.enable = true; - services.SystemdJournal2Gelf.graylogServer = "${hostAddress}:11201"; - - services.journald.extraConfig = "SystemMaxUse=1G"; - - }; - }; - - # give containers internet access - networking.nat.enable = true; - networking.nat.internalInterfaces = [ "ve-mattermost" ]; - networking.nat.externalInterface = "enp2s0f1"; - - # don't let networkmanager manger container network - networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; - - # open ports for logging - networking.firewall.interfaces."ve-mattermost".allowedTCPPorts = - [ 11201 12304 12305 ]; - networking.firewall.interfaces."ve-mattermost".allowedUDPPorts = - [ 11201 12304 12305 ]; - - # host nginx setup - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "chat.workhorse.private" = { - serverAliases = [ "chat.ingolf-wagner.de" ]; - locations."/" = { - proxyWebsockets = true; - proxyPass = "http://${containerAddress}:8065"; - }; - }; - }; - }; - -} - diff --git a/configs/workhorse/packages.nix b/configs/workhorse/packages.nix deleted file mode 100644 index 9726dcf..0000000 --- a/configs/workhorse/packages.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ config, pkgs, ... }: -let unstable = import { }; -in { environment.systemPackages = with pkgs; [ ]; } diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..8e72f36 --- /dev/null +++ b/flake.lock @@ -0,0 +1,77 @@ +{ + "nodes": { + "flake-utils": { + "locked": { + "lastModified": 1597053966, + "narHash": "sha256-f9lbPS/GJ1His8fsDqM6gfa8kSqREU4eKiMCS5hrKg4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "ec20f52e2ff61e9c36c2b894b62fc1b4bd04c71b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "krops": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1632420452, + "narHash": "sha256-ncK6vABW/Ku9XI0kqj1otarUfblryoQzSaOCnaZ0oSs=", + "owner": "Mic92", + "repo": "krops", + "rev": "0388970c568905fedcbf429e5745aacd4f7a6633", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "krops", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1635070614, + "narHash": "sha256-eRup9WsvSIhsRrSlNugPcQ7gfGOsbk3d4izufwVlz1Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3b1789322fcbcb5cf51228d732752714f1bf77da", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-21.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "krops": "krops", + "nixpkgs": "nixpkgs", + "secrets": "secrets" + } + }, + "secrets": { + "flake": false, + "locked": { + "narHash": "sha256-tsXsKNsa6/AqhXV6YxsSweX++YlwzQuWt0KeaV3SMgQ=", + "path": "/home/palo/dev/secrets", + "type": "path" + }, + "original": { + "path": "/home/palo/dev/secrets", + "type": "path" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..c7b1e13 --- /dev/null +++ b/flake.nix @@ -0,0 +1,31 @@ +{ + + description = "my krops file"; + + inputs = { + secrets = { + url = "path:/home/palo/dev/secrets"; + flake = false; + }; + nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; + krops = { + url = "github:Mic92/krops"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { self, nixpkgs, krops, secrets, ... }: + let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + writeCommand = krops.packages.${system}.writeCommand; + in + { + # deploy like this: + # nix run ".#deploy.sterni" + apps.${system}.deploy = pkgs.callPackage ./nixos/krops.nix { + inherit writeCommand secrets; + lib = krops.lib; + }; + }; +} diff --git a/library/jenkins.nix b/library/jenkins.nix deleted file mode 100644 index 1b38c6f..0000000 --- a/library/jenkins.nix +++ /dev/null @@ -1,150 +0,0 @@ -{ lib, ... }: - -with builtins; - -# https://jenkinsci.github.io/job-dsl-plugin/ - -{ - # source container url and credentialsId - job = name: - { url, credentialsId, branch ? "master", - # https://docs.openstack.org/infra/jenkins-job-builder/triggers.html - triggers ? [{ - pollscm = { - cron = "H/30 * * * *"; - ignore-post-commit-hooks = true; - }; - }], ... }: - config: { - job = { - inherit name triggers; - sandbox = true; - project-type = "pipeline"; - dsl = let - stage = elem: - let - stageName = head (attrNames elem); - stateScripts = map (stage: - lib.getAttr (typeOf stage) { - string = '' - withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { - sh '${toString stage}' - }''; - set = let - script = '' - withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { - sh '${toString stage.script}' - } - ''; - in if (stage.credentialsId != null) then '' - sshagent(['${stage.credentialsId}']) { ${script} } - '' else - script; - }) (getAttr stageName elem); - in '' - stage('${stageName}') { - steps { - ${concatStringsSep "\n" stateScripts} - } - } - ''; - stages = map stage config; - in '' - pipeline { - agent any - post { - failure { - mattermostSend channel: 'notification', color: '#FF0000', message: "Failed to build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.BUILD_URL})" - } - success { - mattermostSend channel: 'jenkins', color: '#00FF00', message: "Successfully build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.JOB_URL})" - } - } - stages{ - stage('Pull') { - steps { - checkout( - [$class: 'GitSCM' - , branches: [[name: '*/${branch}']] - , doGenerateSubmoduleConfigurations: false - , extensions: [[$class: 'LocalBranch', localBranch: 'master']] - , submoduleCfg: [] - , userRemoteConfigs: - [[ credentialsId: '${credentialsId}' - , url: '${url}']] - ] - ) - } - } - ${concatStringsSep "\n" stages} - } - } - ''; - }; - }; - - # creates a sync job - # source and target container url and credentialsId - syncJob = name: source: target: { - job = { - name = name; - sandbox = true; - project-type = "pipeline"; - triggers = [{ - pollscm = { - cron = "H/30 * * * *"; - ignore-post-commit-hooks = true; - }; - }]; - dsl = '' - pipeline { - agent any - post { - failure { - mattermostSend channel: 'notification', color: '#FF0000', message: "Failed to build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.BUILD_URL})" - } - success { - mattermostSend channel: 'jenkins', color: '#00FF00', message: "Successfully build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.JOB_URL})" - } - } - stages{ - stage('Pull') { - steps { - checkout( - [$class: 'GitSCM' - , branches: [[name: '*/master']] - , doGenerateSubmoduleConfigurations: false - , extensions: [[$class: 'LocalBranch', localBranch: 'master']] - , submoduleCfg: [] - , userRemoteConfigs: - [[ credentialsId: '${source.credentialsId}' - , url: '${source.url}']] - ] - ) - } - } - stage('Push') { - steps { - sshagent(['${target.credentialsId}']) { - withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { - sh "git push -f ${target.url}" - } - } - } - } - stage('Push Tags') { - steps { - sshagent(['${target.credentialsId}']) { - withEnv(['PATH=/run/current-system/sw/bin/']) { - sh "git push -f ${target.url} --tags" - } - } - } - } - } - } - ''; - }; - }; - -} diff --git a/modules/programs/video.nix b/modules/programs/video.nix deleted file mode 100644 index 6409831..0000000 --- a/modules/programs/video.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - - cfg = config.programs.custom.video; - - # show keyboard input on desktop for screencasts - screenKey = pkgs.symlinkJoin { - name = "screen-keys"; - paths = let - screenKeyScript = { position ? "bottom", size ? "small", ... }: - pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh - '' - ${pkgs.screenkey}/bin/screenkey \ - --no-detach \ - --bg-color '#fdf6e3' \ - --font-color '#073642' \ - -p ${position} \ - -s ${size} \ - "$@" - ''; - in lib.flatten (lib.flip map [ "large" "small" "medium" ] (size: - lib.flip map [ "top" "center" "bottom" ] - (position: screenKeyScript { inherit size position; }))); - }; - -in { - - options.programs.custom.video.enable = mkEnableOption "enable video tools"; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - youtube-dl - mplayer - mpv - - # to record your screen - # --------------------- - simplescreenrecorder - screenKey - - # to transcode video material - # --------------------------- - handbrake - ffmpeg-full - - # video editing - # ------------- - openshot-qt - - ]; - }; -} - diff --git a/modules/programs/vim.nix b/modules/programs/vim.nix deleted file mode 100644 index 6bf88bd..0000000 --- a/modules/programs/vim.nix +++ /dev/null @@ -1,399 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - - cfg = config.programs.custom.vim; - - nix-xptemplates = pkgs.writeTextFile { - name = "nix-xptemplates"; - destination = "/ftplugin/nix/nix.xpt.vim"; - text = # vim - '' - XPTemplate priority=personal - - XPT option " tips - `name^ = mkOption { - type = with types; `type^; - description = ${"''"} - `cursor^ - ${"''"}; - }; - - XPT package " tips - { config, lib, ... }: - { - `cursor^ - } - - XPT terranix" tips - { config, lib, pkgs, ... }: - with lib; - let - cfg = config.`name^; - in { - - options.`name^ = mkOption { - default = {}; - type = with types; attrsOf (submodule ({ name, ... }:{ - options = { - enable = mkEnableOption "`name^.name"; - }; - })); - }; - - config = - let - allConfigs = cfg - in - mkIf (cfg != {} ){ - `cursor^ - }; - } - - XPT module " tips - { config, lib, pkgs, ... }: - - with lib; - - let - - cfg = config.`name^; - - in { - - options.`name^ = { - enable = mkEnableOption "enable `name^"; - }; - - config = mkIf cfg.enable { - `cursor^ - }; - } - - XPT shell " tips - { pkgs ? import {} }: - pkgs.mkShell { - - # needed pkgs - # ----------- - buildInputs = with pkgs; [ - `name^ - ]; - - # run this on start - # ----------------- - shellHook = ${"''"} - HISTFILE=${"$"}{toString ./.}/.history - ${"''"}; - } - - XPT fhsUser " tips - { pkgs ? import {} }: - (pkgs.buildFHSUserEnv { - name = "fhs-user-env"; - - targetPkgs = pkgs: with pkgs; [ - # core stuff - # ---------- - vim silver-searcher curl coreutils git tig - - # common X dependencies - # --------------------- - atk cairo dbus eudev expat fontconfig freetype gdk_pixbuf glib gnome3.GConf gtk2-x11 - mesa_glu nspr nss pango xlibs.libXScrnSaver xlibs.libXcomposite xlibs.libXcursor - xlibs.libXdamage xlibs.libXfixes xlibs.libXi xlibs.libXrender xlibs.libXtst xorg.libX11 - xorg.libXext xorg.libXinerama xorg.libxcb - liblo zlib fftw minixml libcxx alsaLib glibc - - # new stuff - # --------- - `cursor^ - - ]; - - # multilib packages - # ----------------- - # these are packages compiled 32bit and 64bit - multiPkgs = pkgs: with pkgs; [ - ]; - - # environment variables - # --------------------- - profile = ${"''"} - export TERM="xterm" - ${"''"}; - - }).env - - ''; - }; - - vim-tv-plugin = with lib; - ((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" { - "/syntax/haskell.vim".text = # vim - '' - syn region String start=+\[[[:alnum:]]*|+ end=+|]+ - - hi link ConId Identifier - hi link VarId Identifier - hi link hsDelimiter Delimiter - ''; - "/syntax/nix.vim".text = # vim - '' - "" Quit when a (custom) syntax file was already loaded - "if exists("b:current_syntax") - " finish - "endif - - "setf nix - - " Ref - syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/ - syn match NixINT /\<[0-9]\+\>/ - syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/ - syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/ - syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/ - syn region NixSTRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - syn region NixIND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - - syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/ - - syn match NixCommentMatch /\(^\|\s\)#.*/ - syn region NixCommentRegion start="/\*" end="\*/" - - hi link NixCode Statement - hi link NixData Constant - hi link NixComment Comment - - hi link NixCommentMatch NixComment - hi link NixCommentRegion NixComment - hi link NixID NixCode - hi link NixINT NixData - hi link NixPATH NixData - hi link NixHPATH NixData - hi link NixSPATH NixData - hi link NixURI NixData - hi link NixSTRING NixData - hi link NixIND_STRING NixData - - hi link NixEnter NixCode - hi link NixOther NixCode - hi link NixQuote NixData - - syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings - syn cluster nix_ind_strings contains=NixIND_STRING - syn cluster nix_strings contains=NixSTRING - - ${concatStringsSep "\n" (mapAttrsToList (name: - { extraStart ? null, lang ? name }: - let - startAlts = filter isString [ "/\\* ${name} \\*/" extraStart ]; - sigil = "\\(${concatStringsSep "\\|" startAlts}\\)[ \\t\\r\\n]*"; - # vim - in '' - syn include @nix_${lang}_syntax syntax/${lang}.vim - if exists("b:current_syntax") - unlet b:current_syntax - endif - - syn match nix_${lang}_sigil - \ X${replaceStrings [ "X" ] [ "\\X" ] sigil}\ze\('''\|"\)X - \ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING - \ transparent - - syn region nix_${lang}_region_STRING - \ matchgroup=NixSTRING - \ start='"' - \ skip='\\"' - \ end='"' - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn region nix_${lang}_region_IND_STRING - \ matchgroup=NixIND_STRING - \ start="'''" - \ skip="'''\('\|[$]\|\\[nrt]\)" - \ end="'''" - \ contained - \ contains=@nix_${lang}_syntax - \ transparent - - syn cluster nix_ind_strings - \ add=nix_${lang}_region_IND_STRING - - syn cluster nix_strings - \ add=nix_${lang}_region_STRING - - " This is required because containedin isn't transitive. - syn cluster nix_has_dollar_curly - \ add=@nix_${lang}_syntax - '') { - c = { }; - cabal = { }; - diff = { }; - haskell = { }; - python = { }; - lua = { }; - sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"''; - sh.extraStart = concatStringsSep "\\|" [ - '' - write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)'' - "[a-z]*Phase[ \\t\\r\\n]*=" - ]; - yaml = { }; - vim.extraStart = '' - write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"''; - xdefaults = { }; - })} - - " Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY. - syn clear shVarAssign - - syn region nixINSIDE_DOLLAR_CURLY - \ matchgroup=NixEnter - \ start="[$]{" - \ end="}" - \ contains=TOP - \ containedin=@nix_has_dollar_curly - \ transparent - - syn region nix_inside_curly - \ matchgroup=NixEnter - \ start="{" - \ end="}" - \ contains=TOP - \ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly - \ transparent - - syn match NixQuote /'''\($\|\\.\)/he=s+2 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /'''\('\|\\.\)/he=s+1 - \ containedin=@nix_ind_strings - \ contained - - syn match NixQuote /\\./he=s+1 - \ containedin=@nix_strings - \ contained - - syn sync fromstart - - let b:current_syntax = "nix" - - set isk=@,48-57,_,192-255,-,' - ''; - "/syntax/sed.vim".text = # vim - '' - syn region sedBranch - \ matchgroup=sedFunction start="T" - \ matchgroup=sedSemicolon end=";\|$" - \ contains=sedWhitespace - ''; - })); - - # active plugins - # -------------- - extra-runtimepath = with pkgs; - lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [ - vimPlugins.Syntastic - vimPlugins.ack-vim - vimPlugins.airline - vimPlugins.vim-nix - vimPlugins.xptemplate - vim-tv-plugin - ]; - - # the vimrc - # --------- - vimrc = pkgs.writeText "vimrc" '' - - " turn on linenumbers - " to turn of :set nonumber - :set number - - " show Trailing Whitespaces - :set list listchars=tab:»·,trail:¶ - - " Map leader is the key for shortcuts - nnoremap - let mapleader = "\" - - " move blocks of text in visual mode - " does not work correctly - vmap xkP`[V`] - vmap xp`[V`] - - " search/grep case insensitive - :set ignorecase - - " tabs should always be 2 spaces - set et ts=2 sts=2 sw=2 - - " installed vim-plugins - set runtimepath=${extra-runtimepath},$VIMRUNTIME,$HOME/.vim,${nix-xptemplates} - - " syntax highlighting on - syntax on - - " xptemplates - " ----------- - " a plugin to insert snippets on demand - set nocompatible - filetype plugin on - - " enable cursor cross - " ------------------- - ":hi CursorLine cterm=NONE ctermbg=darkred ctermfg=white guibg=darkred guifg=white - ":hi CursorColumn cterm=NONE ctermbg=darkred ctermfg=white guibg=darkred guifg=white - :hi CursorLine cterm=NONE ctermbg=0 guibg=#073642 - :hi CursorColumn cterm=NONE ctermbg=0 guibg=#073642 - set cursorline - set cursorcolumn - - " save view - " --------- - augroup AutoSaveFolds - autocmd! - autocmd BufWinLeave * mkview - autocmd BufWinEnter * silent loadview - augroup END - - " some language stuff - " ------------------- - :map s :setlocal spell spelllang=en - - ''; - -in { - - # no options - options.programs.custom.vim.enable = lib.mkEnableOption "vim"; - - config = lib.mkIf cfg.enable { - # create vimrc - # ------------ - # and load it as config for vim - environment.variables.VIMINIT = ":so /etc/vimrc"; - environment.etc.vimrc.source = vimrc; - - # set vim to the default editor - # ----------------------------- - programs.vim.defaultEditor = true; - - # install vim - # ----------- - environment.systemPackages = [ pkgs.vim ]; - }; - -} diff --git a/modules/system/permown.nix b/modules/system/permown.nix deleted file mode 100644 index 7988dfb..0000000 --- a/modules/system/permown.nix +++ /dev/null @@ -1,95 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - cfg = config.system.permown; - nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}"; - -in { - - options.system.permown = mkOption { - default = { }; - type = with types; - attrsOf (submodule ({ config, ... }: { - options = { - directory-mode = mkOption { - default = "=rwx"; - type = types.str; - }; - file-mode = mkOption { - default = "=rw"; - type = types.str; - }; - group = mkOption { - apply = x: if x == null then "" else x; - default = null; - type = types.nullOr types.str; - }; - owner = mkOption { type = types.str; }; - path = mkOption { - default = config._module.args.name; - type = types.path; - }; - umask = mkOption { - default = "0027"; - type = types.str; - }; - timer = mkOption { - default = "hourly"; - type = types.str; - description = - "OnCalendar string on how frequent should this command run"; - }; - }; - })); - }; - - config = let plans = lib.attrValues cfg; - - in mkIf (plans != [ ]) { - - system.activationScripts.permown = let - mkdir = { path, ... }: '' - ${pkgs.coreutils}/bin/mkdir -p ${path} - ''; - in concatMapStrings mkdir plans; - - systemd.services = listToAttrs (flip map plans - ({ path, directory-mode, file-mode, owner, group, umask, ... }: { - name = nameGenerator path; - value = { - environment = { - DIR_MODE = directory-mode; - FILE_MODE = file-mode; - OWNER_GROUP = "${owner}:${group}"; - ROOT_PATH = path; - }; - path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ]; - serviceConfig = { - ExecStart = pkgs.writers.writeDash "permown" '' - set -efu - find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} + - find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + - find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + - ''; - PrivateTmp = true; - Restart = "always"; - RestartSec = 10; - UMask = umask; - }; - wantedBy = [ "multi-user.target" ]; - }; - })); - - systemd.timers = listToAttrs (flip map plans ({ path, timer, ... }: { - name = nameGenerator path; - value = { - wantedBy = [ "multi-user.target" ]; - timerConfig.OnCalendar = timer; - }; - })); - - }; - -} diff --git a/assets/jack.sh b/nixos/assets/jack.sh similarity index 100% rename from assets/jack.sh rename to nixos/assets/jack.sh diff --git a/assets/music-making.sh b/nixos/assets/music-making.sh similarity index 100% rename from assets/music-making.sh rename to nixos/assets/music-making.sh diff --git a/assets/nginx-show-config.sh b/nixos/assets/nginx-show-config.sh similarity index 100% rename from assets/nginx-show-config.sh rename to nixos/assets/nginx-show-config.sh diff --git a/assets/shrink_exports b/nixos/assets/shrink_exports similarity index 100% rename from assets/shrink_exports rename to nixos/assets/shrink_exports diff --git a/assets/sprueche-axel b/nixos/assets/sprueche-axel similarity index 100% rename from assets/sprueche-axel rename to nixos/assets/sprueche-axel diff --git a/assets/sprueche-siw b/nixos/assets/sprueche-siw similarity index 100% rename from assets/sprueche-siw rename to nixos/assets/sprueche-siw diff --git a/nixos/assets/ssh/borg_access.pub b/nixos/assets/ssh/borg_access.pub new file mode 100644 index 0000000..dec17a2 --- /dev/null +++ b/nixos/assets/ssh/borg_access.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/WCoJ9zSL85R1mNJHUGRofyigeg2+g4+bwWVysHxWroPMIpP2hJrMRPoP13SAOaLOjl6X112jjoQ2wpJ/qptjtojrsF8bpFgoMqCQFsQDD4zuG4V/AaIt0nAF4B5tDBGFN3Hj6vpbwVAidv+8Kr41r5JOG/8Z/UiJDGrIMab3kDwyOklrMPLWr7IBYC0O8Jwyz3lAl18ukMSEZvoPaJhPJyyqRhSagX59U7AQiNrnq18kzi7Pszy3e1d7x3vWSXemJGZaUJ+cFbl1LrvFHwUa55sSUVUVBRxgABc906YoiUcr31aw98zUX4W+2+AqDzIIquV5frIc/+nnfsmDrsnMl81cLglxuRxqib0AuSYqkNQimWrR61M7TaLvGZomMk8Vheew/QlxvHvhbHwnu7/tgNll2i+Zi1T7VZ5Hcy4quYDZQA7NDrvu0dEm+dTlOfuJJZdMLWws20ao8xtv8IxxCN31CBCbCSETpsSuvT7joHKGpJoOf3eilLLqOKjrbo5E6s6S1w1WRoZ6LuXQo2l5uvMVSzUZ+4CG+FX+Q73bpQ5SWUvz2o5HovX8RbcneuG7mfZMe80F5IyaqSmi0r+kFOqK4NKz/InHhSJjrFYJWl2PP+30MfsHx5NMOVhfKdRZje5oTds6L2o9+3vhiE7CmgZVR+RqMHMUtRrERODwPQ== diff --git a/assets/ssh/card_rsa.pub b/nixos/assets/ssh/card_rsa.pub similarity index 100% rename from assets/ssh/card_rsa.pub rename to nixos/assets/ssh/card_rsa.pub diff --git a/nixos/assets/ssh/jenkins.pub b/nixos/assets/ssh/jenkins.pub new file mode 100644 index 0000000..c18bcdf --- /dev/null +++ b/nixos/assets/ssh/jenkins.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIZ8ezpjX1nI/Im+krulJNaVd1DZeFvcgX3x197DIbBgCsBjAW8WuV2tzmcrWSjWJ6lfmLlzplOLzhTNG763sbNQ5amfhglYTmQhruGcSXNkdsjOyoxK8SX3wH6Kv/Q0CpoyAYOB9fiJnUyWB9BXSI8VYMMRFj6+cPiZc6NhnnlxU+6uH3VvzV5hsAaT4mpXJJEidMqE9DpGFguOekOUO7HCVcZeQQjazl1u+NhbqRI3CsJjXBqiqAFSMzKOXhTk36xd2WLEmCaPnWuWf7imvR+T3JVPFTNGec3wMbT5nnMiK0/hbowyDQCbtnUVWja9ftVsOH55tLRSY16GnXngUzw+trxWOvX0wOFOhfSZ2k1WtjTlNtOEhne/V0a3bocel/7JuXBX3RvWAEVl1sWS5R9MG8aDB8S2fx8qZirbg0NZticAxcHtg0RyJRzH6DYrkINE6cUgK7qsrUtaY1W6Qj6Jp33Li8KHY2JElDvJLhAx8v7l6BaZkog/Z0raR8RSRefiDQZJ8qiqPXUJG1pQm4Mp8IGL5PAmi0AZg6QL2pkXC0pyg1xE4TdRjOeuV/vdVDX15xCsgOJjK7PGNoNm2JpYA8vaWMHG8Ujk4UBHolooKeuL3g0CcgzfyRMp/Dxlk1BhgRQ17VxWBDuKt3bWuTJIvmrvDuPB3vd+WYNNqskQ== diff --git a/assets/tinc/mobi_host_file b/nixos/assets/tinc/mobi_host_file similarity index 100% rename from assets/tinc/mobi_host_file rename to nixos/assets/tinc/mobi_host_file diff --git a/assets/tinc/pepe_host_file b/nixos/assets/tinc/pepe_host_file similarity index 100% rename from assets/tinc/pepe_host_file rename to nixos/assets/tinc/pepe_host_file diff --git a/assets/tinc/porani_host_file b/nixos/assets/tinc/porani_host_file similarity index 100% rename from assets/tinc/porani_host_file rename to nixos/assets/tinc/porani_host_file diff --git a/assets/tinc/retiolum/host_file b/nixos/assets/tinc/retiolum/host_file similarity index 100% rename from assets/tinc/retiolum/host_file rename to nixos/assets/tinc/retiolum/host_file diff --git a/assets/tinc/sputnik_host_file b/nixos/assets/tinc/sputnik_host_file similarity index 100% rename from assets/tinc/sputnik_host_file rename to nixos/assets/tinc/sputnik_host_file diff --git a/assets/tinc/sternchen_host_file b/nixos/assets/tinc/sternchen_host_file similarity index 100% rename from assets/tinc/sternchen_host_file rename to nixos/assets/tinc/sternchen_host_file diff --git a/assets/tinc/sterni_host_file b/nixos/assets/tinc/sterni_host_file similarity index 100% rename from assets/tinc/sterni_host_file rename to nixos/assets/tinc/sterni_host_file diff --git a/assets/tinc/workhorse_host_file b/nixos/assets/tinc/workhorse_host_file similarity index 100% rename from assets/tinc/workhorse_host_file rename to nixos/assets/tinc/workhorse_host_file diff --git a/assets/tinc/workout_host_file b/nixos/assets/tinc/workout_host_file similarity index 100% rename from assets/tinc/workout_host_file rename to nixos/assets/tinc/workout_host_file diff --git a/configs/dummy/configuration.nix b/nixos/configs/dummy/configuration.nix similarity index 100% rename from configs/dummy/configuration.nix rename to nixos/configs/dummy/configuration.nix diff --git a/configs/dummy/hardware-configuration.nix b/nixos/configs/dummy/hardware-configuration.nix similarity index 100% rename from configs/dummy/hardware-configuration.nix rename to nixos/configs/dummy/hardware-configuration.nix diff --git a/configs/mobi/configuration.nix b/nixos/configs/mobi/configuration.nix similarity index 100% rename from configs/mobi/configuration.nix rename to nixos/configs/mobi/configuration.nix diff --git a/configs/mobi/hardware-configuration.nix b/nixos/configs/mobi/hardware-configuration.nix similarity index 100% rename from configs/mobi/hardware-configuration.nix rename to nixos/configs/mobi/hardware-configuration.nix diff --git a/configs/mobi/tinc.nix b/nixos/configs/mobi/tinc.nix similarity index 100% rename from configs/mobi/tinc.nix rename to nixos/configs/mobi/tinc.nix diff --git a/configs/pepe/borg.nix b/nixos/configs/pepe/borg.nix similarity index 84% rename from configs/pepe/borg.nix rename to nixos/configs/pepe/borg.nix index a7b8855..692cd1f 100644 --- a/configs/pepe/borg.nix +++ b/nixos/configs/pepe/borg.nix @@ -7,8 +7,8 @@ allowSubRepos = true; authorizedKeys = [ # todo rename - (lib.fileContents ) - (lib.fileContents ) + (lib.fileContents ../../assets/ssh/borg_access.pub) + (lib.fileContents ../../assets/ssh/card_rsa.pub) ]; }; }; diff --git a/configs/pepe/configuration.nix b/nixos/configs/pepe/configuration.nix similarity index 87% rename from configs/pepe/configuration.nix rename to nixos/configs/pepe/configuration.nix index d9ea390..e42678f 100644 --- a/configs/pepe/configuration.nix +++ b/nixos/configs/pepe/configuration.nix @@ -2,7 +2,7 @@ imports = [ - + ../../system/server ./hardware-configuration.nix #./home-assistant.nix @@ -13,10 +13,14 @@ #./lan.nix ./dms.nix ./borg.nix + ./mpd.nix + ./grocy.nix + ./taskwarrior-pushover.nix ]; - nixpkgs.config.permittedInsecurePackages = [ "homeassistant-0.114.4" ]; + sops.defaultSopsFile = ../../secrets/pepe.yaml; + networking.hostName = "pepe"; diff --git a/configs/pepe/dms.nix b/nixos/configs/pepe/dms.nix similarity index 95% rename from configs/pepe/dms.nix rename to nixos/configs/pepe/dms.nix index 5f6bab4..7dbb073 100644 --- a/configs/pepe/dms.nix +++ b/nixos/configs/pepe/dms.nix @@ -11,7 +11,8 @@ let rev = "2f5c44f017bdfd8abfe908d419ef26bac300f809"; sha256 = "0dxhk1ah6wwbsxyk4hd32rz7886w7r5gfy16485gjbvky1qsi8gd"; }; -in { +in +{ # setup ftp services.vsftpd = { @@ -39,9 +40,11 @@ in { } ]; + sops.secrets.ftp_password = { }; + # create user users.users.ftp-upload = { - passwordFile = toString ; + passwordFile = config.sops.secrets.ftp_password.path; isNormalUser = true; }; diff --git a/nixos/configs/pepe/grocy.nix b/nixos/configs/pepe/grocy.nix new file mode 100644 index 0000000..5c828fb --- /dev/null +++ b/nixos/configs/pepe/grocy.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + services.grocy = { + enable = true; + settings = { + culture = "de"; + currency = "EUR"; + }; + hostName = "grocy.pepe.private"; + nginx.enableSSL = false; + }; + + backup.dirs = [ config.services.grocy.dataDir ]; + +} diff --git a/configs/pepe/hardware-configuration.nix b/nixos/configs/pepe/hardware-configuration.nix similarity index 63% rename from configs/pepe/hardware-configuration.nix rename to nixos/configs/pepe/hardware-configuration.nix index 80f4426..62a9b45 100644 --- a/configs/pepe/hardware-configuration.nix +++ b/nixos/configs/pepe/hardware-configuration.nix @@ -1,32 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ modulesPath, config, lib, pkgs, ... }: { imports = [ - + "${modulesPath}/installer/scan/not-detected.nix" - (let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61"; - in { - fileSystems."/media" = { - device = "/dev/disk/by-uuid/${mediaUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${mediaUUID}"; - where = "/media"; - }]; - }) + ( + let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61"; + in { + fileSystems."/media" = { + device = "/dev/disk/by-uuid/${mediaUUID}"; + fsType = "ext4"; + options = [ + "nofail" + "noauto" + #"x-systemd.device-timeout=1ms" + ]; + }; + systemd.mounts = [{ + enable = true; + options = "nofail,noauto"; + type = "ext4"; + wantedBy = [ "multi-user.target" ]; + what = "/dev/disk/by-uuid/${mediaUUID}"; + where = "/media"; + }]; + } + ) ]; boot.initrd.availableKernelModules = diff --git a/configs/pepe/home-assistant.nix b/nixos/configs/pepe/home-assistant.nix similarity index 81% rename from configs/pepe/home-assistant.nix rename to nixos/configs/pepe/home-assistant.nix index 7d76f67..9c4e5ea 100644 --- a/configs/pepe/home-assistant.nix +++ b/nixos/configs/pepe/home-assistant.nix @@ -1,6 +1,4 @@ -{ pkgs, config, lib, ... }: -let unstablePkgs = import { }; -in { +{ pkgs, config, lib, ... }: { imports = [ #./home-assistant/mpd.nix @@ -156,12 +154,13 @@ in { { alias = "reset everything when back home"; - trigger = map (entity_id: { - platform = "state"; - entity_id = entity_id; - from = "off"; - to = "on"; - }) [ + trigger = map + (entity_id: { + platform = "state"; + entity_id = entity_id; + from = "off"; + to = "on"; + }) [ "binary_sensor.motion_sensor_1" "binary_sensor.motion_sensor_2" "binary_sensor.motion_sensor_3" @@ -187,65 +186,67 @@ in { ]; - group = let - create_room = { name, description }: { - "${name}" = { - name = "${description}"; + group = + let + create_room = { name, description }: { + "${name}" = { + name = "${description}"; + entities = [ ]; + }; + }; + create_rooms = rooms: + lib.foldr (a: b: a // b) { } (map create_room rooms); + # rooms + # ----- + in + (create_rooms [ + { + name = "floor_room"; + description = "Flur"; + } + { + name = "bed_room"; + description = "Schlafzimmer"; + } + { + name = "living_room"; + description = "Wohnzimmer"; + } + { + name = "kitchen_room"; + description = "Küche"; + } + { + name = "bath_room"; + description = "Klo"; + } + ]) // { + + # overview + # -------- + all_sensors = { name = "Alle Sensoren"; }; + today = { + name = "Today"; + entities = [ "input_select.scene" ]; + }; + # other stuff + # ----------- + tv = { name = "TV"; }; + all_lights = { name = "Alle Lampen"; }; + unknown = { + name = "Not Used"; entities = [ ]; }; - }; - create_rooms = rooms: - lib.foldr (a: b: a // b) { } (map create_room rooms); - # rooms - # ----- - in (create_rooms [ - { - name = "floor_room"; - description = "Flur"; - } - { - name = "bed_room"; - description = "Schlafzimmer"; - } - { - name = "living_room"; - description = "Wohnzimmer"; - } - { - name = "kitchen_room"; - description = "Küche"; - } - { - name = "bath_room"; - description = "Klo"; - } - ]) // { - # overview - # -------- - all_sensors = { name = "Alle Sensoren"; }; - today = { - name = "Today"; - entities = [ "input_select.scene" ]; }; - # other stuff - # ----------- - tv = { name = "TV"; }; - all_lights = { name = "Alle Lampen"; }; - unknown = { - name = "Not Used"; - entities = [ ]; - }; - - }; }; services.home-assistant = { enable = true; - package = unstablePkgs.home-assistant; - #package = unstablePkgs.home-assistant.override { - # python3 = unstablePkgs.python37; + package = pkgs.unstable.home-assistant; + #package = pkgs.unstable.home-assistant.override { + # python3 = pkgs.unstable.python37; # extraPackages = python: [ # # todo : check which is still needed # python.netdisco diff --git a/configs/pepe/home-assistant/chaospott.nix b/nixos/configs/pepe/home-assistant/chaospott.nix similarity index 99% rename from configs/pepe/home-assistant/chaospott.nix rename to nixos/configs/pepe/home-assistant/chaospott.nix index ede1b58..fc10fb4 100644 --- a/configs/pepe/home-assistant/chaospott.nix +++ b/nixos/configs/pepe/home-assistant/chaospott.nix @@ -5,7 +5,8 @@ let folderPath = config.services.home-assistant.configDir; filePath = "${folderPath}/${name}.json"; -in { +in +{ services.homeAssistantConfig = { sensor = [ diff --git a/configs/pepe/home-assistant/iot-control.nix b/nixos/configs/pepe/home-assistant/iot-control.nix similarity index 100% rename from configs/pepe/home-assistant/iot-control.nix rename to nixos/configs/pepe/home-assistant/iot-control.nix diff --git a/configs/pepe/home-assistant/kodi.nix b/nixos/configs/pepe/home-assistant/kodi.nix similarity index 100% rename from configs/pepe/home-assistant/kodi.nix rename to nixos/configs/pepe/home-assistant/kodi.nix diff --git a/nixos/configs/pepe/home-assistant/light-control.nix b/nixos/configs/pepe/home-assistant/light-control.nix new file mode 100644 index 0000000..018b50e --- /dev/null +++ b/nixos/configs/pepe/home-assistant/light-control.nix @@ -0,0 +1,232 @@ +{ pkgs, lib, config, ... }: { + + services.mqtt.light-control.enable = true; + services.mqtt.light-control.loglevel = "debug"; + services.mqtt.light-control.config = { + credentials = { + host = "tcp://localhost:1883"; + user = "homeassistant"; + password = "hallo"; + }; + scenes = [ + { + name = "up-dark"; + ignored_sensors = [ + "zigbee2mqtt/door_sensor_1" + "zigbee2mqtt/door_sensor_4" + "zigbee2mqtt/door_sensor_5" + ]; + } + { + name = "half"; + ignored_sensors = [ + "zigbee2mqtt/door_sensor_1" + "zigbee2mqtt/door_sensor_4" + "zigbee2mqtt/door_sensor_5" + ]; + disabled_switches = [ + "zigbee2mqtt/led_1" + "zigbee2mqtt/led_2" + "zigbee2mqtt/light_2" + "zigbee2mqtt/light_4" + "zigbee2mqtt/light_5" + "zigbee2mqtt/light_7" + ]; + } + { + name = "down"; + ignored_sensors = [ + "zigbee2mqtt/door_sensor_1" + "zigbee2mqtt/door_sensor_4" + "zigbee2mqtt/door_sensor_5" + ]; + } + { + name = "up-bright"; + disabled_switches = [ + "zigbee2mqtt/led_1" + "zigbee2mqtt/led_2" + "zigbee2mqtt/light_2" + "zigbee2mqtt/light_4" + "zigbee2mqtt/light_5" + "zigbee2mqtt/light_7" + ]; + ignored_sensors = [ "zigbee2mqtt/door_sensor_4" ]; + } + { + name = "outside"; + room_tracking_enabled = false; + ignored_sensors = [ "zigbee2mqtt/door_sensor_4" ]; + } + { + name = "night"; + room_tracking_enabled = false; + brightness = 25; + ignored_sensors = + [ "zigbee2mqtt/motion_sensor_7" "zigbee2mqtt/door_sensor_4" ]; + } + ]; + sensors = + let + door = { topic, room }: { + topic = topic; + key = "contact"; + room = room; + invert_state = true; + delay = 90; + }; + motion = { topic, room }: { + topic = topic; + key = "occupancy"; + room = room; + delay = 60; + }; + in + [ + + (motion { + topic = "zigbee2mqtt/motion_sensor_1"; + room = "office_room"; + }) + (motion { + topic = "zigbee2mqtt/motion_sensor_2"; + room = "office_room"; + }) + (motion { + topic = "zigbee2mqtt/motion_sensor_6"; + room = "office_room"; + }) + (motion { + topic = "zigbee2mqtt/motion_sensor_8"; + room = "office_room"; + }) + (motion { + topic = "zigbee2mqtt/motion_sensor_7"; + room = "sleeping_room"; + }) + (motion { + topic = "zigbee2mqtt/motion_sensor_5"; + room = "kitchen"; + }) + (motion { + topic = "zigbee2mqtt/motion_sensor_4"; + room = "storage_room"; + }) + + (door { + topic = "zigbee2mqtt/door_sensor_1"; + room = "storage_room"; + }) + (door { + topic = "zigbee2mqtt/door_sensor_5"; + room = "sleeping_room"; + }) + (door { + # house door + topic = "zigbee2mqtt/door_sensor_4"; + room = "floor"; + }) + + ]; + switches = + let + sonoff = { id, rooms, delay ? 0 }: { + topic = "stat/${id}/RESULT"; + key = "POWER"; + rooms = rooms; + delay = delay; + command = { + command = "{{state}}"; + init_command = "(null)"; + topic = "cmnd/${id}/POWER"; + on = "ON"; + off = "OFF"; + }; + }; + light = { topic, rooms, delay ? 0 }: { + topic = topic; + key = "state"; + rooms = rooms; + delay = delay; + command = { + command = ''{"state":"{{state}}","brightness":{{brightness}}}''; + topic = "${topic}/set"; + on = "ON"; + off = "OFF"; + }; + }; + led = { topic, rooms, delay ? 0 }: { + topic = topic; + key = "state"; + rooms = rooms; + delay = delay; + command = { + # Configure it once to the color you like + # {"state":"{{state}}","brightness":{{brightness}},"color":{"hex":"#FFFFFF},"color_temp":255","transition":0} + command = '' + {"state":"{{state}}","brightness":{{brightness}},"transition":0}''; + topic = "${topic}/set"; + on = "ON"; + off = "OFF"; + }; + }; + in + [ + + (light { + topic = "zigbee2mqtt/light_2"; + rooms = [ "office_room" ]; + }) + (light { + topic = "zigbee2mqtt/light_4"; + rooms = [ "office_room" ]; + }) + (light { + topic = "zigbee2mqtt/light_5"; + rooms = [ "storage_room" ]; + }) + (light { + topic = "zigbee2mqtt/light_7"; + rooms = [ "sleeping_room" ]; + }) + (led { + topic = "zigbee2mqtt/led_1"; + rooms = [ "office_room" ]; + }) + (led { + topic = "zigbee2mqtt/led_2"; + rooms = [ "kitchen" ]; + }) + + #(sonoff { + # id = "PAL01"; + # rooms = [ "bed_room" ]; + #}) + #(sonoff { + # id = "PAL03"; + # rooms = [ "living_room" ]; + #}) + #(sonoff { + # id = "PAL04"; + # rooms = [ "bed_room" ]; + #}) + #(sonoff { + # id = "PAL06"; + # rooms = [ "kitchen" ]; + #}) + ## monitor and speakers + #(sonoff { + # id = "PAL07"; + # rooms = [ "bed_room" ]; + # delay = 180; + #}) + #(sonoff { + # id = "PAL08"; + # rooms = [ "bed_room" ]; + # delay = 180; + #}) + + ]; + }; + +} diff --git a/configs/pepe/home-assistant/mpd.nix b/nixos/configs/pepe/home-assistant/mpd.nix similarity index 100% rename from configs/pepe/home-assistant/mpd.nix rename to nixos/configs/pepe/home-assistant/mpd.nix diff --git a/configs/pepe/home-assistant/mqtt.nix b/nixos/configs/pepe/home-assistant/mqtt.nix similarity index 100% rename from configs/pepe/home-assistant/mqtt.nix rename to nixos/configs/pepe/home-assistant/mqtt.nix diff --git a/configs/pepe/home-assistant/sonoff.nix b/nixos/configs/pepe/home-assistant/sonoff.nix similarity index 50% rename from configs/pepe/home-assistant/sonoff.nix rename to nixos/configs/pepe/home-assistant/sonoff.nix index e492f6b..b290ee7 100644 --- a/configs/pepe/home-assistant/sonoff.nix +++ b/nixos/configs/pepe/home-assistant/sonoff.nix @@ -39,7 +39,8 @@ let toSwitch = name: "switch.${name}"; -in { +in +{ imports = [ ./mqtt.nix ]; @@ -47,28 +48,32 @@ in { # nicer names # ----------- - homeassistant.customize = lib.mapAttrs' (entity: - { label, icon ? "mdi:power-plug-off", ... }: { - name = toSwitch entity; - value = { - friendly_name = label; - icon = icon; - }; - }) sonoffSwitches; + homeassistant.customize = lib.mapAttrs' + (entity: + { label, icon ? "mdi:power-plug-off", ... }: { + name = toSwitch entity; + value = { + friendly_name = label; + icon = icon; + }; + }) + sonoffSwitches; # define switches # --------------- - switch = lib.mapAttrsToList (name: - { ... }: { - name = name; - platform = "mqtt"; - command_topic = "cmnd/${lib.toUpper name}/POWER"; - state_topic = "stat/${lib.toUpper name}/POWER"; - payload_on = "ON"; - payload_off = "OFF"; - state_on = "ON"; - state_off = "OFF"; - }) sonoffSwitches; + switch = lib.mapAttrsToList + (name: + { ... }: { + name = name; + platform = "mqtt"; + command_topic = "cmnd/${lib.toUpper name}/POWER"; + state_topic = "stat/${lib.toUpper name}/POWER"; + payload_on = "ON"; + payload_off = "OFF"; + state_on = "ON"; + state_off = "OFF"; + }) + sonoffSwitches; # discover state on init # ---------------------- @@ -78,27 +83,34 @@ in { platform = "homeassistant"; event = "start"; }; - action = lib.mapAttrsToList (name: - { ... }: { - service = "mqtt.publish"; - data = { - topic = "cmnd/${lib.toUpper name}/power"; - payload = ""; - }; - }) sonoffSwitches; + action = lib.mapAttrsToList + (name: + { ... }: { + service = "mqtt.publish"; + data = { + topic = "cmnd/${lib.toUpper name}/power"; + payload = ""; + }; + }) + sonoffSwitches; }]; # append to groups # ---------------- - group = let - # sort lights into given groups. - sortedInGroups = let - groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name: - { groups ? [ ], ... }: - map (groupName: { "${groupName}" = "switch.${name}"; }) groups) - sonoffSwitches)); - in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; - in sortedInGroups; + group = + let + # sort lights into given groups. + sortedInGroups = + let + groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList + (name: + { groups ? [ ], ... }: + map (groupName: { "${groupName}" = "switch.${name}"; }) groups) + sonoffSwitches)); + in + lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; + in + sortedInGroups; }; } diff --git a/nixos/configs/pepe/home-assistant/stocks.nix b/nixos/configs/pepe/home-assistant/stocks.nix new file mode 100644 index 0000000..33ccc50 --- /dev/null +++ b/nixos/configs/pepe/home-assistant/stocks.nix @@ -0,0 +1,182 @@ +{ lib, config, pkgs, ... }: +let + + folderPath = config.services.home-assistant.configDir; + + # find symbols with + # https://www.alphavantage.co/query?function=SYMBOL_SEARCH&keywords=&apikey= + # as described here : https://www.alphavantage.co/documentation/#symbolsearch + # + # example: + # -------- + # stocks = [ + # { + # symbol = "GOOGL"; + # name = "google"; + # friendly_name = "Google"; + # currency = "$"; + # # I own 50 and bought at a price of 1000 + # own = { + # pieces = 50; + # price = 1000; + # }; + # } + # ]; + stocks = import ; + filePath = name: "${folderPath}/stock_${name}.json"; + + cleanup_list = list: lib.filter (entry: entry != { }) (lib.flatten list); + +in +{ + services.homeAssistantConfig = { + + sensor = cleanup_list (map + ({ name, currency, own ? { }, ... }: [ + { + platform = "file"; + name = "stock_${name}"; + file_path = filePath name; + value_template = "{{ value_json.price}} ${currency}"; + + } + { + platform = "file"; + name = "stock_${name}_change"; + file_path = filePath name; + value_template = "{{ value_json.change}} ${currency}"; + + } + { + platform = "file"; + name = "stock_${name}_change_percent"; + file_path = filePath name; + value_template = "{{ value_json.change_percent}} %"; + } + (lib.optionalAttrs (own != { }) { + platform = "file"; + name = "stock_${name}_profit"; + file_path = filePath name; + value_template = '' + {{ "{:,.2f}".format( value_json.price * ${toString own.pieces} - ${ + toString (own.pieces * own.price) + } ) }} ${currency}''; + }) + ]) + stocks); + + homeassistant = { + whitelist_external_dirs = [ folderPath ]; + customize = builtins.listToAttrs (cleanup_list (map + ({ name, own ? { }, ... }: [ + { + name = "sensor.stock_${name}"; + value = { + icon = "mdi:cash-usd-outline"; + friendly_name = "Price"; + }; + } + { + name = "sensor.stock_${name}_change"; + value = { + icon = "mdi:radar"; + friendly_name = "Difference"; + }; + } + { + name = "sensor.stock_${name}_change_percent"; + value = { + icon = "mdi:radar"; + friendly_name = "Percent"; + }; + } + (lib.optionalAttrs (own != { }) { + name = "sensor.stock_${name}_profit"; + value = { + icon = "mdi:radar"; + friendly_name = "Profit"; + }; + }) + ]) + stocks)); + }; + + group = (builtins.listToAttrs (map + ({ name, friendly_name, own ? { }, ... }: { + name = "stock_${name}"; + value = { + name = "${friendly_name} Aktie"; + entities = [ + "sensor.stock_${name}" + "sensor.stock_${name}_change" + "sensor.stock_${name}_change_percent" + ] ++ (lib.optional (own != { }) "sensor.stock_${name}_profit"); + }; + }) + stocks)); + + }; + + systemd.services = + let + pullService = { name, symbol, currency, ... }: { + name = "pull_stock_${name}"; + value = { + enable = true; + before = [ "home-assistant.service" ]; + wantedBy = [ "home-assistant.service" ]; + serviceConfig = { + User = "hass"; + Type = "oneshot"; + }; + description = "pull stock_${name} for homeassistant"; + script = '' + SYMBOL="${symbol}" + CURRENCY="${currency}" + APIKEY=${ + lib.fileContents + } + + ${pkgs.curl}/bin/curl --location --silent \ + "https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \ + | ${pkgs.jq}/bin/jq --compact-output \ + '.["Global Quote"] | + { + price: .["05. price"] | tonumber, + currency: "'$CURRENCY'", + change_percent: .["10. change percent"] | .[0:-1] | tonumber, + change: .["09. change"] | tonumber, + last_date: .["07. latest trading day"], + }' \ + >> ${filePath name} + + # old and stupid + #${pkgs.curl}/bin/curl --location --silent \ + #"https://www.alphavantage.co/query?function=TIME_SERIES_INTRADAY&symbol=$SYMBOL&interval=5min&apikey=$APIKEY" \ + #| ${pkgs.jq}/bin/jq --compact-output \ + # '.["Time Series (5min)"] | to_entries | [ .[] + # | { date : .key , value : .value["4. close"], currency: "'$CURRENCY'" } ] + # | sort_by(.date) | reverse | .[0]' \ + ''; + }; + }; + in + builtins.listToAttrs (map pullService stocks); + + systemd.timers = + let + pullTimer = { name, ... }: { + name = "pull_stock_${name}"; + value = { + enable = true; + wantedBy = [ "multi-user.target" ]; + timerConfig = { + OnCalendar = "hourly"; + Persistent = "true"; + }; + }; + }; + in + builtins.listToAttrs (map pullTimer stocks); + +} diff --git a/configs/pepe/home-assistant/timer.nix b/nixos/configs/pepe/home-assistant/timer.nix similarity index 100% rename from configs/pepe/home-assistant/timer.nix rename to nixos/configs/pepe/home-assistant/timer.nix diff --git a/configs/pepe/home-assistant/weather.nix b/nixos/configs/pepe/home-assistant/weather.nix similarity index 100% rename from configs/pepe/home-assistant/weather.nix rename to nixos/configs/pepe/home-assistant/weather.nix diff --git a/configs/pepe/home-assistant/workday.nix b/nixos/configs/pepe/home-assistant/workday.nix similarity index 95% rename from configs/pepe/home-assistant/workday.nix rename to nixos/configs/pepe/home-assistant/workday.nix index 1ac918a..00fdeec 100644 --- a/configs/pepe/home-assistant/workday.nix +++ b/nixos/configs/pepe/home-assistant/workday.nix @@ -2,7 +2,7 @@ let holiday-range = month: dayA: dayB: map (day: "${month}-${toString day}") - (map (lib.fixedWidthNumber 2) (lib.range dayA dayB)); + (map (lib.fixedWidthNumber 2) (lib.range dayA dayB)); privateHolidays = import ; # for example : # holidays = lib.flatten [ @@ -11,7 +11,8 @@ let #]; holidays = lib.flatten (privateHolidays holiday-range); -in { +in +{ services.homeAssistantConfig = { binary_sensor = [ diff --git a/configs/pepe/home-assistant/zigbee2mqtt.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt.nix similarity index 95% rename from configs/pepe/home-assistant/zigbee2mqtt.nix rename to nixos/configs/pepe/home-assistant/zigbee2mqtt.nix index e96b528..019093e 100644 --- a/configs/pepe/home-assistant/zigbee2mqtt.nix +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt.nix @@ -2,8 +2,7 @@ # no need to set ZIGBEE2MQTT_DATA anymore assert lib.versionOlder lib.version "21.03"; -let unstable = import { }; -in { +{ imports = [ ./mqtt.nix ./zigbee2mqtt/service.nix @@ -23,7 +22,7 @@ in { enable = true; #package = pkgs.own_zigbee2mqtt; #package = unstable.zigbee2mqtt; - package = unstable.zigbee2mqtt.overrideAttrs (old: rec { + package = pkgs.unstable.zigbee2mqtt.overrideAttrs (old: rec { version = "1.18.1"; src = pkgs.fetchFromGitHub { owner = "Koenkk"; diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix new file mode 100644 index 0000000..7d5d6d5 --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix @@ -0,0 +1,250 @@ +{ pkgs, lib, ... }: +let + + # we create 3 input_boolean which get toggled by the 3 types of buttons pressed. + # input_boolean.single_${name} : single click + # input_boolean.double_${name} : double click + # input_boolean.hold_${name} : hold + # if you override these input (via states) you have to create the input yourself + + # https://www.zigbee2mqtt.io/devices/WXKG12LM.html + allDevices = { + "button_a1" = { + id = "0x00158d0002b04f65"; + #groups = [ "living_room" ]; + states.single = "input_boolean.situation_toggle"; + states.hold = "input_boolean.printer_toggle"; + states.double = "input_boolean.windows_up"; + }; + "button_a2" = { + id = "0x00158d0002b04f09"; + #groups = [ "bed_room" ]; + states.single = "input_boolean.situation_toggle"; + states.hold = "input_boolean.printer_toggle"; + states.double = "input_boolean.windows_up"; + }; + "button_a3" = { + id = "0x00158d0002b00e04"; + #groups = [ "bed_room" ]; + states.single = "input_boolean.situation_toggle"; + states.hold = "input_boolean.printer_toggle"; + states.double = "input_boolean.windows_up"; + }; + }; + +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + # define input_boolean + # -------------------- + # which get toggled by the buttons + input_boolean = + let stripEmpty = lib.filter (a: a != { }); + in builtins.listToAttrs (stripEmpty (lib.flatten (lib.mapAttrsToList + (name: + { states ? { }, ... }: [ + (lib.optionalAttrs (!lib.hasAttr "single" states) { + name = "single_${name}"; + value = { icon = "mdi:toggle-switch"; }; + }) + (lib.optionalAttrs (!lib.hasAttr "double" states) { + name = "double_${name}"; + value = { icon = "mdi:toggle-switch"; }; + }) + (lib.optionalAttrs (!lib.hasAttr "hold" states) { + name = "hold_${name}"; + value = { icon = "mdi:toggle-switch"; }; + }) + ]) + allDevices))); + + # define meta information sensors + sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [ + { + platform = "mqtt"; + name = name; + icon = "mdi:toggle-switch"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + value_template = "{{ value_json.click }}"; + } + { + name = "battery_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + icon = "mdi:battery-10"; + value_template = "{{ value_json.battery }}"; + } + { + name = "link_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + icon = "mdi:signal"; + unit_of_measurement = "lqi"; + value_template = "{{ value_json.linkquality }}"; + } + ]) + allDevices); + + binary_sensor = lib.mapAttrsToList + (name: + { ... }: { + name = name; + platform = "mqtt"; + device_class = "motion"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + payload_on = true; + payload_off = false; + value_template = "{{ value_json.occupancy }}"; + }) + allDevices; + + # create groups + # ------------- + #group = let + # # to have nice panels for every device + # sensorGroups = lib.mapAttrs (name: + # { states ? { }, ... }: + # let + # entityIds = { single ? "input_boolean.single_${name}" + # , double ? "input_boolean.double_${name}" + # , hold ? "input_boolean.hold_${name}", ... }: [ + # single + # double + # hold + # ]; + # in { + # entities = [ "sensor.${name}" ] ++ (entityIds states) + # ++ [ "sensor.battery_${name}" "sensor.link_${name}" ]; + # }) allDevices; + # # sort lights into given groups. + # sortedInGroups = let + # groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name: + # { groups ? [ ], states ? { }, ... }: + # map (groupName: { + # "${groupName}" = if (lib.hasAttr "single" states) then + # states.single + # else + # "input_boolean.single_${name}"; + # }) groups) allDevices)); + # in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; + #in sortedInGroups // sensorGroups // { + # all_sensors.entities = + # lib.mapAttrsToList (name: { ... }: "binary_sensor.${name}") allDevices; + #}; + + # create automation + # ----------------- + automation = + let + + # single click + toggle_single_button_input = lib.mapAttrsToList + (name: + { states ? { }, ... }: + let + entityId = + if (lib.hasAttr "single" states) then + states.single + else + "input_boolean.single_${name}"; + in + { + alias = "toggle single click ${name}"; + trigger = { + platform = "mqtt"; + topic = "zigbee2mqtt/${name}"; + }; + condition = { + condition = "template"; + value_template = ''{{ "single" == trigger.payload_json.click}}''; + }; + action = { + service = "input_boolean.toggle"; + data.entity_id = entityId; + }; + }) + allDevices; + + # double click + toggle_double_button_input = lib.mapAttrsToList + (name: + { states ? { }, ... }: + let + entityId = + if (lib.hasAttr "double" states) then + states.double + else + "input_boolean.double_${name}"; + in + { + alias = "toggle double click ${name}"; + trigger = { + platform = "mqtt"; + topic = "zigbee2mqtt/${name}"; + }; + condition = { + condition = "template"; + value_template = ''{{ "double" == trigger.payload_json.click}}''; + }; + action = { + service = "input_boolean.toggle"; + data.entity_id = entityId; + }; + }) + allDevices; + + # hold + toggle_hold_button_input = lib.mapAttrsToList + (name: + { states ? { }, ... }: + let + entityId = + if (lib.hasAttr "hold" states) then + states.hold + else + "input_boolean.hold_${name}"; + in + { + alias = "toggle hold ${name}"; + trigger = { + platform = "mqtt"; + topic = "zigbee2mqtt/${name}"; + }; + condition = { + condition = "template"; + value_template = ''{{ "hold" == trigger.payload_json.action}}''; + }; + action = { + service = "input_boolean.toggle"; + data.entity_id = entityId; + }; + }) + allDevices; + + in + lib.flatten (toggle_single_button_input ++ toggle_double_button_input + ++ toggle_hold_button_input); + + }; + +} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/configurationHelper.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/configurationHelper.nix similarity index 100% rename from configs/pepe/home-assistant/zigbee2mqtt/configurationHelper.nix rename to nixos/configs/pepe/home-assistant/zigbee2mqtt/configurationHelper.nix diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/doors.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/doors.nix new file mode 100644 index 0000000..2298e21 --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/doors.nix @@ -0,0 +1,101 @@ +{ pkgs, lib, ... }: +let + + # https://www.zigbee2mqtt.io/devices/MCCGQ11LM.html + allDevices = { + "door_sensor_1" = { id = "0x00158d000312dc52"; }; + "door_sensor_2" = { id = "0x00158d000316d5bf"; }; + "door_sensor_3" = { id = "0x00158d0002f9516f"; }; + "door_sensor_4" = { id = "0x00158d00031383b9"; }; + "door_sensor_5" = { id = "0x00158d0003120d3e"; }; + }; + +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + # define meta information sensors + sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [ + { + name = "battery_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + icon = "mdi:battery-10"; + value_template = "{{ value_json.battery }}"; + } + { + name = "link_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + icon = "mdi:signal"; + unit_of_measurement = "lqi"; + value_template = "{{ value_json.linkquality }}"; + } + ]) + allDevices); + + binary_sensor = lib.mapAttrsToList + (name: + { ... }: { + name = name; + platform = "mqtt"; + device_class = "door"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + payload_on = false; + payload_off = true; + value_template = "{{ value_json.contact}}"; + }) + allDevices; + + # create groups + # ------------- + group = + let + # to have nice panels for every device + sensorGroups = lib.mapAttrs + (name: + { ... }: { + entities = [ + "binary_sensor.${name}" + "sensor.battery_${name}" + "sensor.link_${name}" + ]; + }) + allDevices; + # sort lights into given groups. + sortedInGroups = + let + groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList + (name: + { groups ? [ ], ... }: + map (groupName: { "${groupName}" = "binary_sensor.${name}"; }) groups) + allDevices)); + in + lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; + in + sortedInGroups // sensorGroups // { + all_sensors.entities = + lib.mapAttrsToList (name: { ... }: "binary_sensor.${name}") allDevices; + }; + + }; + +} diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix new file mode 100644 index 0000000..f490df4 --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix @@ -0,0 +1,57 @@ +{ pkgs, lib, ... }: +let + + # https://www.zigbee2mqtt.io/devices/E1757.html + allDevices = { + "office_fyrtur_1" = { id = "0x680ae2fffe64fa40"; }; + "office_fyrtur_2" = { id = "0x680ae2fffe91d234"; }; + "bedroom_fyrtur_1" = { id = "0x680ae2fffe6e9f41"; }; + "broken_fyrtur_1" = { id = "0x680ae2fffe8f6411"; }; + }; + + # -t "zigbee2mqtt/fyrtur1/set" -m '{"position":100}' + # -t "zigbee2mqtt/fyrtur1/set" -m '{"position":15}' +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + transition = 0.1; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [ + { + name = "battery_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + icon = "mdi:battery-10"; + value_template = "{{ value_json.battery }}"; + } + { + name = "link_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + icon = "mdi:signal"; + unit_of_measurement = "lqi"; + value_template = "{{ value_json.linkquality }}"; + } + ]) + allDevices); + + }; + +} diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/heater.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/heater.nix new file mode 100644 index 0000000..426cf11 --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/heater.nix @@ -0,0 +1,85 @@ +{ pkgs, lib, ... }: +let + + # https://www.zigbee2mqtt.io/devices/SPZB0001.html + allDevices = { + "office_heater_1" = { id = "0x00158d00032f5ee4"; }; # office + "office_heater_2" = { id = "0x00158d00032f5f9f"; }; # office (kitchen) + "bedroom_heater_1" = { id = "0x00158d00032f6d1e"; }; # bed room + "storage_heater_1" = { id = "0x00158d00032f604d"; }; # abstell raum + }; + + # -t "zigbee2mqtt/heater3/set" -m '{"system_mode":"auto","current_heating_setpoint":23}' + # -t "zigbee2mqtt/heater3/set" -m '{"system_mode":"off"}' + +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + legacy = false; + retain = false; + friendly_name = name; + transition = 1; + debounce = 0.5; + filtered_attributes = [ + "battery_low" + "eurotronic_host_flags" + "eurotronic_system_mode" + #"occupied_heating_setpoint" + #"pi_heating_demand" + #"unoccupied_heating_setpoint" + ]; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [ + { + name = "battery_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + icon = "mdi:battery-10"; + value_template = "{{ value_json.battery }}"; + } + { + name = "link_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + icon = "mdi:signal"; + unit_of_measurement = "lqi"; + value_template = "{{ value_json.linkquality }}"; + } + { + platform = "mqtt"; + name = "temperature_${name}"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "°C"; + device_class = "temperature"; + value_template = "{{ value_json.local_temperature }}"; + } + { + platform = "mqtt"; + name = "pi_heating_demand_${name}"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + value_template = "{{ value_json.pi_heating_demand }}"; + } + ]) + allDevices); + + }; + +} diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/leds.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/leds.nix new file mode 100644 index 0000000..bd99fa0 --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/leds.nix @@ -0,0 +1,48 @@ +{ pkgs, lib, ... }: +let + + # https://www.zigbee2mqtt.io/devices/GL-C-007-1ID.html + allDevices = { + "led_1" = { id = "0x00124b001f7a5be9"; }; + "led_2" = { id = "0x00124b001ee958b3"; }; + }; + + # -t "zigbee2mqtt/led_1/set" -m '{"state":"ON","transition":0, "color_temp":255}' + # -t "zigbee2mqtt/led_1/set" -m '{"state":"OFF","transition":0, "color_temp":255}' + # -t "zigbee2mqtt/led_1/set" -m '{"state":"ON","brightness":255,"color":{"hex":"#00FFFF"}}' + # -t "zigbee2mqtt/led_1/set" -m '{"state":"OFF"}' +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + transition = 1; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + light = lib.mapAttrsToList + (name: + { ... }: { + platform = "mqtt"; + name = name; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + command_topic = "zigbee2mqtt/${name}/set"; + value_template = "{{ value_json.click }}"; + brightness = true; + color_temp = true; + schema = "json"; + }) + allDevices; + + }; + +} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/lights.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/lights.nix similarity index 74% rename from configs/pepe/home-assistant/zigbee2mqtt/lights.nix rename to nixos/configs/pepe/home-assistant/zigbee2mqtt/lights.nix index 53cd8c3..8b9cb3e 100644 --- a/configs/pepe/home-assistant/zigbee2mqtt/lights.nix +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/lights.nix @@ -13,32 +13,37 @@ let "light_8" = { id = "0x7cb03eaa0a0384d3"; }; }; -in { +in +{ - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { - retain = false; - friendly_name = name; - osram_set_transition = 2; # time in seconds (integer or float) - }; - }) allDevices; + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + osram_set_transition = 2; # time in seconds (integer or float) + }; + }) + allDevices; services.homeAssistantConfig = { - light = lib.mapAttrsToList (name: - { ... }: { - platform = "mqtt"; - name = name; - state_topic = "zigbee2mqtt/${name}"; - availability_topic = "zigbee2mqtt/bridge/state"; - command_topic = "zigbee2mqtt/${name}/set"; - value_template = "{{ value_json.click }}"; - brightness = true; - color_temp = true; - schema = "json"; - }) allDevices; + light = lib.mapAttrsToList + (name: + { ... }: { + platform = "mqtt"; + name = name; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + command_topic = "zigbee2mqtt/${name}/set"; + value_template = "{{ value_json.click }}"; + brightness = true; + color_temp = true; + schema = "json"; + }) + allDevices; # sensor = with lib; # mapAttrsToList (name: diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/motion.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/motion.nix new file mode 100644 index 0000000..cddb06c --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/motion.nix @@ -0,0 +1,76 @@ +{ pkgs, lib, ... }: +let + + # https://www.zigbee2mqtt.io/devices/RTCGQ01LM.html + allDevices = { + + "motion_sensor_1" = { id = "0x00158d0002fbd451"; }; + "motion_sensor_2" = { id = "0x00158d0002f9a6b8"; }; + "motion_sensor_3" = { id = "0x00158d0002f04522"; }; + "motion_sensor_4" = { id = "0x00158d0002f9a558"; }; + "motion_sensor_5" = { id = "0x00158d0002f9a56f"; }; + "motion_sensor_6" = { id = "0x00158d0002f9a5cb"; }; + "motion_sensor_7" = { id = "0x00158d0002f9a6aa"; }; + "motion_sensor_8" = { id = "0x00158d0002f04637"; }; + }; + +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, timeout ? 65, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + # should not be set below 60 seconds + occupancy_timeout = timeout; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + # define meta information sensors + binary_sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [{ + name = "${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + value_template = "{{ value_json.occupancy }}"; + #icon = "mdi:battery-10"; + payload_on = true; + payload_off = false; + device_class = "motion"; + }]) + allDevices); + + # define meta information sensors + sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [ + { + name = "battery_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + icon = "mdi:battery-10"; + value_template = "{{ value_json.battery }}"; + } + { + name = "link_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + icon = "mdi:signal"; + unit_of_measurement = "lqi"; + value_template = "{{ value_json.linkquality }}"; + } + ]) + allDevices); + }; +} diff --git a/configs/pepe/home-assistant/zigbee2mqtt/repeater.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/repeater.nix similarity index 63% rename from configs/pepe/home-assistant/zigbee2mqtt/repeater.nix rename to nixos/configs/pepe/home-assistant/zigbee2mqtt/repeater.nix index da90113..48fa89e 100644 --- a/configs/pepe/home-assistant/zigbee2mqtt/repeater.nix +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/repeater.nix @@ -9,10 +9,13 @@ let "repeater4" = { id = "0x680ae2fffe8e2e71"; }; }; -in { - services.zigbee2mqttConfiguration = lib.mapAttrs' (name: - { id, ... }: { - name = id; - value = { friendly_name = name; }; - }) allDevices; +in +{ + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { friendly_name = name; }; + }) + allDevices; } diff --git a/configs/pepe/home-assistant/zigbee2mqtt/service.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/service.nix similarity index 99% rename from configs/pepe/home-assistant/zigbee2mqtt/service.nix rename to nixos/configs/pepe/home-assistant/zigbee2mqtt/service.nix index a6fd536..6c606f2 100644 --- a/configs/pepe/home-assistant/zigbee2mqtt/service.nix +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/service.nix @@ -26,7 +26,8 @@ let # is copied from the store on startup devices = "devices.yaml"; }; -in { +in +{ options.custom.services.zigbee2mqtt = { enable = mkEnableOption "enable zigbee2mqtt service"; diff --git a/nixos/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix b/nixos/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix new file mode 100644 index 0000000..e3f5e3e --- /dev/null +++ b/nixos/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix @@ -0,0 +1,112 @@ +{ pkgs, lib, ... }: +let + + # https://www.zigbee2mqtt.io/devices/WSDCGQ11LM.html + allDevices = { + "temperature_sensor_1" = { + id = "0x00158d0002d79220"; + groups = [ "living_room" ]; + }; + "temperature_sensor_2" = { + id = "0x00158d0002d7913d"; + groups = [ "living_room" ]; + }; + }; + +in +{ + + services.zigbee2mqttConfiguration = lib.mapAttrs' + (name: + { id, ... }: { + name = id; + value = { + retain = false; + friendly_name = name; + }; + }) + allDevices; + + services.homeAssistantConfig = { + + # define meta information sensors + sensor = lib.flatten (lib.mapAttrsToList + (name: + { ... }: [ + { + platform = "mqtt"; + name = name; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "°C"; + device_class = "temperature"; + value_template = "{{ value_json.temperature }}"; + } + { + platform = "mqtt"; + name = "humidity_${name}"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + device_class = "humidity"; + value_template = "{{ value_json.humidity }}"; + } + #{ + # platform = "mqtt"; + # name = "pressure_${name}"; + # state_topic = "zigbee2mqtt/${name}"; + # availability_topic = "zigbee2mqtt/bridge/state"; + # unit_of_measurement = "hPa"; + # device_class = "pressure"; + # value_template = "{{ value_json.pressure }}"; + #} + { + name = "battery_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + unit_of_measurement = "%"; + icon = "mdi:battery-10"; + value_template = "{{ value_json.battery }}"; + } + { + name = "link_${name}"; + platform = "mqtt"; + state_topic = "zigbee2mqtt/${name}"; + availability_topic = "zigbee2mqtt/bridge/state"; + icon = "mdi:signal"; + unit_of_measurement = "lqi"; + value_template = "{{ value_json.linkquality }}"; + } + ]) + allDevices); + + # create groups + # ------------- + #group = let + # # to have nice panels for every device + # sensorGroups = lib.mapAttrs (name: + # { ... }: { + # entities = [ + # "sensor.${name}" + # "sensor.humidity_${name}" + # #"sensor.pressure_${name}" + # "sensor.battery_${name}" + # "sensor.link_${name}" + # ]; + # }) allDevices; + # # sort lights into given groups. + # sortedInGroups = let + # groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name: + # { groups ? [ ], ... }: + # map (groupName: { "${groupName}" = "sensor.${name}"; }) groups) + # allDevices)); + # in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries; + #in sortedInGroups // sensorGroups // { + # all_sensors.entities = + # lib.mapAttrsToList (name: { ... }: "sensor.${name}") allDevices; + #}; + + }; + +} diff --git a/configs/pepe/kodi.nix b/nixos/configs/pepe/kodi.nix similarity index 100% rename from configs/pepe/kodi.nix rename to nixos/configs/pepe/kodi.nix diff --git a/configs/pepe/lan.nix b/nixos/configs/pepe/lan.nix similarity index 99% rename from configs/pepe/lan.nix rename to nixos/configs/pepe/lan.nix index c7877fd..bb3d529 100644 --- a/configs/pepe/lan.nix +++ b/nixos/configs/pepe/lan.nix @@ -5,7 +5,8 @@ let ipAddress = "10.1.0.2"; prefixLength = 24; -in { +in +{ networking.extraHosts = '' 10.1.0.1 workout.lan diff --git a/nixos/configs/pepe/mpd.nix b/nixos/configs/pepe/mpd.nix new file mode 100644 index 0000000..239c236 --- /dev/null +++ b/nixos/configs/pepe/mpd.nix @@ -0,0 +1,92 @@ +{ config, lib, pkgs, ... }: +{ + services.mpd = { + enable = true; + network.listenAddress = "any"; + musicDirectory = "/media/syncthing/music-library"; + playlistDirectory = "/media/syncthing/music-library/playlists"; + }; + + users.groups."syncthing".members = [ "mpd" ]; + + sound.enable = true; + + networking.firewall.allowedTCPPorts = [ + 6680 # mopidy + 6600 # mpd + 1234 # zeroconf + ]; + + users.users."spotifyd" = { + isSystemUser = true; + }; + + sops.secrets.spotify_pass = { + owner = "spotifyd"; + }; + sops.secrets.spotify_user = { + owner = "spotifyd"; + }; + + services.spotifyd.enable = true; + services.spotifyd.config = '' + [global] + username_cmd = "cat ${config.sops.secrets.spotify_user.path}" + password_cmd = "cat ${config.sops.secrets.spotify_pass.path}" + backend = "alsa" # use portaudio for macOS [homebrew] + # The alsa audio device to stream audio to. To get a + # list of valid devices, run `aplay -L`, + #device = "alsa_audio_device" # omit for macOS + # The alsa mixer used by `spotifyd`. + mixer = "PCM" # omit for macOS + + # A script that gets evaluated in the user's shell when the song changes [aliases: onevent] + on-song-change-hook = "${pkgs.mpc_cli}/bin/mpc --host localhost --port 6600 stop" + + # The volume controller. Each one behaves different to + # volume increases. For possible values, run + # `spotifyd --help`. + volume_controller = "alsa" # use softvol for macOS + + # The name that gets displayed under the connect tab on + # official clients. Spaces are not allowed! + device_name = "DJane" + + # The audio bitrate. 96, 160 or 320 kbit/s + bitrate = 320 + + # The directory used to cache audio data. This setting can save + # a lot of bandwidth when activated, as it will avoid re-downloading + # audio files when replaying them. + # + # Note: The file path does not get expanded. Environment variables and + # shell placeholders like $HOME or ~ don't work! + #cache_path = "cache_directory" + + # If set to true, audio data does NOT get cached. + no_audio_cache = true + + # Volume on startup between 0 and 100 + # NOTE: This variable's type will change in v0.4, to a number (instead of string) + initial_volume = "90" + + # If set to true, enables volume normalisation between songs. + volume_normalisation = false + + # The normalisation pregain that is applied for each song. + # normalisation_pregain = -10 + + # The port `spotifyd` uses to announce its service over the network. + zeroconf_port = 1234 + + # The proxy `spotifyd` will use to connect to spotify. + #proxy = "http://proxy.example.org:8080" + + # The displayed device type in Spotify clients. + # Can be unknown, computer, tablet, smartphone, speaker, t_v, + # a_v_r (Audio/Video Receiver), s_t_b (Set-Top Box), and audio_dongle. + device_type = "computer" + ''; + + +} diff --git a/configs/pepe/syncthing.nix b/nixos/configs/pepe/syncthing.nix similarity index 94% rename from configs/pepe/syncthing.nix rename to nixos/configs/pepe/syncthing.nix index c6b79bf..e9213d9 100644 --- a/configs/pepe/syncthing.nix +++ b/nixos/configs/pepe/syncthing.nix @@ -17,12 +17,15 @@ #}; }; + sops.secrets.syncthing_cert = { }; + sops.secrets.syncthing_key = { }; + services.syncthing = { enable = true; openDefaultPorts = true; declarative = { - cert = toString ; - key = toString ; + cert = toString config.sops.secrets.syncthing_cert.path; + key = toString config.sops.secrets.syncthing_key.path; overrideFolders = true; folders = { diff --git a/nixos/configs/pepe/taskwarrior-pushover.nix b/nixos/configs/pepe/taskwarrior-pushover.nix new file mode 100644 index 0000000..b262bc3 --- /dev/null +++ b/nixos/configs/pepe/taskwarrior-pushover.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + users.users."taskwarrior-pushover".isSystemUser = true; + + sops.secrets.pushoverApiToken.owner = "taskwarrior-pushover"; + sops.secrets.pushoverUserKey.owner = "taskwarrior-pushover"; + sops.secrets.taskwarriorCa.owner = "taskwarrior-pushover"; + sops.secrets.taskwarriorCertificate.owner = "taskwarrior-pushover"; + sops.secrets.taskwarriorKey.owner = "taskwarrior-pushover"; + + services.taskwarrior-pushover = { + enable = true; + recurrence = "on"; + onCalendar = "06:30:00"; + server = "taskd.ingolf-wagner.de:53589"; + pushoverApiTokenFile = config.sops.secrets.pushoverApiToken.path; + pushoverUserKeyFile = config.sops.secrets.pushoverUserKey.path; + caFile = config.sops.secrets.taskwarriorCa.path; + certificateFile = config.sops.secrets.taskwarriorCertificate.path; + keyFile = config.sops.secrets.taskwarriorKey.path; + credentials = "1337/palo/ed0fdbe8-2dc3-408b-84cb-d07d363bccd2"; + }; +} diff --git a/configs/pepe/tinc.nix b/nixos/configs/pepe/tinc.nix similarity index 73% rename from configs/pepe/tinc.nix rename to nixos/configs/pepe/tinc.nix index 6f8c828..9d8c56c 100644 --- a/configs/pepe/tinc.nix +++ b/nixos/configs/pepe/tinc.nix @@ -15,4 +15,7 @@ with lib; }; }; + sops.secrets.tinc_retiolum_ed25519_key = { }; + sops.secrets.tinc_retiolum_rsa_key = { }; + } diff --git a/configs/pepe/wifi-access-point.nix b/nixos/configs/pepe/wifi-access-point.nix similarity index 99% rename from configs/pepe/wifi-access-point.nix rename to nixos/configs/pepe/wifi-access-point.nix index a602201..b7e5cd4 100644 --- a/configs/pepe/wifi-access-point.nix +++ b/nixos/configs/pepe/wifi-access-point.nix @@ -10,7 +10,8 @@ let ssid = "palosiot"; wifiPassword = lib.fileContents ; -in { +in +{ # todo only open needed ports networking.firewall.trustedInterfaces = [ wifi ]; diff --git a/configs/porani/configuration.nix b/nixos/configs/porani/configuration.nix similarity index 100% rename from configs/porani/configuration.nix rename to nixos/configs/porani/configuration.nix diff --git a/configs/porani/hardware-configuration.nix b/nixos/configs/porani/hardware-configuration.nix similarity index 69% rename from configs/porani/hardware-configuration.nix rename to nixos/configs/porani/hardware-configuration.nix index 343190b..269d03a 100644 --- a/configs/porani/hardware-configuration.nix +++ b/nixos/configs/porani/hardware-configuration.nix @@ -27,26 +27,28 @@ # automount # --------- - (let mediaUUID = "3d106f56-89e5-400d-9d6b-1dd957919548"; - in { - fileSystems."/media" = { - device = "/dev/disk/by-uuid/${mediaUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${mediaUUID}"; - where = "/media"; - }]; - }) + ( + let mediaUUID = "3d106f56-89e5-400d-9d6b-1dd957919548"; + in { + fileSystems."/media" = { + device = "/dev/disk/by-uuid/${mediaUUID}"; + fsType = "ext4"; + options = [ + "nofail" + "noauto" + #"x-systemd.device-timeout=1ms" + ]; + }; + systemd.mounts = [{ + enable = true; + options = "nofail,noauto"; + type = "ext4"; + wantedBy = [ "multi-user.target" ]; + what = "/dev/disk/by-uuid/${mediaUUID}"; + where = "/media"; + }]; + } + ) ]; # NTFS support diff --git a/configs/porani/kodi.nix b/nixos/configs/porani/kodi.nix similarity index 100% rename from configs/porani/kodi.nix rename to nixos/configs/porani/kodi.nix diff --git a/configs/porani/mpd.nix b/nixos/configs/porani/mpd.nix similarity index 100% rename from configs/porani/mpd.nix rename to nixos/configs/porani/mpd.nix diff --git a/configs/porani/packages.nix b/nixos/configs/porani/packages.nix similarity index 100% rename from configs/porani/packages.nix rename to nixos/configs/porani/packages.nix diff --git a/configs/porani/syncthing.nix b/nixos/configs/porani/syncthing.nix similarity index 94% rename from configs/porani/syncthing.nix rename to nixos/configs/porani/syncthing.nix index 3c5ad22..a56a1ac 100644 --- a/configs/porani/syncthing.nix +++ b/nixos/configs/porani/syncthing.nix @@ -54,7 +54,12 @@ after = [ "media.mount" ]; }; - users.groups."syncthing".members = [ "mpd" "syncthing" "kodi" "palo" ]; + users.groups."syncthing".members = [ + "mpd" + "syncthing" + "kodi" + "palo" + ]; backup.dirs = [ "/var/lib/syncthing/finance" ]; diff --git a/configs/porani/tinc.nix b/nixos/configs/porani/tinc.nix similarity index 100% rename from configs/porani/tinc.nix rename to nixos/configs/porani/tinc.nix diff --git a/configs/porani/wifi-access-point.nix b/nixos/configs/porani/wifi-access-point.nix similarity index 99% rename from configs/porani/wifi-access-point.nix rename to nixos/configs/porani/wifi-access-point.nix index 1c62102..e3eda40 100644 --- a/configs/porani/wifi-access-point.nix +++ b/nixos/configs/porani/wifi-access-point.nix @@ -8,7 +8,8 @@ let ssid = "palosiot"; wifiPassword = lib.fileContents ; -in { +in +{ # todo only open needed ports networking.firewall.trustedInterfaces = [ wifi ]; diff --git a/configs/porani/wifi-networking.nix b/nixos/configs/porani/wifi-networking.nix similarity index 81% rename from configs/porani/wifi-networking.nix rename to nixos/configs/porani/wifi-networking.nix index 18d0b32..b70ab71 100644 --- a/configs/porani/wifi-networking.nix +++ b/nixos/configs/porani/wifi-networking.nix @@ -1,4 +1,2 @@ { config, lib, ... }: -{ - -} +{ } diff --git a/configs/sputnik/bitwarden.nix b/nixos/configs/sputnik/bitwarden.nix similarity index 100% rename from configs/sputnik/bitwarden.nix rename to nixos/configs/sputnik/bitwarden.nix diff --git a/configs/sputnik/codimd.nix b/nixos/configs/sputnik/codimd.nix similarity index 100% rename from configs/sputnik/codimd.nix rename to nixos/configs/sputnik/codimd.nix diff --git a/configs/sputnik/configuration.nix b/nixos/configs/sputnik/configuration.nix similarity index 83% rename from configs/sputnik/configuration.nix rename to nixos/configs/sputnik/configuration.nix index 46da400..fcd3f44 100644 --- a/configs/sputnik/configuration.nix +++ b/nixos/configs/sputnik/configuration.nix @@ -1,25 +1,20 @@ { config, pkgs, lib, ... }: { imports = [ - + ../../system/proxy ./hardware-configuration.nix - + ../../system/server/packages.nix ./nginx.nix ./tinc.nix ./codimd.nix ./bitwarden.nix #./syncplay.nix + ./grocy.nix ]; - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - }; - + sops.defaultSopsFile = ../../secrets/sputnik.yaml; networking.hostName = "sputnik"; networking.useDHCP = true; @@ -40,7 +35,7 @@ }; services.custom.ssh.sshd.rootKeyFiles = - [ (toString ) ]; + [ ../../assets/ssh/jenkins.pub ]; # make sure ssh is only available trough the tinc networking.firewall.extraCommands = '' diff --git a/nixos/configs/sputnik/grocy.nix b/nixos/configs/sputnik/grocy.nix new file mode 100644 index 0000000..614a8b9 --- /dev/null +++ b/nixos/configs/sputnik/grocy.nix @@ -0,0 +1,16 @@ +{ config, lib, pkgs, ... }: + +{ + services.grocy = { + enable = true; + settings = { + culture = "de"; + currency = "EUR"; + }; + hostName = "grocy.ingolf-wagner.de"; + nginx.enableSSL = true; + }; + + backup.dirs = [ config.services.grocy.dataDir ]; + +} diff --git a/configs/sputnik/hardware-configuration.nix b/nixos/configs/sputnik/hardware-configuration.nix similarity index 76% rename from configs/sputnik/hardware-configuration.nix rename to nixos/configs/sputnik/hardware-configuration.nix index 99cbfb2..acc233c 100644 --- a/configs/sputnik/hardware-configuration.nix +++ b/nixos/configs/sputnik/hardware-configuration.nix @@ -1,10 +1,11 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ modulesPath, config, lib, pkgs, ... }: { - imports = [ ]; + #imports = [ ]; + imports = [ "${modulesPath}/profiles/qemu-guest.nix" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ]; diff --git a/configs/sputnik/iodined.nix b/nixos/configs/sputnik/iodined.nix similarity index 98% rename from configs/sputnik/iodined.nix rename to nixos/configs/sputnik/iodined.nix index bf4d49d..dae7e72 100644 --- a/configs/sputnik/iodined.nix +++ b/nixos/configs/sputnik/iodined.nix @@ -3,7 +3,8 @@ let domain = "io.ingolf-wagner.de"; publicIp = "195.201.134.247"; pw = import ; -in { +in +{ services.iodine.server = { enable = true; diff --git a/configs/sputnik/nginx.nix b/nixos/configs/sputnik/nginx.nix similarity index 90% rename from configs/sputnik/nginx.nix rename to nixos/configs/sputnik/nginx.nix index 3d36729..542440c 100644 --- a/configs/sputnik/nginx.nix +++ b/nixos/configs/sputnik/nginx.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: let + # todo create flake for this errorPages = pkgs.fetchgit { url = "https://git.ingolf-wagner.de/palo/http-errors.git"; rev = "74b8e4c1d9bbba3db6ad858b888e1867318af1f0"; @@ -27,7 +28,8 @@ let root = "${errorPages}/"; }; }; -in { +in +{ networking.firewall.allowedTCPPorts = [ 80 443 4443 config.services.taskserver.listenPort ]; @@ -62,6 +64,7 @@ in { }; }; + "git.ingolf-wagner.de" = { listen = [ { @@ -115,6 +118,21 @@ in { } // error.locations; }; + "grocy.ingolf-wagner.de" = { + listen = [ + { + addr = "0.0.0.0"; + port = 4443; + ssl = true; + } + { + addr = "0.0.0.0"; + port = 80; + ssl = false; + } + ]; + }; + "paste.ingolf-wagner.de" = { listen = [ { @@ -358,45 +376,6 @@ in { } // error.locations; }; - #"home.ingolf-wagner.de" = { - # listen = [ - # { - # addr = "0.0.0.0"; - # port = 4443; - # ssl = true; - # } - # { - # addr = "0.0.0.0"; - # port = 80; - # ssl = false; - # } - # ]; - # extraConfig = '' - # proxy_buffering off; - # # client certificate - # ssl_client_certificate ${}; - # # make verification optional, so we can display a 403 message to those - # # who fail authentication - # ssl_verify_client optional; - # ''; - # forceSSL = true; - # enableACME = true; - # locations."/" = { - # proxyPass = "http://pepe.private:8123"; - # proxyWebsockets = true; - # extraConfig = '' - # # if the client-side certificate failed to authenticate, show a 403 - # # message to the client - # if ($ssl_client_verify != SUCCESS) { - # return 403; - # } - # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - # proxy_set_header Upgrade $http_upgrade; - # proxy_set_header Connection $connection_upgrade; - # ''; - # }; - #}; - }; }; @@ -461,10 +440,11 @@ in { systemd.services."socat-taskd" = { wantedBy = [ "multi-user.target" ]; - script = let port = toString config.services.taskserver.listenPort; - in '' - ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port} - ''; + script = + let port = toString config.services.taskserver.listenPort; + in '' + ${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port} + ''; }; } diff --git a/configs/sputnik/syncplay.nix b/nixos/configs/sputnik/syncplay.nix similarity index 100% rename from configs/sputnik/syncplay.nix rename to nixos/configs/sputnik/syncplay.nix diff --git a/configs/sputnik/tinc.nix b/nixos/configs/sputnik/tinc.nix similarity index 100% rename from configs/sputnik/tinc.nix rename to nixos/configs/sputnik/tinc.nix diff --git a/configs/sternchen/configuration.nix b/nixos/configs/sternchen/configuration.nix similarity index 98% rename from configs/sternchen/configuration.nix rename to nixos/configs/sternchen/configuration.nix index 1e591a6..f36a37a 100644 --- a/configs/sternchen/configuration.nix +++ b/nixos/configs/sternchen/configuration.nix @@ -2,7 +2,7 @@ imports = [ - + ../../system/desktop ./hardware-configuration.nix ./packages.nix diff --git a/configs/sternchen/hardware-configuration.nix b/nixos/configs/sternchen/hardware-configuration.nix similarity index 93% rename from configs/sternchen/hardware-configuration.nix rename to nixos/configs/sternchen/hardware-configuration.nix index e0ae399..6aad588 100644 --- a/configs/sternchen/hardware-configuration.nix +++ b/nixos/configs/sternchen/hardware-configuration.nix @@ -1,11 +1,11 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ modulesPath, config, lib, pkgs, ... }: { - imports = [ ]; + imports = [ "${modulesPath}/installer/scan/not-detected.nix" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; diff --git a/configs/sternchen/packages.nix b/nixos/configs/sternchen/packages.nix similarity index 74% rename from configs/sternchen/packages.nix rename to nixos/configs/sternchen/packages.nix index 66e07f7..9889187 100644 --- a/configs/sternchen/packages.nix +++ b/nixos/configs/sternchen/packages.nix @@ -1,6 +1,4 @@ -{ config, lib, pkgs, ... }: -let unstable = import { }; -in { +{ config, lib, pkgs, ... }: { # overlay included #nixpkgs.overlays = [ (import ) ]; @@ -39,12 +37,12 @@ in { # #tor-browser-bundle-bin (tor-browser-bundle-bin.overrideAttrs (old: rec { - version = "10.5"; + version = "10.5.8"; name = "tor-browser-bundle-${version}"; src = pkgs.fetchurl { url = - "https://dist.torproject.org/torbrowser/10.5/tor-browser-linux64-10.5_en-US.tar.xz"; - sha256 = "1dq9jys60rn2w37dvb2a69gmqsi7278b782am14wci57kmajlpvm"; + "https://dist.torproject.org/torbrowser/10.5.10/tor-browser-linux64-10.5.10_en-US.tar.xz"; + sha256 = "2dq9jys60rn2w37dvb2a69gmqsi7278b782am14wci57kmajlpvm"; }; })) ]; diff --git a/configs/sternchen/syncthing.nix b/nixos/configs/sternchen/syncthing.nix similarity index 100% rename from configs/sternchen/syncthing.nix rename to nixos/configs/sternchen/syncthing.nix diff --git a/configs/sternchen/tinc.nix b/nixos/configs/sternchen/tinc.nix similarity index 100% rename from configs/sternchen/tinc.nix rename to nixos/configs/sternchen/tinc.nix diff --git a/configs/sternchen/wifi-access-point.nix b/nixos/configs/sternchen/wifi-access-point.nix similarity index 99% rename from configs/sternchen/wifi-access-point.nix rename to nixos/configs/sternchen/wifi-access-point.nix index db5f81f..9ce0cc8 100644 --- a/configs/sternchen/wifi-access-point.nix +++ b/nixos/configs/sternchen/wifi-access-point.nix @@ -8,7 +8,8 @@ let ssid = "bumbumbum"; wifiPassword = lib.fileContents ; -in { +in +{ # todo only open needed ports networking.firewall.trustedInterfaces = [ wifi ]; diff --git a/configs/sternchen/wireshark.nix b/nixos/configs/sternchen/wireshark.nix similarity index 100% rename from configs/sternchen/wireshark.nix rename to nixos/configs/sternchen/wireshark.nix diff --git a/configs/sterni/configuration.nix b/nixos/configs/sterni/configuration.nix similarity index 90% rename from configs/sterni/configuration.nix rename to nixos/configs/sterni/configuration.nix index 61249ec..b4e7708 100644 --- a/configs/sterni/configuration.nix +++ b/nixos/configs/sterni/configuration.nix @@ -2,9 +2,9 @@ imports = [ - - ./hardware-configuration.nix + ../../system/desktop + ./hardware-configuration.nix ./packages.nix ./syncthing.nix ./tinc.nix @@ -14,10 +14,14 @@ ]; + sops.defaultSopsFile = ../../secrets/sterni.yaml; networking.hostName = "sterni"; system.custom.wifi.interfaces = [ "wlp3s0" ]; + sops.secrets.tinc_retiolum_ed25519_key = { }; + sops.secrets.tinc_retiolum_rsa_key = { }; + security.wrappers = { pmount.source = "${pkgs.pmount}/bin/pmount"; pumount.source = "${pkgs.pmount}/bin/pumount"; diff --git a/configs/sterni/hardware-configuration.nix b/nixos/configs/sterni/hardware-configuration.nix similarity index 94% rename from configs/sterni/hardware-configuration.nix rename to nixos/configs/sterni/hardware-configuration.nix index 881d299..2232bf1 100644 --- a/configs/sterni/hardware-configuration.nix +++ b/nixos/configs/sterni/hardware-configuration.nix @@ -1,11 +1,11 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, modulesPath, ... }: { - imports = [ ]; + imports = [ "${modulesPath}/installer/scan/not-detected.nix" ]; boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; diff --git a/configs/sterni/packages.nix b/nixos/configs/sterni/packages.nix similarity index 82% rename from configs/sterni/packages.nix rename to nixos/configs/sterni/packages.nix index 1c77bd9..6697a0a 100644 --- a/configs/sterni/packages.nix +++ b/nixos/configs/sterni/packages.nix @@ -1,7 +1,5 @@ { config, lib, pkgs, ... }: let - unstable = import { }; - nextcloudSync = folder: pkgs.writers.writeBashBin "nextcloud-sync-${folder}" '' ${pkgs.nextcloud-client}/bin/nextcloudcmd \ @@ -11,10 +9,8 @@ let https://nextcloud.ingolf-wagner.de/remote.php/webdav/${folder} ''; -in { - - # overlay included - nixpkgs.overlays = [ (import ) ]; +in +{ environment.systemPackages = with pkgs; [ @@ -22,15 +18,14 @@ in { (nextcloudSync "Pictures") (nextcloudSync "Unterlagen") (nextcloudSync "Video") + (nextcloudSync "Kunstbuch") (pkgs.writeShellScriptBin "nixFlakes" '' exec ${pkgs.nixUnstable}/bin/nix --experimental-features "nix-command flakes" "$@" '') - #zeal # offline documentation - #keepassxc sweethome3d.application - polygon-art + pkgs.polygon-art.polygon-art # bluetooth gui blueberry @@ -41,21 +36,16 @@ in { imagemagick bitwig-studio3 - sonic-pi - jack2 - #unstable.sonic-visualiser sononym-crawler darktable # rust development environment - #cargo - #rustc rustup jetbrains.clion # general jetbrains.idea-ultimate - vscode + #vscode # python python3Full @@ -64,7 +54,7 @@ in { element-desktop - tor-browser-bundle-bin + #tor-browser-bundle-bin #(tor-browser-bundle-bin.overrideAttrs (old: rec { # version = "10.0.15"; # name = "tor-browser-bundle-${version}"; diff --git a/configs/sterni/syncthing.nix b/nixos/configs/sterni/syncthing.nix similarity index 89% rename from configs/sterni/syncthing.nix rename to nixos/configs/sterni/syncthing.nix index 23cf351..0e8582d 100644 --- a/configs/sterni/syncthing.nix +++ b/nixos/configs/sterni/syncthing.nix @@ -1,5 +1,8 @@ { config, pkgs, lib, ... }: { + sops.secrets.syncthing_cert = { }; + sops.secrets.syncthing_key = { }; + services.syncthing = { enable = true; openDefaultPorts = false; @@ -7,8 +10,8 @@ dataDir = "/home/palo/.syncthing"; configDir = "/home/palo/.syncthing"; declarative = { - cert = toString ; - key = toString ; + cert = toString config.sops.secrets.syncthing_cert.path; + key = toString config.sops.secrets.syncthing_key.path; overrideFolders = true; folders = { diff --git a/configs/sterni/tinc.nix b/nixos/configs/sterni/tinc.nix similarity index 100% rename from configs/sterni/tinc.nix rename to nixos/configs/sterni/tinc.nix diff --git a/configs/sterni/wifi-access-point.nix b/nixos/configs/sterni/wifi-access-point.nix similarity index 99% rename from configs/sterni/wifi-access-point.nix rename to nixos/configs/sterni/wifi-access-point.nix index db5f81f..9ce0cc8 100644 --- a/configs/sterni/wifi-access-point.nix +++ b/nixos/configs/sterni/wifi-access-point.nix @@ -8,7 +8,8 @@ let ssid = "bumbumbum"; wifiPassword = lib.fileContents ; -in { +in +{ # todo only open needed ports networking.firewall.trustedInterfaces = [ wifi ]; diff --git a/configs/sterni/wireshark.nix b/nixos/configs/sterni/wireshark.nix similarity index 100% rename from configs/sterni/wireshark.nix rename to nixos/configs/sterni/wireshark.nix diff --git a/configs/workhorse/borg.nix b/nixos/configs/workhorse/borg.nix similarity index 83% rename from configs/workhorse/borg.nix rename to nixos/configs/workhorse/borg.nix index 9de4c76..7e5bda0 100644 --- a/configs/workhorse/borg.nix +++ b/nixos/configs/workhorse/borg.nix @@ -5,8 +5,8 @@ quota = "100G"; allowSubRepos = true; authorizedKeys = [ - (lib.fileContents ) - (lib.fileContents ) + (lib.fileContents ../../assets/ssh/borg_access.pub) + (lib.fileContents ../../assets/ssh/card_rsa.pub) ]; }; }; diff --git a/configs/workhorse/castget.nix b/nixos/configs/workhorse/castget.nix similarity index 98% rename from configs/workhorse/castget.nix rename to nixos/configs/workhorse/castget.nix index 1d89771..0742dad 100644 --- a/configs/workhorse/castget.nix +++ b/nixos/configs/workhorse/castget.nix @@ -3,7 +3,8 @@ let home = "/home/syncthing/podcasts"; -in { +in +{ custom.services.castget = { enable = true; user = "root"; diff --git a/configs/workhorse/configuration.nix b/nixos/configs/workhorse/configuration.nix similarity index 67% rename from configs/workhorse/configuration.nix rename to nixos/configs/workhorse/configuration.nix index 1d09de8..e6a3cb9 100644 --- a/configs/workhorse/configuration.nix +++ b/nixos/configs/workhorse/configuration.nix @@ -1,47 +1,48 @@ { lib, config, pkgs, ... }: { imports = [ - + ../../system/server ./hardware-configuration.nix - #./bepasty.nix not working https://github.com/NixOS/nixpkgs/issues/116326 + ./mail-fetcher.nix + ./transmission.nix + ./nextcloud.nix + + ./borg.nix + ./finance.nix ./gogs.nix ./grafana.nix ./graylog.nix ./jenkins.nix ./kibana.nix - ./mail-fetcher.nix + ./mysql.nix ./packages.nix ./prometheus.nix ./syncthing.nix ./taskserver.nix ./tinc.nix - ./transmission.nix ./weechat.nix - ./nextcloud.nix - ./borg.nix - #./metabase.nix - #./jupyter.nix - ./mysql.nix - #./property.nix flask sucks, find something else - ./finance.nix - #./mining.nix + + #./property.nix # flask sucks, find something else + ]; + sops.defaultSopsFile = ../../secrets/workhorse.yaml; + nixpkgs.config.permittedInsecurePackages = - [ "gogs-0.11.91" "nextcloud-19.0.6" ]; + [ "gogs-0.11.91" ]; # todo: add this to each file instead summing that here - on-failure.plans = { - gogs.name = "gogs"; - jenkins.name = "jenkins"; - graylog.name = "graylog"; - prometheus.name = "prometheus"; - taskserver.name = "taskserver"; - weechat.name = "weechat"; - transmission.name = "transmission"; - mail-fetcher.name = "fetchmail"; - }; + #on-failure.plans = { + # gogs.name = "gogs"; + # jenkins.name = "jenkins"; + # graylog.name = "graylog"; + # prometheus.name = "prometheus"; + # taskserver.name = "taskserver"; + # weechat.name = "weechat"; + # transmission.name = "transmission"; + # mail-fetcher.name = "fetchmail"; + #}; networking.hostName = "workhorse"; diff --git a/configs/workhorse/finance.nix b/nixos/configs/workhorse/finance.nix similarity index 56% rename from configs/workhorse/finance.nix rename to nixos/configs/workhorse/finance.nix index 2e70c49..76de251 100644 --- a/configs/workhorse/finance.nix +++ b/nixos/configs/workhorse/finance.nix @@ -17,10 +17,11 @@ let # ]; # results in # P 2020-01-30 GOOGL $123 - stocks = import ; + stocks = import ../../private_assets/finance/stocks; stocksFile = toString /home/syncthing/finance/hledger/stocks.journal; -in { +in +{ systemd.services.pull_stocks = { enable = true; @@ -30,18 +31,20 @@ in { Type = "oneshot"; }; - script = let - command = { symbol, name, currency, ... }: '' - APIKEY=${lib.fileContents } - SYMBOL="${symbol}" - ${pkgs.curl}/bin/curl --location --silent \ - "https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \ - | ${pkgs.jq}/bin/jq --raw-output '.["Global Quote"] - | "P \(.["07. latest trading day"]) ${name} ${currency}\(.["05. price"] | tonumber)"' \ - >> ${stocksFile} - sleep 1 - ''; - in lib.concatStringsSep "\n" (map command stocks); + script = + let + command = { symbol, name, currency, ... }: '' + APIKEY=${lib.fileContents ../../private_assets/finance/alphavantage/apiKey} + SYMBOL="${symbol}" + ${pkgs.curl}/bin/curl --location --silent \ + "https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \ + | ${pkgs.jq}/bin/jq --raw-output '.["Global Quote"] + | "P \(.["07. latest trading day"]) ${name} ${currency}\(.["05. price"] | tonumber)"' \ + >> ${stocksFile} + sleep 1 + ''; + in + lib.concatStringsSep "\n" (map command stocks); }; systemd.timers.pull_stocks = { diff --git a/configs/workhorse/gogs.nix b/nixos/configs/workhorse/gogs.nix similarity index 99% rename from configs/workhorse/gogs.nix rename to nixos/configs/workhorse/gogs.nix index 7c5a9a1..1fd48d4 100644 --- a/configs/workhorse/gogs.nix +++ b/nixos/configs/workhorse/gogs.nix @@ -28,7 +28,8 @@ let }; }; -in { +in +{ services.nginx = { enable = true; diff --git a/configs/workhorse/grafana.nix b/nixos/configs/workhorse/grafana.nix similarity index 100% rename from configs/workhorse/grafana.nix rename to nixos/configs/workhorse/grafana.nix diff --git a/configs/workhorse/graylog.nix b/nixos/configs/workhorse/graylog.nix similarity index 96% rename from configs/workhorse/graylog.nix rename to nixos/configs/workhorse/graylog.nix index 11853a5..8a31746 100644 --- a/configs/workhorse/graylog.nix +++ b/nixos/configs/workhorse/graylog.nix @@ -45,11 +45,11 @@ in { # pwgen -N 1 -s 96 services.graylog.passwordSecret = - lib.fileContents ; + lib.fileContents ../../private_assets/graylog/password-secret; # echo -n yourpassword | shasum -a 256 services.graylog.rootPasswordSha2 = - lib.fileContents ; + lib.fileContents ../../private_assets/graylog/root-password-hash; services.graylog.plugins = [ pkgs.graylogPlugins.slack ]; diff --git a/configs/workhorse/hardware-configuration.nix b/nixos/configs/workhorse/hardware-configuration.nix similarity index 54% rename from configs/workhorse/hardware-configuration.nix rename to nixos/configs/workhorse/hardware-configuration.nix index dce872f..13e4f89 100644 --- a/configs/workhorse/hardware-configuration.nix +++ b/nixos/configs/workhorse/hardware-configuration.nix @@ -70,47 +70,51 @@ in { imports = [ # automount # --------- - (let mediaUUID = "b8ba192e-e2aa-47dd-85ec-dcf97ec9310a"; - in { - fileSystems."/media" = { - device = "/dev/disk/by-uuid/${mediaUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${mediaUUID}"; - where = "/media"; - }]; - }) + ( + let mediaUUID = "b8ba192e-e2aa-47dd-85ec-dcf97ec9310a"; + in { + fileSystems."/media" = { + device = "/dev/disk/by-uuid/${mediaUUID}"; + fsType = "ext4"; + options = [ + "nofail" + "noauto" + #"x-systemd.device-timeout=1ms" + ]; + }; + systemd.mounts = [{ + enable = true; + options = "nofail,noauto"; + type = "ext4"; + wantedBy = [ "multi-user.target" ]; + what = "/dev/disk/by-uuid/${mediaUUID}"; + where = "/media"; + }]; + } + ) - (let backupUUID = "f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89"; - in { - fileSystems."/backup" = { - device = "/dev/disk/by-uuid/${backupUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${backupUUID}"; - where = "/backup"; - }]; - }) + ( + let backupUUID = "f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89"; + in { + fileSystems."/backup" = { + device = "/dev/disk/by-uuid/${backupUUID}"; + fsType = "ext4"; + options = [ + "nofail" + "noauto" + #"x-systemd.device-timeout=1ms" + ]; + }; + systemd.mounts = [{ + enable = true; + options = "nofail,noauto"; + type = "ext4"; + wantedBy = [ "multi-user.target" ]; + what = "/dev/disk/by-uuid/${backupUUID}"; + where = "/backup"; + }]; + } + ) ]; } diff --git a/nixos/configs/workhorse/jenkins.nix b/nixos/configs/workhorse/jenkins.nix new file mode 100644 index 0000000..209383e --- /dev/null +++ b/nixos/configs/workhorse/jenkins.nix @@ -0,0 +1,208 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + + library = import ../../library { inherit pkgs lib; }; + + sync-repo = library.jenkins.syncJob; + job = library.jenkins.job; + +in +{ + + environment.systemPackages = [ pkgs.cabal-install ]; + + services.nginx = { + enable = true; + virtualHosts = { + "jenkins.${config.networking.hostName}.private" = { + locations."/" = { + proxyPass = + "http://localhost:${toString config.services.jenkins.port}"; + extraConfig = '' + proxy_set_header Host $host:$server_port; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_read_timeout 90; + proxy_redirect http://localhost:${ + toString config.services.jenkins.port + } https://jenkins.${config.networking.hostName}.private/; + ''; + }; + }; + }; + }; + + sops.secrets.jenkins_token = { }; + + krops.userKeys."accessToken" = { + user = "jenkins"; + source = config.sops.secrets.jenkins_token.path; + requiredBy = [ "jenkins-job-builder.service" ]; + }; + + services.jenkins = { + enable = true; + home = "/home/jenkins"; + port = 10420; + + # Plugins to Install: + # - all the plugins recommended at the setup + # - Build pipeline + # - SSH Agent + # - mattermost plugin + jobBuilder = { + enable = true; + + # create an access token in the admin users panel + accessTokenFile = config.krops.userKeys."accessToken".target; + accessUser = "admin"; + + # https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules + nixJobs = + let + # ssh username + key + gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; + # ssh username + key + github-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2"; + # ssh username + key + sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7"; + + sync-to-github = name: source: target: + sync-repo name + { + url = source; + credentialsId = gogs-id; + } + { + url = target; + credentialsId = github-id; + }; + + in + [ + + (job "sync-retiolum" + { + url = "git@github.com:krebs/retiolum.git"; + credentialsId = github-id; + triggers = [{ timed = "H/30 * * * *"; }]; + } [ + { + "Download Files" = [ + "chmod 755 hosts" + "chmod 755 -R hosts" + '' + nix-shell -p curl -p gnutar -p bzip2 --run "curl https://lassul.us/retiolum-hosts.tar.bz2 | tar xvjf - || true"'' + "chmod 755 -R etc.hosts" + '' + nix-shell -p curl --run "curl https://lassul.us/retiolum.hosts > etc.hosts || true"'' + ]; + } + { + "update repo" = [ + ''nix-shell -p git --run "git add ."'' + '' + nix-shell -p git --run "git -c user.name=\'Ingolf Wagner\' -c user.email=\'contact@ingolf-wagner.de\' commit -m update-`date +%Y-%m-%dT%H:%M:%S` || exit 0"'' + ]; + } + { + Push = [{ + script = ''nix-shell -p git --run "git push origin master"''; + credentialsId = github-id; + }]; + } + ]) + + (job "test-taskninja" + { + url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git"; + credentialsId = gogs-id; + } [ + { + "Create Shell" = [ + '' + nix-shell -p cabal2nix --run "cabal2nix --shell file://. > jenkins.nix"'' + ]; + } + { Update = [ ''nix-shell ./jenkins.nix --run "cabal update"'' ]; } + { + Configure = [ + ''nix-shell ./jenkins.nix --run "cabal configure --enable-tests"'' + '' + nix-shell ./jenkins.nix --run "cabal install --only-dependencies"'' + ]; + } + { Build = [ ''nix-shell ./jenkins.nix --run "cabal build"'' ]; } + { Test = [ ''nix-shell ./jenkins.nix --run "cabal test"'' ]; } + ]) + + # sync to github + # -------------- + (sync-to-github "sync-radiodj" + "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj2.git" + "git@github.com:crashburn-radio/radio-dj.git") + (sync-to-github "sync-radiodj-tracks" + "ssh://gogs@workhorse.private:2222/crashburn_radio/radio-dj-tracks.git" + "git@github.com:crashburn-radio/radio-dj-tracks.git") + + (sync-to-github "sync-krops-module" + "ssh://gogs@workhorse.private:2222/nix-modules/krops.git" + "git@github.com:mrVanDalo/module.krops.git") + + (sync-to-github "sync-cluster-module" + "ssh://gogs@workhorse.private:2222/nix-modules/cluster.git" + "git@github.com:mrVanDalo/module.cluster.git") + + (sync-to-github "sync-backup-module" + "ssh://gogs@workhorse.private:2222/nix-modules/backup.git" + "git@github.com:mrVanDalo/module.backup.git") + + (sync-to-github "sync-module-tinc" + "ssh://gogs@workhorse.private:2222/palo/nixos-tinc.git" + "git@github.com:mrVanDalo/nixos-tinc.git") + + (sync-to-github "sync-memo" + "ssh://gogs@workhorse.private:2222/palo/memo.git" + "git@github.com:mrVanDalo/memo.git") + + (sync-to-github "sync-diagrams-template" + "ssh://gogs@workhorse.private:2222/palo/diagrams-template.git" + "git@github.com:mrVanDalo/diagrams.git") + + (sync-to-github "sync-plops" + "ssh://gogs@workhorse.private:2222/palo/plops.git" + "git@github.com:mrVanDalo/plops.git") + + (sync-to-github "sync-image-generator" + "ssh://gogs@workhorse.private:2222/palo/image-generator2.git" + "git@github.com:mrVanDalo/image-generator.git") + + (sync-to-github "sync-image-generator-lib" + "ssh://gogs@workhorse.private:2222/palo/image-generator-lib.git" + "git@github.com:mrVanDalo/image-generator-examples.git") + + (sync-to-github "sync-tech.ingolf-wagner.de" + "ssh://gogs@workhorse.private:2222/palo/tech.ingolf-wagner.de.git" + "git@github.com:mrVanDalo/tech.ingolf-wagner.de.git") + + (sync-to-github "sync-LineageOS-build" + "ssh://gogs@git.ingolf-wagner.de:443/palo/LineagoOS-build.git" + "git@github.com:mrVanDalo/LineagoOS-build.git") + + (sync-to-github "sync-http-errors" + "ssh://gogs@git.ingolf-wagner.de:443/palo/http-errors.git" + "git@github.com:mrVanDalo/http-errors.git") + (sync-to-github "sync-light-control" + "ssh://gogs@git.ingolf-wagner.de:443/palo/light-control.git" + "git@github.com:mrVanDalo/light-control.git") + + ]; + }; + }; + +} diff --git a/configs/workhorse/jupyter.nix b/nixos/configs/workhorse/jupyter.nix similarity index 59% rename from configs/workhorse/jupyter.nix rename to nixos/configs/workhorse/jupyter.nix index f0199d3..63bdf7c 100644 --- a/configs/workhorse/jupyter.nix +++ b/nixos/configs/workhorse/jupyter.nix @@ -9,37 +9,39 @@ #NOTE: you need to keep the single quote inside nix string. password = "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'"; kernels = { - python3 = let - env = (pkgs.python3.withPackages (pythonPackages: - with pythonPackages; [ - ipykernel - pandas + python3 = + let + env = (pkgs.python3.withPackages (pythonPackages: + with pythonPackages; [ + ipykernel + pandas - # database stuff - mysqlclient - databases - asyncpg - psycopg2 - aiomysql - pymysql - aiosqlite - #aiopg - sqlalchemy + # database stuff + mysqlclient + databases + asyncpg + psycopg2 + aiomysql + pymysql + aiosqlite + #aiopg + sqlalchemy - # pdf export - nbconvert - ])); - in { - displayName = "Python 3"; - argv = [ - "${env.interpreter}" - "-m" - "ipykernel_launcher" - "-f" - "{connection_file}" - ]; - language = "python"; - }; + # pdf export + nbconvert + ])); + in + { + displayName = "Python 3"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + }; }; }; diff --git a/configs/workhorse/kibana.nix b/nixos/configs/workhorse/kibana.nix similarity index 100% rename from configs/workhorse/kibana.nix rename to nixos/configs/workhorse/kibana.nix diff --git a/configs/workhorse/mail-fetcher.nix b/nixos/configs/workhorse/mail-fetcher.nix similarity index 67% rename from configs/workhorse/mail-fetcher.nix rename to nixos/configs/workhorse/mail-fetcher.nix index daeadcb..6b94422 100644 --- a/configs/workhorse/mail-fetcher.nix +++ b/nixos/configs/workhorse/mail-fetcher.nix @@ -364,55 +364,60 @@ let } ]; - notmuchTagging = let + notmuchTagging = + let - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${ - lib.concatStringsSep " " tags - } -- "${query}" + template = index: + { tags, query, message ? "generic", ... }: + let + command = '' + ${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}" + ''; + in + '' + echo '${command}' + ${command} ''; - in '' - echo '${command}' - ${command} - ''; - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; + junk_template = index: query: + template index { + tags = [ "+junk" "-unread" "-inbox" ]; + query = query; + message = "generic junk filter"; + }; - in pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); + in + pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n" + ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - notmuchTaggingNew = let + notmuchTaggingNew = + let - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${ - lib.concatStringsSep " " tags - } -- "${query} AND tag:new" + template = index: + { tags, query, message ? "generic", ... }: + let + command = '' + ${pkgs.notmuch}/bin/notmuch tag ${ + lib.concatStringsSep " " tags + } -- "${query} AND tag:new" + ''; + in + '' + echo '${command}' + ${command} ''; - in '' - echo '${command}' - ${command} - ''; - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - in pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); + junk_template = index: query: + template index { + tags = [ "+junk" "-unread" "-inbox" ]; + query = query; + message = "generic junk filter"; + }; + in + pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n" + ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); -in { +in +{ backup.dirs = [ "/home/mailfetcher" ]; @@ -424,45 +429,36 @@ in { home = "/home/mailfetcher"; openssh.authorizedKeys.keyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles; + group = "mailfetcher"; }; - # configure passwords - krops.userKeys = { - "namecheap.terranix.org" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; - "gmail.palipalo9" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; - "gmx.palo_van_dalo" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; - "gmx.ingolf_wagner" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; - "web.pali_palo" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; - "siteground.contact" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; - "c-base.palo" = { - user = config.users.users.mailUser.name; - source = toString ; - requiredBy = [ "fetchmail.service" ]; - }; + users.groups.mailUser = { + name = "mailfetcher"; + }; + + sops.secrets.mail_terranix = { + owner = config.users.users.mailUser.name; + group = config.users.users.mailUser.group; + }; + sops.secrets.mail_gmail = { + owner = config.users.users.mailUser.name; + group = config.users.users.mailUser.group; + }; + sops.secrets.mail_gmx_palo = { + owner = config.users.users.mailUser.name; + group = config.users.users.mailUser.group; + }; + sops.secrets.mail_gmx_ingolf = { + owner = config.users.users.mailUser.name; + group = config.users.users.mailUser.group; + }; + sops.secrets.mail_web = { + owner = config.users.users.mailUser.name; + group = config.users.users.mailUser.group; + }; + sops.secrets.mail_siteground = { + owner = config.users.users.mailUser.name; + group = config.users.users.mailUser.group; }; environment.systemPackages = [ pkgs.muchsync ]; @@ -478,7 +474,7 @@ in { realName = "Ingolf Wagner"; userName = "palo_van_dalo@gmx.de"; passwordCommand = - "cat ${toString config.krops.userKeys."gmx.palo_van_dalo".target}"; + "cat ${toString config.sops.secrets.mail_gmx_palo.path }"; imap = { host = "imap.gmx.net"; tls.enable = true; @@ -498,7 +494,7 @@ in { realName = "Ingolf Wagner"; userName = "ingolf.wagner@gmx.de"; passwordCommand = - "cat ${toString config.krops.userKeys."gmx.ingolf_wagner".target}"; + "cat ${toString config.sops.secrets.mail_gmx_ingolf.path }"; imap = { host = "imap.gmx.net"; tls.enable = true; @@ -518,7 +514,7 @@ in { realName = "Ingolf Wagner"; userName = "pali_palo@web.de"; passwordCommand = - "cat ${toString config.krops.userKeys."web.pali_palo".target}"; + "cat ${toString config.sops.secrets.mail_web.path }"; imap = { host = "imap.web.de"; tls.enable = true; @@ -531,57 +527,6 @@ in { notmuch.enable = true; }; - c-base = { - primary = false; - address = "palo@c-base.org"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo"; - passwordCommand = - "cat ${toString config.krops.userKeys."c-base.palo".target}"; - imap = { - host = "c-mail.c-base.org"; - port = 993; - # fetched using : nix-shell -p openssl --run "openssl s_client -connect c-mail.c-base.org:993 -showcerts" - tls.certificatesFile = pkgs.writeText "c-base.pem" '' - -----BEGIN CERTIFICATE----- - MIIFKDCCAxCgAwIBAgIDAtwrMA0GCSqGSIb3DQEBDQUAMFQxFDASBgNVBAoTC0NB - Y2VydCBJbmMuMR4wHAYDVQQLExVodHRwOi8vd3d3LkNBY2VydC5vcmcxHDAaBgNV - BAMTE0NBY2VydCBDbGFzcyAzIFJvb3QwHhcNMTkxMTA5MDgzMjUyWhcNMjExMTA4 - MDgzMjUyWjBhMQswCQYDVQQGEwJERTEPMA0GA1UECBMGQmVybGluMQ8wDQYDVQQH - EwZCZXJsaW4xFDASBgNVBAoTC2MtYmFzZSBlLlYuMRowGAYDVQQDExFjLW1haWwu - Yy1iYXNlLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKR3XBxJ - 72MayCS0D5GCoHcY0TQLs1DQSohCCobRdSowFJzNQw/2lL6bb+Q2rmevZQXuM4vP - YbFytvTDmY5y5MNXEqGLfi8D5TcaP/RdXWQU++yUunE6yMdqZNheeXPjM//PnoXG - DyT236BovEi3YipUUsLXFiRj+cAjrQE7a2YUs3fjV3P6grMH0V06J6P6+JJvRgp2 - K33uhKhnKyb3s1tbdbu1KeGozx2ws9lg79XV+Py6PXxP6jTZ2PCsaxs3BThSdmsl - vQyk/zoW7tA1m2ntRCoyFHZqfOHsN3UOS/HDRlXqgSf0ah8cPYPsl0ayXhgOv0Tu - 1PSMt4Ve2GajX8MCAwEAAaOB9TCB8jAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE - AwIDqDA0BgNVHSUELTArBggrBgEFBQcDAgYIKwYBBQUHAwEGCWCGSAGG+EIEAQYK - KwYBBAGCNwoDAzAzBggrBgEFBQcBAQQnMCUwIwYIKwYBBQUHMAGGF2h0dHA6Ly9v - Y3NwLmNhY2VydC5vcmcvMDgGA1UdHwQxMC8wLaAroCmGJ2h0dHA6Ly9jcmwuY2Fj - ZXJ0Lm9yZy9jbGFzczMtcmV2b2tlLmNybDAtBgNVHREEJjAkghFjLW1haWwuYy1i - YXNlLm9yZ4IPbWFpbC5jLWJhc2Uub3JnMA0GCSqGSIb3DQEBDQUAA4ICAQBjTIa1 - xdhUYXJidv1U0qaqSV1DzumakFY20OM4QCV0Qvlq+SQUqroGBTIGodxhTnjG5o01 - 4xBAnsTcMRNycXHu0j6XYqDS4QhaFcGdFmXP0EQfAFbvhwZdbvgiRHuUTSGEbcLp - Vk8sP8dpzx+zMAZ6PL7XMwPFPTHm7vw40qmTyCuUcnhIwHgwGxu4yu0tdsU+VwRD - RVsdZO4V2GhFTz8oRcHvmC2wmx+Zwx0RXWPXSN5yRDDZWwY4WbECa2MvojH1HlJG - YJkokq7nbYJix/RipSkAXgurcgppVmM5cf7uYgSrltW8pm3IMMPrlaFrlzMMMtdq - SYFk+FDp296B7CDyWpQhDcVjnGQ70JfMWT5S3Lsi8DnI2pul9ljxPOt+Q8XFh1oz - Ofr7y5Qjm72YToOX1j7N8ppCh0RJH4lOsouTPVdp859ch9FxZdceq+nC744wv+Nt - TQPw15Gk3RY5mVYBE/Cw2T7j7qDmBaEUKxkfW7q8t287FXM4XX6C+cKYr6jYx6s1 - 5/2p4gCuOALYqJ7kD2xjci0VTWu77H4J2QKEZF8AgdI36dIYr7GY0e/+xb/CScwr - uvu2R9jfPOMVu6CiavPGUtcvju4A+qMUDqIyH9dNwkMQRffAtmsF6KR4nMYxhr45 - nKY1BaufWLD1UWrjaR1IF6L5qDHOXeMJEChYkg== - -----END CERTIFICATE-----''; - }; - mbsync = { - enable = false; - create = "both"; - }; - notmuch.enable = true; - }; - gmail = { # for google accounts you have to allow 'less secure apps' in accounts.google.com primary = true; @@ -590,7 +535,7 @@ in { realName = "Ingolf Wagner"; userName = "palipalo9@googlemail.com"; passwordCommand = - "cat ${toString config.krops.userKeys."gmail.palipalo9".target}"; + "cat ${toString config.sops.secrets.mail_gmail.path }"; imap = { host = "imap.gmail.com"; tls.enable = true; @@ -609,9 +554,7 @@ in { aliases = [ ]; realName = "Ingolf Wagner"; userName = "palo@terranix.org"; - passwordCommand = "cat ${ - toString config.krops.userKeys."namecheap.terranix.org".target - }"; + passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }"; imap = { host = "mail.privateemail.com"; tls.enable = true; @@ -631,7 +574,7 @@ in { realName = "Ingolf Wagner"; userName = "contact@ingolf-wagner.de"; passwordCommand = - "cat ${toString config.krops.userKeys."siteground.contact".target}"; + "cat ${toString config.sops.secrets.mail_siteground.path }"; imap = { host = "securees5.sgcpanel.com"; port = 993; @@ -672,30 +615,35 @@ in { }; # fetch mails every 10 minutes - systemd.services.fetchmail = { - enable = true; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = '' - echo "run mbsync" - ${pkgs.isync}/bin/mbsync \ - --all + systemd.services.fetchmail = + let + threadTag = tag: '' + echo "tag threads with ${tag}" + ${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag}) + ''; + in + { + enable = true; + serviceConfig = { User = config.users.users.mailUser.name; }; + environment.NOTMUCH_CONFIG = + "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; + script = '' + echo "run mbsync" + ${pkgs.isync}/bin/mbsync \ + --all + echo "run getmail" + ${pkgs.getmail}/bin/getmail \ + --quiet \ + --rcfile getmailingolf-wagner-de - echo "run getmail" - ${pkgs.getmail}/bin/getmail \ - --quiet \ - --rcfile getmailingolf-wagner-de - - echo "run notmuch" - ${pkgs.notmuch}/bin/notmuch new - ${notmuchTaggingNew} - echo "mute threads" - ${pkgs.notmuch}/bin/notmuch tag +muted $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:muted) - echo "delete threads" - ${pkgs.notmuch}/bin/notmuch tag +deleted $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:deleted) - ''; - }; + echo "run notmuch" + ${pkgs.notmuch}/bin/notmuch new + ${notmuchTaggingNew} + ${threadTag "muted"} + ${threadTag "wohnung"} + ${threadTag "flagged"} + ''; + }; systemd.timers.fetchmail = { enable = true; # timerConfig.OnCalendar = " *-*-* *:00:00"; @@ -708,9 +656,5 @@ in { enable = true; new.tags = [ "unread" "inbox" "new" ]; }; - home-manager.users.mailUser.home.file."notmuch" = { - source = "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - target = ".notmuch-config"; - }; } diff --git a/configs/workhorse/metabase.nix b/nixos/configs/workhorse/metabase.nix similarity index 93% rename from configs/workhorse/metabase.nix rename to nixos/configs/workhorse/metabase.nix index 069767c..8dd3f0b 100644 --- a/configs/workhorse/metabase.nix +++ b/nixos/configs/workhorse/metabase.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, config, ... }: { +/{ pkgs, lib, config, ... }: { services.metabase = { listen.port = 3040; diff --git a/configs/workhorse/mining.nix b/nixos/configs/workhorse/mining.nix similarity index 99% rename from configs/workhorse/mining.nix rename to nixos/configs/workhorse/mining.nix index 474d7a9..6f95ec0 100644 --- a/configs/workhorse/mining.nix +++ b/nixos/configs/workhorse/mining.nix @@ -7,7 +7,8 @@ let rig = config.networking.hostName; recheckInterval = 2000; package = pkgs.ethminer; -in { +in +{ systemd.services.ethminer = { description = "ethminer ethereum mining service"; diff --git a/configs/workhorse/mysql.nix b/nixos/configs/workhorse/mysql.nix similarity index 100% rename from configs/workhorse/mysql.nix rename to nixos/configs/workhorse/mysql.nix diff --git a/configs/workhorse/nextcloud.nix b/nixos/configs/workhorse/nextcloud.nix similarity index 81% rename from configs/workhorse/nextcloud.nix rename to nixos/configs/workhorse/nextcloud.nix index 2b9d90e..5a351e1 100644 --- a/configs/workhorse/nextcloud.nix +++ b/nixos/configs/workhorse/nextcloud.nix @@ -4,23 +4,46 @@ let hostAddress = "192.168.100.10"; containerAddress = "192.168.100.11"; #syncthingGid = config.users.groups.syncthing.gid; + nextcloudUid = 1000; -in { +in +{ + + sops.secrets.nextcloud_database_password = { + owner = "nextcloud"; + }; + sops.secrets.nextcloud_root_password = { + owner = "nextcloud"; + }; + + users.users.nextcloud = { + isSystemUser = true; + uid = nextcloudUid; + }; containers.nextcloud = { # mount host folders bindMounts = { rootpassword = { - hostPath = toString ; - mountPoint = toString ; + hostPath = + "/run/secrets/nextcloud_root_password"; + #toString ; + mountPoint = + "/run/secrets/nextcloud_root_password"; + #toString ; isReadOnly = true; }; databasepassword = { - hostPath = toString ; - mountPoint = toString ; + hostPath = + "/run/secrets/nextcloud_database_password"; + #toString ; + mountPoint = + "/run/secrets/nextcloud_database_password"; + #toString ; isReadOnly = true; }; + home = { # make sure this folder exist on the host hostPath = toString "/home/nextcloud"; @@ -33,17 +56,6 @@ in { mountPoint = "/var/lib/mysql"; isReadOnly = false; }; - krops-lib = { - mountPoint = toString ; - hostPath = toString ; - isReadOnly = true; - }; - modules = { - mountPoint = toString ; - hostPath = toString ; - isReadOnly = true; - }; - # shared folders samples = { mountPoint = toString config.services.syncthing.declarative.folders.samples.path; @@ -84,10 +96,9 @@ in { config = { config, pkgs, lib, ... }: { - imports = [ ]; + users.users.nextcloud.uid = nextcloudUid; services.nginx = { - # Use recommended settings recommendedGzipSettings = lib.mkDefault true; recommendedOptimisation = lib.mkDefault true; @@ -95,28 +106,30 @@ in { recommendedTlsSettings = lib.mkDefault true; # for graylog logging - commonHttpConfig = let - access_log_sink = "${hostAddress}:12304"; - error_log_sink = "${hostAddress}:12305"; - in '' - log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' - '"facility": "nginx", ' - '"src_addr": "$remote_addr", ' - '"body_bytes_sent": $body_bytes_sent, ' - '"request_time": $request_time, ' - '"response_status": $status, ' - '"request": "$request", ' - '"request_method": "$request_method", ' - '"host": "$host",' - '"upstream_cache_status": "$upstream_cache_status",' - '"upstream_addr": "$upstream_addr",' - '"http_x_forwarded_for": "$http_x_forwarded_for",' - '"http_referrer": "$http_referer", ' - '"http_user_agent": "$http_user_agent" }'; + commonHttpConfig = + let + access_log_sink = "${hostAddress}:12304"; + error_log_sink = "${hostAddress}:12305"; + in + '' + log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' + '"facility": "nginx", ' + '"src_addr": "$remote_addr", ' + '"body_bytes_sent": $body_bytes_sent, ' + '"request_time": $request_time, ' + '"response_status": $status, ' + '"request": "$request", ' + '"request_method": "$request_method", ' + '"host": "$host",' + '"upstream_cache_status": "$upstream_cache_status",' + '"upstream_addr": "$upstream_addr",' + '"http_x_forwarded_for": "$http_x_forwarded_for",' + '"http_referrer": "$http_referer", ' + '"http_user_agent": "$http_user_agent" }'; - access_log syslog:server=${access_log_sink} graylog2_json; - error_log syslog:server=${error_log_sink}; - ''; + access_log syslog:server=${access_log_sink} graylog2_json; + error_log syslog:server=${error_log_sink}; + ''; }; # don't forget the database backup before doing this @@ -214,27 +227,20 @@ in { https = true; config = { adminpassFile = - toString config.krops.userKeys."nextcloud_root".target; + #config.sops.secrets.nextcloud_root_password.path; + "/run/secrets/nextcloud_root_password"; overwriteProtocol = "https"; trustedProxies = [ "195.201.134.247" hostAddress ]; dbtype = "mysql"; dbpassFile = - toString config.krops.userKeys."nextcloud_database".target; + #config.sops.secrets.nextcloud_database_password.path; + "/run/secrets/nextcloud_database_password"; dbport = 3306; }; }; - # provide password file for database with proper rights - krops.userKeys."nextcloud_database" = { - user = "nextcloud"; - source = toString ; - requiredBy = [ "nginx.service" "nextcloud-setup.service" ]; - }; - krops.userKeys."nextcloud_root" = { - user = "nextcloud"; - source = toString ; - requiredBy = [ "nginx.service" "nextcloud-setup.service" ]; - }; + #sops.secrets.nextcloud_database_password = {}; + #sops.secrets.nextcloud_root_password = {}; environment.systemPackages = [ pkgs.smbclient ]; @@ -340,7 +346,8 @@ in { doInit = true; encryption = { mode = "repokey-blake2"; - passCommand = "cat ${toString }"; + passCommand = + "cat ${config.sops.secrets.backup_repository_passphrase.path}"; }; startAt = "0/3:00:00"; prune.keep = { diff --git a/nixos/configs/workhorse/packages.nix b/nixos/configs/workhorse/packages.nix new file mode 100644 index 0000000..b70f348 --- /dev/null +++ b/nixos/configs/workhorse/packages.nix @@ -0,0 +1 @@ +{ config, pkgs, ... }: { environment.systemPackages = with pkgs; [ ]; } diff --git a/configs/workhorse/prometheus.nix b/nixos/configs/workhorse/prometheus.nix similarity index 79% rename from configs/workhorse/prometheus.nix rename to nixos/configs/workhorse/prometheus.nix index fd775b8..6888571 100644 --- a/configs/workhorse/prometheus.nix +++ b/nixos/configs/workhorse/prometheus.nix @@ -84,23 +84,23 @@ }; }]; } - { - job_name = "home-assistant"; - scrape_interval = "60s"; - metrics_path = "/api/prometheus"; - # you can create this token on your user profile page - # http://pepe.private:8123/profile - bearer_token = - lib.fileContents ; - static_configs = [{ - targets = [ "pepe.private:8123" ]; - labels = { - service = "hass"; - server = "pepe"; - city = "essen"; - }; - }]; - } + #{ + # job_name = "home-assistant"; + # scrape_interval = "60s"; + # metrics_path = "/api/prometheus"; + # # you can create this token on your user profile page + # # http://pepe.private:8123/profile + # bearer_token = + # lib.fileContents ; + # static_configs = [{ + # targets = [ "pepe.private:8123" ]; + # labels = { + # service = "hass"; + # server = "pepe"; + # city = "essen"; + # }; + # }]; + #} ]; }; } diff --git a/configs/workhorse/property.nix b/nixos/configs/workhorse/property.nix similarity index 100% rename from configs/workhorse/property.nix rename to nixos/configs/workhorse/property.nix diff --git a/configs/workhorse/syncthing.nix b/nixos/configs/workhorse/syncthing.nix similarity index 94% rename from configs/workhorse/syncthing.nix rename to nixos/configs/workhorse/syncthing.nix index dcdf44e..c7a369a 100644 --- a/configs/workhorse/syncthing.nix +++ b/nixos/configs/workhorse/syncthing.nix @@ -11,14 +11,18 @@ }; }; + + sops.secrets.syncthing_cert = { }; + sops.secrets.syncthing_key = { }; + services.syncthing = { enable = true; openDefaultPorts = false; dataDir = "/home/syncthing"; configDir = "/home/syncthing"; declarative = { - cert = toString ; - key = toString ; + cert = toString config.sops.secrets.syncthing_cert.path; + key = toString config.sops.secrets.syncthing_key.path; overrideFolders = true; folders = { diff --git a/configs/workhorse/taskserver.nix b/nixos/configs/workhorse/taskserver.nix similarity index 100% rename from configs/workhorse/taskserver.nix rename to nixos/configs/workhorse/taskserver.nix diff --git a/configs/workhorse/tinc.nix b/nixos/configs/workhorse/tinc.nix similarity index 78% rename from configs/workhorse/tinc.nix rename to nixos/configs/workhorse/tinc.nix index ffe59c3..5291b19 100644 --- a/configs/workhorse/tinc.nix +++ b/nixos/configs/workhorse/tinc.nix @@ -17,4 +17,7 @@ }; }; + sops.secrets.tinc_retiolum_ed25519_key = { }; + sops.secrets.tinc_retiolum_rsa_key = { }; + } diff --git a/configs/workhorse/transmission.nix b/nixos/configs/workhorse/transmission.nix similarity index 90% rename from configs/workhorse/transmission.nix rename to nixos/configs/workhorse/transmission.nix index 0283836..83031de 100644 --- a/configs/workhorse/transmission.nix +++ b/nixos/configs/workhorse/transmission.nix @@ -1,23 +1,31 @@ -{ pkgs, ... }: +{ pkgs, config, ... }: let hostAddress = "192.168.100.30"; containerAddress = "192.168.100.31"; -in { +in +{ + + #users.users.transmission = { + # isSystemUser = true; + # uid = config.ids.uids.transmission; + #}; + + sops.secrets.nordvpn = { }; containers.torrent = { # mount host folders bindMounts = { - password = { - hostPath = toString ; - mountPoint = toString ; - isReadOnly = true; - }; + #password = { + # hostPath = "/run/secrets/transmission_password"; + # mountPoint = "/run/secrets/transmission_password"; + # isReadOnly = true; + #}; nordvpnPassword = { - hostPath = toString ; - mountPoint = toString ; + hostPath = "/run/secrets/nordvpn"; + mountPoint = "/run/secrets/nordvpn"; isReadOnly = true; }; home = { @@ -131,17 +139,17 @@ in { # notify me when download finished script-torrent-done-enabled = true; - script-torrent-done-filename = - (pkgs.writers.writeBash "torrent-finished" '' - JSON_STRING=$( ${pkgs.jq}/bin/jq -n --arg torrent_name "$TR_TORRENT_NAME" \ - '{text: ":tada: finished : \($torrent_name)", channel: "torrent"}' ) - ${pkgs.curl}/bin/curl \ - --include \ - --request POST \ - --data-urlencode \ - "payload=$JSON_STRING" \ - ${lib.fileContents } - ''); + #script-torrent-done-filename = + # (pkgs.writers.writeBash "torrent-finished" '' + # JSON_STRING=$( ${pkgs.jq}/bin/jq -n --arg torrent_name "$TR_TORRENT_NAME" \ + # '{text: ":tada: finished : \($torrent_name)", channel: "torrent"}' ) + # ${pkgs.curl}/bin/curl \ + # --include \ + # --request POST \ + # --data-urlencode \ + # "payload=$JSON_STRING" \ + # + # ''); }; }; @@ -183,7 +191,8 @@ in { remote-cert-tls server - auth-user-pass ${toString } + auth-user-pass /run/secrets/nordvpn + verb 3 pull resolv-retry infinite diff --git a/configs/workhorse/weechat.nix b/nixos/configs/workhorse/weechat.nix similarity index 100% rename from configs/workhorse/weechat.nix rename to nixos/configs/workhorse/weechat.nix diff --git a/configs/workout/configuration.nix b/nixos/configs/workout/configuration.nix similarity index 100% rename from configs/workout/configuration.nix rename to nixos/configs/workout/configuration.nix diff --git a/configs/workout/hardware-configuration.nix b/nixos/configs/workout/hardware-configuration.nix similarity index 100% rename from configs/workout/hardware-configuration.nix rename to nixos/configs/workout/hardware-configuration.nix diff --git a/configs/workout/kibana.nix b/nixos/configs/workout/kibana.nix similarity index 100% rename from configs/workout/kibana.nix rename to nixos/configs/workout/kibana.nix diff --git a/configs/workout/lan.nix b/nixos/configs/workout/lan.nix similarity index 99% rename from configs/workout/lan.nix rename to nixos/configs/workout/lan.nix index 04dcf3e..08b6ff5 100644 --- a/configs/workout/lan.nix +++ b/nixos/configs/workout/lan.nix @@ -5,7 +5,8 @@ let ipAddress = "10.1.0.1"; prefixLength = 24; -in { +in +{ networking.extraHosts = '' 10.1.0.1 workout.lan diff --git a/configs/workout/packages.nix b/nixos/configs/workout/packages.nix similarity index 70% rename from configs/workout/packages.nix rename to nixos/configs/workout/packages.nix index c0b535b..70fbd72 100644 --- a/configs/workout/packages.nix +++ b/nixos/configs/workout/packages.nix @@ -1,13 +1,13 @@ -{ config, pkgs, ... }: -let unstable = import { }; -in { +{ config, pkgs, ... }: { # overlay included nixpkgs.overlays = [ (import ) ]; nixpkgs.config.packageOverrides = pkgs: { - nur = import (builtins.fetchTarball - "https://github.com/nix-community/NUR/archive/master.tar.gz") { + nur = import + (builtins.fetchTarball + "https://github.com/nix-community/NUR/archive/master.tar.gz") + { inherit pkgs; }; }; @@ -24,7 +24,6 @@ in { python3Full jetbrains.pycharm-professional jetbrains.datagrip - #unstable.pypi2nix #nur.repos.mic92.nixos-shell jetbrains.idea-ultimate diff --git a/configs/workout/slack.nix b/nixos/configs/workout/slack.nix similarity index 100% rename from configs/workout/slack.nix rename to nixos/configs/workout/slack.nix diff --git a/configs/workout/syncthing.nix b/nixos/configs/workout/syncthing.nix similarity index 100% rename from configs/workout/syncthing.nix rename to nixos/configs/workout/syncthing.nix diff --git a/configs/workout/tinc.nix b/nixos/configs/workout/tinc.nix similarity index 100% rename from configs/workout/tinc.nix rename to nixos/configs/workout/tinc.nix diff --git a/nixos/flake.lock b/nixos/flake.lock new file mode 100644 index 0000000..7b47bae --- /dev/null +++ b/nixos/flake.lock @@ -0,0 +1,649 @@ +{ + "nodes": { + "backup-module": { + "flake": false, + "locked": { + "lastModified": 1580601325, + "narHash": "sha256-eCf6jDYKdW74j/bu3Ni1WtkqYT8t0vrQA84l5icGXNc=", + "ref": "master", + "rev": "0597529c20f04f57a6d031f7439560e87923f4ce", + "revCount": 24, + "type": "git", + "url": "https://git.ingolf-wagner.de/nix-modules/backup.git" + }, + "original": { + "type": "git", + "url": "https://git.ingolf-wagner.de/nix-modules/backup.git" + } + }, + "cluster-module": { + "flake": false, + "locked": { + "lastModified": 1537379100, + "narHash": "sha256-TcZfK3thYq65S7mHC0jyc2ELVq8Ue8Enuj4iU4L9fTI=", + "rev": "ef621797a30f8a57de16bf33672abdd411cbcece", + "revCount": 8, + "type": "git", + "url": "https://git.ingolf-wagner.de/nix-modules/cluster.git" + }, + "original": { + "rev": "ef621797a30f8a57de16bf33672abdd411cbcece", + "type": "git", + "url": "https://git.ingolf-wagner.de/nix-modules/cluster.git" + } + }, + "doom-emacs": { + "flake": false, + "locked": { + "lastModified": 1626604817, + "narHash": "sha256-z+dvjB02cHU+VQ5EMkzqSdX817PZar9AkmmfK27q0vo=", + "owner": "hlissner", + "repo": "doom-emacs", + "rev": "46732c0adaef147144418f9f284ca6b1183ab96f", + "type": "github" + }, + "original": { + "owner": "hlissner", + "ref": "develop", + "repo": "doom-emacs", + "type": "github" + } + }, + "doom-emacs-nix": { + "inputs": { + "doom-emacs": "doom-emacs", + "doom-snippets": "doom-snippets", + "emacs-overlay": "emacs-overlay", + "emacs-so-long": "emacs-so-long", + "evil-markdown": "evil-markdown", + "evil-org-mode": "evil-org-mode", + "evil-quick-diff": "evil-quick-diff", + "explain-pause-mode": "explain-pause-mode", + "flake-utils": "flake-utils", + "nix-straight": "nix-straight", + "nixpkgs": [ + "nixpkgs" + ], + "nose": "nose", + "ob-racket": "ob-racket", + "org": "org", + "org-contrib": "org-contrib", + "org-yt": "org-yt", + "php-extras": "php-extras", + "revealjs": "revealjs", + "rotate-text": "rotate-text" + }, + "locked": { + "lastModified": 1627398156, + "narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=", + "owner": "vlaci", + "repo": "nix-doom-emacs", + "rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff", + "type": "github" + }, + "original": { + "owner": "vlaci", + "repo": "nix-doom-emacs", + "type": "github" + } + }, + "doom-snippets": { + "flake": false, + "locked": { + "lastModified": 1625547004, + "narHash": "sha256-V+ytAjB4ZZ+5dJJAu1OY7SbnqrokX5PVBWs0AsgQ8Vs=", + "owner": "hlissner", + "repo": "doom-snippets", + "rev": "5c0eb5bd70f035cefb981c2ce64f4367498bdda6", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "doom-snippets", + "type": "github" + } + }, + "emacs-overlay": { + "flake": false, + "locked": { + "lastModified": 1626972035, + "narHash": "sha256-YhBtnKmLDYiEzP5ZEMEQMg6oMP5EV+ToCkku7ZYfL+A=", + "owner": "nix-community", + "repo": "emacs-overlay", + "rev": "be04b45efb35db58e6ac6aa86b84f850c85b5dfe", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "emacs-overlay", + "type": "github" + } + }, + "emacs-so-long": { + "flake": false, + "locked": { + "lastModified": 1575031854, + "narHash": "sha256-xIa5zO0ZaToDrec1OFjBK6l39AbA4l/CE4LInVu2hi0=", + "owner": "hlissner", + "repo": "emacs-so-long", + "rev": "ed666b0716f60e8988c455804de24b55919e71ca", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "emacs-so-long", + "type": "github" + } + }, + "evil-markdown": { + "flake": false, + "locked": { + "lastModified": 1626852210, + "narHash": "sha256-HBBuZ1VWIn6kwK5CtGIvHM1+9eiNiKPH0GUsyvpUVN8=", + "owner": "Somelauw", + "repo": "evil-markdown", + "rev": "8e6cc68af83914b2fa9fd3a3b8472573dbcef477", + "type": "github" + }, + "original": { + "owner": "Somelauw", + "repo": "evil-markdown", + "type": "github" + } + }, + "evil-org-mode": { + "flake": false, + "locked": { + "lastModified": 1607203864, + "narHash": "sha256-JxwqVYDN6OIJEH15MVI6XOZAPtUWUhJQWHyzcrUvrFg=", + "owner": "hlissner", + "repo": "evil-org-mode", + "rev": "a9706da260c45b98601bcd72b1d2c0a24a017700", + "type": "github" + }, + "original": { + "owner": "hlissner", + "repo": "evil-org-mode", + "type": "github" + } + }, + "evil-quick-diff": { + "flake": false, + "locked": { + "lastModified": 1575189609, + "narHash": "sha256-oGzl1ayW9rIuq0haoiFS7RZsS8NFMdEA7K1BSozgnJU=", + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "rev": "69c883720b30a892c63bc89f49d4f0e8b8028908", + "type": "github" + }, + "original": { + "owner": "rgrinberg", + "repo": "evil-quick-diff", + "type": "github" + } + }, + "explain-pause-mode": { + "flake": false, + "locked": { + "lastModified": 1595842060, + "narHash": "sha256-++znrjiDSx+cy4okFBBXUBkRFdtnE2x+trkmqjB3Njs=", + "owner": "lastquestion", + "repo": "explain-pause-mode", + "rev": "2356c8c3639cbeeb9751744dbe737267849b4b51", + "type": "github" + }, + "original": { + "owner": "lastquestion", + "repo": "explain-pause-mode", + "type": "github" + } + }, + "fenix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-fmt", + "nixpkgs" + ], + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1631067971, + "narHash": "sha256-z+qlJaCaw/OAoFGdzm0nDKkjRdCwstHzduF74nMn3bY=", + "owner": "nix-community", + "repo": "fenix", + "rev": "0771140f0a6a6622c509fb2d6d2c87f0bfda703d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, + "flake-utils": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "locked": { + "lastModified": 1629481132, + "narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "997f7efcb746a9c140ce1f13c72263189225f482", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1634544068, + "narHash": "sha256-RlRQBaAHfdWqfRyHdWuDPMkplBTYwuyDQqDcNbP/Sog=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "ff2bed9dac84fb202bbb3c49fdcfe30c29d0b12f", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.05", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager-utils": { + "inputs": { + "home-manager": [ + "home-manager" + ] + }, + "locked": { + "lastModified": 1632947926, + "narHash": "sha256-dgHY+6K7i+5R8g2/VISn4rBGxyRjSVEdPS41YQltjWI=", + "owner": "mrvandalo", + "repo": "home-manager-utils", + "rev": "dcf13bd1633d5225e278d6dafcdecbf37c3726a4", + "type": "github" + }, + "original": { + "owner": "mrvandalo", + "repo": "home-manager-utils", + "type": "github" + } + }, + "krops-lib": { + "flake": false, + "locked": { + "lastModified": 1568329403, + "narHash": "sha256-G5pdPNaXg9Hv9BX/E24udoRiFcSbjSGJwl3gB+p56j4=", + "ref": "master", + "rev": "c9adb18bcb0555573232c6a45be6800fc1350e9b", + "revCount": 14, + "type": "git", + "url": "https://git.ingolf-wagner.de/nix-modules/krops.git" + }, + "original": { + "type": "git", + "url": "https://git.ingolf-wagner.de/nix-modules/krops.git" + } + }, + "naersk": { + "inputs": { + "nixpkgs": [ + "nixpkgs-fmt", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1631004250, + "narHash": "sha256-LGh0CjAZwh13AVkTi9w9lITEC7x6bwSQyFViOZ6HyNo=", + "owner": "nmattia", + "repo": "naersk", + "rev": "08afb3d1dbfe016108b72e05b02ba0f6ecb3c8e1", + "type": "github" + }, + "original": { + "owner": "nmattia", + "repo": "naersk", + "type": "github" + } + }, + "nix-straight": { + "flake": false, + "locked": { + "lastModified": 1621543597, + "narHash": "sha256-E/m2Hrw2og//CfOCOWe2yapYC01Tqhozn4YMPYJsC3o=", + "owner": "vlaci", + "repo": "nix-straight.el", + "rev": "8e84d04f10b2298de856b2b8b9a0d13abc91b5ca", + "type": "github" + }, + "original": { + "owner": "vlaci", + "ref": "v2.2.0", + "repo": "nix-straight.el", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1635070614, + "narHash": "sha256-eRup9WsvSIhsRrSlNugPcQ7gfGOsbk3d4izufwVlz1Q=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3b1789322fcbcb5cf51228d732752714f1bf77da", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-21.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-fmt": { + "inputs": { + "fenix": "fenix", + "flake-utils": "flake-utils_2", + "naersk": "naersk", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1631557044, + "narHash": "sha256-5VPeqRvNhRxTv07NSvxQSXvtuGnrjWmmwss0PGhFzTI=", + "owner": "nix-community", + "repo": "nixpkgs-fmt", + "rev": "c7f66ec1b969ed118231fdf7f596c5ed2c2cfe49", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs-fmt", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1634782485, + "narHash": "sha256-psfh4OQSokGXG0lpq3zKFbhOo3QfoeudRcaUnwMRkQo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1632855891, + "narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "73086069ebd402e85eaa39c06aef33c2b917f532", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1625223284, + "narHash": "sha256-jjLcDSU1rRiJb+n3uez23XAa7kbnPcGZTa6jIKh1GMQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "357d2c8f6087685fe35cb1889a005a4dd4cce7b8", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nose": { + "flake": false, + "locked": { + "lastModified": 1400604510, + "narHash": "sha256-daEi8Kta1oGaDEmUUDDQMahTTPOpvNpDKk22rlr7cB0=", + "owner": "emacsattic", + "repo": "nose", + "rev": "f8528297519eba911696c4e68fa88892de9a7b72", + "type": "github" + }, + "original": { + "owner": "emacsattic", + "repo": "nose", + "type": "github" + } + }, + "ob-racket": { + "flake": false, + "locked": { + "lastModified": 1584656173, + "narHash": "sha256-rBUYDDCXb+3D4xTPQo9UocbTPZ32kWV1Uya/1DmZknU=", + "owner": "xchrishawk", + "repo": "ob-racket", + "rev": "83457ec9e1e96a29fd2086ed19432b9d75787673", + "type": "github" + }, + "original": { + "owner": "xchrishawk", + "repo": "ob-racket", + "type": "github" + } + }, + "org": { + "flake": false, + "locked": { + "lastModified": 1627155762, + "narHash": "sha256-XS1eA6P0ePabdrnUNe5lN19EA9dfK615gMGObr9wfBQ=", + "owner": "emacs-straight", + "repo": "org-mode", + "rev": "c9dfed48a607c7f6524f1c6480f09cf61a5d6237", + "type": "github" + }, + "original": { + "owner": "emacs-straight", + "repo": "org-mode", + "type": "github" + } + }, + "org-contrib": { + "flake": false, + "locked": { + "lastModified": 1623339452, + "narHash": "sha256-E3pioqkmAKQm5N7YsgJZil0/ozkdRE7//tE9FGbrluM=", + "ref": "master", + "rev": "fc81309cf6756607a836f93049a9393c2967c4e0", + "revCount": 2599, + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + }, + "original": { + "type": "git", + "url": "https://git.sr.ht/~bzg/org-contrib" + } + }, + "org-yt": { + "flake": false, + "locked": { + "lastModified": 1527381913, + "narHash": "sha256-dzQ6B7ryzatHCTLyEnRSbWO0VUiX/FHYnpHTs74aVUs=", + "owner": "TobiasZawada", + "repo": "org-yt", + "rev": "40cc1ac76d741055cbefa13860d9f070a7ade001", + "type": "github" + }, + "original": { + "owner": "TobiasZawada", + "repo": "org-yt", + "type": "github" + } + }, + "php-extras": { + "flake": false, + "locked": { + "lastModified": 1573312690, + "narHash": "sha256-r4WyVbzvT0ra4Z6JywNBOw5RxOEYd6Qe2IpebHXkj1U=", + "owner": "arnested", + "repo": "php-extras", + "rev": "d410c5af663c30c01d461ac476d1cbfbacb49367", + "type": "github" + }, + "original": { + "owner": "arnested", + "repo": "php-extras", + "type": "github" + } + }, + "polygon-art": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1632864707, + "narHash": "sha256-aKYFPoMlTVovXk8fM7KZOc1HhusF/PEFEV9haBMJvuA=", + "ref": "master", + "rev": "b39c539f9e720cc144c9ad7fe0d72cd46f793dab", + "revCount": 22, + "type": "git", + "url": "https://git.ingolf-wagner.de/palo/polygon-art.git" + }, + "original": { + "type": "git", + "url": "https://git.ingolf-wagner.de/palo/polygon-art.git" + } + }, + "revealjs": { + "flake": false, + "locked": { + "lastModified": 1625811744, + "narHash": "sha256-Y67nVqcovn2PbHXmWOFWMq10Qz2ZIRyyWEO6qsZLbIM=", + "owner": "hakimel", + "repo": "reveal.js", + "rev": "b18f12d964ef80bd9ffb061aae48ff4c15fb43ad", + "type": "github" + }, + "original": { + "owner": "hakimel", + "repo": "reveal.js", + "type": "github" + } + }, + "root": { + "inputs": { + "backup-module": "backup-module", + "cluster-module": "cluster-module", + "doom-emacs-nix": "doom-emacs-nix", + "home-manager": "home-manager", + "home-manager-utils": "home-manager-utils", + "krops-lib": "krops-lib", + "nixpkgs": "nixpkgs", + "nixpkgs-fmt": "nixpkgs-fmt", + "nixpkgs-unstable": "nixpkgs-unstable", + "polygon-art": "polygon-art", + "sops-nix": "sops-nix" + } + }, + "rotate-text": { + "flake": false, + "locked": { + "lastModified": 1322962747, + "narHash": "sha256-SOeOgSlcEIsKhUiYDJv0p+mLUb420s9E2BmvZQvZ0wk=", + "owner": "debug-ito", + "repo": "rotate-text.el", + "rev": "48f193697db996855aee1ad2bc99b38c6646fe76", + "type": "github" + }, + "original": { + "owner": "debug-ito", + "repo": "rotate-text.el", + "type": "github" + } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1630943734, + "narHash": "sha256-jqgAKhvrVDEkv8HB56hVIgvMDuuQ7X4D2zE9ATV+baI=", + "owner": "rust-analyzer", + "repo": "rust-analyzer", + "rev": "3dae94bf2b3e496adb049da589c7efef272a39b8", + "type": "github" + }, + "original": { + "owner": "rust-analyzer", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1633273832, + "narHash": "sha256-oOjpMVYpkIUpiML61PeqTk+sg4juRvF7P6jroI/YvTw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "2e86e1698d53e5bd71d9de5f8b7e8f2f5458633c", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nixos/flake.nix b/nixos/flake.nix new file mode 100644 index 0000000..1fbc2c0 --- /dev/null +++ b/nixos/flake.nix @@ -0,0 +1,118 @@ +{ + description = "system flake.nix"; + inputs = { + sops-nix.url = "github:Mic92/sops-nix"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + polygon-art = { + url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; + #inputs.nixpkgs.follows = "nixpkgs"; + }; + doom-emacs-nix = { + url = "github:vlaci/nix-doom-emacs"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { + url = "github:nix-community/home-manager/release-21.05"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager-utils = { + url = "github:mrvandalo/home-manager-utils"; + inputs.home-manager.follows = "home-manager"; + }; + backup-module = { + url = "git+https://git.ingolf-wagner.de/nix-modules/backup.git"; + flake = false; + }; + krops-lib = { + url = "git+https://git.ingolf-wagner.de/nix-modules/krops.git"; + flake = false; + }; + cluster-module = { + url = + "git+https://git.ingolf-wagner.de/nix-modules/cluster.git?rev=ef621797a30f8a57de16bf33672abdd411cbcece"; + flake = false; + }; + nixpkgs-fmt = { + url = "github:nix-community/nixpkgs-fmt"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { self + , sops-nix + , nixpkgs + , home-manager + , home-manager-utils + , doom-emacs-nix + , backup-module + , nixpkgs-unstable + , krops-lib + , cluster-module + , polygon-art + , nixpkgs-fmt + , ... + }: + + let + nixosSystem = nixpkgs.lib.nixosSystem; + defaultModules = [ + sops-nix.nixosModules.sops + { imports = [ "${krops-lib}" "${cluster-module}" "${backup-module}" ]; } + ({ pkgs, ... }: { + nix = { + # no channesl needed this way + nixPath = [ "nixpkgs=${pkgs.path}" ]; + # make flakes available + package = pkgs.nixUnstable; + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + # defined overlays injected by the nixflake + nixpkgs.overlays = [ + (_self: _super: { + # we assign the overlay created before to the overlays of nixpkgs. + unstable = nixpkgs-unstable.legacyPackages.${pkgs.system}; + polygon-art = polygon-art.packages.${pkgs.system}; + }) + ]; + }) + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + } + ]; + desktopModules = [ + { + home-manager.users.mainUser = { + imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ]; + }; + environment.systemPackages = [ + nixpkgs-fmt.defaultPackage."x86_64-linux" + ]; + } + ]; + desktopConfiguration = initPath: + nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ desktopModules ++ [ initPath ]; + }; + serverConfiguration = initPath: + nixosSystem { + system = "x86_64-linux"; + modules = defaultModules ++ [ initPath ]; + }; + in + { + nixosConfigurations = { + sterni = desktopConfiguration ./configs/sterni/configuration.nix; + sternchen = desktopConfiguration ./configs/sternchien/configuration.nix; + pepe = serverConfiguration ./configs/pepe/configuration.nix; + workhorse = serverConfiguration ./configs/workhorse/configuration.nix; + sputnik = serverConfiguration ./configs/sputnik/configuration.nix; + }; + }; +} diff --git a/nixos/krops.nix b/nixos/krops.nix new file mode 100644 index 0000000..f9ab275 --- /dev/null +++ b/nixos/krops.nix @@ -0,0 +1,120 @@ +{ pkgs, writeCommand, lib, secrets }: +let + + # command that ensures we use flake.nix during switch + command = targetPath: + let + commandLine = + "TMPDIR=/tmp nixos-rebuild test --flake ${targetPath} -L --keep-going"; + in + '' + echo '${commandLine}' + nix-shell \ + -E "with import {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \ + --run '${commandLine}' + ''; + + source = { + secrets.file = { + path = "${secrets}/secrets"; + useChecksum = true; + }; + private_assets.pass = { + dir = toString ~/.password-store; + name = "krops/private_assets"; + }; + assets.file = { + path = toString ./assets; + useChecksum = true; + }; + configs.file = { + path = toString ./configs; + useChecksum = true; + }; + library.file = { + path = toString ./library; + useChecksum = true; + }; + modules.file = { + path = toString ./modules; + useChecksum = true; + }; + pkgs.file = { + path = toString ./pkgs; + useChecksum = true; + }; + system.file = { + path = toString ./system; + useChecksum = true; + }; + "flake.nix".file = { + path = toString ./flake.nix; + useChecksum = true; + }; + "flake.lock".file = { + path = toString ./flake.lock; + useChecksum = true; + }; + }; + + server = { name, host }: + let + system = writeCommand "/bin/system" { + source = lib.evalSource [ source ]; + force = true; + target = lib.mkTarget "root@${host}/var/krops"; + inherit command; + }; + in + { + "${name}" = pkgs.writers.writeBashBin name '' + echo "deploy system" + ${system}/bin/system + ''; + }; + + desktop = { name, host }: + let + system = writeCommand "/bin/system" { + source = lib.evalSource [ source ]; + force = true; + target = lib.mkTarget "root@${host}/var/krops"; + inherit command; + }; + network = writeCommand "/bin/secrets" { + source = lib.evalSource [{ + system-connections.pass = { + dir = toString ~/.password-store; + name = "krops/desktop_secrets/network-manager/system-connections"; + }; + }]; + force = true; + target = lib.mkTarget "root@${host}/etc/NetworkManager"; + }; + in + { + "${name}" = pkgs.writers.writeBashBin "${name}-all" '' + echo "deploy network secerts" + ${network}/bin/secrets + echo "deploy system" + ${system}/bin/system + ''; + }; + +in +(desktop { + name = "sterni"; + host = "sterni.private"; +}) // (desktop { + name = "sternchen"; + host = "sternchen.secret"; +}) // (server { + name = "pepe"; + host = "pepe.private"; +}) // (server { + name = "workhorse"; + host = "workhorse.private"; +}) // (server { + name = "sputnik"; + host = "sputnik.private"; +}) diff --git a/library/default.nix b/nixos/library/default.nix similarity index 80% rename from library/default.nix rename to nixos/library/default.nix index a16a579..9277b6b 100644 --- a/library/default.nix +++ b/nixos/library/default.nix @@ -1,7 +1,10 @@ { pkgs, lib, ... }: { desktopFile = bin: - { comment ? "No Comment", longName ? "Script" - , command ? "${bin}/bin/${bin.name}", ... }: + { comment ? "No Comment" + , longName ? "Script" + , command ? "${bin}/bin/${bin.name}" + , ... + }: pkgs.writeTextFile { name = "${bin.name}.desktop"; destination = "/share/applications/${bin.name}.desktop"; diff --git a/nixos/library/jenkins.nix b/nixos/library/jenkins.nix new file mode 100644 index 0000000..f9aa04c --- /dev/null +++ b/nixos/library/jenkins.nix @@ -0,0 +1,161 @@ +{ lib, ... }: + +with builtins; + +# https://jenkinsci.github.io/job-dsl-plugin/ + +{ + # source container url and credentialsId + job = name: + { url + , credentialsId + , branch ? "master" + , # https://docs.openstack.org/infra/jenkins-job-builder/triggers.html + triggers ? [{ + pollscm = { + cron = "H/30 * * * *"; + ignore-post-commit-hooks = true; + }; + }] + , ... + }: + config: { + job = { + inherit name triggers; + sandbox = true; + project-type = "pipeline"; + dsl = + let + stage = elem: + let + stageName = head (attrNames elem); + stateScripts = map + (stage: + lib.getAttr (typeOf stage) { + string = '' + withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { + sh '${toString stage}' + }''; + set = + let + script = '' + withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { + sh '${toString stage.script}' + } + ''; + in + if (stage.credentialsId != null) then '' + sshagent(['${stage.credentialsId}']) { ${script} } + '' else + script; + }) + (getAttr stageName elem); + in + '' + stage('${stageName}') { + steps { + ${concatStringsSep "\n" stateScripts} + } + } + ''; + stages = map stage config; + in + '' + pipeline { + agent any + post { + failure { + mattermostSend channel: 'notification', color: '#FF0000', message: "Failed to build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.BUILD_URL})" + } + success { + mattermostSend channel: 'jenkins', color: '#00FF00', message: "Successfully build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.JOB_URL})" + } + } + stages{ + stage('Pull') { + steps { + checkout( + [$class: 'GitSCM' + , branches: [[name: '*/${branch}']] + , doGenerateSubmoduleConfigurations: false + , extensions: [[$class: 'LocalBranch', localBranch: 'master']] + , submoduleCfg: [] + , userRemoteConfigs: + [[ credentialsId: '${credentialsId}' + , url: '${url}']] + ] + ) + } + } + ${concatStringsSep "\n" stages} + } + } + ''; + }; + }; + + # creates a sync job + # source and target container url and credentialsId + syncJob = name: source: target: { + job = { + name = name; + sandbox = true; + project-type = "pipeline"; + triggers = [{ + pollscm = { + cron = "H/30 * * * *"; + ignore-post-commit-hooks = true; + }; + }]; + dsl = '' + pipeline { + agent any + post { + failure { + mattermostSend channel: 'notification', color: '#FF0000', message: "Failed to build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.BUILD_URL})" + } + success { + mattermostSend channel: 'jenkins', color: '#00FF00', message: "Successfully build : [''${env.JOB_NAME}-''${env.BUILD_NUMBER}](''${env.JOB_URL})" + } + } + stages{ + stage('Pull') { + steps { + checkout( + [$class: 'GitSCM' + , branches: [[name: '*/master']] + , doGenerateSubmoduleConfigurations: false + , extensions: [[$class: 'LocalBranch', localBranch: 'master']] + , submoduleCfg: [] + , userRemoteConfigs: + [[ credentialsId: '${source.credentialsId}' + , url: '${source.url}']] + ] + ) + } + } + stage('Push') { + steps { + sshagent(['${target.credentialsId}']) { + withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) { + sh "git push -f ${target.url}" + } + } + } + } + stage('Push Tags') { + steps { + sshagent(['${target.credentialsId}']) { + withEnv(['PATH=/run/current-system/sw/bin/']) { + sh "git push -f ${target.url} --tags" + } + } + } + } + } + } + ''; + }; + }; + +} diff --git a/modules/default.nix b/nixos/modules/default.nix similarity index 95% rename from modules/default.nix rename to nixos/modules/default.nix index 87f8feb..1a90107 100644 --- a/modules/default.nix +++ b/nixos/modules/default.nix @@ -10,6 +10,7 @@ ./services/samba-share.nix ./services/sshd.nix ./services/videoencoder.nix + ./services/taskwarrior-pushover.nix ./programs/browser.nix ./programs/citate.nix diff --git a/modules/programs/browser.nix b/nixos/modules/programs/browser.nix similarity index 58% rename from modules/programs/browser.nix rename to nixos/modules/programs/browser.nix index 3f1e0d9..5a61c96 100644 --- a/modules/programs/browser.nix +++ b/nixos/modules/programs/browser.nix @@ -7,7 +7,7 @@ with lib; let cfg = config.programs.custom.browser; - library = import { inherit pkgs lib; }; + library = import ../../library { inherit pkgs lib; }; chromiumBin = "${pkgs.chromium}/bin/chromium"; chromeBin = "${pkgs.google-chrome}/bin/google-chrome-stable"; @@ -45,92 +45,104 @@ let backupFile = "${homeBackup}.tar.lzma"; rolloutFile = "${home}.tar.lzma"; lockFile = "${home}-lock"; - in pkgs.writeShellScriptBin "${name}-clean" # sh - '' - sudo killall -9 -u ${name} - sudo rm -f ${lockFile} - sudo rm -rf ${home} - ''; + in + pkgs.writeShellScriptBin "${name}-clean" # sh + '' + sudo killall -9 -u ${name} + sudo rm -f ${lockFile} + sudo rm -rf ${home} + ''; createBrowser = name: user: browser: home: homeBackup: let backupFile = "${homeBackup}.tar.lzma"; rolloutFile = "${home}.tar.lzma"; lockFile = "${home}-lock"; - in pkgs.writeShellScriptBin "${name}" # sh - '' - # set -x - if [[ ! -e ${lockFile} ]] - then - # rollout backup - if [[ -e ${backupFile} ]] - then - if [[ ! -d ${home} ]] - then - # todo : use make user - sudo mkdir -p ${home} - sudo chown -R ${user}:users ${home} - fi - cp ${backupFile} ${rolloutFile} - sudo -u ${user} ${tarBin} xf ${rolloutFile} --directory ${home} - rm ${rolloutFile} - touch ${lockFile} - fi - fi + in + pkgs.writeShellScriptBin "${name}" # sh + '' + # set -x + if [[ ! -e ${lockFile} ]] + then + # rollout backup + if [[ -e ${backupFile} ]] + then + if [[ ! -d ${home} ]] + then + # todo : use make user + sudo mkdir -p ${home} + sudo chown -R ${user}:users ${home} + fi + cp ${backupFile} ${rolloutFile} + sudo -u ${user} ${tarBin} xf ${rolloutFile} --directory ${home} + rm ${rolloutFile} + touch ${lockFile} + fi + fi - sudo -u ${user} ${browser} - ''; + sudo -u ${user} ${browser} + ''; - browserExecutableList = let - allBrowser = flip mapAttrsToList cfg.configList (name: config: - let - browser = if config.browserType == "chrome" then - ''${chromiumBin} "$@"'' - else if config.browserType == "google" then - ''${chromeBin} "$@"'' - else - ''${firefoxBin} "$@"''; - in createBrowser name config.user browser config.home config.homeBackup); - xclipBrowser = [ - (pkgs.writeShellScriptBin "copy-to-xclip" # sh - '' - echo "$*" | ${pkgs.xclip}/bin/xclip - '') - ]; - in allBrowser ++ xclipBrowser; + browserExecutableList = + let + allBrowser = flip mapAttrsToList cfg.configList (name: config: + let + browser = + if config.browserType == "chrome" then + ''${chromiumBin} "$@"'' + else if config.browserType == "google" then + ''${chromeBin} "$@"'' + else + ''${firefoxBin} "$@"''; + in + createBrowser name config.user browser config.home config.homeBackup); + xclipBrowser = [ + (pkgs.writeShellScriptBin "copy-to-xclip" # sh + '' + echo "$*" | ${pkgs.xclip}/bin/xclip + '') + ]; + in + allBrowser ++ xclipBrowser; createBackupScript = name: home: backupHome: pkgs.writeShellScriptBin "${name}-backup" # sh - '' - sudo -u ${name} \ - ${tarBin} \ - --exclude=.cache \ - --exclude=Downloads \ - --create \ - --verbos \ - --lzma \ - --file ${home}.tar.lzma \ - --directory ${home} \ - . + '' + sudo -u ${name} \ + ${tarBin} \ + --exclude=.cache \ + --exclude=Downloads \ + --create \ + --verbos \ + --lzma \ + --file ${home}.tar.lzma \ + --directory ${home} \ + . - cp ${home}.tar.lzma ${backupHome}.tar.lzma - ''; + cp ${home}.tar.lzma ${backupHome}.tar.lzma + ''; - allBackupScripts = let - filteredConfigs = - filterAttrs (name: browserConfig: browserConfig.homeBackup != null) - cfg.configList; - in mapAttrsToList (name: browserConfig: - createBackupScript name browserConfig.home browserConfig.homeBackup) - filteredConfigs; + allBackupScripts = + let + filteredConfigs = + filterAttrs (name: browserConfig: browserConfig.homeBackup != null) + cfg.configList; + in + mapAttrsToList + (name: browserConfig: + createBackupScript name browserConfig.home browserConfig.homeBackup) + filteredConfigs; - allCleanScripts = let - filteredConfigs = - filterAttrs (name: browserConfig: browserConfig.homeBackup != null) - cfg.configList; - in mapAttrsToList (name: browserConfig: - cleanBrowser name name browserConfig.home browserConfig.homeBackup) - filteredConfigs; + allCleanScripts = + let + filteredConfigs = + filterAttrs (name: browserConfig: browserConfig.homeBackup != null) + cfg.configList; + in + mapAttrsToList + (name: browserConfig: + cleanBrowser name name browserConfig.home browserConfig.homeBackup) + filteredConfigs; allKillScripts = mapAttrsToList (name: _: killBrowser name) cfg.configList; @@ -153,7 +165,8 @@ let $BIN "$@" ''; -in { +in +{ options.programs.custom.browser = { enable = mkEnableOption "enable browsers"; @@ -214,18 +227,22 @@ in { config = mkIf cfg.enable { # add sudo rights - security.sudo.extraConfig = let - extraRules = flip mapAttrsToList cfg.configList (name: values: - concatStringsSep "" (map (sudoUser: '' - # sudo configuration to control browser - ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL - ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home} - ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/chown -R ${values.user}\:users ${values.home} - ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name} - ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home} - ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock - '') values.sudoUsers)); - in lib.concatStringsSep "\n" extraRules; + security.sudo.extraConfig = + let + extraRules = flip mapAttrsToList cfg.configList (name: values: + concatStringsSep "" (map + (sudoUser: '' + # sudo configuration to control browser + ${sudoUser} ALL=(${values.user}) NOPASSWD: ALL + ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home} + ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/chown -R ${values.user}\:users ${values.home} + ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name} + ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home} + ${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock + '') + values.sudoUsers)); + in + lib.concatStringsSep "\n" extraRules; # create users users.users = flip mapAttrs cfg.configList (name: config: { diff --git a/modules/programs/citate.nix b/nixos/modules/programs/citate.nix similarity index 79% rename from modules/programs/citate.nix rename to nixos/modules/programs/citate.nix index 91d2264..c46cc60 100644 --- a/modules/programs/citate.nix +++ b/nixos/modules/programs/citate.nix @@ -6,7 +6,7 @@ let cfg = config.programs.custom.citate; - library = import { inherit pkgs lib; }; + library = import ../../library { inherit pkgs lib; }; xdotool = "${pkgs.xdotool}/bin/xdotool"; dmenu = "${pkgs.dmenu}/bin/dmenu"; @@ -16,10 +16,11 @@ let ${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )" ''; - scriptAxel = citateScript (toString ) "axel"; - scriptSiw = citateScript (toString ) "siw"; + scriptAxel = citateScript (toString ../../assets/sprueche-axel) "axel"; + scriptSiw = citateScript (toString ../../assets/sprueche-siw) "siw"; -in { +in +{ options.programs.custom.citate = { enable = mkEnableOption "enable programs.custom.citate"; diff --git a/modules/programs/curl-scripts.nix b/nixos/modules/programs/curl-scripts.nix similarity index 99% rename from modules/programs/curl-scripts.nix rename to nixos/modules/programs/curl-scripts.nix index 4ff69f6..9453cfd 100644 --- a/modules/programs/curl-scripts.nix +++ b/nixos/modules/programs/curl-scripts.nix @@ -18,7 +18,8 @@ let cfg = config.programs.custom.curlScripts; -in { +in +{ options.programs.custom.curlScripts.enable = mkEnableOption "enable curl scripts"; diff --git a/modules/programs/easytag.nix b/nixos/modules/programs/easytag.nix similarity index 98% rename from modules/programs/easytag.nix rename to nixos/modules/programs/easytag.nix index 02e6814..a790274 100644 --- a/modules/programs/easytag.nix +++ b/nixos/modules/programs/easytag.nix @@ -6,7 +6,8 @@ let cfg = config.programs.custom.easytag; -in { +in +{ options.programs.custom.easytag.enable = mkEnableOption "install easytag with dependencies"; diff --git a/modules/programs/elm.nix b/nixos/modules/programs/elm.nix similarity index 98% rename from modules/programs/elm.nix rename to nixos/modules/programs/elm.nix index e1cc323..d6d1f1b 100644 --- a/modules/programs/elm.nix +++ b/nixos/modules/programs/elm.nix @@ -6,7 +6,8 @@ let cfg = config.programs.custom.elm; -in { +in +{ options.programs.custom.elm.enable = mkEnableOption "enable elm stack"; diff --git a/modules/programs/espeak.nix b/nixos/modules/programs/espeak.nix similarity index 92% rename from modules/programs/espeak.nix rename to nixos/modules/programs/espeak.nix index 67362ec..3e2de46 100644 --- a/modules/programs/espeak.nix +++ b/nixos/modules/programs/espeak.nix @@ -4,9 +4,7 @@ with lib; let - unstable = import { }; - - espeak = unstable.espeak; + espeak = pkgs.unstable.espeak; # can't use bash aliases because programms will not pic it up en_espeak = pkgs.writeShellScriptBin "en-speak" '' @@ -38,7 +36,8 @@ let cfg = config.programs.custom.espeak; -in { +in +{ options.programs.custom.espeak.enable = mkEnableOption "enable espeak scripts"; diff --git a/modules/programs/ffmpeg.nix b/nixos/modules/programs/ffmpeg.nix similarity index 68% rename from modules/programs/ffmpeg.nix rename to nixos/modules/programs/ffmpeg.nix index fbd47ba..3db7774 100644 --- a/modules/programs/ffmpeg.nix +++ b/nixos/modules/programs/ffmpeg.nix @@ -5,8 +5,13 @@ let cfg = config.programs.custom.ffmpeg; ffmpegTemplate = name: - { profile, preset, tune ? null, width ? 1280, height ? 720 - , resolution ? "720p" }: + { profile + , preset + , tune ? null + , width ? 1280 + , height ? 720 + , resolution ? "720p" + }: pkgs.writeShellScriptBin "ffmpeg-${name}" '' if [ $# -eq 0 ] @@ -99,48 +104,53 @@ let ]; tunes = [ "film" "animation" "grain" "stillimage" "fastdecode" ]; - ffmpegs = let + ffmpegs = + let - configurations = lib.cartesianProductOfSets { - profile = profiles; - preset = presets; - }; - - p720 = { profile, preset }: - ffmpegTemplate "${profile}-${preset}-720p" { inherit profile preset; }; - - p1080 = { profile, preset }: - ffmpegTemplate "${profile}-${preset}-1080p" { - inherit profile preset; - height = 1080; - width = 1920; - resolution = "1080p"; - }; - in (map p720 configurations) ++ (map p1080 configurations); - - ffmpegsTune = let - configurations = lib.cartesianProductOfSets { - profile = profiles; - preset = presets; - tune = tunes; - }; - - p720 = { profile, preset, tune }: - ffmpegTemplate "${profile}-${preset}-${tune}-720p" { - inherit profile preset tune; + configurations = lib.cartesianProductOfSets { + profile = profiles; + preset = presets; }; - p1080 = { profile, preset, tune }: - ffmpegTemplate "${profile}-${preset}-${tune}-1080p" { - inherit profile preset tune; - height = 1080; - width = 1920; - resolution = "1080p"; + p720 = { profile, preset }: + ffmpegTemplate "${profile}-${preset}-720p" { inherit profile preset; }; + + p1080 = { profile, preset }: + ffmpegTemplate "${profile}-${preset}-1080p" { + inherit profile preset; + height = 1080; + width = 1920; + resolution = "1080p"; + }; + in + (map p720 configurations) ++ (map p1080 configurations); + + ffmpegsTune = + let + configurations = lib.cartesianProductOfSets { + profile = profiles; + preset = presets; + tune = tunes; }; - in (map p720 configurations) ++ (map p1080 configurations); + p720 = { profile, preset, tune }: + ffmpegTemplate "${profile}-${preset}-${tune}-720p" { + inherit profile preset tune; + }; -in { + p1080 = { profile, preset, tune }: + ffmpegTemplate "${profile}-${preset}-${tune}-1080p" { + inherit profile preset tune; + height = 1080; + width = 1920; + resolution = "1080p"; + }; + + in + (map p720 configurations) ++ (map p1080 configurations); + +in +{ options.programs.custom.ffmpeg = { enable = mkEnableOption "enable programs.custom.ffmpeg"; diff --git a/modules/programs/git.nix b/nixos/modules/programs/git.nix similarity index 99% rename from modules/programs/git.nix rename to nixos/modules/programs/git.nix index c721071..64c3c86 100644 --- a/modules/programs/git.nix +++ b/nixos/modules/programs/git.nix @@ -6,7 +6,8 @@ let cfg = config.programs.custom.git; -in { +in +{ options.programs.custom.git.enable = mkEnableOption "install git and all its tools"; diff --git a/modules/programs/shell-bash.nix b/nixos/modules/programs/shell-bash.nix similarity index 100% rename from modules/programs/shell-bash.nix rename to nixos/modules/programs/shell-bash.nix diff --git a/modules/programs/shell-tools.nix b/nixos/modules/programs/shell-tools.nix similarity index 99% rename from modules/programs/shell-tools.nix rename to nixos/modules/programs/shell-tools.nix index b0dad7e..780be40 100644 --- a/modules/programs/shell-tools.nix +++ b/nixos/modules/programs/shell-tools.nix @@ -29,7 +29,8 @@ let cfg = config.programs.custom.shellTools; -in { +in +{ options.programs.custom.shellTools.enable = mkEnableOption "enable shell tools"; diff --git a/modules/programs/shell-zsh.nix b/nixos/modules/programs/shell-zsh.nix similarity index 99% rename from modules/programs/shell-zsh.nix rename to nixos/modules/programs/shell-zsh.nix index ed8395a..d27f9da 100644 --- a/modules/programs/shell-zsh.nix +++ b/nixos/modules/programs/shell-zsh.nix @@ -6,7 +6,8 @@ let cfg = config.programs.custom.zsh; -in { +in +{ options.programs.custom.zsh = { enable = mkEnableOption "enable zsh"; @@ -37,7 +38,6 @@ in { # powerline themes # ---------------- - #theme = "agnoster"; theme = "powerlevel9k/powerlevel9k"; plugins = [ diff --git a/modules/programs/slack.nix b/nixos/modules/programs/slack.nix similarity index 63% rename from modules/programs/slack.nix rename to nixos/modules/programs/slack.nix index 90ef624..0af2fce 100644 --- a/modules/programs/slack.nix +++ b/nixos/modules/programs/slack.nix @@ -14,47 +14,51 @@ let # --------------------------- command = "${pkgs.slack}/bin/slack"; - desktopFile = let - name = program; - comment = "Chat Programm"; - in pkgs.writeTextFile { - name = "${name}.desktop"; - destination = "/share/applications/${name}.desktop"; - text = '' - [Desktop Entry] - Categories=Application;Utility; - Comment=${comment} - Encoding=UTF-8 - Exec=${bin}/bin/${name} - Icon=gnome-lockscreen - Name=${name} - Terminal=false - Type=Application - ''; - }; + desktopFile = + let + name = program; + comment = "Chat Programm"; + in + pkgs.writeTextFile { + name = "${name}.desktop"; + destination = "/share/applications/${name}.desktop"; + text = '' + [Desktop Entry] + Categories=Application;Utility; + Comment=${comment} + Encoding=UTF-8 + Exec=${bin}/bin/${name} + Icon=gnome-lockscreen + Name=${name} + Terminal=false + Type=Application + ''; + }; # the script # ---------- - bin = let - backupFile = "${cfg.homeBackup}.tar.lzma"; - rolloutFile = "${cfg.home}.tar.lzma"; - lockFile = "${cfg.home}-lock"; - in pkgs.writeShellScriptBin "${program}" '' - # set -x - if [[ ! -e ${lockFile} ]] - then - # rollout backup - if [[ -e ${backupFile} ]] + bin = + let + backupFile = "${cfg.homeBackup}.tar.lzma"; + rolloutFile = "${cfg.home}.tar.lzma"; + lockFile = "${cfg.home}-lock"; + in + pkgs.writeShellScriptBin "${program}" '' + # set -x + if [[ ! -e ${lockFile} ]] then - cp ${backupFile} ${rolloutFile} - sudo -u ${program} ${tarBin} xf ${rolloutFile} --directory ${cfg.home} - rm ${rolloutFile} - touch ${lockFile} + # rollout backup + if [[ -e ${backupFile} ]] + then + cp ${backupFile} ${rolloutFile} + sudo -u ${program} ${tarBin} xf ${rolloutFile} --directory ${cfg.home} + rm ${rolloutFile} + touch ${lockFile} + fi fi - fi - sudo -u ${program} ${command} - ''; + sudo -u ${program} ${command} + ''; backupScript = pkgs.writeShellScriptBin "${program}-backup" '' sudo -u ${program} \ @@ -75,7 +79,8 @@ let cfg = config.programs.custom.slack; -in { +in +{ options.programs.custom.slack = { enable = mkEnableOption "install slack"; diff --git a/modules/programs/steam.nix b/nixos/modules/programs/steam.nix similarity index 99% rename from modules/programs/steam.nix rename to nixos/modules/programs/steam.nix index 5c44f7b..4a41c24 100644 --- a/modules/programs/steam.nix +++ b/nixos/modules/programs/steam.nix @@ -14,7 +14,8 @@ let cfg = config.programs.custom.steam; -in { +in +{ options.programs.custom.steam.enable = mkEnableOption "enable steam"; diff --git a/modules/programs/taskwarrior.nix b/nixos/modules/programs/taskwarrior.nix similarity index 94% rename from modules/programs/taskwarrior.nix rename to nixos/modules/programs/taskwarrior.nix index e53b228..9b203e5 100644 --- a/modules/programs/taskwarrior.nix +++ b/nixos/modules/programs/taskwarrior.nix @@ -5,7 +5,6 @@ with lib; let cfg = config.programs.custom.taskwarrior; - unstable = import { }; taskNextWeek = pkgs.writeShellScriptBin "taskweek" # sh '' @@ -20,9 +19,9 @@ let '' ${pkgs.taskwarrior}/bin/task "$@" ''; - taskwarrior-tui = unstable.taskwarrior-tui; + taskwarrior-tui = pkgs.unstable.taskwarrior-tui; - vit = unstable.vit.overrideAttrs (old: rec { + vit = pkgs.unstable.vit.overrideAttrs (old: rec { name = "vit-${version}"; version = "master"; src = pkgs.fetchgit { @@ -35,7 +34,8 @@ let }); #vit = pkgs.vit; -in { +in +{ options.programs.custom.taskwarrior.enable = mkEnableOption "Enable Taskwarrior services"; diff --git a/modules/programs/urxvt.nix b/nixos/modules/programs/urxvt.nix similarity index 68% rename from modules/programs/urxvt.nix rename to nixos/modules/programs/urxvt.nix index 3e58175..f825089 100644 --- a/modules/programs/urxvt.nix +++ b/nixos/modules/programs/urxvt.nix @@ -6,7 +6,8 @@ let cfg = config.programs.custom.urxvt; -in { +in +{ options.programs.custom.urxvt = { @@ -63,24 +64,26 @@ in { URxvt.fading: 0 ''; - "X11/Xresource.d/urxvt-font".source = let - fontFamily = "terminus"; - normalFont = fontSize: - "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - boldFont = fontSize: - "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - italicFont = normalFont; - itallicBoldFont = boldFont; - backupFont = fontSize: - "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; + "X11/Xresource.d/urxvt-font".source = + let + fontFamily = "terminus"; + normalFont = fontSize: + "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; + boldFont = fontSize: + "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; + italicFont = normalFont; + itallicBoldFont = boldFont; + backupFont = fontSize: + "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; - fontCommand = key: fontSize: '' - URxvt.keysym.M-${key}: command:\033]710;${normalFont fontSize},${ - backupFont fontSize - }\007\033]711;${boldFont fontSize},${backupFont fontSize}\007 - ''; + fontCommand = key: fontSize: '' + URxvt.keysym.M-${key}: command:\033]710;${normalFont fontSize},${ + backupFont fontSize + }\007\033]711;${boldFont fontSize},${backupFont fontSize}\007 + ''; - in pkgs.writeText "Xresource-urxvt-font" '' + in + pkgs.writeText "Xresource-urxvt-font" '' URxvt.allow_bold: true URxvt.xftAntialias: true @@ -110,28 +113,31 @@ in { ${fontCommand "F4" (cfg.fontSize + 20)} ''; - "X11/Xresource.d/urxvt-colors".source = let - colorTheme = if (cfg.colorTheme == "dark") then '' - #define S_base03 #002b36 - #define S_base02 #073642 - #define S_base01 #586e75 - #define S_base00 #657b83 - #define S_base0 #839496 - #define S_base1 #93a1a1 - #define S_base2 #eee8d5 - #define S_base3 #fdf6e3 - '' else '' - #define S_base03 #fdf6e3 - #define S_base02 #eee8d5 - #define S_base01 #93a1a1 - #define S_base00 #839496 - #define S_base0 #657b83 - #define S_base1 #586e75 - #define S_base2 #073642 - #define S_base3 #002b36 - ''; + "X11/Xresource.d/urxvt-colors".source = + let + colorTheme = + if (cfg.colorTheme == "dark") then '' + #define S_base03 #002b36 + #define S_base02 #073642 + #define S_base01 #586e75 + #define S_base00 #657b83 + #define S_base0 #839496 + #define S_base1 #93a1a1 + #define S_base2 #eee8d5 + #define S_base3 #fdf6e3 + '' else '' + #define S_base03 #fdf6e3 + #define S_base02 #eee8d5 + #define S_base01 #93a1a1 + #define S_base00 #839496 + #define S_base0 #657b83 + #define S_base1 #586e75 + #define S_base2 #073642 + #define S_base3 #002b36 + ''; - in pkgs.writeText "Xresource-urxvt-colors" '' + in + pkgs.writeText "Xresource-urxvt-colors" '' !! Common !! ------ diff --git a/nixos/modules/programs/video.nix b/nixos/modules/programs/video.nix new file mode 100644 index 0000000..2f7be1e --- /dev/null +++ b/nixos/modules/programs/video.nix @@ -0,0 +1,59 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + + cfg = config.programs.custom.video; + + # show keyboard input on desktop for screencasts + screenKey = pkgs.symlinkJoin { + name = "screen-keys"; + paths = + let + screenKeyScript = { position ? "bottom", size ? "small", ... }: + pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh + '' + ${pkgs.screenkey}/bin/screenkey \ + --no-detach \ + --bg-color '#fdf6e3' \ + --font-color '#073642' \ + -p ${position} \ + -s ${size} \ + "$@" + ''; + in + lib.flatten (lib.flip map [ "large" "small" "medium" ] (size: + lib.flip map [ "top" "center" "bottom" ] + (position: screenKeyScript { inherit size position; }))); + }; + +in +{ + + options.programs.custom.video.enable = mkEnableOption "enable video tools"; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + youtube-dl + mplayer + mpv + + # to record your screen + # --------------------- + simplescreenrecorder + screenKey + + # to transcode video material + # --------------------------- + handbrake + ffmpeg-full + + # video editing + # ------------- + openshot-qt + + ]; + }; +} + diff --git a/nixos/modules/programs/vim.nix b/nixos/modules/programs/vim.nix new file mode 100644 index 0000000..d48ec7e --- /dev/null +++ b/nixos/modules/programs/vim.nix @@ -0,0 +1,225 @@ +{ config, lib, pkgs, ... }: + +let + + cfg = config.programs.custom.vim; + + nix-xptemplates = pkgs.writeTextFile { + name = "nix-xptemplates"; + destination = "/ftplugin/nix/nix.xpt.vim"; + text = # vim + '' + XPTemplate priority=personal + + XPT option " tips + `name^ = mkOption { + type = with types; `type^; + description = ${"''"} + `cursor^ + ${"''"}; + }; + + XPT package " tips + { config, lib, ... }: + { + `cursor^ + } + + XPT terranix" tips + { config, lib, pkgs, ... }: + with lib; + let + cfg = config.`name^; + in { + + options.`name^ = mkOption { + default = {}; + type = with types; attrsOf (submodule ({ name, ... }:{ + options = { + enable = mkEnableOption "`name^.name"; + }; + })); + }; + + config = + let + allConfigs = cfg + in + mkIf (cfg != {} ){ + `cursor^ + }; + } + + XPT module " tips + { config, lib, pkgs, ... }: + + with lib; + + let + + cfg = config.`name^; + + in { + + options.`name^ = { + enable = mkEnableOption "enable `name^"; + }; + + config = mkIf cfg.enable { + `cursor^ + }; + } + + XPT shell " tips + { pkgs ? import {} }: + pkgs.mkShell { + + # needed pkgs + # ----------- + buildInputs = with pkgs; [ + `name^ + ]; + + # run this on start + # ----------------- + shellHook = ${"''"} + HISTFILE=${"$"}{toString ./.}/.history + ${"''"}; + } + + XPT fhsUser " tips + { pkgs ? import {} }: + (pkgs.buildFHSUserEnv { + name = "fhs-user-env"; + + targetPkgs = pkgs: with pkgs; [ + # core stuff + # ---------- + vim silver-searcher curl coreutils git tig + + # common X dependencies + # --------------------- + atk cairo dbus eudev expat fontconfig freetype gdk_pixbuf glib gnome3.GConf gtk2-x11 + mesa_glu nspr nss pango xlibs.libXScrnSaver xlibs.libXcomposite xlibs.libXcursor + xlibs.libXdamage xlibs.libXfixes xlibs.libXi xlibs.libXrender xlibs.libXtst xorg.libX11 + xorg.libXext xorg.libXinerama xorg.libxcb + liblo zlib fftw minixml libcxx alsaLib glibc + + # new stuff + # --------- + `cursor^ + + ]; + + # multilib packages + # ----------------- + # these are packages compiled 32bit and 64bit + multiPkgs = pkgs: with pkgs; [ + ]; + + # environment variables + # --------------------- + profile = ${"''"} + export TERM="xterm" + ${"''"}; + + }).env + + ''; + }; + + # active plugins + # -------------- + extra-runtimepath = with pkgs; + lib.concatMapStringsSep "," (pkg: "${pkg.rtp}") [ + vimPlugins.Syntastic + vimPlugins.ack-vim + vimPlugins.airline + vimPlugins.vim-nix + vimPlugins.xptemplate + ]; + + # the vimrc + # --------- + vimrc = pkgs.writeText "vimrc" '' + + " turn on linenumbers + " to turn of :set nonumber + :set number + + " show Trailing Whitespaces + :set list listchars=tab:»·,trail:¶ + + " Map leader is the key for shortcuts + nnoremap + let mapleader = "\" + + " move blocks of text in visual mode + " does not work correctly + vmap xkP`[V`] + vmap xp`[V`] + + " search/grep case insensitive + :set ignorecase + + " tabs should always be 2 spaces + set et ts=2 sts=2 sw=2 + + " installed vim-plugins + set runtimepath=${extra-runtimepath},$VIMRUNTIME,$HOME/.vim,${nix-xptemplates} + + " syntax highlighting on + syntax on + + " xptemplates + " ----------- + " a plugin to insert snippets on demand + set nocompatible + filetype plugin on + + " enable cursor cross + " ------------------- + ":hi CursorLine cterm=NONE ctermbg=darkred ctermfg=white guibg=darkred guifg=white + ":hi CursorColumn cterm=NONE ctermbg=darkred ctermfg=white guibg=darkred guifg=white + :hi CursorLine cterm=NONE ctermbg=0 guibg=#073642 + :hi CursorColumn cterm=NONE ctermbg=0 guibg=#073642 + set cursorline + set cursorcolumn + + " save view + " --------- + augroup AutoSaveFolds + autocmd! + autocmd BufWinLeave * mkview + autocmd BufWinEnter * silent loadview + augroup END + + " some language stuff + " ------------------- + :map s :setlocal spell spelllang=en + + ''; + +in +{ + + # no options + options.programs.custom.vim.enable = lib.mkEnableOption "vim"; + + config = lib.mkIf cfg.enable { + # create vimrc + # ------------ + # and load it as config for vim + environment.variables.VIMINIT = ":so /etc/vimrc"; + environment.etc.vimrc.source = vimrc; + + # set vim to the default editor + # ----------------------------- + programs.vim.defaultEditor = true; + + # install vim + # ----------- + environment.systemPackages = [ pkgs.vim ]; + }; + +} diff --git a/modules/programs/xterm.nix b/nixos/modules/programs/xterm.nix similarity index 67% rename from modules/programs/xterm.nix rename to nixos/modules/programs/xterm.nix index 33968ec..8904c1b 100644 --- a/modules/programs/xterm.nix +++ b/nixos/modules/programs/xterm.nix @@ -6,7 +6,8 @@ let cfg = config.programs.custom.xterm; -in { +in +{ options.programs.custom.xterm = { enable = mkEnableOption "configure and enable urxvt"; @@ -41,17 +42,19 @@ in { ''; - "X11/Xresource.d/xterm-font".source = let - fontFamily = "terminus"; - normalFont = fontSize: - "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - boldFont = fontSize: - "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - italicFont = normalFont; - itallicBoldFont = boldFont; - backupFont = fontSize: - "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; - in pkgs.writeText "Xresource-xterm-font" '' + "X11/Xresource.d/xterm-font".source = + let + fontFamily = "terminus"; + normalFont = fontSize: + "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; + boldFont = fontSize: + "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; + italicFont = normalFont; + itallicBoldFont = boldFont; + backupFont = fontSize: + "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; + in + pkgs.writeText "Xresource-xterm-font" '' XTerm.allow_bold: true XTerm.xftAntialias: true @@ -76,29 +79,32 @@ in { XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize} ''; - "X11/Xresource.d/xterm-colors".source = let - colorTheme = if (cfg.colorTheme == "dark") then '' - #define S_base03 #002b36 - #define S_base02 #073642 - #define S_base01 #586e75 - #define S_base00 #657b83 - #define S_base0 #839496 - #define S_base1 #93a1a1 - #define S_base2 #eee8d5 - #define S_base3 #fdf6e3 + "X11/Xresource.d/xterm-colors".source = + let + colorTheme = + if (cfg.colorTheme == "dark") then '' + #define S_base03 #002b36 + #define S_base02 #073642 + #define S_base01 #586e75 + #define S_base00 #657b83 + #define S_base0 #839496 + #define S_base1 #93a1a1 + #define S_base2 #eee8d5 + #define S_base3 #fdf6e3 - '' else '' - #define S_base03 #fdf6e3 - #define S_base02 #eee8d5 - #define S_base01 #93a1a1 - #define S_base00 #839496 - #define S_base0 #657b83 - #define S_base1 #586e75 - #define S_base2 #073642 - #define S_base3 #002b36 - ''; + '' else '' + #define S_base03 #fdf6e3 + #define S_base02 #eee8d5 + #define S_base01 #93a1a1 + #define S_base00 #839496 + #define S_base0 #657b83 + #define S_base1 #586e75 + #define S_base2 #073642 + #define S_base3 #002b36 + ''; - in pkgs.writeText "Xresource-xterm-colors" '' + in + pkgs.writeText "Xresource-xterm-colors" '' !! Color Configuration !! ------------------- diff --git a/modules/services/castget.nix b/nixos/modules/services/castget.nix similarity index 67% rename from modules/services/castget.nix rename to nixos/modules/services/castget.nix index d660ed0..20ebcfe 100644 --- a/modules/services/castget.nix +++ b/nixos/modules/services/castget.nix @@ -6,7 +6,8 @@ let cfg = config.custom.services.castget; -in { +in +{ options.custom.services.castget = { enable = mkEnableOption "enable custom.services.castget"; @@ -67,25 +68,33 @@ in { restartIfChanged = false; serviceConfig.User = cfg.user; - preStart = let - mkSpools = - mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds; - in concatStringsSep "\n" mkSpools; - script = let - channels = mapAttrsToList (key: ignore: key) cfg.feeds; - castget = "${pkgs.castget}/bin/castget"; + preStart = + let + mkSpools = + mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds; + in + concatStringsSep "\n" mkSpools; + script = + let + channels = mapAttrsToList (key: ignore: key) cfg.feeds; + castget = "${pkgs.castget}/bin/castget"; - configurationFile = let - configurations = mapAttrsToList (key: value: '' - [${key}] - url=${value.url} - spool=${value.spool} - '') cfg.feeds; - in (pkgs.writeText "castget-configuration" - (concatStringsSep "" configurations)); - in (concatMapStringsSep "\n" - (channel: "${castget} --rcfile ${configurationFile} ${channel}") - channels); + configurationFile = + let + configurations = mapAttrsToList + (key: value: '' + [${key}] + url=${value.url} + spool=${value.spool} + '') + cfg.feeds; + in + (pkgs.writeText "castget-configuration" + (concatStringsSep "" configurations)); + in + (concatMapStringsSep "\n" + (channel: "${castget} --rcfile ${configurationFile} ${channel}") + channels); }; systemd.timers."${cfg.serviceName}" = { diff --git a/modules/services/home-assistant.nix b/nixos/modules/services/home-assistant.nix similarity index 69% rename from modules/services/home-assistant.nix rename to nixos/modules/services/home-assistant.nix index 99aa6e8..8f1631b 100644 --- a/modules/services/home-assistant.nix +++ b/nixos/modules/services/home-assistant.nix @@ -11,21 +11,24 @@ let inherit example description default; type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { + valueType = nullOr + (oneOf [ + bool + int + float + str + (attrsOf valueType) + (listOf valueType) + ]) // { description = ""; emptyValue.value = { }; }; - in valueType; + in + valueType; }; -in { +in +{ options.services.homeAssistantConfig = mkMagicMergeOption { description = '' diff --git a/modules/services/lektor.nix b/nixos/modules/services/lektor.nix similarity index 65% rename from modules/services/lektor.nix rename to nixos/modules/services/lektor.nix index 3b325cf..8655451 100644 --- a/modules/services/lektor.nix +++ b/nixos/modules/services/lektor.nix @@ -6,7 +6,8 @@ let cfg = config.services.lektor; -in { +in +{ options.services.lektor = { enable = mkEnableOption "enable services.lektor"; @@ -107,57 +108,59 @@ in { TimeoutStartSec = "infinity"; # it might take some time will this thing is up - ExecStartPre = let + ExecStartPre = + let - sshKeyTarget = "/run/keys.lektor/id_rsa"; + sshKeyTarget = "/run/keys.lektor/id_rsa"; - sshConfig = pkgs.writeText "sshconfig" '' - Host ${cfg.host} - IdentityFile ${sshKeyTarget} + sshConfig = pkgs.writeText "sshconfig" '' + Host ${cfg.host} + IdentityFile ${sshKeyTarget} - Host * - ForwardAgent no - Compression no - ServerAliveInterval 0 - HashKnownHosts no - UserKnownHostsFile ~/.ssh/known_hosts - ControlMaster no - ControlPath ~/.ssh/master-%r@%n:%p - ControlPersist no - ''; - - sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh - '' - set -x - - # setup ~/.ssh - mkdir -p ${cfg.home}/.ssh - chown ${cfg.user} ${cfg.home}/.ssh - chmod 700 ${cfg.home}/.ssh - - cp ${sshConfig} ${cfg.home}/.ssh/config - chown ${cfg.user} ${cfg.home}/.ssh/config - chmod 500 ${cfg.home}/.ssh/config - - mkdir -p ${dirOf sshKeyTarget} - chmod 700 ${dirOf sshKeyTarget} - chown ${cfg.user} ${dirOf sshKeyTarget} - cp ${toString cfg.sshKey} ${sshKeyTarget} - chown ${cfg.user} ${sshKeyTarget} - chmod 500 ${sshKeyTarget} + Host * + ForwardAgent no + Compression no + ServerAliveInterval 0 + HashKnownHosts no + UserKnownHostsFile ~/.ssh/known_hosts + ControlMaster no + ControlPath ~/.ssh/master-%r@%n:%p + ControlPersist no ''; - cloneScript = pkgs.writers.writeDash "clone" # sh - '' - set -x - if [[ `ls ~/${cfg.user} | wc -l` == 0 ]] - then - rm ~/${cfg.user} - fi - ${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user} - ''; + sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh + '' + set -x - in [ "+${sshKeyScript}" "-${cloneScript}" ]; + # setup ~/.ssh + mkdir -p ${cfg.home}/.ssh + chown ${cfg.user} ${cfg.home}/.ssh + chmod 700 ${cfg.home}/.ssh + + cp ${sshConfig} ${cfg.home}/.ssh/config + chown ${cfg.user} ${cfg.home}/.ssh/config + chmod 500 ${cfg.home}/.ssh/config + + mkdir -p ${dirOf sshKeyTarget} + chmod 700 ${dirOf sshKeyTarget} + chown ${cfg.user} ${dirOf sshKeyTarget} + cp ${toString cfg.sshKey} ${sshKeyTarget} + chown ${cfg.user} ${sshKeyTarget} + chmod 500 ${sshKeyTarget} + ''; + + cloneScript = pkgs.writers.writeDash "clone" # sh + '' + set -x + if [[ `ls ~/${cfg.user} | wc -l` == 0 ]] + then + rm ~/${cfg.user} + fi + ${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user} + ''; + + in + [ "+${sshKeyScript}" "-${cloneScript}" ]; }; # todo : add restart ruling diff --git a/modules/services/light-control.nix b/nixos/modules/services/light-control.nix similarity index 81% rename from modules/services/light-control.nix rename to nixos/modules/services/light-control.nix index 6d01dcc..ae80a93 100644 --- a/modules/services/light-control.nix +++ b/nixos/modules/services/light-control.nix @@ -11,24 +11,27 @@ let inherit example description default; type = with lib.types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { + valueType = nullOr + (oneOf [ + bool + int + float + str + (attrsOf valueType) + (listOf valueType) + ]) // { description = ""; emptyValue.value = { }; }; - in valueType; + in + valueType; }; lightControlConfig = pkgs.writeText "light-control.json" (builtins.toJSON cfg.config); -in { +in +{ options.services.mqtt.light-control = { enable = mkEnableOption "enable mqtt.light-control"; diff --git a/modules/services/samba-share.nix b/nixos/modules/services/samba-share.nix similarity index 77% rename from modules/services/samba-share.nix rename to nixos/modules/services/samba-share.nix index 31909f0..47f403c 100644 --- a/modules/services/samba-share.nix +++ b/nixos/modules/services/samba-share.nix @@ -6,7 +6,8 @@ let cfg = config.custom.samba-share; -in { +in +{ options.custom.samba-share = { enable = mkEnableOption "enable custom.samba-share"; @@ -61,27 +62,31 @@ in { disable spoolss = yes ''; - shares = mapAttrs' (name: path: { - name = name; - value = { - browsable = "yes"; - comment = "read only share ${name}"; - path = path; - "read only" = "yes"; - "guest ok" = "yes"; - }; - }) cfg.folders // (mapAttrs' (name: - { users, folder, ... }: { + shares = mapAttrs' + (name: path: { name = name; value = { browsable = "yes"; comment = "read only share ${name}"; - path = folder; - "read only" = "no"; - "valid users" = users; - "guest ok" = "false"; + path = path; + "read only" = "yes"; + "guest ok" = "yes"; }; - }) cfg.private); + }) + cfg.folders // (mapAttrs' + (name: + { users, folder, ... }: { + name = name; + value = { + browsable = "yes"; + comment = "read only share ${name}"; + path = folder; + "read only" = "no"; + "valid users" = users; + "guest ok" = "false"; + }; + }) + cfg.private); }; users.users.smbguest = { diff --git a/modules/services/sshd.nix b/nixos/modules/services/sshd.nix similarity index 67% rename from modules/services/sshd.nix rename to nixos/modules/services/sshd.nix index 2c514b3..a252e27 100644 --- a/modules/services/sshd.nix +++ b/nixos/modules/services/sshd.nix @@ -6,7 +6,8 @@ let cfg = config.services.custom.ssh; -in { +in +{ options.services.custom.ssh = { tools.enable = mkEnableOption "Add ssh tools"; @@ -44,14 +45,16 @@ in { Banner /etc/sshd/banner-line ''; - environment.etc."sshd/banner-line".text = let - text = config.networking.hostName; - size = 80 - (lib.stringLength text); - space = lib.fixedWidthString size " " ""; - in '' - ──────────────────────────────────────────────────────────────────────────────── - ${space}${text} - ''; + environment.etc."sshd/banner-line".text = + let + text = config.networking.hostName; + size = 80 - (lib.stringLength text); + space = lib.fixedWidthString size " " ""; + in + '' + ──────────────────────────────────────────────────────────────────────────────── + ${space}${text} + ''; }) diff --git a/nixos/modules/services/taskwarrior-pushover.nix b/nixos/modules/services/taskwarrior-pushover.nix new file mode 100644 index 0000000..365e842 --- /dev/null +++ b/nixos/modules/services/taskwarrior-pushover.nix @@ -0,0 +1,105 @@ +{ config, lib, pkgs, ... }: + +with lib; +with types; +let + cfg = config.services.taskwarrior-pushover; + name = "taskwarrior-pushover"; +in +{ + options.services.taskwarrior-pushover = { + enable = mkEnableOption "taskwarrior pushover notification service"; + onCalendar = mkOption { + type = str; + default = "4:00:00"; + }; + recurrence = mkOption { + type = enum [ "on" "off" ]; + default = "off"; + }; + pushoverApiTokenFile = mkOption { + type = path; + }; + pushoverUserKeyFile = mkOption { + type = path; + }; + query = mkOption { + type = str; + default = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )"; + }; + dataDir = mkOption { + type = str; + default = "tasks"; + }; + caFile = mkOption { + type = path; + }; + certificateFile = mkOption { + type = path; + }; + credentials = mkOption { + type = str; + }; + keyFile = mkOption { + type = path; + }; + server = mkOption { + type = str; + }; + }; + + config = mkIf cfg.enable { + systemd.services.taskwarrior-pushover = { + enable = true; + serviceConfig = { + DynamicUser = true; + StateDirectory = name; + }; + script = + let + taskwarriorCommand = pkgs.writers.writeDash "taskwarrior-push" '' + ${pkgs.taskwarrior}/bin/task \ + rc.recurrence=${cfg.recurrence} \ + rc:/var/lib/${name}/.taskrc \ + rc.data.location=/var/lib/${name}/${cfg.dataDir} \ + rc.taskd.ca=${cfg.caFile} \ + rc.taskd.certificate=${cfg.certificateFile} \ + rc.taskd.credentials="${cfg.credentials}" \ + rc.taskd.key=${cfg.keyFile} \ + rc.taskd.server=${cfg.server} \ + "$@" + ''; + in + '' + if [ -d /var/lib/${name}/${cfg.dataDir} ] + then + echo "synchronize {cfg.dataDir}" + ${taskwarriorCommand} sync + else + echo "initialize ${cfg.dataDir}" + ${pkgs.coreutils}/bin/yes | ${taskwarriorCommand} sync init + fi + + ${taskwarriorCommand} '${cfg.query}' export \ + | ${pkgs.jq}/bin/jq -r '.[] | @base64' | while read entry + do + echo $entry | base64 --decode | \ + ${pkgs.jq}/bin/jq '{ + "token": "'`cat ${cfg.pushoverApiTokenFile}`'", + "user": "'`cat ${cfg.pushoverUserKeyFile}`'", + "titel": "taskwarrior", + message: .description + }' \ + | ${pkgs.curl}/bin/curl -sS -X POST -H 'Content-Type: application/json' -d @- \ + "https://api.pushover.net/1/messages.json" + done + ''; + }; + systemd.timers.taskwarrior-pushover = { + enable = true; + timerConfig.OnCalendar = cfg.onCalendar; + wantedBy = [ "multi-user.target" ]; + }; + }; + +} diff --git a/modules/services/videoencoder.nix b/nixos/modules/services/videoencoder.nix similarity index 88% rename from modules/services/videoencoder.nix rename to nixos/modules/services/videoencoder.nix index 5bf0679..acf4d15 100644 --- a/modules/services/videoencoder.nix +++ b/nixos/modules/services/videoencoder.nix @@ -30,7 +30,8 @@ let fi ''; -in { +in +{ options.service.videoencoder = { enable = mkEnableOption "enable service.videoencoder"; @@ -91,14 +92,17 @@ in { systemd.services."videoEncoding" = { wantedBy = [ "multi-user.target" ]; enable = true; - script = let - myList = map (value: - createEncoder "/tmp/videoencoder" value.inputFile value.outputFile) - cfg.fileConfig; - in '' - set -x - ${concatStringsSep "\n" myList} - ''; + script = + let + myList = map + (value: + createEncoder "/tmp/videoencoder" value.inputFile value.outputFile) + cfg.fileConfig; + in + '' + set -x + ${concatStringsSep "\n" myList} + ''; }; diff --git a/modules/system/audio.nix b/nixos/modules/system/audio.nix similarity index 98% rename from modules/system/audio.nix rename to nixos/modules/system/audio.nix index c8c8190..7f70540 100644 --- a/modules/system/audio.nix +++ b/nixos/modules/system/audio.nix @@ -7,7 +7,7 @@ let ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa"; jackScript = - pkgs.writeShellScriptBin "jack" (lib.fileContents ); + pkgs.writeShellScriptBin "jack" (lib.fileContents ../../assets/jack.sh); queueElement = { options = { @@ -41,7 +41,8 @@ let cfg = config.system.custom.audio; -in { +in +{ options.system.custom.audio = { enable = mkEnableOption "use PluseAudio"; diff --git a/modules/system/bluetooth.nix b/nixos/modules/system/bluetooth.nix similarity index 99% rename from modules/system/bluetooth.nix rename to nixos/modules/system/bluetooth.nix index 79088d2..d756b87 100644 --- a/modules/system/bluetooth.nix +++ b/nixos/modules/system/bluetooth.nix @@ -4,7 +4,8 @@ let cfg = config.system.custom.bluetooth; -in { +in +{ options.system.custom.bluetooth.enable = lib.mkEnableOption "enable bluetooth support"; diff --git a/modules/system/font.nix b/nixos/modules/system/font.nix similarity index 99% rename from modules/system/font.nix rename to nixos/modules/system/font.nix index 9cb0ab3..f8d10c3 100644 --- a/modules/system/font.nix +++ b/nixos/modules/system/font.nix @@ -6,7 +6,8 @@ let cfg = config.system.custom.fonts; -in { +in +{ options.system.custom.fonts = { enable = mkEnableOption "enable fonts"; diff --git a/modules/system/mainUser.nix b/nixos/modules/system/mainUser.nix similarity index 92% rename from modules/system/mainUser.nix rename to nixos/modules/system/mainUser.nix index da19e78..b09c8dd 100644 --- a/modules/system/mainUser.nix +++ b/nixos/modules/system/mainUser.nix @@ -9,12 +9,14 @@ let dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ]; - vboxGroup = if (config.virtualisation.virtualbox.host.enable) then - [ "vboxusers" ] - else - [ ]; + vboxGroup = + if (config.virtualisation.virtualbox.host.enable) then + [ "vboxusers" ] + else + [ ]; -in { +in +{ options.system.custom.mainUser = { diff --git a/modules/system/on-failure.nix b/nixos/modules/system/on-failure.nix similarity index 96% rename from modules/system/on-failure.nix rename to nixos/modules/system/on-failure.nix index 91800da..1dae774 100644 --- a/modules/system/on-failure.nix +++ b/nixos/modules/system/on-failure.nix @@ -46,7 +46,7 @@ let # todo this output must be better mattermostStart = plan: - pkgs.writeDash "on-failure.${plan.name}" '' + pkgs.writers.writeDash "on-failure.${plan.name}" '' ${pkgs.curl}/bin/curl \ --include \ --request POST \ @@ -55,7 +55,8 @@ let ${cfg.url} ''; -in { +in +{ options.on-failure = api; diff --git a/nixos/modules/system/permown.nix b/nixos/modules/system/permown.nix new file mode 100644 index 0000000..791a63b --- /dev/null +++ b/nixos/modules/system/permown.nix @@ -0,0 +1,99 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.system.permown; + nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}"; + +in +{ + + options.system.permown = mkOption { + default = { }; + type = with types; + attrsOf (submodule ({ config, ... }: { + options = { + directory-mode = mkOption { + default = "=rwx"; + type = types.str; + }; + file-mode = mkOption { + default = "=rw"; + type = types.str; + }; + group = mkOption { + apply = x: if x == null then "" else x; + default = null; + type = types.nullOr types.str; + }; + owner = mkOption { type = types.str; }; + path = mkOption { + default = config._module.args.name; + type = types.path; + }; + umask = mkOption { + default = "0027"; + type = types.str; + }; + timer = mkOption { + default = "hourly"; + type = types.str; + description = + "OnCalendar string on how frequent should this command run"; + }; + }; + })); + }; + + config = + let plans = lib.attrValues cfg; + + in mkIf (plans != [ ]) { + + system.activationScripts.permown = + let + mkdir = { path, ... }: '' + ${pkgs.coreutils}/bin/mkdir -p ${path} + ''; + in + concatMapStrings mkdir plans; + + systemd.services = listToAttrs (flip map plans + ({ path, directory-mode, file-mode, owner, group, umask, ... }: { + name = nameGenerator path; + value = { + environment = { + DIR_MODE = directory-mode; + FILE_MODE = file-mode; + OWNER_GROUP = "${owner}:${group}"; + ROOT_PATH = path; + }; + path = [ pkgs.coreutils pkgs.findutils pkgs.inotifyTools ]; + serviceConfig = { + ExecStart = pkgs.writers.writeDash "permown" '' + set -efu + find "$ROOT_PATH" -exec chown -h "$OWNER_GROUP" {} + + find "$ROOT_PATH" -type d -exec chmod "$DIR_MODE" {} + + find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} + + ''; + PrivateTmp = true; + Restart = "always"; + RestartSec = 10; + UMask = umask; + }; + wantedBy = [ "multi-user.target" ]; + }; + })); + + systemd.timers = listToAttrs (flip map plans ({ path, timer, ... }: { + name = nameGenerator path; + value = { + wantedBy = [ "multi-user.target" ]; + timerConfig.OnCalendar = timer; + }; + })); + + }; + +} diff --git a/modules/system/wifi.nix b/nixos/modules/system/wifi.nix similarity index 99% rename from modules/system/wifi.nix rename to nixos/modules/system/wifi.nix index d9428ce..8cf14d2 100644 --- a/modules/system/wifi.nix +++ b/nixos/modules/system/wifi.nix @@ -6,7 +6,8 @@ let cfg = config.system.custom.wifi; -in { +in +{ options.system.custom.wifi = { enable = mkEnableOption "enable wifi"; diff --git a/modules/system/x11.nix b/nixos/modules/system/x11.nix similarity index 99% rename from modules/system/x11.nix rename to nixos/modules/system/x11.nix index 228ca3c..bf05b42 100644 --- a/modules/system/x11.nix +++ b/nixos/modules/system/x11.nix @@ -6,7 +6,8 @@ let cfg = config.system.custom.x11; -in { +in +{ options.system.custom.x11 = { enable = mkEnableOption "enable x11"; diff --git a/pkgs/bitwig-studio/bitwig-studio-environment.nix b/nixos/pkgs/bitwig-studio/bitwig-studio-environment.nix similarity index 92% rename from pkgs/bitwig-studio/bitwig-studio-environment.nix rename to nixos/pkgs/bitwig-studio/bitwig-studio-environment.nix index b944523..9fbc9a2 100644 --- a/pkgs/bitwig-studio/bitwig-studio-environment.nix +++ b/nixos/pkgs/bitwig-studio/bitwig-studio-environment.nix @@ -10,11 +10,10 @@ let - unstable = import { }; - # function call # ------------- -in (pkgs.buildFHSUserEnv { +in +(pkgs.buildFHSUserEnv { # name of the programm # -------------------- @@ -74,11 +73,6 @@ in (pkgs.buildFHSUserEnv { wolf-spectrum lsp-plugins - #calf - #carla - #unstable.bshapr - #lv2vst - ]; # multilib packages diff --git a/pkgs/bitwig-studio/bitwig-studio1.nix b/nixos/pkgs/bitwig-studio/bitwig-studio1.nix similarity index 93% rename from pkgs/bitwig-studio/bitwig-studio1.nix rename to nixos/pkgs/bitwig-studio/bitwig-studio1.nix index d4e106c..1bc9f1d 100644 --- a/pkgs/bitwig-studio/bitwig-studio1.nix +++ b/nixos/pkgs/bitwig-studio/bitwig-studio1.nix @@ -1,6 +1,27 @@ -{ stdenv, fetchurl, alsaLib, bzip2, cairo, dpkg, freetype, gdk_pixbuf, glib -, gtk2, harfbuzz, jdk, lib, xorg, libbsd, libjack2, libpng, libxkbcommon -, makeWrapper, pixman, xdg_utils, zenity, zlib }: +{ stdenv +, fetchurl +, alsaLib +, bzip2 +, cairo +, dpkg +, freetype +, gdk_pixbuf +, glib +, gtk2 +, harfbuzz +, jdk +, lib +, xorg +, libbsd +, libjack2 +, libpng +, libxkbcommon +, makeWrapper +, pixman +, xdg_utils +, zenity +, zlib +}: stdenv.mkDerivation rec { name = "bitwig-studio-${version}"; diff --git a/pkgs/bitwig-studio/bitwig-studio2.nix b/nixos/pkgs/bitwig-studio/bitwig-studio2.nix similarity index 100% rename from pkgs/bitwig-studio/bitwig-studio2.nix rename to nixos/pkgs/bitwig-studio/bitwig-studio2.nix diff --git a/pkgs/bitwig-studio/bitwig-studio3.nix b/nixos/pkgs/bitwig-studio/bitwig-studio3.nix similarity index 100% rename from pkgs/bitwig-studio/bitwig-studio3.nix rename to nixos/pkgs/bitwig-studio/bitwig-studio3.nix diff --git a/pkgs/default.nix b/nixos/pkgs/default.nix similarity index 76% rename from pkgs/default.nix rename to nixos/pkgs/default.nix index 30ef974..1e0a006 100644 --- a/pkgs/default.nix +++ b/nixos/pkgs/default.nix @@ -2,9 +2,7 @@ self: super: -let - callPackage = super.lib.callPackageWith super; - unstablePkgs = import { }; +let callPackage = super.lib.callPackageWith super; in { @@ -13,7 +11,6 @@ in { landingpage = callPackage ./landingpage { }; light-control = callPackage ./light-control { }; otpmenu = callPackage ./otpmenu { }; - polygon-art = super.callPackage ./polygon-art { }; sononym = callPackage ./sononym { }; sononym-crawler = callPackage ./sononym-crawler { }; taskwarrior-hooks = callPackage ./taskwarrior-hooks { }; diff --git a/pkgs/emoji/default.nix b/nixos/pkgs/emoji/default.nix similarity index 96% rename from pkgs/emoji/default.nix rename to nixos/pkgs/emoji/default.nix index 9171a77..aba2d04 100644 --- a/pkgs/emoji/default.nix +++ b/nixos/pkgs/emoji/default.nix @@ -40,9 +40,10 @@ let Yᵒᵘ Oᶰˡʸ Lᶤᵛᵉ Oᶰᶜᵉ | yolo ⊹╰(⌣ʟ⌣)╯⊹ | zen @}-,-`- | rose - ''; + ''; -in writeShellScriptBin "emoticons" '' +in +writeShellScriptBin "emoticons" '' set -efu data=$(${coreutils}/bin/cat ${emoticons}) diff --git a/pkgs/gitlog2json/default.nix b/nixos/pkgs/gitlog2json/default.nix similarity index 63% rename from pkgs/gitlog2json/default.nix rename to nixos/pkgs/gitlog2json/default.nix index 972fca8..db3f91e 100644 --- a/pkgs/gitlog2json/default.nix +++ b/nixos/pkgs/gitlog2json/default.nix @@ -1,9 +1,11 @@ { pkgs, lib, ... }: -pkgs.writers.writePython3Bin "gitlog2json" { +pkgs.writers.writePython3Bin "gitlog2json" +{ libraries = [ pkgs.python3Packages.GitPython pkgs.python3Packages.click pkgs.python3Packages.elasticsearch ]; -} (lib.fileContents ./gitlog2json.py) +} + (lib.fileContents ./gitlog2json.py) diff --git a/pkgs/gitlog2json/gitlog2json.py b/nixos/pkgs/gitlog2json/gitlog2json.py similarity index 100% rename from pkgs/gitlog2json/gitlog2json.py rename to nixos/pkgs/gitlog2json/gitlog2json.py diff --git a/pkgs/gitlog2json/log.py b/nixos/pkgs/gitlog2json/log.py similarity index 100% rename from pkgs/gitlog2json/log.py rename to nixos/pkgs/gitlog2json/log.py diff --git a/pkgs/gitlog2json/shell.nix b/nixos/pkgs/gitlog2json/shell.nix similarity index 100% rename from pkgs/gitlog2json/shell.nix rename to nixos/pkgs/gitlog2json/shell.nix diff --git a/pkgs/landingpage/default.nix b/nixos/pkgs/landingpage/default.nix similarity index 96% rename from pkgs/landingpage/default.nix rename to nixos/pkgs/landingpage/default.nix index b5305b1..abba95d 100644 --- a/pkgs/landingpage/default.nix +++ b/nixos/pkgs/landingpage/default.nix @@ -1,5 +1,10 @@ -{ lib, writeTextFile, jsonConfig ? { }, title ? "Landing Page" -, destination ? "/index.html", ... }: +{ lib +, writeTextFile +, jsonConfig ? { } +, title ? "Landing Page" +, destination ? "/index.html" +, ... +}: with lib; diff --git a/pkgs/light-control/default.nix b/nixos/pkgs/light-control/default.nix similarity index 100% rename from pkgs/light-control/default.nix rename to nixos/pkgs/light-control/default.nix diff --git a/pkgs/otpmenu/default.nix b/nixos/pkgs/otpmenu/default.nix similarity index 90% rename from pkgs/otpmenu/default.nix rename to nixos/pkgs/otpmenu/default.nix index d0bc555..e2a151b 100644 --- a/pkgs/otpmenu/default.nix +++ b/nixos/pkgs/otpmenu/default.nix @@ -1,5 +1,12 @@ -{ lib, symlinkJoin, rofi, gnused, pass-otp, writeTextFile, writeShellScriptBin -, xdotool }: +{ lib +, symlinkJoin +, rofi +, gnused +, pass-otp +, writeTextFile +, writeShellScriptBin +, xdotool +}: let @@ -36,7 +43,8 @@ let printf %s "$otp" | ${xdotool}/bin/xdotool type -f - ''; -in symlinkJoin rec { +in +symlinkJoin rec { version = "1.0.0"; name = "otpMenu-${version}"; paths = [ bin desktopFile ]; diff --git a/pkgs/pixelnuke/default.nix b/nixos/pkgs/pixelnuke/default.nix similarity index 100% rename from pkgs/pixelnuke/default.nix rename to nixos/pkgs/pixelnuke/default.nix diff --git a/pkgs/q/README.md b/nixos/pkgs/q/README.md similarity index 100% rename from pkgs/q/README.md rename to nixos/pkgs/q/README.md diff --git a/nixos/pkgs/q/default.nix b/nixos/pkgs/q/default.nix new file mode 100644 index 0000000..034918c --- /dev/null +++ b/nixos/pkgs/q/default.nix @@ -0,0 +1,362 @@ +{ pkgs +, lib + # tzselect is your frind do find timezones +, timeZones ? [ ] +, timeColor ? 9 +, timeZoneColor ? 10 +, calBackgroundColor ? 10 +, calWeekColor ? 13 +, calDayColor ? 9 +, enableIntelBacklight ? true +, userHighlight ? [ "palo" ] +, enableBattery ? true +, ... +}: + +let + + hrule = "${pkgs.terminal-tools}/bin/hrule"; + + q-cal = + let + + # Maximum width of cal's output. + calwidth = 23; + + # Number of space characters between two calendars. + hspace = 2; + + # Return number of columns required to print n calenders side by side. + need_width = n: assert n >= 1; n * calwidth + (n - 1) * hspace; + + lpad = n: c: s: if lib.stringLength s < n then lpad n c (c + s) else s; + + pad = '' + { + ${pkgs.gnused}/bin/sed ' + # rtrim + s/ *$// + + # delete last empty line + ''${/^$/d} + ' \ + | ${pkgs.gawk}/bin/awk '{printf "%-${ + toString calwidth + }s\n", $0}' \ + | ${pkgs.gnused}/bin/sed " + # colorize header + 1,2s/.*/[38;5;${toString calBackgroundColor}m&/ + + # highlight current week + s/^$(${pkgs.coreutils}/bin/date +%W)/[38;5;${ + toString calWeekColor + }m&/ + + # colorize week number + s/^[ 1-9][0-9]/[38;5;${ + toString calBackgroundColor + }m&/ + " + }''; + in + '' + cols=$(${pkgs.ncurses}/bin/tput cols) + ${pkgs.coreutils}/bin/paste \ + <(if test $cols -ge ${toString (need_width 3)}; then + ${pkgs.utillinux}/bin/cal -mw \ + $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \ + | ${pad} + fi) \ + <(if test $cols -ge ${toString (need_width 1)}; then + ${pkgs.utillinux}/bin/cal -mw \ + | ${pkgs.gnused}/bin/sed ' + # colorize day of month + s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/[38;5;${ + toString calDayColor + }m&/ + ' \ + | ${pad} + fi) \ + <(if test $cols -ge ${toString (need_width 2)}; then + ${pkgs.utillinux}/bin/cal -mw \ + $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \ + | ${pad} + fi) \ + | ${pkgs.gnused}/bin/sed ' + s/^\t// + s/\t$// + s/\t/${lpad hspace " " ""}/g + ' + ''; + + q-timeZoneDate = size: zone: + let + dateString = comment: + "'+%Y-%m-%dT[;38;5;${ + toString timeColor + }m%H:%M:%S[;38;5;${toString timeZoneColor}m%:z ${comment}' "; + timeZoneVariable = lib.optionalString (zone != null) "TZ=${zone}"; + comment = lib.optionalString (zone != null) + " : ${lib.fixedWidthString size " " zone}"; + # sh + in + '' + ${timeZoneVariable} ${pkgs.coreutils}/bin/date ${ + dateString comment + } | ${pkgs.terminal-tools}/bin/center + ''; + + q-timeZoneDates = + if timeZones == [ ] then + q-timeZoneDate 0 null + else + let size = lib.foldr lib.max 0 (map builtins.stringLength timeZones); + in lib.concatMapStringsSep "\n" (q-timeZoneDate size) timeZones; + + q-intel_backlight = '' + cd /sys/class/backlight/intel_backlight + = .42) full_color = "2" + else if (charge >= .23) full_color = "3" + else full_color = "1" + + left_arrow = 1 + middle_arrow = 1 + right_arrow = 1 + if (full_bars == 0) { + left_arrow = 0 + middle_arrow = 0 + } + if (empty_bars == 0) { + middle_arrow = 0 + right_arrow = 0 + } + + empty_color = "0"; + return sgr("38;5;" 8) sgr("48;5;" full_color) strdup("",left_arrow) strdup(" ", full_bars) sgr("48;5;" empty_color) sgr("38;5;" full_color) strdup("",middle_arrow) strdup(" ", empty_bars) sgr() sgr("38;5;" empty_color) strdup("",right_arrow) sgr() + } + + function sgr(p) { + return "\x1b[" p "m" + } + + function strdup(s,n,t) { + t = sprintf("%"n"s","") + gsub(/ /,s,t) + return t + } + + END { + name = ENVIRON["POWER_SUPPLY_NAME"] + + charge_unit = "Ah" + charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 + charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 + + current_unit = "A" + current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 + + energy_unit = "Wh" + energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 + energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + + power_unit = "W" + power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 + + voltage_unit = "V" + voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 + voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 + + #printf "charge_now: %s\n", charge_now + #printf "charge_full: %s\n", charge_full + #printf "current_now: %s\n", current_now + #printf "energy_now: %s\n", energy_now + #printf "energy_full: %s\n", energy_full + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] + #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 + #printf "power_now: %s\n", power_now + #printf "voltage_now: %s\n", voltage_now + + if (current_now == 0 && voltage_now != 0) { + current_now = power_now / voltage_now + } + if (power_now == 0) { + power_now = current_now * voltage_now + } + if (charge_now == 0 && voltage_min_design != 0) { + charge_now = energy_now / voltage_min_design + } + if (energy_now == 0) { + energy_now = charge_now * voltage_min_design + } + if (charge_full == 0 && voltage_min_design != 0) { + charge_full = energy_full / voltage_min_design + } + if (energy_full == 0) { + energy_full = charge_full * voltage_min_design + } + + if (charge_now == 0 || charge_full == 0) { + die("unknown charge") + } + + charge_ratio = charge_now / charge_full + + out = out sprintf("%20s │", name) + out = out sprintf(" %s", print_bar(10, charge_ratio)) + out = out sprintf(" %d%", charge_ratio * 100) + out = out sprintf(" %.2f%s", charge_now, charge_unit) + if (current_now != 0) { + out = out sprintf("/%.1f%s", current_now, current_unit) + } + out = out sprintf(" %d%s", energy_full, energy_unit) + if (power_now != 0) { + out = out sprintf("/%.1f%s", power_now, power_unit) + } + if (current_now != 0) { + out = out sprintf(" %s", print_hm(charge_now / current_now)) + } + + print out + } + ' + ''; + in + '' + for uevent in /sys/class/power_supply/*/uevent; do + ${power_supply} "$uevent" || : + done + ''; + + q-virtualization = '' + printf '%20s │ %s\n' "VT" \ + $(${pkgs.systemd}/bin/systemd-detect-virt) + ''; + + q-wireless = '' + for dev in $( + ${pkgs.iw}/bin/iw dev \ + | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' + ); do + inet=$(${pkgs.iproute}/bin/ip addr show $dev \ + | ${pkgs.gnused}/bin/sed -n ' + s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p + ') \ + || unset inet + ssid=$(${pkgs.iw}/bin/iw dev $dev link \ + | ${pkgs.gnused}/bin/sed -n ' + s/.*\tSSID: \(.*\)/\1/p + ') \ + || unset ssid + printf '%20s │ %s %s\n' $dev ''${inet+ $inet} ''${ssid+ $ssid} + done + ''; + + q-online = '' + if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then + echo ' status │ online' + else + echo ' status │ offline ' + fi + ''; + + q-thermal_zone = '' + for i in /sys/class/thermal/thermal_zone*; do + type=$(${pkgs.coreutils}/bin/cat $i/type) + temp=$(${pkgs.coreutils}/bin/cat $i/temp) + printf '%20s │ %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc) + done + ''; + + q-show-users = '' + ${pkgs.procps}/bin/ps -eo user \ + | ${pkgs.gnused}/bin/sed '1 d' \ + | ${pkgs.coreutils}/bin/sort \ + | ${pkgs.coreutils}/bin/uniq \ + | ${pkgs.gnugrep}/bin/egrep --color=always '(${ + lib.concatStringsSep "|" userHighlight + })|$' \ + | ${pkgs.utillinux}/bin/column + ''; + + q-task-checklist = '' + ${pkgs.taskwarrior}/bin/task export +checklist status:pending +READY | \ + ${pkgs.jq}/bin/jq \ + --raw-output ' + sort_by(.description) | reverse | + .[] | + "[ \( .id ) ] \( .description )" + ' + ''; + + q-task-active = '' + ${pkgs.taskwarrior}/bin/task export \ + +ACTIVE status:pending \ + | ${pkgs.jq}/bin/jq --raw-output '.[] | "⇒ \(.id) \(.description)"' + ''; + + # bash needed for <(...) +in +pkgs.writers.writeBashBin "q" '' + set -eu + export PATH=/var/empty + ${hrule} + ${q-cal} + ${hrule} + ${q-timeZoneDates} + ${hrule} + ${lib.optionalString enableIntelBacklight "(${q-intel_backlight}) &"} + ${lib.optionalString enableBattery "(${q-power_supply}) &"} + (${q-virtualization}) & + (${q-wireless}) & + (${q-online}) & + (${q-thermal_zone}) & wait + ${hrule} + ${q-task-active} + ${hrule} + ${q-task-checklist} + ${hrule} + ${q-show-users} +'' diff --git a/pkgs/sononym-crawler/default.nix b/nixos/pkgs/sononym-crawler/default.nix similarity index 98% rename from pkgs/sononym-crawler/default.nix rename to nixos/pkgs/sononym-crawler/default.nix index bb52774..0ff2812 100644 --- a/pkgs/sononym-crawler/default.nix +++ b/nixos/pkgs/sononym-crawler/default.nix @@ -32,7 +32,8 @@ let }; -in (pkgs.buildFHSUserEnv { +in +(pkgs.buildFHSUserEnv { # name it # ------- diff --git a/pkgs/sononym/default.nix b/nixos/pkgs/sononym/default.nix similarity index 98% rename from pkgs/sononym/default.nix rename to nixos/pkgs/sononym/default.nix index e417243..9b9d6d4 100644 --- a/pkgs/sononym/default.nix +++ b/nixos/pkgs/sononym/default.nix @@ -32,7 +32,8 @@ let }; -in (pkgs.buildFHSUserEnv { +in +(pkgs.buildFHSUserEnv { # name it # ------- diff --git a/pkgs/taskwarrior-hooks/default.nix b/nixos/pkgs/taskwarrior-hooks/default.nix similarity index 100% rename from pkgs/taskwarrior-hooks/default.nix rename to nixos/pkgs/taskwarrior-hooks/default.nix diff --git a/pkgs/terminal-tools/default.nix b/nixos/pkgs/terminal-tools/default.nix similarity index 100% rename from pkgs/terminal-tools/default.nix rename to nixos/pkgs/terminal-tools/default.nix diff --git a/nixos/system/all/borg-jobs.nix b/nixos/system/all/borg-jobs.nix new file mode 100644 index 0000000..5275b75 --- /dev/null +++ b/nixos/system/all/borg-jobs.nix @@ -0,0 +1,81 @@ +{ config, lib, ... }: { + + options = { + backup.dirs = lib.mkOption { + default = [ ]; + type = with lib.types; listOf str; + description = '' + folders to backup + ''; + }; + backup.exclude = lib.mkOption { + default = [ ]; + type = with lib.types; listOf str; + description = '' + exclude files and folders matching a pattern. + Theses patterns effect all folders in `backup.dirs`. + see man borg pattern for more information + ''; + example = [ ".git" "/home/*/.cache" ".stfolder" ]; + }; + }; + + config = + let + + servers = [ + { + name = "workhorse"; + host = "workhorse.private"; + } + { + name = "pepe"; + host = "pepe.private"; + } + ]; + + dirs = config.backup.dirs; + + myHostname = config.networking.hostName; + + setup = server: { + paths = config.backup.dirs; + exclude = config.backup.exclude; + doInit = true; + repo = "borg@${server}:./${myHostname}"; + encryption = { + mode = "repokey-blake2"; + passCommand = + "cat ${config.sops.secrets.backup_repository_passphrase.path}"; + }; + environment.BORG_RSH = + "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}"; + compression = "auto,lzma"; + startAt = "daily"; + prune.keep = { + within = "10d"; # Keep all backups in the last 10 days. + weekly = 8; # Keep 8 additional end of week archives. + monthly = -1; # Keep end of month archive for every month + }; + + }; + + in + { + + sops.secrets.backup_repository_passphrase = { }; + sops.secrets.backup_ssh_rsa_private = { }; + + services.borgbackup.jobs = + let + setups = map ({ name, host }: { "${name}" = setup host; }) servers; + setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups; + nonEmptySetups = + lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0) + setupAttrs; + in + nonEmptySetups; + + }; + +} diff --git a/nixos/system/all/borg-scripts.nix b/nixos/system/all/borg-scripts.nix new file mode 100644 index 0000000..8ad58b0 --- /dev/null +++ b/nixos/system/all/borg-scripts.nix @@ -0,0 +1,24 @@ +{ pkgs, lib, ... }: { + + environment.systemPackages = + let + createScript = command: host: repository: + pkgs.writers.writeBashBin + "borg-${command}-on-${host}-for-${repository}" '' + ${pkgs.borgbackup}/bin/borg \ + ${command} \ + --rsh='ssh -i ~/.ssh/card_rsa.pub' borg@${host}.private:${repository}/. \ + "$@" + ''; + hosts = [ "workhorse" "pepe" ]; + repositories = [ "workhorse" "pepe" "sterni" "workout" ]; + commands = [ "list" ]; + in + lib.flatten (map + (command: + map + (host: map (repository: createScript command host repository) repositories) + hosts) + commands); + +} diff --git a/system/all/default.nix b/nixos/system/all/default.nix similarity index 92% rename from system/all/default.nix rename to nixos/system/all/default.nix index 0fc5a49..e06fae6 100644 --- a/system/all/default.nix +++ b/nixos/system/all/default.nix @@ -1,13 +1,11 @@ { lib, config, pkgs, ... }: { + imports = [ - - - - + ../../modules # needed - + # # cross-compiling # @@ -35,7 +33,7 @@ # provide overlays # ----------------- - nixpkgs.overlays = [ (import ) (import ) ]; + nixpkgs.overlays = [ (import ../../pkgs) ]; # allow un-free # ------------- diff --git a/system/all/grub.nix b/nixos/system/all/grub.nix similarity index 99% rename from system/all/grub.nix rename to nixos/system/all/grub.nix index 6424a04..8b3858c 100644 --- a/system/all/grub.nix +++ b/nixos/system/all/grub.nix @@ -5,7 +5,8 @@ let rev = "fe27cbc99e994d50bb4269a9388e3f7d60492ffa"; sha256 = "1z8zc4k2mh8d56ipql8vfljvdjczrrna5ckgzjsdyrndfkwv8ghw"; }; -in { +in +{ boot.loader.grub.extraConfig = '' set theme=($drive1)//themes/fallout-grub-theme/theme.txt diff --git a/system/all/hosts.nix b/nixos/system/all/hosts.nix similarity index 100% rename from system/all/hosts.nix rename to nixos/system/all/hosts.nix diff --git a/system/all/networking-qos.nix b/nixos/system/all/networking-qos.nix similarity index 74% rename from system/all/networking-qos.nix rename to nixos/system/all/networking-qos.nix index 645fca9..82c6213 100644 --- a/system/all/networking-qos.nix +++ b/nixos/system/all/networking-qos.nix @@ -26,28 +26,30 @@ }; }; - config = let - kbits = number: - import (pkgs.runCommand "round-${toString number}" { } - ''awk 'BEGIN{printf "\"%ikbit\"", ${toString number}}' > $out''); + config = + let + kbits = number: + import (pkgs.runCommand "round-${toString number}" { } + ''awk 'BEGIN{printf "\"%ikbit\"", ${toString number}}' > $out''); - interface = config.configuration.fireqos.interface; - input = "${toString config.configuration.fireqos.input}kbit"; - output = "${toString config.configuration.fireqos.output}kbit"; - tincInput = kbits (config.configuration.fireqos.input * 0.7); - tincOutput = kbits (config.configuration.fireqos.output * 0.7); - useBalancedForExperimenting = false; + interface = config.configuration.fireqos.interface; + input = "${toString config.configuration.fireqos.input}kbit"; + output = "${toString config.configuration.fireqos.output}kbit"; + tincInput = kbits (config.configuration.fireqos.input * 0.7); + tincOutput = kbits (config.configuration.fireqos.output * 0.7); + useBalancedForExperimenting = false; - tincPorts = - lib.mapAttrsToList (name: configuration: toString configuration.port) - config.module.cluster.services.tinc; + tincPorts = + lib.mapAttrsToList (name: configuration: toString configuration.port) + config.module.cluster.services.tinc; - in { + in + { - # https://firehol.org/tutorial/fireqos-new-user/ - services.fireqos.enable = config.configuration.fireqos.enable; - systemd.services.fireqos.wantedBy = [ "multi-user.target" ]; - services.fireqos.config = '' + # https://firehol.org/tutorial/fireqos-new-user/ + services.fireqos.enable = config.configuration.fireqos.enable; + systemd.services.fireqos.wantedBy = [ "multi-user.target" ]; + services.fireqos.config = '' # ------------------- world @@ -121,6 +123,6 @@ ''; - }; + }; } diff --git a/system/all/nginx-landingpage.nix b/nixos/system/all/nginx-landingpage.nix similarity index 89% rename from system/all/nginx-landingpage.nix rename to nixos/system/all/nginx-landingpage.nix index 4051593..762b698 100644 --- a/system/all/nginx-landingpage.nix +++ b/nixos/system/all/nginx-landingpage.nix @@ -228,28 +228,32 @@ } { text = "Syncthings"; - items = map ({ name, host ? "${name}.private", ... }: { - label = name; - href = "http://${host}:8384/"; - image = - "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif"; - }) (map (name: { inherit name; }) (lib.attrNames - config.module.cluster.services.tinc."private".hosts)); + items = map + ({ name, host ? "${name}.private", ... }: { + label = name; + href = "http://${host}:8384/"; + image = + "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif"; + }) + (map (name: { inherit name; }) (lib.attrNames + config.module.cluster.services.tinc."private".hosts)); } { text = "netdata"; - items = map ({ name, host ? "${name}.private", ... }: { - label = name; - href = "http://${host}:19999/"; - image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif"; - }) (map (name: { inherit name; }) [ - "workhorse" - "porani" - "pepe" - "sputnik" - ] - #(lib.attrNames config.module.cluster.services.tinc."private".hosts) - ); + items = map + ({ name, host ? "${name}.private", ... }: { + label = name; + href = "http://${host}:19999/"; + image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif"; + }) + (map (name: { inherit name; }) [ + "workhorse" + "porani" + "pepe" + "sputnik" + ] + #(lib.attrNames config.module.cluster.services.tinc."private".hosts) + ); } ]; }; diff --git a/system/all/nginx.nix b/nixos/system/all/nginx.nix similarity index 99% rename from system/all/nginx.nix rename to nixos/system/all/nginx.nix index f9c566f..58b64fc 100644 --- a/system/all/nginx.nix +++ b/nixos/system/all/nginx.nix @@ -2,7 +2,8 @@ let access_log_sink = "workhorse.private:12304"; error_log_sink = "workhorse.private:12305"; -in { +in +{ security.acme.email = "contact@ingolf-wagner.de"; security.acme.acceptTerms = true; diff --git a/nixos/system/all/on-failure.nix b/nixos/system/all/on-failure.nix new file mode 100644 index 0000000..1abdc3b --- /dev/null +++ b/nixos/system/all/on-failure.nix @@ -0,0 +1,17 @@ +{ lib, ... }: +{ + #on-failure = { + # enable = true; + # plans = { + # tinc_private.name = "tinc.private"; + # tinc_retiolum.name = "tinc.retiolum"; + # sshd.name = "sshd"; + # tor.name = "tor"; + # dnsmasq.name = "dnsmasq"; + # #backup_on_workhorse.name = "backup.on-workhorse.private"; + # #backup_on_workout.name = "backup.on-workout.private"; + # #backup_on_porani.name = "backup.on-porani.private"; + # syncthing.name = "syncthing"; + # }; + #}; +} diff --git a/system/all/packages.nix b/nixos/system/all/packages.nix similarity index 76% rename from system/all/packages.nix rename to nixos/system/all/packages.nix index f857b09..90a77b5 100644 --- a/system/all/packages.nix +++ b/nixos/system/all/packages.nix @@ -2,14 +2,6 @@ let - pastebin = pkgs.writers.writeDashBin "pastebin" '' - exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli \ - --lifetime 1m \ - --url http://workhorse.private:8000 \ - --pass ${lib.fileContents } \ - "$@" | sed -e s/workhorse.private:8000/paste.ingolf-wagner.de/ - ''; - memoryUsage = pkgs.writers.writeDashBin "memory-total-usage" '' echo " %CPU %MEM MEM : PROCESS" echo "------- ------- ------------- -------" @@ -37,14 +29,17 @@ let EOF ''; - storepath = let - dirname = "${pkgs.coreutils-full}/bin/dirname"; - readlink = "${pkgs.coreutils-full}/bin/readlink"; - in pkgs.writers.writeBashBin "storepath" '' - ${dirname} $( ${readlink} $( type -p "$1" ) ) - ''; + storepath = + let + dirname = "${pkgs.coreutils-full}/bin/dirname"; + readlink = "${pkgs.coreutils-full}/bin/readlink"; + in + pkgs.writers.writeBashBin "storepath" '' + ${dirname} $( ${readlink} $( type -p "$1" ) ) + ''; -in { +in +{ #imports = [ ./packages/llvm-config-dummy.nix ]; @@ -82,8 +77,6 @@ in { zip unzip - #pastebin # no need - jq miller diff --git a/nixos/system/all/packages/llvm-config-dummy.nix b/nixos/system/all/packages/llvm-config-dummy.nix new file mode 100644 index 0000000..06f89b3 --- /dev/null +++ b/nixos/system/all/packages/llvm-config-dummy.nix @@ -0,0 +1,43 @@ +{ pkgs, config, lib, ... }: +with pkgs.lib; { + environment.systemPackages = + let + llvm = pkgs.llvm; + llvm-config = pkgs.writers.writeBashBin "llvm-config" '' + while [[ $# -gt 0 ]]; do + arg="$1" + case $arg in + --assertion-mode) + echo "OFF" + ;; + --bindir) + echo "${getBin llvm}/bin" + ;; + --libdir) + echo "${getLib llvm}/lib" + ;; + --includedir) + echo "${getDev llvm}/include" + ;; + --prefix) + echo "${llvm.out}" + ;; + --src-root) + echo "/build/llvm"; + ;; + --obj-root) + echo "/build/llvm/build"; + ;; + --cmakedir) + echo "${getDev llvm}/lib/cmake/llvm" + ;; + *) + echo "Unhandled argument '$arg' passed to dummy llvm-config!" + exit 1 + esac + shift + done + ''; + in + [ llvm-config ]; +} diff --git a/system/all/shell.nix b/nixos/system/all/shell.nix similarity index 81% rename from system/all/shell.nix rename to nixos/system/all/shell.nix index 18d0b32..b70ab71 100644 --- a/system/all/shell.nix +++ b/nixos/system/all/shell.nix @@ -1,4 +1,2 @@ { config, lib, ... }: -{ - -} +{ } diff --git a/nixos/system/all/sshd-known-hosts-bootup.nix b/nixos/system/all/sshd-known-hosts-bootup.nix new file mode 100644 index 0000000..8a71e8a --- /dev/null +++ b/nixos/system/all/sshd-known-hosts-bootup.nix @@ -0,0 +1,58 @@ +{ config, lib, pkgs, ... }: +with lib; +let + + computers = { + #workhorse = { + # onionId = fileContents ../../private_assets/onion_id_workhorse; + # publicKey = + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx"; + #}; + #porani = { + # onionId = fileContents ../../private_assets/onion_id_porani; + # publicKey = + # "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4="; + #}; + }; + +in +{ + + services.openssh.knownHosts = mapAttrs' + (name: + { onionId, publicKey, ... }: { + name = "${name}-init-ssh"; + value = { + hostNames = [ onionId ]; + inherit publicKey; + }; + }) + computers; + + environment.systemPackages = + let + + ssh = mapAttrsToList + (name: + { onionId, ... }: + pkgs.writers.writeDashBin "ssh-boot-to-${name}" '' + ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 + '') + computers; + + password = mapAttrsToList + (name: + { onionId, ... }: + pkgs.writers.writeDashBin "unlock-boot-${name}" '' + ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 ' + echo -n "enter password : " + read password + echo "$password" > /crypt-ramfs/passphrase + ' + '') + computers; + + in + ssh ++ password; + +} diff --git a/system/all/sshd-known-hosts-private.nix b/nixos/system/all/sshd-known-hosts-private.nix similarity index 100% rename from system/all/sshd-known-hosts-private.nix rename to nixos/system/all/sshd-known-hosts-private.nix diff --git a/system/all/sshd-known-hosts-public.nix b/nixos/system/all/sshd-known-hosts-public.nix similarity index 100% rename from system/all/sshd-known-hosts-public.nix rename to nixos/system/all/sshd-known-hosts-public.nix diff --git a/system/all/sshd.nix b/nixos/system/all/sshd.nix similarity index 79% rename from system/all/sshd.nix rename to nixos/system/all/sshd.nix index 53e41d3..fc5b615 100644 --- a/system/all/sshd.nix +++ b/nixos/system/all/sshd.nix @@ -11,7 +11,7 @@ with lib; tools.enable = true; sshd = { enable = true; - rootKeyFiles = [ (toString ) ]; + rootKeyFiles = [ (toString ../../assets/ssh/card_rsa.pub) ]; }; }; diff --git a/system/all/syncthing.nix b/nixos/system/all/syncthing.nix similarity index 89% rename from system/all/syncthing.nix rename to nixos/system/all/syncthing.nix index 3b4e22f..23e937f 100644 --- a/system/all/syncthing.nix +++ b/nixos/system/all/syncthing.nix @@ -5,23 +5,25 @@ with lib; { guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384"; declarative = { overrideDevices = true; - devices = let - device = name: id: { - "${name}" = { - name = name; - id = id; - addresses = - [ "tcp://${name}.private:22000" "tcp://${name}.private:21027" ]; + devices = + let + device = name: id: { + "${name}" = { + name = name; + id = id; + addresses = + [ "tcp://${name}.private:22000" "tcp://${name}.private:21027" ]; + }; }; - }; - in (device "workhorse" - "AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI") - // (device "pepe" - "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG") - // (device "workout" - "DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC") - // (device "sterni" - "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // { + in + (device "workhorse" + "AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI") + // (device "pepe" + "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG") + // (device "workout" + "DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC") + // (device "sterni" + "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // { "porani" = { name = "porani"; id = diff --git a/system/all/tinc.nix b/nixos/system/all/tinc.nix similarity index 56% rename from system/all/tinc.nix rename to nixos/system/all/tinc.nix index 9b762ed..5782c0c 100644 --- a/system/all/tinc.nix +++ b/nixos/system/all/tinc.nix @@ -7,9 +7,10 @@ let sha256 = "0kczrr6dr5dmhx2kbanw46w6ig2v3w42rqhjanv87xhwkgw81l08"; }; -in { +in +{ - imports = [ ]; + imports = [ ../../modules ]; networking.firewall.trustedInterfaces = [ "tinc.private" ]; @@ -22,24 +23,25 @@ in { LocalDiscovery = yes AutoConnect = yes ''; - privateEd25519KeyFile = toString ; - privateRsaKeyFile = toString ; + privateEd25519KeyFile = + toString config.sops.secrets.tinc_retiolum_ed25519_key.path; + privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path; hosts = { pepe = { tincIp = "10.243.23.1"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; sterni = { tincIp = "10.243.23.3"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; workhorse = { tincIp = "10.243.23.5"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; workout = { tincIp = "10.243.23.4"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; }; }; }; @@ -51,31 +53,32 @@ in { LocalDiscovery = yes AutoConnect = yes ''; - privateEd25519KeyFile = toString ; - privateRsaKeyFile = toString ; + privateEd25519KeyFile = + toString config.sops.secrets.tinc_ed25519_key.path; + privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; hosts = { sternchen = { tincIp = "10.123.42.25"; - # publicKey = lib.fileContents ; - publicKey = lib.fileContents ; + # publicKey = lib.fileContents ../../assets/tinc/sterni_host_file; + publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file; }; sterni = { tincIp = "10.123.42.24"; - # publicKey = lib.fileContents ; - publicKey = lib.fileContents ; + # publicKey = lib.fileContents ../../assets/tinc/sterni_host_file; + publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; porani = { tincIp = "10.123.42.31"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/porani_host_file; }; workhorse = { tincIp = "10.123.42.21"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; }; sputnik = { realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; tincIp = "10.123.42.122"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; }; }; }; @@ -85,33 +88,34 @@ in { extraConfig = '' LocalDiscovery = yes ''; - privateEd25519KeyFile = toString ; - privateRsaKeyFile = toString ; + privateEd25519KeyFile = + toString config.sops.secrets.tinc_ed25519_key.path; + privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; hosts = { workout = { tincIp = "10.23.42.27"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; pepe = { tincIp = "10.23.42.26"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/pepe_host_file; }; sterni = { tincIp = "10.23.42.24"; - # publicKey = lib.fileContents ; - publicKey = lib.fileContents ; + # publicKey = lib.fileContents ../../assets/tinc/sterni_host_file; + publicKey = lib.fileContents ../../assets/tinc/workout_host_file; }; mobi = { tincIp = "10.23.42.23"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/mobi_host_file; }; #porani = { # tincIp = "10.23.42.31"; - # publicKey = lib.fileContents ; + # publicKey = lib.fileContents ../../assets/tinc/porani_host_file; #}; workhorse = { tincIp = "10.23.42.21"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; }; sputnik = { realAddress = [ @@ -121,12 +125,15 @@ in { "static.247.134.201.195.clients.your-server.de:443" ]; tincIp = "10.23.42.122"; - publicKey = lib.fileContents ; + publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file; }; }; }; }; + sops.secrets.tinc_ed25519_key = { }; + sops.secrets.tinc_rsa_key = { }; + # retiolum stuff networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); systemd.services."tinc.retiolum" = { diff --git a/system/desktop/audio.nix b/nixos/system/desktop/audio.nix similarity index 96% rename from system/desktop/audio.nix rename to nixos/system/desktop/audio.nix index e906680..3981b13 100644 --- a/system/desktop/audio.nix +++ b/nixos/system/desktop/audio.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - library = import { inherit pkgs lib; }; + library = import ../../library { inherit pkgs lib; }; mixxxBin = pkgs.writeShellScriptBin "mixxx" "${pkgs.mixxx}/bin/mixxx --settingsPath ${config.users.users.mainUser.home}/music-library/mixxx"; @@ -11,7 +11,8 @@ let "${pkgs.mixxx}/bin/mixxx --settingsPath ${config.users.users.mainUser.home}/music-library-free/mixxx"; mixxxFreeDesktop = library.desktopFile mixxxFreeBin { longName = "Mixxx"; }; -in { +in +{ system.custom.audio = { enable = true; diff --git a/system/desktop/browser.nix b/nixos/system/desktop/browser.nix similarity index 99% rename from system/desktop/browser.nix rename to nixos/system/desktop/browser.nix index 4bef675..947e7b0 100644 --- a/system/desktop/browser.nix +++ b/nixos/system/desktop/browser.nix @@ -2,7 +2,8 @@ let backupFolder = "~/desktop"; homeFolder = "/browsers"; -in { +in +{ programs.custom.browser = { enable = lib.mkDefault true; configList = { diff --git a/system/desktop/cachix.nix b/nixos/system/desktop/cachix.nix similarity index 98% rename from system/desktop/cachix.nix rename to nixos/system/desktop/cachix.nix index 64734c3..b81b657 100644 --- a/system/desktop/cachix.nix +++ b/nixos/system/desktop/cachix.nix @@ -7,7 +7,8 @@ let filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); -in { +in +{ inherit imports; nix.binaryCaches = [ "https://cache.nixos.org/" ]; } diff --git a/system/desktop/cachix/all-hies.nix b/nixos/system/desktop/cachix/all-hies.nix similarity index 100% rename from system/desktop/cachix/all-hies.nix rename to nixos/system/desktop/cachix/all-hies.nix diff --git a/system/desktop/default.nix b/nixos/system/desktop/default.nix similarity index 84% rename from system/desktop/default.nix rename to nixos/system/desktop/default.nix index 055e175..1021d06 100644 --- a/system/desktop/default.nix +++ b/nixos/system/desktop/default.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: { imports = [ - + + ../all #./icecast.nix ./audio.nix @@ -11,7 +12,7 @@ ./dnsmasq.nix ./home-manager.nix ./mail-stuff.nix - ./mc.nix + #./mc.nix ./network.nix ./packages.nix ./pass.nix @@ -28,8 +29,12 @@ system.custom.suspend.enable = lib.mkDefault true; - backup.dirs = - [ "/home/palo/.password-store" "/home/palo/.task" "/home/palo/.vit" ]; + backup.dirs = [ + "${config.users.users.mainUser.home}/.config/noti" + "${config.users.users.mainUser.home}/.password-store" + "${config.users.users.mainUser.home}/.task" + "${config.users.users.mainUser.home}/.vit" + ]; programs.custom = { diff --git a/system/desktop/direnv.nix b/nixos/system/desktop/direnv.nix similarity index 100% rename from system/desktop/direnv.nix rename to nixos/system/desktop/direnv.nix diff --git a/system/desktop/dnsmasq.nix b/nixos/system/desktop/dnsmasq.nix similarity index 100% rename from system/desktop/dnsmasq.nix rename to nixos/system/desktop/dnsmasq.nix diff --git a/system/desktop/home-manager.nix b/nixos/system/desktop/home-manager.nix similarity index 70% rename from system/desktop/home-manager.nix rename to nixos/system/desktop/home-manager.nix index bb68e79..13a97f1 100644 --- a/system/desktop/home-manager.nix +++ b/nixos/system/desktop/home-manager.nix @@ -25,7 +25,8 @@ let keysym u = u U udiaeresis Udiaeresis keysym s = s S ssharp ''; -in { +in +{ imports = [ ./home-manager/dunst.nix @@ -40,6 +41,76 @@ in { home-manager.users.mainUser = { + # a better cat + programs.bat = { + enable = true; + config.theme = "Solarized (light)"; + }; + + # notify me when a command is finished + programs.noti.enable = true; + + # a better ls + programs.exa = { + enable = true; + enableAliases = true; + }; + + # use z instead of cd + # use zi to fuzzy search through all registered directories + programs.zoxide = { + enable = true; + enableZshIntegration = true; + }; + + # provide better `Ctrl+r` command in terminal + programs.mcfly = { + enable = true; + keyScheme = "vim"; + #enableLightTheme = true; + enableFuzzySearch = true; + enableZshIntegration = true; + }; + + programs.zsh = { + enable = true; + defaultKeymap = "viins"; + }; + + home.git-pull = { + enable = true; + repositories = [ + { + source = "git@github.com:mrVanDalo/home-manager-utils.git"; + target = "~/dev/home-manager-utils"; + } + { + source = "git@github.com:terranix/terranix.git"; + target = "~/dev/terranix/terranix"; + } + { + source = "git@github.com:terranix/terranix-website.git"; + target = "~/dev/terranix/website"; + } + { + source = "git@github.com:terranix/terranix-module-github.git"; + target = "~/dev/terranix/module-github"; + } + { + source = "git@github.com:terranix/terranix-github-configuration.git"; + target = "~/dev/terranix/configuration-github"; + } + { + source = "git@github.com:terranix/terranix-examples.git"; + target = "~/dev/terranix/examples"; + } + { + source = "git@github.com:terranix/terranix-artwork.git"; + target = "~/dev/terranix/artwork"; + } + ]; + }; + home.file.".config/bugwarrior/bugwarriorrc".text = '' [general] targets = terranix @@ -61,11 +132,12 @@ in { github.include_user_repos = False ''; - home.file.".zshrc".text = '' - # a fix for https://github.com/NixOS/nixpkgs/issues/27587 - autoload -U compinit && compinit + xdg.configFile."ncmpcpp/config".text = '' + mpd_host = "pepe.private" + mpd_port = 6600 ''; + programs.git = { enable = true; userName = "Ingolf Wagner"; @@ -99,8 +171,8 @@ in { programs.htop = { enable = true; - highlightBaseName = true; - treeView = true; + settings.highlight_base_name = true; + settings.tree_view = true; }; xdg.configFile."albert/albert.conf".text = '' @@ -222,21 +294,22 @@ in { }; - environment.systemPackages = let - library = import { inherit pkgs lib; }; + environment.systemPackages = + let + library = import ../../library { inherit pkgs lib; }; - fixKeyboard = pkgs.writeScriptBin "fix-Keyboard" # sh - '' - ${pkgs.xorg.xmodmap}/bin/xmodmap ${xmodmapConfig} - ''; + fixKeyboard = pkgs.writeScriptBin "fix-Keyboard" # sh + '' + ${pkgs.xorg.xmodmap}/bin/xmodmap ${xmodmapConfig} + ''; - fixXhost = pkgs.writeScriptBin "fix-xhost" # sh - '' - ${pkgs.xorg.xhost}/bin/xhost + &> /dev/null - ''; + fixXhost = pkgs.writeScriptBin "fix-xhost" # sh + '' + ${pkgs.xorg.xhost}/bin/xhost + &> /dev/null + ''; - fixX = pkgs.writeScriptBin "fix-X" # sh - '' + fixX = pkgs.writeScriptBin "fix-X" # sh + '' ${fixKeyboard}/bin/fix-Keyboard @@ -253,12 +326,13 @@ in { done ''; - in [ - fixX - fixXhost - (library.desktopFile fixX { longName = "fix X"; }) - fixKeyboard - (library.desktopFile fixKeyboard { longName = "fix keyboard"; }) - ]; + in + [ + fixX + fixXhost + (library.desktopFile fixX { longName = "fix X"; }) + fixKeyboard + (library.desktopFile fixKeyboard { longName = "fix keyboard"; }) + ]; } diff --git a/nixos/system/desktop/home-manager/doom-emacs.nix b/nixos/system/desktop/home-manager/doom-emacs.nix new file mode 100644 index 0000000..1db016b --- /dev/null +++ b/nixos/system/desktop/home-manager/doom-emacs.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: { + home-manager.users.mainUser = { + programs.doom-emacs = { + enable = true; + doomPrivateDir = ./doom.d; + }; + }; + environment.systemPackages = [ + pkgs.ripgrep + ]; +} diff --git a/system/desktop/home-manager/doom.d/config.el b/nixos/system/desktop/home-manager/doom.d/config.el similarity index 100% rename from system/desktop/home-manager/doom.d/config.el rename to nixos/system/desktop/home-manager/doom.d/config.el diff --git a/system/desktop/home-manager/doom.d/init.el b/nixos/system/desktop/home-manager/doom.d/init.el similarity index 100% rename from system/desktop/home-manager/doom.d/init.el rename to nixos/system/desktop/home-manager/doom.d/init.el diff --git a/nixos/system/desktop/home-manager/doom.d/packages.el b/nixos/system/desktop/home-manager/doom.d/packages.el new file mode 100644 index 0000000..34c1da7 --- /dev/null +++ b/nixos/system/desktop/home-manager/doom.d/packages.el @@ -0,0 +1 @@ +(package! scad-mode) diff --git a/system/desktop/home-manager/dunst.nix b/nixos/system/desktop/home-manager/dunst.nix similarity index 100% rename from system/desktop/home-manager/dunst.nix rename to nixos/system/desktop/home-manager/dunst.nix diff --git a/system/desktop/home-manager/spacemacs.nix b/nixos/system/desktop/home-manager/spacemacs.nix similarity index 92% rename from system/desktop/home-manager/spacemacs.nix rename to nixos/system/desktop/home-manager/spacemacs.nix index bc90705..00df5cd 100644 --- a/system/desktop/home-manager/spacemacs.nix +++ b/nixos/system/desktop/home-manager/spacemacs.nix @@ -14,38 +14,38 @@ let ticks = "\"''\""; - unstable = import { }; - -in { +in +{ environment.systemPackages = [ # needed for the SPC p g pkgs.universal-ctags pkgs.nodePackages.tern - #unstable.emacs pkgs.emacs ]; # download git repositories into the home folder - systemd.services = let - clone = repository: folder: branch: { - enable = true; - wantedBy = [ "multi-user.target" ]; - description = "clone ${repository} to ${folder}"; - serviceConfig.User = userName; - unitConfig.ConditionPathExists = "!${folder}"; - script = '' - ${pkgs.git}/bin/git clone ${repository} --branch ${branch} ${folder} - ''; + systemd.services = + let + clone = repository: folder: branch: { + enable = true; + wantedBy = [ "multi-user.target" ]; + description = "clone ${repository} to ${folder}"; + serviceConfig.User = userName; + unitConfig.ConditionPathExists = "!${folder}"; + script = '' + ${pkgs.git}/bin/git clone ${repository} --branch ${branch} ${folder} + ''; + }; + in + { + spacemacs-pull = + clone "https://github.com/syl20bnr/spacemacs" "${home}/.emacs.d" "master"; + # todo move this to spacevim.nix + spacevim-pull = + clone "https://github.com/SpaceVim/SpaceVim.git" "${home}/.SpaceVim" + "master"; }; - in { - spacemacs-pull = - clone "https://github.com/syl20bnr/spacemacs" "${home}/.emacs.d" "master"; - # todo move this to spacevim.nix - spacevim-pull = - clone "https://github.com/SpaceVim/SpaceVim.git" "${home}/.SpaceVim" - "master"; - }; home-manager.users."${user}" = { diff --git a/nixos/system/desktop/home-manager/spacevim.nix b/nixos/system/desktop/home-manager/spacevim.nix new file mode 100644 index 0000000..d0505ed --- /dev/null +++ b/nixos/system/desktop/home-manager/spacevim.nix @@ -0,0 +1,40 @@ +{ lib, pkgs, ... }: { + environment.systemPackages = + let + spacevimRepo = pkgs.fetchgit { + url = "https://github.com/SpaceVim/SpaceVim.git"; + rev = "9b354e05b4716b645ba6366e1265a5048a0c23d5"; + sha256 = "1mn28hf857kp0jmbgd89cf5mk4dg53jcbqqrbr9zi3b854sa9ads"; + }; + + vimRc = pkgs.writeText "vimrc" '' + " search/grep case insensitive + :set ignorecase + + " tabs should always be 2 spaces + set et ts=2 sts=2 sw=2 + + " show Trailing Whitespaces + :set list listchars=tab:»·,trail:¶ + + " start spacevim + source ${spacevimRepo}/init.vim + + " configure command cross + "":hi CursorLine cterm=NONE ctermbg=0 guibg=#073642 + "":hi CursorColumn cterm=NONE ctermbg=0 guibg=#073642 + ""set cursorline + ""set cursorcolumn + + " disable noisy indentLine + let g:indentLine_enabled = 0 + ''; + in + [ + + # vim + (pkgs.writers.writeDashBin "spacevim" '' + exec ${pkgs.neovim}/bin/nvim -u ${vimRc} "$@" + '') + ]; +} diff --git a/system/desktop/home-manager/ssh.nix b/nixos/system/desktop/home-manager/ssh.nix similarity index 100% rename from system/desktop/home-manager/ssh.nix rename to nixos/system/desktop/home-manager/ssh.nix diff --git a/nixos/system/desktop/home-manager/xmonad.nix b/nixos/system/desktop/home-manager/xmonad.nix new file mode 100644 index 0000000..09a26f9 --- /dev/null +++ b/nixos/system/desktop/home-manager/xmonad.nix @@ -0,0 +1,57 @@ +{ pkgs, lib, config, ... }: +let + + background-repo = pkgs.fetchgit { + url = "https://git.ingolf-wagner.de/palo/image-generator-lib"; + rev = "95bc53de0b73917c5571a061a6702c71c9bf173e"; + sha256 = "1x14pknv0v38x0g5sf6k25g9w7r7j0mndazq5ixjvybwdynk25kw"; + }; + + nixCommands = { height, width }: + pkgs.writeText "NixCommands.hs" # haskell + '' + module NixCommands where + + nixStartIrc = "${pkgs.rxvt_unicode}/bin/urxvt -e irc" + nixStartAudacious = "${pkgs.audacious}/bin/audacious" + nixStartFlameshot = "${pkgs.flameshot}/bin/flameshot gui -p /share/" + nixInvertColors = "${pkgs.xcalib}/bin/xcalib -invert -alter" + nixStartRedshift = "${pkgs.redshift}/bin/redshift -O 6100 -g 0.9:0.9:0.9 -b 0.9" + nixResetRedshift = "${pkgs.redshift}/bin/redshift -x" + nixSetCursorImage = "${pkgs.xorg.xsetroot}/bin/xsetroot -cursor_name left_ptr" + nixSetBackground = "${pkgs.polygon-art.polygon-art}/bin/rings --height ${ + toString height + } --width ${ + toString width + } /dev/shm/background.png && ${pkgs.feh}/bin/feh --bg-scale /dev/shm/background.png" + nixStartAlbert = "${pkgs.albert}/bin/albert" + nixStartCopyq = "${pkgs.copyq}/bin/copyq" + nixShowCopyq = "${pkgs.copyq}/bin/copyq show" + nixStartTerminal = "${pkgs.rxvt_unicode}/bin/urxvtc" + nixAlsaRaiseVolume = "${pkgs.alsaUtils}/bin/amixer set Master 5%+" + nixAlsaLowerVolume = "${pkgs.alsaUtils}/bin/amixer set Master 5%-" + nixAlsaMute = "${pkgs.alsaUtils}/bin/amixer set Master toggle" + nixNotifySend = "${pkgs.libnotify}/bin/notify-send" + ''; +in +{ + + home-manager.users.mainUser = { + home.file.".xmonad/xmonad.hs".source = ./xmonad/Main.hs; + home.file.".xmonad/lib/NixCommands.hs".source = nixCommands { + height = config.configuration.desktop.height; + width = config.configuration.desktop.width; + }; + home.file.".xmonad/lib/SolarizedLight.hs".source = + ./xmonad/SolarizedLight.hs; + home.file.".xmonad/lib/SolarizedDark.hs".source = ./xmonad/SolarizedDark.hs; + home.file.".xmonad/lib/FloatKeys.hs".source = ./xmonad/FloatKeys.hs; + home.file.".xmonad/lib/TabbedFix.hs".source = ./xmonad/TabbedFix.hs; + home.file.".xmonad/lib/BoringWindows.hs".source = ./xmonad/BoringWindows.hs; + home.file.".xmonad/lib/Memo.hs".source = ./xmonad/Memo.hs; + home.file.".xmonad/lib/SubLayouts.hs".source = ./xmonad/SubLayouts.hs; + + home.file.".xmonad/xmonad.cabal".source = ./xmonad/palos-xmonad.cabal; + home.file.".xmonad/Main.hs".source = ./xmonad/Main.hs; + }; +} diff --git a/system/desktop/home-manager/xmonad/.envrc b/nixos/system/desktop/home-manager/xmonad/.envrc similarity index 100% rename from system/desktop/home-manager/xmonad/.envrc rename to nixos/system/desktop/home-manager/xmonad/.envrc diff --git a/system/desktop/home-manager/xmonad/.gitignore b/nixos/system/desktop/home-manager/xmonad/.gitignore similarity index 100% rename from system/desktop/home-manager/xmonad/.gitignore rename to nixos/system/desktop/home-manager/xmonad/.gitignore diff --git a/system/desktop/home-manager/xmonad/BoringWindows.hs b/nixos/system/desktop/home-manager/xmonad/BoringWindows.hs similarity index 100% rename from system/desktop/home-manager/xmonad/BoringWindows.hs rename to nixos/system/desktop/home-manager/xmonad/BoringWindows.hs diff --git a/system/desktop/home-manager/xmonad/FloatKeys.hs b/nixos/system/desktop/home-manager/xmonad/FloatKeys.hs similarity index 100% rename from system/desktop/home-manager/xmonad/FloatKeys.hs rename to nixos/system/desktop/home-manager/xmonad/FloatKeys.hs diff --git a/system/desktop/home-manager/xmonad/LICENSE b/nixos/system/desktop/home-manager/xmonad/LICENSE similarity index 100% rename from system/desktop/home-manager/xmonad/LICENSE rename to nixos/system/desktop/home-manager/xmonad/LICENSE diff --git a/system/desktop/home-manager/xmonad/Main.hs b/nixos/system/desktop/home-manager/xmonad/Main.hs similarity index 100% rename from system/desktop/home-manager/xmonad/Main.hs rename to nixos/system/desktop/home-manager/xmonad/Main.hs diff --git a/system/desktop/home-manager/xmonad/Memo.hs b/nixos/system/desktop/home-manager/xmonad/Memo.hs similarity index 100% rename from system/desktop/home-manager/xmonad/Memo.hs rename to nixos/system/desktop/home-manager/xmonad/Memo.hs diff --git a/system/desktop/home-manager/xmonad/NixCommands.hs b/nixos/system/desktop/home-manager/xmonad/NixCommands.hs similarity index 100% rename from system/desktop/home-manager/xmonad/NixCommands.hs rename to nixos/system/desktop/home-manager/xmonad/NixCommands.hs diff --git a/system/desktop/home-manager/xmonad/Setup.hs b/nixos/system/desktop/home-manager/xmonad/Setup.hs similarity index 100% rename from system/desktop/home-manager/xmonad/Setup.hs rename to nixos/system/desktop/home-manager/xmonad/Setup.hs diff --git a/system/desktop/home-manager/xmonad/SolarizedDark.hs b/nixos/system/desktop/home-manager/xmonad/SolarizedDark.hs similarity index 100% rename from system/desktop/home-manager/xmonad/SolarizedDark.hs rename to nixos/system/desktop/home-manager/xmonad/SolarizedDark.hs diff --git a/system/desktop/home-manager/xmonad/SolarizedLight.hs b/nixos/system/desktop/home-manager/xmonad/SolarizedLight.hs similarity index 100% rename from system/desktop/home-manager/xmonad/SolarizedLight.hs rename to nixos/system/desktop/home-manager/xmonad/SolarizedLight.hs diff --git a/system/desktop/home-manager/xmonad/SubLayouts.hs b/nixos/system/desktop/home-manager/xmonad/SubLayouts.hs similarity index 100% rename from system/desktop/home-manager/xmonad/SubLayouts.hs rename to nixos/system/desktop/home-manager/xmonad/SubLayouts.hs diff --git a/system/desktop/home-manager/xmonad/TabbedFix.hs b/nixos/system/desktop/home-manager/xmonad/TabbedFix.hs similarity index 100% rename from system/desktop/home-manager/xmonad/TabbedFix.hs rename to nixos/system/desktop/home-manager/xmonad/TabbedFix.hs diff --git a/system/desktop/home-manager/xmonad/current-project.nix b/nixos/system/desktop/home-manager/xmonad/current-project.nix similarity index 100% rename from system/desktop/home-manager/xmonad/current-project.nix rename to nixos/system/desktop/home-manager/xmonad/current-project.nix diff --git a/nixos/system/desktop/home-manager/xmonad/env.nix b/nixos/system/desktop/home-manager/xmonad/env.nix new file mode 100644 index 0000000..dd21d29 --- /dev/null +++ b/nixos/system/desktop/home-manager/xmonad/env.nix @@ -0,0 +1,13 @@ +{ pkgs ? import { + overlays = [ + (self: super: { + haskellPackages = super.haskellPackages.override { + overrides = self: super: { + current-project = super.callPackage ./current-project.nix { }; + }; + }; + }) + ]; + } +}: +pkgs.haskellPackages.current-project.env diff --git a/system/desktop/home-manager/xmonad/lsp.nix b/nixos/system/desktop/home-manager/xmonad/lsp.nix similarity index 92% rename from system/desktop/home-manager/xmonad/lsp.nix rename to nixos/system/desktop/home-manager/xmonad/lsp.nix index e4cd960..d3f20a1 100644 --- a/system/desktop/home-manager/xmonad/lsp.nix +++ b/nixos/system/desktop/home-manager/xmonad/lsp.nix @@ -2,8 +2,9 @@ let all-hies = import (fetchTarball "https://github.com/infinisil/all-hies/tarball/master") - { }; -in pkgs.mkShell { + { }; +in +pkgs.mkShell { buildInputs = with pkgs; [ haskellPackages.hoogle haskellPackages.hindent diff --git a/system/desktop/home-manager/xmonad/palos-xmonad.cabal b/nixos/system/desktop/home-manager/xmonad/palos-xmonad.cabal similarity index 100% rename from system/desktop/home-manager/xmonad/palos-xmonad.cabal rename to nixos/system/desktop/home-manager/xmonad/palos-xmonad.cabal diff --git a/system/desktop/home-manager/xmonad/shell.nix b/nixos/system/desktop/home-manager/xmonad/shell.nix similarity index 80% rename from system/desktop/home-manager/xmonad/shell.nix rename to nixos/system/desktop/home-manager/xmonad/shell.nix index f1e4df2..c695ead 100644 --- a/system/desktop/home-manager/xmonad/shell.nix +++ b/nixos/system/desktop/home-manager/xmonad/shell.nix @@ -6,4 +6,5 @@ let echo "# created by cabal2nix " > ${toString ./.}/current-project.nix ${pkgs.cabal2nix}/bin/cabal2nix . >> ${toString ./.}/current-project.nix ''; -in pkgs.mkShell { buildInputs = with pkgs; [ updateCabal cabal2nix ]; } +in +pkgs.mkShell { buildInputs = with pkgs; [ updateCabal cabal2nix ]; } diff --git a/system/desktop/icecast.nix b/nixos/system/desktop/icecast.nix similarity index 99% rename from system/desktop/icecast.nix rename to nixos/system/desktop/icecast.nix index 38bcee3..99fc427 100644 --- a/system/desktop/icecast.nix +++ b/nixos/system/desktop/icecast.nix @@ -13,7 +13,8 @@ let mountPoint = "/radio.mp3"; maxListeners = 20; -in { +in +{ services.icecast = { enable = true; diff --git a/nixos/system/desktop/mail-stuff.nix b/nixos/system/desktop/mail-stuff.nix new file mode 100644 index 0000000..396beb1 --- /dev/null +++ b/nixos/system/desktop/mail-stuff.nix @@ -0,0 +1,391 @@ +{ config, pkgs, lib, ... }: +let + passcmd = id: "${pkgs.pass}/bin/pass ${id}"; + ticks = "''"; + +in +{ + # Maildir <-> Server communication + # -------------------------------- + # mbsync: MailDir <-> IMAP + # msmtp: sendmail interface sending mails through your provider. + + # client backend + # -------------- + # notmuch: Tagdatabase for Emails + # muchsync: notmuch database synctool + + # clients + # ------- + # neomutt + + home-manager.users.mainUser.accounts.email.accounts = { + palo_van_dalo-gmx = { + primary = false; + address = "palo_van_dalo@gmx.de"; + aliases = [ ]; + realName = "Ingolf Wagner"; + userName = "palo_van_dalo@gmx.de"; + passwordCommand = passcmd "mail/gmx/palo_van_dalo@gmx.de"; + smtp = { + host = "smtp.gmx.net"; + port = 465; + }; + notmuch.enable = true; + msmtp = { enable = true; }; + }; + ingolf-wagner-gmx = { + primary = false; + address = "ingolf.wagner@gmx.de"; + aliases = [ ]; + realName = "Ingolf Wagner"; + userName = "ingolf.wagner@gmx.de"; + passwordCommand = passcmd "mail/gmx/ingolf.wagner@gmx.de"; + smtp = { + host = "smtp.gmx.net"; + port = 465; + }; + notmuch.enable = true; + msmtp = { enable = true; }; + }; + pali_palo = { + primary = false; + address = "pali_palo@web.de"; + aliases = [ ]; + realName = "Ingolf Wagner"; + userName = "pali_palo@web.de"; + passwordCommand = passcmd "mail/web.de/pali_palo@web.de"; + smtp = { + host = "smtp.web.de"; + port = 465; + }; + notmuch.enable = true; + msmtp = { enable = true; }; + }; + gmail = { + # for google accounts you have to allow 'less secure apps' in accounts.google.com + primary = true; + address = "palipalo9@googlemail.com"; + aliases = [ ]; + realName = "Ingolf Wagner"; + userName = "palipalo9@googlemail.com"; + passwordCommand = passcmd "mail/gmail/palipalo9@googlemail.com"; + smtp = { + host = "smtp.gmail.com"; + port = 465; + }; + notmuch.enable = true; + msmtp = { + enable = true; + # msmtp --serverinfo --tls --tls-certcheck=off -a gmail + }; + gpg = { + encryptByDefault = true; + signByDefault = true; + key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; + }; + }; + terranix_org = { + primary = false; + address = "palo@terranix.org"; + aliases = [ ]; + realName = "Ingolf Wagner"; + userName = "palo@terranix.org"; + passwordCommand = passcmd "mail/namecheap/palo@terranix.org"; + smtp = { + host = "mail.privateemail.com"; + port = 465; + }; + notmuch.enable = true; + msmtp = { + enable = true; + # msmtp --serverinfo --tls --tls-certcheck=off -a gmail + }; + }; + ingolf-wagner = { + primary = false; + address = "contact@ingolf-wagner.de"; + aliases = [ ]; + realName = "Ingolf Wagner"; + userName = "contact@ingolf-wagner.de"; + passwordCommand = passcmd "mail/siteground/contact@ingolf-wagner.de"; + notmuch.enable = true; + smtp = { + host = "securees5.sgcpanel.com"; + port = 587; + tls.useStartTls = true; + }; + msmtp = { + enable = true; + # msmtp --serverinfo --tls --tls-certcheck=off -a ingolf-wagner + tls.fingerprint = + "16:94:47:E0:00:86:BB:F7:56:D3:81:F1:89:7B:CD:67:65:0B:EE:0B:A9:26:96:5E:0B:1F:56:AB:FD:DE:96:C5"; + }; + gpg = { + encryptByDefault = true; + signByDefault = true; + key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; + }; + }; + }; + + # install mail programs + home-manager.users.mainUser.programs.msmtp.enable = true; + home-manager.users.mainUser.programs.notmuch.enable = true; + + # enable html emails + home-manager.users.mainUser.home.file.".mailcap".text = '' + text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; + ''; + + home-manager.users.mainUser.home.file.".muttrc".text = + let + + index_format = pkgs.writers.writeDash "index_format" '' + # http://www.mutt.org/doc/manual/#formatstrings + recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" + echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d %H:%M] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" + ''; + in + '' + # gpg + set crypt_use_gpgme=yes + set crypt_autosign=yes + set crypt_verify_sig=yes + set crypt_replysign=yes + set crypt_replyencrypt=yes + set crypt_replysignencrypted=yes + + # mutt is not smart enough to see if I have a key or not + #set crypt_autoencrypt = yes + + set pgp_check_gpg_decrypt_status_fd + set pgp_use_gpg_agent = yes + set pgp_self_encrypt = yes # needs default key + set pgp_default_key = 42AC51C9482D0834CF488AF1389EC2D64AC71EAC + + # read html mails + auto_view text/html + set mailcap_path = ~/.mailcap + + # notmuch + set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir + set nm_record = yes + set nm_record_tags = "-inbox me archive" + set virtual_spoolfile=yes # enable virtual folders + + set sendmail=${ + pkgs.writers.writeBash "msmtp" '' + ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert --create-folder +sent) | \ + ${pkgs.msmtp}/bin/msmtpq "$@" + '' + } + + set from="contact@ingolf-wagner.de" + #alternates ^.*@ingolf-wagner\.de$ ^.*@.*\.r$ + set use_from=yes + set envelope_from=yes + set reverse_name + + set sort=threads + + set index_format="${index_format} %r |" + folder-hook 'Discourse.*' 'set sort=reverse-date' + + virtual-mailboxes "INBOX" "notmuch://?query=(tag:inbox or (tag:sent and not tag:archive)) AND NOT tag:muted AND NOT tag:list AND NOT tag:fraud AND NOT tag:junk" + virtual-mailboxes "Unread" "notmuch://?query=(tag:unread AND NOT tag:muted)" + virtual-mailboxes "Space left" "notmuch://?query=((tag:spaceleft OR tag:space-lef) AND NOT tag:muted)" + virtual-mailboxes "Sononym" "notmuch://?query=(tag:sononym AND NOT tag:muted)" + virtual-mailboxes "c-base" "notmuch://?query=(tag:cbase AND NOT tag:muted)" + virtual-mailboxes "shopping" "notmuch://?query=((tag:billing OR tag:shopping) AND NOT tag:muted)" + virtual-mailboxes "Immobilien" "notmuch://?query=(tag:immobilien AND NOT tag:muted)" + virtual-mailboxes "NixOS Github" "notmuch://?query=(tag:github AND tag:nixos AND NOT tag:muted)" + virtual-mailboxes "Discourse.all" "notmuch://?query=(tag:discourse AND NOT tag:muted)" + virtual-mailboxes "Discourse.development" "notmuch://?query=(tag:discourse AND tag:development AND NOT tag:muted)" + virtual-mailboxes "Discourse.announcements" "notmuch://?query=(tag:discourse AND tag:announcements AND NOT tag:muted)" + virtual-mailboxes "Discourse.links" "notmuch://?query=(tag:discourse AND tag:links AND NOT tag:muted)" + virtual-mailboxes "Discourse.games" "notmuch://?query=(tag:discourse AND tag:games AND NOT tag:muted)" + virtual-mailboxes "Discourse.meta" "notmuch://?query=(tag:discourse AND tag:meta AND NOT tag:muted)" + virtual-mailboxes "Discourse.events" "notmuch://?query=(tag:discourse AND tag:events AND NOT tag:muted)" + virtual-mailboxes "Flagged" "notmuch://?query=tag:flagged" + virtual-mailboxes "Archive" "notmuch://?query=tag:archive" + virtual-mailboxes "Sent" "notmuch://?query=tag:sent" + virtual-mailboxes "Fraud" "notmuch://?query=(tag:fraud)" + virtual-mailboxes "Junk" "notmuch://?query=(tag:junk)" + virtual-mailboxes "All" "notmuch://?query=*" + + tag-transforms "junk" "k" \ + "unread" "u" \ + "replied" "↻" \ + + # notmuch bindings + bind index \\\\ noop + bind pager \\ noop + bind pager \\\\ noop + macro index \\\\ "" # looks up a hand made query + macro pager \\\\ "" # looks up a hand made query + + macro index + "+flagged\n" # tag as starred + macro pager + "+flagged\n" # tag as starred + macro index ! "+flagged\n" # tag as starred + macro pager ! "+flagged\n" # tag as starred + macro index - "-flagged\n" # tag as unstarred + macro pager - "-flagged\n" # tag as unstarred + + # Address Book + # ------------ + set query_command="${pkgs.notmuch-addrlookup}/bin/notmuch-addrlookup --mutt '%s'" + + # keys bindings + # ------------- + bind index d noop + bind index D noop + bind pager d noop + bind pager D noop + macro index D "-inbox -unread +deleted\n" # tag as deleted mail + macro index d "-deleted\n" # tag as deleted mail + macro pager D "-inbox -unread +deleted\n" # tag as deleted mail + macro pager d "-deleted\n" # tag as deleted mail + + bind index S noop + bind index s noop + bind pager S noop + bind pager s noop + macro index S "-inbox -unread +junk\n" # tag as junk mail + macro index s "-junk\n" # tag as junk mail + macro pager S "-inbox -unread +junk\n" # tag as junk mail + macro pager s "-junk\n" # tag as junk mail + + bind index r noop + bind index R noop + bind pager r noop + bind pager R noop + macro index r "" # reply to all + macro index R "" # reply + macro pager r "" # reply to all + macro pager R "" # reply + + + bind index A noop + bind index a noop + bind pager A noop + bind pager a noop + macro index A "+archive -unread -inbox\n" # tag as Archived + macro index a "-archive\n" # tag as Archived + macro pager A "+archive -unread -inbox\n" # tag as Archived + macro pager a "-archive\n" # tag as Archived + + bind index U noop + bind index u noop + bind pager U noop + bind pager u noop + macro index u "+unread\n" + macro index U "-unread\n" + macro pager u "+unread\n" + macro pager U "-unread\n" + + bind index l noop + bind pager l noop + macro index l "" # set tags manual + macro pager l "" # set tags manual + + # taskwarrior + # ----------- + # from https://www.nixternal.com/mark-e-mails-in-mutt-as-tasks-in-taskwarrior/ + bind index t noop + bind pager t noop + bind index T noop + bind pager T noop + macro index T "${ + pkgs.writers.writeDash "mutt2task" '' + ${pkgs.taskwarrior}/bin/task add +email scheduled:today E-mail: $( ${pkgs.gnugrep}/bin/grep 'Subject' $* | awk -F: '{print $2}' ) + '' + }" + + # top index bar in email view + set pager_index_lines=7 + # top_index_bar toggle + macro pager ,@1 " set pager_index_lines=0; macro pager ] ,@2 'Toggle indexbar" + macro pager ,@2 " set pager_index_lines=3; macro pager ] ,@3 'Toggle indexbar" + macro pager ,@3 " set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar" + macro pager ] ,@1 'Toggle indexbar + + # sidebar + # ------- + set sidebar_width = 20 + set sidebar_visible = yes # set to "no" to disable sidebar view at startup + color sidebar_new yellow default + # sidebar bindings + bind index sidebar-prev # got to previous folder in sidebar + bind index sidebar-next # got to next folder in sidebar + bind index sidebar-open # open selected folder from sidebar + + # sidebar toggle + #macro index,pager ,@) " set sidebar_visible=no; macro index,pager [ ,@( 'Toggle sidebar'" + #macro index,pager ,@( " set sidebar_visible=yes; macro index,pager [ ,@) 'Toggle sidebar'" + #macro index,pager [ ,@( 'Toggle sidebar' # toggle the sidebar + ''; + + environment.systemPackages = + let + + mailSync = pkgs.writers.writeDashBin "mail-sync" '' + ${pkgs.muchsync}/bin/muchsync mailfetcher@workhorse.private \ + --config /home/mailfetcher/.config/notmuch/notmuchrc \ + --nonew + ''; + mailSend = pkgs.writers.writeDashBin "mail-send" '' + ${pkgs.msmtp}/bin/msmtp-queue -r + ''; + mailView = pkgs.writers.writeDashBin "mail-view" '' + ${pkgs.neomutt}/bin/neomutt"$@" + ''; + mutt = pkgs.writers.writeDashBin "mutt" '' + ${pkgs.neomutt}/bin/neomutt"$@" + ''; + mail = pkgs.writers.writeDashBin "mail" '' + ${mailSync}/bin/mail-sync + ${mailView}/bin/mail-view + ${mailSend}/bin/mail-send + ${mailSync}/bin/mail-sync + ''; + mailDelete = + let notmuch = "${pkgs.notmuch}/bin/notmuch"; + in pkgs.writers.writeBashBin "mail-delete" '' + set -efu + set -o pipefail + + if ! ${notmuch} search --exclude=false tag:deleted | tac ; then + echo 'No killed mail.' + exit 1 + fi + + printf 'want do rm this mail? \[y/N\] ' + read REPLY + + case "$REPLY" in + y|Y) :;; # continue + *) + echo 'abort.' + exit 2 + ;; + esac + + ${notmuch} search --output=files --exclude=false tag:deleted | while read line; do rm -v "$line" ; done + ${notmuch} new + ''; + + in + [ + pkgs.notmuch + pkgs.muchsync + mail + mailSync + mailView + mailSend + pkgs.neomutt + mutt + mailDelete + ]; + +} diff --git a/system/desktop/mc.nix b/nixos/system/desktop/mc.nix similarity index 99% rename from system/desktop/mc.nix rename to nixos/system/desktop/mc.nix index 141f8c5..a04ba70 100644 --- a/system/desktop/mc.nix +++ b/nixos/system/desktop/mc.nix @@ -320,14 +320,15 @@ let ''; -in { +in +{ environment.systemPackages = [ (pkgs.symlinkJoin { name = "mc"; paths = [ (pkgs.writers.writeDashBin "mc" '' export MC_DATADIR=${ - pkgs.write "mc-ext" { + pkgs.writers.write "mc-ext" { "/mc.ext".link = mcExt; "/sfs.ini".text = ""; } diff --git a/nixos/system/desktop/network.nix b/nixos/system/desktop/network.nix new file mode 100644 index 0000000..6d99911 --- /dev/null +++ b/nixos/system/desktop/network.nix @@ -0,0 +1,6 @@ +{ config, pkgs, lib, ... }: { + system.custom.wifi = { + enable = true; + system = "networkmanager"; + }; +} diff --git a/system/desktop/packages.nix b/nixos/system/desktop/packages.nix similarity index 86% rename from system/desktop/packages.nix rename to nixos/system/desktop/packages.nix index a951f6f..75eba2a 100644 --- a/system/desktop/packages.nix +++ b/nixos/system/desktop/packages.nix @@ -4,16 +4,16 @@ with lib; let - unstablePkgs = import { }; + library = import ../../library { inherit pkgs lib; }; - library = import { inherit pkgs lib; }; - - allLicenses = let - licenses = builtins.map - (license: "echo '${license.shortName} : ${license.fullName}'") - (builtins.attrValues pkgs.lib.licenses); - in pkgs.writers.writeBashBin "all-licenses" - (lib.concatStringsSep "\n" licenses); + allLicenses = + let + licenses = builtins.map + (license: "echo '${license.shortName} : ${license.fullName}'") + (builtins.attrValues pkgs.lib.licenses); + in + pkgs.writers.writeBashBin "all-licenses" + (lib.concatStringsSep "\n" licenses); #joplin = pkgs.joplin-desktop; #joplin = pkgs.joplin-desktop; @@ -36,7 +36,7 @@ let ''; #zettlr = unstablePkgs.zettlr; - parseUrl = pkgs.writeBashBin "parseUrl" '' + parseUrl = pkgs.writers.writeBashBin "parseUrl" '' echo "$@" | \ ${pkgs.jq}/bin/jq --raw-input --raw-output ' def parseURL: capture( "^((?[^:/?#]+):)?(//(?(?[^/?#:]*)(:(?[0-9]*))?))?((?[^?#]*)\\?)?((?([^#]*)))?(#(?(.*)))?"); @@ -44,7 +44,7 @@ let ' ''; - parseAndCopyLink = pkgs.writeBashBin "parseAndCopyLink" '' + parseAndCopyLink = pkgs.writers.writeBashBin "parseAndCopyLink" '' ${parseUrl}/bin/parseUrl "$@" | \ ${pkgs.jq}/bin/jq --raw-output '"\(.scheme)://\(.domain)\(.path)"' | \ ${pkgs.xclip}/bin/xclip @@ -74,35 +74,35 @@ let connectToSpeaker = name: id: pkgs.writeShellScriptBin "connect-to-speaker-${name}" # sh - '' - # hacky script because I have problems with - # automatically connecting to trusted bluetooth devices. + '' + # hacky script because I have problems with + # automatically connecting to trusted bluetooth devices. - echo "Connect to Speaker ${name}" + echo "Connect to Speaker ${name}" - bluetoothctl <)) + (fileContents ../../assets/shrink_exports)) (writeShellScriptBin "music-making" - (fileContents )) + (fileContents ../../assets/music-making.sh)) replaceLinks youtube-dl diff --git a/system/desktop/pass.nix b/nixos/system/desktop/pass.nix similarity index 99% rename from system/desktop/pass.nix rename to nixos/system/desktop/pass.nix index 37f893e..ce5d879 100644 --- a/system/desktop/pass.nix +++ b/nixos/system/desktop/pass.nix @@ -24,7 +24,8 @@ let ''; }; -in { +in +{ environment.systemPackages = [ pkgs.pass-otp diff --git a/system/desktop/remote-install.nix b/nixos/system/desktop/remote-install.nix similarity index 100% rename from system/desktop/remote-install.nix rename to nixos/system/desktop/remote-install.nix diff --git a/system/desktop/size.nix b/nixos/system/desktop/size.nix similarity index 98% rename from system/desktop/size.nix rename to nixos/system/desktop/size.nix index edff16a..52455b2 100644 --- a/system/desktop/size.nix +++ b/nixos/system/desktop/size.nix @@ -6,7 +6,8 @@ let cfg = config.configuration.desktop; -in { +in +{ options.configuration.desktop = { height = mkOption { diff --git a/system/desktop/sshd.nix b/nixos/system/desktop/sshd.nix similarity index 100% rename from system/desktop/sshd.nix rename to nixos/system/desktop/sshd.nix diff --git a/system/desktop/suspend.nix b/nixos/system/desktop/suspend.nix similarity index 71% rename from system/desktop/suspend.nix rename to nixos/system/desktop/suspend.nix index d9f58ac..295d029 100644 --- a/system/desktop/suspend.nix +++ b/nixos/system/desktop/suspend.nix @@ -4,7 +4,8 @@ with lib; let cfg = config.system.custom.suspend; -in { +in +{ options.system.custom.suspend.enable = mkEnableOption "use xlock in suspend"; @@ -13,12 +14,15 @@ in { systemd.services.screenlock = { before = [ "sleep.target" ]; requiredBy = [ "sleep.target" ]; - environment = let - display = if (config.services.xserver.display != null) then - config.services.xserver.display - else - 0; - in { DISPLAY = ":${toString display}"; }; + environment = + let + display = + if (config.services.xserver.display != null) then + config.services.xserver.display + else + 0; + in + { DISPLAY = ":${toString display}"; }; script = '' ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & sleep 1 diff --git a/system/desktop/user.nix b/nixos/system/desktop/user.nix similarity index 100% rename from system/desktop/user.nix rename to nixos/system/desktop/user.nix diff --git a/system/desktop/wtf.nix b/nixos/system/desktop/wtf.nix similarity index 88% rename from system/desktop/wtf.nix rename to nixos/system/desktop/wtf.nix index 0e94819..acb0afd 100644 --- a/system/desktop/wtf.nix +++ b/nixos/system/desktop/wtf.nix @@ -1,40 +1,40 @@ { pkgs, lib, config, ... }: let - unstable = import { }; + networkStatus = + let - networkStatus = let + q-online = '' + if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then + echo 'status: online' + else + echo 'status: offline ' + fi + ''; - q-online = '' - if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then - echo 'status: online' - else - echo 'status: offline ' - fi + q-wireless = '' + for dev in $( + ${pkgs.iw}/bin/iw dev \ + | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' + ); do + inet=$(${pkgs.iproute}/bin/ip addr show $dev \ + | ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \ + || unset inet + ssid=$(${pkgs.iw}/bin/iw dev $dev link \ + | ${pkgs.gnused}/bin/sed -n 's/.*\tSSID: \(.*\)/\1/p' \ + | ${pkgs.coreutils}/bin/tr -d '\r') \ + || unset ssid + printf '%s: %s %s\n' $dev ''${inet+ $inet} ''${ssid+ $ssid} + done + ''; + + in + pkgs.writers.writeBash "network-status" '' + ${q-wireless} + ${q-online} + ${pkgs.coreutils}/bin/uptime ''; - q-wireless = '' - for dev in $( - ${pkgs.iw}/bin/iw dev \ - | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' - ); do - inet=$(${pkgs.iproute}/bin/ip addr show $dev \ - | ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \ - || unset inet - ssid=$(${pkgs.iw}/bin/iw dev $dev link \ - | ${pkgs.gnused}/bin/sed -n 's/.*\tSSID: \(.*\)/\1/p' \ - | ${pkgs.coreutils}/bin/tr -d '\r') \ - || unset ssid - printf '%s: %s %s\n' $dev ''${inet+ $inet} ''${ssid+ $ssid} - done - ''; - - in pkgs.writers.writeBash "network-status" '' - ${q-wireless} - ${q-online} - ${pkgs.coreutils}/bin/uptime - ''; - taskNextWeek = pkgs.writers.writeDash "taskweek" '' ${pkgs.taskwarrior}/bin/task \ export \ @@ -59,7 +59,7 @@ let userHighlight = map ({ user, ... }: user) (builtins.attrValues config.programs.custom.browser.configList) - ++ [ "steam" ]; + ++ [ "steam" ]; activeUsers = pkgs.writers.writeBash "active-users" '' ${pkgs.procps}/bin/ps -eo user \ @@ -82,7 +82,8 @@ let position.height = height; position.width = width; } // (lib.filterAttrs - (key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ]) args); + (key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ]) + args); # command runner module cmdRunner = args@{ cmd, ... }: @@ -385,15 +386,16 @@ let createDashboard = { json, name }: let configuration = pkgs.writeText "config.yml" (builtins.toJSON json); in pkgs.writers.writeBashBin name '' - ${unstable.wtf}/bin/wtfutil --config=${toString configuration} + ${pkgs.unstable.wtf}/bin/wtfutil --config=${toString configuration} ''; -in { +in +{ services.upower.enable = true; environment.systemPackages = [ - unstable.wtf + pkgs.unstable.wtf (createDashboard { json = qJson; name = "q"; diff --git a/system/desktop/x11.nix b/nixos/system/desktop/x11.nix similarity index 100% rename from system/desktop/x11.nix rename to nixos/system/desktop/x11.nix diff --git a/system/desktop/xlock.nix b/nixos/system/desktop/xlock.nix similarity index 99% rename from system/desktop/xlock.nix rename to nixos/system/desktop/xlock.nix index 11e828f..97d0e17 100644 --- a/system/desktop/xlock.nix +++ b/nixos/system/desktop/xlock.nix @@ -30,7 +30,8 @@ let ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 ''; -in { +in +{ environment.systemPackages = [ lockProgram desktopFile ]; } diff --git a/system/desktop/yubikey.nix b/nixos/system/desktop/yubikey.nix similarity index 88% rename from system/desktop/yubikey.nix rename to nixos/system/desktop/yubikey.nix index 259d7a5..25542da 100644 --- a/system/desktop/yubikey.nix +++ b/nixos/system/desktop/yubikey.nix @@ -1,7 +1,7 @@ # References: # * https://github.com/drduh/YubiKey-Guide # * https://nixos.wiki/wiki/Yubikey -{ pkgs, ... }: { +{ config, pkgs, ... }: { services.pcscd.enable = true; services.udev.packages = [ @@ -50,5 +50,8 @@ # use for pam (sudo) # -------------------------- security.pam.u2f.enable = true; - security.pam.u2f.authFile = toString ; + security.pam.u2f.authFile = + toString config.sops.secrets.yubikey_u2fAuthFile.path; + sops.secrets.yubikey_u2fAuthFile = { }; + } diff --git a/nixos/system/proxy/default.nix b/nixos/system/proxy/default.nix new file mode 100644 index 0000000..c26ccf8 --- /dev/null +++ b/nixos/system/proxy/default.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: { + + imports = [ + ../../system/all + ../../system/server/netdata.nix + ../../system/server/graylog-exporter.nix + ../../system/server/prometheus-exporters.nix + ]; + + services.sshguard.enable = true; + +} + diff --git a/system/server/default.nix b/nixos/system/server/default.nix similarity index 95% rename from system/server/default.nix rename to nixos/system/server/default.nix index 6a55975..9c7a8ec 100644 --- a/system/server/default.nix +++ b/nixos/system/server/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: { imports = [ - + ../../system/all ./netdata.nix ./initssh.nix ./graylog-exporter.nix diff --git a/system/server/graylog-exporter.nix b/nixos/system/server/graylog-exporter.nix similarity index 100% rename from system/server/graylog-exporter.nix rename to nixos/system/server/graylog-exporter.nix diff --git a/system/server/initssh.nix b/nixos/system/server/initssh.nix similarity index 66% rename from system/server/initssh.nix rename to nixos/system/server/initssh.nix index 7c6dddd..1775a3e 100644 --- a/system/server/initssh.nix +++ b/nixos/system/server/initssh.nix @@ -6,7 +6,8 @@ let cfg = config.configuration.init-ssh; -in { +in +{ options.configuration.init-ssh = { @@ -22,7 +23,7 @@ in { }; port = mkOption { - default = 23; + default = 22; type = with types; int; }; @@ -30,7 +31,7 @@ in { type = with types; listOf str; default = config.users.users.root.openssh.authorizedKeys.keys ++ (map (keyFile: lib.fileContents keyFile) - config.users.users.root.openssh.authorizedKeys.keyFiles); + config.users.users.root.openssh.authorizedKeys.keyFiles); }; hostKey = mkOption { default = "/etc/ssh/ssh_host_ed25519_key"; @@ -50,7 +51,7 @@ in { services.tor = { enable = true; client.enable = true; - relay.onionServices.bootup.map = [{ port = 23; }]; + relay.onionServices.bootup.map = [{ port = 22; }]; }; }) @@ -65,28 +66,30 @@ in { copy_bin_and_libs ${pkgs.tor}/bin/tor ''; - boot.initrd.network.postCommands = let - torRc = (pkgs.writeText "tor.rc" '' - DataDirectory /etc/tor - SOCKSPort 127.0.0.1:9050 IsolateDestAddr - SOCKSPort 127.0.0.1:9063 - HiddenServiceDir /etc/tor/onion/bootup - HiddenServicePort ${toString cfg.port} 127.0.0.1:${toString cfg.port} - ''); - in '' - echo "tor: preparing onion folder" - # have to do this otherwise tor does not want to start - chmod -R 700 /etc/tor + boot.initrd.network.postCommands = + let + torRc = (pkgs.writeText "tor.rc" '' + DataDirectory /etc/tor + SOCKSPort 127.0.0.1:9050 IsolateDestAddr + SOCKSPort 127.0.0.1:9063 + HiddenServiceDir /etc/tor/onion/bootup + HiddenServicePort ${toString cfg.port} 127.0.0.1:${toString cfg.port} + ''); + in + '' + echo "tor: preparing onion folder" + # have to do this otherwise tor does not want to start + chmod -R 700 /etc/tor - echo "make sure localhost is up" - ip a a 127.0.0.1/8 dev lo - # ifconfig lo up - ip link set lo up + echo "make sure localhost is up" + ip a a 127.0.0.1/8 dev lo + # ifconfig lo up + ip link set lo up - echo "tor: starting tor" - tor -f ${torRc} --verify-config - tor -f ${torRc} & - ''; + echo "tor: starting tor" + tor -f ${torRc} --verify-config + tor -f ${torRc} & + ''; # ssh setup # todo add the ssh host fingerprint to your trusted stuff diff --git a/system/server/netdata.nix b/nixos/system/server/netdata.nix similarity index 100% rename from system/server/netdata.nix rename to nixos/system/server/netdata.nix diff --git a/nixos/system/server/packages.nix b/nixos/system/server/packages.nix new file mode 100644 index 0000000..e10333b --- /dev/null +++ b/nixos/system/server/packages.nix @@ -0,0 +1,20 @@ +{ pkgs, config, lib, ... }: { + + # no need to to start a service + environment.systemPackages = + let + + nginxShowConfig = pkgs.writers.writePython3Bin "nginx-show-config" + { + flakeIgnore = [ "E265" "E225" "W292" ]; + } + (lib.fileContents ../../assets/nginx-show-config.sh); + in + [ + pkgs.mosh + + # nginxfmt + pkgs.nginx-config-formatter + nginxShowConfig + ]; +} diff --git a/system/server/prometheus-exporters.nix b/nixos/system/server/prometheus-exporters.nix similarity index 100% rename from system/server/prometheus-exporters.nix rename to nixos/system/server/prometheus-exporters.nix diff --git a/pkgs/polygon-art/default.nix b/pkgs/polygon-art/default.nix deleted file mode 100644 index 27b0ff6..0000000 --- a/pkgs/polygon-art/default.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ rustPlatform, fetchgit, lib, cairo, geos, clipper, clang, pkg-config, cmake -, openssl, llvmPackages, ... }: - -rustPlatform.buildRustPackage { - - pname = "polygon-art"; - - version = "1.0.0"; - - # nix-prefetch-git-rendered --rev refs/heads/develop https://git.ingolf-wagner.de/palo/polygon-art.git - src = fetchgit { - url = "https://git.ingolf-wagner.de/palo/polygon-art.git"; - rev = "dfb6e0789ec67ee649050ad3b16d8b6a6b38955d"; - sha256 = "0iqmikvl93pazxfd120hcr0waxav7zy6px5kmdqxifrjgdbda9xx"; - }; - - #cargoSha256 = "05rkn8iihj4j9k179xx7wn2a07hxks050raj6fbxmj6gdx6aj170"; - cargoSha256 = "0sgk4hw77cxqbqzd258fz67r7fpjblkm7cqh14n5f1c43y8vgxa0"; - verifyCargoDeps = true; - - # Needed so bindgen can find libclang.so - LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; - - buildInputs = [ cairo geos clipper openssl ]; - - nativeBuildInputs = - [ cmake llvmPackages.clang llvmPackages.libclang pkg-config ]; - - meta = with lib; { - description = "Framework with examples to generate plotter friendly SVGs"; - homepage = "https://git.ingolf-wagner.de/palo/polygon-art.git"; - license = licenses.gpl3Plus; - maintainers = [ maintainers.mrVanDalo ]; - }; -} - diff --git a/pkgs/q/default.nix b/pkgs/q/default.nix deleted file mode 100644 index 3e16b66..0000000 --- a/pkgs/q/default.nix +++ /dev/null @@ -1,346 +0,0 @@ -{ pkgs, lib -# tzselect is your frind do find timezones -, timeZones ? [ ], timeColor ? 9, timeZoneColor ? 10, calBackgroundColor ? 10 -, calWeekColor ? 13, calDayColor ? 9, enableIntelBacklight ? true -, userHighlight ? [ "palo" ], enableBattery ? true, ... }: - -let - - hrule = "${pkgs.terminal-tools}/bin/hrule"; - - q-cal = let - - # Maximum width of cal's output. - calwidth = 23; - - # Number of space characters between two calendars. - hspace = 2; - - # Return number of columns required to print n calenders side by side. - need_width = n: assert n >= 1; n * calwidth + (n - 1) * hspace; - - lpad = n: c: s: if lib.stringLength s < n then lpad n c (c + s) else s; - - pad = '' - { - ${pkgs.gnused}/bin/sed ' - # rtrim - s/ *$// - - # delete last empty line - ''${/^$/d} - ' \ - | ${pkgs.gawk}/bin/awk '{printf "%-${ - toString calwidth - }s\n", $0}' \ - | ${pkgs.gnused}/bin/sed " - # colorize header - 1,2s/.*/[38;5;${toString calBackgroundColor}m&/ - - # highlight current week - s/^$(${pkgs.coreutils}/bin/date +%W)/[38;5;${ - toString calWeekColor - }m&/ - - # colorize week number - s/^[ 1-9][0-9]/[38;5;${ - toString calBackgroundColor - }m&/ - " - }''; - in '' - cols=$(${pkgs.ncurses}/bin/tput cols) - ${pkgs.coreutils}/bin/paste \ - <(if test $cols -ge ${toString (need_width 3)}; then - ${pkgs.utillinux}/bin/cal -mw \ - $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'last month') \ - | ${pad} - fi) \ - <(if test $cols -ge ${toString (need_width 1)}; then - ${pkgs.utillinux}/bin/cal -mw \ - | ${pkgs.gnused}/bin/sed ' - # colorize day of month - s/\(^\| \)'"$(${pkgs.coreutils}/bin/date +%e)"'\>/[38;5;${ - toString calDayColor - }m&/ - ' \ - | ${pad} - fi) \ - <(if test $cols -ge ${toString (need_width 2)}; then - ${pkgs.utillinux}/bin/cal -mw \ - $(${pkgs.coreutils}/bin/date +'%m %Y' -d 'next month') \ - | ${pad} - fi) \ - | ${pkgs.gnused}/bin/sed ' - s/^\t// - s/\t$// - s/\t/${lpad hspace " " ""}/g - ' - ''; - - q-timeZoneDate = size: zone: - let - dateString = comment: - "'+%Y-%m-%dT[;38;5;${ - toString timeColor - }m%H:%M:%S[;38;5;${toString timeZoneColor}m%:z ${comment}' "; - timeZoneVariable = lib.optionalString (zone != null) "TZ=${zone}"; - comment = lib.optionalString (zone != null) - " : ${lib.fixedWidthString size " " zone}"; - # sh - in '' - ${timeZoneVariable} ${pkgs.coreutils}/bin/date ${ - dateString comment - } | ${pkgs.terminal-tools}/bin/center - ''; - - q-timeZoneDates = if timeZones == [ ] then - q-timeZoneDate 0 null - else - let size = lib.foldr lib.max 0 (map builtins.stringLength timeZones); - in lib.concatMapStringsSep "\n" (q-timeZoneDate size) timeZones; - - q-intel_backlight = '' - cd /sys/class/backlight/intel_backlight - = .42) full_color = "2" - else if (charge >= .23) full_color = "3" - else full_color = "1" - - left_arrow = 1 - middle_arrow = 1 - right_arrow = 1 - if (full_bars == 0) { - left_arrow = 0 - middle_arrow = 0 - } - if (empty_bars == 0) { - middle_arrow = 0 - right_arrow = 0 - } - - empty_color = "0"; - return sgr("38;5;" 8) sgr("48;5;" full_color) strdup("",left_arrow) strdup(" ", full_bars) sgr("48;5;" empty_color) sgr("38;5;" full_color) strdup("",middle_arrow) strdup(" ", empty_bars) sgr() sgr("38;5;" empty_color) strdup("",right_arrow) sgr() - } - - function sgr(p) { - return "\x1b[" p "m" - } - - function strdup(s,n,t) { - t = sprintf("%"n"s","") - gsub(/ /,s,t) - return t - } - - END { - name = ENVIRON["POWER_SUPPLY_NAME"] - - charge_unit = "Ah" - charge_now = ENVIRON["POWER_SUPPLY_CHARGE_NOW"] / 10^6 - charge_full = ENVIRON["POWER_SUPPLY_CHARGE_FULL"] / 10^6 - - current_unit = "A" - current_now = ENVIRON["POWER_SUPPLY_CURRENT_NOW"] / 10^6 - - energy_unit = "Wh" - energy_now = ENVIRON["POWER_SUPPLY_ENERGY_NOW"] / 10^6 - energy_full = ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 - - power_unit = "W" - power_now = ENVIRON["POWER_SUPPLY_POWER_NOW"] / 10^6 - - voltage_unit = "V" - voltage_now = ENVIRON["POWER_SUPPLY_VOLTAGE_NOW"] / 10^6 - voltage_min_design = ENVIRON["POWER_SUPPLY_VOLTAGE_MIN_DESIGN"] / 10^6 - - #printf "charge_now: %s\n", charge_now - #printf "charge_full: %s\n", charge_full - #printf "current_now: %s\n", current_now - #printf "energy_now: %s\n", energy_now - #printf "energy_full: %s\n", energy_full - #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] - #printf "energy_full: %s\n", ENVIRON["POWER_SUPPLY_ENERGY_FULL"] / 10^6 - #printf "power_now: %s\n", power_now - #printf "voltage_now: %s\n", voltage_now - - if (current_now == 0 && voltage_now != 0) { - current_now = power_now / voltage_now - } - if (power_now == 0) { - power_now = current_now * voltage_now - } - if (charge_now == 0 && voltage_min_design != 0) { - charge_now = energy_now / voltage_min_design - } - if (energy_now == 0) { - energy_now = charge_now * voltage_min_design - } - if (charge_full == 0 && voltage_min_design != 0) { - charge_full = energy_full / voltage_min_design - } - if (energy_full == 0) { - energy_full = charge_full * voltage_min_design - } - - if (charge_now == 0 || charge_full == 0) { - die("unknown charge") - } - - charge_ratio = charge_now / charge_full - - out = out sprintf("%20s │", name) - out = out sprintf(" %s", print_bar(10, charge_ratio)) - out = out sprintf(" %d%", charge_ratio * 100) - out = out sprintf(" %.2f%s", charge_now, charge_unit) - if (current_now != 0) { - out = out sprintf("/%.1f%s", current_now, current_unit) - } - out = out sprintf(" %d%s", energy_full, energy_unit) - if (power_now != 0) { - out = out sprintf("/%.1f%s", power_now, power_unit) - } - if (current_now != 0) { - out = out sprintf(" %s", print_hm(charge_now / current_now)) - } - - print out - } - ' - ''; - in '' - for uevent in /sys/class/power_supply/*/uevent; do - ${power_supply} "$uevent" || : - done - ''; - - q-virtualization = '' - printf '%20s │ %s\n' "VT" \ - $(${pkgs.systemd}/bin/systemd-detect-virt) - ''; - - q-wireless = '' - for dev in $( - ${pkgs.iw}/bin/iw dev \ - | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' - ); do - inet=$(${pkgs.iproute}/bin/ip addr show $dev \ - | ${pkgs.gnused}/bin/sed -n ' - s/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p - ') \ - || unset inet - ssid=$(${pkgs.iw}/bin/iw dev $dev link \ - | ${pkgs.gnused}/bin/sed -n ' - s/.*\tSSID: \(.*\)/\1/p - ') \ - || unset ssid - printf '%20s │ %s %s\n' $dev ''${inet+ $inet} ''${ssid+ $ssid} - done - ''; - - q-online = '' - if ${pkgs.curl}/bin/curl -s google.com >/dev/null; then - echo ' status │ online' - else - echo ' status │ offline ' - fi - ''; - - q-thermal_zone = '' - for i in /sys/class/thermal/thermal_zone*; do - type=$(${pkgs.coreutils}/bin/cat $i/type) - temp=$(${pkgs.coreutils}/bin/cat $i/temp) - printf '%20s │ %s°C\n' $type $(echo $temp / 1000 | ${pkgs.bc}/bin/bc) - done - ''; - - q-show-users = '' - ${pkgs.procps}/bin/ps -eo user \ - | ${pkgs.gnused}/bin/sed '1 d' \ - | ${pkgs.coreutils}/bin/sort \ - | ${pkgs.coreutils}/bin/uniq \ - | ${pkgs.gnugrep}/bin/egrep --color=always '(${ - lib.concatStringsSep "|" userHighlight - })|$' \ - | ${pkgs.utillinux}/bin/column - ''; - - q-task-checklist = '' - ${pkgs.taskwarrior}/bin/task export +checklist status:pending +READY | \ - ${pkgs.jq}/bin/jq \ - --raw-output ' - sort_by(.description) | reverse | - .[] | - "[ \( .id ) ] \( .description )" - ' - ''; - - q-task-active = '' - ${pkgs.taskwarrior}/bin/task export \ - +ACTIVE status:pending \ - | ${pkgs.jq}/bin/jq --raw-output '.[] | "⇒ \(.id) \(.description)"' - ''; - - # bash needed for <(...) -in pkgs.writers.writeBashBin "q" '' - set -eu - export PATH=/var/empty - ${hrule} - ${q-cal} - ${hrule} - ${q-timeZoneDates} - ${hrule} - ${lib.optionalString enableIntelBacklight "(${q-intel_backlight}) &"} - ${lib.optionalString enableBattery "(${q-power_supply}) &"} - (${q-virtualization}) & - (${q-wireless}) & - (${q-online}) & - (${q-thermal_zone}) & wait - ${hrule} - ${q-task-active} - ${hrule} - ${q-task-checklist} - ${hrule} - ${q-show-users} -'' diff --git a/system/all/borg-jobs.nix b/system/all/borg-jobs.nix deleted file mode 100644 index 374e709..0000000 --- a/system/all/borg-jobs.nix +++ /dev/null @@ -1,72 +0,0 @@ -{ config, lib, ... }: { - - options = { - backup.dirs = lib.mkOption { - default = [ ]; - type = with lib.types; listOf str; - description = '' - folders to backup - ''; - }; - backup.exclude = lib.mkOption { - default = [ ]; - type = with lib.types; listOf str; - description = '' - exclude files and folders matching a pattern. - Theses patterns effect all folders in `backup.dirs`. - see man borg pattern for more information - ''; - example = [ ".git" "/home/*/.cache" ".stfolder" ]; - }; - }; - - config = let - servers = [ - { - name = "workhorse"; - host = "workhorse.private"; - } - { - name = "pepe"; - host = "pepe.private"; - } - ]; - - dirs = config.backup.dirs; - - myHostname = config.networking.hostName; - - setup = server: { - paths = config.backup.dirs; - exclude = config.backup.exclude; - doInit = true; - repo = "borg@${server}:./${myHostname}"; - encryption = { - mode = "repokey-blake2"; - # todo rename - passCommand = "cat ${toString }"; - }; - environment.BORG_RSH = "ssh -i ${toString }"; - compression = "auto,lzma"; - startAt = "daily"; - prune.keep = { - within = "10d"; # Keep all backups in the last 10 days. - weekly = 8; # Keep 8 additional end of week archives. - monthly = -1; # Keep end of month archive for every month - }; - - }; - - in { - - services.borgbackup.jobs = let - setups = map ({ name, host }: { "${name}" = setup host; }) servers; - setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups; - nonEmptySetups = - lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0) - setupAttrs; - in nonEmptySetups; - - }; - -} diff --git a/system/all/borg-scripts.nix b/system/all/borg-scripts.nix deleted file mode 100644 index 8b991aa..0000000 --- a/system/all/borg-scripts.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, ... }: { - - environment.systemPackages = let - createScript = command: host: repository: - pkgs.writers.writeBashBin - "borg-${command}-on-${host}-for-${repository}" '' - ${pkgs.borgbackup}/bin/borg \ - ${command} \ - --rsh='ssh -i ~/.ssh/card_rsa.pub' borg@${host}.private:${repository}/. \ - "$@" - ''; - hosts = [ "workhorse" "pepe" ]; - repositories = [ "workhorse" "pepe" "sterni" "workout" ]; - commands = [ "list" ]; - in lib.flatten (map (command: - map - (host: map (repository: createScript command host repository) repositories) - hosts) commands); - -} diff --git a/system/all/on-failure.nix b/system/all/on-failure.nix deleted file mode 100644 index bdc0082..0000000 --- a/system/all/on-failure.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ lib, ... }: { - on-failure = { - url = lib.fileContents ; - enable = true; - plans = { - tinc_private.name = "tinc.private"; - tinc_retiolum.name = "tinc.retiolum"; - sshd.name = "sshd"; - tor.name = "tor"; - dnsmasq.name = "dnsmasq"; - #backup_on_workhorse.name = "backup.on-workhorse.private"; - #backup_on_workout.name = "backup.on-workout.private"; - #backup_on_porani.name = "backup.on-porani.private"; - syncthing.name = "syncthing"; - }; - }; -} diff --git a/system/all/packages/llvm-config-dummy.nix b/system/all/packages/llvm-config-dummy.nix deleted file mode 100644 index e3f03e6..0000000 --- a/system/all/packages/llvm-config-dummy.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ pkgs, config, lib, ... }: -with pkgs.lib; { - environment.systemPackages = let - llvm = pkgs.llvm; - llvm-config = pkgs.writers.writeBashBin "llvm-config" '' - while [[ $# -gt 0 ]]; do - arg="$1" - case $arg in - --assertion-mode) - echo "OFF" - ;; - --bindir) - echo "${getBin llvm}/bin" - ;; - --libdir) - echo "${getLib llvm}/lib" - ;; - --includedir) - echo "${getDev llvm}/include" - ;; - --prefix) - echo "${llvm.out}" - ;; - --src-root) - echo "/build/llvm"; - ;; - --obj-root) - echo "/build/llvm/build"; - ;; - --cmakedir) - echo "${getDev llvm}/lib/cmake/llvm" - ;; - *) - echo "Unhandled argument '$arg' passed to dummy llvm-config!" - exit 1 - esac - shift - done - ''; - in [ llvm-config ]; -} diff --git a/system/all/sshd-known-hosts-bootup.nix b/system/all/sshd-known-hosts-bootup.nix deleted file mode 100644 index 3801aba..0000000 --- a/system/all/sshd-known-hosts-bootup.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ lib, pkgs, ... }: -with lib; -let - - computers = { - workhorse = { - onionId = fileContents ; - publicKey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx"; - }; - porani = { - onionId = fileContents ; - publicKey = - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4="; - }; - }; - -in { - - services.openssh.knownHosts = mapAttrs' (name: - { onionId, publicKey, ... }: { - name = "${name}-init-ssh"; - value = { - hostNames = [ onionId ]; - inherit publicKey; - }; - }) computers; - - environment.systemPackages = let - - ssh = mapAttrsToList (name: - { onionId, ... }: - pkgs.writers.writeDashBin "ssh-boot-to-${name}" '' - ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 - '') computers; - - password = mapAttrsToList (name: - { onionId, ... }: - pkgs.writers.writeDashBin "unlock-boot-${name}" '' - ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 ' - echo -n "enter password : " - read password - echo "$password" > /crypt-ramfs/passphrase - ' - '') computers; - - in ssh ++ password; - -} diff --git a/system/desktop/home-manager/doom-emacs.nix b/system/desktop/home-manager/doom-emacs.nix index eafef4b..e69de29 100644 --- a/system/desktop/home-manager/doom-emacs.nix +++ b/system/desktop/home-manager/doom-emacs.nix @@ -1,21 +0,0 @@ -{ pkgs, ... }: -let - doom-emacs = pkgs.callPackage (builtins.fetchTarball { - url = "https://github.com/vlaci/nix-doom-emacs/archive/master.tar.gz"; - }) { - doomPrivateDir = ./doom.d; - # Directory containing your config.el init.el - # and packages.el files - }; -in { - home-manager.users.mainUser = { - home.packages = [ doom-emacs ]; - home.file.".emacs.d/init.el".text = '' - (load "default.el") - ''; - }; - - environment.systemPackages = [ - pkgs.ripgrep - ]; -} diff --git a/system/desktop/home-manager/doom.d/packages.el b/system/desktop/home-manager/doom.d/packages.el deleted file mode 100644 index e69de29..0000000 diff --git a/system/desktop/home-manager/spacevim.nix b/system/desktop/home-manager/spacevim.nix deleted file mode 100644 index 5530c64..0000000 --- a/system/desktop/home-manager/spacevim.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ lib, pkgs, ... }: { - environment.systemPackages = let - spacevimRepo = pkgs.fetchgit { - url = "https://github.com/SpaceVim/SpaceVim.git"; - rev = "9b354e05b4716b645ba6366e1265a5048a0c23d5"; - sha256 = "1mn28hf857kp0jmbgd89cf5mk4dg53jcbqqrbr9zi3b854sa9ads"; - }; - - vimRc = pkgs.writeText "vimrc" '' - " search/grep case insensitive - :set ignorecase - - " tabs should always be 2 spaces - set et ts=2 sts=2 sw=2 - - " show Trailing Whitespaces - :set list listchars=tab:»·,trail:¶ - - " start spacevim - source ${spacevimRepo}/init.vim - - " configure command cross - "":hi CursorLine cterm=NONE ctermbg=0 guibg=#073642 - "":hi CursorColumn cterm=NONE ctermbg=0 guibg=#073642 - ""set cursorline - ""set cursorcolumn - - " disable noisy indentLine - let g:indentLine_enabled = 0 - ''; - in [ - - # vim - (pkgs.writers.writeDashBin "spacevim" '' - exec ${pkgs.neovim}/bin/nvim -u ${vimRc} "$@" - '') - ]; -} diff --git a/system/desktop/home-manager/xmonad.nix b/system/desktop/home-manager/xmonad.nix deleted file mode 100644 index 3d8b793..0000000 --- a/system/desktop/home-manager/xmonad.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ pkgs, lib, config, ... }: -let - - background-repo = pkgs.fetchgit { - url = "https://git.ingolf-wagner.de/palo/image-generator-lib"; - rev = "95bc53de0b73917c5571a061a6702c71c9bf173e"; - sha256 = "1x14pknv0v38x0g5sf6k25g9w7r7j0mndazq5ixjvybwdynk25kw"; - }; - - nixCommands = { height, width }: - pkgs.writeText "NixCommands.hs" # haskell - '' - module NixCommands where - - nixStartIrc = "${pkgs.rxvt_unicode}/bin/urxvt -e irc" - nixStartAudacious = "${pkgs.audacious}/bin/audacious" - nixStartFlameshot = "${pkgs.flameshot}/bin/flameshot gui -p /share/" - nixInvertColors = "${pkgs.xcalib}/bin/xcalib -invert -alter" - nixStartRedshift = "${pkgs.redshift}/bin/redshift -O 6100 -g 0.9:0.9:0.9 -b 0.9" - nixResetRedshift = "${pkgs.redshift}/bin/redshift -x" - nixSetCursorImage = "${pkgs.xorg.xsetroot}/bin/xsetroot -cursor_name left_ptr" - nixSetBackground = "${pkgs.polygon-art}/bin/rings --height ${ - toString height - } --width ${ - toString width - } /dev/shm/background.png && ${pkgs.feh}/bin/feh --bg-scale /dev/shm/background.png" - nixStartAlbert = "${pkgs.albert}/bin/albert" - nixStartCopyq = "${pkgs.copyq}/bin/copyq" - nixShowCopyq = "${pkgs.copyq}/bin/copyq show" - nixStartTerminal = "${pkgs.rxvt_unicode}/bin/urxvtc" - nixAlsaRaiseVolume = "${pkgs.alsaUtils}/bin/amixer set Master 5%+" - nixAlsaLowerVolume = "${pkgs.alsaUtils}/bin/amixer set Master 5%-" - nixAlsaMute = "${pkgs.alsaUtils}/bin/amixer set Master toggle" - nixNotifySend = "${pkgs.libnotify}/bin/notify-send" - ''; -in { - - home-manager.users.mainUser = { - home.file.".xmonad/xmonad.hs".source = ./xmonad/Main.hs; - home.file.".xmonad/lib/NixCommands.hs".source = nixCommands { - height = config.configuration.desktop.height; - width = config.configuration.desktop.width; - }; - home.file.".xmonad/lib/SolarizedLight.hs".source = - ./xmonad/SolarizedLight.hs; - home.file.".xmonad/lib/SolarizedDark.hs".source = ./xmonad/SolarizedDark.hs; - home.file.".xmonad/lib/FloatKeys.hs".source = ./xmonad/FloatKeys.hs; - home.file.".xmonad/lib/TabbedFix.hs".source = ./xmonad/TabbedFix.hs; - home.file.".xmonad/lib/BoringWindows.hs".source = ./xmonad/BoringWindows.hs; - home.file.".xmonad/lib/Memo.hs".source = ./xmonad/Memo.hs; - home.file.".xmonad/lib/SubLayouts.hs".source = ./xmonad/SubLayouts.hs; - - home.file.".xmonad/xmonad.cabal".source = ./xmonad/palos-xmonad.cabal; - home.file.".xmonad/Main.hs".source = ./xmonad/Main.hs; - }; -} diff --git a/system/desktop/home-manager/xmonad/env.nix b/system/desktop/home-manager/xmonad/env.nix deleted file mode 100644 index 9709729..0000000 --- a/system/desktop/home-manager/xmonad/env.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ pkgs ? import { - overlays = [ - (self: super: { - haskellPackages = super.haskellPackages.override { - overrides = self: super: { - current-project = super.callPackage ./current-project.nix { }; - }; - }; - }) - ]; -} }: -pkgs.haskellPackages.current-project.env diff --git a/system/desktop/mail-stuff.nix b/system/desktop/mail-stuff.nix deleted file mode 100644 index 1a1d0fe..0000000 --- a/system/desktop/mail-stuff.nix +++ /dev/null @@ -1,383 +0,0 @@ -{ config, pkgs, lib, ... }: -let - passcmd = id: "${pkgs.pass}/bin/pass ${id}"; - ticks = "''"; - -in { - # Maildir <-> Server communication - # -------------------------------- - # mbsync: MailDir <-> IMAP - # msmtp: sendmail interface sending mails through your provider. - - # client backend - # -------------- - # notmuch: Tagdatabase for Emails - # muchsync: notmuch database synctool - - # clients - # ------- - # neomutt - - home-manager.users.mainUser.accounts.email.accounts = { - palo_van_dalo-gmx = { - primary = false; - address = "palo_van_dalo@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo_van_dalo@gmx.de"; - passwordCommand = passcmd "mail/gmx/palo_van_dalo@gmx.de"; - smtp = { - host = "smtp.gmx.net"; - port = 465; - }; - notmuch.enable = true; - msmtp = { enable = true; }; - }; - ingolf-wagner-gmx = { - primary = false; - address = "ingolf.wagner@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "ingolf.wagner@gmx.de"; - passwordCommand = passcmd "mail/gmx/ingolf.wagner@gmx.de"; - smtp = { - host = "smtp.gmx.net"; - port = 465; - }; - notmuch.enable = true; - msmtp = { enable = true; }; - }; - pali_palo = { - primary = false; - address = "pali_palo@web.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "pali_palo@web.de"; - passwordCommand = passcmd "mail/web.de/pali_palo@web.de"; - smtp = { - host = "smtp.web.de"; - port = 465; - }; - notmuch.enable = true; - msmtp = { enable = true; }; - }; - gmail = { - # for google accounts you have to allow 'less secure apps' in accounts.google.com - primary = true; - address = "palipalo9@googlemail.com"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palipalo9@googlemail.com"; - passwordCommand = passcmd "mail/gmail/palipalo9@googlemail.com"; - smtp = { - host = "smtp.gmail.com"; - port = 465; - }; - notmuch.enable = true; - msmtp = { - enable = true; - # msmtp --serverinfo --tls --tls-certcheck=off -a gmail - }; - gpg = { - encryptByDefault = true; - signByDefault = true; - key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; - }; - }; - terranix_org = { - primary = false; - address = "palo@terranix.org"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo@terranix.org"; - passwordCommand = passcmd "mail/namecheap/palo@terranix.org"; - smtp = { - host = "mail.privateemail.com"; - port = 465; - }; - notmuch.enable = true; - msmtp = { - enable = true; - # msmtp --serverinfo --tls --tls-certcheck=off -a gmail - }; - }; - ingolf-wagner = { - primary = false; - address = "contact@ingolf-wagner.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "contact@ingolf-wagner.de"; - passwordCommand = passcmd "mail/siteground/contact@ingolf-wagner.de"; - notmuch.enable = true; - smtp = { - host = "securees5.sgcpanel.com"; - port = 587; - tls.useStartTls = true; - }; - msmtp = { - enable = true; - # msmtp --serverinfo --tls --tls-certcheck=off -a ingolf-wagner - tls.fingerprint = - "F3:5C:9A:BF:82:35:78:AA:42:85:F5:D1:2A:08:B9:B4:56:6D:B7:BF:47:3B:37:B4:D8:B5:10:AE:0E:95:03:CD"; - }; - gpg = { - encryptByDefault = true; - signByDefault = true; - key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; - }; - }; - }; - - # install mail programs - home-manager.users.mainUser.programs.msmtp.enable = true; - home-manager.users.mainUser.programs.notmuch.enable = true; - - # enable html emails - home-manager.users.mainUser.home.file.".mailcap".text = '' - text/html; ${pkgs.elinks}/bin/elinks -dump ; copiousoutput; - ''; - - home-manager.users.mainUser.home.file.".muttrc".text = let - - index_format = pkgs.writers.writeDash "index_format" '' - # http://www.mutt.org/doc/manual/#formatstrings - recipent="$(echo $1 | sed 's/[^,]*<\([^>]*\)[^,]*/ \1/g')" - echo "%4C %Z %?GI?%GI& ? %[%y-%m-%d %H:%M] %-20.20a %?M?(%3M)& ? %s %> $recipent %?g?%g?%" - ''; - in '' - # gpg - set crypt_use_gpgme=yes - set crypt_autosign=yes - set crypt_verify_sig=yes - set crypt_replysign=yes - set crypt_replyencrypt=yes - set crypt_replysignencrypted=yes - - # mutt is not smart enough to see if I have a key or not - #set crypt_autoencrypt = yes - - set pgp_check_gpg_decrypt_status_fd - set pgp_use_gpg_agent = yes - set pgp_self_encrypt = yes # needs default key - set pgp_default_key = 42AC51C9482D0834CF488AF1389EC2D64AC71EAC - - # read html mails - auto_view text/html - set mailcap_path = ~/.mailcap - - # notmuch - set nm_default_uri="notmuch://$HOME/Maildir" # path to the maildir - set nm_record = yes - set nm_record_tags = "-inbox me archive" - set virtual_spoolfile=yes # enable virtual folders - - set sendmail=${ - pkgs.writers.writeBash "msmtp" '' - ${pkgs.coreutils}/bin/tee >(${pkgs.notmuch}/bin/notmuch insert --create-folder +sent) | \ - ${pkgs.msmtp}/bin/msmtpq "$@" - '' - } - - set from="contact@ingolf-wagner.de" - #alternates ^.*@ingolf-wagner\.de$ ^.*@.*\.r$ - set use_from=yes - set envelope_from=yes - set reverse_name - - set sort=threads - - set index_format="${index_format} %r |" - folder-hook 'Discourse.*' 'set sort=reverse-date' - - virtual-mailboxes "INBOX" "notmuch://?query=(tag:inbox or (tag:sent and not tag:archive)) AND NOT tag:discourse AND NOT tag:muted AND NOT tag:list AND NOT tag:fraud AND NOT tag:junk" - virtual-mailboxes "Unread" "notmuch://?query=(tag:unread AND NOT tag:muted)" - virtual-mailboxes "Space left" "notmuch://?query=((tag:spaceleft OR tag:space-lef) AND NOT tag:muted)" - virtual-mailboxes "Sononym" "notmuch://?query=(tag:sononym AND NOT tag:muted)" - virtual-mailboxes "c-base" "notmuch://?query=(tag:cbase AND NOT tag:muted)" - virtual-mailboxes "shopping" "notmuch://?query=((tag:billing OR tag:shopping) AND NOT tag:muted)" - virtual-mailboxes "Immobilien" "notmuch://?query=(tag:immobilien AND NOT tag:muted)" - virtual-mailboxes "NixOS Github" "notmuch://?query=(tag:github AND tag:nixos AND NOT tag:muted)" - virtual-mailboxes "Discourse.all" "notmuch://?query=(tag:discourse AND NOT tag:muted)" - virtual-mailboxes "Discourse.development" "notmuch://?query=(tag:discourse AND tag:development AND NOT tag:muted)" - virtual-mailboxes "Discourse.announcements" "notmuch://?query=(tag:discourse AND tag:announcements AND NOT tag:muted)" - virtual-mailboxes "Discourse.links" "notmuch://?query=(tag:discourse AND tag:links AND NOT tag:muted)" - virtual-mailboxes "Discourse.games" "notmuch://?query=(tag:discourse AND tag:games AND NOT tag:muted)" - virtual-mailboxes "Discourse.meta" "notmuch://?query=(tag:discourse AND tag:meta AND NOT tag:muted)" - virtual-mailboxes "Discourse.events" "notmuch://?query=(tag:discourse AND tag:events AND NOT tag:muted)" - virtual-mailboxes "Flagged" "notmuch://?query=tag:flagged" - virtual-mailboxes "Archive" "notmuch://?query=tag:archive" - virtual-mailboxes "Sent" "notmuch://?query=tag:sent" - virtual-mailboxes "Fraud" "notmuch://?query=(tag:fraud)" - virtual-mailboxes "Junk" "notmuch://?query=(tag:junk)" - virtual-mailboxes "All" "notmuch://?query=*" - - tag-transforms "junk" "k" \ - "unread" "u" \ - "replied" "↻" \ - - # notmuch bindings - bind index \\\\ noop - bind pager \\ noop - bind pager \\\\ noop - macro index \\\\ "" # looks up a hand made query - macro pager \\\\ "" # looks up a hand made query - - macro index + "+flagged\n" # tag as starred - macro pager + "+flagged\n" # tag as starred - macro index ! "+flagged\n" # tag as starred - macro pager ! "+flagged\n" # tag as starred - macro index - "-flagged\n" # tag as unstarred - macro pager - "-flagged\n" # tag as unstarred - - # Address Book - # ------------ - set query_command="${pkgs.notmuch-addrlookup}/bin/notmuch-addrlookup --mutt '%s'" - - # keys bindings - # ------------- - bind index d noop - bind index D noop - bind pager d noop - bind pager D noop - macro index D "-inbox -unread +deleted\n" # tag as deleted mail - macro index d "-deleted\n" # tag as deleted mail - macro pager D "-inbox -unread +deleted\n" # tag as deleted mail - macro pager d "-deleted\n" # tag as deleted mail - - bind index S noop - bind index s noop - bind pager S noop - bind pager s noop - macro index S "-inbox -unread +junk\n" # tag as junk mail - macro index s "-junk\n" # tag as junk mail - macro pager S "-inbox -unread +junk\n" # tag as junk mail - macro pager s "-junk\n" # tag as junk mail - - bind index r noop - bind index R noop - bind pager r noop - bind pager R noop - macro index r "" # reply to all - macro index R "" # reply - macro pager r "" # reply to all - macro pager R "" # reply - - - bind index A noop - bind index a noop - bind pager A noop - bind pager a noop - macro index A "+archive -unread -inbox\n" # tag as Archived - macro index a "-archive\n" # tag as Archived - macro pager A "+archive -unread -inbox\n" # tag as Archived - macro pager a "-archive\n" # tag as Archived - - bind index U noop - bind index u noop - bind pager U noop - bind pager u noop - macro index u "+unread\n" - macro index U "-unread\n" - macro pager u "+unread\n" - macro pager U "-unread\n" - - bind index l noop - bind pager l noop - macro index l "" # set tags manual - macro pager l "" # set tags manual - - # taskwarrior - # ----------- - # from https://www.nixternal.com/mark-e-mails-in-mutt-as-tasks-in-taskwarrior/ - bind index t noop - bind pager t noop - bind index T noop - bind pager T noop - macro index T "${ - pkgs.writers.writeDash "mutt2task" '' - ${pkgs.taskwarrior}/bin/task add +email scheduled:today E-mail: $( ${pkgs.gnugrep}/bin/grep 'Subject' $* | awk -F: '{print $2}' ) - '' - }" - - # top index bar in email view - set pager_index_lines=7 - # top_index_bar toggle - macro pager ,@1 " set pager_index_lines=0; macro pager ] ,@2 'Toggle indexbar" - macro pager ,@2 " set pager_index_lines=3; macro pager ] ,@3 'Toggle indexbar" - macro pager ,@3 " set pager_index_lines=7; macro pager ] ,@1 'Toggle indexbar" - macro pager ] ,@1 'Toggle indexbar - - # sidebar - # ------- - set sidebar_width = 20 - set sidebar_visible = yes # set to "no" to disable sidebar view at startup - color sidebar_new yellow default - # sidebar bindings - bind index sidebar-prev # got to previous folder in sidebar - bind index sidebar-next # got to next folder in sidebar - bind index sidebar-open # open selected folder from sidebar - - # sidebar toggle - #macro index,pager ,@) " set sidebar_visible=no; macro index,pager [ ,@( 'Toggle sidebar'" - #macro index,pager ,@( " set sidebar_visible=yes; macro index,pager [ ,@) 'Toggle sidebar'" - #macro index,pager [ ,@( 'Toggle sidebar' # toggle the sidebar - ''; - - environment.systemPackages = let - - mailSync = pkgs.writers.writeDashBin "mail-sync" '' - ${pkgs.muchsync}/bin/muchsync mailfetcher@workhorse.private --nonew - ''; - mailSend = pkgs.writers.writeDashBin "mail-send" '' - ${pkgs.msmtp}/bin/msmtp-queue -r - ''; - mailView = pkgs.writers.writeDashBin "mail-view" '' - ${pkgs.neomutt}/bin/neomutt"$@" - ''; - mutt = pkgs.writers.writeDashBin "mutt" '' - ${pkgs.neomutt}/bin/neomutt"$@" - ''; - mail = pkgs.writers.writeDashBin "mail" '' - ${mailSync}/bin/mail-sync - ${mailView}/bin/mail-view - ${mailSend}/bin/mail-send - ${mailSync}/bin/mail-sync - ''; - mailDelete = let notmuch = "${pkgs.notmuch}/bin/notmuch"; - in pkgs.writers.writeBashBin "mail-delete" '' - set -efu - set -o pipefail - - if ! ${notmuch} search --exclude=false tag:deleted | tac ; then - echo 'No killed mail.' - exit 1 - fi - - printf 'want do rm this mail? \[y/N\] ' - read REPLY - - case "$REPLY" in - y|Y) :;; # continue - *) - echo 'abort.' - exit 2 - ;; - esac - - ${notmuch} search --output=files --exclude=false tag:deleted | while read line; do rm -v "$line" ; done - ${notmuch} new - ''; - - in [ - pkgs.notmuch - pkgs.muchsync - mail - mailSync - mailView - mailSend - pkgs.neomutt - mutt - mailDelete - ]; - -} diff --git a/system/desktop/network.nix b/system/desktop/network.nix deleted file mode 100644 index 323c57f..0000000 --- a/system/desktop/network.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, pkgs, lib, ... }: { - - system.custom.wifi = { - enable = true; - configurationFile = toString ; - system = "networkmanager"; - }; - - environment.etc."NetworkManager/system-connections".source = - toString ; - -} diff --git a/system/proxy/default.nix b/system/proxy/default.nix deleted file mode 100644 index 041c5fb..0000000 --- a/system/proxy/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: { - - imports = [ - - - - - ]; - - services.sshguard.enable = true; - -} - diff --git a/system/server/packages.nix b/system/server/packages.nix deleted file mode 100644 index f75b3ca..0000000 --- a/system/server/packages.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, config, lib, ... }: { - - # no need to to start a service - environment.systemPackages = let - - nginxShowConfig = pkgs.writers.writePython3Bin "nginx-show-config" { - flakeIgnore = [ "E265" "E225" "W292" ]; - } (lib.fileContents ); - in [ - pkgs.mosh - - # nginxfmt - pkgs.nginx-config-formatter - nginxShowConfig - ]; -}