diff --git a/nixos/components/gui/browser.nix b/nixos/components/gui/browser.nix index d6a84b8..80e0de0 100644 --- a/nixos/components/gui/browser.nix +++ b/nixos/components/gui/browser.nix @@ -18,7 +18,7 @@ in fsType = "tmpfs"; }; - programs.custom.browser = { + services.browser = { enable = lib.mkDefault true; configList = { development = { diff --git a/nixos/components/network/sshd/default.nix b/nixos/components/network/sshd/default.nix index 4569c7c..e4dd13f 100644 --- a/nixos/components/network/sshd/default.nix +++ b/nixos/components/network/sshd/default.nix @@ -9,7 +9,6 @@ in imports = [ ./known-hosts-bootup.nix - ./known-hosts-private.nix ./known-hosts-public.nix ]; diff --git a/nixos/components/network/sshd/known-hosts-bootup.nix b/nixos/components/network/sshd/known-hosts-bootup.nix index 59375bb..769d185 100644 --- a/nixos/components/network/sshd/known-hosts-bootup.nix +++ b/nixos/components/network/sshd/known-hosts-bootup.nix @@ -69,11 +69,7 @@ in ${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 ' echo -n "enter password : " read password - while [[ $(systemd-tty-ask-password-agent --list) -ne 0 ]] - do - systemd-tty-ask-password-agent --list - echo "$password" | systemd-tty-ask-password-agent --query - done + echo "$password" | systemctl default ' '') { diff --git a/nixos/components/network/sshd/known-hosts-private.nix b/nixos/components/network/sshd/known-hosts-private.nix deleted file mode 100644 index 988e2fe..0000000 --- a/nixos/components/network/sshd/known-hosts-private.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, ... }: -with lib; -{ - config = mkIf (config.components.network.sshd.enable) { - - services.openssh.knownHosts = { - #"robi_init" = { - # hostNames = [ - # "robi:2222" - # "144.76.13.147:2222" - # ]; - # fingerprints - # 256 SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g root@rescue (ED25519) - # 3072 SHA256:KBVMQLNWaDpzlCZERN9OeEDFAhUoADOZRfenXWHxswU root@rescue (RSA) - # publicKey = ""; - #}; - "robi" = { - hostNames = [ - "robi.private" - "robi" - "144.76.13.147" - "git.ingolf-wagner.de" - "taskd.ingolf-wagner.de" - ]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; - }; - }; - }; -} diff --git a/nixos/components/network/tinc/private.nix b/nixos/components/network/tinc/private.nix index b940463..c315aba 100644 --- a/nixos/components/network/tinc/private.nix +++ b/nixos/components/network/tinc/private.nix @@ -119,7 +119,13 @@ in services.openssh.knownHosts = { "robi" = { - hostNames = [ "robi.${network}" hosts.robi ]; + hostNames = [ + "robi.${network}" + hosts.robi + "144.76.13.147" + "git.ingolf-wagner.de" + "taskd.ingolf-wagner.de" + ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; }; "sterni.${network}" = { @@ -130,6 +136,10 @@ in hostNames = [ "cream.${network}" hosts.cream ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; }; + "cherry.${network}" = { + hostNames = [ "cherry.${network}" hosts.cream ]; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUXkewyZ94A7CeCyVvN0KCqPn+8x1BZaGWMAojlfCXO"; + }; "pepe.${network}" = { hostNames = [ "pepe.${network}" hosts.pepe ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz"; diff --git a/nixos/components/terminal/wtf.nix b/nixos/components/terminal/wtf.nix index 9fc410b..b14f4cc 100644 --- a/nixos/components/terminal/wtf.nix +++ b/nixos/components/terminal/wtf.nix @@ -55,7 +55,7 @@ let ''; userHighlight = map ({ user, ... }: user) - (builtins.attrValues config.programs.custom.browser.configList) + (builtins.attrValues config.services.browser.configList) ++ [ "steam" ]; activeUsers = pkgs.writers.writeBash "active-users" '' diff --git a/nixos/machines/bobi/configuration.nix b/nixos/machines/bobi/configuration.nix index 12527e9..c4a329f 100644 --- a/nixos/machines/bobi/configuration.nix +++ b/nixos/machines/bobi/configuration.nix @@ -27,12 +27,6 @@ components.gui.enable = true; - # fonts - # ----- - programs.custom.urxvt.fontSize = 16; - programs.custom.urxvt.fontType = "vector"; - programs.custom.xterm.fontSize = 16; - configuration.desktop = { width = 1366; height = 768; diff --git a/nixos/machines/chungus/media-castget.nix b/nixos/machines/chungus/media-castget.nix index 1e0ed5f..27c5f1a 100644 --- a/nixos/machines/chungus/media-castget.nix +++ b/nixos/machines/chungus/media-castget.nix @@ -3,7 +3,7 @@ let home = "/media/podcasts"; in { - custom.services.castget = { + services.castget = { enable = true; user = "media"; feeds = { diff --git a/nixos/machines/chungus/media-share.nix b/nixos/machines/chungus/media-share.nix index fbcdfcf..70139c6 100644 --- a/nixos/machines/chungus/media-share.nix +++ b/nixos/machines/chungus/media-share.nix @@ -6,25 +6,14 @@ # To set password: # nix-shell -p samba --run "smbpasswd -a media" - custom.samba-share.enable = true; - #custom.samba-share.enableWSDD = true; - custom.samba-share.folders = { + samba-share.enable = true; + samba-share.folders = { music = "/media/music"; audio-books = "/media/audio-books"; movies = "/media/movies"; series = "/media/series"; samples = "/media/samples"; }; - #custom.samba-share.private = { - # media = { - # folder = "/media"; - # users = "media"; - # }; - # temp = { - # folder = "/srv/tdarr/transcode_cache"; - # users = "media"; - # }; - #}; users.groups."media".gid = config.ids.gids.transmission; users.users."media" = { diff --git a/nixos/machines/cream/configuration.nix b/nixos/machines/cream/configuration.nix index 80cb85c..572a09d 100644 --- a/nixos/machines/cream/configuration.nix +++ b/nixos/machines/cream/configuration.nix @@ -117,14 +117,6 @@ services.printing.enable = true; - # fonts - # ----- - programs.custom.urxvt.fontSize = 16; - programs.custom.urxvt.fontType = "vector"; - programs.custom.xterm.fontSize = 16; - # todo : add xterm fontType - # programs.custom.xterm.fontType = "vector"; - virtualisation = { docker.enable = true; podman.enable = true; @@ -135,11 +127,7 @@ }; }; - #services.xserver.desktopManager.gnome.enable = true; - #services.xserver.displayManager.lightdm.enable = false; - #services.xserver.displayManager.sddm.enable = true; - - custom.samba-share = { + samba-share = { enable = false; folders = { share = "/home/share"; diff --git a/nixos/machines/dummy/configuration.nix b/nixos/machines/dummy/configuration.nix index 92356f2..a3a70d2 100644 --- a/nixos/machines/dummy/configuration.nix +++ b/nixos/machines/dummy/configuration.nix @@ -18,14 +18,9 @@ networking.hostName = "dummy"; - # font - # ---- - programs.custom.urxvt.fontSize = 17; - programs.custom.xterm.fontSize = 17; - # system.custom.fonts.dpi = 140; - # allow un-free # ------------- + # todo : put this in flake environment.variables.NIXPKGS_ALLOW_UNFREE = "1"; # some system stuff diff --git a/nixos/machines/mobi/configuration.nix b/nixos/machines/mobi/configuration.nix index a365d01..dc63fa0 100644 --- a/nixos/machines/mobi/configuration.nix +++ b/nixos/machines/mobi/configuration.nix @@ -27,12 +27,6 @@ components.gui.enable = true; - # fonts - # ----- - programs.custom.urxvt.fontSize = 16; - programs.custom.urxvt.fontType = "vector"; - programs.custom.xterm.fontSize = 16; - configuration.desktop = { width = 1366; height = 768; diff --git a/nixos/machines/pepe/borg.nix b/nixos/machines/pepe/borg.nix deleted file mode 100644 index 9c6d38e..0000000 --- a/nixos/machines/pepe/borg.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ lib, config, pkgs, ... }: { - - backup.enable = true; - - # provide repository - services.borgbackup.repos = { - default = { - quota = "100G"; - allowSubRepos = true; - authorizedKeys = [ - # todo rename - (lib.fileContents ../../assets/ssh/borg_access.pub) - (lib.fileContents ../../assets/ssh/palo_rsa.pub) - ]; - }; - }; - - # mirror backup folder to /media - systemd.services.borg-mirror-to-media = { - enable = true; - script = '' - ${pkgs.rsync}/bin/rsync -a \ - /var/lib/borgbackup/ \ - /media/borg-backup-mirror \ - --delete-after - ''; - }; - systemd.timers.borg-mirror-to-media = { - enable = true; - timerConfig.OnCalendar = "daily"; - wantedBy = [ "multi-user.target" ]; - }; - -} diff --git a/nixos/machines/pepe/configuration.nix b/nixos/machines/pepe/configuration.nix deleted file mode 100644 index 6d1d18c..0000000 --- a/nixos/machines/pepe/configuration.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, pkgs, lib, ... }: { - - imports = [ - - ../../system/server - ./hardware-configuration.nix - - ./mail-fetcher.nix - ./packages.nix - - #./hass.nix - #./zigbee2mqtt.nix - - #./kodi.nix - ./syncthing.nix - ./tinc.nix - #./wifi-access-point.nix - #./lan.nix - #./dms.nix - ./borg.nix - #./mpd.nix - ./grocy.nix - ./taskwarrior-pushover.nix - #./neo4j.nix - #./jellyfin.nix - #./wireguard.nix - #./tts.nix - - # logging - ./loki.nix - ./loki-promtail.nix - ./prometheus.nix - ./grafana.nix - ./telegraf.nix - - ./home-display.nix - - #./tdarr.nix - - ]; - - sops.defaultSopsFile = ../../secrets/pepe.yaml; - - networking.hostName = "pepe"; - - programs.custom. zsh.enable = true; - users.users.root.shell = pkgs.zsh; - - # todo : rename to component.init.ssh - configuration.init-ssh = { - enable = "enabled"; - kernelModules = [ "e1000e" ]; - }; - - # just enable lan - networking.dhcpcd.allowInterfaces = [ "enp0s25" ]; - - # nix-shell -p speedtest_cli --run speedtest - #configuration.fireqos = { - # enable = false; - # interface = "enp0s25"; - # input = 200000; - # output = 2000; - # balance = false; - #}; - - services.printing.enable = false; - services.smartd.enable = true; - - # todo move to some place else - home-manager.users.mailUser.home.stateVersion = "22.11"; - -} - diff --git a/nixos/machines/pepe/dms.nix b/nixos/machines/pepe/dms.nix deleted file mode 100644 index 7dbb073..0000000 --- a/nixos/machines/pepe/dms.nix +++ /dev/null @@ -1,98 +0,0 @@ -{ lib, pkgs, config, ... }: - -# a very simple dms setup which. -# I have a brother ADS-1600W scanner, which is configured to send all -# PDFs to this machine in /home/ftp-upload/input -# from there the dms.py scans them and makes them searchable. - -let - dms = pkgs.fetchgit { - url = "https://github.com/mrVanDalo/dms.git"; - rev = "2f5c44f017bdfd8abfe908d419ef26bac300f809"; - sha256 = "0dxhk1ah6wwbsxyk4hd32rz7886w7r5gfy16485gjbvky1qsi8gd"; - }; -in -{ - - # setup ftp - services.vsftpd = { - enable = true; - userlist = [ "ftp-upload" ]; - userlistEnable = true; - localUsers = true; - writeEnable = true; - extraConfig = '' - # additional ports for directory list and stuff - pasv_min_port=4242 - pasv_max_port=4243 - ''; - }; - networking.firewall.allowedTCPPortRanges = [ - { - # ftp: additional ports for directory list and stuff - from = 4242; - to = 4243; - } - { - # ftp - from = 20; - to = 21; - } - ]; - - sops.secrets.ftp_password = { }; - - # create user - users.users.ftp-upload = { - passwordFile = config.sops.secrets.ftp_password.path; - isNormalUser = true; - }; - - # create dms service - systemd.services.dms = { - enable = true; - wantedBy = [ "multi-user.target" ]; - path = [ - (pkgs.python3.withPackages (ps: with ps; [ flask ])) - pkgs.imagemagickBig - (pkgs.pdfsandwich.override { imagemagick = pkgs.imagemagickBig; }) - pkgs.poppler_utils - pkgs.which - pkgs.netpbm - pkgs.gawk - pkgs.bash - ]; - serviceConfig = { User = "ftp-upload"; }; - preStart = '' - if [[ ! -L /home/ftp-upload/db/SOURCE_DIR ]] - then - rm -rf /home/ftp-upload/db/SOURCE_DIR - mkdir -p /home/ftp-upload/db - mkdir -p /home/ftp-upload/input - ln -s /home/ftp-upload/input /home/ftp-upload/db/SOURCE_DIR - fi - ''; - script = '' - DMSDATA=/home/ftp-upload/db \ - FLASK_APP=${dms}/dms.py \ - flask run --host 0.0.0.0 \ - "$@" - ''; - }; - - # host nginx setup - services.nginx = { - enable = true; - virtualHosts = { - "dms.pepe.private" = { - serverAliases = - [ "pdf.pepe.private" "docs.pepe.private" "dms.pepe.lan" ]; - locations."/" = { proxyPass = "http://localhost:5000"; }; - }; - }; - }; - - # add documents to backup - backup.dirs = [ "/home/ftp-upload/db" ]; - -} diff --git a/nixos/machines/pepe/grafana.nix b/nixos/machines/pepe/grafana.nix deleted file mode 100644 index f6867ea..0000000 --- a/nixos/machines/pepe/grafana.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, ... }: -{ - - services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { - extraConfig = '' - allow ${config.tinc.private.subnet}; - deny all; - ''; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - proxyWebsockets = true; - }; - }; - - services.grafana = { - enable = true; - settings.server = { - domain = "grafana.pepe.private"; - http_port = 2342; - http_addr = "localhost"; - }; - }; - -} diff --git a/nixos/machines/pepe/grocy.nix b/nixos/machines/pepe/grocy.nix deleted file mode 100644 index df197bb..0000000 --- a/nixos/machines/pepe/grocy.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - #services.grocy = { - # enable = true; - # settings = { - # culture = "de"; - # currency = "EUR"; - # }; - # hostName = "grocy.pepe.private"; - # nginx.enableSSL = false; - #}; - #backup.dirs = [ config.services.grocy.dataDir ]; - - services.grocy-scanner = { - enable = true; - host = "https://grocy.ingolf-wagner.de"; - device = "/dev/input/by-id/usb-Belon.cn_2.4G_Wireless_Device_Belon_Smart-event-kbd"; - apiKeyFile = config.sops.secrets.grocyApiKey.path; - }; - - sops.secrets.grocyApiKey = { }; - -} diff --git a/nixos/machines/pepe/hardware-configuration.nix b/nixos/machines/pepe/hardware-configuration.nix deleted file mode 100644 index f4dfdcc..0000000 --- a/nixos/machines/pepe/hardware-configuration.nix +++ /dev/null @@ -1,88 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ modulesPath, config, lib, pkgs, ... }: - -{ - imports = [ - "${modulesPath}/installer/scan/not-detected.nix" - - ( - let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61"; - in { - fileSystems."/media" = { - device = "/dev/disk/by-uuid/${mediaUUID}"; - fsType = "ext4"; - options = [ - "nofail" - "noauto" - #"x-systemd.device-timeout=1ms" - ]; - }; - systemd.mounts = [{ - enable = true; - options = "nofail,noauto"; - type = "ext4"; - wantedBy = [ "multi-user.target" ]; - what = "/dev/disk/by-uuid/${mediaUUID}"; - where = "/media"; - }]; - } - ) - ]; - - boot.initrd.availableKernelModules = - [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - boot.loader.grub = { - enable = true; - version = 2; - device = "/dev/sda"; - }; - - zramSwap = { - enable = true; - numDevices = 2; - swapDevices = 1; - memoryPercent = 50; - }; - - fileSystems."/share" = { - #device = "/dev/ram1"; - device = "none"; - fsType = "tmpfs"; - }; - - nix.settings.max-jobs = lib.mkDefault 2; - - # lvm volume group - # ---------------- - boot.initrd.luks.devices = { - "secure_vg" = { - device = "/dev/sda2"; - preLVM = true; - }; - }; - - # NTFS support - # ------------ - environment.systemPackages = [ pkgs.ntfs3g ]; - - # root - # ---- - fileSystems."/" = { - options = [ "noatime" "nodiratime" "discard" ]; - device = "/dev/secure_vg/root"; - fsType = "ext4"; - }; - - # boot - # ---- - fileSystems."/boot" = { - device = "/dev/sda1"; - fsType = "ext4"; - }; - -} diff --git a/nixos/machines/pepe/hass.nix b/nixos/machines/pepe/hass.nix deleted file mode 100644 index df28c65..0000000 --- a/nixos/machines/pepe/hass.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - virtualisation.oci-containers = { - backend = "podman"; - containers.homeassistant = { - volumes = [ "/var/lib/home-assistant:/config" ]; - environment.TZ = "Europe/Berlin"; - image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated - extraOptions = [ "--network=host" ]; - }; - }; - - backup.dirs = [ "/var/lib/home-assistant" ]; - - networking.firewall.allowedTCPPorts = [ 8123 ]; - networking.firewall.allowedUDPPorts = [ 8123 ]; - -} diff --git a/nixos/machines/pepe/home-display.nix b/nixos/machines/pepe/home-display.nix deleted file mode 100644 index 9985686..0000000 --- a/nixos/machines/pepe/home-display.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ lib, pkgs, config, assets, ... }: -{ - - networking.firewall.allowedTCPPorts = [ 80 ]; - networking.firewall.allowedUDPPorts = [ 80 ]; - - services.nginx.virtualHosts."${config.networking.hostName}.private" = { - locations."= /home-status.html".alias = "/srv/home-status/index.html"; - }; - - systemd.services.home-status-refresh = { - enable = true; - script = - let - mustache = "${pkgs.mustache-go}/bin/mustache"; - jq = "${pkgs.jq}/bin/jq"; - index_html_template = refreshSeconds: pkgs.writeText "index_html.template" '' - - - {{ date }} - - ''; - in - - '' - ${jq} --raw-input '.' <(date +"%Y-%m-%d %H:%M";echo "hallo") \ - | ${jq} --slurp '{ date : .[0], test : .[1] }' \ - | ${mustache} ${index_html_template 60} > /srv/home-status/index.html - ''; - }; - - systemd.timers.home-status-refresh = { - enable = true; - # man systemd.time - timerConfig.OnCalendar = "minutely"; - wantedBy = [ "multi-user.target" ]; - }; - -} - diff --git a/nixos/machines/pepe/jellyfin.nix b/nixos/machines/pepe/jellyfin.nix deleted file mode 100644 index cad704f..0000000 --- a/nixos/machines/pepe/jellyfin.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.jellyfin.enable = true; - services.jellyfin.openFirewall = true; - users.groups."syncthing".members = [ "jellyfin" ]; - hardware.opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - }; -} diff --git a/nixos/machines/pepe/kodi.nix b/nixos/machines/pepe/kodi.nix deleted file mode 100644 index b2e0181..0000000 --- a/nixos/machines/pepe/kodi.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ config, lib, pkgs, ... }: { - - services.xserver = { - enable = false; - autorun = false; - videoDrivers = [ "intel" ]; - #deviceSection = '' - # Option "DRI" "2" - # Option "TearFree" "true" - #''; - desktopManager = { - kodi.enable = true; - default = "kodi"; - xterm.enable = false; - }; - displayManager = { - sddm = { - enable = true; - autoLogin = { - enable = true; - relogin = true; - user = config.users.users.kodi.name; - }; - }; - }; - }; - - users = { - # mutableUsers = true; - users.kodi = { - isNormalUser = true; - name = "kodi"; - uid = 1338; - initialPassword = lib.fileContents ; - }; - }; - - # allow everybody in the net to access the wifi - networking.firewall = { - allowedTCPPorts = [ 8080 ]; - allowedUDPPorts = [ 8080 ]; - }; - -} diff --git a/nixos/machines/pepe/lan.nix b/nixos/machines/pepe/lan.nix deleted file mode 100644 index bb3d529..0000000 --- a/nixos/machines/pepe/lan.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ lib, pkgs, ... }: -let - - interface = "enp0s25"; - ipAddress = "10.1.0.2"; - prefixLength = 24; - -in -{ - - networking.extraHosts = '' - 10.1.0.1 workout.lan - 10.1.0.2 pepe.lan - ''; - - # todo only open needed ports - networking.firewall.trustedInterfaces = [ interface ]; - - networking.networkmanager.unmanaged = [ interface ]; - networking.dhcpcd.denyInterfaces = [ interface ]; - - networking.interfaces."${interface}".ipv4.addresses = [{ - address = ipAddress; - prefixLength = prefixLength; - }]; - -} diff --git a/nixos/machines/pepe/loki-promtail.nix b/nixos/machines/pepe/loki-promtail.nix deleted file mode 100644 index 1c64287..0000000 --- a/nixos/machines/pepe/loki-promtail.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, ... }: -{ - services.promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 28183; - grpc_listen_port = 0; - }; - positions.filename = "/tmp/positions.yaml"; - clients = [ - { url = "http://127.0.0.1:3100/loki/api/v1/push"; } - ]; - - scrape_configs = [ - { - job_name = "journal"; - journal = { - max_age = "12h"; - labels = { - job = "systemd-journal"; - host = config.networking.hostName; - }; - }; - relabel_configs = [ - { - source_labels = [ "__journal__systemd_unit" ]; - target_label = "unit"; - } - { - source_labels = [ "__journal__transport" ]; - target_label = "transport"; - } - ]; - } - ]; - - }; - - }; -} diff --git a/nixos/machines/pepe/loki.nix b/nixos/machines/pepe/loki.nix deleted file mode 100644 index c0eba2c..0000000 --- a/nixos/machines/pepe/loki.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, pkgs, ... }: -{ - - services.loki = { - enable = true; - configuration = { - server = { - http_listen_port = 3100; - log_level = "warn"; - }; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - max_transfer_retries = 0; - }; - - schema_config = { - configs = [{ - from = "2022-06-06"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - }]; - }; - - storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; - cache_ttl = "24h"; - shared_store = "filesystem"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - - chunk_store_config = { - max_look_back_period = "0s"; - }; - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - shared_store = "filesystem"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - # user, group, dataDir, extraFlags, (configFile) - }; - - #services.nginx = { - # enable = true; - # virtualHosts.loki = { - # serverName = "loki.pepe.private"; - # locations."/" = { - # proxyWebsockets = true; - # proxyPass = "http://127.0.0.1:3100"; - # #extraConfig = '' - # # access_log off; - # # allow ${config.tinc.private.subnet}; - # # deny all; - # #''; - # }; - # }; - #}; - -} diff --git a/nixos/machines/pepe/mail-fetcher.nix b/nixos/machines/pepe/mail-fetcher.nix deleted file mode 100644 index 61942ef..0000000 --- a/nixos/machines/pepe/mail-fetcher.nix +++ /dev/null @@ -1,696 +0,0 @@ -# fetches mails for me -{ lib, pkgs, config, ... }: -let - junk_filter = [ - "from:booking.com" - "subject:Gewinn" - "from:brompton.com" - "from:circleci.com" - "from:audio-overlay@googlegroups.com OR to:audio-overlay@googlegroups.com" - "from:codepen.io" - "from:congstarnews.de" - "from:cronullasurfingacademy.com" - "from:cryptohopper.com" - "from:digitalo.de" - "from:facebook.com OR from:facebookmail.com" - "from:fitnessfirst.de" - "from:flixbus.de" - "from:getdigital.de" - "from:getpocket.com" - "from:ghostinspector.com" - "from:globetrotter.de" - "from:hackster.io" - "from:hostelworld.com" - "from:immobilienscout24.de" - "from:kvraudio.com" - "from:letterboxd.com" - "from:linkedin.com" - "from:magix.net" - "from:mailings.gmx.net" - "from:mailings.web.de" - "from:matrix.org" - "from:menospese.com" - "from:microsoftstoreemail.com" - "from:mixcloudmail.com AND subject:Weekly Update" - "from:oknotify2.com AND NOT subject:New message" - "from:paulaschoice.com" - "from:puppet.com" - "from:runtastic.com" - "from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com" - "from:ticketmaster.de" - "from:trade4less.de" - "from:tumblr.com" - "from:turners.co.nz" - "from:twitch.tv" - "from:vstbuzz.com" - ]; - filters = [ - { - query = "from:hosting.de"; - tags = [ "+billing" ]; - } - { - query = "from:hv-geelen.de"; - tags = [ "+wohnung" ]; - } - { - query = "from:computerfutures.com OR from:computerfutures.de"; - tags = [ "+jobs" "-inbox" ]; - } - { - query = "from:seek.com.au or from:seek.co.nz"; - tags = [ "+jobs" ]; - } - { - query = "from:xing.com"; - tags = [ "+jobs" "-inbox" ]; - } - { - query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com"; - tags = [ "+sononym" "-inbox" ]; - } - { - query = "from:ebay.com OR from:ebay.de OR from:ebay.net"; - tags = [ "+ebay" "+shop" "+billing" ]; - } - { - query = "from:bahn.de"; - tags = [ "+billing" "+bahn" ]; - } - { - query = - "from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com"; - tags = [ "+mia" "+work" "-unread" "-inbox" ]; - } - { - query = - "from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/"; - tags = [ "+spaceleft" "+space-left" ]; - } - { - query = "from:landr.com"; - tags = [ "+landr" "+music" ]; - } - { - query = "tag:landr and tag:billing"; - tags = [ "+billing" ]; - } - { - query = "from:oknotify2.com"; - tags = [ "+okcupid" ]; - } - { - query = "from:taxback.de OR to:taxback.de"; - tags = [ "+steuer" ]; - } - { - query = "from:campact.de"; - tags = [ "+campact" "+politics" ]; - } - { - query = "from:aliexpress.com"; - tags = [ "+shop" "+aliexpress" ]; - } - { - query = "from:congstar.de"; - tags = [ "+billing" "+congstar" "-inbox" "-unread" ]; - } - { - query = - "from:steampowered.com AND NOT ( subject:purchase OR subject:received )"; - tags = [ "-inbox" "-unread" ]; - } - { - query = - "from:steampowered.com AND ( subject:purchase OR subject:received )"; - tags = [ "+billing" "+steam" ]; - } - { - query = "from:gog.com AND NOT subject:Bestellung"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:gog.com AND subject:Bestellung"; - tags = [ "+billing" "+gog" ]; - } - { - query = "from:stadtmobil.de"; - tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ]; - } - { - query = "from:drive-now.com"; - tags = [ "+billing" "+drivenow" "-inbox" "-unread" ]; - } - { - query = "from:data-treuhand.de"; - tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ]; - } - { - query = "from:immocation.de"; - tags = [ "+immobilien" "-inbox" ]; - } - { - query = "from:tinc-vpn.org"; - tags = [ "+tinc" ]; - } - { - query = "from:mindfactory.de"; - tags = [ "+shop" "+billing" ]; - } - { - query = "from:zalando.de"; - tags = [ "+shop" "+billing" "+zalando" ]; - } - { - query = "from:ing.de"; - tags = [ "+bank" "+ingdiba" ]; - } - { - query = "from:nab.com.au"; - tags = [ "+bank" "+nab" "-inbox" "-unread" ]; - } - { - query = "from:dkb.de"; - tags = [ "+bank" "+dkb" ]; - } - { - query = "from:o2online.de"; - tags = [ "+billing" "+o2" ]; - } - { - query = "from:betfair.com"; - tags = [ "+work" "+betfair" ]; - } - { - query = "from:notifications@github.com"; - tags = [ "+github" ]; - } - { - query = "to:NUR@noreply.github.com"; - tags = [ "+nur" "+nixos" "+list" ]; - } - { - query = "to:nixpkgs@noreply.github.com"; - tags = [ "+nixpkgs" "+nixos" "+list" ]; - } - { - query = "from:travis-ci.org AND subject:mrVanDalo/navi"; - tags = [ "+development" "+navi" ]; - } - { - query = "from:travis-ci.org AND subject:nur-packages"; - tags = [ "+development" "+nixos" "+nur-packages" ]; - } - { - query = "from:travis-ci.org AND subject:csv-to-qif"; - tags = [ "+development" "+csv-to-qif" ]; - } - { - query = "to:proaudio@lists.tuxfamily.org"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:nixos1@discoursemail.com"; - tags = [ "+nixos" "+discourse" "+list" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Development"; - tags = [ "+nixos" "+discourse" "+development" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Français"; - tags = [ "+nixos" "+discourse" "-inbox" "-unread" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Announcements"; - tags = [ "+nixos" "+discourse" "+announcements" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Links"; - tags = [ "+nixos" "+discourse" "+links" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Games"; - tags = [ "+nixos" "+discourse" "+games" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Meta"; - tags = [ "+nixos" "+discourse" "+meta" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Events"; - tags = [ "+nixos" "+discourse" "+events" ]; - } - { - query = "from:limebike.com AND (subject:Funds OR subject:Receipt)"; - tags = [ "-inbox" "-unread" "+billing" "+limebike" ]; - } - { - query = "from:freemusicarchive.org"; - tags = [ "+FMA" ]; - } - { - query = "from:namecheap.com and subject:auto-renewal"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "from:namecheap.com and subject:order"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "tag:namecheap.com and tag:billing and body:gaykraft.com"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "from:nintendo.com"; - tags = [ "+nintendo" "+billing" ]; - } - { - query = "from:oculus.com AND subject:receipt"; - tags = [ "+oculus" "+billing" ]; - } - { - query = "from:car2go.com"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:sixt.de"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:meetup.com"; - tags = [ "-inbox" "-unread" "+meetup" ]; - } - { - query = "from:slack.com"; - tags = [ "+slack" ]; - } - { - query = "from:keybase.io"; - tags = [ "+keybase" ]; - } - { - query = "from:jobs2web.com"; - tags = [ "+newzealand" "+jobs" "-inbox" ]; - } - { - query = "from:paypal.de AND subject:Bestätigung"; - tags = [ "-unread" "+paypal" "+billing" ]; - } - { - query = "to:c-base.org"; - tags = [ "+cbase" "+list" ]; - } - { - query = "to:c-base.org AND subject=[auto-report]"; - tags = [ "-unread" "-inbox" ]; - } - { - query = "from:browserstack.com"; - tags = [ "+browserstack" ]; - } - { - query = - "to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com"; - tags = [ "+renoise" ]; - } - { - query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com"; - tags = [ "+shop" "+amazon" "+billing" ]; - } - { - query = "from:hetzner.com OR from:hetzner.de"; - tags = [ "+hetzner" ]; - } - { - query = "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )"; - tags = [ "-inbox" "-unread" "+junk" "+renoise" ]; - } - { - query = "tag:hetzner and subject:Invoice"; - tags = [ "+billing" ]; - } - # final rules to make imap sync stuff easier - # there can only be one output folder tag, and theses rules are prioritized - { - query = "tag:fraud"; - tags = [ "-inbox" "-archive" "-junk" "-unread" ]; - message = "clean up tag fraud"; - } - { - query = "tag:junk"; - tags = [ "-inbox" "-archive" "-fraud" "-unread" ]; - message = "clean up tag junk"; - } - { - query = "tag:archive"; - tags = [ "-inbox" "-junk" "-fraud" "-unread" ]; - message = "clean up tag archive"; - } - { - query = "tag:inbox"; - tags = [ "-archive" "-junk" "-fraud" ]; - message = "clean up inbox"; - } - { - query = "tag:killed"; - tags = [ "-inbox" "-unread" ]; - message = "clean up tag killed"; - } - { - query = "tag:muted"; - tags = [ "-inbox" "-unread" ]; - } - # remove new tag at the end - { - query = "tag:new"; - tags = [ "-new" ]; - message = "remove new tag at the end"; - } - ]; - - notmuchTagging = - let - - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}" - ''; - in - '' - echo '${command}' - ${command} - ''; - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - - in - pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - - notmuchTaggingNew = - let - - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${ - lib.concatStringsSep " " tags - } -- "${query} AND tag:new" - ''; - in - '' - echo '${command}' - ${command} - ''; - - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - in - pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - -in -{ - - backup.dirs = [ "/home/mailfetcher" ]; - - users.users.mailUser = { - isNormalUser = true; - description = "collects mails for me"; - hashedPassword = "!"; - name = "mailfetcher"; - home = "/home/mailfetcher"; - openssh.authorizedKeys.keyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles; - group = "mailfetcher"; - }; - - users.groups.mailUser = { - name = "mailfetcher"; - }; - - sops.secrets.mail_ingolf_wagner_de = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_terranix = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmail = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmx_palo = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmx_ingolf = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_web = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_siteground = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - - environment.systemPackages = [ pkgs.muchsync ]; - - # configure accounts - home-manager.users.mailUser.accounts.email = { - accounts = { - - palo_van_dalo-gmx = { - primary = false; - address = "palo_van_dalo@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo_van_dalo@gmx.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmx_palo.path }"; - imap = { - host = "imap.gmx.net"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - ingolf-wagner-gmx = { - primary = false; - address = "ingolf.wagner@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "ingolf.wagner@gmx.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmx_ingolf.path }"; - imap = { - host = "imap.gmx.net"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - pali_palo = { - primary = false; - address = "pali_palo@web.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "pali_palo@web.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_web.path }"; - imap = { - host = "imap.web.de"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - gmail = { - # for google accounts you have to allow 'less secure apps' in accounts.google.com - primary = true; - address = "palipalo9@googlemail.com"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palipalo9@googlemail.com"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmail.path }"; - imap = { - host = "imap.gmail.com"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - #terranix_org = { - # primary = false; - # address = "palo@terranix.org"; - # aliases = [ ]; - # realName = "Ingolf Wagner"; - # userName = "palo@terranix.org"; - # passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }"; - # imap = { - # host = "mail.privateemail.com"; - # tls.enable = true; - # port = 993; - # }; - # # make sure the upstream mail is deleted - # getmail = { - # enable = true; - # delete = true; - # readAll = false; - # mailboxes = [ "ALL" ]; - # }; - # notmuch.enable = true; - #}; - - # new - #ingolf-wagner-de-new = { - # primary = false; - # address = "contact@ingolf-wagner.de"; - # aliases = [ ]; - # realName = "Ingolf Wagner"; - # userName = "contact@ingolf-wagner.de"; - # passwordCommand = - # "cat ${toString config.sops.secrets.mail_ingolf_wagner_de.path}"; - # imap = { - # host = "mail.privateemail.com"; - # tls.enable = true; - # port = 993; - # }; - # # make sure the upstream mail is deleted - # getmail = { - # enable = true; - # delete = true; - # readAll = false; - # mailboxes = [ "ALL" ]; - # }; - # notmuch.enable = true; - #}; - - # deprecated - ingolf-wagner-de = { - primary = false; - address = "contact@ingolf-wagner.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "contact@ingolf-wagner.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_siteground.path }"; - imap = { - host = "securees5.sgcpanel.com"; - port = 993; - tls.enable = true; - #tls.useStartTls = true; - }; - # make sure the upstream mail is deleted - getmail = { - enable = true; - delete = true; - readAll = false; - mailboxes = [ "ALL" ]; - }; - notmuch.enable = true; - }; - - }; - }; - - # configure mbsync - home-manager.users.mailUser.programs.mbsync.enable = true; - - # re-tag everything once a day - systemd.services.retagmail = { - enable = true; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = "${notmuchTagging}"; - }; - systemd.timers.retagmail = { - enable = true; - timerConfig = { - OnCalendar = "daily"; - Persistent = "true"; - }; - wantedBy = [ "multi-user.target" ]; - }; - - # fetch mails every 10 minutes - systemd.services.fetchmail = - let - threadTag = tag: '' - echo "tag threads with ${tag}" - ${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag}) - ''; - in - { - enable = true; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = '' - echo "run mbsync" - ${pkgs.isync}/bin/mbsync \ - --all - echo "run getmail" - ${pkgs.getmail6}/bin/getmail \ - --quiet \ - --rcfile getmailingolf-wagner-de \ - --rcfile getmailingolf-wagner-de-new \ - --rcfile getmailterranix_org - - echo "run notmuch" - ${pkgs.notmuch}/bin/notmuch new - ${notmuchTaggingNew} - ${threadTag "muted"} - ''; - }; - systemd.timers.fetchmail = { - enable = false; - # timerConfig.OnCalendar = " *-*-* *:00:00"; - timerConfig.OnCalendar = "*:0/10"; - wantedBy = [ "multi-user.target" ]; - }; - - # configure notmuch - home-manager.users.mailUser.programs.notmuch = { - enable = true; - new.tags = [ "unread" "inbox" "new" ]; - }; - -} diff --git a/nixos/machines/pepe/mpd.nix b/nixos/machines/pepe/mpd.nix deleted file mode 100644 index ff9622d..0000000 --- a/nixos/machines/pepe/mpd.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - services.mpd = { - enable = true; - network.listenAddress = "any"; - musicDirectory = "/media/syncthing/music-library"; - playlistDirectory = "/media/syncthing/music-library/playlists"; - }; - - users.groups."syncthing".members = [ "mpd" ]; - - sound.enable = true; - - networking.firewall.allowedTCPPorts = [ - 6680 # mopidy - 6600 # mpd - 1234 # zeroconf - ]; - - users.users."spotifyd" = { - isSystemUser = true; - group = "spotifyd"; - }; - users.groups.spotifyd = { }; - - sops.secrets.spotify_pass.owner = "spotifyd"; - sops.secrets.spotify_user.owner = "spotifyd"; - - services.spotifyd.enable = true; - services.spotifyd.settings = { - global = { - - username_cmd = "cat ${config.sops.secrets.spotify_user.path}"; - password_cmd = "cat ${config.sops.secrets.spotify_pass.path}"; - backend = "alsa"; # use portaudio for macOS [homebrew] - - # The alsa mixer used by `spotifyd`. - mixer = "PCM"; - - # A script that gets evaluated in the user's shell when the song changes [aliases: onevent] - on-song-change-hook = "${pkgs.mpc_cli}/bin/mpc --host localhost --port 6600 stop"; - - # The volume controller. Each one behaves different to - # volume increases. For possible values, run - # `spotifyd --help`. - volume_controller = "alsa"; - - # The name that gets displayed under the connect tab on - # official clients. Spaces are not allowed! - device_name = "DJane"; - - # The audio bitrate. 96, 160 or 320 kbit/s - bitrate = 320; - - # If set to true, audio data does NOT get cached. - no_audio_cache = true; - - # Volume on startup between 0 and 100 - # NOTE: This variable's type will change in v0.4, to a number (instead of string) - initial_volume = "90"; - - # If set to true, enables volume normalisation between songs. - volume_normalisation = false; - - # The normalisation pregain that is applied for each song. - # normalisation_pregain = -10 - - # The port `spotifyd` uses to announce its service over the network. - zeroconf_port = 1234; - - # The displayed device type in Spotify clients. - # Can be unknown, computer, tablet, smartphone, speaker, t_v, - # a_v_r (Audio/Video Receiver), s_t_b (Set-Top Box), and audio_dongle. - device_type = "computer"; - - }; - }; -} diff --git a/nixos/machines/pepe/mqtt.nix b/nixos/machines/pepe/mqtt.nix deleted file mode 100644 index 97e3848..0000000 --- a/nixos/machines/pepe/mqtt.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, ... }: { - - services.mosquitto = { - enable = true; - listeners = [{ - acl = [ "pattern readwrite #" ]; - omitPasswordAuth = true; - settings.allow_anonymous = true; - }]; - }; - - networking.firewall.allowedTCPPorts = [ 1883 ]; - -} diff --git a/nixos/machines/pepe/packages.nix b/nixos/machines/pepe/packages.nix deleted file mode 100644 index 8160cc1..0000000 --- a/nixos/machines/pepe/packages.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - environment.systemPackages = [ - pkgs.mediainfo - pkgs.youtube-dl - ]; -} diff --git a/nixos/machines/pepe/prometheus.nix b/nixos/machines/pepe/prometheus.nix deleted file mode 100644 index 8134d25..0000000 --- a/nixos/machines/pepe/prometheus.nix +++ /dev/null @@ -1,132 +0,0 @@ -{ config, pkgs, lib, ... }: { - - sops.secrets.hass_long_term_token.owner = "prometheus"; - - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "prometheus.pepe.private" = { - extraConfig = '' - allow ${config.tinc.private.subnet}; - deny all; - ''; - locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; }; - }; - }; - }; - - services.prometheus = { - checkConfig = "syntax-only"; - enable = true; - # keep data for 30 days - extraFlags = [ "--storage.tsdb.retention.time=30d" ]; - - ruleFiles = [ - (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { - groups = [ - { - name = "core"; - rules = [ - { - alert = "InstanceDown"; - expr = "up == 0"; - for = "5m"; - labels.severity = "page"; - annotations = { - summary = "Instance {{ $labels.instance }} down"; - description = "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes."; - }; - } - ]; - } - { - name = "home-assistant"; - rules = [ - { - record = "home_open_window_sum"; - expr = ''sum( homeassistant_binary_sensor_state{entity=~"binary_sensor\\.window_02_contact|binary_sensor\\.window_03_contact|binary_sensor\\.window_04_contact|binary_sensor\\.window_05_contact|binary_sensor\\.window_06_contact|binary_sensor\\.window_07_contact"} )''; - } - ] ++ (map - (number: - { - record = "home_at_least_n_windows_open"; - expr = ''home_open_window_sum >= bool ${toString number}''; - labels.n = number; - }) [ 1 2 3 ]); - } - ]; - })) - ]; - - - - - #alertmanager = { - # enable = true; - # configuration = { - #}; - #}; - - exporters = { - systemd.enable = true; - node = { - enable = true; - enabledCollectors = [ "systemd" ]; - port = 9002; - }; - }; - - scrapeConfigs = [ - { - job_name = "netdata"; - metrics_path = "/api/v1/allmetrics"; - params.format = [ "prometheus" ]; - scrape_interval = "5s"; - static_configs = [ - { - targets = [ "localhost:19999" ]; - labels = { - service = "netdata"; - server = "pepe"; - }; - } - ]; - } - { - job_name = "systemd"; - static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.systemd.port}" ]; - labels = { - service = "systemd-exporter"; - server = "pepe"; - }; - }]; - } - { - job_name = "node"; - static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; - labels = { - service = "node-exporter"; - server = "pepe"; - }; - }]; - } - { - # see https://www.home-assistant.io/integrations/prometheus/ - job_name = "home-assistant"; - scrape_interval = "60s"; - metrics_path = "/api/prometheus"; - bearer_token_file = toString config.sops.secrets.hass_long_term_token.path; - static_configs = [{ - targets = [ "localhost:8123" ]; - labels = { - service = "hass"; - server = "pepe"; - }; - }]; - } - ]; - }; -} diff --git a/nixos/machines/pepe/syncthing.nix b/nixos/machines/pepe/syncthing.nix deleted file mode 100644 index 80f08b4..0000000 --- a/nixos/machines/pepe/syncthing.nix +++ /dev/null @@ -1,127 +0,0 @@ -{ config, pkgs, lib, ... }: { - - users.groups."syncthing".members = [ "mpd" "syncthing" "upload" ]; - - custom.samba-share = { - enable = true; - #folders = { - # #media = config.services.syncthing.folders.media.path; - # media = "/media/syncthing/media"; - #}; - private = { - media = { - folder = "/media/syncthing/media"; - users = "upload"; - }; - #upload = { - # folder = "/media/upload"; - # users = "upload"; - #}; - }; - }; - - users.users.upload = { - isNormalUser = true; - group = "upload"; - }; - - users.groups.upload = { }; - - sops.secrets.syncthing_cert = { }; - sops.secrets.syncthing_key = { }; - - services.syncthing = { - enable = true; - openDefaultPorts = true; - cert = toString config.sops.secrets.syncthing_cert.path; - key = toString config.sops.secrets.syncthing_key.path; - - overrideFolders = true; - folders = { - - # on encrypted drive - # ------------------ - private = { - enable = true; - path = "/home/syncthing/private"; - }; - art = { - enable = true; - path = "/home/syncthing/art"; - }; - password-store = { - enable = true; - path = "/home/syncthing/password-store"; - }; - desktop = { - enable = true; - path = "/home/syncthing/desktop"; - }; - finance = { - enable = true; - path = "/home/syncthing/finance"; - }; - fotos = { - enable = true; - path = "/home/syncthing/fotos"; - }; - - # no need to be encrypted - # ----------------------- - books = { - enable = true; - path = "/media/syncthing/books"; - rescanInterval = 40 * 24 * 3600; - }; - lost-fotos = { - enable = true; - path = "/media/syncthing/lost-fotos.ct"; - rescanInterval = 5 * 31 * 24 * 3600; - }; - #media = { - # enable = true; - # path = "/media/syncthing/media"; - # rescanInterval = 30 * 24 * 3600; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "3"; - # }; - #}; - music-projects = { - enable = true; - path = "/media/syncthing/music-projects"; - rescanInterval = 8 * 3600; - }; - nextcloud_backup = { - enable = true; - path = "/media/syncthing/nextcloud_backup"; - rescanInterval = 8 * 3600; - }; - }; - }; - - services.permown."/home/syncthing" = { - owner = "syncthing"; - group = "syncthing"; - }; - services.permown."/media/syncthing" = { - owner = "syncthing"; - group = "syncthing"; - directory-mode = "770"; - file-mode = "660"; - }; - systemd.services."permown._media_syncthing" = { - bindsTo = [ "media.mount" ]; - after = [ "media.mount" ]; - }; - systemd.services."syncthing" = { - bindsTo = [ "media.mount" ]; - after = [ "media.mount" ]; - }; - - backup.dirs = [ - config.services.syncthing.folders.finance.path - ]; - -} diff --git a/nixos/machines/pepe/taskwarrior-pushover.nix b/nixos/machines/pepe/taskwarrior-pushover.nix deleted file mode 100644 index 9706244..0000000 --- a/nixos/machines/pepe/taskwarrior-pushover.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - sops.secrets.autotagTaskwarriorCa = { - owner = "taskwarrior-autotag"; - key = "taskwarriorCa"; - }; - sops.secrets.autotagTaskwarriorCertificate = { - owner = "taskwarrior-autotag"; - key = "taskwarriorCertificate"; - }; - sops.secrets.autotagTaskwarriorKey = { - owner = "taskwarrior-autotag"; - key = "taskwarriorKey"; - }; - - services.taskwarrior-autotag = { - enable = true; - recurrence = "off"; - onCalendar = "hourly"; - server = "taskd.ingolf-wagner.de:53589"; - caFile = config.sops.secrets.autotagTaskwarriorCa.path; - certificateFile = config.sops.secrets.autotagTaskwarriorCertificate.path; - keyFile = config.sops.secrets.autotagTaskwarriorKey.path; - credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd"; - }; - -} diff --git a/nixos/machines/pepe/tdarr.nix b/nixos/machines/pepe/tdarr.nix deleted file mode 100644 index 69ec908..0000000 --- a/nixos/machines/pepe/tdarr.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - users.users.tdarr = { - isNormalUser = true; - group = "syncthing"; - }; - - backup.dirs = [ - "/srv/tdarr/server" - "/srv/tdarr/configs" - "/srv/tdarr/logs" - ]; - - # https://docs.tdarr.io/docs/installation/docker/run-compose - virtualisation.oci-containers = { - backend = "podman"; - containers.tdarr = { - volumes = [ - "/srv/tdarr/server:/app/server" - "/srv/tdarr/configs:/app/configs" - "/srv/tdarr/logs:/app/logs" - "/srv/tdarr/transcode_cache:/temp" - "/media/syncthing/media:/media" - ]; - environment = { - serverIP = "0.0.0.0"; - serverPort = "8266"; - webUIPort = "8265"; - internalNode = "false"; - inContainer = "true"; - nodeName = "ServerNode"; - TZ = "Europe/London"; - PGID = "237"; - }; - ports = [ - "8265:8265" # WebUI - "8266:8266" # server port - ]; - image = "ghcr.io/haveagitgat/tdarr:latest"; # Warning: if the tag does not change, the image will not be updated - extraOptions = [ "--network=bridge" ]; - }; - }; - - networking.firewall.allowedTCPPorts = [ 8266 ]; - networking.firewall.allowedUDPPorts = [ 8266 ]; - - services.nginx.virtualHosts."tdarr.pepe.private" = { - serverAliases = [ "tdarr.pepe" ]; - extraConfig = '' - allow ${config.tinc.private.subnet}; - deny all; - ''; - locations."/" = { - proxyPass = "http://localhost:8265"; - proxyWebsockets = true; - }; - }; - -} diff --git a/nixos/machines/pepe/telegraf.nix b/nixos/machines/pepe/telegraf.nix deleted file mode 100644 index 5e65cd9..0000000 --- a/nixos/machines/pepe/telegraf.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ pkgs, ... }: -let - urls = [ - { url = "https://bitwarden.ingolf-wagner.de"; path = ""; } - { url = "https://flix.ingolf-wagner.de"; path = "web/index.html"; } - { url = "https://git.ingolf-wagner.de"; path = ""; } - { url = "https://ingolf-wagner.de"; path = ""; } - { url = "https://nextcloud.ingolf-wagner.de"; path = "login"; } - { url = "https://tech.ingolf-wagner.de"; path = ""; } - ]; - -in -{ - systemd.services.telegraf.path = [ pkgs.inetutils ]; - - services.telegraf = { - enable = true; - extraConfig = { - outputs.prometheus_client = { - listen = ":9273"; - metric_version = 2; - }; - # https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins - inputs = { - cpu = { }; - diskio = { }; - x509_cert = [{ - sources = (map (url: "${url.url}:443") urls); - interval = "30m"; # agent.interval = "10s" is default - }]; - http_response = - let fullUrls = map ({ url, path }: "${url}/${path}") urls; - in [{ urls = fullUrls; }]; - processes = { }; - systemd_units = { }; - internet_speed.interval = "50m"; - nginx.urls = [ "http://localhost/nginx_status" ]; - ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make pepe visible over wireguard - }; - }; - }; - - services.prometheus.scrapeConfigs = [ - { - # see https://www.home-assistant.io/integrations/prometheus/ - job_name = "telgraf"; - metrics_path = "/metrics"; - static_configs = [{ - targets = [ "localhost:9273" ]; - labels = { - service = "telegraf"; - server = "pepe"; - }; - }]; - } - ]; - - services.prometheus.ruleFiles = [ - (pkgs.writeText "telegraf.yml" (builtins.toJSON { - groups = [ - { - name = "telegraf"; - rules = [ - { - alert = "HttpResponseNotOk"; - expr = "0 * (http_response_http_response_code != 200) + 1"; - for = "5m"; - labels.severity = "page"; - annotations = { - summary = "{{ $labels.exported_server }} does not return Ok"; - description = "{{ $labels.exported_server }} does not return Ok for more than 5 minutes"; - }; - } - { - alert = "CertificatExpires"; - expr = ''x509_cert_expiry{issuer_common_name="R3"} < ${toString (60 * 60 * 24 * 5)}''; - for = "1d"; - labels.severity = "page"; - annotations = { - summary = "{{ $labels.san }} does Expire Soon"; - description = "{{ $labels.san }} does expire in less than 5 days"; - }; - } - ]; - } - ]; - })) - ]; - - - - -} diff --git a/nixos/machines/pepe/tinc.nix b/nixos/machines/pepe/tinc.nix deleted file mode 100644 index 4ff71fd..0000000 --- a/nixos/machines/pepe/tinc.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - - tinc.private.enable = true; - tinc.private.ipv4 = "10.23.42.26"; - -} diff --git a/nixos/machines/pepe/tts.nix b/nixos/machines/pepe/tts.nix deleted file mode 100644 index b3fe2d2..0000000 --- a/nixos/machines/pepe/tts.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs -, config -, ... -}: { - systemd.services.tts = { - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.espeak ]; - environment.HOME = "/var/lib/tts"; - serviceConfig = { - StateDirectory = "tts"; - DynamicUser = true; - User = "tts"; - Group = "tts"; - ExecStart = '' - ${pkgs.tts}/bin/tts-server --model_name tts_models/en/ljspeech/vits --port 5004 - ''; - }; - }; - - services.nginx = { - recommendedProxySettings = true; - enable = true; - virtualHosts."tts.pepe.private" = { - locations."/".proxyPass = "http://localhost:5004"; - }; - }; -} diff --git a/nixos/machines/pepe/wifi-access-point.nix b/nixos/machines/pepe/wifi-access-point.nix deleted file mode 100644 index b7e5cd4..0000000 --- a/nixos/machines/pepe/wifi-access-point.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ lib, pkgs, ... }: - -let - # you find this device using `ifconfig -a` or `ip link` - wifi = "wlp0s26u1u2"; - #wifi = "wlp3s0-ifb"; - ipAddress = "10.23.45.1"; - prefixLength = 24; - servedAddressRange = "10.23.45.2,10.23.45.150,12h"; - ssid = "palosiot"; - wifiPassword = lib.fileContents ; - -in -{ - - # todo only open needed ports - networking.firewall.trustedInterfaces = [ wifi ]; - - networking.networkmanager.unmanaged = [ wifi ]; - networking.dhcpcd.denyInterfaces = [ wifi ]; - - networking.interfaces."${wifi}".ipv4.addresses = [{ - address = ipAddress; - prefixLength = prefixLength; - }]; - - systemd.services.hostapd = { - description = "hostapd wireless AP"; - path = [ pkgs.hostapd ]; - wantedBy = [ "network.target" ]; - - after = [ - "${wifi}-cfg.service" - "nat.service" - "bind.service" - "dhcpd.service" - "sys-subsystem-net-devices-${wifi}.device" - ]; - - serviceConfig = { - ExecStart = "${pkgs.hostapd}/bin/hostapd ${ - pkgs.writeText "hostapd.conf" '' - interface=${wifi} - hw_mode=g - channel=10 - ieee80211d=1 - country_code=DE - ieee80211n=1 - wmm_enabled=1 - - ssid=${ssid} - auth_algs=1 - wpa=2 - wpa_key_mgmt=WPA-PSK - rsn_pairwise=CCMP - wpa_passphrase=${wifiPassword} - '' - }"; - Restart = "always"; - }; - }; - - services.dnsmasq = { - enable = true; - extraConfig = '' - # Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to - # localhost and udp port 67 to world: - interface=${wifi} - - # Explicitly specify the address to listen on - listen-address=${ipAddress} - - # Dynamic range of IPs to make available to LAN PC and the lease time. - # Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records. - dhcp-range=${servedAddressRange} - ''; - }; - -} diff --git a/nixos/machines/pepe/wireguard.nix b/nixos/machines/pepe/wireguard.nix deleted file mode 100644 index 982f8ec..0000000 --- a/nixos/machines/pepe/wireguard.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, config, ... }: -{ - networking.firewall.trustedInterfaces = [ "wg0" ]; - networking.firewall.allowedUDPPorts = [ 51820 ]; - sops.secrets.wireguard_private = { }; - - - # Enable WireGuard - networking.wg-quick.interfaces = { - # Hub and Spoke Setup - # https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/ - wg0 = { - address = [ "10.100.0.2/32" ]; - listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers) - privateKeyFile = config.sops.secrets.wireguard_private.path; - mtu = 1280; - - # server - peers = [ - { - # robi - publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU="; - allowedIPs = [ "10.100.0.1/24" ]; - endpoint = "ingolf-wagner.de:51820"; - persistentKeepalive = 25; - } - ]; - }; - }; -} diff --git a/nixos/machines/pepe/zigbee2mqtt.nix b/nixos/machines/pepe/zigbee2mqtt.nix deleted file mode 100644 index d368e06..0000000 --- a/nixos/machines/pepe/zigbee2mqtt.nix +++ /dev/null @@ -1,64 +0,0 @@ -{ pkgs, lib, config, private_assets, ... }: - -{ - imports = [ ./mqtt.nix ]; - - services.zigbee2mqtt = { - enable = true; - #package = pkgs.unstable.zigbee2mqtt.overrideAttrs (old: rec { - # version = "1.18.1"; - # src = pkgs.fetchFromGitHub { - # owner = "Koenkk"; - # repo = "zigbee2mqtt"; - # rev = version; - # sha256 = "1x73k346ayik5hv5axa3nvmd82mgwyrpxqv3dxnffi8aa1r8pf8x"; - # }; - #}); - settings = { - - # Home Assistant integration (MQTT discovery) - homeassistant = true; - - # allow new devices to join - permit_join = false; - - # MQTT settings - mqtt = { - # MQTT base topic for zigbee2mqtt MQTT messages - base_topic = "zigbee2mqtt"; - # MQTT server URL - server = "mqtt://127.0.0.1:1883"; - # MQTT server authentication, uncomment if required: - user = "zigbee"; - password = lib.fileContents "${private_assets}/zigbee/home-assistant-password"; - }; - - # Serial settings - serial = { - #port = "/dev/ttyACM0"; - port = "/dev/ttyUSB0"; - # disable LED of CC2531 USB sniffer - #disable_led = true; - }; - - # you own network key, - # 16 numbers between 0 and 255 - # see https://www.zigbee2mqtt.io/how_tos/how_to_secure_network.html - advanced = { - network_key = import "${private_assets}/zigbee/networkKey.nix"; - log_output = [ "console" ]; - log_level = "warn"; - pan_id = 1337; - # add last seen information - last_seen = "ISO_8601_local"; - }; - - # configure web ui - frontend.port = 9666; - frontend.host = "0.0.0.0"; - experimental.new_api = true; - - }; - }; - -} diff --git a/nixos/machines/sternchen/configuration.nix b/nixos/machines/sternchen/configuration.nix index 6b11437..93a49a2 100644 --- a/nixos/machines/sternchen/configuration.nix +++ b/nixos/machines/sternchen/configuration.nix @@ -24,12 +24,13 @@ components.network.enable = true; components.network.wifi.enable = true; components.mainUser.enable = true; + users.users.mainUser.extraGroups = [ "adbusers" "video" ]; home-manager.users.mainUser.home.git-pull.enable = false; users.users.mainUser.name = lib.mkForce "tina"; users.users.mainUser.home = lib.mkForce "/home/tina"; - #system.custom.wifi.interfaces = [ "wlp3s0" ]; + services.browser.enable = false; security.wrappers = { pmount = { @@ -54,12 +55,6 @@ #system.custom.suspend.enable = false; services.printing.enable = false; - # fonts - # ----- - programs.custom.urxvt.fontSize = 12; - programs.custom.xterm.fontSize = 12; - # system.custom.fonts.dpi = 100; - # for congress and streaming hardware.opengl = { enable = true; @@ -83,7 +78,7 @@ # stuff # ----- - custom.samba-share = { + samba-share = { enable = false; folders = { share = "/home/share"; diff --git a/nixos/machines/sternchen/packages.nix b/nixos/machines/sternchen/packages.nix index c026fed..3524ae1 100644 --- a/nixos/machines/sternchen/packages.nix +++ b/nixos/machines/sternchen/packages.nix @@ -1,9 +1,5 @@ { config, lib, pkgs, ... }: { - # overlay included - #nixpkgs.overlays = [ (import ) ]; - - programs.custom.browser.enable = false; environment.systemPackages = with pkgs; [ spotify @@ -48,7 +44,7 @@ gwenview skanlite - unstable.tor-browser-bundle-bin + #unstable.tor-browser-bundle-bin #(tor-browser-bundle-bin.overrideAttrs (old: rec { # version = "11.0.1"; # name = "tor-browser-bundle-${version}"; diff --git a/nixos/machines/sterni/configuration.nix b/nixos/machines/sterni/configuration.nix index f49b6d2..da9026f 100644 --- a/nixos/machines/sterni/configuration.nix +++ b/nixos/machines/sterni/configuration.nix @@ -48,13 +48,9 @@ }; }; + # still needed? home-manager.users.mainUser.home.stateVersion = "22.11"; - # fonts - # ----- - programs.custom.urxvt.fontSize = 12; - programs.custom.xterm.fontSize = 12; - virtualisation = { docker.enable = true; podman.enable = true; @@ -68,7 +64,7 @@ services.xserver.desktopManager.gnome.enable = true; - custom.samba-share = { + samba-share = { enable = false; folders = { share = "/home/share"; @@ -76,18 +72,9 @@ }; }; - # enable this to use sidequest - # programs.adb.enable = false; - # for congress and streaming hardware.opengl = { enable = true; - # extraPackages = [ - # intel-media-driver # LIBVA_DRIVER_NAME=iHD - # vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - # vaapiVdpau - # libvdpau-va-gl - # ]; driSupport = true; driSupport32Bit = true; }; diff --git a/nixos/modules/programs/browser.nix b/nixos/modules/browser.nix similarity index 99% rename from nixos/modules/programs/browser.nix rename to nixos/modules/browser.nix index cc6b524..d306e49 100644 --- a/nixos/modules/programs/browser.nix +++ b/nixos/modules/browser.nix @@ -6,7 +6,7 @@ with lib; let - cfg = config.programs.custom.browser; + cfg = config.services.browser; chromiumBin = "${pkgs.chromium}/bin/chromium"; chromeBin = "${pkgs.google-chrome}/bin/google-chrome-stable"; @@ -195,7 +195,7 @@ let in { - options.programs.custom.browser = { + options.services.browser = { enable = mkEnableOption "enable browsers"; # todo : it's not a list configList = mkOption { diff --git a/nixos/modules/services/castget.nix b/nixos/modules/castget.nix similarity index 94% rename from nixos/modules/services/castget.nix rename to nixos/modules/castget.nix index fbe67ed..f2061f1 100644 --- a/nixos/modules/services/castget.nix +++ b/nixos/modules/castget.nix @@ -2,12 +2,12 @@ with lib; with types; let - cfg = config.custom.services.castget; + cfg = config.services.castget; in { - options.custom.services.castget = { - enable = mkEnableOption "enable custom.services.castget"; + options.services.castget = { + enable = mkEnableOption "enable services.castget"; feeds = mkOption { type = attrsOf (submodule { options = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 2a2506e..3de097a 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,38 +1,11 @@ { imports = [ - - ./services/light-control.nix - - ./services/castget.nix - ./services/rbackup.nix - #./services/home-assistant.nix - #./services/lektor.nix - ./services/samba-share.nix - #./services/videoencoder.nix - ./services/taskwarrior-pushover.nix - ./services/taskwarrior-autotag.nix - - ./programs/browser.nix - #./programs/citate.nix - ./programs/curl-scripts.nix - #./programs/easytag.nix - #./programs/elm.nix - #./programs/espeak.nix - #./programs/ffmpeg.nix - #./programs/slack.nix - ./programs/steam.nix - #./programs/taskwarrior.nix - ./programs/urxvt.nix - #./programs/video.nix - #./programs/vim.nix - ./programs/xterm.nix - - #./system/audio.nix - #./system/bluetooth.nix - #./system/font.nix - #./system/mainUser.nix - ./system/on-failure.nix - + ./castget.nix + ./rbackup.nix + ./samba-share.nix + ./taskwarrior-pushover.nix + ./taskwarrior-autotag.nix + ./browser.nix ]; } diff --git a/nixos/modules/programs/citate.nix b/nixos/modules/programs/citate.nix deleted file mode 100644 index c46cc60..0000000 --- a/nixos/modules/programs/citate.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.programs.custom.citate; - - library = import ../../library { inherit pkgs lib; }; - - xdotool = "${pkgs.xdotool}/bin/xdotool"; - dmenu = "${pkgs.dmenu}/bin/dmenu"; - - citateScript = file: suffix: - pkgs.writeShellScriptBin "citate-${suffix}" '' - ${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )" - ''; - - scriptAxel = citateScript (toString ../../assets/sprueche-axel) "axel"; - scriptSiw = citateScript (toString ../../assets/sprueche-siw) "siw"; - -in -{ - - options.programs.custom.citate = { - enable = mkEnableOption "enable programs.custom.citate"; - }; - - config = mkIf cfg.enable { - environment.systemPackages = [ - scriptAxel - (library.desktopFile scriptAxel { - longName = "Citate Axel"; - command = "citate-axel"; - }) - scriptSiw - (library.desktopFile scriptSiw { - longName = "Citate Sinnlos im Weltall"; - command = "citate-siw"; - }) - ]; - }; -} diff --git a/nixos/modules/programs/curl-scripts.nix b/nixos/modules/programs/curl-scripts.nix deleted file mode 100644 index 9453cfd..0000000 --- a/nixos/modules/programs/curl-scripts.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - - weatherScript = pkgs.writeShellScriptBin "weather" '' - ${pkgs.curl}/bin/curl wttr.in/Berlin - ''; - - qrCodeScript = pkgs.writeShellScriptBin "qrCode" '' - ${pkgs.qrencode}/bin/qrencode -t ANSI -o - "$@" - ''; - - cheatSheetScript = pkgs.writeShellScriptBin "cheatsheet" '' - ${pkgs.curl}/bin/curl "cheat.sh/$1" - ''; - - cfg = config.programs.custom.curlScripts; - -in -{ - - options.programs.custom.curlScripts.enable = - mkEnableOption "enable curl scripts"; - - config = mkIf cfg.enable { - environment.systemPackages = - [ weatherScript qrCodeScript cheatSheetScript pkgs.qrencode ]; - }; -} - diff --git a/nixos/modules/programs/espeak.nix b/nixos/modules/programs/espeak.nix deleted file mode 100644 index 3e2de46..0000000 --- a/nixos/modules/programs/espeak.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - - espeak = pkgs.unstable.espeak; - - # can't use bash aliases because programms will not pic it up - en_espeak = pkgs.writeShellScriptBin "en-speak" '' - exec ${espeak}/bin/espeak \ - -v en\ - -s 145 \ - -p 23 \ - "$@" - ''; - - # read from copyq - en_read = pkgs.writeShellScriptBin "en-read" '' - exec ${pkgs.copyq}/bin/copyq read 0 | ${en_espeak}/bin/en-speak - ''; - - # can't use bash aliases because programms will not pic it up - de_espeak = pkgs.writeShellScriptBin "de-speak" '' - exec ${espeak}/bin/espeak \ - -v de\ - -s 143 \ - -p 20 \ - "$@" - ''; - - # read from copyq - de_read = pkgs.writeShellScriptBin "de-read" '' - exec ${pkgs.copyq}/bin/copyq read 0 | ${de_espeak}/bin/de-speak - ''; - - cfg = config.programs.custom.espeak; - -in -{ - - options.programs.custom.espeak.enable = - mkEnableOption "enable espeak scripts"; - - config = mkIf cfg.enable { - - environment.systemPackages = [ espeak en_espeak en_read de_espeak de_read ]; - - }; -} - diff --git a/nixos/modules/programs/steam.nix b/nixos/modules/programs/steam.nix deleted file mode 100644 index d5cc9ad..0000000 --- a/nixos/modules/programs/steam.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -# steam -# ------- -# Don't forget to run 'xhost +' with your user -# to make sure the browser user can write to X -let - - bin = pkgs.writeShellScriptBin "steam" '' - /var/run/wrappers/bin/sudo -u steam -i ${pkgs.steam}/bin/steam $@ - ''; - - cfg = config.programs.custom.steam; - -in -{ - - options.programs.custom.steam.enable = mkEnableOption "enable steam"; - - config = mkIf cfg.enable { - - environment.systemPackages = [ - bin - pkgs.xorg.xhost - # to use xbox controllers - pkgs.xboxdrv - ]; - - users.users.steam = { - isNormalUser = false; - isSystemUser = true; - home = "/home/steam"; - createHome = true; - extraGroups = [ "audio" "input" "video" "pipewire" ]; - group = "steam"; - shell = pkgs.bashInteractive; - }; - users.groups.steam = { }; - - # for steam - # --------- - hardware.opengl.driSupport = true; - hardware.opengl.driSupport32Bit = true; - - security.sudo.extraConfig = '' - ${config.users.extraUsers.mainUser.name} ALL=(steam) NOPASSWD: ALL - ''; - - }; -} - diff --git a/nixos/modules/programs/urxvt.nix b/nixos/modules/programs/urxvt.nix deleted file mode 100644 index c793f26..0000000 --- a/nixos/modules/programs/urxvt.nix +++ /dev/null @@ -1,204 +0,0 @@ -{ config, pkgs, lib, ... }: - -# find all URXVT parameters with -# urxvt --help 2>&1| sed -n '/: /s/^ */! URxvt*/gp' | les - -with lib; -let - cfg = config.programs.custom.urxvt; -in -{ - - options.programs.custom.urxvt = { - - enable = mkEnableOption "configure and enable urxvt"; - - fontType = mkOption { - type = types.enum [ "bitmap" "vector" ]; - default = "bitmap"; - }; - - fontSize = mkOption { - type = types.int; - default = 17; - description = '' - size of the terminal font - ''; - }; - - colorTheme = mkOption { - type = types.enum [ "dark" "light" ]; - default = "dark"; - description = '' - solarized color theme - ''; - }; - - }; - - config = mkIf cfg.enable { - - environment.systemPackages = [ pkgs.rxvt_unicode ]; - - environment.etc = { - - "X11/Xresource.d/urxvt".source = pkgs.writeText "Xresource-urxvt" '' - !! Perl extensions - !! --------------- - URxvt.perl-ext-common: default,matcher,selection-to-clipboard - - ! Urgency - URxvt.urgentOnBell: true - - !! Highlight URLs - !! -------------- - URxvt.url-launcher: /run/current-system/sw/bin/browser-select - URxvt.matcher.button: 1 - - !! History - !! ------- - URxvt.scrollStyle: rxvt - URxvt.scrollBar: false - URxvt.saveLines: 1000000 - - !! Color Configuration - !! ------------------- - - !! do not graded out unselected shells - !! ----------------------------------- - URxvt.fading: 0 - - !! copy on select - !! -------------- - URxvt.clipboard.autocopy: true - ''; - - "X11/Xresource.d/urxvt-font".source = - let - - bitmapPart = - let - # use xfontsel or fontmatrix to choose line - fontFamily = "terminus"; - normalFont = fontSize: - "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - boldFont = fontSize: - "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - italicFont = normalFont; - itallicBoldFont = boldFont; - in - '' - URxvt.font: ${normalFont cfg.fontSize} - URxvt.boldFont: ${boldFont cfg.fontSize} - URxvt.italicFont: ${italicFont cfg.fontSize} - URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize} - ''; - - - vectorPart = - let - # show available fonts = `fc-list` - backupFont = fontSize: style: - #"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; - "xft:JetBrains Mono:pixelsize=${toString fontSize}${optionalString (style != null) ",style:${style}"}"; - in - '' - URxvt.font: ${backupFont cfg.fontSize null} - URxvt.boldFont: ${backupFont cfg.fontSize "Bold"} - URxvt.italicFont: ${backupFont cfg.fontSize "Italic"} - URxvt.bolditalicFont: ${backupFont cfg.fontSize "Bold Italic"} - ''; - in - pkgs.writeText "Xresource-urxvt-font" '' - - URxvt.allow_bold: true - URxvt.xftAntialias: true - - ${optionalString (cfg.fontType == "bitmap") bitmapPart} - ${optionalString (cfg.fontType == "vector") vectorPart} - ''; - - "X11/Xresource.d/urxvt-colors".source = - let - colorTheme = - if (cfg.colorTheme == "dark") then '' - #define S_base03 #002b36 - #define S_base02 #073642 - #define S_base01 #586e75 - #define S_base00 #657b83 - #define S_base0 #839496 - #define S_base1 #93a1a1 - #define S_base2 #eee8d5 - #define S_base3 #fdf6e3 - '' else '' - #define S_base03 #fdf6e3 - #define S_base02 #eee8d5 - #define S_base01 #93a1a1 - #define S_base00 #839496 - #define S_base0 #657b83 - #define S_base1 #586e75 - #define S_base2 #073642 - #define S_base3 #002b36 - ''; - - in - pkgs.writeText "Xresource-urxvt-colors" '' - - !! Common - !! ------ - #define S_yellow #b58900 - #define S_orange #cb4b16 - #define S_red #dc322f - #define S_magenta #d33682 - #define S_violet #6c71c4 - #define S_blue #268bd2 - #define S_cyan #2aa198 - #define S_green #859900 - - !! ColorTheme - !! ---------- - ${colorTheme} - - URxvt*background: S_base03 - URxvt*foreground: S_base0 - URxvt*fading: 40 - URxvt*fadeColor: S_base03 - URxvt*cursorColor: S_base1 - URxvt*pointerColorBackground: S_base01 - URxvt*pointerColorForeground: S_base1 - - URxvt*color0: S_base02 - URxvt*color1: S_red - URxvt*color2: S_green - URxvt*color3: S_yellow - URxvt*color4: S_blue - URxvt*color5: S_magenta - URxvt*color6: S_cyan - URxvt*color7: S_base2 - URxvt*color9: S_orange - URxvt*color8: S_base03 - URxvt*color10: S_base01 - URxvt*color11: S_base00 - URxvt*color12: S_base0 - URxvt*color13: S_violet - URxvt*color14: S_base1 - URxvt*color15: S_base3 - - !! fix tasksh gray6 : https://github.com/GothenburgBitFactory/libshared/blob/f1a3cd6bfabfb083fe3c26f580a15c0d60a92ee9/src/Color.cpp#L179 - URxvt*color232: S_base03 - URxvt*color233: S_base03 - URxvt*color234: S_base03 - URxvt*color235: S_base03 - URxvt*color236: S_base03 - URxvt*color237: S_base03 - URxvt*color238: S_base03 - URxvt*color239: S_base03 - URxvt*color240: S_base03 - URxvt*color241: S_base03 - URxvt*color242: S_base03 - ''; - - }; - }; -} - diff --git a/nixos/modules/programs/video.nix b/nixos/modules/programs/video.nix deleted file mode 100644 index fda7bd8..0000000 --- a/nixos/modules/programs/video.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - - # Lassulus streaming setup - # ------------------------- - # ffmpeg \ - # -f pulse \ - # -i default \ - # -vaapi_device /dev/dri/renderD128 \ - # -f x11grab \ - # -video_size 1366x768 \ - # -i :0 \ - # -vf 'hwupload,scale_vaapi=format=nv12' \ - # -c:v h264_vaapi \ - # -c:a aac \ - # -b:a 96k \ - # -af "highpass=f=200, lowpass=f=3000" \ - # -qp 30 \ - # -f flv \ - # rtmp://lassul.us:1935/stream/nixos \ - # ./rc3-output-$(date +%d%H%M%S).mp4 - # - # Dann abspielen mit : - # mpv rtmp://lassul.us:1935/stream/nixos - - cfg = config.programs.custom.video; - - # show keyboard input on desktop for screencasts - screenKey = pkgs.symlinkJoin { - name = "screen-keys"; - paths = - let - screenKeyScript = { position ? "bottom", size ? "small", ... }: - pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh - '' - ${pkgs.screenkey}/bin/screenkey \ - --no-detach \ - --bg-color '#fdf6e3' \ - --font-color '#073642' \ - -p ${position} \ - -s ${size} \ - "$@" - ''; - in - lib.flatten (lib.flip map [ "large" "small" "medium" ] (size: - lib.flip map [ "top" "center" "bottom" ] - (position: screenKeyScript { inherit size position; }))); - }; - - - mpvReview = - let - moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' - tmp_dir = "${dir}" - - function move_current_track_${key}() - track = mp.get_property("path") - os.execute("mkdir -p '" .. tmp_dir .. "'") - os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'") - print("moved '" .. track .. "' to " .. tmp_dir) - end - - mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key}) - ''; - delete = moveToDir "D" "./.graveyard"; - good = moveToDir "G" "./.good"; - in - pkgs.writers.writeDashBin "mpv-review" '' - exec ${pkgs.mpv}/bin/mpv --no-config --script=${delete} --script=${good} "$@" - ''; - - -in -{ - - options.programs.custom.video.enable = mkEnableOption "enable video tools"; - - config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - unstable.youtube-dl - unstable.yt-dlp - mplayer - mpv - mpvReview - - - # to record your screen - # --------------------- - simplescreenrecorder - screenKey - - # to transcode video material - # --------------------------- - handbrake - ffmpeg-full - - # video editing - # ------------- - openshot-qt - - ]; - }; -} - diff --git a/nixos/modules/programs/xterm.nix b/nixos/modules/programs/xterm.nix deleted file mode 100644 index 8904c1b..0000000 --- a/nixos/modules/programs/xterm.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; - -let - - cfg = config.programs.custom.xterm; - -in -{ - - options.programs.custom.xterm = { - enable = mkEnableOption "configure and enable urxvt"; - fontSize = mkOption { - type = types.int; - default = 17; - description = '' - size of the terminal font - ''; - }; - colorTheme = mkOption { - type = types.enum [ "dark" "light" ]; - default = "dark"; - description = '' - solarized color theme - ''; - }; - }; - - config = mkIf cfg.enable { - - environment.systemPackages = [ pkgs.xterm ]; - - environment.etc = { - - "X11/Xresource.d/xterm".source = pkgs.writeText "Xresource-xterm" '' - - XTerm*termName: xterm-256color - XTerm*selectToClipboard: true - - XTerm.*.bellIsUrgent: true - - ''; - - "X11/Xresource.d/xterm-font".source = - let - fontFamily = "terminus"; - normalFont = fontSize: - "-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - boldFont = fontSize: - "-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*"; - italicFont = normalFont; - itallicBoldFont = boldFont; - backupFont = fontSize: - "xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}"; - in - pkgs.writeText "Xresource-xterm-font" '' - - XTerm.allow_bold: true - XTerm.xftAntialias: true - - !! use xfontsel or fontmatrix to choose line - !XTerm.*.font: ${normalFont cfg.fontSize},${ - backupFont cfg.fontSize - } - !XTerm.*.boldFont: ${boldFont cfg.fontSize},${ - backupFont cfg.fontSize - } - !XTerm.*.italicFont: ${italicFont cfg.fontSize},${ - backupFont cfg.fontSize - } - !XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize},${ - backupFont cfg.fontSize - } - - XTerm.*.font: ${normalFont cfg.fontSize} - XTerm.*.boldFont: ${boldFont cfg.fontSize} - XTerm.*.italicFont: ${italicFont cfg.fontSize} - XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize} - ''; - - "X11/Xresource.d/xterm-colors".source = - let - colorTheme = - if (cfg.colorTheme == "dark") then '' - #define S_base03 #002b36 - #define S_base02 #073642 - #define S_base01 #586e75 - #define S_base00 #657b83 - #define S_base0 #839496 - #define S_base1 #93a1a1 - #define S_base2 #eee8d5 - #define S_base3 #fdf6e3 - - '' else '' - #define S_base03 #fdf6e3 - #define S_base02 #eee8d5 - #define S_base01 #93a1a1 - #define S_base00 #839496 - #define S_base0 #657b83 - #define S_base1 #586e75 - #define S_base2 #073642 - #define S_base3 #002b36 - ''; - - in - pkgs.writeText "Xresource-xterm-colors" '' - - !! Color Configuration - !! ------------------- - - !! Common - !! ------ - #define S_yellow #b58900 - #define S_orange #cb4b16 - #define S_red #dc322f - #define S_magenta #d33682 - #define S_violet #6c71c4 - #define S_blue #268bd2 - #define S_cyan #2aa198 - #define S_green #859900 - - !! ColorTheme - !! ---------- - ${colorTheme} - - XTerm*background: S_base03 - XTerm*foreground: S_base0 - XTerm*fading: 40 - XTerm*fadeColor: S_base03 - XTerm*cursorColor: S_base1 - XTerm*pointerColorBackground: S_base01 - XTerm*pointerColorForeground: S_base1 - - XTerm*color0: S_base02 - XTerm*color1: S_red - XTerm*color2: S_green - XTerm*color3: S_yellow - XTerm*color4: S_blue - XTerm*color5: S_magenta - XTerm*color6: S_cyan - XTerm*color7: S_base2 - XTerm*color9: S_orange - XTerm*color8: S_base03 - XTerm*color10: S_base01 - XTerm*color11: S_base00 - XTerm*color12: S_base0 - XTerm*color13: S_violet - XTerm*color14: S_base1 - XTerm*color15: S_base3 - ''; - - }; - - }; -} - diff --git a/nixos/modules/services/rbackup.nix b/nixos/modules/rbackup.nix similarity index 100% rename from nixos/modules/services/rbackup.nix rename to nixos/modules/rbackup.nix diff --git a/nixos/modules/services/samba-share.nix b/nixos/modules/samba-share.nix similarity index 95% rename from nixos/modules/services/samba-share.nix rename to nixos/modules/samba-share.nix index 8d61ab6..d9f7615 100644 --- a/nixos/modules/services/samba-share.nix +++ b/nixos/modules/samba-share.nix @@ -3,13 +3,13 @@ with lib; with types; let - cfg = config.custom.samba-share; + cfg = config.samba-share; in { - options.custom.samba-share = { + options.samba-share = { openPorts = mkEnableOption "open samba ports everywher"; - enable = mkEnableOption "enable custom.samba-share"; + enable = mkEnableOption "enable samba-share"; enableWSDD = mkEnableOption "enable services.samba-wsdd.enable"; guestUser = mkOption { default = "media"; diff --git a/nixos/modules/services/home-assistant.nix b/nixos/modules/services/home-assistant.nix deleted file mode 100644 index 8f1631b..0000000 --- a/nixos/modules/services/home-assistant.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.homeAssistantConfig; - - mkMagicMergeOption = { description ? "", example ? { }, default ? { }, ... }: - mkOption { - inherit example description default; - type = with lib.types; - let - valueType = nullOr - (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = ""; - emptyValue.value = { }; - }; - in - valueType; - }; - -in -{ - - options.services.homeAssistantConfig = mkMagicMergeOption { - description = '' - home-assistant configuration - ''; - }; - - config = mkIf (cfg != null) { services.home-assistant.config = cfg; }; -} diff --git a/nixos/modules/services/lektor.nix b/nixos/modules/services/lektor.nix deleted file mode 100644 index 8655451..0000000 --- a/nixos/modules/services/lektor.nix +++ /dev/null @@ -1,183 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.lektor; - -in -{ - - options.services.lektor = { - enable = mkEnableOption "enable services.lektor"; - user = mkOption { - default = "lektor"; - type = with types; str; - description = '' - name of the lektor service - ''; - }; - home = mkOption { - default = "/home/${cfg.user}"; - type = with types; str; - description = '' - home of the service - ''; - }; - repository = mkOption { - type = with types; str; - description = '' - Repository to get the lektor project from. - ''; - example = "git@github.com:lektor/lektor-website.git"; - }; - bind = mkOption { - default = "0.0.0.0"; - type = with types; str; - description = '' - Host to bind the lektor service to. - ''; - }; - serviceName = mkOption { - default = "lektor"; - type = with types; str; - description = '' - name of the system service (without the .service suffix) - ''; - }; - port = mkOption { - default = 5000; - type = with types; int; - description = '' - Port to bind the lektor service to. - ''; - }; - additionalScript = mkOption { - default = null; - type = with types; nullOr path; - description = '' - A script you can us as a hook before the lektor server start - (for example to creat your css or javascript files) - ''; - example = pkgs.writeShellScript "build" '' - ${pkgs.nix}/bin/nix-shell --run build"; - ''; - }; - #sshMatchBlocks = mkOption { - # default = []; - # type = with types; listOf attrs; - # description = '' - # a matchBlock from home-manager.users..programs.ssh.matchBlocks; - # ''; - #}; - host = mkOption { - type = with types; str; - description = '' - ssh host to pull from and push to - ''; - }; - sshKey = mkOption { - type = with types; str; - description = '' - todo : avoid this, or make sure the home folder is crypted - Warning the key will be copied into the home folder of the user - ssh key to use - ''; - }; - }; - - config = mkIf cfg.enable { - - # create User - users.users."${cfg.user}" = { - home = cfg.home; - createHome = true; - isSystemUser = true; - }; - - # create systemd service to start service - systemd.services."${cfg.serviceName}" = { - enable = true; - wantedBy = [ "multi-user.target" ]; - - environment.NIX_PATH = config.environment.variables.NIX_PATH; - serviceConfig = { - User = cfg.user; - # todo : this is not working properly - TimeoutStartSec = - "infinity"; # it might take some time will this thing is up - - ExecStartPre = - let - - sshKeyTarget = "/run/keys.lektor/id_rsa"; - - sshConfig = pkgs.writeText "sshconfig" '' - Host ${cfg.host} - IdentityFile ${sshKeyTarget} - - Host * - ForwardAgent no - Compression no - ServerAliveInterval 0 - HashKnownHosts no - UserKnownHostsFile ~/.ssh/known_hosts - ControlMaster no - ControlPath ~/.ssh/master-%r@%n:%p - ControlPersist no - ''; - - sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh - '' - set -x - - # setup ~/.ssh - mkdir -p ${cfg.home}/.ssh - chown ${cfg.user} ${cfg.home}/.ssh - chmod 700 ${cfg.home}/.ssh - - cp ${sshConfig} ${cfg.home}/.ssh/config - chown ${cfg.user} ${cfg.home}/.ssh/config - chmod 500 ${cfg.home}/.ssh/config - - mkdir -p ${dirOf sshKeyTarget} - chmod 700 ${dirOf sshKeyTarget} - chown ${cfg.user} ${dirOf sshKeyTarget} - cp ${toString cfg.sshKey} ${sshKeyTarget} - chown ${cfg.user} ${sshKeyTarget} - chmod 500 ${sshKeyTarget} - ''; - - cloneScript = pkgs.writers.writeDash "clone" # sh - '' - set -x - if [[ `ls ~/${cfg.user} | wc -l` == 0 ]] - then - rm ~/${cfg.user} - fi - ${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user} - ''; - - in - [ "+${sshKeyScript}" "-${cloneScript}" ]; - }; - - # todo : add restart ruling - - script = # sh - '' - cd ~/${cfg.user} && \ - ${pkgs.git}/bin/git pull && \ - ${ - optionalString (cfg.additionalScript != null) - "${cfg.additionalScript} &&" - } \ - ${pkgs.python36Packages.lektor}/bin/lektor server \ - --host ${cfg.bind} \ - --port ${toString cfg.port} - ''; - }; - }; -} - diff --git a/nixos/modules/services/light-control.nix b/nixos/modules/services/light-control.nix deleted file mode 100644 index ae80a93..0000000 --- a/nixos/modules/services/light-control.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.services.mqtt.light-control; - - mkMagicMergeOption = { description ? "", example ? { }, default ? { }, ... }: - mkOption { - inherit example description default; - type = with lib.types; - let - valueType = nullOr - (oneOf [ - bool - int - float - str - (attrsOf valueType) - (listOf valueType) - ]) // { - description = ""; - emptyValue.value = { }; - }; - in - valueType; - }; - - lightControlConfig = - pkgs.writeText "light-control.json" (builtins.toJSON cfg.config); - -in -{ - - options.services.mqtt.light-control = { - enable = mkEnableOption "enable mqtt.light-control"; - loglevel = mkOption { - default = "info"; - type = with types; enum [ "info" "trace" "debug" "error" "warning" ]; - }; - config = - mkMagicMergeOption { description = "configuration of light-control"; }; - }; - - config = mkIf cfg.enable { - systemd.services."light-control" = { - wantedBy = [ "multi-user.target" ]; - environment = { RUST_LOG = "light_control=${cfg.loglevel}"; }; - script = '' - ${pkgs.light-control}/bin/light-control ${lightControlConfig} - ''; - }; - }; -} diff --git a/nixos/modules/services/videoencoder.nix b/nixos/modules/services/videoencoder.nix deleted file mode 100644 index acf4d15..0000000 --- a/nixos/modules/services/videoencoder.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.service.videoencoder; - - # todo : escape output and input File - createEncoder = tmpFolder: inputFile: outputFile: # sh - '' - mkdir -p ${tmpFolder} - rm -rf ${tmpFolder}/* - TMP_FILE=`mktemp --dry-run ${tmpFolder}/XXXXXXXX.${cfg.format}` - - if [ ! -f "${outputFile}" ] - then - ${pkgs.ffmpeg}/bin/ffmpeg \ - -i "${inputFile}" \ - -filter:v scale=h='min(720\,ih)':w='min(1280\,iw)' \ - -vcodec libx264 \ - -preset veryslow \ - -profile:v ${cfg.profile} \ - ${optionalString (cfg.tune != null) "-tune ${cfg.tune}"} \ - -acodec aac \ - "$TMP_FILE" \ - -hide_banner \ - && cp $TMP_FILE "${outputFile}.${cfg.format}" \ - && rm $TMP_FILE - fi - ''; - -in -{ - - options.service.videoencoder = { - enable = mkEnableOption "enable service.videoencoder"; - - profile = mkOption { - type = with types; string; - default = "main"; - description = '' - -profile:v - ''; - }; - - tune = mkOption { - type = with types; - nullOr (enum [ "film" "animation" "grain" "stillimage" ]); - default = null; - description = '' - -tune - ''; - }; - - format = mkOption { - type = with types; enum [ "mp4" "mkv" ]; - default = "mp4"; - description = '' - the format - ''; - }; - - fileConfig = mkOption { - type = with types; - listOf (submodule { - options = { - inputFile = mkOption { - # todo make this path - type = with types; string; - description = '' - full path to the inputFile - ''; - }; - outputFile = mkOption { - type = with types; string; - description = '' - full path to the ouputFile - folder must exist - ''; - }; - }; - }); - description = '' - list of files to encode. - ''; - }; - }; - - config = mkIf cfg.enable { - - systemd.services."videoEncoding" = { - wantedBy = [ "multi-user.target" ]; - enable = true; - script = - let - myList = map - (value: - createEncoder "/tmp/videoencoder" value.inputFile value.outputFile) - cfg.fileConfig; - in - '' - set -x - ${concatStringsSep "\n" myList} - ''; - - }; - - }; - -} diff --git a/nixos/modules/system/audio.nix b/nixos/modules/system/audio.nix deleted file mode 100644 index 72a68c4..0000000 --- a/nixos/modules/system/audio.nix +++ /dev/null @@ -1,160 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa"; - - jackScript = - pkgs.writeShellScriptBin "jack" (lib.fileContents ../../assets/jack.sh); - - queueElement = { - options = { - plugin = mkOption { - type = with types; str; - description = "file name without suffix of the plugin"; - }; - label = mkOption { - type = with types; str; - description = "label of the queue element (needs to be correct)"; - }; - control = mkOption { - type = with types; listOf str; - description = "parameter of plugin"; - }; - }; - }; - - sinkElement = { - options = { - name = mkOption { - type = with types; str; - description = "name of the sink"; - }; - queue = mkOption { - type = with types; listOf (submodule queueElement); - description = "queues"; - }; - }; - }; - - cfg = config.system.custom.audio; - -in -{ - - options.system.custom.audio = { - enable = mkEnableOption "use PluseAudio"; - sinks = mkOption { - type = with types; listOf (submodule sinkElement); - description = "list of sinks"; - }; - }; - - config = mkIf cfg.enable { - - # add virtual midi module - # ----------------------- - #boot = { - # # to route midi signals - # # between bitwig and vcvrack - # kernelModules = [ "snd_virmidi" ]; - # # index=-2 prevents from beeing recognised as the default - # # audio device - # # midi_devs limit the number of midi devices. - # extraModprobeConfig = "options snd-virmidi index=-2 midi_devs=1"; - #}; - - # LADSPA - # ------ - programs.bash.interactiveShellInit = # sh - '' - # set ladspa library path - # about testing the plugins check analyseplugin command - export LADSPA_PATH=${ladspaPath} - ''; - programs.zsh.interactiveShellInit = # sh - '' - # set ladspa library path - # about testing the plugins check analyseplugin command - export LADSPA_PATH=${ladspaPath} - ''; - - # PulseAudio - # ---------- - - # because of systemWide ensure main user is in audio group - system.custom.mainUser.extraGroups = [ "audio" "pipewire" ]; - - # todo use pipewire for this - hardware.pulseaudio = { - enable = false; - package = pkgs.pulseaudioFull; - # all in audio group can do audio - systemWide = false; - extraConfig = '' - # automatically switch to newly-connected devices - load-module module-switch-on-connect - # http://plugin.org.uk/ladspa-swh/docs/ladspa-swh.html - # https://gavv.github.io/articles/pulseaudio-under-the-hood/#ladspa-plugin-sink - ${builtins.toString (flip map cfg.sinks (sink: '' - # ladspa sink : ${sink.name} - # ------------- - ${builtins.toString (flip imap0 (reverseList sink.queue) - (index: queua: - let - sinkName = suffix: "${sink.name}${builtins.toString suffix}"; - sinkValue = "sink_name=${sinkName index}"; - sinkDescription = "sink_properties=device.description=${ - sinkName index - }-${queua.label}"; - masterValue = if (index == 0) then - "" - else - "sink_master=${sinkName (index - 1)}"; - pluginValue = "plugin=${ladspaPath}/${queua.plugin}"; - labelValue = "label=${queua.label}"; - controlValue = "control=${ - builtins.toString - (foldl (a: b: "${a},${b}") (head queua.control) - (tail queua.control)) - }"; - in '' - # ${sinkName index} : ${queua.label} - load-module module-ladspa-sink ${sinkValue} ${sinkDescription} ${masterValue} ${pluginValue} ${labelValue} ${controlValue} - ''))} - ''))} - ''; - }; - - # Packages needed - # --------------- - environment.systemPackages = with pkgs; [ - - # Music making - # ------------ - #jackScript - #jack2Full - #patchage - #zynaddsubfx - #qjackctl - - alsaUtils - - # LADSPA - # ------ - ladspaPlugins - ladspa-sdk - - # PulseAudio control - # ------------------ - pavucontrol - lxqt.pavucontrol-qt - - ]; - - }; - -} - diff --git a/nixos/modules/system/bluetooth.nix b/nixos/modules/system/bluetooth.nix deleted file mode 100644 index d756b87..0000000 --- a/nixos/modules/system/bluetooth.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - - cfg = config.system.custom.bluetooth; - -in -{ - - options.system.custom.bluetooth.enable = - lib.mkEnableOption "enable bluetooth support"; - - config = lib.mkIf cfg.enable { - - hardware.bluetooth = { - enable = true; - powerOnBoot = true; - settings.General.AutoConnect = true; - }; - - services.blueman.enable = true; - - environment.systemPackages = with pkgs; [ - - # bluetooth audio - # --------------- - # todo : check if pulseaudio is enabled - bluez - bluez-tools - - ]; - }; - -} - diff --git a/nixos/modules/system/font.nix b/nixos/modules/system/font.nix deleted file mode 100644 index ec308ad..0000000 --- a/nixos/modules/system/font.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.system.custom.fonts; -in -{ - - options.system.custom.fonts = { - enable = mkEnableOption "enable fonts"; - size = mkOption { - type = types.int; - default = 17; - description = '' - size of the font - ''; - }; - }; - - # You can put your private ttf fonts into - # in $XDG_DATA_HOME/fonts, which for most users will resolve to ~/.local/share/fonts - # see https://nixos.wiki/wiki/Fonts - config = mkIf cfg.enable { - - # only set this on x220 to 141, if resolution is shit. - #services.xserver.dpi = cfg.dpi; - - fonts = { - - enableDefaultFonts = true; - enableGhostscriptFonts = true; - fontDir.enable = true; - - # todo brauch ich überhaupt die urxvt und xterm configurationen? - #fontconfig = { - # subpixel = { - # lcdfilter = "default"; - # rgba = "rgb"; - # }; - # hinting = { - # enable = true; - # autohint = false; - # }; - # enable = true; - # antialias = true; - # defaultFonts = { monospace = [ "JetBrains Mono" ]; }; - #}; - - # fonts = with pkgs; [ - # corefonts - # hasklig - # inconsolata - # source-code-pro - # symbola - # ubuntu_font_family - # # symbol fonts - # # ------------ - # nerdfonts - # powerline-fonts - # font-awesome - # fira-code-symbols - # jetbrains-mono - # # shell font - # # ---------- - # terminus_font - # gohufont - # ]; - - }; - - }; - -} - diff --git a/nixos/modules/system/on-failure.nix b/nixos/modules/system/on-failure.nix deleted file mode 100644 index 1dae774..0000000 --- a/nixos/modules/system/on-failure.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - - cfg = config.on-failure; - - api = { - - enable = mkEnableOption "krebs.on-failure" // { - default = cfg.plans != { }; - }; - - url = mkOption { - type = types.str; - description = "url on where to send the message to"; - }; - - plans = mkOption { - default = { }; - type = with types; - attrsOf (submodule ({ config, ... }: { - options = { - enable = mkEnableOption "on-failure.${config.name}" // { - default = true; - }; - name = mkOption { - type = types.str; - default = config._module.args.name; - description = "Name of the to-be-monitored service."; - }; - }; - })); - }; - }; - - enabled-plans = filter (getAttr "enable") (attrValues cfg.plans); - - to-services = plan: { - "${plan.name}".unitConfig.OnFailure = "on-failure.${plan.name}.service"; - "on-failure.${plan.name}".serviceConfig = rec { - ExecStart = mattermostStart plan; - SyslogIdentifier = ExecStart.name; - Type = "oneshot"; - }; - }; - - # todo this output must be better - mattermostStart = plan: - pkgs.writers.writeDash "on-failure.${plan.name}" '' - ${pkgs.curl}/bin/curl \ - --include \ - --request POST \ - --data-urlencode \ - 'payload={"text": " :fire: Service Failed ${plan.name} on ${config.networking.hostName}"}' \ - ${cfg.url} - ''; - -in -{ - - options.on-failure = api; - - config = lib.mkIf cfg.enable { - systemd.services = foldl (a: b: a // b) { } (map to-services enabled-plans); - }; -} diff --git a/nixos/modules/system/wifi.nix b/nixos/modules/system/wifi.nix deleted file mode 100644 index dbe4da2..0000000 --- a/nixos/modules/system/wifi.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - - cfg = config.system.custom.wifi; - -in -{ - - options.system.custom.wifi = { - enable = mkEnableOption "enable wifi"; - system = mkOption { - default = "wpa_supplicant"; - type = with types; enum [ "wpa_supplicant" "networkmanager" ]; - }; - configurationFile = mkOption { - default = null; - type = with types; nullOr path; - description = '' - the target of /etc/wpa_supplicant.conf - ''; - }; - interfaces = mkOption { - type = with types; listOf string; - default = [ ]; - description = '' - list of interfaces to take care of, - if empty it will test all interfaces - ''; - }; - }; - - config = mkMerge [ - - (mkIf (cfg.enable && cfg.system == "wpa_supplicant") { - networking.wireless.enable = true; - networking.wireless.interfaces = cfg.interfaces; - }) - - (mkIf (cfg.enable && cfg.system == "networkmanager") { - networking.networkmanager.enable = true; - networking.networkmanager.wifi.powersave = true; - networking.networkmanager.extraConfig = '' - # The number of times a connection activation should be automatically tried - # before switching to another one. This value applies only to connections - # that can auto-connect and have a connection. autoconnect-retries property set to -1. - # If not specified, connections will be tried 4 times. - # Setting this value to 1 means to try activation once, without retry. - autoconnect-retries-default=999 - ''; - }) - - (mkIf (cfg.enable && cfg.configurationFile != null) { - environment.etc."wpa_supplicant.conf".source = cfg.configurationFile; - }) - - (mkIf cfg.enable { - - networking.dhcpcd.allowInterfaces = cfg.interfaces; - - networking.usePredictableInterfaceNames = true; - - hardware.enableRedistributableFirmware = true; - - # because Networkd-wait-online is just failing. - systemd.services.systemd-networkd-wait-online.enable = false; - systemd.services.NetworkManager-wait-online.enable = false; - - environment.systemPackages = [ - - (pkgs.writeShellScriptBin "scan-wifi" '' - # todo : use column to make a nice view - ${pkgs.wirelesstools}/bin/iwlist scan | \ - grep -v "Interface doesn't support scanning" | \ - sed -e '/^\s*$/d' | \ - grep -e "ESSID" -e "Encrypt" | \ - sed -e "s/Encryption key:on/encrypted/g" | \ - sed -e "s/Encryption key:off/open/g" | \ - sed -e "s/ESSID://g" | \ - xargs -L 2 printf "%9s - '%s'\n" - '') - - ]; - }) - - ]; - -} - diff --git a/nixos/modules/services/taskwarrior-autotag.nix b/nixos/modules/taskwarrior-autotag.nix similarity index 100% rename from nixos/modules/services/taskwarrior-autotag.nix rename to nixos/modules/taskwarrior-autotag.nix diff --git a/nixos/modules/services/taskwarrior-pushover.nix b/nixos/modules/taskwarrior-pushover.nix similarity index 100% rename from nixos/modules/services/taskwarrior-pushover.nix rename to nixos/modules/taskwarrior-pushover.nix diff --git a/nixos/system/desktop/default.nix b/nixos/system/desktop/default.nix index c275012..7f6b31a 100644 --- a/nixos/system/desktop/default.nix +++ b/nixos/system/desktop/default.nix @@ -11,20 +11,16 @@ "${config.users.users.mainUser.home}/.vit" ]; - programs.custom = { - - urxvt = { - enable = true; - colorTheme = "light"; - }; - xterm = { - enable = true; - colorTheme = "light"; - }; - - curlScripts.enable = true; - - }; + #programs.custom = { + # urxvt = { + # enable = true; + # colorTheme = "light"; + # }; + # xterm = { + # enable = true; + # colorTheme = "light"; + # }; + #}; services.urxvtd.enable = true;