palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

heavy refactorings

Browse source
This commit is contained in:
Ingolf Wagner 2024-03-03 09:59:17 +01:00
parent eea11b2589
commit 776171522f
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
66 changed files with 49 additions and 3694 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/components/gui/browser.nix
View file

@ -18,7 +18,7 @@ in
fsType = "tmpfs"; fsType = "tmpfs";
}; };
programs.custom.browser = { services.browser = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
configList = { configList = {
development = { development = {

1
nixos/components/network/sshd/default.nix
View file

@ -9,7 +9,6 @@ in
imports = [ imports = [
./known-hosts-bootup.nix ./known-hosts-bootup.nix
./known-hosts-private.nix
./known-hosts-public.nix ./known-hosts-public.nix
]; ];

6
nixos/components/network/sshd/known-hosts-bootup.nix
View file

@ -69,11 +69,7 @@ in
${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 ' ${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 '
echo -n "enter password : " echo -n "enter password : "
read password read password
while [[ $(systemd-tty-ask-password-agent --list) -ne 0 ]] echo "$password" | systemctl default
do
systemd-tty-ask-password-agent --list
echo "$password" | systemd-tty-ask-password-agent --query
done
' '
'') '')
{ {

29
nixos/components/network/sshd/known-hosts-private.nix
View file

@ -1,29 +0,0 @@
{ config, lib, ... }:
with lib;
{
config = mkIf (config.components.network.sshd.enable) {
services.openssh.knownHosts = {
#"robi_init" = {
# hostNames = [
# "robi:2222"
# "144.76.13.147:2222"
# ];
# fingerprints
# 256 SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g root@rescue (ED25519)
# 3072 SHA256:KBVMQLNWaDpzlCZERN9OeEDFAhUoADOZRfenXWHxswU root@rescue (RSA)
# publicKey = "";
#};
"robi" = {
hostNames = [
"robi.private"
"robi"
"144.76.13.147"
"git.ingolf-wagner.de"
"taskd.ingolf-wagner.de"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
};
};
}

12
nixos/components/network/tinc/private.nix
View file

@ -119,7 +119,13 @@ in
services.openssh.knownHosts = { services.openssh.knownHosts = {
"robi" = { "robi" = {
hostNames = [ "robi.${network}" hosts.robi ]; hostNames = [
"robi.${network}"
hosts.robi
"144.76.13.147"
"git.ingolf-wagner.de"
"taskd.ingolf-wagner.de"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
}; };
"sterni.${network}" = { "sterni.${network}" = {
@ -130,6 +136,10 @@ in
hostNames = [ "cream.${network}" hosts.cream ]; hostNames = [ "cream.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
}; };
"cherry.${network}" = {
hostNames = [ "cherry.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUXkewyZ94A7CeCyVvN0KCqPn+8x1BZaGWMAojlfCXO";
};
"pepe.${network}" = { "pepe.${network}" = {
hostNames = [ "pepe.${network}" hosts.pepe ]; hostNames = [ "pepe.${network}" hosts.pepe ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";

2
nixos/components/terminal/wtf.nix
View file

@ -55,7 +55,7 @@ let
''; '';
userHighlight = map ({ user, ... }: user) userHighlight = map ({ user, ... }: user)
(builtins.attrValues config.programs.custom.browser.configList) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ]; ++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" '' activeUsers = pkgs.writers.writeBash "active-users" ''

6
nixos/machines/bobi/configuration.nix
View file

@ -27,12 +27,6 @@
components.gui.enable = true; components.gui.enable = true;
# fonts
# -----
programs.custom.urxvt.fontSize = 16;
programs.custom.urxvt.fontType = "vector";
programs.custom.xterm.fontSize = 16;
configuration.desktop = { configuration.desktop = {
width = 1366; width = 1366;
height = 768; height = 768;

2
nixos/machines/chungus/media-castget.nix
View file

@ -3,7 +3,7 @@ let
home = "/media/podcasts"; home = "/media/podcasts";
in in
{ {
custom.services.castget = { services.castget = {
enable = true; enable = true;
user = "media"; user = "media";
feeds = { feeds = {

15
nixos/machines/chungus/media-share.nix
View file

@ -6,25 +6,14 @@
# To set password: # To set password:
# nix-shell -p samba --run "smbpasswd -a media" # nix-shell -p samba --run "smbpasswd -a media"
custom.samba-share.enable = true; samba-share.enable = true;
#custom.samba-share.enableWSDD = true; samba-share.folders = {
custom.samba-share.folders = {
music = "/media/music"; music = "/media/music";
audio-books = "/media/audio-books"; audio-books = "/media/audio-books";
movies = "/media/movies"; movies = "/media/movies";
series = "/media/series"; series = "/media/series";
samples = "/media/samples"; samples = "/media/samples";
}; };
#custom.samba-share.private = {
# media = {
# folder = "/media";
# users = "media";
# };
# temp = {
# folder = "/srv/tdarr/transcode_cache";
# users = "media";
# };
#};
users.groups."media".gid = config.ids.gids.transmission; users.groups."media".gid = config.ids.gids.transmission;
users.users."media" = { users.users."media" = {

14
nixos/machines/cream/configuration.nix
View file

@ -117,14 +117,6 @@
services.printing.enable = true; services.printing.enable = true;
# fonts
# -----
programs.custom.urxvt.fontSize = 16;
programs.custom.urxvt.fontType = "vector";
programs.custom.xterm.fontSize = 16;
# todo : add xterm fontType
# programs.custom.xterm.fontType = "vector";
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
podman.enable = true; podman.enable = true;
@ -135,11 +127,7 @@
}; };
}; };
#services.xserver.desktopManager.gnome.enable = true; samba-share = {
#services.xserver.displayManager.lightdm.enable = false;
#services.xserver.displayManager.sddm.enable = true;
custom.samba-share = {
enable = false; enable = false;
folders = { folders = {
share = "/home/share"; share = "/home/share";

7
nixos/machines/dummy/configuration.nix
View file

@ -18,14 +18,9 @@
networking.hostName = "dummy"; networking.hostName = "dummy";
# font
# ----
programs.custom.urxvt.fontSize = 17;
programs.custom.xterm.fontSize = 17;
# system.custom.fonts.dpi = 140;
# allow un-free # allow un-free
# ------------- # -------------
# todo : put this in flake
environment.variables.NIXPKGS_ALLOW_UNFREE = "1"; environment.variables.NIXPKGS_ALLOW_UNFREE = "1";
# some system stuff # some system stuff

6
nixos/machines/mobi/configuration.nix
View file

@ -27,12 +27,6 @@
components.gui.enable = true; components.gui.enable = true;
# fonts
# -----
programs.custom.urxvt.fontSize = 16;
programs.custom.urxvt.fontType = "vector";
programs.custom.xterm.fontSize = 16;
configuration.desktop = { configuration.desktop = {
width = 1366; width = 1366;
height = 768; height = 768;

34
nixos/machines/pepe/borg.nix
View file

@ -1,34 +0,0 @@
{ lib, config, pkgs, ... }: {
backup.enable = true;
# provide repository
services.borgbackup.repos = {
default = {
quota = "100G";
allowSubRepos = true;
authorizedKeys = [
# todo rename
(lib.fileContents ../../assets/ssh/borg_access.pub)
(lib.fileContents ../../assets/ssh/palo_rsa.pub)
];
};
};
# mirror backup folder to /media
systemd.services.borg-mirror-to-media = {
enable = true;
script = ''
${pkgs.rsync}/bin/rsync -a \
/var/lib/borgbackup/ \
/media/borg-backup-mirror \
--delete-after
'';
};
systemd.timers.borg-mirror-to-media = {
enable = true;
timerConfig.OnCalendar = "daily";
wantedBy = [ "multi-user.target" ];
};
}

74
nixos/machines/pepe/configuration.nix
View file

@ -1,74 +0,0 @@
{ config, pkgs, lib, ... }: {
imports = [
../../system/server
./hardware-configuration.nix
./mail-fetcher.nix
./packages.nix
#./hass.nix
#./zigbee2mqtt.nix
#./kodi.nix
./syncthing.nix
./tinc.nix
#./wifi-access-point.nix
#./lan.nix
#./dms.nix
./borg.nix
#./mpd.nix
./grocy.nix
./taskwarrior-pushover.nix
#./neo4j.nix
#./jellyfin.nix
#./wireguard.nix
#./tts.nix
# logging
./loki.nix
./loki-promtail.nix
./prometheus.nix
./grafana.nix
./telegraf.nix
./home-display.nix
#./tdarr.nix
];
sops.defaultSopsFile = ../../secrets/pepe.yaml;
networking.hostName = "pepe";
programs.custom. zsh.enable = true;
users.users.root.shell = pkgs.zsh;
# todo : rename to component.init.ssh
configuration.init-ssh = {
enable = "enabled";
kernelModules = [ "e1000e" ];
};
# just enable lan
networking.dhcpcd.allowInterfaces = [ "enp0s25" ];
# nix-shell -p speedtest_cli --run speedtest
#configuration.fireqos = {
# enable = false;
# interface = "enp0s25";
# input = 200000;
# output = 2000;
# balance = false;
#};
services.printing.enable = false;
services.smartd.enable = true;
# todo move to some place else
home-manager.users.mailUser.home.stateVersion = "22.11";
}

98
nixos/machines/pepe/dms.nix
View file

@ -1,98 +0,0 @@
{ lib, pkgs, config, ... }:
# a very simple dms setup which.
# I have a brother ADS-1600W scanner, which is configured to send all
# PDFs to this machine in /home/ftp-upload/input
# from there the dms.py scans them and makes them searchable.
let
dms = pkgs.fetchgit {
url = "https://github.com/mrVanDalo/dms.git";
rev = "2f5c44f017bdfd8abfe908d419ef26bac300f809";
sha256 = "0dxhk1ah6wwbsxyk4hd32rz7886w7r5gfy16485gjbvky1qsi8gd";
};
in
{
# setup ftp
services.vsftpd = {
enable = true;
userlist = [ "ftp-upload" ];
userlistEnable = true;
localUsers = true;
writeEnable = true;
extraConfig = ''
# additional ports for directory list and stuff
pasv_min_port=4242
pasv_max_port=4243
'';
};
networking.firewall.allowedTCPPortRanges = [
{
# ftp: additional ports for directory list and stuff
from = 4242;
to = 4243;
}
{
# ftp
from = 20;
to = 21;
}
];
sops.secrets.ftp_password = { };
# create user
users.users.ftp-upload = {
passwordFile = config.sops.secrets.ftp_password.path;
isNormalUser = true;
};
# create dms service
systemd.services.dms = {
enable = true;
wantedBy = [ "multi-user.target" ];
path = [
(pkgs.python3.withPackages (ps: with ps; [ flask ]))
pkgs.imagemagickBig
(pkgs.pdfsandwich.override { imagemagick = pkgs.imagemagickBig; })
pkgs.poppler_utils
pkgs.which
pkgs.netpbm
pkgs.gawk
pkgs.bash
];
serviceConfig = { User = "ftp-upload"; };
preStart = ''
if [[ ! -L /home/ftp-upload/db/SOURCE_DIR ]]
then
rm -rf /home/ftp-upload/db/SOURCE_DIR
mkdir -p /home/ftp-upload/db
mkdir -p /home/ftp-upload/input
ln -s /home/ftp-upload/input /home/ftp-upload/db/SOURCE_DIR
fi
'';
script = ''
DMSDATA=/home/ftp-upload/db \
FLASK_APP=${dms}/dms.py \
flask run --host 0.0.0.0 \
"$@"
'';
};
# host nginx setup
services.nginx = {
enable = true;
virtualHosts = {
"dms.pepe.private" = {
serverAliases =
[ "pdf.pepe.private" "docs.pepe.private" "dms.pepe.lan" ];
locations."/" = { proxyPass = "http://localhost:5000"; };
};
};
};
# add documents to backup
backup.dirs = [ "/home/ftp-upload/db" ];
}

24
nixos/machines/pepe/grafana.nix
View file

@ -1,24 +0,0 @@
{ config, ... }:
{
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.pepe.private";
http_port = 2342;
http_addr = "localhost";
};
};
}

24
nixos/machines/pepe/grocy.nix
View file

@ -1,24 +0,0 @@
{ config, lib, pkgs, ... }:
{
#services.grocy = {
# enable = true;
# settings = {
# culture = "de";
# currency = "EUR";
# };
# hostName = "grocy.pepe.private";
# nginx.enableSSL = false;
#};
#backup.dirs = [ config.services.grocy.dataDir ];
services.grocy-scanner = {
enable = true;
host = "https://grocy.ingolf-wagner.de";
device = "/dev/input/by-id/usb-Belon.cn_2.4G_Wireless_Device_Belon_Smart-event-kbd";
apiKeyFile = config.sops.secrets.grocyApiKey.path;
};
sops.secrets.grocyApiKey = { };
}

88
nixos/machines/pepe/hardware-configuration.nix
View file

@ -1,88 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ modulesPath, config, lib, pkgs, ... }:
{
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
(
let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61";
in {
fileSystems."/media" = {
device = "/dev/disk/by-uuid/${mediaUUID}";
fsType = "ext4";
options = [
"nofail"
"noauto"
#"x-systemd.device-timeout=1ms"
];
};
systemd.mounts = [{
enable = true;
options = "nofail,noauto";
type = "ext4";
wantedBy = [ "multi-user.target" ];
what = "/dev/disk/by-uuid/${mediaUUID}";
where = "/media";
}];
}
)
];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.grub = {
enable = true;
version = 2;
device = "/dev/sda";
};
zramSwap = {
enable = true;
numDevices = 2;
swapDevices = 1;
memoryPercent = 50;
};
fileSystems."/share" = {
#device = "/dev/ram1";
device = "none";
fsType = "tmpfs";
};
nix.settings.max-jobs = lib.mkDefault 2;
# lvm volume group
# ----------------
boot.initrd.luks.devices = {
"secure_vg" = {
device = "/dev/sda2";
preLVM = true;
};
};
# NTFS support
# ------------
environment.systemPackages = [ pkgs.ntfs3g ];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/secure_vg/root";
fsType = "ext4";
};
# boot
# ----
fileSystems."/boot" = {
device = "/dev/sda1";
fsType = "ext4";
};
}

19
nixos/machines/pepe/hass.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers = {
backend = "podman";
containers.homeassistant = {
volumes = [ "/var/lib/home-assistant:/config" ];
environment.TZ = "Europe/Berlin";
image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
extraOptions = [ "--network=host" ];
};
};
backup.dirs = [ "/var/lib/home-assistant" ];
networking.firewall.allowedTCPPorts = [ 8123 ];
networking.firewall.allowedUDPPorts = [ 8123 ];
}

40
nixos/machines/pepe/home-display.nix
View file

@ -1,40 +0,0 @@
{ lib, pkgs, config, assets, ... }:
{
networking.firewall.allowedTCPPorts = [ 80 ];
networking.firewall.allowedUDPPorts = [ 80 ];
services.nginx.virtualHosts."${config.networking.hostName}.private" = {
locations."= /home-status.html".alias = "/srv/home-status/index.html";
};
systemd.services.home-status-refresh = {
enable = true;
script =
let
mustache = "${pkgs.mustache-go}/bin/mustache";
jq = "${pkgs.jq}/bin/jq";
index_html_template = refreshSeconds: pkgs.writeText "index_html.template" ''
<html>
<head><meta http-equiv="refresh" content="${toString refreshSeconds}"></head>
<body>{{ date }}</body>
</html>
'';
in
''
${jq} --raw-input '.' <(date +"%Y-%m-%d %H:%M";echo "hallo") \
| ${jq} --slurp '{ date : .[0], test : .[1] }' \
| ${mustache} ${index_html_template 60} > /srv/home-status/index.html
'';
};
systemd.timers.home-status-refresh = {
enable = true;
# man systemd.time
timerConfig.OnCalendar = "minutely";
wantedBy = [ "multi-user.target" ];
};
}

11
nixos/machines/pepe/jellyfin.nix
View file

@ -1,11 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.jellyfin.enable = true;
services.jellyfin.openFirewall = true;
users.groups."syncthing".members = [ "jellyfin" ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
}

44
nixos/machines/pepe/kodi.nix
View file

@ -1,44 +0,0 @@
{ config, lib, pkgs, ... }: {
services.xserver = {
enable = false;
autorun = false;
videoDrivers = [ "intel" ];
#deviceSection = ''
# Option "DRI" "2"
# Option "TearFree" "true"
#'';
desktopManager = {
kodi.enable = true;
default = "kodi";
xterm.enable = false;
};
displayManager = {
sddm = {
enable = true;
autoLogin = {
enable = true;
relogin = true;
user = config.users.users.kodi.name;
};
};
};
};
users = {
# mutableUsers = true;
users.kodi = {
isNormalUser = true;
name = "kodi";
uid = 1338;
initialPassword = lib.fileContents <secrets/kodi/password>;
};
};
# allow everybody in the net to access the wifi
networking.firewall = {
allowedTCPPorts = [ 8080 ];
allowedUDPPorts = [ 8080 ];
};
}

27
nixos/machines/pepe/lan.nix
View file

@ -1,27 +0,0 @@
{ lib, pkgs, ... }:
let
interface = "enp0s25";
ipAddress = "10.1.0.2";
prefixLength = 24;
in
{
networking.extraHosts = ''
10.1.0.1 workout.lan
10.1.0.2 pepe.lan
'';
# todo only open needed ports
networking.firewall.trustedInterfaces = [ interface ];
networking.networkmanager.unmanaged = [ interface ];
networking.dhcpcd.denyInterfaces = [ interface ];
networking.interfaces."${interface}".ipv4.addresses = [{
address = ipAddress;
prefixLength = prefixLength;
}];
}

41
nixos/machines/pepe/loki-promtail.nix
View file

@ -1,41 +0,0 @@
{ config, ... }:
{
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 28183;
grpc_listen_port = 0;
};
positions.filename = "/tmp/positions.yaml";
clients = [
{ url = "http://127.0.0.1:3100/loki/api/v1/push"; }
];
scrape_configs = [
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = config.networking.hostName;
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
{
source_labels = [ "__journal__transport" ];
target_label = "transport";
}
];
}
];
};
};
}

99
nixos/machines/pepe/loki.nix
View file

@ -1,99 +0,0 @@
{ config, pkgs, ... }:
{
services.loki = {
enable = true;
configuration = {
server = {
http_listen_port = 3100;
log_level = "warn";
};
auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [{
from = "2022-06-06";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
# user, group, dataDir, extraFlags, (configFile)
};
#services.nginx = {
# enable = true;
# virtualHosts.loki = {
# serverName = "loki.pepe.private";
# locations."/" = {
# proxyWebsockets = true;
# proxyPass = "http://127.0.0.1:3100";
# #extraConfig = ''
# # access_log off;
# # allow ${config.tinc.private.subnet};
# # deny all;
# #'';
# };
# };
#};
}

696
nixos/machines/pepe/mail-fetcher.nix
View file

@ -1,696 +0,0 @@
# fetches mails for me
{ lib, pkgs, config, ... }:
let
junk_filter = [
"from:booking.com"
"subject:Gewinn"
"from:brompton.com"
"from:circleci.com"
"from:audio-overlay@googlegroups.com OR to:audio-overlay@googlegroups.com"
"from:codepen.io"
"from:congstarnews.de"
"from:cronullasurfingacademy.com"
"from:cryptohopper.com"
"from:digitalo.de"
"from:facebook.com OR from:facebookmail.com"
"from:fitnessfirst.de"
"from:flixbus.de"
"from:getdigital.de"
"from:getpocket.com"
"from:ghostinspector.com"
"from:globetrotter.de"
"from:hackster.io"
"from:hostelworld.com"
"from:immobilienscout24.de"
"from:kvraudio.com"
"from:letterboxd.com"
"from:linkedin.com"
"from:magix.net"
"from:mailings.gmx.net"
"from:mailings.web.de"
"from:matrix.org"
"from:menospese.com"
"from:microsoftstoreemail.com"
"from:mixcloudmail.com AND subject:Weekly Update"
"from:oknotify2.com AND NOT subject:New message"
"from:paulaschoice.com"
"from:puppet.com"
"from:runtastic.com"
"from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com"
"from:ticketmaster.de"
"from:trade4less.de"
"from:tumblr.com"
"from:turners.co.nz"
"from:twitch.tv"
"from:vstbuzz.com"
];
filters = [
{
query = "from:hosting.de";
tags = [ "+billing" ];
}
{
query = "from:hv-geelen.de";
tags = [ "+wohnung" ];
}
{
query = "from:computerfutures.com OR from:computerfutures.de";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:seek.com.au or from:seek.co.nz";
tags = [ "+jobs" ];
}
{
query = "from:xing.com";
tags = [ "+jobs" "-inbox" ];
}
{
query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com";
tags = [ "+sononym" "-inbox" ];
}
{
query = "from:ebay.com OR from:ebay.de OR from:ebay.net";
tags = [ "+ebay" "+shop" "+billing" ];
}
{
query = "from:bahn.de";
tags = [ "+billing" "+bahn" ];
}
{
query =
"from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com";
tags = [ "+mia" "+work" "-unread" "-inbox" ];
}
{
query =
"from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/";
tags = [ "+spaceleft" "+space-left" ];
}
{
query = "from:landr.com";
tags = [ "+landr" "+music" ];
}
{
query = "tag:landr and tag:billing";
tags = [ "+billing" ];
}
{
query = "from:oknotify2.com";
tags = [ "+okcupid" ];
}
{
query = "from:taxback.de OR to:taxback.de";
tags = [ "+steuer" ];
}
{
query = "from:campact.de";
tags = [ "+campact" "+politics" ];
}
{
query = "from:aliexpress.com";
tags = [ "+shop" "+aliexpress" ];
}
{
query = "from:congstar.de";
tags = [ "+billing" "+congstar" "-inbox" "-unread" ];
}
{
query =
"from:steampowered.com AND NOT ( subject:purchase OR subject:received )";
tags = [ "-inbox" "-unread" ];
}
{
query =
"from:steampowered.com AND ( subject:purchase OR subject:received )";
tags = [ "+billing" "+steam" ];
}
{
query = "from:gog.com AND NOT subject:Bestellung";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:gog.com AND subject:Bestellung";
tags = [ "+billing" "+gog" ];
}
{
query = "from:stadtmobil.de";
tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ];
}
{
query = "from:drive-now.com";
tags = [ "+billing" "+drivenow" "-inbox" "-unread" ];
}
{
query = "from:data-treuhand.de";
tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ];
}
{
query = "from:immocation.de";
tags = [ "+immobilien" "-inbox" ];
}
{
query = "from:tinc-vpn.org";
tags = [ "+tinc" ];
}
{
query = "from:mindfactory.de";
tags = [ "+shop" "+billing" ];
}
{
query = "from:zalando.de";
tags = [ "+shop" "+billing" "+zalando" ];
}
{
query = "from:ing.de";
tags = [ "+bank" "+ingdiba" ];
}
{
query = "from:nab.com.au";
tags = [ "+bank" "+nab" "-inbox" "-unread" ];
}
{
query = "from:dkb.de";
tags = [ "+bank" "+dkb" ];
}
{
query = "from:o2online.de";
tags = [ "+billing" "+o2" ];
}
{
query = "from:betfair.com";
tags = [ "+work" "+betfair" ];
}
{
query = "from:notifications@github.com";
tags = [ "+github" ];
}
{
query = "to:NUR@noreply.github.com";
tags = [ "+nur" "+nixos" "+list" ];
}
{
query = "to:nixpkgs@noreply.github.com";
tags = [ "+nixpkgs" "+nixos" "+list" ];
}
{
query = "from:travis-ci.org AND subject:mrVanDalo/navi";
tags = [ "+development" "+navi" ];
}
{
query = "from:travis-ci.org AND subject:nur-packages";
tags = [ "+development" "+nixos" "+nur-packages" ];
}
{
query = "from:travis-ci.org AND subject:csv-to-qif";
tags = [ "+development" "+csv-to-qif" ];
}
{
query = "to:proaudio@lists.tuxfamily.org";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:nixos1@discoursemail.com";
tags = [ "+nixos" "+discourse" "+list" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Development";
tags = [ "+nixos" "+discourse" "+development" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Français";
tags = [ "+nixos" "+discourse" "-inbox" "-unread" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Announcements";
tags = [ "+nixos" "+discourse" "+announcements" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Links";
tags = [ "+nixos" "+discourse" "+links" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Games";
tags = [ "+nixos" "+discourse" "+games" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Meta";
tags = [ "+nixos" "+discourse" "+meta" ];
}
{
query = "from:nixos1@discoursemail.com AND subject:Events";
tags = [ "+nixos" "+discourse" "+events" ];
}
{
query = "from:limebike.com AND (subject:Funds OR subject:Receipt)";
tags = [ "-inbox" "-unread" "+billing" "+limebike" ];
}
{
query = "from:freemusicarchive.org";
tags = [ "+FMA" ];
}
{
query = "from:namecheap.com and subject:auto-renewal";
tags = [ "+namecheap" "+billing" ];
}
{
query = "from:namecheap.com and subject:order";
tags = [ "+namecheap" "+billing" ];
}
{
query = "tag:namecheap.com and tag:billing and body:gaykraft.com";
tags = [ "+namecheap" "+billing" ];
}
{
query = "from:nintendo.com";
tags = [ "+nintendo" "+billing" ];
}
{
query = "from:oculus.com AND subject:receipt";
tags = [ "+oculus" "+billing" ];
}
{
query = "from:car2go.com";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:sixt.de";
tags = [ "-inbox" "-unread" ];
}
{
query = "from:meetup.com";
tags = [ "-inbox" "-unread" "+meetup" ];
}
{
query = "from:slack.com";
tags = [ "+slack" ];
}
{
query = "from:keybase.io";
tags = [ "+keybase" ];
}
{
query = "from:jobs2web.com";
tags = [ "+newzealand" "+jobs" "-inbox" ];
}
{
query = "from:paypal.de AND subject:Bestätigung";
tags = [ "-unread" "+paypal" "+billing" ];
}
{
query = "to:c-base.org";
tags = [ "+cbase" "+list" ];
}
{
query = "to:c-base.org AND subject=[auto-report]";
tags = [ "-unread" "-inbox" ];
}
{
query = "from:browserstack.com";
tags = [ "+browserstack" ];
}
{
query =
"to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com";
tags = [ "+renoise" ];
}
{
query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com";
tags = [ "+shop" "+amazon" "+billing" ];
}
{
query = "from:hetzner.com OR from:hetzner.de";
tags = [ "+hetzner" ];
}
{
query = "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
}
{
query = "tag:hetzner and subject:Invoice";
tags = [ "+billing" ];
}
# final rules to make imap sync stuff easier
# there can only be one output folder tag, and theses rules are prioritized
{
query = "tag:fraud";
tags = [ "-inbox" "-archive" "-junk" "-unread" ];
message = "clean up tag fraud";
}
{
query = "tag:junk";
tags = [ "-inbox" "-archive" "-fraud" "-unread" ];
message = "clean up tag junk";
}
{
query = "tag:archive";
tags = [ "-inbox" "-junk" "-fraud" "-unread" ];
message = "clean up tag archive";
}
{
query = "tag:inbox";
tags = [ "-archive" "-junk" "-fraud" ];
message = "clean up inbox";
}
{
query = "tag:killed";
tags = [ "-inbox" "-unread" ];
message = "clean up tag killed";
}
{
query = "tag:muted";
tags = [ "-inbox" "-unread" ];
}
# remove new tag at the end
{
query = "tag:new";
tags = [ "-new" ];
message = "remove new tag at the end";
}
];
notmuchTagging =
let
template = index:
{ tags, query, message ? "generic", ... }:
let
command = ''
${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}"
'';
in
''
echo '${command}'
${command}
'';
junk_template = index: query:
template index {
tags = [ "+junk" "-unread" "-inbox" ];
query = query;
message = "generic junk filter";
};
in
pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n"
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
notmuchTaggingNew =
let
template = index:
{ tags, query, message ? "generic", ... }:
let
command = ''
${pkgs.notmuch}/bin/notmuch tag ${
lib.concatStringsSep " " tags
} -- "${query} AND tag:new"
'';
in
''
echo '${command}'
${command}
'';
junk_template = index: query:
template index {
tags = [ "+junk" "-unread" "-inbox" ];
query = query;
message = "generic junk filter";
};
in
pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n"
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
in
{
backup.dirs = [ "/home/mailfetcher" ];
users.users.mailUser = {
isNormalUser = true;
description = "collects mails for me";
hashedPassword = "!";
name = "mailfetcher";
home = "/home/mailfetcher";
openssh.authorizedKeys.keyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles;
group = "mailfetcher";
};
users.groups.mailUser = {
name = "mailfetcher";
};
sops.secrets.mail_ingolf_wagner_de = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_terranix = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmail = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmx_palo = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmx_ingolf = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_web = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_siteground = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
environment.systemPackages = [ pkgs.muchsync ];
# configure accounts
home-manager.users.mailUser.accounts.email = {
accounts = {
palo_van_dalo-gmx = {
primary = false;
address = "palo_van_dalo@gmx.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palo_van_dalo@gmx.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_gmx_palo.path }";
imap = {
host = "imap.gmx.net";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
ingolf-wagner-gmx = {
primary = false;
address = "ingolf.wagner@gmx.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "ingolf.wagner@gmx.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_gmx_ingolf.path }";
imap = {
host = "imap.gmx.net";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
pali_palo = {
primary = false;
address = "pali_palo@web.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "pali_palo@web.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_web.path }";
imap = {
host = "imap.web.de";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
gmail = {
# for google accounts you have to allow 'less secure apps' in accounts.google.com
primary = true;
address = "palipalo9@googlemail.com";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "palipalo9@googlemail.com";
passwordCommand =
"cat ${toString config.sops.secrets.mail_gmail.path }";
imap = {
host = "imap.gmail.com";
tls.enable = true;
port = 993;
};
mbsync = {
enable = true;
create = "both";
};
notmuch.enable = true;
};
#terranix_org = {
# primary = false;
# address = "palo@terranix.org";
# aliases = [ ];
# realName = "Ingolf Wagner";
# userName = "palo@terranix.org";
# passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }";
# imap = {
# host = "mail.privateemail.com";
# tls.enable = true;
# port = 993;
# };
# # make sure the upstream mail is deleted
# getmail = {
# enable = true;
# delete = true;
# readAll = false;
# mailboxes = [ "ALL" ];
# };
# notmuch.enable = true;
#};
# new
#ingolf-wagner-de-new = {
# primary = false;
# address = "contact@ingolf-wagner.de";
# aliases = [ ];
# realName = "Ingolf Wagner";
# userName = "contact@ingolf-wagner.de";
# passwordCommand =
# "cat ${toString config.sops.secrets.mail_ingolf_wagner_de.path}";
# imap = {
# host = "mail.privateemail.com";
# tls.enable = true;
# port = 993;
# };
# # make sure the upstream mail is deleted
# getmail = {
# enable = true;
# delete = true;
# readAll = false;
# mailboxes = [ "ALL" ];
# };
# notmuch.enable = true;
#};
# deprecated
ingolf-wagner-de = {
primary = false;
address = "contact@ingolf-wagner.de";
aliases = [ ];
realName = "Ingolf Wagner";
userName = "contact@ingolf-wagner.de";
passwordCommand =
"cat ${toString config.sops.secrets.mail_siteground.path }";
imap = {
host = "securees5.sgcpanel.com";
port = 993;
tls.enable = true;
#tls.useStartTls = true;
};
# make sure the upstream mail is deleted
getmail = {
enable = true;
delete = true;
readAll = false;
mailboxes = [ "ALL" ];
};
notmuch.enable = true;
};
};
};
# configure mbsync
home-manager.users.mailUser.programs.mbsync.enable = true;
# re-tag everything once a day
systemd.services.retagmail = {
enable = true;
serviceConfig = { User = config.users.users.mailUser.name; };
environment.NOTMUCH_CONFIG =
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
script = "${notmuchTagging}";
};
systemd.timers.retagmail = {
enable = true;
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
};
wantedBy = [ "multi-user.target" ];
};
# fetch mails every 10 minutes
systemd.services.fetchmail =
let
threadTag = tag: ''
echo "tag threads with ${tag}"
${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag})
'';
in
{
enable = true;
serviceConfig = { User = config.users.users.mailUser.name; };
environment.NOTMUCH_CONFIG =
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
script = ''
echo "run mbsync"
${pkgs.isync}/bin/mbsync \
--all
echo "run getmail"
${pkgs.getmail6}/bin/getmail \
--quiet \
--rcfile getmailingolf-wagner-de \
--rcfile getmailingolf-wagner-de-new \
--rcfile getmailterranix_org
echo "run notmuch"
${pkgs.notmuch}/bin/notmuch new
${notmuchTaggingNew}
${threadTag "muted"}
'';
};
systemd.timers.fetchmail = {
enable = false;
# timerConfig.OnCalendar = " *-*-* *:00:00";
timerConfig.OnCalendar = "*:0/10";
wantedBy = [ "multi-user.target" ];
};
# configure notmuch
home-manager.users.mailUser.programs.notmuch = {
enable = true;
new.tags = [ "unread" "inbox" "new" ];
};
}

78
nixos/machines/pepe/mpd.nix
View file

@ -1,78 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.mpd = {
enable = true;
network.listenAddress = "any";
musicDirectory = "/media/syncthing/music-library";
playlistDirectory = "/media/syncthing/music-library/playlists";
};
users.groups."syncthing".members = [ "mpd" ];
sound.enable = true;
networking.firewall.allowedTCPPorts = [
6680 # mopidy
6600 # mpd
1234 # zeroconf
];
users.users."spotifyd" = {
isSystemUser = true;
group = "spotifyd";
};
users.groups.spotifyd = { };
sops.secrets.spotify_pass.owner = "spotifyd";
sops.secrets.spotify_user.owner = "spotifyd";
services.spotifyd.enable = true;
services.spotifyd.settings = {
global = {
username_cmd = "cat ${config.sops.secrets.spotify_user.path}";
password_cmd = "cat ${config.sops.secrets.spotify_pass.path}";
backend = "alsa"; # use portaudio for macOS [homebrew]
# The alsa mixer used by `spotifyd`.
mixer = "PCM";
# A script that gets evaluated in the user's shell when the song changes [aliases: onevent]
on-song-change-hook = "${pkgs.mpc_cli}/bin/mpc --host localhost --port 6600 stop";
# The volume controller. Each one behaves different to
# volume increases. For possible values, run
# `spotifyd --help`.
volume_controller = "alsa";
# The name that gets displayed under the connect tab on
# official clients. Spaces are not allowed!
device_name = "DJane";
# The audio bitrate. 96, 160 or 320 kbit/s
bitrate = 320;
# If set to true, audio data does NOT get cached.
no_audio_cache = true;
# Volume on startup between 0 and 100
# NOTE: This variable's type will change in v0.4, to a number (instead of string)
initial_volume = "90";
# If set to true, enables volume normalisation between songs.
volume_normalisation = false;
# The normalisation pregain that is applied for each song.
# normalisation_pregain = -10
# The port `spotifyd` uses to announce its service over the network.
zeroconf_port = 1234;
# The displayed device type in Spotify clients.
# Can be unknown, computer, tablet, smartphone, speaker, t_v,
# a_v_r (Audio/Video Receiver), s_t_b (Set-Top Box), and audio_dongle.
device_type = "computer";
};
};
}

14
nixos/machines/pepe/mqtt.nix
View file

@ -1,14 +0,0 @@
{ lib, ... }: {
services.mosquitto = {
enable = true;
listeners = [{
acl = [ "pattern readwrite #" ];
omitPasswordAuth = true;
settings.allow_anonymous = true;
}];
};
networking.firewall.allowedTCPPorts = [ 1883 ];
}

8
nixos/machines/pepe/packages.nix
View file

@ -1,8 +0,0 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
pkgs.mediainfo
pkgs.youtube-dl
];
}

132
nixos/machines/pepe/prometheus.nix
View file

@ -1,132 +0,0 @@
{ config, pkgs, lib, ... }: {
sops.secrets.hass_long_term_token.owner = "prometheus";
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"prometheus.pepe.private" = {
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; };
};
};
};
services.prometheus = {
checkConfig = "syntax-only";
enable = true;
# keep data for 30 days
extraFlags = [ "--storage.tsdb.retention.time=30d" ];
ruleFiles = [
(pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
groups = [
{
name = "core";
rules = [
{
alert = "InstanceDown";
expr = "up == 0";
for = "5m";
labels.severity = "page";
annotations = {
summary = "Instance {{ $labels.instance }} down";
description = "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.";
};
}
];
}
{
name = "home-assistant";
rules = [
{
record = "home_open_window_sum";
expr = ''sum( homeassistant_binary_sensor_state{entity=~"binary_sensor\\.window_02_contact|binary_sensor\\.window_03_contact|binary_sensor\\.window_04_contact|binary_sensor\\.window_05_contact|binary_sensor\\.window_06_contact|binary_sensor\\.window_07_contact"} )'';
}
] ++ (map
(number:
{
record = "home_at_least_n_windows_open";
expr = ''home_open_window_sum >= bool ${toString number}'';
labels.n = number;
}) [ 1 2 3 ]);
}
];
}))
];
#alertmanager = {
# enable = true;
# configuration = {
#};
#};
exporters = {
systemd.enable = true;
node = {
enable = true;
enabledCollectors = [ "systemd" ];
port = 9002;
};
};
scrapeConfigs = [
{
job_name = "netdata";
metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ];
scrape_interval = "5s";
static_configs = [
{
targets = [ "localhost:19999" ];
labels = {
service = "netdata";
server = "pepe";
};
}
];
}
{
job_name = "systemd";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.systemd.port}" ];
labels = {
service = "systemd-exporter";
server = "pepe";
};
}];
}
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
labels = {
service = "node-exporter";
server = "pepe";
};
}];
}
{
# see https://www.home-assistant.io/integrations/prometheus/
job_name = "home-assistant";
scrape_interval = "60s";
metrics_path = "/api/prometheus";
bearer_token_file = toString config.sops.secrets.hass_long_term_token.path;
static_configs = [{
targets = [ "localhost:8123" ];
labels = {
service = "hass";
server = "pepe";
};
}];
}
];
};
}

127
nixos/machines/pepe/syncthing.nix
View file

@ -1,127 +0,0 @@
{ config, pkgs, lib, ... }: {
users.groups."syncthing".members = [ "mpd" "syncthing" "upload" ];
custom.samba-share = {
enable = true;
#folders = {
# #media = config.services.syncthing.folders.media.path;
# media = "/media/syncthing/media";
#};
private = {
media = {
folder = "/media/syncthing/media";
users = "upload";
};
#upload = {
# folder = "/media/upload";
# users = "upload";
#};
};
};
users.users.upload = {
isNormalUser = true;
group = "upload";
};
users.groups.upload = { };
sops.secrets.syncthing_cert = { };
sops.secrets.syncthing_key = { };
services.syncthing = {
enable = true;
openDefaultPorts = true;
cert = toString config.sops.secrets.syncthing_cert.path;
key = toString config.sops.secrets.syncthing_key.path;
overrideFolders = true;
folders = {
# on encrypted drive
# ------------------
private = {
enable = true;
path = "/home/syncthing/private";
};
art = {
enable = true;
path = "/home/syncthing/art";
};
password-store = {
enable = true;
path = "/home/syncthing/password-store";
};
desktop = {
enable = true;
path = "/home/syncthing/desktop";
};
finance = {
enable = true;
path = "/home/syncthing/finance";
};
fotos = {
enable = true;
path = "/home/syncthing/fotos";
};
# no need to be encrypted
# -----------------------
books = {
enable = true;
path = "/media/syncthing/books";
rescanInterval = 40 * 24 * 3600;
};
lost-fotos = {
enable = true;
path = "/media/syncthing/lost-fotos.ct";
rescanInterval = 5 * 31 * 24 * 3600;
};
#media = {
# enable = true;
# path = "/media/syncthing/media";
# rescanInterval = 30 * 24 * 3600;
# type = "receiveonly";
# versioning = {
# type = "simple";
# params.keep = "3";
# };
#};
music-projects = {
enable = true;
path = "/media/syncthing/music-projects";
rescanInterval = 8 * 3600;
};
nextcloud_backup = {
enable = true;
path = "/media/syncthing/nextcloud_backup";
rescanInterval = 8 * 3600;
};
};
};
services.permown."/home/syncthing" = {
owner = "syncthing";
group = "syncthing";
};
services.permown."/media/syncthing" = {
owner = "syncthing";
group = "syncthing";
directory-mode = "770";
file-mode = "660";
};
systemd.services."permown._media_syncthing" = {
bindsTo = [ "media.mount" ];
after = [ "media.mount" ];
};
systemd.services."syncthing" = {
bindsTo = [ "media.mount" ];
after = [ "media.mount" ];
};
backup.dirs = [
config.services.syncthing.folders.finance.path
];
}

28
nixos/machines/pepe/taskwarrior-pushover.nix
View file

@ -1,28 +0,0 @@
{ config, lib, pkgs, ... }:
{
sops.secrets.autotagTaskwarriorCa = {
owner = "taskwarrior-autotag";
key = "taskwarriorCa";
};
sops.secrets.autotagTaskwarriorCertificate = {
owner = "taskwarrior-autotag";
key = "taskwarriorCertificate";
};
sops.secrets.autotagTaskwarriorKey = {
owner = "taskwarrior-autotag";
key = "taskwarriorKey";
};
services.taskwarrior-autotag = {
enable = true;
recurrence = "off";
onCalendar = "hourly";
server = "taskd.ingolf-wagner.de:53589";
caFile = config.sops.secrets.autotagTaskwarriorCa.path;
certificateFile = config.sops.secrets.autotagTaskwarriorCertificate.path;
keyFile = config.sops.secrets.autotagTaskwarriorKey.path;
credentials = "1337/palo/ad40dce8-4b38-4011-b032-60a91b6f22cd";
};
}

60
nixos/machines/pepe/tdarr.nix
View file

@ -1,60 +0,0 @@
{ config, lib, pkgs, ... }:
{
users.users.tdarr = {
isNormalUser = true;
group = "syncthing";
};
backup.dirs = [
"/srv/tdarr/server"
"/srv/tdarr/configs"
"/srv/tdarr/logs"
];
# https://docs.tdarr.io/docs/installation/docker/run-compose
virtualisation.oci-containers = {
backend = "podman";
containers.tdarr = {
volumes = [
"/srv/tdarr/server:/app/server"
"/srv/tdarr/configs:/app/configs"
"/srv/tdarr/logs:/app/logs"
"/srv/tdarr/transcode_cache:/temp"
"/media/syncthing/media:/media"
];
environment = {
serverIP = "0.0.0.0";
serverPort = "8266";
webUIPort = "8265";
internalNode = "false";
inContainer = "true";
nodeName = "ServerNode";
TZ = "Europe/London";
PGID = "237";
};
ports = [
"8265:8265" # WebUI
"8266:8266" # server port
];
image = "ghcr.io/haveagitgat/tdarr:latest"; # Warning: if the tag does not change, the image will not be updated
extraOptions = [ "--network=bridge" ];
};
};
networking.firewall.allowedTCPPorts = [ 8266 ];
networking.firewall.allowedUDPPorts = [ 8266 ];
services.nginx.virtualHosts."tdarr.pepe.private" = {
serverAliases = [ "tdarr.pepe" ];
extraConfig = ''
allow ${config.tinc.private.subnet};
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:8265";
proxyWebsockets = true;
};
};
}

93
nixos/machines/pepe/telegraf.nix
View file

@ -1,93 +0,0 @@
{ pkgs, ... }:
let
urls = [
{ url = "https://bitwarden.ingolf-wagner.de"; path = ""; }
{ url = "https://flix.ingolf-wagner.de"; path = "web/index.html"; }
{ url = "https://git.ingolf-wagner.de"; path = ""; }
{ url = "https://ingolf-wagner.de"; path = ""; }
{ url = "https://nextcloud.ingolf-wagner.de"; path = "login"; }
{ url = "https://tech.ingolf-wagner.de"; path = ""; }
];
in
{
systemd.services.telegraf.path = [ pkgs.inetutils ];
services.telegraf = {
enable = true;
extraConfig = {
outputs.prometheus_client = {
listen = ":9273";
metric_version = 2;
};
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
inputs = {
cpu = { };
diskio = { };
x509_cert = [{
sources = (map (url: "${url.url}:443") urls);
interval = "30m"; # agent.interval = "10s" is default
}];
http_response =
let fullUrls = map ({ url, path }: "${url}/${path}") urls;
in [{ urls = fullUrls; }];
processes = { };
systemd_units = { };
internet_speed.interval = "50m";
nginx.urls = [ "http://localhost/nginx_status" ];
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make pepe visible over wireguard
};
};
};
services.prometheus.scrapeConfigs = [
{
# see https://www.home-assistant.io/integrations/prometheus/
job_name = "telgraf";
metrics_path = "/metrics";
static_configs = [{
targets = [ "localhost:9273" ];
labels = {
service = "telegraf";
server = "pepe";
};
}];
}
];
services.prometheus.ruleFiles = [
(pkgs.writeText "telegraf.yml" (builtins.toJSON {
groups = [
{
name = "telegraf";
rules = [
{
alert = "HttpResponseNotOk";
expr = "0 * (http_response_http_response_code != 200) + 1";
for = "5m";
labels.severity = "page";
annotations = {
summary = "{{ $labels.exported_server }} does not return Ok";
description = "{{ $labels.exported_server }} does not return Ok for more than 5 minutes";
};
}
{
alert = "CertificatExpires";
expr = ''x509_cert_expiry{issuer_common_name="R3"} < ${toString (60 * 60 * 24 * 5)}'';
for = "1d";
labels.severity = "page";
annotations = {
summary = "{{ $labels.san }} does Expire Soon";
description = "{{ $labels.san }} does expire in less than 5 days";
};
}
];
}
];
}))
];
}

6
nixos/machines/pepe/tinc.nix
View file

@ -1,6 +0,0 @@
{
tinc.private.enable = true;
tinc.private.ipv4 = "10.23.42.26";
}

28
nixos/machines/pepe/tts.nix
View file

@ -1,28 +0,0 @@
{ pkgs
, config
, ...
}: {
systemd.services.tts = {
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
path = [ pkgs.espeak ];
environment.HOME = "/var/lib/tts";
serviceConfig = {
StateDirectory = "tts";
DynamicUser = true;
User = "tts";
Group = "tts";
ExecStart = ''
${pkgs.tts}/bin/tts-server --model_name tts_models/en/ljspeech/vits --port 5004
'';
};
};
services.nginx = {
recommendedProxySettings = true;
enable = true;
virtualHosts."tts.pepe.private" = {
locations."/".proxyPass = "http://localhost:5004";
};
};
}

79
nixos/machines/pepe/wifi-access-point.nix
View file

@ -1,79 +0,0 @@
{ lib, pkgs, ... }:
let
# you find this device using `ifconfig -a` or `ip link`
wifi = "wlp0s26u1u2";
#wifi = "wlp3s0-ifb";
ipAddress = "10.23.45.1";
prefixLength = 24;
servedAddressRange = "10.23.45.2,10.23.45.150,12h";
ssid = "palosiot";
wifiPassword = lib.fileContents <secrets/iot_wifi>;
in
{
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];
networking.networkmanager.unmanaged = [ wifi ];
networking.dhcpcd.denyInterfaces = [ wifi ];
networking.interfaces."${wifi}".ipv4.addresses = [{
address = ipAddress;
prefixLength = prefixLength;
}];
systemd.services.hostapd = {
description = "hostapd wireless AP";
path = [ pkgs.hostapd ];
wantedBy = [ "network.target" ];
after = [
"${wifi}-cfg.service"
"nat.service"
"bind.service"
"dhcpd.service"
"sys-subsystem-net-devices-${wifi}.device"
];
serviceConfig = {
ExecStart = "${pkgs.hostapd}/bin/hostapd ${
pkgs.writeText "hostapd.conf" ''
interface=${wifi}
hw_mode=g
channel=10
ieee80211d=1
country_code=DE
ieee80211n=1
wmm_enabled=1
ssid=${ssid}
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=${wifiPassword}
''
}";
Restart = "always";
};
};
services.dnsmasq = {
enable = true;
extraConfig = ''
# Only listen to routers' LAN NIC. Doing so opens up tcp/udp port 53 to
# localhost and udp port 67 to world:
interface=${wifi}
# Explicitly specify the address to listen on
listen-address=${ipAddress}
# Dynamic range of IPs to make available to LAN PC and the lease time.
# Ideally set the lease time to 5m only at first to test everything works okay before you set long-lasting records.
dhcp-range=${servedAddressRange}
'';
};
}

30
nixos/machines/pepe/wireguard.nix
View file

@ -1,30 +0,0 @@
{ pkgs, config, ... }:
{
networking.firewall.trustedInterfaces = [ "wg0" ];
networking.firewall.allowedUDPPorts = [ 51820 ];
sops.secrets.wireguard_private = { };
# Enable WireGuard
networking.wg-quick.interfaces = {
# Hub and Spoke Setup
# https://www.procustodibus.com/blog/2020/11/wireguard-hub-and-spoke-config/
wg0 = {
address = [ "10.100.0.2/32" ];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
privateKeyFile = config.sops.secrets.wireguard_private.path;
mtu = 1280;
# server
peers = [
{
# robi
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
allowedIPs = [ "10.100.0.1/24" ];
endpoint = "ingolf-wagner.de:51820";
persistentKeepalive = 25;
}
];
};
};
}

64
nixos/machines/pepe/zigbee2mqtt.nix
View file

@ -1,64 +0,0 @@
{ pkgs, lib, config, private_assets, ... }:
{
imports = [ ./mqtt.nix ];
services.zigbee2mqtt = {
enable = true;
#package = pkgs.unstable.zigbee2mqtt.overrideAttrs (old: rec {
# version = "1.18.1";
# src = pkgs.fetchFromGitHub {
# owner = "Koenkk";
# repo = "zigbee2mqtt";
# rev = version;
# sha256 = "1x73k346ayik5hv5axa3nvmd82mgwyrpxqv3dxnffi8aa1r8pf8x";
# };
#});
settings = {
# Home Assistant integration (MQTT discovery)
homeassistant = true;
# allow new devices to join
permit_join = false;
# MQTT settings
mqtt = {
# MQTT base topic for zigbee2mqtt MQTT messages
base_topic = "zigbee2mqtt";
# MQTT server URL
server = "mqtt://127.0.0.1:1883";
# MQTT server authentication, uncomment if required:
user = "zigbee";
password = lib.fileContents "${private_assets}/zigbee/home-assistant-password";
};
# Serial settings
serial = {
#port = "/dev/ttyACM0";
port = "/dev/ttyUSB0";
# disable LED of CC2531 USB sniffer
#disable_led = true;
};
# you own network key,
# 16 numbers between 0 and 255
# see https://www.zigbee2mqtt.io/how_tos/how_to_secure_network.html
advanced = {
network_key = import "${private_assets}/zigbee/networkKey.nix";
log_output = [ "console" ];
log_level = "warn";
pan_id = 1337;
# add last seen information
last_seen = "ISO_8601_local";
};
# configure web ui
frontend.port = 9666;
frontend.host = "0.0.0.0";
experimental.new_api = true;
};
};
}

11
nixos/machines/sternchen/configuration.nix
View file

@ -24,12 +24,13 @@
components.network.enable = true; components.network.enable = true;
components.network.wifi.enable = true; components.network.wifi.enable = true;
components.mainUser.enable = true; components.mainUser.enable = true;
users.users.mainUser.extraGroups = [ "adbusers" "video" ]; users.users.mainUser.extraGroups = [ "adbusers" "video" ];
home-manager.users.mainUser.home.git-pull.enable = false; home-manager.users.mainUser.home.git-pull.enable = false;
users.users.mainUser.name = lib.mkForce "tina"; users.users.mainUser.name = lib.mkForce "tina";
users.users.mainUser.home = lib.mkForce "/home/tina"; users.users.mainUser.home = lib.mkForce "/home/tina";
#system.custom.wifi.interfaces = [ "wlp3s0" ]; services.browser.enable = false;
security.wrappers = { security.wrappers = {
pmount = { pmount = {
@ -54,12 +55,6 @@
#system.custom.suspend.enable = false; #system.custom.suspend.enable = false;
services.printing.enable = false; services.printing.enable = false;
# fonts
# -----
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
# system.custom.fonts.dpi = 100;
# for congress and streaming # for congress and streaming
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
@ -83,7 +78,7 @@
# stuff # stuff
# ----- # -----
custom.samba-share = { samba-share = {
enable = false; enable = false;
folders = { folders = {
share = "/home/share"; share = "/home/share";

6
nixos/machines/sternchen/packages.nix
View file

@ -1,9 +1,5 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
# overlay included
#nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ];
programs.custom.browser.enable = false;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
spotify spotify
@ -48,7 +44,7 @@
gwenview gwenview
skanlite skanlite
unstable.tor-browser-bundle-bin #unstable.tor-browser-bundle-bin
#(tor-browser-bundle-bin.overrideAttrs (old: rec { #(tor-browser-bundle-bin.overrideAttrs (old: rec {
# version = "11.0.1"; # version = "11.0.1";
# name = "tor-browser-bundle-${version}"; # name = "tor-browser-bundle-${version}";

17
nixos/machines/sterni/configuration.nix
View file

@ -48,13 +48,9 @@
}; };
}; };
# still needed?
home-manager.users.mainUser.home.stateVersion = "22.11"; home-manager.users.mainUser.home.stateVersion = "22.11";
# fonts
# -----
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
podman.enable = true; podman.enable = true;
@ -68,7 +64,7 @@
services.xserver.desktopManager.gnome.enable = true; services.xserver.desktopManager.gnome.enable = true;
custom.samba-share = { samba-share = {
enable = false; enable = false;
folders = { folders = {
share = "/home/share"; share = "/home/share";
@ -76,18 +72,9 @@
}; };
}; };
# enable this to use sidequest
# programs.adb.enable = false;
# for congress and streaming # for congress and streaming
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
# extraPackages = [
# intel-media-driver # LIBVA_DRIVER_NAME=iHD
# vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
# vaapiVdpau
# libvdpau-va-gl
# ];
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
}; };

4
nixos/modules/programs/browser.nix → nixos/modules/browser.nix
View file

@ -6,7 +6,7 @@ with lib;
let let
cfg = config.programs.custom.browser; cfg = config.services.browser;
chromiumBin = "${pkgs.chromium}/bin/chromium"; chromiumBin = "${pkgs.chromium}/bin/chromium";
chromeBin = "${pkgs.google-chrome}/bin/google-chrome-stable"; chromeBin = "${pkgs.google-chrome}/bin/google-chrome-stable";
@ -195,7 +195,7 @@ let
in in
{ {
options.programs.custom.browser = { options.services.browser = {
enable = mkEnableOption "enable browsers"; enable = mkEnableOption "enable browsers";
# todo : it's not a list # todo : it's not a list
configList = mkOption { configList = mkOption {

6
nixos/modules/services/castget.nix → nixos/modules/castget.nix
View file

@ -2,12 +2,12 @@
with lib; with lib;
with types; with types;
let let
cfg = config.custom.services.castget; cfg = config.services.castget;
in in
{ {
options.custom.services.castget = { options.services.castget = {
enable = mkEnableOption "enable custom.services.castget"; enable = mkEnableOption "enable services.castget";
feeds = mkOption { feeds = mkOption {
type = attrsOf (submodule { type = attrsOf (submodule {
options = { options = {

39
nixos/modules/default.nix
View file

@ -1,38 +1,11 @@
{ {
imports = [ imports = [
./castget.nix
./services/light-control.nix ./rbackup.nix
./samba-share.nix
./services/castget.nix ./taskwarrior-pushover.nix
./services/rbackup.nix ./taskwarrior-autotag.nix
#./services/home-assistant.nix ./browser.nix
#./services/lektor.nix
./services/samba-share.nix
#./services/videoencoder.nix
./services/taskwarrior-pushover.nix
./services/taskwarrior-autotag.nix
./programs/browser.nix
#./programs/citate.nix
./programs/curl-scripts.nix
#./programs/easytag.nix
#./programs/elm.nix
#./programs/espeak.nix
#./programs/ffmpeg.nix
#./programs/slack.nix
./programs/steam.nix
#./programs/taskwarrior.nix
./programs/urxvt.nix
#./programs/video.nix
#./programs/vim.nix
./programs/xterm.nix
#./system/audio.nix
#./system/bluetooth.nix
#./system/font.nix
#./system/mainUser.nix
./system/on-failure.nix
]; ];
} }

43
nixos/modules/programs/citate.nix
View file

@ -1,43 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.custom.citate;
library = import ../../library { inherit pkgs lib; };
xdotool = "${pkgs.xdotool}/bin/xdotool";
dmenu = "${pkgs.dmenu}/bin/dmenu";
citateScript = file: suffix:
pkgs.writeShellScriptBin "citate-${suffix}" ''
${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )"
'';
scriptAxel = citateScript (toString ../../assets/sprueche-axel) "axel";
scriptSiw = citateScript (toString ../../assets/sprueche-siw) "siw";
in
{
options.programs.custom.citate = {
enable = mkEnableOption "enable programs.custom.citate";
};
config = mkIf cfg.enable {
environment.systemPackages = [
scriptAxel
(library.desktopFile scriptAxel {
longName = "Citate Axel";
command = "citate-axel";
})
scriptSiw
(library.desktopFile scriptSiw {
longName = "Citate Sinnlos im Weltall";
command = "citate-siw";
})
];
};
}

32
nixos/modules/programs/curl-scripts.nix
View file

@ -1,32 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
weatherScript = pkgs.writeShellScriptBin "weather" ''
${pkgs.curl}/bin/curl wttr.in/Berlin
'';
qrCodeScript = pkgs.writeShellScriptBin "qrCode" ''
${pkgs.qrencode}/bin/qrencode -t ANSI -o - "$@"
'';
cheatSheetScript = pkgs.writeShellScriptBin "cheatsheet" ''
${pkgs.curl}/bin/curl "cheat.sh/$1"
'';
cfg = config.programs.custom.curlScripts;
in
{
options.programs.custom.curlScripts.enable =
mkEnableOption "enable curl scripts";
config = mkIf cfg.enable {
environment.systemPackages =
[ weatherScript qrCodeScript cheatSheetScript pkgs.qrencode ];
};
}

51
nixos/modules/programs/espeak.nix
View file

@ -1,51 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
espeak = pkgs.unstable.espeak;
# can't use bash aliases because programms will not pic it up
en_espeak = pkgs.writeShellScriptBin "en-speak" ''
exec ${espeak}/bin/espeak \
-v en\
-s 145 \
-p 23 \
"$@"
'';
# read from copyq
en_read = pkgs.writeShellScriptBin "en-read" ''
exec ${pkgs.copyq}/bin/copyq read 0 | ${en_espeak}/bin/en-speak
'';
# can't use bash aliases because programms will not pic it up
de_espeak = pkgs.writeShellScriptBin "de-speak" ''
exec ${espeak}/bin/espeak \
-v de\
-s 143 \
-p 20 \
"$@"
'';
# read from copyq
de_read = pkgs.writeShellScriptBin "de-read" ''
exec ${pkgs.copyq}/bin/copyq read 0 | ${de_espeak}/bin/de-speak
'';
cfg = config.programs.custom.espeak;
in
{
options.programs.custom.espeak.enable =
mkEnableOption "enable espeak scripts";
config = mkIf cfg.enable {
environment.systemPackages = [ espeak en_espeak en_read de_espeak de_read ];
};
}

53
nixos/modules/programs/steam.nix
View file

@ -1,53 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
# steam
# -------
# Don't forget to run 'xhost +' with your user
# to make sure the browser user can write to X
let
bin = pkgs.writeShellScriptBin "steam" ''
/var/run/wrappers/bin/sudo -u steam -i ${pkgs.steam}/bin/steam $@
'';
cfg = config.programs.custom.steam;
in
{
options.programs.custom.steam.enable = mkEnableOption "enable steam";
config = mkIf cfg.enable {
environment.systemPackages = [
bin
pkgs.xorg.xhost
# to use xbox controllers
pkgs.xboxdrv
];
users.users.steam = {
isNormalUser = false;
isSystemUser = true;
home = "/home/steam";
createHome = true;
extraGroups = [ "audio" "input" "video" "pipewire" ];
group = "steam";
shell = pkgs.bashInteractive;
};
users.groups.steam = { };
# for steam
# ---------
hardware.opengl.driSupport = true;
hardware.opengl.driSupport32Bit = true;
security.sudo.extraConfig = ''
${config.users.extraUsers.mainUser.name} ALL=(steam) NOPASSWD: ALL
'';
};
}

204
nixos/modules/programs/urxvt.nix
View file

@ -1,204 +0,0 @@
{ config, pkgs, lib, ... }:
# find all URXVT parameters with
# urxvt --help 2>&1| sed -n '/: /s/^ */! URxvt*/gp' | les
with lib;
let
cfg = config.programs.custom.urxvt;
in
{
options.programs.custom.urxvt = {
enable = mkEnableOption "configure and enable urxvt";
fontType = mkOption {
type = types.enum [ "bitmap" "vector" ];
default = "bitmap";
};
fontSize = mkOption {
type = types.int;
default = 17;
description = ''
size of the terminal font
'';
};
colorTheme = mkOption {
type = types.enum [ "dark" "light" ];
default = "dark";
description = ''
solarized color theme
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.rxvt_unicode ];
environment.etc = {
"X11/Xresource.d/urxvt".source = pkgs.writeText "Xresource-urxvt" ''
!! Perl extensions
!! ---------------
URxvt.perl-ext-common: default,matcher,selection-to-clipboard
! Urgency
URxvt.urgentOnBell: true
!! Highlight URLs
!! --------------
URxvt.url-launcher: /run/current-system/sw/bin/browser-select
URxvt.matcher.button: 1
!! History
!! -------
URxvt.scrollStyle: rxvt
URxvt.scrollBar: false
URxvt.saveLines: 1000000
!! Color Configuration
!! -------------------
!! do not graded out unselected shells
!! -----------------------------------
URxvt.fading: 0
!! copy on select
!! --------------
URxvt.clipboard.autocopy: true
'';
"X11/Xresource.d/urxvt-font".source =
let
bitmapPart =
let
# use xfontsel or fontmatrix to choose line
fontFamily = "terminus";
normalFont = fontSize:
"-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize:
"-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont;
itallicBoldFont = boldFont;
in
''
URxvt.font: ${normalFont cfg.fontSize}
URxvt.boldFont: ${boldFont cfg.fontSize}
URxvt.italicFont: ${italicFont cfg.fontSize}
URxvt.bolditalicFont: ${itallicBoldFont cfg.fontSize}
'';
vectorPart =
let
# show available fonts = `fc-list`
backupFont = fontSize: style:
#"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
"xft:JetBrains Mono:pixelsize=${toString fontSize}${optionalString (style != null) ",style:${style}"}";
in
''
URxvt.font: ${backupFont cfg.fontSize null}
URxvt.boldFont: ${backupFont cfg.fontSize "Bold"}
URxvt.italicFont: ${backupFont cfg.fontSize "Italic"}
URxvt.bolditalicFont: ${backupFont cfg.fontSize "Bold Italic"}
'';
in
pkgs.writeText "Xresource-urxvt-font" ''
URxvt.allow_bold: true
URxvt.xftAntialias: true
${optionalString (cfg.fontType == "bitmap") bitmapPart}
${optionalString (cfg.fontType == "vector") vectorPart}
'';
"X11/Xresource.d/urxvt-colors".source =
let
colorTheme =
if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
#define S_base00 #657b83
#define S_base0 #839496
#define S_base1 #93a1a1
#define S_base2 #eee8d5
#define S_base3 #fdf6e3
'' else ''
#define S_base03 #fdf6e3
#define S_base02 #eee8d5
#define S_base01 #93a1a1
#define S_base00 #839496
#define S_base0 #657b83
#define S_base1 #586e75
#define S_base2 #073642
#define S_base3 #002b36
'';
in
pkgs.writeText "Xresource-urxvt-colors" ''
!! Common
!! ------
#define S_yellow #b58900
#define S_orange #cb4b16
#define S_red #dc322f
#define S_magenta #d33682
#define S_violet #6c71c4
#define S_blue #268bd2
#define S_cyan #2aa198
#define S_green #859900
!! ColorTheme
!! ----------
${colorTheme}
URxvt*background: S_base03
URxvt*foreground: S_base0
URxvt*fading: 40
URxvt*fadeColor: S_base03
URxvt*cursorColor: S_base1
URxvt*pointerColorBackground: S_base01
URxvt*pointerColorForeground: S_base1
URxvt*color0: S_base02
URxvt*color1: S_red
URxvt*color2: S_green
URxvt*color3: S_yellow
URxvt*color4: S_blue
URxvt*color5: S_magenta
URxvt*color6: S_cyan
URxvt*color7: S_base2
URxvt*color9: S_orange
URxvt*color8: S_base03
URxvt*color10: S_base01
URxvt*color11: S_base00
URxvt*color12: S_base0
URxvt*color13: S_violet
URxvt*color14: S_base1
URxvt*color15: S_base3
!! fix tasksh gray6 : https://github.com/GothenburgBitFactory/libshared/blob/f1a3cd6bfabfb083fe3c26f580a15c0d60a92ee9/src/Color.cpp#L179
URxvt*color232: S_base03
URxvt*color233: S_base03
URxvt*color234: S_base03
URxvt*color235: S_base03
URxvt*color236: S_base03
URxvt*color237: S_base03
URxvt*color238: S_base03
URxvt*color239: S_base03
URxvt*color240: S_base03
URxvt*color241: S_base03
URxvt*color242: S_base03
'';
};
};
}

107
nixos/modules/programs/video.nix
View file

@ -1,107 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
# Lassulus streaming setup
# -------------------------
# ffmpeg \
# -f pulse \
# -i default \
# -vaapi_device /dev/dri/renderD128 \
# -f x11grab \
# -video_size 1366x768 \
# -i :0 \
# -vf 'hwupload,scale_vaapi=format=nv12' \
# -c:v h264_vaapi \
# -c:a aac \
# -b:a 96k \
# -af "highpass=f=200, lowpass=f=3000" \
# -qp 30 \
# -f flv \
# rtmp://lassul.us:1935/stream/nixos \
# ./rc3-output-$(date +%d%H%M%S).mp4
#
# Dann abspielen mit :
# mpv rtmp://lassul.us:1935/stream/nixos
cfg = config.programs.custom.video;
# show keyboard input on desktop for screencasts
screenKey = pkgs.symlinkJoin {
name = "screen-keys";
paths =
let
screenKeyScript = { position ? "bottom", size ? "small", ... }:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
''
${pkgs.screenkey}/bin/screenkey \
--no-detach \
--bg-color '#fdf6e3' \
--font-color '#073642' \
-p ${position} \
-s ${size} \
"$@"
'';
in
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
lib.flip map [ "top" "center" "bottom" ]
(position: screenKeyScript { inherit size position; })));
};
mpvReview =
let
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
delete = moveToDir "D" "./.graveyard";
good = moveToDir "G" "./.good";
in
pkgs.writers.writeDashBin "mpv-review" ''
exec ${pkgs.mpv}/bin/mpv --no-config --script=${delete} --script=${good} "$@"
'';
in
{
options.programs.custom.video.enable = mkEnableOption "enable video tools";
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
unstable.youtube-dl
unstable.yt-dlp
mplayer
mpv
mpvReview
# to record your screen
# ---------------------
simplescreenrecorder
screenKey
# to transcode video material
# ---------------------------
handbrake
ffmpeg-full
# video editing
# -------------
openshot-qt
];
};
}

157
nixos/modules/programs/xterm.nix
View file

@ -1,157 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.programs.custom.xterm;
in
{
options.programs.custom.xterm = {
enable = mkEnableOption "configure and enable urxvt";
fontSize = mkOption {
type = types.int;
default = 17;
description = ''
size of the terminal font
'';
};
colorTheme = mkOption {
type = types.enum [ "dark" "light" ];
default = "dark";
description = ''
solarized color theme
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.xterm ];
environment.etc = {
"X11/Xresource.d/xterm".source = pkgs.writeText "Xresource-xterm" ''
XTerm*termName: xterm-256color
XTerm*selectToClipboard: true
XTerm.*.bellIsUrgent: true
'';
"X11/Xresource.d/xterm-font".source =
let
fontFamily = "terminus";
normalFont = fontSize:
"-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
boldFont = fontSize:
"-*-${fontFamily}-bold-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
italicFont = normalFont;
itallicBoldFont = boldFont;
backupFont = fontSize:
"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
in
pkgs.writeText "Xresource-xterm-font" ''
XTerm.allow_bold: true
XTerm.xftAntialias: true
!! use xfontsel or fontmatrix to choose line
!XTerm.*.font: ${normalFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.boldFont: ${boldFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.italicFont: ${italicFont cfg.fontSize},${
backupFont cfg.fontSize
}
!XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize},${
backupFont cfg.fontSize
}
XTerm.*.font: ${normalFont cfg.fontSize}
XTerm.*.boldFont: ${boldFont cfg.fontSize}
XTerm.*.italicFont: ${italicFont cfg.fontSize}
XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize}
'';
"X11/Xresource.d/xterm-colors".source =
let
colorTheme =
if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
#define S_base00 #657b83
#define S_base0 #839496
#define S_base1 #93a1a1
#define S_base2 #eee8d5
#define S_base3 #fdf6e3
'' else ''
#define S_base03 #fdf6e3
#define S_base02 #eee8d5
#define S_base01 #93a1a1
#define S_base00 #839496
#define S_base0 #657b83
#define S_base1 #586e75
#define S_base2 #073642
#define S_base3 #002b36
'';
in
pkgs.writeText "Xresource-xterm-colors" ''
!! Color Configuration
!! -------------------
!! Common
!! ------
#define S_yellow #b58900
#define S_orange #cb4b16
#define S_red #dc322f
#define S_magenta #d33682
#define S_violet #6c71c4
#define S_blue #268bd2
#define S_cyan #2aa198
#define S_green #859900
!! ColorTheme
!! ----------
${colorTheme}
XTerm*background: S_base03
XTerm*foreground: S_base0
XTerm*fading: 40
XTerm*fadeColor: S_base03
XTerm*cursorColor: S_base1
XTerm*pointerColorBackground: S_base01
XTerm*pointerColorForeground: S_base1
XTerm*color0: S_base02
XTerm*color1: S_red
XTerm*color2: S_green
XTerm*color3: S_yellow
XTerm*color4: S_blue
XTerm*color5: S_magenta
XTerm*color6: S_cyan
XTerm*color7: S_base2
XTerm*color9: S_orange
XTerm*color8: S_base03
XTerm*color10: S_base01
XTerm*color11: S_base00
XTerm*color12: S_base0
XTerm*color13: S_violet
XTerm*color14: S_base1
XTerm*color15: S_base3
'';
};
};
}

0
nixos/modules/services/rbackup.nix → nixos/modules/rbackup.nix
View file

6
nixos/modules/services/samba-share.nix → nixos/modules/samba-share.nix
View file

@ -3,13 +3,13 @@
with lib; with lib;
with types; with types;
let let
cfg = config.custom.samba-share; cfg = config.samba-share;
in in
{ {
options.custom.samba-share = { options.samba-share = {
openPorts = mkEnableOption "open samba ports everywher"; openPorts = mkEnableOption "open samba ports everywher";
enable = mkEnableOption "enable custom.samba-share"; enable = mkEnableOption "enable samba-share";
enableWSDD = mkEnableOption "enable services.samba-wsdd.enable"; enableWSDD = mkEnableOption "enable services.samba-wsdd.enable";
guestUser = mkOption { guestUser = mkOption {
default = "media"; default = "media";

40
nixos/modules/services/home-assistant.nix
View file

@ -1,40 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.homeAssistantConfig;
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, ... }:
mkOption {
inherit example description default;
type = with lib.types;
let
valueType = nullOr
(oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "";
emptyValue.value = { };
};
in
valueType;
};
in
{
options.services.homeAssistantConfig = mkMagicMergeOption {
description = ''
home-assistant configuration
'';
};
config = mkIf (cfg != null) { services.home-assistant.config = cfg; };
}

183
nixos/modules/services/lektor.nix
View file

@ -1,183 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.lektor;
in
{
options.services.lektor = {
enable = mkEnableOption "enable services.lektor";
user = mkOption {
default = "lektor";
type = with types; str;
description = ''
name of the lektor service
'';
};
home = mkOption {
default = "/home/${cfg.user}";
type = with types; str;
description = ''
home of the service
'';
};
repository = mkOption {
type = with types; str;
description = ''
Repository to get the lektor project from.
'';
example = "git@github.com:lektor/lektor-website.git";
};
bind = mkOption {
default = "0.0.0.0";
type = with types; str;
description = ''
Host to bind the lektor service to.
'';
};
serviceName = mkOption {
default = "lektor";
type = with types; str;
description = ''
name of the system service (without the .service suffix)
'';
};
port = mkOption {
default = 5000;
type = with types; int;
description = ''
Port to bind the lektor service to.
'';
};
additionalScript = mkOption {
default = null;
type = with types; nullOr path;
description = ''
A script you can us as a hook before the lektor server start
(for example to creat your css or javascript files)
'';
example = pkgs.writeShellScript "build" ''
${pkgs.nix}/bin/nix-shell --run build";
'';
};
#sshMatchBlocks = mkOption {
# default = [];
# type = with types; listOf attrs;
# description = ''
# a matchBlock from home-manager.users.<name>.programs.ssh.matchBlocks;
# '';
#};
host = mkOption {
type = with types; str;
description = ''
ssh host to pull from and push to
'';
};
sshKey = mkOption {
type = with types; str;
description = ''
todo : avoid this, or make sure the home folder is crypted
Warning the key will be copied into the home folder of the user
ssh key to use
'';
};
};
config = mkIf cfg.enable {
# create User
users.users."${cfg.user}" = {
home = cfg.home;
createHome = true;
isSystemUser = true;
};
# create systemd service to start service
systemd.services."${cfg.serviceName}" = {
enable = true;
wantedBy = [ "multi-user.target" ];
environment.NIX_PATH = config.environment.variables.NIX_PATH;
serviceConfig = {
User = cfg.user;
# todo : this is not working properly
TimeoutStartSec =
"infinity"; # it might take some time will this thing is up
ExecStartPre =
let
sshKeyTarget = "/run/keys.lektor/id_rsa";
sshConfig = pkgs.writeText "sshconfig" ''
Host ${cfg.host}
IdentityFile ${sshKeyTarget}
Host *
ForwardAgent no
Compression no
ServerAliveInterval 0
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no
'';
sshKeyScript = pkgs.writers.writeDash "keyfile-gen" # sh
''
set -x
# setup ~/.ssh
mkdir -p ${cfg.home}/.ssh
chown ${cfg.user} ${cfg.home}/.ssh
chmod 700 ${cfg.home}/.ssh
cp ${sshConfig} ${cfg.home}/.ssh/config
chown ${cfg.user} ${cfg.home}/.ssh/config
chmod 500 ${cfg.home}/.ssh/config
mkdir -p ${dirOf sshKeyTarget}
chmod 700 ${dirOf sshKeyTarget}
chown ${cfg.user} ${dirOf sshKeyTarget}
cp ${toString cfg.sshKey} ${sshKeyTarget}
chown ${cfg.user} ${sshKeyTarget}
chmod 500 ${sshKeyTarget}
'';
cloneScript = pkgs.writers.writeDash "clone" # sh
''
set -x
if [[ `ls ~/${cfg.user} | wc -l` == 0 ]]
then
rm ~/${cfg.user}
fi
${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user}
'';
in
[ "+${sshKeyScript}" "-${cloneScript}" ];
};
# todo : add restart ruling
script = # sh
''
cd ~/${cfg.user} && \
${pkgs.git}/bin/git pull && \
${
optionalString (cfg.additionalScript != null)
"${cfg.additionalScript} &&"
} \
${pkgs.python36Packages.lektor}/bin/lektor server \
--host ${cfg.bind} \
--port ${toString cfg.port}
'';
};
};
}

55
nixos/modules/services/light-control.nix
View file

@ -1,55 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.mqtt.light-control;
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, ... }:
mkOption {
inherit example description default;
type = with lib.types;
let
valueType = nullOr
(oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "";
emptyValue.value = { };
};
in
valueType;
};
lightControlConfig =
pkgs.writeText "light-control.json" (builtins.toJSON cfg.config);
in
{
options.services.mqtt.light-control = {
enable = mkEnableOption "enable mqtt.light-control";
loglevel = mkOption {
default = "info";
type = with types; enum [ "info" "trace" "debug" "error" "warning" ];
};
config =
mkMagicMergeOption { description = "configuration of light-control"; };
};
config = mkIf cfg.enable {
systemd.services."light-control" = {
wantedBy = [ "multi-user.target" ];
environment = { RUST_LOG = "light_control=${cfg.loglevel}"; };
script = ''
${pkgs.light-control}/bin/light-control ${lightControlConfig}
'';
};
};
}

111
nixos/modules/services/videoencoder.nix
View file

@ -1,111 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.service.videoencoder;
# todo : escape output and input File
createEncoder = tmpFolder: inputFile: outputFile: # sh
''
mkdir -p ${tmpFolder}
rm -rf ${tmpFolder}/*
TMP_FILE=`mktemp --dry-run ${tmpFolder}/XXXXXXXX.${cfg.format}`
if [ ! -f "${outputFile}" ]
then
${pkgs.ffmpeg}/bin/ffmpeg \
-i "${inputFile}" \
-filter:v scale=h='min(720\,ih)':w='min(1280\,iw)' \
-vcodec libx264 \
-preset veryslow \
-profile:v ${cfg.profile} \
${optionalString (cfg.tune != null) "-tune ${cfg.tune}"} \
-acodec aac \
"$TMP_FILE" \
-hide_banner \
&& cp $TMP_FILE "${outputFile}.${cfg.format}" \
&& rm $TMP_FILE
fi
'';
in
{
options.service.videoencoder = {
enable = mkEnableOption "enable service.videoencoder";
profile = mkOption {
type = with types; string;
default = "main";
description = ''
-profile:v
'';
};
tune = mkOption {
type = with types;
nullOr (enum [ "film" "animation" "grain" "stillimage" ]);
default = null;
description = ''
-tune
'';
};
format = mkOption {
type = with types; enum [ "mp4" "mkv" ];
default = "mp4";
description = ''
the format
'';
};
fileConfig = mkOption {
type = with types;
listOf (submodule {
options = {
inputFile = mkOption {
# todo make this path
type = with types; string;
description = ''
full path to the inputFile
'';
};
outputFile = mkOption {
type = with types; string;
description = ''
full path to the ouputFile
folder must exist
'';
};
};
});
description = ''
list of files to encode.
'';
};
};
config = mkIf cfg.enable {
systemd.services."videoEncoding" = {
wantedBy = [ "multi-user.target" ];
enable = true;
script =
let
myList = map
(value:
createEncoder "/tmp/videoencoder" value.inputFile value.outputFile)
cfg.fileConfig;
in
''
set -x
${concatStringsSep "\n" myList}
'';
};
};
}

160
nixos/modules/system/audio.nix
View file

@ -1,160 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa";
jackScript =
pkgs.writeShellScriptBin "jack" (lib.fileContents ../../assets/jack.sh);
queueElement = {
options = {
plugin = mkOption {
type = with types; str;
description = "file name without suffix of the plugin";
};
label = mkOption {
type = with types; str;
description = "label of the queue element (needs to be correct)";
};
control = mkOption {
type = with types; listOf str;
description = "parameter of plugin";
};
};
};
sinkElement = {
options = {
name = mkOption {
type = with types; str;
description = "name of the sink";
};
queue = mkOption {
type = with types; listOf (submodule queueElement);
description = "queues";
};
};
};
cfg = config.system.custom.audio;
in
{
options.system.custom.audio = {
enable = mkEnableOption "use PluseAudio";
sinks = mkOption {
type = with types; listOf (submodule sinkElement);
description = "list of sinks";
};
};
config = mkIf cfg.enable {
# add virtual midi module
# -----------------------
#boot = {
# # to route midi signals
# # between bitwig and vcvrack
# kernelModules = [ "snd_virmidi" ];
# # index=-2 prevents from beeing recognised as the default
# # audio device
# # midi_devs limit the number of midi devices.
# extraModprobeConfig = "options snd-virmidi index=-2 midi_devs=1";
#};
# LADSPA
# ------
programs.bash.interactiveShellInit = # sh
''
# set ladspa library path
# about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath}
'';
programs.zsh.interactiveShellInit = # sh
''
# set ladspa library path
# about testing the plugins check analyseplugin command
export LADSPA_PATH=${ladspaPath}
'';
# PulseAudio
# ----------
# because of systemWide ensure main user is in audio group
system.custom.mainUser.extraGroups = [ "audio" "pipewire" ];
# todo use pipewire for this
hardware.pulseaudio = {
enable = false;
package = pkgs.pulseaudioFull;
# all in audio group can do audio
systemWide = false;
extraConfig = ''
# automatically switch to newly-connected devices
load-module module-switch-on-connect
# http://plugin.org.uk/ladspa-swh/docs/ladspa-swh.html
# https://gavv.github.io/articles/pulseaudio-under-the-hood/#ladspa-plugin-sink
${builtins.toString (flip map cfg.sinks (sink: ''
# ladspa sink : ${sink.name}
# -------------
${builtins.toString (flip imap0 (reverseList sink.queue)
(index: queua:
let
sinkName = suffix: "${sink.name}${builtins.toString suffix}";
sinkValue = "sink_name=${sinkName index}";
sinkDescription = "sink_properties=device.description=${
sinkName index
}-${queua.label}";
masterValue = if (index == 0) then
""
else
"sink_master=${sinkName (index - 1)}";
pluginValue = "plugin=${ladspaPath}/${queua.plugin}";
labelValue = "label=${queua.label}";
controlValue = "control=${
builtins.toString
(foldl (a: b: "${a},${b}") (head queua.control)
(tail queua.control))
}";
in ''
# ${sinkName index} : ${queua.label}
load-module module-ladspa-sink ${sinkValue} ${sinkDescription} ${masterValue} ${pluginValue} ${labelValue} ${controlValue}
''))}
''))}
'';
};
# Packages needed
# ---------------
environment.systemPackages = with pkgs; [
# Music making
# ------------
#jackScript
#jack2Full
#patchage
#zynaddsubfx
#qjackctl
alsaUtils
# LADSPA
# ------
ladspaPlugins
ladspa-sdk
# PulseAudio control
# ------------------
pavucontrol
lxqt.pavucontrol-qt
];
};
}

35
nixos/modules/system/bluetooth.nix
View file

@ -1,35 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.system.custom.bluetooth;
in
{
options.system.custom.bluetooth.enable =
lib.mkEnableOption "enable bluetooth support";
config = lib.mkIf cfg.enable {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings.General.AutoConnect = true;
};
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
# bluetooth audio
# ---------------
# todo : check if pulseaudio is enabled
bluez
bluez-tools
];
};
}

74
nixos/modules/system/font.nix
View file

@ -1,74 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.system.custom.fonts;
in
{
options.system.custom.fonts = {
enable = mkEnableOption "enable fonts";
size = mkOption {
type = types.int;
default = 17;
description = ''
size of the font
'';
};
};
# You can put your private ttf fonts into
# in $XDG_DATA_HOME/fonts, which for most users will resolve to ~/.local/share/fonts
# see https://nixos.wiki/wiki/Fonts
config = mkIf cfg.enable {
# only set this on x220 to 141, if resolution is shit.
#services.xserver.dpi = cfg.dpi;
fonts = {
enableDefaultFonts = true;
enableGhostscriptFonts = true;
fontDir.enable = true;
# todo brauch ich überhaupt die urxvt und xterm configurationen?
#fontconfig = {
# subpixel = {
# lcdfilter = "default";
# rgba = "rgb";
# };
# hinting = {
# enable = true;
# autohint = false;
# };
# enable = true;
# antialias = true;
# defaultFonts = { monospace = [ "JetBrains Mono" ]; };
#};
# fonts = with pkgs; [
# corefonts
# hasklig
# inconsolata
# source-code-pro
# symbola
# ubuntu_font_family
# # symbol fonts
# # ------------
# nerdfonts
# powerline-fonts
# font-awesome
# fira-code-symbols
# jetbrains-mono
# # shell font
# # ----------
# terminus_font
# gohufont
# ];
};
};
}

66
nixos/modules/system/on-failure.nix
View file

@ -1,66 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.on-failure;
api = {
enable = mkEnableOption "krebs.on-failure" // {
default = cfg.plans != { };
};
url = mkOption {
type = types.str;
description = "url on where to send the message to";
};
plans = mkOption {
default = { };
type = with types;
attrsOf (submodule ({ config, ... }: {
options = {
enable = mkEnableOption "on-failure.${config.name}" // {
default = true;
};
name = mkOption {
type = types.str;
default = config._module.args.name;
description = "Name of the to-be-monitored service.";
};
};
}));
};
};
enabled-plans = filter (getAttr "enable") (attrValues cfg.plans);
to-services = plan: {
"${plan.name}".unitConfig.OnFailure = "on-failure.${plan.name}.service";
"on-failure.${plan.name}".serviceConfig = rec {
ExecStart = mattermostStart plan;
SyslogIdentifier = ExecStart.name;
Type = "oneshot";
};
};
# todo this output must be better
mattermostStart = plan:
pkgs.writers.writeDash "on-failure.${plan.name}" ''
${pkgs.curl}/bin/curl \
--include \
--request POST \
--data-urlencode \
'payload={"text": "<!channel> :fire: Service Failed ${plan.name} on ${config.networking.hostName}"}' \
${cfg.url}
'';
in
{
options.on-failure = api;
config = lib.mkIf cfg.enable {
systemd.services = foldl (a: b: a // b) { } (map to-services enabled-plans);
};
}

91
nixos/modules/system/wifi.nix
View file

@ -1,91 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.system.custom.wifi;
in
{
options.system.custom.wifi = {
enable = mkEnableOption "enable wifi";
system = mkOption {
default = "wpa_supplicant";
type = with types; enum [ "wpa_supplicant" "networkmanager" ];
};
configurationFile = mkOption {
default = null;
type = with types; nullOr path;
description = ''
the target of /etc/wpa_supplicant.conf
'';
};
interfaces = mkOption {
type = with types; listOf string;
default = [ ];
description = ''
list of interfaces to take care of,
if empty it will test all interfaces
'';
};
};
config = mkMerge [
(mkIf (cfg.enable && cfg.system == "wpa_supplicant") {
networking.wireless.enable = true;
networking.wireless.interfaces = cfg.interfaces;
})
(mkIf (cfg.enable && cfg.system == "networkmanager") {
networking.networkmanager.enable = true;
networking.networkmanager.wifi.powersave = true;
networking.networkmanager.extraConfig = ''
# The number of times a connection activation should be automatically tried
# before switching to another one. This value applies only to connections
# that can auto-connect and have a connection. autoconnect-retries property set to -1.
# If not specified, connections will be tried 4 times.
# Setting this value to 1 means to try activation once, without retry.
autoconnect-retries-default=999
'';
})
(mkIf (cfg.enable && cfg.configurationFile != null) {
environment.etc."wpa_supplicant.conf".source = cfg.configurationFile;
})
(mkIf cfg.enable {
networking.dhcpcd.allowInterfaces = cfg.interfaces;
networking.usePredictableInterfaceNames = true;
hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing.
systemd.services.systemd-networkd-wait-online.enable = false;
systemd.services.NetworkManager-wait-online.enable = false;
environment.systemPackages = [
(pkgs.writeShellScriptBin "scan-wifi" ''
# todo : use column to make a nice view
${pkgs.wirelesstools}/bin/iwlist scan | \
grep -v "Interface doesn't support scanning" | \
sed -e '/^\s*$/d' | \
grep -e "ESSID" -e "Encrypt" | \
sed -e "s/Encryption key:on/encrypted/g" | \
sed -e "s/Encryption key:off/open/g" | \
sed -e "s/ESSID://g" | \
xargs -L 2 printf "%9s - '%s'\n"
'')
];
})
];
}

0
nixos/modules/services/taskwarrior-autotag.nix → nixos/modules/taskwarrior-autotag.nix
View file

0
nixos/modules/services/taskwarrior-pushover.nix → nixos/modules/taskwarrior-pushover.nix
View file

24
nixos/system/desktop/default.nix
View file

@ -11,20 +11,16 @@
"${config.users.users.mainUser.home}/.vit" "${config.users.users.mainUser.home}/.vit"
]; ];
programs.custom = { #programs.custom = {
# urxvt = {
urxvt = { # enable = true;
enable = true; # colorTheme = "light";
colorTheme = "light"; # };
}; # xterm = {
xterm = { # enable = true;
enable = true; # colorTheme = "light";
colorTheme = "light"; # };
}; #};
curlScripts.enable = true;
};
services.urxvtd.enable = true; services.urxvtd.enable = true;