palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
Ingolf Wagner 2024-08-29 08:26:04 +07:00
parent 200063fcb1
commit 7a6510a4e6
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
196 changed files with 3111 additions and 1771 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.forgejo/workflows/nix_build.yaml
View file

@ -1,18 +1,15 @@
name: Build all NixOS Configurations
on:
push:
branches:
- "**"
schedule:
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs:
nix build:
runs-on: native
steps:
- uses: actions/checkout@v4
- name: update nix flakes
if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes
@ -30,7 +27,6 @@ jobs:
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes
run: |
@ -48,22 +44,16 @@ jobs:
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
- name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push
if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch

7
components/chaospott.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{

1
components/default.nix
View file

@ -14,5 +14,4 @@
./yubikey.nix
];
}

7
components/gui/audio.nix
View file

@ -1,5 +1,10 @@
# TODO test `alsactl init` after suspend to reinit mic
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.gui.audio.enable = mkOption {

7
components/gui/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
{
options.components.gui = {

7
components/gui/home-manager/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
{

25
components/gui/kmonad.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
options.components.gui.kmonad.enable = lib.mkOption {
@ -79,9 +84,21 @@
in
{
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
"lctl"
"lmet"
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
};
};
};

7
components/gui/noti.nix
View file

@ -1,6 +1,11 @@
# notify me when a command is finished
# todo : secret managment is shit
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.noti.enable = mkOption {

14
components/gui/pass.nix
View file

@ -1,11 +1,17 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
# desktop file
# ------------
# makes it possible to be used by other programs
desktopFile = name: bin:
desktopFile =
name: bin:
pkgs.writeTextFile {
name = "${name}.desktop";
destination = "/share/applications/${name}.desktop";
@ -34,7 +40,9 @@ in
environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
(desktopFile "passmenu" "${
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
pkgs.otpmenu

14
components/gui/steam.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.steam.enable = mkOption {
@ -22,7 +27,12 @@ with lib;
isSystemUser = true;
home = "/home/steam";
createHome = true;
extraGroups = [ "audio" "input" "video" "pipewire" ];
extraGroups = [
"audio"
"input"
"video"
"pipewire"
];
group = "steam";
shell = pkgs.bashInteractive;
};

17
components/gui/suspend.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.gui.suspend.enable = mkOption {
@ -13,13 +18,11 @@ with lib;
requiredBy = [ "sleep.target" ];
environment =
let
display =
if (config.services.xserver.display != null) then
config.services.xserver.display
else
0;
display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
in
{ DISPLAY = ":${toString display}"; };
{
DISPLAY = ":${toString display}";
};
script = ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
sleep 1

7
components/gui/vscode.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.vscode.enable = mkOption {

7
components/gui/wayland.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{

8
components/gui/xorg/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
@ -78,4 +83,3 @@ with lib;
};
}

7
components/gui/xorg/xlock.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
with lib;
let

28
components/mainUser.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
@ -6,15 +11,10 @@ let
cfg = config.components.mainUser;
# todo : use optionalList
dockerGroup =
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList
vboxGroup =
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
in
{
@ -73,8 +73,16 @@ in
uid = cfg.uid;
home = "/home/${cfg.userName}";
initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
extraGroups = [
"wheel"
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name;
};

7
components/media/icecast.nix
View file

@ -4,7 +4,12 @@
# * connect via mixxx to it.
# * add the podcast to mpd in the same network
# --------------------------------------------------
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let

7
components/media/tts.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{

104
components/media/video.nix
View file

@ -1,31 +1,35 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
obs-cmd = pkgs.rustPlatform.buildRustPackage
rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
};
# Lassulus streaming setup
# -------------------------
# ffmpeg \
@ -53,7 +57,12 @@ let
name = "screen-keys";
paths =
let
screenKeyScript = { position ? "bottom", size ? "small", ... }:
screenKeyScript =
{
position ? "bottom",
size ? "small",
...
}:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
''
${pkgs.screenkey}/bin/screenkey \
@ -65,27 +74,41 @@ let
"$@"
'';
in
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
lib.flip map [ "top" "center" "bottom" ]
(position: screenKeyScript { inherit size position; })));
lib.flatten (
lib.flip map
[
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
};
mpvReview =
let
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
moveToDir =
key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
delete = moveToDir "D" "./.graveyard";
good = moveToDir "G" "./.good";
in
@ -110,7 +133,6 @@ in
config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [
{
programs.obs-studio = {
@ -123,7 +145,6 @@ in
}
];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -137,7 +158,6 @@ in
alphaSafe
sanitizeFolder
# obs studio stuff
obs-cli
v4l-utils
@ -154,8 +174,6 @@ in
handbrake
ffmpeg-full
];
};
}

71
components/monitor/logs-promtail.nix
View file

@ -33,7 +33,7 @@ in
services.promtail = {
enable = true;
configuration = {
server. disable = true;
server.disable = true;
positions.filename = "/var/cache/promtail/positions.yaml";
clients = [
@ -49,7 +49,15 @@ in
_end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
createTemplateLine =
list:
"${
concatStrings (
imap0 (
index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement
) list
)
}${_end}";
in
[
{
@ -117,36 +125,35 @@ in
}
{
# Map facility to human readable
template =
{
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
template = {
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
}
{
# Key is REQUIRED and the name for the label that will be created.

15
components/monitor/metrics-export-zfs.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
with types;
{
@ -18,9 +23,11 @@ with types;
{
job_name = "zfs";
scrape_interval = "10s";
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}
];
}
];
service.pipelines.metrics.receivers = [ "prometheus" ];

9
components/monitor/metrics-netdata.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
with lib;
with types;
{
@ -18,7 +23,7 @@ with types;
scrape_interval = "10s";
metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ];
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
static_configs = [ { targets = [ "127.0.0.1:19999" ]; } ];
}
];

2
components/monitor/metrics-prometheus.nix
View file

@ -36,7 +36,7 @@ in
job_name = "opentelemetry";
metrics_path = "/metrics";
scrape_interval = "10s";
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ];
}
];
})

13
components/monitor/metrics-telegraf.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
@ -24,7 +29,9 @@ in
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ];
};
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [
"http://127.0.0.1:${toString cfg.influxDBPort}"
];
})
(mkIf config.components.monitor.telegraf.enable {
@ -41,7 +48,7 @@ in
processes = { };
system = { };
systemd_units = { };
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
ping = [ { urls = [ "10.100.0.1" ]; } ]; # actually important to make machine visible over wireguard
};
};
};

65
components/monitor/opentelemetry.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
with types;
let
@ -22,7 +27,10 @@ in
description = "endpoint to ship opentelementry data too";
};
exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]);
type = nullOr (enum [
"logs"
"metrics"
]);
default = null;
description = "enable debug exporter.";
};
@ -61,11 +69,13 @@ in
include = ".*";
match_type = "regexp";
action = "update";
operations = [{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}];
operations = [
{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}
];
}
];
};
@ -85,7 +95,6 @@ in
};
})
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = {
exporters.debug = {
@ -111,24 +120,26 @@ in
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.logs.enable
config.components.monitor.opentelemetry.exporter.endpoint != null
&& config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ];
};
})
}
)
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.metrics.enable
config.components.monitor.opentelemetry.exporter.endpoint != null
&& config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ];
};
})
}
)
# ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
@ -138,26 +149,26 @@ in
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.logs.enable
config.components.monitor.opentelemetry.receiver.endpoint != null
&& config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ];
};
})
}
)
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.metrics.enable
config.components.monitor.opentelemetry.receiver.endpoint != null
&& config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ];
};
})
}
)
# scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?)
@ -169,9 +180,11 @@ in
{
job_name = "otelcol";
scrape_interval = "10s";
static_configs = [{
targets = [ cfg.metrics.endpoint ];
}];
static_configs = [
{
targets = [ cfg.metrics.endpoint ];
}
];
metric_relabel_configs = [
{
source_labels = [ "__name__" ];
@ -195,7 +208,7 @@ in
};
})
(mkIf (! config.components.monitor.metrics.enable) {
(mkIf (!config.components.monitor.metrics.enable) {
services.opentelemetry-collector.settings = {
service.telemetry.metrics.level = "none";
};

59
components/network/nginx.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, assets, ... }:
{
config,
lib,
pkgs,
assets,
...
}:
with lib;
{
options.components.network.nginx.enable = mkOption {
@ -16,8 +22,13 @@ with lib;
environment.systemPackages = [
pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
(lib.fileContents "${assets}/nginx-show-config.py"))
(pkgs.writers.writePython3Bin "nginx-show-config" {
flakeIgnore = [
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
];
security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -85,7 +96,11 @@ with lib;
root = pkgs.landingpage.override {
jsonConfig =
let
entry = { machine, items ? [ ] }:
entry =
{
machine,
items ? [ ],
}:
{
text = machine;
items = [
@ -174,14 +189,12 @@ with lib;
{
label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects";
image =
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
}
{
label = "Cups";
href = "http://localhost:631/";
image =
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
}
];
}
@ -191,52 +204,42 @@ with lib;
{
label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "NixOS Reference";
href =
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html";
image =
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
}
{
label = "NixOS Language specific helpers";
href =
"https://nixos.wiki/wiki/Language-specific_package_helpers";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "NixOS Weekly";
href = "https://weekly.nixos.org/";
image =
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
}
{
label = "NixOS Security";
href = "https://broken.sh/";
image =
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
}
{
label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/";
image =
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
}
];
}

11
components/network/sshd/default.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }:
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
let
@ -6,8 +12,7 @@ let
cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner"
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
'';

8
components/network/sshd/known-hosts-manual.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, clanLib, ... }:
{
pkgs,
config,
lib,
clanLib,
...
}:
with lib;
let
publicKey = clanLib.readFact "ssh.id_ed25519.pub";

64
components/network/sshd/known-hosts-public.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
config = mkIf (config.components.network.sshd.enable) {
@ -28,65 +33,66 @@ with lib;
};
gitlab = {
hostNames = [ "gitlab.com" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
};
gitlab-bk = {
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
hostNames = [
"gitlab.bk-bund-berlin.de"
"116.203.133.59"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
};
# space-left
gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
};
# c-base
"bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
};
"shell.cbase" = {
hostNames = [ "shell.c-base.org" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
};
"kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
};
"cns.cbase" = {
hostNames = [ "cns.c-base.org" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
};
"lassulus" = {
hostNames = [ "[lassul.us]:45621" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
renoise = {
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
hostNames = [
"*.renoise.com"
"renoise.com"
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
};
git-renoise = {
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
hostNames = [
"[git.renoise.com]:2229"
"[94.130.128.97]:2229"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
};
"siteground" = {
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
hostNames = [
"[es5.siteground.eu]:18765"
"[37.60.224.6]:18765"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
};
"cracksucht.de" = {
hostNames = [ "cracksucht.de" ];
publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
};
};

48
components/network/sshd/known-hosts-zerotier.nix
View file

@ -1,34 +1,34 @@
{ lib, config, clanLib, ... }:
{
lib,
config,
clanLib,
...
}:
with lib;
with types;
let
machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines
(machine:
{
hostNames = [
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
}
);
knownHosts = lib.genAttrs machines (machine: {
hostNames = [
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
});
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs'
(machine: publicKey: nameValuePair
"boot_${machine}"
{
inherit publicKey;
hostNames = [
"[${machine}]:2222"
"[${machine}.public]:2222"
];
}
)
bootMachines;
knownBootHosts = lib.mapAttrs' (
machine: publicKey:
nameValuePair "boot_${machine}" {
inherit publicKey;
hostNames = [
"[${machine}]:2222"
"[${machine}.public]:2222"
];
}
) bootMachines;
in
{

80
components/network/syncthing.nix
View file

@ -1,5 +1,13 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
with lib; {
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
{
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -19,7 +27,12 @@ with lib; {
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
(
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: {
"${machine}" = {
name = machine;
@ -30,20 +43,26 @@ with lib; {
in
clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
;
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
settings.folders = {
audiobooks = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks";
devices = [ "chungus" "orbi" ];
devices = [
"chungus"
"orbi"
];
};
books = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "2";
@ -52,12 +71,20 @@ with lib; {
desktop = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
};
finance = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "10";
@ -66,27 +93,46 @@ with lib; {
flix = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix";
devices = [ "chungus" "orbi" ];
devices = [
"chungus"
"orbi"
];
};
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" "iPhone" ];
devices = [
"chungus"
"cream"
"cherry"
"iPhone"
];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ];
devices = [
"chungus"
"orbi"
];
};
oscar_cpap = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
};
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "10";
@ -96,7 +142,11 @@ with lib; {
share = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "cream" "cherry" "orbi" ];
devices = [
"cream"
"cherry"
"orbi"
];
};
};
};

37
components/network/tinc/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, factsGenerator, clanLib, ... }:
{
lib,
config,
factsGenerator,
clanLib,
...
}:
with lib;
{
@ -20,18 +26,21 @@ with lib;
};
config = mkMerge [
(mkIf config.tinc.private.enable (import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}))
(mkIf config.tinc.secret.enable (import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}))
(mkIf config.tinc.private.enable (
import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
(mkIf config.tinc.secret.enable (
import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
];
}

40
components/network/tinc/private.nix
View file

@ -1,12 +1,13 @@
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, factsGenerator
, mapAttrsToList
, clanLib
, ...
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
factsGenerator,
mapAttrsToList,
clanLib,
...
}:
let
hosts = {
@ -51,35 +52,36 @@ in
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [{ address = hosts.mobi; }];
subnets = [ { address = hosts.mobi; } ];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
bobi = {
subnets = [{ address = hosts.bobi; }];
subnets = [ { address = hosts.bobi; } ];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
cream = {
subnets = [{ address = hosts.cream; }];
subnets = [ { address = hosts.cream; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cream";
};
cherry = {
subnets = [{ address = hosts.cherry; }];
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
};
chungus = {
subnets = [{ address = hosts.chungus; }];
subnets = [ { address = hosts.chungus; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
};
orbi = {
addresses = [{ address = "95.216.66.212"; }];
subnets = [{ address = hosts.orbi; }];
addresses = [ { address = "95.216.66.212"; } ];
subnets = [ { address = hosts.orbi; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
};
};
@ -100,6 +102,8 @@ in
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
}

61
components/network/tinc/secret.nix
View file

@ -1,11 +1,12 @@
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, mapAttrsToList
, factsGenerator
, ...
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
mapAttrsToList,
factsGenerator,
...
}:
let
port = 721;
@ -23,31 +24,37 @@ in
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = ''
LocalDiscovery = yes
Port = ${toString port}
'';
hostSettings = {
sternchen = {
subnets = [{ address = hosts.sternchen; }];
subnets = [ { address = hosts.sternchen; } ];
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
};
cream = {
subnets = [{ address = hosts.cream; }];
subnets = [ { address = hosts.cream; } ];
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
};
cherry = {
subnets = [{ address = hosts.cherry; }];
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
};
sterni = {
subnets = [{ address = hosts.sterni; }];
subnets = [ { address = hosts.sterni; } ];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
robi = {
addresses = [{ address = "144.76.13.147"; port = port; }];
subnets = [{ address = hosts.robi; }];
addresses = [
{
address = "144.76.13.147";
port = port;
}
];
subnets = [ { address = hosts.robi; } ];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
};
};
@ -68,23 +75,37 @@ in
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
services.openssh.knownHosts = {
"cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ];
hostNames = [
"cream.${network}"
hosts.cream
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
};
"sternchen.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"robi" = {
hostNames = [ "robi.${network}" hosts.robi ];
hostNames = [
"robi.${network}"
hosts.robi
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
};

9
components/network/wifi.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with types;
{
@ -22,7 +27,6 @@ with types;
# Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing.
@ -47,4 +51,3 @@ with types;
};
}

2
components/network/wireguard.nix
View file

@ -28,6 +28,4 @@ with lib;
'';
};
}

7
components/nixos/upgrade-diff.nix
View file

@ -1,5 +1,10 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
options.components.nixos.update-diff.enable = lib.mkOption {

8
components/terminal/bash.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.bash.enable = mkOption {
@ -16,7 +21,6 @@ with lib;
interactiveShellInit = "set -o vi";
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";

7
components/terminal/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.terminal = {

12
components/terminal/direnv.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.direnv.enable = mkOption {
@ -12,7 +17,10 @@ with lib;
home-manager.sharedModules = [
{
programs.direnv.enable = true;
programs.git.ignores = [ ".envrc" ".direnv" ];
programs.git.ignores = [
".envrc"
".direnv"
];
}
];

9
components/terminal/git.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.terminal.git.enable = mkOption {
@ -8,7 +13,6 @@ with lib;
config = mkIf (config.components.terminal.git.enable) {
environment.systemPackages = with pkgs; [
git
gita
@ -29,4 +33,3 @@ with lib;
];
};
}

7
components/terminal/heygpt.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.terminal.heygpt.enable = mkOption {

31
components/terminal/hoard.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
hoardSrc = pkgs.fetchFromGitHub {
@ -31,10 +36,26 @@ in
config_home_path = "/home/palo/.config/hoard";
trove_path = "/home/palo/.config/hoard/trove.yml";
query_prefix = " >";
primary_color = [ 87 142 87 ];
secondary_color = [ 203 184 144 ];
tertiary_color = [ 30 30 30 ];
command_color = [ 30 30 30 ];
primary_color = [
87
142
87
];
secondary_color = [
203
184
144
];
tertiary_color = [
30
30
30
];
command_color = [
30
30
30
];
parameter_token = "#";
read_from_current_directory = true;
};

9
components/terminal/remote-install.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.remote-install.enable = mkOption {
@ -10,7 +15,7 @@ with lib;
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.liveos.map = [{ port = 1337; }];
relay.onionServices.liveos.map = [ { port = 1337; } ];
};
environment.systemPackages = [

304
components/terminal/wtf.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -54,23 +59,29 @@ let
echo
'';
userHighlight = map ({ user, ... }: user)
(builtins.attrValues config.services.browser.configList)
++ [ "steam" ];
userHighlight =
map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" ''
${pkgs.procps}/bin/ps -eo user \
| ${pkgs.gnused}/bin/sed '1 d' \
| ${pkgs.coreutils}/bin/sort \
| ${pkgs.coreutils}/bin/uniq \
| ${pkgs.gnugrep}/bin/egrep --color=always '(${
pkgs.lib.concatStringsSep "|" userHighlight
})|$'
| ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
'';
# default settings
wtfModule =
args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
args@{
height ? 1,
width ? 1,
top,
left,
enabled ? true,
type,
...
}:
{
enabled = enabled;
focusable = false;
@ -78,107 +89,157 @@ let
position.left = left;
position.height = height;
position.width = width;
} // (lib.filterAttrs
(key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
args);
}
// (lib.filterAttrs (
key: _:
lib.all (x: x != key) [
"height"
"width"
"top"
"left"
]
) args);
# command runner module
cmdRunner = args@{ cmd, ... }:
wtfModule ({
type = "cmdrunner";
focusable = false;
refreshInterval = 300;
} // args);
cmdRunner =
args@{ cmd, ... }:
wtfModule (
{
type = "cmdrunner";
focusable = false;
refreshInterval = 300;
}
// args
);
modules = {
inherit cmdRunner;
digitalclock = args@{ top, left, ... }:
cmdRunner ({
cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y"
'';
title = "";
refreshInterval = 30;
} // args);
digitalclock =
args@{ top, left, ... }:
cmdRunner (
{
cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y"
'';
title = "";
refreshInterval = 30;
}
// args
);
clocks = args@{ top, left, ... }:
wtfModule ({
type = "clocks";
title = "";
border = false;
colors.rows = {
even = "white";
odd = "white";
};
locations = {
UTC = "Etc/UTC";
Berlin = "Europe/Berlin";
Thailand = "Asia/Bangkok";
#Cuba = "America/Havana";
#Wellington = "Pacific/Auckland";
};
sort = "alphabetical";
refreshInterval = 60;
} // args);
clocks =
args@{ top, left, ... }:
wtfModule (
{
type = "clocks";
title = "";
border = false;
colors.rows = {
even = "white";
odd = "white";
};
locations = {
UTC = "Etc/UTC";
Berlin = "Europe/Berlin";
Thailand = "Asia/Bangkok";
#Cuba = "America/Havana";
#Wellington = "Pacific/Auckland";
};
sort = "alphabetical";
refreshInterval = 60;
}
// args
);
resourceusage = args@{ top, left, ... }:
wtfModule ({
type = "resourceusage";
title = "";
cpuCombined = false;
refreshInterval = 5;
} // args);
resourceusage =
args@{ top, left, ... }:
wtfModule (
{
type = "resourceusage";
title = "";
cpuCombined = false;
refreshInterval = 5;
}
// args
);
power = args@{ top, left, ... }:
wtfModule ({
type = "power";
title = "";
refreshInterval = 100;
} // args);
power =
args@{ top, left, ... }:
wtfModule (
{
type = "power";
title = "";
refreshInterval = 100;
}
// args
);
prettyweather = args@{ top, left, ... }:
wtfModule ({
type = "prettyweather";
title = "";
city = "Essen";
unit = "m";
view = 0;
language = "en";
refreshInterval = 3600;
} // args);
prettyweather =
args@{ top, left, ... }:
wtfModule (
{
type = "prettyweather";
title = "";
city = "Essen";
unit = "m";
view = 0;
language = "en";
refreshInterval = 3600;
}
// args
);
feedreader = args@{ top, left, feeds, ... }:
wtfModule ({
type = "feedreader";
title = "";
refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
} // args);
feedreader =
args@{
top,
left,
feeds,
...
}:
wtfModule (
{
type = "feedreader";
title = "";
refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
}
// args
);
github = args@{ top, left, username, apiKey, ... }:
wtfModule ({
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
github =
args@{
top,
left,
username,
apiKey,
...
}:
wtfModule (
{
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
enableStatus = true;
# customQueries:
# othersPRs:
# title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil"
# repositories:
# - "wtfutil/wtf"
# - "wtfutil/docs"
# - "umbrella-corp/wesker-api"
} // args);
enableStatus = true;
# customQueries:
# othersPRs:
# title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil"
# repositories:
# - "wtfutil/wtf"
# - "wtfutil/docs"
# - "umbrella-corp/wesker-api"
}
// args
);
};
@ -191,8 +252,20 @@ let
normal = "green";
};
grid = {
columns = [ 28 0 0 ];
rows = [ 9 9 9 9 9 9 0 ];
columns = [
28
0
0
];
rows = [
9
9
9
9
9
9
0
];
};
refreshInterval = 1;
mods = with modules; {
@ -227,8 +300,7 @@ let
top = 4;
left = 1;
height = 1;
feeds =
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
};
nixos = feedreader {
title = "NixOS Weekly";
@ -265,8 +337,20 @@ let
normal = "green";
};
grid = {
columns = [ 33 12 28 36 0 ];
rows = [ 9 4 6 6 0 ];
columns = [
33
12
28
36
0
];
rows = [
9
4
6
6
0
];
};
refreshInterval = 1;
mods = with modules; {
@ -312,7 +396,12 @@ let
calendar = cmdRunner {
title = "";
args = [ "-3" "--monday" "--color=never" "-w" ];
args = [
"-3"
"--monday"
"--color=never"
"-w"
];
cmd = "cal";
top = 1;
left = 1;
@ -374,9 +463,12 @@ let
};
};
createDashboard = { json, name }:
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in pkgs.writers.writeBashBin name ''
createDashboard =
{ json, name }:
let
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in
pkgs.writers.writeBashBin name ''
${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
'';

7
components/terminal/zsh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.zsh.enable = mkOption {

7
components/virtualisation/docker.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{

7
components/virtualisation/podman.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{

7
components/virtualisation/qemu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{

7
components/virtualisation/virtualbox.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{

8
components/yubikey.nix
View file

@ -1,7 +1,12 @@
# References:
# * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
@ -16,7 +21,6 @@ with lib;
services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = [
pkgs.yubikey-personalization

13
features/boot/ssh.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
@ -11,8 +18,7 @@ with types;
kernelModules = mkOption {
type = listOf str;
default = [ ];
description =
"nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
};
};
@ -42,4 +48,3 @@ with types;
};
}

47
features/boot/tor.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
{
@ -16,14 +23,13 @@ with types;
name = "initrd";
addressPrefix = "init";
};
boot.initrd.secrets =
mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file)
(genAttrs [
"hostname"
"hs_ed25519_public_key"
"hs_ed25519_secret_key"
]
(secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path));
boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
genAttrs [
"hostname"
"hs_ed25519_public_key"
"hs_ed25519_secret_key"
] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
);
boot.initrd.systemd.storePaths = [
pkgs.tor
@ -43,7 +49,10 @@ with types;
boot.initrd.systemd.services.tor = {
description = "tor during init";
wantedBy = [ "initrd.target" ];
after = [ "network.target" "initrd-nixos-copy-secrets.service" ];
after = [
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
@ -53,17 +62,15 @@ with types;
pkgs.iproute2
pkgs.coreutils
];
script =
''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
script = ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "tor: starting tor"
tor -f /etc/tor/tor.rc --verify-config
tor -f /etc/tor/tor.rc
'';
echo "tor: starting tor"
tor -f /etc/tor/tor.rc --verify-config
tor -f /etc/tor/tor.rc
'';
};
};
}

7
features/network/fail2ban.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.features.network.fail2ban.enable = mkOption {

8
features/network/sshguard.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }:
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
{

7
homes/common/oh-my-posh/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
programs.oh-my-posh = {

4
homes/common/oh-my-posh/gmay.json
View file

@ -86,7 +86,9 @@
},
{
"background": "#427B58",
"background_templates": ["{{ if gt .Code 0 }}#9D0006{{ end }}"],
"background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>",
"properties": {

8
homes/common/oh-my-posh/gruvbox.json
View file

@ -13,9 +13,13 @@
},
{
"background": "#fbf1c7",
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
"background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828",
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
"foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",

8
homes/common/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with pkgs;
with lib;
{
@ -41,7 +46,6 @@ with lib;
}
(mkIf config.gui.enable {
home.packages = [
libreoffice

7
homes/common/terminal.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, assets, ... }:
{
lib,
pkgs,
assets,
...
}:
{
programs.zsh = {

7
homes/common/zfs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with pkgs;
with lib;
{

3
homes/palo/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
../common

7
homes/palo/doom-emacs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
config = mkMerge [

11
homes/palo/git.nix
View file

@ -10,7 +10,15 @@ with pkgs;
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true;
};
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
ignores = [
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
extraConfig = {
init.defaultBranch = "main";
pull.ff = "only";
@ -19,7 +27,6 @@ with pkgs;
difftastic.enable = true;
};
home.packages = [
pre-commit
gita

3
homes/palo/gpg.nix
View file

@ -12,8 +12,7 @@
keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
};
};

7
homes/palo/gui/alacritty.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
{

8
homes/palo/gui/kitty.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
with lib;
{
@ -31,6 +36,5 @@ with lib;
};
};
};
}

1
homes/palo/hyperland.nix
View file

@ -158,4 +158,3 @@
'';
}

62
homes/palo/i3.nix
View file

@ -1,8 +1,20 @@
{ config, lib, pkgs, osConfig, ... }:
{
config,
lib,
pkgs,
osConfig,
...
}:
with lib;
let
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
rofi = pkgs.rofi.override {
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -140,21 +152,25 @@ in
focus = {
followMouse = true;
};
colors.focused =
with config.lib.stylix.colors.withHashtag;
colors.focused = with config.lib.stylix.colors.withHashtag; {
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup = [
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup =
[
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
{ command = toString backgroundCommand; always = true; }
{
command = toString (pkgs.writers.writeDash "xsettings" ''
command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
always = true;
}
{
command = toString backgroundCommand;
always = true;
}
{
command = toString (
pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap
@ -162,13 +178,15 @@ in
# no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off
'');
always = true;
}
];
''
);
always = true;
}
];
bars = [
(config.lib.stylix.i3.bar //
{
(
config.lib.stylix.i3.bar
// {
#mode = "hide";
hiddenState = "hide";
position = "top";

55
homes/palo/packages/development.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with pkgs;
with lib;
{
@ -29,15 +34,18 @@ with lib;
jetbrains.pycharm-professional
# planing
((ganttproject-bin.override {
jre = pkgs.openjdk11;
}).overrideAttrs (old: {
version = "3.1.3100";
src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
}))
(
(ganttproject-bin.override {
jre = pkgs.openjdk11;
}).overrideAttrs
(old: {
version = "3.1.3100";
src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
})
)
# Pkl
# ---
@ -101,7 +109,8 @@ with lib;
{
home.packages =
let
pandocScript = { inputFormat, outputFormat }:
pandocScript =
{ inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \
@ -135,10 +144,26 @@ with lib;
${pkgs.less}/bin/less
'')
] ++ (map pandocScript (lib.cartesianProduct {
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
}));
]
++ (map pandocScript (
lib.cartesianProduct {
inputFormat = [
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
}
];

7
homes/palo/packages/graphics.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{

7
homes/palo/packages/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{

7
homes/palo/packages/media.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with pkgs;
with lib;
{

33
homes/palo/packages/nextcloud.nix
View file

@ -1,10 +1,16 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
let
nextcloud-client = pkgs.legacy_2311.nextcloud-client;
nextcloudSync = folder:
nextcloudSync =
folder:
let
password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
user = "palo";
@ -16,19 +22,18 @@ let
"https://${user}:${password}@nextcloud.ingolf-wagner.de"
'';
borrow = pkgs.writers.writeDashBin "borrow"
''
${getExe hledger-ui} \
--all \
--theme=terminal \
--file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
borrow = pkgs.writers.writeDashBin "borrow" ''
${getExe hledger-ui} \
--all \
--theme=terminal \
--file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
${getExe gum} confirm \
--affirmative="update" \
--negative="skip" \
--default=false \
"Syncronize with Nextcloud?" && ${getExe(nextcloudSync "Unterlagen")}
'';
${getExe gum} confirm \
--affirmative="update" \
--negative="skip" \
--default=false \
"Syncronize with Nextcloud?" && ${getExe (nextcloudSync "Unterlagen")}
'';
in
{

8
homes/palo/packages/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
@ -8,7 +13,6 @@ with lib;
# ¯\_(ツ)_/¯
home.packages = [
nixos-shell
# bluetooth gui

7
homes/palo/packages/social.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{

7
homes/palo/ssh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
home.packages = [ pkgs.sshuttle ];

143
homes/palo/taskwarrior.nix
View file

@ -1,29 +1,47 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
mkMagicMergeOption =
{
description ? "",
example ? { },
default ? { },
apply ? id,
...
}:
mkOption {
inherit example description default apply;
type = with lib.types;
inherit
example
description
default
apply
;
type =
with lib.types;
let
valueType = nullOr
(oneOf [
valueType =
nullOr (oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "bool, int, float or str";
emptyValue.value = { };
};
])
// {
description = "bool, int, float or str";
emptyValue.value = { };
};
in
valueType;
};
taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
in
@ -31,69 +49,72 @@ in
{
# bugwarrior (a bit fiddly)
imports = [{
imports = [
{
options.bugwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
options.bugwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
config = {
home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config;
# todo : before deleting this, put it in logseq
config = {
home.file.".config/bugwarrior/bugwarrior.toml".source =
(pkgs.formats.toml { }).generate "bugwarriorrc.toml"
config.bugwarrior.config;
# todo : before deleting this, put it in logseq
home.packages = [
(pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop";
src = pkgs.fetchFromGitHub {
owner = "ralphbean";
repo = "bugwarrior";
rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1";
sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs=";
};
propagatedBuildInputs = old.propagatedBuildInputs ++ [
pkgs.legacy_2311.python3Packages.pydantic
pkgs.legacy_2311.python3Packages.tomli
pkgs.legacy_2311.python3Packages.email-validator
pkgs.legacy_2311.python3Packages.packaging
];
}))
];
};
home.packages = [
(pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop";
src = pkgs.fetchFromGitHub {
owner = "ralphbean";
repo = "bugwarrior";
rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1";
sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs=";
};
propagatedBuildInputs = old.propagatedBuildInputs ++ [
pkgs.legacy_2311.python3Packages.pydantic
pkgs.legacy_2311.python3Packages.tomli
pkgs.legacy_2311.python3Packages.email-validator
pkgs.legacy_2311.python3Packages.packaging
];
}))
];
};
}];
}
];
config = mkIf config.gui.enable {
home.packages = with pkgs;
[
home.packages = with pkgs; [
taskwarrior
taskwarrior-tui
taskwarrior
taskwarrior-tui
timewarrior
tasksh
taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
timewarrior
tasksh
taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
vit
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
vit
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
(pkgs.writers.writeBashBin "calendar" ''
${pkgs.taskwarrior}/bin/task calendar
${pkgs.taskwarrior}/bin/task calendar_report
'')
(pkgs.writers.writeBashBin "calendar" ''
${pkgs.taskwarrior}/bin/task calendar
${pkgs.taskwarrior}/bin/task calendar_report
'')
# todo : belongs to calendar.nix
vdirsyncer
khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
# todo : belongs to calendar.nix
vdirsyncer
khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
];
];
};

23
homes/tina/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
@ -6,13 +11,17 @@ with lib;
home.packages = [
logseq
];
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
{
spellcheck = {
dictionaries = [ "en-US" "de-DE" ];
dictionary = "";
home.file.".config/Logseq/Preferences".source =
(pkgs.formats.json { }).generate "LogseqPreferences.json"
{
spellcheck = {
dictionaries = [
"en-US"
"de-DE"
];
dictionary = "";
};
};
};
};
}

10
homes/tina/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
@ -25,10 +30,7 @@ with lib;
pdfarranger
calibre
];
};
}

34
images/lib/remote-access.nix
View file

@ -1,11 +1,16 @@
{
# cat ~/.ssh/id_rsa.pub
publicSshKey ? ""
, # remote-install-get-hiddenReceiver
hiddenReceiver ? ""
,
publicSshKey ? "",
# remote-install-get-hiddenReceiver
hiddenReceiver ? "",
}:
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
imports = [
{
@ -13,7 +18,9 @@
networking.hostName = "liveos";
users.extraUsers = {
root = { openssh.authorizedKeys.keys = [ publicSshKey ]; };
root = {
openssh.authorizedKeys.keys = [ publicSshKey ];
};
};
}
{
@ -104,15 +111,20 @@
client.enable = true;
relay.onionServices.hidden-ssh = {
version = 3;
map = [{
port = 22;
target.port = 22;
}];
map = [
{
port = 22;
target.port = 22;
}
];
};
};
systemd.services.hidden-ssh-announce = {
description = "irc announce hidden ssh";
after = [ "tor.service" "network-online.target" ];
after = [
"tor.service"
"network-online.target"
];
wants = [ "tor.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {

25
images/machine-init-configuration.nix
View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
(import ./disko-config.nix { })
];
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
(import ./disko-config.nix { })
];
networking.hostName = "nixos";
@ -42,7 +46,9 @@
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
@ -52,5 +58,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

3
images/remote-install/config.nix
View file

@ -4,8 +4,7 @@ let
remote-access = import ../lib/remote-access.nix {
# cat ~/.ssh/id_rsa.pub
publicSshKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
# remote-install-get-hiddenReceiver
hiddenReceiver = "";

2
images/remote-install/remote-install.nix
View file

@ -3,7 +3,7 @@
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.liveos.map = [{ port = 1337; }];
relay.onionServices.liveos.map = [ { port = 1337; } ];
};
environment.systemPackages = [

18
images/translate-setup/audio.nix
View file

@ -1,10 +1,22 @@
{ pkgs, lib, config, ... }: {
users.users.mainUser.extraGroups = [ "audio" "pipewire" ];
{
pkgs,
lib,
config,
...
}:
{
users.users.mainUser.extraGroups = [
"audio"
"pipewire"
];
hardware.pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
environment.systemPackages = with pkgs; [ alsaUtils pavucontrol ];
environment.systemPackages = with pkgs; [
alsaUtils
pavucontrol
];
}

13
images/translate-setup/config.nix
View file

@ -1,6 +1,15 @@
{ pkgs, lib, config, ... }: {
{
pkgs,
lib,
config,
...
}:
{
imports = [ ./x11.nix ./audio.nix ];
imports = [
./x11.nix
./audio.nix
];
#networking.networkmanager.enable = true;
#networking.wireless.enable = false;

15
images/translate-setup/x11.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, ... }: {
{
pkgs,
config,
lib,
...
}:
{
services.xserver = {
enable = true;
@ -44,6 +50,11 @@
# Packages
# --------
environment.systemPackages = with pkgs; [ flameshot pavucontrol mumble vlc ];
environment.systemPackages = with pkgs; [
flameshot
pavucontrol
mumble
vlc
];
}

23
images/usb-init-configuration.nix
View file

@ -1,17 +1,19 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.hostName = "nixos";
# grub configuraton
# -----------------
boot.loader.grub.enable = true;
@ -41,7 +43,9 @@
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
@ -51,5 +55,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

8
images/windows-rescue/config.nix
View file

@ -8,8 +8,7 @@ let
plainTextPassword = "";
};
remote-access = import ../lib/remote-access.nix {
publicSshKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
hiddenReceiver = "";
};
in
@ -17,7 +16,10 @@ in
imports = [ remote-access ];
environment.systemPackages = [ pkgs.chntpw pkgs.ntfs3g ];
environment.systemPackages = [
pkgs.chntpw
pkgs.ntfs3g
];
networking.dhcpcd.enable = true;
networking.wireless = {

3
images/yubikey-image.nix
View file

@ -12,8 +12,7 @@ let
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
};
buildInputs = [ pkgs.pandoc ];
installPhase =
"pandoc --highlight-style pygments -s --toc README.md -o $out";
installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
};
in
{

39
lib/clanlib.nix
View file

@ -3,17 +3,14 @@ let
allMachineNames = lib.mapAttrsToList (name: _: name) (builtins.readDir machineDir);
getFactPath = fact: machine:
"${machineDir}/${machine}/facts/${fact}";
getFactPath = fact: machine: "${machineDir}/${machine}/facts/${fact}";
readFact = fact: machine:
readFact =
fact: machine:
let
path = getFactPath fact machine;
in
if builtins.pathExists path then
builtins.readFile path
else
null;
if builtins.pathExists path then builtins.readFile path else null;
# Example:
#
@ -22,7 +19,8 @@ let
# machineA = "1.2.3.4";
# machineB = "5.6.7.8";
# };
readFactFromAllMachines = fact:
readFactFromAllMachines =
fact:
let
machines = allMachineNames;
facts = lib.genAttrs machines (readFact fact);
@ -47,18 +45,27 @@ let
# "synching.pub" = "23456719";
# };
# };
readFactsFromAllMachines = facts:
readFactsFromAllMachines =
facts:
let
# machine -> fact -> factvalue
machinesFactsAttrs = lib.genAttrs allMachineNames (machine: lib.genAttrs facts (fact: readFact fact machine));
machinesFactsAttrs = lib.genAttrs allMachineNames (
machine: lib.genAttrs facts (fact: readFact fact machine)
);
# remove all machines which don't have all facts set
filteredMachineFactAttrs =
lib.filterAttrs (_machine: values: builtins.all (fact: values.${fact} != null) facts)
machinesFactsAttrs;
filteredMachineFactAttrs = lib.filterAttrs (
_machine: values: builtins.all (fact: values.${fact} != null) facts
) machinesFactsAttrs;
in
filteredMachineFactAttrs;
in
{ inherit allMachineNames getFactPath readFact readFactFromAllMachines readFactsFromAllMachines; }
{
inherit
allMachineNames
getFactPath
readFact
readFactFromAllMachines
readFactsFromAllMachines
;
}

13
machines/cherry/37c3.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
interface = "wlp170s0";
in
@ -26,9 +31,9 @@ in
phase2-auth = "pap";
altsubject-matches = "DNS:radius.c3noc.net";
ca-cert = "${builtins.fetchurl {
url = "https://letsencrypt.org/certs/isrgrootx1.pem";
sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
}}";
url = "https://letsencrypt.org/certs/isrgrootx1.pem";
sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
}}";
};
ipv4 = {
method = "auto";

21
machines/cherry/configuration.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
imports = [
@ -37,7 +42,6 @@
# (promptKey "pushover.user_key") //
# (promptKey "pushover.api_key");
components.virtualisation.enable = true;
components.gui.enable = true;
@ -52,11 +56,13 @@
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi
#components.monitor.opentelemetry.exporter.debug = "logs";
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
home-manager.users.mainUser.bugwarrior.config = {
general = {
targets = [ "terranix" "my_github" ];
targets = [
"terranix"
"my_github"
];
log_level = "INFO";
static_fields = [ "priority" ];
merge_annotations = false;
@ -84,12 +90,15 @@
add_tags = "github";
include_user_issues = true;
include_user_repos = true;
exclude_repos = [ "azubi" "csv-to-qif" "stepp0r" ];
exclude_repos = [
"azubi"
"csv-to-qif"
"stepp0r"
];
};
# todo : add github issues
};
users.users.mainUser.extraGroups = [ "pipewire" ];
services.nginx.enable = true;

9
machines/cherry/hardware-configuration/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, factsGenerator, ... }:
{
lib,
config,
factsGenerator,
...
}:
{
imports = [
./disko-config.nix
@ -24,6 +29,4 @@
ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
'';
}

1
machines/cherry/hardware-configuration/disko-config.nix
View file

@ -70,4 +70,3 @@
};
}

4
machines/cherry/hardware-configuration/graphics.nix
View file

@ -14,6 +14,8 @@
hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ];
environment.sessionVariables = { LIBVA_DRIVER_NAME = "i965"; }; # Optionally, set the environment variable
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "i965";
}; # Optionally, set the environment variable
}

23
machines/cherry/hardware-configuration/hardware-configuration.nix
View file

@ -1,15 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];

6
machines/cherry/network-tinc_retiolum.nix
View file

@ -7,8 +7,10 @@
networking.retiolum.nodename = "cherry";
services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
};
#fileSystems."/retiolum/sicily" = {

7
machines/cherry/network-wireguard-wg0.nix
View file

@ -1,4 +1,9 @@
{ config, factsGenerator, clanLib, ... }:
{
config,
factsGenerator,
clanLib,
...
}:
{
networking.firewall.allowedUDPPorts = [ 51820 ];
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };

8
machines/cherry/network-wireguard-wg1.nix
View file

@ -14,10 +14,14 @@
};
home-manager.users.root.home.packages = [
(pkgs.writers.writeBashBin "wg1-up" ''
${pkgs.wireguard-tools}/bin/wg-quick up ${config.clan.core.facts.services.wg1.secret."wg1.conf".path}
${pkgs.wireguard-tools}/bin/wg-quick up ${
config.clan.core.facts.services.wg1.secret."wg1.conf".path
}
'')
(pkgs.writers.writeBashBin "wg1-down" ''
${pkgs.wireguard-tools}/bin/wg-quick down ${config.clan.core.facts.services.wg1.secret."wg1.conf".path}
${pkgs.wireguard-tools}/bin/wg-quick down ${
config.clan.core.facts.services.wg1.secret."wg1.conf".path
}
'')
];
}

Some files were not shown because too many files have changed in this diff Show more