palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Projects Releases Wiki Activity

nix fmt
Some checks are pending
Build all NixOS Configurations / nix build (push) Waiting to run
Details

Browse source
This commit is contained in:
Ingolf Wagner 2024-08-29 08:26:04 +07:00
parent 200063fcb1
commit 7a6510a4e6
Signed by: palo
GPG key ID: 76BF5F1928B9618B
196 changed files with 3111 additions and 1771 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
.forgejo/workflows/nix_build.yaml
View file

@ -1,18 +1,15 @@
name: Build all NixOS Configurations name: Build all NixOS Configurations
on: on:
push: push:
branches: branches:
- "**" - "**"
schedule: schedule:
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour - cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs: jobs:
nix build: nix build:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: update nix flakes - name: update nix flakes
if: ${{ github.event_name == 'schedule' }} if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes # we need to use our ssh key here because we need access to private flakes
@ -30,7 +27,6 @@ jobs:
echo $SSH_AGENT_PID echo $SSH_AGENT_PID
kill $SSH_AGENT_PID kill $SSH_AGENT_PID
rm .ssh_key rm .ssh_key
- name: nix flake archive/check - name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes # we need to use our ssh key here because we need access to private flakes
run: | run: |
@ -48,22 +44,16 @@ jobs:
echo $SSH_AGENT_PID echo $SSH_AGENT_PID
kill $SSH_AGENT_PID kill $SSH_AGENT_PID
rm .ssh_key rm .ssh_key
- name: nix build orbi - name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
- name: nix build cream - name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry - name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus - name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build usbstick - name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push - name: commit & push
if: ${{ github.event_name == 'schedule' }} if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch # only if all nix builds are fine we update our branch

7
components/chaospott.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

1
components/default.nix
View file

@ -14,5 +14,4 @@
./yubikey.nix ./yubikey.nix
]; ];
} }

7
components/gui/audio.nix
View file

@ -1,5 +1,10 @@
# TODO test `alsactl init` after suspend to reinit mic # TODO test `alsactl init` after suspend to reinit mic
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.audio.enable = mkOption { options.components.gui.audio.enable = mkOption {

7
components/gui/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {
options.components.gui = { options.components.gui = {

7
components/gui/home-manager/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {

25
components/gui/kmonad.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
options.components.gui.kmonad.enable = lib.mkOption { options.components.gui.kmonad.enable = lib.mkOption {
@ -79,9 +84,21 @@
in in
{ {
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ]; nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ]; "lctl"
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ]; "lmet"
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
}; };
}; };
}; };

7
components/gui/noti.nix
View file

@ -1,6 +1,11 @@
# notify me when a command is finished # notify me when a command is finished
# todo : secret managment is shit # todo : secret managment is shit
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.noti.enable = mkOption { options.components.gui.noti.enable = mkOption {

14
components/gui/pass.nix
View file

@ -1,11 +1,17 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
# desktop file # desktop file
# ------------ # ------------
# makes it possible to be used by other programs # makes it possible to be used by other programs
desktopFile = name: bin: desktopFile =
name: bin:
pkgs.writeTextFile { pkgs.writeTextFile {
name = "${name}.desktop"; name = "${name}.desktop";
destination = "/share/applications/${name}.desktop"; destination = "/share/applications/${name}.desktop";
@ -34,7 +40,9 @@ in
environment.systemPackages = [ environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ])) (pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator # todo : use upstream desktop file creator
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10") (desktopFile "passmenu" "${
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
pkgs.otpmenu pkgs.otpmenu

14
components/gui/steam.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.steam.enable = mkOption { options.components.gui.steam.enable = mkOption {
@ -22,7 +27,12 @@ with lib;
isSystemUser = true; isSystemUser = true;
home = "/home/steam"; home = "/home/steam";
createHome = true; createHome = true;
extraGroups = [ "audio" "input" "video" "pipewire" ]; extraGroups = [
"audio"
"input"
"video"
"pipewire"
];
group = "steam"; group = "steam";
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
}; };

17
components/gui/suspend.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.suspend.enable = mkOption { options.components.gui.suspend.enable = mkOption {
@ -13,13 +18,11 @@ with lib;
requiredBy = [ "sleep.target" ]; requiredBy = [ "sleep.target" ];
environment = environment =
let let
display = display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
if (config.services.xserver.display != null) then
config.services.xserver.display
else
0;
in in
{ DISPLAY = ":${toString display}"; }; {
DISPLAY = ":${toString display}";
};
script = '' script = ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
sleep 1 sleep 1

7
components/gui/vscode.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.vscode.enable = mkOption { options.components.gui.vscode.enable = mkOption {

7
components/gui/wayland.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {

8
components/gui/xorg/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
@ -78,4 +83,3 @@ with lib;
}; };
} }

7
components/gui/xorg/xlock.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
with lib; with lib;
let let

28
components/mainUser.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -6,15 +11,10 @@ let
cfg = config.components.mainUser; cfg = config.components.mainUser;
# todo : use optionalList # todo : use optionalList
dockerGroup = dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList # todo : use optionalList
vboxGroup = vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
in in
{ {
@ -73,8 +73,16 @@ in
uid = cfg.uid; uid = cfg.uid;
home = "/home/${cfg.userName}"; home = "/home/${cfg.userName}";
initialPassword = cfg.userName; initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ] extraGroups = [
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups; "wheel"
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles; openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name; group = config.users.groups.mainUser.name;
}; };

7
components/media/icecast.nix
View file

@ -4,7 +4,12 @@
# * connect via mixxx to it. # * connect via mixxx to it.
# * add the podcast to mpd in the same network # * add the podcast to mpd in the same network
# -------------------------------------------------- # --------------------------------------------------
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let

7
components/media/tts.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {

104
components/media/video.nix
View file

@ -1,31 +1,35 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
obs-cmd = pkgs.rustPlatform.buildRustPackage obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
rec { pname = "obs-cmd";
pname = "obs-cmd"; version = "v0.15.2";
version = "v0.15.2"; src = pkgs.fetchFromGitHub {
src = pkgs.fetchFromGitHub { owner = "grigio";
owner = "grigio"; repo = "obs-cmd";
repo = "obs-cmd"; rev = version;
rev = version; sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
}; };
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
};
# Lassulus streaming setup # Lassulus streaming setup
# ------------------------- # -------------------------
# ffmpeg \ # ffmpeg \
@ -53,7 +57,12 @@ let
name = "screen-keys"; name = "screen-keys";
paths = paths =
let let
screenKeyScript = { position ? "bottom", size ? "small", ... }: screenKeyScript =
{
position ? "bottom",
size ? "small",
...
}:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
'' ''
${pkgs.screenkey}/bin/screenkey \ ${pkgs.screenkey}/bin/screenkey \
@ -65,27 +74,41 @@ let
"$@" "$@"
''; '';
in in
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size: lib.flatten (
lib.flip map [ "top" "center" "bottom" ] lib.flip map
(position: screenKeyScript { inherit size position; }))); [
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
}; };
mpvReview = mpvReview =
let let
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' moveToDir =
tmp_dir = "${dir}" key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}() function move_current_track_${key}()
track = mp.get_property("path") track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'") os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'") os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir) print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next") mp.command("playlist-next")
end end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key}) mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
''; '';
delete = moveToDir "D" "./.graveyard"; delete = moveToDir "D" "./.graveyard";
good = moveToDir "G" "./.good"; good = moveToDir "G" "./.good";
in in
@ -110,7 +133,6 @@ in
config = mkIf (config.components.media.video.enable) { config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.obs-studio = { programs.obs-studio = {
@ -123,7 +145,6 @@ in
} }
]; ];
boot.kernelModules = [ "v4l2loopback" ]; boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -137,7 +158,6 @@ in
alphaSafe alphaSafe
sanitizeFolder sanitizeFolder
# obs studio stuff # obs studio stuff
obs-cli obs-cli
v4l-utils v4l-utils
@ -154,8 +174,6 @@ in
handbrake handbrake
ffmpeg-full ffmpeg-full
]; ];
}; };
} }

71
components/monitor/logs-promtail.nix
View file

@ -33,7 +33,7 @@ in
services.promtail = { services.promtail = {
enable = true; enable = true;
configuration = { configuration = {
server. disable = true; server.disable = true;
positions.filename = "/var/cache/promtail/positions.yaml"; positions.filename = "/var/cache/promtail/positions.yaml";
clients = [ clients = [
@ -49,7 +49,15 @@ in
_end = ''{{ end }}''; _end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}"; elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}"; ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}"; createTemplateLine =
list:
"${
concatStrings (
imap0 (
index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement
) list
)
}${_end}";
in in
[ [
{ {
@ -117,36 +125,35 @@ in
} }
{ {
# Map facility to human readable # Map facility to human readable
template = template = {
{ source = "facility_label";
source = "facility_label"; template = createTemplateLine [
template = createTemplateLine [ "kern" # Kernel messages
"kern" # Kernel messages "user" # User-level messages
"user" # User-level messages "mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1)) "daemon" # System daemons All daemons, including systemd and its subsystems
"daemon" # System daemons All daemons, including systemd and its subsystems "auth" # Security/authorization messages Also watch for different facility 10
"auth" # Security/authorization messages Also watch for different facility 10 "syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3) "lpr" # Line printer subsystem (archaic subsystem)
"lpr" # Line printer subsystem (archaic subsystem) "news" # Network news subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem) "uucp" # UUCP subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem) "clock" # Clock daemon systemd-timesyncd
"clock" # Clock daemon systemd-timesyncd "authpriv" # Security/authorization messages Also watch for different facility 4
"authpriv" # Security/authorization messages Also watch for different facility 4 "ftp" # FTP daemon
"ftp" # FTP daemon "-" # NTP subsystem
"-" # NTP subsystem "-" # Log audit
"-" # Log audit "-" # Log alert
"-" # Log alert "cron" # Scheduling daemon
"cron" # Scheduling daemon "local0" # Local use 0 (local0)
"local0" # Local use 0 (local0) "local1" # Local use 1 (local1)
"local1" # Local use 1 (local1) "local2" # Local use 2 (local2)
"local2" # Local use 2 (local2) "local3" # Local use 3 (local3)
"local3" # Local use 3 (local3) "local4" # Local use 4 (local4)
"local4" # Local use 4 (local4) "local5" # Local use 5 (local5)
"local5" # Local use 5 (local5) "local6" # Local use 6 (local6)
"local6" # Local use 6 (local6) "local7" # Local use 7 (local7)
"local7" # Local use 7 (local7) ];
]; };
};
} }
{ {
# Key is REQUIRED and the name for the label that will be created. # Key is REQUIRED and the name for the label that will be created.

15
components/monitor/metrics-export-zfs.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -18,9 +23,11 @@ with types;
{ {
job_name = "zfs"; job_name = "zfs";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [{ static_configs = [
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ]; {
}]; targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}
];
} }
]; ];
service.pipelines.metrics.receivers = [ "prometheus" ]; service.pipelines.metrics.receivers = [ "prometheus" ];

9
components/monitor/metrics-netdata.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -18,7 +23,7 @@ with types;
scrape_interval = "10s"; scrape_interval = "10s";
metrics_path = "/api/v1/allmetrics"; metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ]; params.format = [ "prometheus" ];
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }]; static_configs = [ { targets = [ "127.0.0.1:19999" ]; } ];
} }
]; ];

2
components/monitor/metrics-prometheus.nix
View file

@ -36,7 +36,7 @@ in
job_name = "opentelemetry"; job_name = "opentelemetry";
metrics_path = "/metrics"; metrics_path = "/metrics";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }]; static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ];
} }
]; ];
}) })

13
components/monitor/metrics-telegraf.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -24,7 +29,9 @@ in
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}"; receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ]; service.pipelines.metrics.receivers = [ "influxdb" ];
}; };
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ]; services.telegraf.extraConfig.outputs.influxdb_v2.urls = [
"http://127.0.0.1:${toString cfg.influxDBPort}"
];
}) })
(mkIf config.components.monitor.telegraf.enable { (mkIf config.components.monitor.telegraf.enable {
@ -41,7 +48,7 @@ in
processes = { }; processes = { };
system = { }; system = { };
systemd_units = { }; systemd_units = { };
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard ping = [ { urls = [ "10.100.0.1" ]; } ]; # actually important to make machine visible over wireguard
}; };
}; };
}; };

65
components/monitor/opentelemetry.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -22,7 +27,10 @@ in
description = "endpoint to ship opentelementry data too"; description = "endpoint to ship opentelementry data too";
}; };
exporter.debug = mkOption { exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]); type = nullOr (enum [
"logs"
"metrics"
]);
default = null; default = null;
description = "enable debug exporter."; description = "enable debug exporter.";
}; };
@ -61,11 +69,13 @@ in
include = ".*"; include = ".*";
match_type = "regexp"; match_type = "regexp";
action = "update"; action = "update";
operations = [{ operations = [
action = "add_label"; {
new_label = "machine"; action = "add_label";
new_value = config.networking.hostName; new_label = "machine";
}]; new_value = config.networking.hostName;
}
];
} }
]; ];
}; };
@ -85,7 +95,6 @@ in
}; };
}) })
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) { (mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
exporters.debug = { exporters.debug = {
@ -111,24 +120,26 @@ in
}) })
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.exporter.endpoint != null && config.components.monitor.opentelemetry.exporter.endpoint != null
config.components.monitor.logs.enable && config.components.monitor.logs.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ]; service.pipelines.logs.exporters = [ "otlp" ];
}; };
}) }
)
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.exporter.endpoint != null && config.components.monitor.opentelemetry.exporter.endpoint != null
config.components.monitor.metrics.enable && config.components.monitor.metrics.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ]; service.pipelines.metrics.exporters = [ "otlp" ];
}; };
}) }
)
# ship from other instance # ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) { (mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
@ -138,26 +149,26 @@ in
}) })
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.receiver.endpoint != null && config.components.monitor.opentelemetry.receiver.endpoint != null
config.components.monitor.logs.enable && config.components.monitor.logs.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ]; service.pipelines.logs.receivers = [ "otlp" ];
}; };
}) }
)
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.receiver.endpoint != null && config.components.monitor.opentelemetry.receiver.endpoint != null
config.components.monitor.metrics.enable && config.components.monitor.metrics.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ]; service.pipelines.metrics.receivers = [ "otlp" ];
}; };
}) }
)
# scrape opentelemetry-colectors metrics # scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?) # todo: this should be collected another way (opentelemetry internal?)
@ -169,9 +180,11 @@ in
{ {
job_name = "otelcol"; job_name = "otelcol";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [{ static_configs = [
targets = [ cfg.metrics.endpoint ]; {
}]; targets = [ cfg.metrics.endpoint ];
}
];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = [ "__name__" ];
@ -195,7 +208,7 @@ in
}; };
}) })
(mkIf (! config.components.monitor.metrics.enable) { (mkIf (!config.components.monitor.metrics.enable) {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.telemetry.metrics.level = "none"; service.telemetry.metrics.level = "none";
}; };

59
components/network/nginx.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, assets, ... }: {
config,
lib,
pkgs,
assets,
...
}:
with lib; with lib;
{ {
options.components.network.nginx.enable = mkOption { options.components.network.nginx.enable = mkOption {
@ -16,8 +22,13 @@ with lib;
environment.systemPackages = [ environment.systemPackages = [
pkgs.nginx-config-formatter pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; } (pkgs.writers.writePython3Bin "nginx-show-config" {
(lib.fileContents "${assets}/nginx-show-config.py")) flakeIgnore = [
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
]; ];
security.acme.defaults.email = "contact@ingolf-wagner.de"; security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -85,7 +96,11 @@ with lib;
root = pkgs.landingpage.override { root = pkgs.landingpage.override {
jsonConfig = jsonConfig =
let let
entry = { machine, items ? [ ] }: entry =
{
machine,
items ? [ ],
}:
{ {
text = machine; text = machine;
items = [ items = [
@ -174,14 +189,12 @@ with lib;
{ {
label = "Hetzner Cloud"; label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects"; href = "https://console.hetzner.cloud/projects";
image = image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
} }
{ {
label = "Cups"; label = "Cups";
href = "http://localhost:631/"; href = "http://localhost:631/";
image = image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
} }
]; ];
} }
@ -191,52 +204,42 @@ with lib;
{ {
label = "NixOS Manual"; label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/"; href = "https://nixos.org/nixos/manual/";
image = image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
} }
{ {
label = "Nixpkgs Manual"; label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/"; href = "https://nixos.org/nixpkgs/manual/";
image = image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
} }
{ {
label = "NixOS Reference"; label = "NixOS Reference";
href = href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library"; image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
} }
{ {
label = "Nix Packages"; label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html"; href = "https://nixos.org/nixos/packages.html";
image = image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
} }
{ {
label = "NixOS Language specific helpers"; label = "NixOS Language specific helpers";
href = href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
"https://nixos.wiki/wiki/Language-specific_package_helpers"; image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
} }
{ {
label = "NixOS Weekly"; label = "NixOS Weekly";
href = "https://weekly.nixos.org/"; href = "https://weekly.nixos.org/";
image = image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
} }
{ {
label = "NixOS Security"; label = "NixOS Security";
href = "https://broken.sh/"; href = "https://broken.sh/";
image = image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
} }
{ {
label = "NixOS RFCs"; label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/"; href = "https://github.com/NixOS/rfcs/";
image = image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
} }
]; ];
} }

11
components/network/sshd/default.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }: {
pkgs,
config,
lib,
assets,
...
}:
with lib; with lib;
with types; with types;
let let
@ -6,8 +12,7 @@ let
cfg = config.components.network.sshd; cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here # maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner" sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
''; '';

8
components/network/sshd/known-hosts-manual.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, clanLib, ... }: {
pkgs,
config,
lib,
clanLib,
...
}:
with lib; with lib;
let let
publicKey = clanLib.readFact "ssh.id_ed25519.pub"; publicKey = clanLib.readFact "ssh.id_ed25519.pub";

64
components/network/sshd/known-hosts-public.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
config = mkIf (config.components.network.sshd.enable) { config = mkIf (config.components.network.sshd.enable) {
@ -28,65 +33,66 @@ with lib;
}; };
gitlab = { gitlab = {
hostNames = [ "gitlab.com" ]; hostNames = [ "gitlab.com" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
}; };
gitlab-bk = { gitlab-bk = {
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ]; hostNames = [
publicKey = "gitlab.bk-bund-berlin.de"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw="; "116.203.133.59"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
}; };
# space-left # space-left
gitlabSpaceLeft = { gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ]; hostNames = [ "git.space-left.org" ];
publicKey = publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
}; };
# c-base # c-base
"bnd-cbase" = { "bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ]; hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
}; };
"shell.cbase" = { "shell.cbase" = {
hostNames = [ "shell.c-base.org" ]; hostNames = [ "shell.c-base.org" ];
publicKey = publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
}; };
"kgb.cbase" = { "kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ]; hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
}; };
"cns.cbase" = { "cns.cbase" = {
hostNames = [ "cns.c-base.org" ]; hostNames = [ "cns.c-base.org" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
}; };
"lassulus" = { "lassulus" = {
hostNames = [ "[lassul.us]:45621" ]; hostNames = [ "[lassul.us]:45621" ];
publicKey = publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
}; };
renoise = { renoise = {
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ]; hostNames = [
publicKey = "*.renoise.com"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE="; "renoise.com"
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
}; };
git-renoise = { git-renoise = {
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ]; hostNames = [
publicKey = "[git.renoise.com]:2229"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH"; "[94.130.128.97]:2229"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
}; };
"siteground" = { "siteground" = {
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ]; hostNames = [
publicKey = "[es5.siteground.eu]:18765"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0="; "[37.60.224.6]:18765"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
}; };
"cracksucht.de" = { "cracksucht.de" = {
hostNames = [ "cracksucht.de" ]; hostNames = [ "cracksucht.de" ];
publicKey = publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
}; };
}; };

48
components/network/sshd/known-hosts-zerotier.nix
View file

@ -1,34 +1,34 @@
{ lib, config, clanLib, ... }: {
lib,
config,
clanLib,
...
}:
with lib; with lib;
with types; with types;
let let
machines = clanLib.allMachineNames; machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub"; publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain; tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines knownHosts = lib.genAttrs machines (machine: {
(machine: hostNames = [
{ "${machine}"
hostNames = [ "${machine}.${tld}"
"${machine}" "${machine}.private"
"${machine}.${tld}" ];
"${machine}.private" publicKey = publicKey machine;
]; });
publicKey = publicKey machine;
}
);
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub"; bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs' knownBootHosts = lib.mapAttrs' (
(machine: publicKey: nameValuePair machine: publicKey:
"boot_${machine}" nameValuePair "boot_${machine}" {
{ inherit publicKey;
inherit publicKey; hostNames = [
hostNames = [ "[${machine}]:2222"
"[${machine}]:2222" "[${machine}.public]:2222"
"[${machine}.public]:2222" ];
]; }
} ) bootMachines;
)
bootMachines;
in in
{ {

80
components/network/syncthing.nix
View file

@ -1,5 +1,13 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }: {
with lib; { config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
{
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ]; # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -19,7 +27,12 @@ with lib; {
id = facts."syncthing.pub"; id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ]; addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
}) })
(clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]); (
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: { device = machine: id: {
"${machine}" = { "${machine}" = {
name = machine; name = machine;
@ -30,20 +43,26 @@ with lib; {
in in
clanMachines clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF") // (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ") // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
;
settings.folders = { settings.folders = {
audiobooks = { audiobooks = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks"; path = lib.mkDefault "/tmp/audiobooks";
devices = [ "chungus" "orbi" ]; devices = [
"chungus"
"orbi"
];
}; };
books = { books = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books"; path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "2"; params.keep = "2";
@ -52,12 +71,20 @@ with lib; {
desktop = { desktop = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop"; path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
}; };
finance = { finance = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance"; path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -66,27 +93,46 @@ with lib; {
flix = { flix = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix"; path = lib.mkDefault "/tmp/flix";
devices = [ "chungus" "orbi" ]; devices = [
"chungus"
"orbi"
];
}; };
logseq = { logseq = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq"; path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" "iPhone" ]; devices = [
"chungus"
"cream"
"cherry"
"iPhone"
];
}; };
lectures = { lectures = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures"; path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ]; devices = [
"chungus"
"orbi"
];
}; };
oscar_cpap = { oscar_cpap = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap"; path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
}; };
password-store = { password-store = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store"; path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -96,7 +142,11 @@ with lib; {
share = { share = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store"; path = lib.mkDefault "/tmp/password-store";
devices = [ "cream" "cherry" "orbi" ]; devices = [
"cream"
"cherry"
"orbi"
];
}; };
}; };
}; };

37
components/network/tinc/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, factsGenerator, clanLib, ... }: {
lib,
config,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
{ {
@ -20,18 +26,21 @@ with lib;
}; };
config = mkMerge [ config = mkMerge [
(mkIf config.tinc.private.enable (import ./private.nix { (mkIf config.tinc.private.enable (
ipv4 = config.tinc.private.ipv4; import ./private.nix {
ipv6 = null; ipv4 = config.tinc.private.ipv4;
inherit (lib) optionalString concatStringsSep mapAttrsToList; ipv6 = null;
inherit config factsGenerator clanLib; inherit (lib) optionalString concatStringsSep mapAttrsToList;
})) inherit config factsGenerator clanLib;
(mkIf config.tinc.secret.enable (import ./secret.nix { }
ipv4 = config.tinc.secret.ipv4; ))
ipv6 = null; (mkIf config.tinc.secret.enable (
inherit (lib) optionalString concatStringsSep mapAttrsToList; import ./secret.nix {
inherit config factsGenerator clanLib; ipv4 = config.tinc.secret.ipv4;
})) ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
]; ];
} }

40
components/network/tinc/private.nix
View file

@ -1,12 +1,13 @@
{ ipv4 {
, ipv6 ipv4,
, config ipv6,
, optionalString config,
, concatStringsSep optionalString,
, factsGenerator concatStringsSep,
, mapAttrsToList factsGenerator,
, clanLib mapAttrsToList,
, ... clanLib,
...
}: }:
let let
hosts = { hosts = {
@ -51,35 +52,36 @@ in
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path; ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap"; interfaceType = "tap";
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
''; '';
hostSettings = { hostSettings = {
mobi = { mobi = {
subnets = [{ address = hosts.mobi; }]; subnets = [ { address = hosts.mobi; } ];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB"; settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
}; };
bobi = { bobi = {
subnets = [{ address = hosts.bobi; }]; subnets = [ { address = hosts.bobi; } ];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
}; };
cream = { cream = {
subnets = [{ address = hosts.cream; }]; subnets = [ { address = hosts.cream; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cream"; settings.Ed25519PublicKey = Ed25519PublicKey "cream";
}; };
cherry = { cherry = {
subnets = [{ address = hosts.cherry; }]; subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry"; settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
}; };
chungus = { chungus = {
subnets = [{ address = hosts.chungus; }]; subnets = [ { address = hosts.chungus; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "chungus"; settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
}; };
orbi = { orbi = {
addresses = [{ address = "95.216.66.212"; }]; addresses = [ { address = "95.216.66.212"; } ];
subnets = [{ address = hosts.orbi; }]; subnets = [ { address = hosts.orbi; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "orbi"; settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
}; };
}; };
@ -100,6 +102,8 @@ in
LinkLocalAddressing = no LinkLocalAddressing = no
''; '';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)); networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
} }

61
components/network/tinc/secret.nix
View file

@ -1,11 +1,12 @@
{ ipv4 {
, ipv6 ipv4,
, config ipv6,
, optionalString config,
, concatStringsSep optionalString,
, mapAttrsToList concatStringsSep,
, factsGenerator mapAttrsToList,
, ... factsGenerator,
...
}: }:
let let
port = 721; port = 721;
@ -23,31 +24,37 @@ in
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path; ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
Port = ${toString port} Port = ${toString port}
''; '';
hostSettings = { hostSettings = {
sternchen = { sternchen = {
subnets = [{ address = hosts.sternchen; }]; subnets = [ { address = hosts.sternchen; } ];
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB"; settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
}; };
cream = { cream = {
subnets = [{ address = hosts.cream; }]; subnets = [ { address = hosts.cream; } ];
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
}; };
cherry = { cherry = {
subnets = [{ address = hosts.cherry; }]; subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC"; settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
}; };
sterni = { sterni = {
subnets = [{ address = hosts.sterni; }]; subnets = [ { address = hosts.sterni; } ];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
}; };
robi = { robi = {
addresses = [{ address = "144.76.13.147"; port = port; }]; addresses = [
subnets = [{ address = hosts.robi; }]; {
address = "144.76.13.147";
port = port;
}
];
subnets = [ { address = hosts.robi; } ];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
}; };
}; };
@ -68,23 +75,37 @@ in
LinkLocalAddressing = no LinkLocalAddressing = no
''; '';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts); networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
services.openssh.knownHosts = { services.openssh.knownHosts = {
"cream.${network}" = { "cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ]; hostNames = [
"cream.${network}"
hosts.cream
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
}; };
"sternchen.${network}" = { "sternchen.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ]; hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
}; };
"sterni.${network}" = { "sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ]; hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
}; };
"robi" = { "robi" = {
hostNames = [ "robi.${network}" hosts.robi ]; hostNames = [
"robi.${network}"
hosts.robi
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
}; };
}; };

9
components/network/wifi.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -22,7 +27,6 @@ with types;
# Setting this value to 1 means to try activation once, without retry. # Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999; networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing. # because Networkd-wait-online is just failing.
@ -47,4 +51,3 @@ with types;
}; };
} }

2
components/network/wireguard.nix
View file

@ -28,6 +28,4 @@ with lib;
''; '';
}; };
} }

7
components/nixos/upgrade-diff.nix
View file

@ -1,5 +1,10 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
options.components.nixos.update-diff.enable = lib.mkOption { options.components.nixos.update-diff.enable = lib.mkOption {

8
components/terminal/bash.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.bash.enable = mkOption { options.components.terminal.bash.enable = mkOption {
@ -16,7 +21,6 @@ with lib;
interactiveShellInit = "set -o vi"; interactiveShellInit = "set -o vi";
shellAliases = { shellAliases = {
ls = "ls --color=tty"; ls = "ls --color=tty";
l = "ls -CFh"; l = "ls -CFh";

7
components/terminal/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal = { options.components.terminal = {

12
components/terminal/direnv.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.direnv.enable = mkOption { options.components.terminal.direnv.enable = mkOption {
@ -12,7 +17,10 @@ with lib;
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.direnv.enable = true; programs.direnv.enable = true;
programs.git.ignores = [ ".envrc" ".direnv" ]; programs.git.ignores = [
".envrc"
".direnv"
];
} }
]; ];

9
components/terminal/git.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.git.enable = mkOption { options.components.terminal.git.enable = mkOption {
@ -8,7 +13,6 @@ with lib;
config = mkIf (config.components.terminal.git.enable) { config = mkIf (config.components.terminal.git.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gita gita
@ -29,4 +33,3 @@ with lib;
]; ];
}; };
} }

7
components/terminal/heygpt.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
options.components.terminal.heygpt.enable = mkOption { options.components.terminal.heygpt.enable = mkOption {

31
components/terminal/hoard.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
hoardSrc = pkgs.fetchFromGitHub { hoardSrc = pkgs.fetchFromGitHub {
@ -31,10 +36,26 @@ in
config_home_path = "/home/palo/.config/hoard"; config_home_path = "/home/palo/.config/hoard";
trove_path = "/home/palo/.config/hoard/trove.yml"; trove_path = "/home/palo/.config/hoard/trove.yml";
query_prefix = " >"; query_prefix = " >";
primary_color = [ 87 142 87 ]; primary_color = [
secondary_color = [ 203 184 144 ]; 87
tertiary_color = [ 30 30 30 ]; 142
command_color = [ 30 30 30 ]; 87
];
secondary_color = [
203
184
144
];
tertiary_color = [
30
30
30
];
command_color = [
30
30
30
];
parameter_token = "#"; parameter_token = "#";
read_from_current_directory = true; read_from_current_directory = true;
}; };

9
components/terminal/remote-install.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.remote-install.enable = mkOption { options.components.terminal.remote-install.enable = mkOption {
@ -10,7 +15,7 @@ with lib;
services.tor = { services.tor = {
enable = true; enable = true;
client.enable = true; client.enable = true;
relay.onionServices.liveos.map = [{ port = 1337; }]; relay.onionServices.liveos.map = [ { port = 1337; } ];
}; };
environment.systemPackages = [ environment.systemPackages = [

304
components/terminal/wtf.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
@ -54,23 +59,29 @@ let
echo echo
''; '';
userHighlight = map ({ user, ... }: user) userHighlight =
(builtins.attrValues config.services.browser.configList) map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ]; ++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" '' activeUsers = pkgs.writers.writeBash "active-users" ''
${pkgs.procps}/bin/ps -eo user \ ${pkgs.procps}/bin/ps -eo user \
| ${pkgs.gnused}/bin/sed '1 d' \ | ${pkgs.gnused}/bin/sed '1 d' \
| ${pkgs.coreutils}/bin/sort \ | ${pkgs.coreutils}/bin/sort \
| ${pkgs.coreutils}/bin/uniq \ | ${pkgs.coreutils}/bin/uniq \
| ${pkgs.gnugrep}/bin/egrep --color=always '(${ | ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
pkgs.lib.concatStringsSep "|" userHighlight
})|$'
''; '';
# default settings # default settings
wtfModule = wtfModule =
args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }: args@{
height ? 1,
width ? 1,
top,
left,
enabled ? true,
type,
...
}:
{ {
enabled = enabled; enabled = enabled;
focusable = false; focusable = false;
@ -78,107 +89,157 @@ let
position.left = left; position.left = left;
position.height = height; position.height = height;
position.width = width; position.width = width;
} // (lib.filterAttrs }
(key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ]) // (lib.filterAttrs (
args); key: _:
lib.all (x: x != key) [
"height"
"width"
"top"
"left"
]
) args);
# command runner module # command runner module
cmdRunner = args@{ cmd, ... }: cmdRunner =
wtfModule ({ args@{ cmd, ... }:
type = "cmdrunner"; wtfModule (
focusable = false; {
refreshInterval = 300; type = "cmdrunner";
} // args); focusable = false;
refreshInterval = 300;
}
// args
);
modules = { modules = {
inherit cmdRunner; inherit cmdRunner;
digitalclock = args@{ top, left, ... }: digitalclock =
cmdRunner ({ args@{ top, left, ... }:
cmd = pkgs.writers.writeDash "clock" '' cmdRunner (
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"` {
${pkgs.coreutils}/bin/date +"%B %d %Y" cmd = pkgs.writers.writeDash "clock" ''
''; ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
title = ""; ${pkgs.coreutils}/bin/date +"%B %d %Y"
refreshInterval = 30; '';
} // args); title = "";
refreshInterval = 30;
}
// args
);
clocks = args@{ top, left, ... }: clocks =
wtfModule ({ args@{ top, left, ... }:
type = "clocks"; wtfModule (
title = ""; {
border = false; type = "clocks";
colors.rows = { title = "";
even = "white"; border = false;
odd = "white"; colors.rows = {
}; even = "white";
locations = { odd = "white";
UTC = "Etc/UTC"; };
Berlin = "Europe/Berlin"; locations = {
Thailand = "Asia/Bangkok"; UTC = "Etc/UTC";
#Cuba = "America/Havana"; Berlin = "Europe/Berlin";
#Wellington = "Pacific/Auckland"; Thailand = "Asia/Bangkok";
}; #Cuba = "America/Havana";
sort = "alphabetical"; #Wellington = "Pacific/Auckland";
refreshInterval = 60; };
} // args); sort = "alphabetical";
refreshInterval = 60;
}
// args
);
resourceusage = args@{ top, left, ... }: resourceusage =
wtfModule ({ args@{ top, left, ... }:
type = "resourceusage"; wtfModule (
title = ""; {
cpuCombined = false; type = "resourceusage";
refreshInterval = 5; title = "";
} // args); cpuCombined = false;
refreshInterval = 5;
}
// args
);
power = args@{ top, left, ... }: power =
wtfModule ({ args@{ top, left, ... }:
type = "power"; wtfModule (
title = ""; {
refreshInterval = 100; type = "power";
} // args); title = "";
refreshInterval = 100;
}
// args
);
prettyweather = args@{ top, left, ... }: prettyweather =
wtfModule ({ args@{ top, left, ... }:
type = "prettyweather"; wtfModule (
title = ""; {
city = "Essen"; type = "prettyweather";
unit = "m"; title = "";
view = 0; city = "Essen";
language = "en"; unit = "m";
refreshInterval = 3600; view = 0;
} // args); language = "en";
refreshInterval = 3600;
}
// args
);
feedreader = args@{ top, left, feeds, ... }: feedreader =
wtfModule ({ args@{
type = "feedreader"; top,
title = ""; left,
refreshInterval = 3600; feeds,
focusable = true; ...
#feedLimit = 10; }:
colors.rows = { wtfModule (
even = "white"; {
odd = "white"; type = "feedreader";
}; title = "";
} // args); refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
}
// args
);
github = args@{ top, left, username, apiKey, ... }: github =
wtfModule ({ args@{
type = "github"; top,
title = ""; left,
refreshInterval = 3600; username,
feedlimit = 10; apiKey,
...
}:
wtfModule (
{
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
enableStatus = true; enableStatus = true;
# customQueries: # customQueries:
# othersPRs: # othersPRs:
# title: "Others Pull Requests" # title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil" # filter: "is:open is:pr -author:wtfutil"
# repositories: # repositories:
# - "wtfutil/wtf" # - "wtfutil/wtf"
# - "wtfutil/docs" # - "wtfutil/docs"
# - "umbrella-corp/wesker-api" # - "umbrella-corp/wesker-api"
} // args); }
// args
);
}; };
@ -191,8 +252,20 @@ let
normal = "green"; normal = "green";
}; };
grid = { grid = {
columns = [ 28 0 0 ]; columns = [
rows = [ 9 9 9 9 9 9 0 ]; 28
0
0
];
rows = [
9
9
9
9
9
9
0
];
}; };
refreshInterval = 1; refreshInterval = 1;
mods = with modules; { mods = with modules; {
@ -227,8 +300,7 @@ let
top = 4; top = 4;
left = 1; left = 1;
height = 1; height = 1;
feeds = feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
}; };
nixos = feedreader { nixos = feedreader {
title = "NixOS Weekly"; title = "NixOS Weekly";
@ -265,8 +337,20 @@ let
normal = "green"; normal = "green";
}; };
grid = { grid = {
columns = [ 33 12 28 36 0 ]; columns = [
rows = [ 9 4 6 6 0 ]; 33
12
28
36
0
];
rows = [
9
4
6
6
0
];
}; };
refreshInterval = 1; refreshInterval = 1;
mods = with modules; { mods = with modules; {
@ -312,7 +396,12 @@ let
calendar = cmdRunner { calendar = cmdRunner {
title = ""; title = "";
args = [ "-3" "--monday" "--color=never" "-w" ]; args = [
"-3"
"--monday"
"--color=never"
"-w"
];
cmd = "cal"; cmd = "cal";
top = 1; top = 1;
left = 1; left = 1;
@ -374,9 +463,12 @@ let
}; };
}; };
createDashboard = { json, name }: createDashboard =
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json); { json, name }:
in pkgs.writers.writeBashBin name '' let
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in
pkgs.writers.writeBashBin name ''
${pkgs.wtf}/bin/wtfutil --config=${toString configuration} ${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
''; '';

7
components/terminal/zsh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.zsh.enable = mkOption { options.components.terminal.zsh.enable = mkOption {

7
components/virtualisation/docker.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/podman.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/qemu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/virtualbox.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

8
components/yubikey.nix
View file

@ -1,7 +1,12 @@
# References: # References:
# * https://github.com/drduh/YubiKey-Guide # * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey # * https://nixos.wiki/wiki/Yubikey
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
@ -16,7 +21,6 @@ with lib;
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = [ environment.systemPackages = [
pkgs.yubikey-personalization pkgs.yubikey-personalization

13
features/boot/ssh.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }: {
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
with types; with types;
@ -11,8 +18,7 @@ with types;
kernelModules = mkOption { kernelModules = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [ ];
description = description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
"nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
}; };
}; };
@ -42,4 +48,3 @@ with types;
}; };
} }

47
features/boot/tor.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }: {
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -16,14 +23,13 @@ with types;
name = "initrd"; name = "initrd";
addressPrefix = "init"; addressPrefix = "init";
}; };
boot.initrd.secrets = boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) genAttrs [
(genAttrs [ "hostname"
"hostname" "hs_ed25519_public_key"
"hs_ed25519_public_key" "hs_ed25519_secret_key"
"hs_ed25519_secret_key" ] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
] );
(secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path));
boot.initrd.systemd.storePaths = [ boot.initrd.systemd.storePaths = [
pkgs.tor pkgs.tor
@ -43,7 +49,10 @@ with types;
boot.initrd.systemd.services.tor = { boot.initrd.systemd.services.tor = {
description = "tor during init"; description = "tor during init";
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
after = [ "network.target" "initrd-nixos-copy-secrets.service" ]; after = [
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ]; before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ]; conflicts = [ "shutdown.target" ];
@ -53,17 +62,15 @@ with types;
pkgs.iproute2 pkgs.iproute2
pkgs.coreutils pkgs.coreutils
]; ];
script = script = ''
'' echo "tor: preparing onion folder"
echo "tor: preparing onion folder" # have to do this otherwise tor does not want to start
# have to do this otherwise tor does not want to start chmod -R 700 /etc/tor
chmod -R 700 /etc/tor
echo "tor: starting tor" echo "tor: starting tor"
tor -f /etc/tor/tor.rc --verify-config tor -f /etc/tor/tor.rc --verify-config
tor -f /etc/tor/tor.rc tor -f /etc/tor/tor.rc
''; '';
}; };
}; };
} }

7
features/network/fail2ban.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
options.features.network.fail2ban.enable = mkOption { options.features.network.fail2ban.enable = mkOption {

8
features/network/sshguard.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }: {
pkgs,
config,
lib,
assets,
...
}:
with lib; with lib;
with types; with types;
{ {

7
homes/common/oh-my-posh/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
programs.oh-my-posh = { programs.oh-my-posh = {

4
homes/common/oh-my-posh/gmay.json
View file

@ -86,7 +86,9 @@
}, },
{ {
"background": "#427B58", "background": "#427B58",
"background_templates": ["{{ if gt .Code 0 }}#9D0006{{ end }}"], "background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2", "foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>", "leading_diamond": "<transparent,background>\ue0b0</>",
"properties": { "properties": {

8
homes/common/oh-my-posh/gruvbox.json
View file

@ -13,9 +13,13 @@
}, },
{ {
"background": "#fbf1c7", "background": "#fbf1c7",
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"], "background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828", "foreground": "#282828",
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"], "foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0", "powerline_symbol": "\ue0b0",
"style": "powerline", "style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ", "template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",

8
homes/common/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -41,7 +46,6 @@ with lib;
} }
(mkIf config.gui.enable { (mkIf config.gui.enable {
home.packages = [ home.packages = [
libreoffice libreoffice

7
homes/common/terminal.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, assets, ... }: {
lib,
pkgs,
assets,
...
}:
{ {
programs.zsh = { programs.zsh = {

7
homes/common/zfs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

3
homes/palo/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ imports = [
../common ../common

7
homes/palo/doom-emacs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
config = mkMerge [ config = mkMerge [

11
homes/palo/git.nix
View file

@ -10,7 +10,15 @@ with pkgs;
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true; signByDefault = true;
}; };
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ]; ignores = [
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
extraConfig = { extraConfig = {
init.defaultBranch = "main"; init.defaultBranch = "main";
pull.ff = "only"; pull.ff = "only";
@ -19,7 +27,6 @@ with pkgs;
difftastic.enable = true; difftastic.enable = true;
}; };
home.packages = [ home.packages = [
pre-commit pre-commit
gita gita

3
homes/palo/gpg.nix
View file

@ -12,8 +12,7 @@
keyserver = "keyserver.ubuntu.com"; keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512"; personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512"; cert-digest-algo = "SHA512";
default-preference-list = default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
}; };
}; };

7
homes/palo/gui/alacritty.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {

8
homes/palo/gui/kitty.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
with lib; with lib;
{ {
@ -31,6 +36,5 @@ with lib;
}; };
}; };
}; };
} }

1
homes/palo/hyperland.nix
View file

@ -158,4 +158,3 @@
''; '';
} }

62
homes/palo/i3.nix
View file

@ -1,8 +1,20 @@
{ config, lib, pkgs, osConfig, ... }: {
config,
lib,
pkgs,
osConfig,
...
}:
with lib; with lib;
let let
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; }; rofi = pkgs.rofi.override {
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
backgroundCommand = pkgs.writers.writeDash "background" '' backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \ ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -140,21 +152,25 @@ in
focus = { focus = {
followMouse = true; followMouse = true;
}; };
colors.focused = colors.focused = with config.lib.stylix.colors.withHashtag; {
with config.lib.stylix.colors.withHashtag; # stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup = [
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ {
# stylix color overrides command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
border = lib.mkForce base08; always = true;
background = lib.mkForce base0A; }
text = lib.mkForce base00; {
}; command = toString backgroundCommand;
startup = always = true;
[ }
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; } {
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; } command = toString (
{ command = toString backgroundCommand; always = true; } pkgs.writers.writeDash "xsettings" ''
{
command = toString (pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X # to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost + ${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap # no shitty pcspkr crap
@ -162,13 +178,15 @@ in
# no sleeping monitor # no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms ${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off ${pkgs.xorg.xset}/bin/xset s off
''); ''
always = true; );
} always = true;
]; }
];
bars = [ bars = [
(config.lib.stylix.i3.bar // (
{ config.lib.stylix.i3.bar
// {
#mode = "hide"; #mode = "hide";
hiddenState = "hide"; hiddenState = "hide";
position = "top"; position = "top";

55
homes/palo/packages/development.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -29,15 +34,18 @@ with lib;
jetbrains.pycharm-professional jetbrains.pycharm-professional
# planing # planing
((ganttproject-bin.override { (
jre = pkgs.openjdk11; (ganttproject-bin.override {
}).overrideAttrs (old: { jre = pkgs.openjdk11;
version = "3.1.3100"; }).overrideAttrs
src = pkgs.fetchzip { (old: {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip"; version = "3.1.3100";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4="; src = pkgs.fetchzip {
}; url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
})) sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
})
)
# Pkl # Pkl
# --- # ---
@ -101,7 +109,8 @@ with lib;
{ {
home.packages = home.packages =
let let
pandocScript = { inputFormat, outputFormat }: pandocScript =
{ inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" '' pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \ ${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \ --from ${inputFormat} \
@ -135,10 +144,26 @@ with lib;
${pkgs.less}/bin/less ${pkgs.less}/bin/less
'') '')
] ++ (map pandocScript (lib.cartesianProduct { ]
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ]; ++ (map pandocScript (
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ]; lib.cartesianProduct {
})); inputFormat = [
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
} }
]; ];

7
homes/palo/packages/graphics.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

7
homes/palo/packages/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

7
homes/palo/packages/media.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

33
homes/palo/packages/nextcloud.nix
View file

@ -1,10 +1,16 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
let let
nextcloud-client = pkgs.legacy_2311.nextcloud-client; nextcloud-client = pkgs.legacy_2311.nextcloud-client;
nextcloudSync = folder: nextcloudSync =
folder:
let let
password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )"; password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
user = "palo"; user = "palo";
@ -16,19 +22,18 @@ let
"https://${user}:${password}@nextcloud.ingolf-wagner.de" "https://${user}:${password}@nextcloud.ingolf-wagner.de"
''; '';
borrow = pkgs.writers.writeDashBin "borrow" borrow = pkgs.writers.writeDashBin "borrow" ''
'' ${getExe hledger-ui} \
${getExe hledger-ui} \ --all \
--all \ --theme=terminal \
--theme=terminal \ --file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
--file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
${getExe gum} confirm \ ${getExe gum} confirm \
--affirmative="update" \ --affirmative="update" \
--negative="skip" \ --negative="skip" \
--default=false \ --default=false \
"Syncronize with Nextcloud?" && ${getExe(nextcloudSync "Unterlagen")} "Syncronize with Nextcloud?" && ${getExe (nextcloudSync "Unterlagen")}
''; '';
in in
{ {

8
homes/palo/packages/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -8,7 +13,6 @@ with lib;
# ¯\_(ツ)_/¯ # ¯\_(ツ)_/¯
home.packages = [ home.packages = [
nixos-shell nixos-shell
# bluetooth gui # bluetooth gui

7
homes/palo/packages/social.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

7
homes/palo/ssh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
home.packages = [ pkgs.sshuttle ]; home.packages = [ pkgs.sshuttle ];

143
homes/palo/taskwarrior.nix
View file

@ -1,29 +1,47 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }: mkMagicMergeOption =
{
description ? "",
example ? { },
default ? { },
apply ? id,
...
}:
mkOption { mkOption {
inherit example description default apply; inherit
type = with lib.types; example
description
default
apply
;
type =
with lib.types;
let let
valueType = nullOr valueType =
(oneOf [ nullOr (oneOf [
bool bool
int int
float float
str str
(attrsOf valueType) (attrsOf valueType)
(listOf valueType) (listOf valueType)
]) // { ])
description = "bool, int, float or str"; // {
emptyValue.value = { }; description = "bool, int, float or str";
}; emptyValue.value = { };
};
in in
valueType; valueType;
}; };
taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui; taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
in in
@ -31,69 +49,72 @@ in
{ {
# bugwarrior (a bit fiddly) # bugwarrior (a bit fiddly)
imports = [{ imports = [
{
options.bugwarrior.config = mkMagicMergeOption { options.bugwarrior.config = mkMagicMergeOption {
type = attrs; type = attrs;
default = { }; default = { };
}; };
config = { config = {
home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config; home.file.".config/bugwarrior/bugwarrior.toml".source =
# todo : before deleting this, put it in logseq (pkgs.formats.toml { }).generate "bugwarriorrc.toml"
config.bugwarrior.config;
# todo : before deleting this, put it in logseq
home.packages = [ home.packages = [
(pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: { (pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop"; version = "develop";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "ralphbean"; owner = "ralphbean";
repo = "bugwarrior"; repo = "bugwarrior";
rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1"; rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1";
sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs="; sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs=";
}; };
propagatedBuildInputs = old.propagatedBuildInputs ++ [ propagatedBuildInputs = old.propagatedBuildInputs ++ [
pkgs.legacy_2311.python3Packages.pydantic pkgs.legacy_2311.python3Packages.pydantic
pkgs.legacy_2311.python3Packages.tomli pkgs.legacy_2311.python3Packages.tomli
pkgs.legacy_2311.python3Packages.email-validator pkgs.legacy_2311.python3Packages.email-validator
pkgs.legacy_2311.python3Packages.packaging pkgs.legacy_2311.python3Packages.packaging
]; ];
})) }))
]; ];
}; };
}]; }
];
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
home.packages = with pkgs; home.packages = with pkgs; [
[
taskwarrior taskwarrior
taskwarrior-tui taskwarrior-tui
timewarrior timewarrior
tasksh tasksh
taskwarrior-hooks taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'') (pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
vit vit
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active") (pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo") (pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
(pkgs.writers.writeBashBin "calendar" '' (pkgs.writers.writeBashBin "calendar" ''
${pkgs.taskwarrior}/bin/task calendar ${pkgs.taskwarrior}/bin/task calendar
${pkgs.taskwarrior}/bin/task calendar_report ${pkgs.taskwarrior}/bin/task calendar_report
'') '')
# todo : belongs to calendar.nix # todo : belongs to calendar.nix
vdirsyncer vdirsyncer
khal khal
(pkgs.writers.writeBashBin "kalendar" '' (pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync ${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal ${pkgs.khal}/bin/ikhal
'') '')
]; ];
}; };

23
homes/tina/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -6,13 +11,17 @@ with lib;
home.packages = [ home.packages = [
logseq logseq
]; ];
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json" home.file.".config/Logseq/Preferences".source =
{ (pkgs.formats.json { }).generate "LogseqPreferences.json"
spellcheck = { {
dictionaries = [ "en-US" "de-DE" ]; spellcheck = {
dictionary = ""; dictionaries = [
"en-US"
"de-DE"
];
dictionary = "";
};
}; };
};
}; };
} }

10
homes/tina/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -25,10 +30,7 @@ with lib;
pdfarranger pdfarranger
calibre calibre
]; ];
}; };
} }

34
images/lib/remote-access.nix
View file

@ -1,11 +1,16 @@
{ {
# cat ~/.ssh/id_rsa.pub # cat ~/.ssh/id_rsa.pub
publicSshKey ? "" publicSshKey ? "",
, # remote-install-get-hiddenReceiver # remote-install-get-hiddenReceiver
hiddenReceiver ? "" hiddenReceiver ? "",
,
}: }:
{ config, lib, pkgs, ... }: { {
config,
lib,
pkgs,
...
}:
{
imports = [ imports = [
{ {
@ -13,7 +18,9 @@
networking.hostName = "liveos"; networking.hostName = "liveos";
users.extraUsers = { users.extraUsers = {
root = { openssh.authorizedKeys.keys = [ publicSshKey ]; }; root = {
openssh.authorizedKeys.keys = [ publicSshKey ];
};
}; };
} }
{ {
@ -104,15 +111,20 @@
client.enable = true; client.enable = true;
relay.onionServices.hidden-ssh = { relay.onionServices.hidden-ssh = {
version = 3; version = 3;
map = [{ map = [
port = 22; {
target.port = 22; port = 22;
}]; target.port = 22;
}
];
}; };
}; };
systemd.services.hidden-ssh-announce = { systemd.services.hidden-ssh-announce = {
description = "irc announce hidden ssh"; description = "irc announce hidden ssh";
after = [ "tor.service" "network-online.target" ]; after = [
"tor.service"
"network-online.target"
];
wants = [ "tor.service" ]; wants = [ "tor.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {

25
images/machine-init-configuration.nix
View file

@ -1,15 +1,19 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = imports = [
[ # Include the results of the hardware scan.
# Include the results of the hardware scan. ./hardware-configuration.nix
./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix" "${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
(import ./disko-config.nix { }) (import ./disko-config.nix { })
]; ];
networking.hostName = "nixos"; networking.hostName = "nixos";
@ -42,7 +46,9 @@
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
@ -52,5 +58,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

3
images/remote-install/config.nix
View file

@ -4,8 +4,7 @@ let
remote-access = import ../lib/remote-access.nix { remote-access = import ../lib/remote-access.nix {
# cat ~/.ssh/id_rsa.pub # cat ~/.ssh/id_rsa.pub
publicSshKey = publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
# remote-install-get-hiddenReceiver # remote-install-get-hiddenReceiver
hiddenReceiver = ""; hiddenReceiver = "";

2
images/remote-install/remote-install.nix
View file

@ -3,7 +3,7 @@
services.tor = { services.tor = {
enable = true; enable = true;
client.enable = true; client.enable = true;
relay.onionServices.liveos.map = [{ port = 1337; }]; relay.onionServices.liveos.map = [ { port = 1337; } ];
}; };
environment.systemPackages = [ environment.systemPackages = [

18
images/translate-setup/audio.nix
View file

@ -1,10 +1,22 @@
{ pkgs, lib, config, ... }: { {
users.users.mainUser.extraGroups = [ "audio" "pipewire" ]; pkgs,
lib,
config,
...
}:
{
users.users.mainUser.extraGroups = [
"audio"
"pipewire"
];
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
environment.systemPackages = with pkgs; [ alsaUtils pavucontrol ]; environment.systemPackages = with pkgs; [
alsaUtils
pavucontrol
];
} }

13
images/translate-setup/config.nix
View file

@ -1,6 +1,15 @@
{ pkgs, lib, config, ... }: { {
pkgs,
lib,
config,
...
}:
{
imports = [ ./x11.nix ./audio.nix ]; imports = [
./x11.nix
./audio.nix
];
#networking.networkmanager.enable = true; #networking.networkmanager.enable = true;
#networking.wireless.enable = false; #networking.wireless.enable = false;

15
images/translate-setup/x11.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, ... }: { {
pkgs,
config,
lib,
...
}:
{
services.xserver = { services.xserver = {
enable = true; enable = true;
@ -44,6 +50,11 @@
# Packages # Packages
# -------- # --------
environment.systemPackages = with pkgs; [ flameshot pavucontrol mumble vlc ]; environment.systemPackages = with pkgs; [
flameshot
pavucontrol
mumble
vlc
];
} }

23
images/usb-init-configuration.nix
View file

@ -1,17 +1,19 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = [
imports = # Include the results of the hardware scan.
[ ./hardware-configuration.nix
# Include the results of the hardware scan. ];
./hardware-configuration.nix
];
networking.hostName = "nixos"; networking.hostName = "nixos";
# grub configuraton # grub configuraton
# ----------------- # -----------------
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -41,7 +43,9 @@
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
@ -51,5 +55,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

8
images/windows-rescue/config.nix
View file

@ -8,8 +8,7 @@ let
plainTextPassword = ""; plainTextPassword = "";
}; };
remote-access = import ../lib/remote-access.nix { remote-access = import ../lib/remote-access.nix {
publicSshKey = publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
hiddenReceiver = ""; hiddenReceiver = "";
}; };
in in
@ -17,7 +16,10 @@ in
imports = [ remote-access ]; imports = [ remote-access ];
environment.systemPackages = [ pkgs.chntpw pkgs.ntfs3g ]; environment.systemPackages = [
pkgs.chntpw
pkgs.ntfs3g
];
networking.dhcpcd.enable = true; networking.dhcpcd.enable = true;
networking.wireless = { networking.wireless = {

3
images/yubikey-image.nix
View file

@ -12,8 +12,7 @@ let
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq"; sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
}; };
buildInputs = [ pkgs.pandoc ]; buildInputs = [ pkgs.pandoc ];
installPhase = installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
"pandoc --highlight-style pygments -s --toc README.md -o $out";
}; };
in in
{ {

39
lib/clanlib.nix
View file

@ -3,17 +3,14 @@ let
allMachineNames = lib.mapAttrsToList (name: _: name) (builtins.readDir machineDir); allMachineNames = lib.mapAttrsToList (name: _: name) (builtins.readDir machineDir);
getFactPath = fact: machine: getFactPath = fact: machine: "${machineDir}/${machine}/facts/${fact}";
"${machineDir}/${machine}/facts/${fact}";
readFact = fact: machine: readFact =
fact: machine:
let let
path = getFactPath fact machine; path = getFactPath fact machine;
in in
if builtins.pathExists path then if builtins.pathExists path then builtins.readFile path else null;
builtins.readFile path
else
null;
# Example: # Example:
# #
@ -22,7 +19,8 @@ let
# machineA = "1.2.3.4"; # machineA = "1.2.3.4";
# machineB = "5.6.7.8"; # machineB = "5.6.7.8";
# }; # };
readFactFromAllMachines = fact: readFactFromAllMachines =
fact:
let let
machines = allMachineNames; machines = allMachineNames;
facts = lib.genAttrs machines (readFact fact); facts = lib.genAttrs machines (readFact fact);
@ -47,18 +45,27 @@ let
# "synching.pub" = "23456719"; # "synching.pub" = "23456719";
# }; # };
# }; # };
readFactsFromAllMachines = facts: readFactsFromAllMachines =
facts:
let let
# machine -> fact -> factvalue # machine -> fact -> factvalue
machinesFactsAttrs = lib.genAttrs allMachineNames (machine: lib.genAttrs facts (fact: readFact fact machine)); machinesFactsAttrs = lib.genAttrs allMachineNames (
machine: lib.genAttrs facts (fact: readFact fact machine)
);
# remove all machines which don't have all facts set # remove all machines which don't have all facts set
filteredMachineFactAttrs = filteredMachineFactAttrs = lib.filterAttrs (
lib.filterAttrs (_machine: values: builtins.all (fact: values.${fact} != null) facts) _machine: values: builtins.all (fact: values.${fact} != null) facts
machinesFactsAttrs; ) machinesFactsAttrs;
in in
filteredMachineFactAttrs; filteredMachineFactAttrs;
in in
{ inherit allMachineNames getFactPath readFact readFactFromAllMachines readFactsFromAllMachines; } {
inherit
allMachineNames
getFactPath
readFact
readFactFromAllMachines
readFactsFromAllMachines
;
}

13
machines/cherry/37c3.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
interface = "wlp170s0"; interface = "wlp170s0";
in in
@ -26,9 +31,9 @@ in
phase2-auth = "pap"; phase2-auth = "pap";
altsubject-matches = "DNS:radius.c3noc.net"; altsubject-matches = "DNS:radius.c3noc.net";
ca-cert = "${builtins.fetchurl { ca-cert = "${builtins.fetchurl {
url = "https://letsencrypt.org/certs/isrgrootx1.pem"; url = "https://letsencrypt.org/certs/isrgrootx1.pem";
sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
}}"; }}";
}; };
ipv4 = { ipv4 = {
method = "auto"; method = "auto";

21
machines/cherry/configuration.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = [ imports = [
@ -37,7 +42,6 @@
# (promptKey "pushover.user_key") // # (promptKey "pushover.user_key") //
# (promptKey "pushover.api_key"); # (promptKey "pushover.api_key");
components.virtualisation.enable = true; components.virtualisation.enable = true;
components.gui.enable = true; components.gui.enable = true;
@ -52,11 +56,13 @@
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi
#components.monitor.opentelemetry.exporter.debug = "logs"; #components.monitor.opentelemetry.exporter.debug = "logs";
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
home-manager.users.mainUser.bugwarrior.config = { home-manager.users.mainUser.bugwarrior.config = {
general = { general = {
targets = [ "terranix" "my_github" ]; targets = [
"terranix"
"my_github"
];
log_level = "INFO"; log_level = "INFO";
static_fields = [ "priority" ]; static_fields = [ "priority" ];
merge_annotations = false; merge_annotations = false;
@ -84,12 +90,15 @@
add_tags = "github"; add_tags = "github";
include_user_issues = true; include_user_issues = true;
include_user_repos = true; include_user_repos = true;
exclude_repos = [ "azubi" "csv-to-qif" "stepp0r" ]; exclude_repos = [
"azubi"
"csv-to-qif"
"stepp0r"
];
}; };
# todo : add github issues # todo : add github issues
}; };
users.users.mainUser.extraGroups = [ "pipewire" ]; users.users.mainUser.extraGroups = [ "pipewire" ];
services.nginx.enable = true; services.nginx.enable = true;

9
machines/cherry/hardware-configuration/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, factsGenerator, ... }: {
lib,
config,
factsGenerator,
...
}:
{ {
imports = [ imports = [
./disko-config.nix ./disko-config.nix
@ -24,6 +29,4 @@
ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none" ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
''; '';
} }

1
machines/cherry/hardware-configuration/disko-config.nix
View file

@ -70,4 +70,3 @@
}; };
} }

4
machines/cherry/hardware-configuration/graphics.nix
View file

@ -14,6 +14,8 @@
hardware.graphics.enable32Bit = true; hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ]; hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ];
environment.sessionVariables = { LIBVA_DRIVER_NAME = "i965"; }; # Optionally, set the environment variable environment.sessionVariables = {
LIBVA_DRIVER_NAME = "i965";
}; # Optionally, set the environment variable
} }

23
machines/cherry/hardware-configuration/hardware-configuration.nix
View file

@ -1,15 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/installer/scan/not-detected.nix") ];
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

6
machines/cherry/network-tinc_retiolum.nix
View file

@ -7,8 +7,10 @@
networking.retiolum.nodename = "cherry"; networking.retiolum.nodename = "cherry";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; ed25519PrivateKeyFile =
rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
}; };
#fileSystems."/retiolum/sicily" = { #fileSystems."/retiolum/sicily" = {

7
machines/cherry/network-wireguard-wg0.nix
View file

@ -1,4 +1,9 @@
{ config, factsGenerator, clanLib, ... }: {
config,
factsGenerator,
clanLib,
...
}:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };

8
machines/cherry/network-wireguard-wg1.nix
View file

@ -14,10 +14,14 @@
}; };
home-manager.users.root.home.packages = [ home-manager.users.root.home.packages = [
(pkgs.writers.writeBashBin "wg1-up" '' (pkgs.writers.writeBashBin "wg1-up" ''
${pkgs.wireguard-tools}/bin/wg-quick up ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} ${pkgs.wireguard-tools}/bin/wg-quick up ${
config.clan.core.facts.services.wg1.secret."wg1.conf".path
}
'') '')
(pkgs.writers.writeBashBin "wg1-down" '' (pkgs.writers.writeBashBin "wg1-down" ''
${pkgs.wireguard-tools}/bin/wg-quick down ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} ${pkgs.wireguard-tools}/bin/wg-quick down ${
config.clan.core.facts.services.wg1.secret."wg1.conf".path
}
'') '')
]; ];
} }

Some files were not shown because too many files have changed in this diff Show more