palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixing issues

Browse source
This commit is contained in:
Ingolf Wagner 2022-01-17 11:57:52 +01:00
parent 2abf05bc0f
commit 875620e809
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
15 changed files with 160 additions and 309 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
flake.lock
View file

@ -62,11 +62,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1642323992,
"narHash": "sha256-neExsJomuWP9/lv1VcXCAYOQ0L7qPAnx8q0YbFA2zpQ=",
"lastModified": 1642346088,
"narHash": "sha256-6eCncK+8z+ynx/27RQXZ+TQ+ska6O+4Fext6m9UeJlQ=",
"ref": "main",
"rev": "c6b452df2d10b24e21b746b09f1ff5b1fd9ee850",
"revCount": 28,
"rev": "13da61941ec17320e368c035755870ad3df38395",
"revCount": 30,
"type": "git",
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
},

3
nixos/configs/pepe/mail-fetcher.nix
View file

@ -322,8 +322,7 @@ let
tags = [ "+hetzner" ];
}
{
query =
"to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
query = "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
}
{

91
nixos/configs/pepe/mpd.nix
View file

@ -23,73 +23,56 @@
};
users.groups.spotifyd = { };
sops.secrets.spotify_pass = {
owner = "spotifyd";
};
sops.secrets.spotify_user = {
owner = "spotifyd";
};
sops.secrets.spotify_pass.owner = "spotifyd";
sops.secrets.spotify_user.owner = "spotifyd";
services.spotifyd.enable = true;
services.spotifyd.config = ''
[global]
username_cmd = "cat ${config.sops.secrets.spotify_user.path}"
password_cmd = "cat ${config.sops.secrets.spotify_pass.path}"
backend = "alsa" # use portaudio for macOS [homebrew]
# The alsa audio device to stream audio to. To get a
# list of valid devices, run `aplay -L`,
#device = "alsa_audio_device" # omit for macOS
# The alsa mixer used by `spotifyd`.
mixer = "PCM" # omit for macOS
services.spotifyd.settings = {
global = {
# A script that gets evaluated in the user's shell when the song changes [aliases: onevent]
on-song-change-hook = "${pkgs.mpc_cli}/bin/mpc --host localhost --port 6600 stop"
username_cmd = "cat ${config.sops.secrets.spotify_user.path}";
password_cmd = "cat ${config.sops.secrets.spotify_pass.path}";
backend = "alsa"; # use portaudio for macOS [homebrew]
# The volume controller. Each one behaves different to
# volume increases. For possible values, run
# `spotifyd --help`.
volume_controller = "alsa" # use softvol for macOS
# The alsa mixer used by `spotifyd`.
mixer = "PCM";
# The name that gets displayed under the connect tab on
# official clients. Spaces are not allowed!
device_name = "DJane"
# A script that gets evaluated in the user's shell when the song changes [aliases: onevent]
on-song-change-hook = "${pkgs.mpc_cli}/bin/mpc --host localhost --port 6600 stop";
# The audio bitrate. 96, 160 or 320 kbit/s
bitrate = 320
# The volume controller. Each one behaves different to
# volume increases. For possible values, run
# `spotifyd --help`.
volume_controller = "alsa";
# The directory used to cache audio data. This setting can save
# a lot of bandwidth when activated, as it will avoid re-downloading
# audio files when replaying them.
#
# Note: The file path does not get expanded. Environment variables and
# shell placeholders like $HOME or ~ don't work!
#cache_path = "cache_directory"
# The name that gets displayed under the connect tab on
# official clients. Spaces are not allowed!
device_name = "DJane";
# If set to true, audio data does NOT get cached.
no_audio_cache = true
# The audio bitrate. 96, 160 or 320 kbit/s
bitrate = 320;
# Volume on startup between 0 and 100
# NOTE: This variable's type will change in v0.4, to a number (instead of string)
initial_volume = "90"
# If set to true, audio data does NOT get cached.
no_audio_cache = true;
# If set to true, enables volume normalisation between songs.
volume_normalisation = false
# Volume on startup between 0 and 100
# NOTE: This variable's type will change in v0.4, to a number (instead of string)
initial_volume = "90";
# The normalisation pregain that is applied for each song.
# normalisation_pregain = -10
# If set to true, enables volume normalisation between songs.
volume_normalisation = false;
# The port `spotifyd` uses to announce its service over the network.
zeroconf_port = 1234
# The normalisation pregain that is applied for each song.
# normalisation_pregain = -10
# The proxy `spotifyd` will use to connect to spotify.
#proxy = "http://proxy.example.org:8080"
# The displayed device type in Spotify clients.
# Can be unknown, computer, tablet, smartphone, speaker, t_v,
# a_v_r (Audio/Video Receiver), s_t_b (Set-Top Box), and audio_dongle.
device_type = "computer"
'';
# The port `spotifyd` uses to announce its service over the network.
zeroconf_port = 1234;
# The displayed device type in Spotify clients.
# Can be unknown, computer, tablet, smartphone, speaker, t_v,
# a_v_r (Audio/Video Receiver), s_t_b (Set-Top Box), and audio_dongle.
device_type = "computer";
};
};
}

48
nixos/configs/pepe/syncthing.nix
View file

@ -44,49 +44,41 @@
enable = true;
path = "/home/syncthing/finance";
};
lost-fotos = {
enable = true;
path = "/home/syncthing/lost-fotos.ct";
};
fotos = {
enable = true;
path = "/home/syncthing/fotos";
};
zettlr = {
enable = true;
path = "/home/syncthing/zettlr";
};
# no need to be encrypted
# -----------------------
borg-mirror = {
enable = true;
path = "/media/syncthing/borg";
rescanInterval = 36 * 3600;
type = "receiveonly";
};
books = {
enable = true;
path = "/media/syncthing/books";
rescanInterval = 8 * 3600;
};
lost-fotos = {
enable = true;
path = "/media/syncthing/lost-fotos.ct";
rescanInterval = 8 * 3600;
};
movies = {
enable = true;
path = "/media/syncthing/movies";
rescanInterval = 8 * 3600;
};
music-projects = {
enable = true;
path = "/media/syncthing/music-projects";
};
music-library = {
enable = true;
path = "/media/syncthing/music-library";
rescanInterval = 8 * 3600;
};
music-library-free = {
music-projects = {
enable = true;
path = "/media/syncthing/music-library-free";
path = "/media/syncthing/music-projects";
rescanInterval = 8 * 3600;
};
nextcloud_backup = {
enable = true;
path = "/media/syncthing/nextcloud_backup";
rescanInterval = 8 * 3600;
};
samples = {
@ -99,22 +91,6 @@
path = "/media/syncthing/series";
rescanInterval = 8 * 3600;
};
smartphone-folder = {
enable = true;
path = "/media/syncthing/smartphone-folder";
rescanInterval = 8 * 3600;
};
video-material = {
enable = true;
path = "/media/syncthing/video-material";
rescanInterval = 8 * 3600;
};
processing = {
enable = true;
path = "/media/syncthing/sketchbook";
rescanInterval = 8 * 3600;
};
};
};

48
nixos/configs/robi/borg.nix
View file

@ -1,30 +1,30 @@
{ lib, config, pkgs, ... }: {
services.borgbackup.repos = {
default = {
quota = "100G";
allowSubRepos = true;
authorizedKeys = [
(lib.fileContents ../../assets/ssh/borg_access.pub)
(lib.fileContents ../../assets/ssh/card_rsa.pub)
];
};
};
#services.borgbackup.repos = {
# default = {
# quota = "100G";
# allowSubRepos = true;
# authorizedKeys = [
# (lib.fileContents ../../assets/ssh/borg_access.pub)
# (lib.fileContents ../../assets/ssh/card_rsa.pub)
# ];
# };
#};
# mirror backup folder to /media
systemd.services.borg-mirror-to-media = {
enable = true;
script = ''
${pkgs.rsync}/bin/rsync -a \
/var/lib/borgbackup/ \
/media/borg-backup-mirror \
--delete-after
'';
};
systemd.timers.borg-mirror-to-media = {
enable = true;
timerConfig.OnCalendar = "daily";
wantedBy = [ "multi-user.target" ];
};
#systemd.services.borg-mirror-to-media = {
# enable = true;
# script = ''
# ${pkgs.rsync}/bin/rsync -a \
# /var/lib/borgbackup/ \
# /media/borg-backup-mirror \
# --delete-after
# '';
#};
#systemd.timers.borg-mirror-to-media = {
# enable = true;
# timerConfig.OnCalendar = "daily";
# wantedBy = [ "multi-user.target" ];
#};
}

3
nixos/configs/robi/configuration.nix
View file

@ -3,6 +3,7 @@
../../system/all/defaults.nix
../../system/all/tinc.nix
../../system/all/borg-jobs.nix
../../system/server/netdata.nix
./hetzner.nix
@ -15,9 +16,9 @@
./codimd.nix
# todo
./gitea.nix
#./gitlab.nix
# todo
#./bitwarden.nix

2
nixos/configs/robi/gitea.nix
View file

@ -29,7 +29,7 @@
};
};
#backup.dirs = [ config.services.gogs.repositoryRoot ];
};
backup.dirs = [ config.services.gitea.dump.backupDir ];
}

63
nixos/configs/robi/nextcloud.nix
View file

@ -13,6 +13,7 @@ let
hostAddress = "192.168.100.10";
containerAddress = "192.168.100.11";
nextcloudUid = 1000;
borg_backup_folder = "/media/syncthing/nextcloud_backup/robi";
in
{
@ -267,40 +268,32 @@ in
# Backup Files
# ------------
#services.borgbackup.jobs = {
# "nextcloud-to-media" = {
# repo = "/media/syncthing/borg/nextcloud";
# # make sure syncthing is capable of reading the files
# postHook = ''
# chown -R syncthing:syncthing /media/syncthing/borg/nextcloud
# '';
# compression = "lz4";
# paths = [
# "/home/nextcloud/data/tina/files/Documents"
# "/home/nextcloud/data/tina/files/Pictures"
# "/home/nextcloud/data/tina/files/Joplin"
# "/home/nextcloud/data/tina/files/SofortUpload"
# "/home/nextcloud/data/palo/files/InstantUpload"
# "/home/nextcloud/data/palo/files/Joplin"
# "/home/nextcloud/data/palo/files/Pictures"
# "/home/nextcloud/data/palo/files/Unterlagen"
# "/home/nextcloud/data/palo/files/Video"
# "/home/nextcloud/data/palo-windows/files/Kunstbuch"
# ];
# doInit = true;
# encryption = {
# mode = "repokey-blake2";
# passCommand =
# "cat ${config.sops.secrets.backup_repository_passphrase.path}";
# };
# startAt = "0/3:00:00";
# prune.keep = {
# within = "2d"; # Keep all backups in the last 10 days.
# daily = 10; # Keep 10 additional end of day archives
# weekly = 8; # Keep 8 additional end of week archives.
# month = 8; # Keep 8 additional end of month archives.
# };
# };
#};
services.borgbackup.jobs = {
"nextcloud-to-media" = {
repo = borg_backup_folder;
# make sure syncthing is capable of reading the files
postHook = ''
chown -R syncthing:syncthing ${borg_backup_folder}
'';
compression = "lz4";
paths = [
"/var/lib/nextcloud/data/tina/files"
"/var/lib/nextcloud/data/palo/files"
"/var/lib/nextcloud/data/palo-windows/files"
];
doInit = true;
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
};
startAt = "0/3:00:00";
prune.keep = {
within = "2d"; # Keep all backups in the last 10 days.
daily = 10; # Keep 10 additional end of day archives
weekly = 8; # Keep 8 additional end of week archives.
month = 8; # Keep 8 additional end of month archives.
};
};
};
}

52
nixos/configs/robi/syncthing.nix
View file

@ -38,14 +38,6 @@
# enable = true;
# path = "/home/syncthing/fotos";
#};
#lost-fotos = {
# enable = true;
# path = "/home/syncthing/lost-fotos.ct";
#};
#zettlr = {
# enable = true;
# path = "/home/syncthing/zettlr";
#};
# on media hard drive (not encrypted)
# -----------------------------------
@ -59,46 +51,38 @@
# enable = true;
# path = "/home/syncthing/video-material";
#};
#music-library-free = {
# enable = true;
# path = "/media/syncthing/music-library-free";
# rescanInterval = 8 * 3600;
#};
books = {
enable = true;
path = "/media/syncthing/books";
};
samples = {
lost-fotos = {
enable = true;
path = "/media/syncthing/samples";
path = "/media/syncthing/lost-fotos.ct";
};
movies = {
enable = true;
path = "/media/syncthing/movies";
};
series = {
enable = true;
path = "/media/syncthing/series";
};
music-library = {
enable = true;
path = "/media/syncthing/music";
};
# todo : no need to place it on encrypted drive
#music-projects = {
# enable = true;
# path = "/home/syncthing/music-projects";
#};
#smartphone-folder = {
# enable = true;
# path = "/media/syncthing/smartphone-folder";
# rescanInterval = 8 * 3600;
#};
#processing = {
# enable = true;
# path = "/media/syncthing/sketchbook";
# rescanInterval = 8 * 3600;
#};
music-projects = {
enable = true;
path = "/media/syncthing/music-projects";
};
nextcloud_backup = {
enable = true;
path = "/media/syncthing/nextcloud_backup";
};
samples = {
enable = true;
path = "/media/syncthing/samples";
};
series = {
enable = true;
path = "/media/syncthing/series";
};
};
};

2
nixos/configs/robi/taskserver.nix
View file

@ -14,6 +14,6 @@
networking.firewall.allowedTCPPorts = [ config.services.taskserver.listenPort ];
networking.firewall.allowedUDPPorts = [ config.services.taskserver.listenPort ];
#backup.dirs = [ config.services.taskserver.dataDir ];
backup.dirs = [ config.services.taskserver.dataDir ];
}

17
nixos/configs/sterni/syncthing.nix
View file

@ -36,14 +36,6 @@
enable = true;
path = "/home/palo/samples";
};
zettlr = {
enable = true;
path = "/home/palo/zettlr";
};
programs = {
enable = true;
path = "/home/palo/programs";
};
# no need to be encrypted
# -----------------------
@ -59,15 +51,6 @@
enable = true;
path = "/home/palo/music-projects";
};
smartphone-folder = {
enable = true;
path = "/home/palo/smartphone-folder";
};
processing = {
enable = true;
path = "/home/palo/sketchbook";
};
};
};

4
nixos/system/all/borg-jobs.nix
View file

@ -29,10 +29,6 @@
let
servers = [
#{
# name = "robi";
# host = "robi.private";
#}
{
name = "pepe";
host = "pepe.private";

5
nixos/system/all/defaults.nix
View file

@ -35,7 +35,10 @@
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
# how much configurations should be kept?
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 5;
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 3;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 3;
boot.loader.grub.configurationLimit = lib.mkDefault 3;
# Machines should be fast by default
# ----------------------------------

121
nixos/system/all/syncthing.nix
View file

@ -22,40 +22,20 @@ with lib; {
addresses = [ "tcp://144.76.13.147:22000" ];
};
}
// (device "workhorse"
"AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI")
// (device "pepe"
"SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")
// (device "workout"
"DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC")
// (device "sterni"
"ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD")
// (device "workhorse" "AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI")
// (device "pepe" "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")
// (device "sterni" "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD")
// {
"porani" = {
name = "porani";
id = "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI";
addresses =
[ "tcp://porani.secret:22000" "tcp://porani.secret:21027" ];
};
} // {
smartphone = {
name = "smartphone";
id =
"PRCA4KO-PEMLUSO-ERUSKAP-GUDSW2I-AYTEB54-E5JJOXJ-23X2UYP-RLSMKQM";
addresses = [ "dynamic" ];
};
} // {
bumba = {
name = "windows-bumba";
id =
"JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
addresses = [ "dynamic" ];
id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
#addresses = [ "dynamic" ];
};
} // {
}
// {
mors = {
name = "lassulus-mors";
id =
"ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
addresses = [ "tcp://mors.r:22000" ];
};
};
@ -67,7 +47,7 @@ with lib; {
private = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
devices = [ "pepe" "sterni" ];
versioning = {
type = "simple";
params.keep = "10";
@ -76,12 +56,12 @@ with lib; {
desktop = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
devices = [ "pepe" "sterni" ];
};
finance = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
devices = [ "pepe" "sterni" ];
versioning = {
type = "simple";
params.keep = "10";
@ -90,43 +70,20 @@ with lib; {
fotos = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
devices = [ "pepe" "sterni" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
zettlr = {
enable = lib.mkDefault false;
watch = true;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
programs = {
enable = lib.mkDefault false;
watch = true;
devices = [ "workout" "sterni" ];
versioning = {
type = "simple";
params.keep = "1";
};
};
# no need to be stored on encrypted drives
# ----------------------------------------
borg-mirror = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workhorse" "pepe" ];
};
books = {
enable = lib.mkDefault false;
id = "wwbvs-5lfbh";
watch = false;
devices = [ "workhorse" "pepe" "sterni" "robi" ];
devices = [ "pepe" "sterni" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -135,7 +92,7 @@ with lib; {
lost-fotos = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workhorse" "workout" "pepe" ];
devices = [ "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -145,7 +102,7 @@ with lib; {
enable = lib.mkDefault false;
id = "vatmy-c2qf4";
watch = false;
devices = [ "workhorse" "pepe" "porani" "robi" ];
devices = [ "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "3";
@ -155,22 +112,7 @@ with lib; {
enable = lib.mkDefault false;
id = "gytmq-r2zrx";
watch = false;
devices = [ "workhorse" "pepe" "sterni" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
music-library-free = {
enable = lib.mkDefault false;
id = "mu9mn-zgvsw";
watch = false;
devices = [ "workout" "workhorse" "pepe" "mors" ];
};
processing = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
devices = [ "pepe" "sterni" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
@ -180,49 +122,38 @@ with lib; {
enable = lib.mkDefault false;
id = "acfhu-r4t4f";
watch = false;
devices = [ "workout" "workhorse" "pepe" "sterni" ];
devices = [ "pepe" "sterni" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
smartphone-folder = {
nextcloud_backup = {
enable = lib.mkDefault false;
watch = false;
devices = [ "workout" "workhorse" "sterni" "smartphone" "pepe" ];
devices = [ "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "2";
};
};
samples = {
enable = lib.mkDefault false;
id = "pcgkj-tjucd";
watch = false;
devices = [ "workhorse" "sterni" "pepe" "robi" ];
devices = [ "sterni" "pepe" "robi" ];
};
series = {
enable = lib.mkDefault false;
id = "all-series";
watch = false;
devices = [ "workhorse" "porani" "pepe" "robi" ];
devices = [ "pepe" "robi" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
video-material = {
enable = lib.mkDefault false;
id = "wgkun-fec5h";
watch = false;
devices = [ "workout" "workhorse" "pepe" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
windows-sync = {
enable = lib.mkDefault false;
id = "hcity-p5ikc";
watch = false;
devices = [ "bumba" "workout" ];
};
};
};

2
nixos/system/server/default.nix
View file

@ -18,6 +18,8 @@
programs.custom.vim.enable = true;
services.locate.enable = true;
services.locate.locate = pkgs.mlocate;
services.locate.localuser = null;
}