palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

made krops, flakes and sops work for sterni

Browse source
This commit is contained in:
Ingolf Wagner 2021-09-25 15:17:07 +02:00
parent 542f2903c9
commit d736f660cb
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
45 changed files with 225 additions and 460 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
assets/ssh/borg_access.pub Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/WCoJ9zSL85R1mNJHUGRofyigeg2+g4+bwWVysHxWroPMIpP2hJrMRPoP13SAOaLOjl6X112jjoQ2wpJ/qptjtojrsF8bpFgoMqCQFsQDD4zuG4V/AaIt0nAF4B5tDBGFN3Hj6vpbwVAidv+8Kr41r5JOG/8Z/UiJDGrIMab3kDwyOklrMPLWr7IBYC0O8Jwyz3lAl18ukMSEZvoPaJhPJyyqRhSagX59U7AQiNrnq18kzi7Pszy3e1d7x3vWSXemJGZaUJ+cFbl1LrvFHwUa55sSUVUVBRxgABc906YoiUcr31aw98zUX4W+2+AqDzIIquV5frIc/+nnfsmDrsnMl81cLglxuRxqib0AuSYqkNQimWrR61M7TaLvGZomMk8Vheew/QlxvHvhbHwnu7/tgNll2i+Zi1T7VZ5Hcy4quYDZQA7NDrvu0dEm+dTlOfuJJZdMLWws20ao8xtv8IxxCN31CBCbCSETpsSuvT7joHKGpJoOf3eilLLqOKjrbo5E6s6S1w1WRoZ6LuXQo2l5uvMVSzUZ+4CG+FX+Q73bpQ5SWUvz2o5HovX8RbcneuG7mfZMe80F5IyaqSmi0r+kFOqK4NKz/InHhSJjrFYJWl2PP+30MfsHx5NMOVhfKdRZje5oTds6L2o9+3vhiE7CmgZVR+RqMHMUtRrERODwPQ==

4
configs/pepe/borg.nix
View file

@ -7,8 +7,8 @@
allowSubRepos = true; allowSubRepos = true;
authorizedKeys = [ authorizedKeys = [
# todo rename # todo rename
(lib.fileContents <common_secrets/backup/ssh_rsa.pub>) (lib.fileContents ../../assets/ssh/borg_access.pub)
(lib.fileContents <assets/ssh/card_rsa.pub>) (lib.fileContents ../../assets/ssh/card_rsa.pub)
]; ];
}; };
}; };

10
configs/pepe/home-assistant.nix
View file

@ -1,6 +1,4 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }: {
let unstablePkgs = import <nixpkgs-unstable> { };
in {
imports = [ imports = [
#./home-assistant/mpd.nix #./home-assistant/mpd.nix
@ -243,9 +241,9 @@ in {
services.home-assistant = { services.home-assistant = {
enable = true; enable = true;
package = unstablePkgs.home-assistant; package = pkgs.unstable.home-assistant;
#package = unstablePkgs.home-assistant.override { #package = pkgs.unstable.home-assistant.override {
# python3 = unstablePkgs.python37; # python3 = pkgs.unstable.python37;
# extraPackages = python: [ # extraPackages = python: [
# # todo : check which is still needed # # todo : check which is still needed
# python.netdisco # python.netdisco

5
configs/pepe/home-assistant/zigbee2mqtt.nix
View file

@ -2,8 +2,7 @@
# no need to set ZIGBEE2MQTT_DATA anymore # no need to set ZIGBEE2MQTT_DATA anymore
assert lib.versionOlder lib.version "21.03"; assert lib.versionOlder lib.version "21.03";
let unstable = import <nixpkgs-unstable> { }; {
in {
imports = [ imports = [
./mqtt.nix ./mqtt.nix
./zigbee2mqtt/service.nix ./zigbee2mqtt/service.nix
@ -23,7 +22,7 @@ in {
enable = true; enable = true;
#package = pkgs.own_zigbee2mqtt; #package = pkgs.own_zigbee2mqtt;
#package = unstable.zigbee2mqtt; #package = unstable.zigbee2mqtt;
package = unstable.zigbee2mqtt.overrideAttrs (old: rec { package = pkgs.unstable.zigbee2mqtt.overrideAttrs (old: rec {
version = "1.18.1"; version = "1.18.1";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
owner = "Koenkk"; owner = "Koenkk";

4
configs/sternchen/packages.nix
View file

@ -1,6 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: {
let unstable = import <nixpkgs-unstable> { };
in {
# overlay included # overlay included
#nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ]; #nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ];

7
configs/sterni/syncthing.nix
View file

@ -1,5 +1,8 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
sops.secrets.syncthing_cert = { };
sops.secrets.syncthing_key = { };
services.syncthing = { services.syncthing = {
enable = true; enable = true;
openDefaultPorts = false; openDefaultPorts = false;
@ -7,8 +10,8 @@
dataDir = "/home/palo/.syncthing"; dataDir = "/home/palo/.syncthing";
configDir = "/home/palo/.syncthing"; configDir = "/home/palo/.syncthing";
declarative = { declarative = {
cert = toString <secrets/syncthing/cert.pem>; cert = toString config.sops.secrets.syncthing_cert.path;
key = toString <secrets/syncthing/key.pem>; key = toString config.sops.secrets.syncthing_key.path;
overrideFolders = true; overrideFolders = true;
folders = { folders = {

50
configs/workhorse/bepasty.nix
View file

@ -1,50 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let port = 8000;
in {
# configure nginx
services.nginx = {
enable = true;
virtualHosts = {
"paste.workhorse.private" = {
locations."/" = {
proxyPass = "http://localhost:${toString port}";
extraConfig = ''
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 90;
proxy_redirect http://localhost:${
toString port
} https://paste.workhorse.private/;
'';
};
};
};
};
krops.userKeys."bepasty" = {
user = "bepasty";
source = toString <secrets/bepasty-secret-key>;
requiredBy = [ "bepasty-server-ingolf-wagner.de-gunicorn.service" ];
};
services.bepasty = {
enable = true;
servers."ingolf-wagner.de" = {
bind = "0.0.0.0:${toString port}";
secretKeyFile = config.krops.userKeys."bepasty".target;
extraConfig = ''
PERMISSIONS = {
'${
lib.fileContents <common_secrets/bepasty/admin-password>
}': 'admin,list,create,read,delete',
}
'';
};
};
}

4
configs/workhorse/borg.nix
View file

@ -5,8 +5,8 @@
quota = "100G"; quota = "100G";
allowSubRepos = true; allowSubRepos = true;
authorizedKeys = [ authorizedKeys = [
(lib.fileContents <common_secrets/backup/ssh_rsa.pub>) (lib.fileContents ../../assets/ssh/borg_access.pub)
(lib.fileContents <assets/ssh/card_rsa.pub>) (lib.fileContents ../../assets/ssh/card_rsa.pub)
]; ];
}; };
}; };

1
configs/workhorse/configuration.nix
View file

@ -4,7 +4,6 @@
<system/server> <system/server>
./hardware-configuration.nix ./hardware-configuration.nix
#./bepasty.nix not working https://github.com/NixOS/nixpkgs/issues/116326
./gogs.nix ./gogs.nix
./grafana.nix ./grafana.nix
./graylog.nix ./graylog.nix

2
configs/workhorse/jenkins.nix
View file

@ -4,7 +4,7 @@ with lib;
let let
library = import <library> { inherit pkgs lib; }; library = import ../../library { inherit pkgs lib; };
sync-repo = library.jenkins.syncJob; sync-repo = library.jenkins.syncJob;
job = library.jenkins.job; job = library.jenkins.job;

4
configs/workhorse/packages.nix
View file

@ -1,3 +1 @@
{ config, pkgs, ... }: { config, pkgs, ... }: { environment.systemPackages = with pkgs; [ ]; }
let unstable = import <nixpkgs-unstable> { };
in { environment.systemPackages = with pkgs; [ ]; }

22
configs/workhorse/transmission.nix
View file

@ -131,17 +131,17 @@ in {
# notify me when download finished # notify me when download finished
script-torrent-done-enabled = true; script-torrent-done-enabled = true;
script-torrent-done-filename = #script-torrent-done-filename =
(pkgs.writers.writeBash "torrent-finished" '' # (pkgs.writers.writeBash "torrent-finished" ''
JSON_STRING=$( ${pkgs.jq}/bin/jq -n --arg torrent_name "$TR_TORRENT_NAME" \ # JSON_STRING=$( ${pkgs.jq}/bin/jq -n --arg torrent_name "$TR_TORRENT_NAME" \
'{text: ":tada: finished : \($torrent_name)", channel: "torrent"}' ) # '{text: ":tada: finished : \($torrent_name)", channel: "torrent"}' )
${pkgs.curl}/bin/curl \ # ${pkgs.curl}/bin/curl \
--include \ # --include \
--request POST \ # --request POST \
--data-urlencode \ # --data-urlencode \
"payload=$JSON_STRING" \ # "payload=$JSON_STRING" \
${lib.fileContents <common_secrets/mattermost_sink_url>} # <url>
''); # '');
}; };
}; };

5
configs/workout/packages.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, ... }: {
let unstable = import <nixpkgs-unstable> { };
in {
# overlay included # overlay included
nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ]; nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ];
@ -24,7 +22,6 @@ in {
python3Full python3Full
jetbrains.pycharm-professional jetbrains.pycharm-professional
jetbrains.datagrip jetbrains.datagrip
#unstable.pypi2nix
#nur.repos.mic92.nixos-shell #nur.repos.mic92.nixos-shell
jetbrains.idea-ultimate jetbrains.idea-ultimate

9
configurations.nix
View file

@ -1,4 +1,6 @@
{ nixosSystem, home-manager, nixpkgs-unstable, ... }: { { nixpkgs, home-manager, nixpkgs-unstable, sops-nix, doom-emacs-nix }:
let nixosSystem = nixpkgs.lib.nixosSystem;
in {
sterni = nixosSystem { sterni = nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -6,9 +8,14 @@
./configs/sterni/configuration.nix ./configs/sterni/configuration.nix
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.users.mainUser = {
imports = [ doom-emacs-nix.hmModule ];
};
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
} }
sops-nix.nixosModules.sops
{ sops.defaultSopsFile = ./secrets/sterni.yaml; }
({ pkgs, ... }: { ({ pkgs, ... }: {
# defined overlays injected by the nixflake # defined overlays injected by the nixflake
nixpkgs.overlays = [ nixpkgs.overlays = [

106
flake.lock
View file

@ -17,6 +17,44 @@
"type": "github" "type": "github"
} }
}, },
"doom-emacs-nix": {
"inputs": {
"doom-emacs": "doom-emacs",
"doom-snippets": "doom-snippets",
"emacs-overlay": "emacs-overlay",
"emacs-so-long": "emacs-so-long",
"evil-markdown": "evil-markdown",
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils",
"nix-straight": "nix-straight",
"nixpkgs": [
"nixpkgs"
],
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
"org-contrib": "org-contrib",
"org-yt": "org-yt",
"php-extras": "php-extras",
"revealjs": "revealjs",
"rotate-text": "rotate-text"
},
"locked": {
"lastModified": 1627398156,
"narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=",
"owner": "vlaci",
"repo": "nix-doom-emacs",
"rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff",
"type": "github"
},
"original": {
"owner": "vlaci",
"repo": "nix-doom-emacs",
"type": "github"
}
},
"doom-snippets": { "doom-snippets": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -131,11 +169,11 @@
}, },
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1631561581, "lastModified": 1623875721,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -146,11 +184,11 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"locked": { "locked": {
"lastModified": 1623875721, "lastModified": 1631561581,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -203,44 +241,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-doom-emacs": {
"inputs": {
"doom-emacs": "doom-emacs",
"doom-snippets": "doom-snippets",
"emacs-overlay": "emacs-overlay",
"emacs-so-long": "emacs-so-long",
"evil-markdown": "evil-markdown",
"evil-org-mode": "evil-org-mode",
"evil-quick-diff": "evil-quick-diff",
"explain-pause-mode": "explain-pause-mode",
"flake-utils": "flake-utils_2",
"nix-straight": "nix-straight",
"nixpkgs": [
"nixpkgs"
],
"nose": "nose",
"ob-racket": "ob-racket",
"org": "org",
"org-contrib": "org-contrib",
"org-yt": "org-yt",
"php-extras": "php-extras",
"revealjs": "revealjs",
"rotate-text": "rotate-text"
},
"locked": {
"lastModified": 1627398156,
"narHash": "sha256-Ru1aV3NuIFXAsvUE3de8KR7xDZOo1GCBJdsWKJn+Ebw=",
"owner": "vlaci",
"repo": "nix-doom-emacs",
"rev": "fee14d217b7a911aad507679dafbeaa8c1ebf5ff",
"type": "github"
},
"original": {
"owner": "vlaci",
"repo": "nix-doom-emacs",
"type": "github"
}
},
"nix-straight": { "nix-straight": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -260,11 +260,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1632291606, "lastModified": 1632418649,
"narHash": "sha256-oEN24XJYAFK9tsD13TzLEizpgQigEfgC6i9x1b/1pVU=", "narHash": "sha256-4rZspkiQU7zbsuciRRMgoEPkAF/+FSv2jx/VIPxPVx4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "83413f47809790e4ca012e314e7782adeae36cf2", "rev": "056a3c1fae30d06d14b171b9023743c21a23ec1a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -276,11 +276,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1632325095, "lastModified": 1632411313,
"narHash": "sha256-KHVVIxhVHq4Wwj4oQPem8/eVkukVKhSPqFKI1o5NrTw=", "narHash": "sha256-lekODc44lVo9/0EwGiX6LoEt2KhiPdcfNopealMJ7n4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a930f7da84786807bb105df40e76b541604c3e72", "rev": "51bcdc4cdaac48535dabf0ad4642a66774c609ed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -420,10 +420,10 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "doom-emacs-nix": "doom-emacs-nix",
"flake-utils": "flake-utils_2",
"home-manager": "home-manager", "home-manager": "home-manager",
"krops": "krops", "krops": "krops",
"nix-doom-emacs": "nix-doom-emacs",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"secrets": "secrets", "secrets": "secrets",
@ -449,7 +449,7 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"narHash": "sha256-R8u4x1+HiTKm2j3ytycGiV4UqCKiih+qGd2Pr9icvQY=", "narHash": "sha256-8e+AsdSyD971rHFL2j2VFxCATO9Oj16Ix8YZIrffd68=",
"path": "/home/palo/dev/secrets", "path": "/home/palo/dev/secrets",
"type": "path" "type": "path"
}, },

7
flake.nix
View file

@ -11,7 +11,7 @@
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nix-doom-emacs = { doom-emacs-nix = {
url = "github:vlaci/nix-doom-emacs"; url = "github:vlaci/nix-doom-emacs";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -27,7 +27,7 @@
}; };
outputs = { self, sops-nix, nixpkgs, home-manager, krops, flake-utils outputs = { self, sops-nix, nixpkgs, home-manager, krops, flake-utils
, nix-doom-emacs, nixpkgs-unstable, secrets, ... }: , doom-emacs-nix, nixpkgs-unstable, secrets, ... }:
(flake-utils.lib.eachSystem [ "x86_64-linux" ] (system: (flake-utils.lib.eachSystem [ "x86_64-linux" ] (system:
let let
@ -45,8 +45,7 @@
})) // { })) // {
nixosConfigurations = import ./configurations.nix { nixosConfigurations = import ./configurations.nix {
nixosSystem = nixpkgs.lib.nixosSystem; inherit nixpkgs home-manager nixpkgs-unstable sops-nix doom-emacs-nix;
inherit home-manager nixpkgs-unstable;
}; };
}; };

53
krops.nix
View file

@ -1,13 +1,17 @@
{ writeCommand, lib, secrets }: { pkgs, writeCommand, lib, secrets }:
let let
# command that ensures we use flake.nix during switch # command that ensures we use flake.nix during switch
command = targetPath: '' command = targetPath:
echo 'nixos-rebuild build --flake ${targetPath} -L --keep-going' let
nix-shell \ commandLine =
-E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \ "TMPDIR=/tmp nixos-rebuild build --flake ${targetPath} -L --keep-going";
--run 'nixos-rebuild build --flake ${targetPath} -L --keep-going' in ''
''; echo '${commandLine}'
nix-shell \
-E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \
--run '${commandLine}'
'';
#secrets = name: { #secrets = name: {
# secrets.pass = { # secrets.pass = {
@ -28,9 +32,12 @@ let
#}; #};
source = { source = {
secrets.file = "${secrets}/secrets"; secrets.file = "${secrets}/secrets";
assets.file = toString ./assets; assets.file = toString ./assets;
private_assets.pass = {
dir = toString ~/.password-store;
name = "krops/private_assets";
};
configs.file = toString ./configs; configs.file = toString ./configs;
library.file = toString ./library; library.file = toString ./library;
modules.file = toString ./modules; modules.file = toString ./modules;
@ -62,10 +69,28 @@ let
}; };
in { in {
sterni = writeCommand "/bin/sterni" { sterni = let
#source = lib.evalSource [ source (secrets "sterni") desktopSecrets ]; system = writeCommand "/bin/system" {
source = lib.evalSource [ source ]; source = lib.evalSource [ source ];
target = lib.mkTarget "root@sterni.private"; force = true;
inherit command; target = lib.mkTarget "root@sterni.private/var/krops";
}; inherit command;
};
network = writeCommand "/bin/secrets" {
source = lib.evalSource [{
system-connections.pass = {
dir = toString ~/.password-store;
name = "krops/desktop_secrets/network-manager/system-connections";
};
}];
force = true;
target = lib.mkTarget "root@sterni.private/etc/NetworkManager";
};
in pkgs.writers.writeBash "/bin/sterni" ''
#echo "deploy network secerts"
#${network}/bin/secrets
echo "deploy system"
${system}/bin/system
'';
} }

2
modules/programs/browser.nix
View file

@ -7,7 +7,7 @@ with lib;
let let
cfg = config.programs.custom.browser; cfg = config.programs.custom.browser;
library = import <library> { inherit pkgs lib; }; library = import ../../library { inherit pkgs lib; };
chromiumBin = "${pkgs.chromium}/bin/chromium"; chromiumBin = "${pkgs.chromium}/bin/chromium";
chromeBin = "${pkgs.google-chrome}/bin/google-chrome-stable"; chromeBin = "${pkgs.google-chrome}/bin/google-chrome-stable";

6
modules/programs/citate.nix
View file

@ -6,7 +6,7 @@ let
cfg = config.programs.custom.citate; cfg = config.programs.custom.citate;
library = import <library> { inherit pkgs lib; }; library = import ../../library { inherit pkgs lib; };
xdotool = "${pkgs.xdotool}/bin/xdotool"; xdotool = "${pkgs.xdotool}/bin/xdotool";
dmenu = "${pkgs.dmenu}/bin/dmenu"; dmenu = "${pkgs.dmenu}/bin/dmenu";
@ -16,8 +16,8 @@ let
${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )" ${xdotool} - <<<"type -- $( cat ${file} | ${dmenu} -l 10 -i | sed -e "s/\(.*\)/'\1'/" )"
''; '';
scriptAxel = citateScript (toString <assets/sprueche-axel>) "axel"; scriptAxel = citateScript (toString ../../assets/sprueche-axel) "axel";
scriptSiw = citateScript (toString <assets/sprueche-siw>) "siw"; scriptSiw = citateScript (toString ../../assets/sprueche-siw) "siw";
in { in {

4
modules/programs/espeak.nix
View file

@ -4,9 +4,7 @@ with lib;
let let
unstable = import <nixpkgs-unstable> { }; espeak = pkgs.unstable.espeak;
espeak = unstable.espeak;
# can't use bash aliases because programms will not pic it up # can't use bash aliases because programms will not pic it up
en_espeak = pkgs.writeShellScriptBin "en-speak" '' en_espeak = pkgs.writeShellScriptBin "en-speak" ''

5
modules/programs/taskwarrior.nix
View file

@ -5,7 +5,6 @@ with lib;
let let
cfg = config.programs.custom.taskwarrior; cfg = config.programs.custom.taskwarrior;
unstable = import <nixpkgs-unstable> { };
taskNextWeek = pkgs.writeShellScriptBin "taskweek" # sh taskNextWeek = pkgs.writeShellScriptBin "taskweek" # sh
'' ''
@ -20,9 +19,9 @@ let
'' ''
${pkgs.taskwarrior}/bin/task "$@" ${pkgs.taskwarrior}/bin/task "$@"
''; '';
taskwarrior-tui = unstable.taskwarrior-tui; taskwarrior-tui = pkgs.unstable.taskwarrior-tui;
vit = unstable.vit.overrideAttrs (old: rec { vit = pkgs.unstable.vit.overrideAttrs (old: rec {
name = "vit-${version}"; name = "vit-${version}";
version = "master"; version = "master";
src = pkgs.fetchgit { src = pkgs.fetchgit {

175
modules/programs/vim.nix
View file

@ -128,180 +128,6 @@ let
''; '';
}; };
vim-tv-plugin = with lib;
((rtp: rtp // { inherit rtp; }) (pkgs.write "vim-tv" {
"/syntax/haskell.vim".text = # vim
''
syn region String start=+\[[[:alnum:]]*|+ end=+|]+
hi link ConId Identifier
hi link VarId Identifier
hi link hsDelimiter Delimiter
'';
"/syntax/nix.vim".text = # vim
''
"" Quit when a (custom) syntax file was already loaded
"if exists("b:current_syntax")
" finish
"endif
"setf nix
" Ref <nix/src/libexpr/lexer.l>
syn match NixID /[a-zA-Z\_][a-zA-Z0-9\_\'\-]*/
syn match NixINT /\<[0-9]\+\>/
syn match NixPATH /[a-zA-Z0-9\.\_\-\+]*\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixHPATH /\~\(\/[a-zA-Z0-9\.\_\-\+]\+\)\+/
syn match NixSPATH /<[a-zA-Z0-9\.\_\-\+]\+\(\/[a-zA-Z0-9\.\_\-\+]\+\)*>/
syn match NixURI /[a-zA-Z][a-zA-Z0-9\+\-\.]*:[a-zA-Z0-9\%\/\?\:\@\&\=\+\$\,\-\_\.\!\~\*\']\+/
syn region NixSTRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
syn region NixIND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
syn match NixOther /[-!+&<>|():/;=.,?\[\]*@]/
syn match NixCommentMatch /\(^\|\s\)#.*/
syn region NixCommentRegion start="/\*" end="\*/"
hi link NixCode Statement
hi link NixData Constant
hi link NixComment Comment
hi link NixCommentMatch NixComment
hi link NixCommentRegion NixComment
hi link NixID NixCode
hi link NixINT NixData
hi link NixPATH NixData
hi link NixHPATH NixData
hi link NixSPATH NixData
hi link NixURI NixData
hi link NixSTRING NixData
hi link NixIND_STRING NixData
hi link NixEnter NixCode
hi link NixOther NixCode
hi link NixQuote NixData
syn cluster nix_has_dollar_curly contains=@nix_ind_strings,@nix_strings
syn cluster nix_ind_strings contains=NixIND_STRING
syn cluster nix_strings contains=NixSTRING
${concatStringsSep "\n" (mapAttrsToList (name:
{ extraStart ? null, lang ? name }:
let
startAlts = filter isString [ "/\\* ${name} \\*/" extraStart ];
sigil = "\\(${concatStringsSep "\\|" startAlts}\\)[ \\t\\r\\n]*";
# vim
in ''
syn include @nix_${lang}_syntax syntax/${lang}.vim
if exists("b:current_syntax")
unlet b:current_syntax
endif
syn match nix_${lang}_sigil
\ X${replaceStrings [ "X" ] [ "\\X" ] sigil}\ze\('''\|"\)X
\ nextgroup=nix_${lang}_region_IND_STRING,nix_${lang}_region_STRING
\ transparent
syn region nix_${lang}_region_STRING
\ matchgroup=NixSTRING
\ start='"'
\ skip='\\"'
\ end='"'
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn region nix_${lang}_region_IND_STRING
\ matchgroup=NixIND_STRING
\ start="'''"
\ skip="'''\('\|[$]\|\\[nrt]\)"
\ end="'''"
\ contained
\ contains=@nix_${lang}_syntax
\ transparent
syn cluster nix_ind_strings
\ add=nix_${lang}_region_IND_STRING
syn cluster nix_strings
\ add=nix_${lang}_region_STRING
" This is required because containedin isn't transitive.
syn cluster nix_has_dollar_curly
\ add=@nix_${lang}_syntax
'') {
c = { };
cabal = { };
diff = { };
haskell = { };
python = { };
lua = { };
sed.extraStart = ''writeSed[^ \t\r\n]*[ \t\r\n]*"[^"]*"'';
sh.extraStart = concatStringsSep "\\|" [
''
write\(A\|Ba\|Da\)sh[^ \t\r\n]*[ \t\r\n]*\("[^"]*"\|[a-z]\+\)''
"[a-z]*Phase[ \\t\\r\\n]*="
];
yaml = { };
vim.extraStart = ''
write[^ \t\r\n]*[ \t\r\n]*"\(\([^"]*\.\)\?vimrc\|[^"]*\.vim\)"'';
xdefaults = { };
})}
" Clear syntax that interferes with nixINSIDE_DOLLAR_CURLY.
syn clear shVarAssign
syn region nixINSIDE_DOLLAR_CURLY
\ matchgroup=NixEnter
\ start="[$]{"
\ end="}"
\ contains=TOP
\ containedin=@nix_has_dollar_curly
\ transparent
syn region nix_inside_curly
\ matchgroup=NixEnter
\ start="{"
\ end="}"
\ contains=TOP
\ containedin=nixINSIDE_DOLLAR_CURLY,nix_inside_curly
\ transparent
syn match NixQuote /'''\($\|\\.\)/he=s+2
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /'''\('\|\\.\)/he=s+1
\ containedin=@nix_ind_strings
\ contained
syn match NixQuote /\\./he=s+1
\ containedin=@nix_strings
\ contained
syn sync fromstart
let b:current_syntax = "nix"
set isk=@,48-57,_,192-255,-,'
'';
"/syntax/sed.vim".text = # vim
''
syn region sedBranch
\ matchgroup=sedFunction start="T"
\ matchgroup=sedSemicolon end=";\|$"
\ contains=sedWhitespace
'';
}));
# active plugins # active plugins
# -------------- # --------------
extra-runtimepath = with pkgs; extra-runtimepath = with pkgs;
@ -311,7 +137,6 @@ let
vimPlugins.airline vimPlugins.airline
vimPlugins.vim-nix vimPlugins.vim-nix
vimPlugins.xptemplate vimPlugins.xptemplate
vim-tv-plugin
]; ];
# the vimrc # the vimrc

2
modules/system/audio.nix
View file

@ -7,7 +7,7 @@ let
ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa"; ladspaPath = "${pkgs.ladspaPlugins}/lib/ladspa";
jackScript = jackScript =
pkgs.writeShellScriptBin "jack" (lib.fileContents <assets/jack.sh>); pkgs.writeShellScriptBin "jack" (lib.fileContents ../../assets/jack.sh);
queueElement = { queueElement = {
options = { options = {

2
modules/system/on-failure.nix
View file

@ -46,7 +46,7 @@ let
# todo this output must be better # todo this output must be better
mattermostStart = plan: mattermostStart = plan:
pkgs.writeDash "on-failure.${plan.name}" '' pkgs.writers.writeDash "on-failure.${plan.name}" ''
${pkgs.curl}/bin/curl \ ${pkgs.curl}/bin/curl \
--include \ --include \
--request POST \ --request POST \

5
nixos/flake.nix
View file

@ -1,5 +0,0 @@
{ config, lib, pkgs, ... }:
{
}

7
pkgs/bitwig-studio/bitwig-studio-environment.nix
View file

@ -10,8 +10,6 @@
let let
unstable = import <nixpkgs-unstable> { };
# function call # function call
# ------------- # -------------
in (pkgs.buildFHSUserEnv { in (pkgs.buildFHSUserEnv {
@ -74,11 +72,6 @@ in (pkgs.buildFHSUserEnv {
wolf-spectrum wolf-spectrum
lsp-plugins lsp-plugins
#calf
#carla
#unstable.bshapr
#lv2vst
]; ];
# multilib packages # multilib packages

4
pkgs/default.nix
View file

@ -2,9 +2,7 @@
self: super: self: super:
let let callPackage = super.lib.callPackageWith super;
callPackage = super.lib.callPackageWith super;
unstablePkgs = import <nixpkgs-unstable> { };
in { in {

11
system/all/borg-jobs.nix
View file

@ -21,6 +21,7 @@
}; };
config = let config = let
servers = [ servers = [
{ {
name = "workhorse"; name = "workhorse";
@ -44,9 +45,12 @@
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
# todo rename # todo rename
passCommand = "cat ${toString <secrets/backup/repo>}"; # passCommand = "cat ${toString <secrets/backup/repo>}";
passCommand =
"cat ${config.sops.secrets.backup_repository_passphrase.path}";
}; };
environment.BORG_RSH = "ssh -i ${toString <secrets/backup/ssh_rsa>}"; environment.BORG_RSH =
"ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
compression = "auto,lzma"; compression = "auto,lzma";
startAt = "daily"; startAt = "daily";
prune.keep = { prune.keep = {
@ -59,6 +63,9 @@
in { in {
sops.secrets.backup_repository_passphrase = { };
sops.secrets.backup_ssh_rsa_private = { };
services.borgbackup.jobs = let services.borgbackup.jobs = let
setups = map ({ name, host }: { "${name}" = setup host; }) servers; setups = map ({ name, host }: { "${name}" = setup host; }) servers;
setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups; setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups;

2
system/all/default.nix
View file

@ -36,7 +36,7 @@
# provide overlays # provide overlays
# ----------------- # -----------------
#nixpkgs.overlays = [ (import <pkgs>) (import <nix-writers/pkgs>) ]; nixpkgs.overlays = [ (import ../../pkgs) ];
# allow un-free # allow un-free
# ------------- # -------------

32
system/all/on-failure.nix
View file

@ -1,17 +1,17 @@
{ lib, ... }: { { lib, ... }:
on-failure = { {
url = lib.fileContents <common_secrets/mattermost_sink_url>; #on-failure = {
enable = true; # enable = true;
plans = { # plans = {
tinc_private.name = "tinc.private"; # tinc_private.name = "tinc.private";
tinc_retiolum.name = "tinc.retiolum"; # tinc_retiolum.name = "tinc.retiolum";
sshd.name = "sshd"; # sshd.name = "sshd";
tor.name = "tor"; # tor.name = "tor";
dnsmasq.name = "dnsmasq"; # dnsmasq.name = "dnsmasq";
#backup_on_workhorse.name = "backup.on-workhorse.private"; # #backup_on_workhorse.name = "backup.on-workhorse.private";
#backup_on_workout.name = "backup.on-workout.private"; # #backup_on_workout.name = "backup.on-workout.private";
#backup_on_porani.name = "backup.on-porani.private"; # #backup_on_porani.name = "backup.on-porani.private";
syncthing.name = "syncthing"; # syncthing.name = "syncthing";
}; # };
}; #};
} }

10
system/all/packages.nix
View file

@ -2,14 +2,6 @@
let let
pastebin = pkgs.writers.writeDashBin "pastebin" ''
exec ${pkgs.bepasty-client-cli}/bin/bepasty-cli \
--lifetime 1m \
--url http://workhorse.private:8000 \
--pass ${lib.fileContents <common_secrets/bepasty/admin-password>} \
"$@" | sed -e s/workhorse.private:8000/paste.ingolf-wagner.de/
'';
memoryUsage = pkgs.writers.writeDashBin "memory-total-usage" '' memoryUsage = pkgs.writers.writeDashBin "memory-total-usage" ''
echo " %CPU %MEM MEM : PROCESS" echo " %CPU %MEM MEM : PROCESS"
echo "------- ------- ------------- -------" echo "------- ------- ------------- -------"
@ -82,8 +74,6 @@ in {
zip zip
unzip unzip
#pastebin # no need
jq jq
miller miller

6
system/all/sshd-known-hosts-bootup.nix
View file

@ -1,15 +1,15 @@
{ lib, pkgs, ... }: { config, lib, pkgs, ... }:
with lib; with lib;
let let
computers = { computers = {
workhorse = { workhorse = {
onionId = fileContents <common_secrets/onion/workhorse>; onionId = fileContents ../../private_assets/onion_id_workhorse;
publicKey = publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
}; };
porani = { porani = {
onionId = fileContents <common_secrets/onion/porani>; onionId = fileContents ../../private_assets/onion_id_porani;
publicKey = publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4="; "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
}; };

2
system/all/sshd.nix
View file

@ -11,7 +11,7 @@ with lib;
tools.enable = true; tools.enable = true;
sshd = { sshd = {
enable = true; enable = true;
rootKeyFiles = [ (toString <assets/ssh/card_rsa.pub>) ]; rootKeyFiles = [ (toString ../../assets/ssh/card_rsa.pub) ];
}; };
}; };

56
system/all/tinc.nix
View file

@ -22,24 +22,25 @@ in {
LocalDiscovery = yes LocalDiscovery = yes
AutoConnect = yes AutoConnect = yes
''; '';
privateEd25519KeyFile = toString <secrets/tinc/retiolum/ed25519_key>; privateEd25519KeyFile =
privateRsaKeyFile = toString <secrets/tinc/retiolum/rsa_key>; toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = { hosts = {
pepe = { pepe = {
tincIp = "10.243.23.1"; tincIp = "10.243.23.1";
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
}; };
sterni = { sterni = {
tincIp = "10.243.23.3"; tincIp = "10.243.23.3";
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
}; };
workhorse = { workhorse = {
tincIp = "10.243.23.5"; tincIp = "10.243.23.5";
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
}; };
workout = { workout = {
tincIp = "10.243.23.4"; tincIp = "10.243.23.4";
publicKey = lib.fileContents <assets/tinc/retiolum/host_file>; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
}; };
}; };
}; };
@ -51,31 +52,32 @@ in {
LocalDiscovery = yes LocalDiscovery = yes
AutoConnect = yes AutoConnect = yes
''; '';
privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>; privateEd25519KeyFile =
privateRsaKeyFile = toString <secrets/tinc/rsa_key>; toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = { hosts = {
sternchen = { sternchen = {
tincIp = "10.123.42.25"; tincIp = "10.123.42.25";
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>; # publicKey = lib.fileContents ../../assets/tinc/sterni_host_file;
publicKey = lib.fileContents <assets/tinc/sternchen_host_file>; publicKey = lib.fileContents ../../assets/tinc/sternchen_host_file;
}; };
sterni = { sterni = {
tincIp = "10.123.42.24"; tincIp = "10.123.42.24";
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>; # publicKey = lib.fileContents ../../assets/tinc/sterni_host_file;
publicKey = lib.fileContents <assets/tinc/workout_host_file>; publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
}; };
porani = { porani = {
tincIp = "10.123.42.31"; tincIp = "10.123.42.31";
publicKey = lib.fileContents <assets/tinc/porani_host_file>; publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
}; };
workhorse = { workhorse = {
tincIp = "10.123.42.21"; tincIp = "10.123.42.21";
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>; publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
}; };
sputnik = { sputnik = {
realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ]; realAddress = [ "static.247.134.201.195.clients.your-server.de:721" ];
tincIp = "10.123.42.122"; tincIp = "10.123.42.122";
publicKey = lib.fileContents <assets/tinc/sputnik_host_file>; publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
}; };
}; };
}; };
@ -85,33 +87,34 @@ in {
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
''; '';
privateEd25519KeyFile = toString <secrets/tinc/ed25519_key>; privateEd25519KeyFile =
privateRsaKeyFile = toString <secrets/tinc/rsa_key>; toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = { hosts = {
workout = { workout = {
tincIp = "10.23.42.27"; tincIp = "10.23.42.27";
publicKey = lib.fileContents <assets/tinc/workout_host_file>; publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
}; };
pepe = { pepe = {
tincIp = "10.23.42.26"; tincIp = "10.23.42.26";
publicKey = lib.fileContents <assets/tinc/pepe_host_file>; publicKey = lib.fileContents ../../assets/tinc/pepe_host_file;
}; };
sterni = { sterni = {
tincIp = "10.23.42.24"; tincIp = "10.23.42.24";
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>; # publicKey = lib.fileContents ../../assets/tinc/sterni_host_file;
publicKey = lib.fileContents <assets/tinc/workout_host_file>; publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
}; };
mobi = { mobi = {
tincIp = "10.23.42.23"; tincIp = "10.23.42.23";
publicKey = lib.fileContents <assets/tinc/mobi_host_file>; publicKey = lib.fileContents ../../assets/tinc/mobi_host_file;
}; };
#porani = { #porani = {
# tincIp = "10.23.42.31"; # tincIp = "10.23.42.31";
# publicKey = lib.fileContents <assets/tinc/porani_host_file>; # publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
#}; #};
workhorse = { workhorse = {
tincIp = "10.23.42.21"; tincIp = "10.23.42.21";
publicKey = lib.fileContents <assets/tinc/workhorse_host_file>; publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
}; };
sputnik = { sputnik = {
realAddress = [ realAddress = [
@ -121,12 +124,15 @@ in {
"static.247.134.201.195.clients.your-server.de:443" "static.247.134.201.195.clients.your-server.de:443"
]; ];
tincIp = "10.23.42.122"; tincIp = "10.23.42.122";
publicKey = lib.fileContents <assets/tinc/sputnik_host_file>; publicKey = lib.fileContents ../../assets/tinc/sputnik_host_file;
}; };
}; };
}; };
}; };
sops.secrets.tinc_ed25519_key = { };
sops.secrets.tinc_rsa_key = { };
# retiolum stuff # retiolum stuff
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts"); networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
systemd.services."tinc.retiolum" = { systemd.services."tinc.retiolum" = {

2
system/desktop/audio.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
library = import <library> { inherit pkgs lib; }; library = import ../../library { inherit pkgs lib; };
mixxxBin = pkgs.writeShellScriptBin "mixxx" mixxxBin = pkgs.writeShellScriptBin "mixxx"
"${pkgs.mixxx}/bin/mixxx --settingsPath ${config.users.users.mainUser.home}/music-library/mixxx"; "${pkgs.mixxx}/bin/mixxx --settingsPath ${config.users.users.mainUser.home}/music-library/mixxx";

2
system/desktop/default.nix
View file

@ -12,7 +12,7 @@
./dnsmasq.nix ./dnsmasq.nix
./home-manager.nix ./home-manager.nix
./mail-stuff.nix ./mail-stuff.nix
./mc.nix #./mc.nix
./network.nix ./network.nix
./packages.nix ./packages.nix
./pass.nix ./pass.nix

6
system/desktop/home-manager.nix
View file

@ -99,8 +99,8 @@ in {
programs.htop = { programs.htop = {
enable = true; enable = true;
highlightBaseName = true; settings.highlight_base_name = true;
treeView = true; settings.tree_view = true;
}; };
xdg.configFile."albert/albert.conf".text = '' xdg.configFile."albert/albert.conf".text = ''
@ -223,7 +223,7 @@ in {
}; };
environment.systemPackages = let environment.systemPackages = let
library = import <library> { inherit pkgs lib; }; library = import ../../library { inherit pkgs lib; };
fixKeyboard = pkgs.writeScriptBin "fix-Keyboard" # sh fixKeyboard = pkgs.writeScriptBin "fix-Keyboard" # sh
'' ''

12
system/desktop/home-manager/doom-emacs.nix
View file

@ -1,15 +1,5 @@
{ pkgs, ... }: { pkgs, ... }: {
let
doom-emacs = pkgs.callPackage (builtins.fetchTarball {
url = "https://github.com/vlaci/nix-doom-emacs/archive/master.tar.gz";
}) {
doomPrivateDir = ./doom.d;
# Directory containing your config.el init.el
# and packages.el files
};
in {
home-manager.users.mainUser = { home-manager.users.mainUser = {
home.packages = [ doom-emacs ];
home.file.".emacs.d/init.el".text = '' home.file.".emacs.d/init.el".text = ''
(load "default.el") (load "default.el")
''; '';

3
system/desktop/home-manager/spacemacs.nix
View file

@ -14,15 +14,12 @@ let
ticks = "\"''\""; ticks = "\"''\"";
unstable = import <nixpkgs-unstable> { };
in { in {
environment.systemPackages = [ environment.systemPackages = [
# needed for the SPC p g # needed for the SPC p g
pkgs.universal-ctags pkgs.universal-ctags
pkgs.nodePackages.tern pkgs.nodePackages.tern
#unstable.emacs
pkgs.emacs pkgs.emacs
]; ];

2
system/desktop/mc.nix
View file

@ -327,7 +327,7 @@ in {
paths = [ paths = [
(pkgs.writers.writeDashBin "mc" '' (pkgs.writers.writeDashBin "mc" ''
export MC_DATADIR=${ export MC_DATADIR=${
pkgs.write "mc-ext" { pkgs.writers.write "mc-ext" {
"/mc.ext".link = mcExt; "/mc.ext".link = mcExt;
"/sfs.ini".text = ""; "/sfs.ini".text = "";
} }

6
system/desktop/network.nix
View file

@ -1,12 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
system.custom.wifi = { system.custom.wifi = {
enable = true; enable = true;
configurationFile = toString <desktop_secrets/wpa_supplicant>;
system = "networkmanager"; system = "networkmanager";
}; };
environment.etc."NetworkManager/system-connections".source =
toString <desktop_secrets/network-manager/system-connections>;
} }

12
system/desktop/packages.nix
View file

@ -4,9 +4,7 @@ with lib;
let let
unstablePkgs = import <nixpkgs-unstable> { }; library = import ../../library { inherit pkgs lib; };
library = import <library> { inherit pkgs lib; };
allLicenses = let allLicenses = let
licenses = builtins.map licenses = builtins.map
@ -36,7 +34,7 @@ let
''; '';
#zettlr = unstablePkgs.zettlr; #zettlr = unstablePkgs.zettlr;
parseUrl = pkgs.writeBashBin "parseUrl" '' parseUrl = pkgs.writers.writeBashBin "parseUrl" ''
echo "$@" | \ echo "$@" | \
${pkgs.jq}/bin/jq --raw-input --raw-output ' ${pkgs.jq}/bin/jq --raw-input --raw-output '
def parseURL: capture( "^((?<scheme>[^:/?#]+):)?(//(?<authority>(?<domain>[^/?#:]*)(:(?<port>[0-9]*))?))?((?<path>[^?#]*)\\?)?((?<query>([^#]*)))?(#(?<fragment>(.*)))?"); def parseURL: capture( "^((?<scheme>[^:/?#]+):)?(//(?<authority>(?<domain>[^/?#:]*)(:(?<port>[0-9]*))?))?((?<path>[^?#]*)\\?)?((?<query>([^#]*)))?(#(?<fragment>(.*)))?");
@ -44,7 +42,7 @@ let
' '
''; '';
parseAndCopyLink = pkgs.writeBashBin "parseAndCopyLink" '' parseAndCopyLink = pkgs.writers.writeBashBin "parseAndCopyLink" ''
${parseUrl}/bin/parseUrl "$@" | \ ${parseUrl}/bin/parseUrl "$@" | \
${pkgs.jq}/bin/jq --raw-output '"\(.scheme)://\(.domain)\(.path)"' | \ ${pkgs.jq}/bin/jq --raw-output '"\(.scheme)://\(.domain)\(.path)"' | \
${pkgs.xclip}/bin/xclip ${pkgs.xclip}/bin/xclip
@ -344,9 +342,9 @@ in {
ffmpeg ffmpeg
(writeShellScriptBin "shrink-exports" (writeShellScriptBin "shrink-exports"
(fileContents <assets/shrink_exports>)) (fileContents ../../assets/shrink_exports))
(writeShellScriptBin "music-making" (writeShellScriptBin "music-making"
(fileContents <assets/music-making.sh>)) (fileContents ../../assets/music-making.sh))
replaceLinks replaceLinks
youtube-dl youtube-dl

6
system/desktop/wtf.nix
View file

@ -1,8 +1,6 @@
{ pkgs, lib, config, ... }: { pkgs, lib, config, ... }:
let let
unstable = import <nixpkgs-unstable> { };
networkStatus = let networkStatus = let
q-online = '' q-online = ''
@ -385,7 +383,7 @@ let
createDashboard = { json, name }: createDashboard = { json, name }:
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json); let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in pkgs.writers.writeBashBin name '' in pkgs.writers.writeBashBin name ''
${unstable.wtf}/bin/wtfutil --config=${toString configuration} ${pkgs.unstable.wtf}/bin/wtfutil --config=${toString configuration}
''; '';
in { in {
@ -393,7 +391,7 @@ in {
services.upower.enable = true; services.upower.enable = true;
environment.systemPackages = [ environment.systemPackages = [
unstable.wtf pkgs.unstable.wtf
(createDashboard { (createDashboard {
json = qJson; json = qJson;
name = "q"; name = "q";

7
system/desktop/yubikey.nix
View file

@ -1,7 +1,7 @@
# References: # References:
# * https://github.com/drduh/YubiKey-Guide # * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey # * https://nixos.wiki/wiki/Yubikey
{ pkgs, ... }: { { config, pkgs, ... }: {
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [ services.udev.packages = [
@ -50,5 +50,8 @@
# use for pam (sudo) # use for pam (sudo)
# -------------------------- # --------------------------
security.pam.u2f.enable = true; security.pam.u2f.enable = true;
security.pam.u2f.authFile = toString <desktop_secrets/yubikey/u2fAuthFile>; security.pam.u2f.authFile =
toString config.sops.secrets.yubikey_u2fAuthFile.path;
sops.secrets.yubikey_u2fAuthFile = { };
} }

2
system/server/packages.nix
View file

@ -5,7 +5,7 @@
nginxShowConfig = pkgs.writers.writePython3Bin "nginx-show-config" { nginxShowConfig = pkgs.writers.writePython3Bin "nginx-show-config" {
flakeIgnore = [ "E265" "E225" "W292" ]; flakeIgnore = [ "E265" "E225" "W292" ];
} (lib.fileContents <assets/nginx-show-config.sh>); } (lib.fileContents ../../assets/nginx-show-config.sh);
in [ in [
pkgs.mosh pkgs.mosh