palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

workhorse done and nixpkgs-fmt

Browse source
This commit is contained in:
Ingolf Wagner 2021-11-01 09:20:42 +01:00
parent 87be340dfa
commit fc33e57a54
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
124 changed files with 3142 additions and 2590 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
flake.nix
View file

@ -19,7 +19,8 @@
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
writeCommand = krops.packages.${system}.writeCommand;
in {
in
{
# deploy like this:
# nix run ".#deploy.sterni"
apps.${system}.deploy = pkgs.callPackage ./nixos/krops.nix {

3
nixos/configs/pepe/dms.nix
View file

@ -11,7 +11,8 @@ let
rev = "2f5c44f017bdfd8abfe908d419ef26bac300f809";
sha256 = "0dxhk1ah6wwbsxyk4hd32rz7886w7r5gfy16485gjbvky1qsi8gd";
};
in {
in
{
# setup ftp
services.vsftpd = {

9
nixos/configs/pepe/hardware-configuration.nix
View file

@ -4,9 +4,11 @@
{ modulesPath, config, lib, pkgs, ... }:
{
imports = [ "${modulesPath}/installer/scan/not-detected.nix"
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
(let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61";
(
let mediaUUID = "29ebe5ba-7599-4dd3-99a3-37b9bf8e4d61";
in {
fileSystems."/media" = {
device = "/dev/disk/by-uuid/${mediaUUID}";
@ -25,7 +27,8 @@
what = "/dev/disk/by-uuid/${mediaUUID}";
where = "/media";
}];
})
}
)
];
boot.initrd.availableKernelModules =

9
nixos/configs/pepe/home-assistant.nix
View file

@ -154,7 +154,8 @@
{
alias = "reset everything when back home";
trigger = map (entity_id: {
trigger = map
(entity_id: {
platform = "state";
entity_id = entity_id;
from = "off";
@ -185,7 +186,8 @@
];
group = let
group =
let
create_room = { name, description }: {
"${name}" = {
name = "${description}";
@ -196,7 +198,8 @@
lib.foldr (a: b: a // b) { } (map create_room rooms);
# rooms
# -----
in (create_rooms [
in
(create_rooms [
{
name = "floor_room";
description = "Flur";

3
nixos/configs/pepe/home-assistant/chaospott.nix
View file

@ -5,7 +5,8 @@ let
folderPath = config.services.home-assistant.configDir;
filePath = "${folderPath}/${name}.json";
in {
in
{
services.homeAssistantConfig = {
sensor = [

12
nixos/configs/pepe/home-assistant/light-control.nix
View file

@ -66,7 +66,8 @@
[ "zigbee2mqtt/motion_sensor_7" "zigbee2mqtt/door_sensor_4" ];
}
];
sensors = let
sensors =
let
door = { topic, room }: {
topic = topic;
key = "contact";
@ -80,7 +81,8 @@
room = room;
delay = 60;
};
in [
in
[
(motion {
topic = "zigbee2mqtt/motion_sensor_1";
@ -126,7 +128,8 @@
})
];
switches = let
switches =
let
sonoff = { id, rooms, delay ? 0 }: {
topic = "stat/${id}/RESULT";
key = "POWER";
@ -167,7 +170,8 @@
off = "OFF";
};
};
in [
in
[
(light {
topic = "zigbee2mqtt/light_2";

36
nixos/configs/pepe/home-assistant/sonoff.nix
View file

@ -39,7 +39,8 @@ let
toSwitch = name: "switch.${name}";
in {
in
{
imports = [ ./mqtt.nix ];
@ -47,18 +48,21 @@ in {
# nicer names
# -----------
homeassistant.customize = lib.mapAttrs' (entity:
homeassistant.customize = lib.mapAttrs'
(entity:
{ label, icon ? "mdi:power-plug-off", ... }: {
name = toSwitch entity;
value = {
friendly_name = label;
icon = icon;
};
}) sonoffSwitches;
})
sonoffSwitches;
# define switches
# ---------------
switch = lib.mapAttrsToList (name:
switch = lib.mapAttrsToList
(name:
{ ... }: {
name = name;
platform = "mqtt";
@ -68,7 +72,8 @@ in {
payload_off = "OFF";
state_on = "ON";
state_off = "OFF";
}) sonoffSwitches;
})
sonoffSwitches;
# discover state on init
# ----------------------
@ -78,27 +83,34 @@ in {
platform = "homeassistant";
event = "start";
};
action = lib.mapAttrsToList (name:
action = lib.mapAttrsToList
(name:
{ ... }: {
service = "mqtt.publish";
data = {
topic = "cmnd/${lib.toUpper name}/power";
payload = "";
};
}) sonoffSwitches;
})
sonoffSwitches;
}];
# append to groups
# ----------------
group = let
group =
let
# sort lights into given groups.
sortedInGroups = let
groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name:
sortedInGroups =
let
groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList
(name:
{ groups ? [ ], ... }:
map (groupName: { "${groupName}" = "switch.${name}"; }) groups)
sonoffSwitches));
in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries;
in sortedInGroups;
in
lib.mapAttrs (name: entities: { inherit entities; }) groupEntries;
in
sortedInGroups;
};
}

27
nixos/configs/pepe/home-assistant/stocks.nix
View file

@ -27,10 +27,12 @@ let
cleanup_list = list: lib.filter (entry: entry != { }) (lib.flatten list);
in {
in
{
services.homeAssistantConfig = {
sensor = cleanup_list (map ({ name, currency, own ? { }, ... }: [
sensor = cleanup_list (map
({ name, currency, own ? { }, ... }: [
{
platform = "file";
name = "stock_${name}";
@ -60,7 +62,8 @@ in {
toString (own.pieces * own.price)
} ) }} ${currency}'';
})
]) stocks);
])
stocks);
homeassistant = {
whitelist_external_dirs = [ folderPath ];
@ -94,7 +97,8 @@ in {
friendly_name = "Profit";
};
})
]) stocks));
])
stocks));
};
group = (builtins.listToAttrs (map
@ -108,11 +112,13 @@ in {
"sensor.stock_${name}_change_percent"
] ++ (lib.optional (own != { }) "sensor.stock_${name}_profit");
};
}) stocks));
})
stocks));
};
systemd.services = let
systemd.services =
let
pullService = { name, symbol, currency, ... }: {
name = "pull_stock_${name}";
value = {
@ -154,9 +160,11 @@ in {
'';
};
};
in builtins.listToAttrs (map pullService stocks);
in
builtins.listToAttrs (map pullService stocks);
systemd.timers = let
systemd.timers =
let
pullTimer = { name, ... }: {
name = "pull_stock_${name}";
value = {
@ -168,6 +176,7 @@ in {
};
};
};
in builtins.listToAttrs (map pullTimer stocks);
in
builtins.listToAttrs (map pullTimer stocks);
}

3
nixos/configs/pepe/home-assistant/workday.nix
View file

@ -11,7 +11,8 @@ let
#];
holidays = lib.flatten (privateHolidays holiday-range);
in {
in
{
services.homeAssistantConfig = {
binary_sensor = [

72
nixos/configs/pepe/home-assistant/zigbee2mqtt/buttons.nix
View file

@ -32,24 +32,29 @@ let
};
};
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
retain = false;
friendly_name = name;
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
# define input_boolean
# --------------------
# which get toggled by the buttons
input_boolean = let stripEmpty = lib.filter (a: a != { });
in builtins.listToAttrs (stripEmpty (lib.flatten (lib.mapAttrsToList (name:
input_boolean =
let stripEmpty = lib.filter (a: a != { });
in builtins.listToAttrs (stripEmpty (lib.flatten (lib.mapAttrsToList
(name:
{ states ? { }, ... }: [
(lib.optionalAttrs (!lib.hasAttr "single" states) {
name = "single_${name}";
@ -63,10 +68,12 @@ in {
name = "hold_${name}";
value = { icon = "mdi:toggle-switch"; };
})
]) allDevices)));
])
allDevices)));
# define meta information sensors
sensor = lib.flatten (lib.mapAttrsToList (name:
sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [
{
platform = "mqtt";
@ -94,9 +101,11 @@ in {
unit_of_measurement = "lqi";
value_template = "{{ value_json.linkquality }}";
}
]) allDevices);
])
allDevices);
binary_sensor = lib.mapAttrsToList (name:
binary_sensor = lib.mapAttrsToList
(name:
{ ... }: {
name = name;
platform = "mqtt";
@ -106,7 +115,8 @@ in {
payload_on = true;
payload_off = false;
value_template = "{{ value_json.occupancy }}";
}) allDevices;
})
allDevices;
# create groups
# -------------
@ -144,17 +154,21 @@ in {
# create automation
# -----------------
automation = let
automation =
let
# single click
toggle_single_button_input = lib.mapAttrsToList (name:
toggle_single_button_input = lib.mapAttrsToList
(name:
{ states ? { }, ... }:
let
entityId = if (lib.hasAttr "single" states) then
entityId =
if (lib.hasAttr "single" states) then
states.single
else
"input_boolean.single_${name}";
in {
in
{
alias = "toggle single click ${name}";
trigger = {
platform = "mqtt";
@ -168,17 +182,21 @@ in {
service = "input_boolean.toggle";
data.entity_id = entityId;
};
}) allDevices;
})
allDevices;
# double click
toggle_double_button_input = lib.mapAttrsToList (name:
toggle_double_button_input = lib.mapAttrsToList
(name:
{ states ? { }, ... }:
let
entityId = if (lib.hasAttr "double" states) then
entityId =
if (lib.hasAttr "double" states) then
states.double
else
"input_boolean.double_${name}";
in {
in
{
alias = "toggle double click ${name}";
trigger = {
platform = "mqtt";
@ -192,17 +210,21 @@ in {
service = "input_boolean.toggle";
data.entity_id = entityId;
};
}) allDevices;
})
allDevices;
# hold
toggle_hold_button_input = lib.mapAttrsToList (name:
toggle_hold_button_input = lib.mapAttrsToList
(name:
{ states ? { }, ... }:
let
entityId = if (lib.hasAttr "hold" states) then
entityId =
if (lib.hasAttr "hold" states) then
states.hold
else
"input_boolean.hold_${name}";
in {
in
{
alias = "toggle hold ${name}";
trigger = {
platform = "mqtt";
@ -216,9 +238,11 @@ in {
service = "input_boolean.toggle";
data.entity_id = entityId;
};
}) allDevices;
})
allDevices;
in lib.flatten (toggle_single_button_input ++ toggle_double_button_input
in
lib.flatten (toggle_single_button_input ++ toggle_double_button_input
++ toggle_hold_button_input);
};

42
nixos/configs/pepe/home-assistant/zigbee2mqtt/doors.nix
View file

@ -10,21 +10,25 @@ let
"door_sensor_5" = { id = "0x00158d0003120d3e"; };
};
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
retain = false;
friendly_name = name;
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
# define meta information sensors
sensor = lib.flatten (lib.mapAttrsToList (name:
sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [
{
name = "battery_${name}";
@ -44,9 +48,11 @@ in {
unit_of_measurement = "lqi";
value_template = "{{ value_json.linkquality }}";
}
]) allDevices);
])
allDevices);
binary_sensor = lib.mapAttrsToList (name:
binary_sensor = lib.mapAttrsToList
(name:
{ ... }: {
name = name;
platform = "mqtt";
@ -56,28 +62,36 @@ in {
payload_on = false;
payload_off = true;
value_template = "{{ value_json.contact}}";
}) allDevices;
})
allDevices;
# create groups
# -------------
group = let
group =
let
# to have nice panels for every device
sensorGroups = lib.mapAttrs (name:
sensorGroups = lib.mapAttrs
(name:
{ ... }: {
entities = [
"binary_sensor.${name}"
"sensor.battery_${name}"
"sensor.link_${name}"
];
}) allDevices;
})
allDevices;
# sort lights into given groups.
sortedInGroups = let
groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList (name:
sortedInGroups =
let
groupEntries = lib.zipAttrs (lib.flatten (lib.mapAttrsToList
(name:
{ groups ? [ ], ... }:
map (groupName: { "${groupName}" = "binary_sensor.${name}"; }) groups)
allDevices));
in lib.mapAttrs (name: entities: { inherit entities; }) groupEntries;
in sortedInGroups // sensorGroups // {
in
lib.mapAttrs (name: entities: { inherit entities; }) groupEntries;
in
sortedInGroups // sensorGroups // {
all_sensors.entities =
lib.mapAttrsToList (name: { ... }: "binary_sensor.${name}") allDevices;
};

15
nixos/configs/pepe/home-assistant/zigbee2mqtt/fyrtur.nix
View file

@ -11,9 +11,11 @@ let
# -t "zigbee2mqtt/fyrtur1/set" -m '{"position":100}'
# -t "zigbee2mqtt/fyrtur1/set" -m '{"position":15}'
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
@ -21,11 +23,13 @@ in {
friendly_name = name;
transition = 0.1;
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
sensor = lib.flatten (lib.mapAttrsToList (name:
sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [
{
name = "battery_${name}";
@ -45,7 +49,8 @@ in {
unit_of_measurement = "lqi";
value_template = "{{ value_json.linkquality }}";
}
]) allDevices);
])
allDevices);
};

15
nixos/configs/pepe/home-assistant/zigbee2mqtt/heater.nix
View file

@ -12,9 +12,11 @@ let
# -t "zigbee2mqtt/heater3/set" -m '{"system_mode":"auto","current_heating_setpoint":23}'
# -t "zigbee2mqtt/heater3/set" -m '{"system_mode":"off"}'
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
@ -32,11 +34,13 @@ in {
#"unoccupied_heating_setpoint"
];
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
sensor = lib.flatten (lib.mapAttrsToList (name:
sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [
{
name = "battery_${name}";
@ -73,7 +77,8 @@ in {
unit_of_measurement = "%";
value_template = "{{ value_json.pi_heating_demand }}";
}
]) allDevices);
])
allDevices);
};

15
nixos/configs/pepe/home-assistant/zigbee2mqtt/leds.nix
View file

@ -11,9 +11,11 @@ let
# -t "zigbee2mqtt/led_1/set" -m '{"state":"OFF","transition":0, "color_temp":255}'
# -t "zigbee2mqtt/led_1/set" -m '{"state":"ON","brightness":255,"color":{"hex":"#00FFFF"}}'
# -t "zigbee2mqtt/led_1/set" -m '{"state":"OFF"}'
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
@ -21,11 +23,13 @@ in {
friendly_name = name;
transition = 1;
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
light = lib.mapAttrsToList (name:
light = lib.mapAttrsToList
(name:
{ ... }: {
platform = "mqtt";
name = name;
@ -36,7 +40,8 @@ in {
brightness = true;
color_temp = true;
schema = "json";
}) allDevices;
})
allDevices;
};

15
nixos/configs/pepe/home-assistant/zigbee2mqtt/lights.nix
View file

@ -13,9 +13,11 @@ let
"light_8" = { id = "0x7cb03eaa0a0384d3"; };
};
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
@ -23,11 +25,13 @@ in {
friendly_name = name;
osram_set_transition = 2; # time in seconds (integer or float)
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
light = lib.mapAttrsToList (name:
light = lib.mapAttrsToList
(name:
{ ... }: {
platform = "mqtt";
name = name;
@ -38,7 +42,8 @@ in {
brightness = true;
color_temp = true;
schema = "json";
}) allDevices;
})
allDevices;
# sensor = with lib;
# mapAttrsToList (name:

21
nixos/configs/pepe/home-assistant/zigbee2mqtt/motion.nix
View file

@ -14,9 +14,11 @@ let
"motion_sensor_8" = { id = "0x00158d0002f04637"; };
};
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, timeout ? 65, ... }: {
name = id;
value = {
@ -25,12 +27,14 @@ in {
# should not be set below 60 seconds
occupancy_timeout = timeout;
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
# define meta information sensors
binary_sensor = lib.flatten (lib.mapAttrsToList (name:
binary_sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [{
name = "${name}";
platform = "mqtt";
@ -41,10 +45,12 @@ in {
payload_on = true;
payload_off = false;
device_class = "motion";
}]) allDevices);
}])
allDevices);
# define meta information sensors
sensor = lib.flatten (lib.mapAttrsToList (name:
sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [
{
name = "battery_${name}";
@ -64,6 +70,7 @@ in {
unit_of_measurement = "lqi";
value_template = "{{ value_json.linkquality }}";
}
]) allDevices);
])
allDevices);
};
}

9
nixos/configs/pepe/home-assistant/zigbee2mqtt/repeater.nix
View file

@ -9,10 +9,13 @@ let
"repeater4" = { id = "0x680ae2fffe8e2e71"; };
};
in {
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = { friendly_name = name; };
}) allDevices;
})
allDevices;
}

3
nixos/configs/pepe/home-assistant/zigbee2mqtt/service.nix
View file

@ -26,7 +26,8 @@ let
# is copied from the store on startup
devices = "devices.yaml";
};
in {
in
{
options.custom.services.zigbee2mqtt = {
enable = mkEnableOption "enable zigbee2mqtt service";

15
nixos/configs/pepe/home-assistant/zigbee2mqtt/temperatur.nix
View file

@ -13,21 +13,25 @@ let
};
};
in {
in
{
services.zigbee2mqttConfiguration = lib.mapAttrs' (name:
services.zigbee2mqttConfiguration = lib.mapAttrs'
(name:
{ id, ... }: {
name = id;
value = {
retain = false;
friendly_name = name;
};
}) allDevices;
})
allDevices;
services.homeAssistantConfig = {
# define meta information sensors
sensor = lib.flatten (lib.mapAttrsToList (name:
sensor = lib.flatten (lib.mapAttrsToList
(name:
{ ... }: [
{
platform = "mqtt";
@ -74,7 +78,8 @@ in {
unit_of_measurement = "lqi";
value_template = "{{ value_json.linkquality }}";
}
]) allDevices);
])
allDevices);
# create groups
# -------------

3
nixos/configs/pepe/lan.nix
View file

@ -5,7 +5,8 @@ let
ipAddress = "10.1.0.2";
prefixLength = 24;
in {
in
{
networking.extraHosts = ''
10.1.0.1 workout.lan

3
nixos/configs/pepe/wifi-access-point.nix
View file

@ -10,7 +10,8 @@ let
ssid = "palosiot";
wifiPassword = lib.fileContents <secrets/iot_wifi>;
in {
in
{
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];

6
nixos/configs/porani/hardware-configuration.nix
View file

@ -27,7 +27,8 @@
# automount
# ---------
(let mediaUUID = "3d106f56-89e5-400d-9d6b-1dd957919548";
(
let mediaUUID = "3d106f56-89e5-400d-9d6b-1dd957919548";
in {
fileSystems."/media" = {
device = "/dev/disk/by-uuid/${mediaUUID}";
@ -46,7 +47,8 @@
what = "/dev/disk/by-uuid/${mediaUUID}";
where = "/media";
}];
})
}
)
];
# NTFS support

7
nixos/configs/porani/syncthing.nix
View file

@ -54,7 +54,12 @@
after = [ "media.mount" ];
};
users.groups."syncthing".members = [ mpd" "syncthing" "kodi" "palo" ];
users.groups."syncthing".members = [
"mpd"
"syncthing"
"kodi"
"palo"
];
backup.dirs = [ "/var/lib/syncthing/finance" ];

3
nixos/configs/porani/wifi-access-point.nix
View file

@ -8,7 +8,8 @@ let
ssid = "palosiot";
wifiPassword = lib.fileContents <secrets/iot_wifi>;
in {
in
{
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];

4
nixos/configs/porani/wifi-networking.nix
View file

@ -1,4 +1,2 @@
{ config, lib, ... }:
{
}
{ }

3
nixos/configs/sputnik/iodined.nix
View file

@ -3,7 +3,8 @@ let
domain = "io.ingolf-wagner.de";
publicIp = "195.201.134.247";
pw = import <secrets/iodinepw.nix>;
in {
in
{
services.iodine.server = {
enable = true;

6
nixos/configs/sputnik/nginx.nix
View file

@ -28,7 +28,8 @@ let
root = "${errorPages}/";
};
};
in {
in
{
networking.firewall.allowedTCPPorts =
[ 80 443 4443 config.services.taskserver.listenPort ];
@ -439,7 +440,8 @@ in {
systemd.services."socat-taskd" = {
wantedBy = [ "multi-user.target" ];
script = let port = toString config.services.taskserver.listenPort;
script =
let port = toString config.services.taskserver.listenPort;
in ''
${pkgs.socat}/bin/socat TCP-LISTEN:${port},fork TCP:workhorse.private:${port}
'';

3
nixos/configs/sternchen/wifi-access-point.nix
View file

@ -8,7 +8,8 @@ let
ssid = "bumbumbum";
wifiPassword = lib.fileContents <secrets/wifi-access-point>;
in {
in
{
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];

3
nixos/configs/sterni/packages.nix
View file

@ -9,7 +9,8 @@ let
https://nextcloud.ingolf-wagner.de/remote.php/webdav/${folder}
'';
in {
in
{
environment.systemPackages = with pkgs; [

3
nixos/configs/sterni/wifi-access-point.nix
View file

@ -8,7 +8,8 @@ let
ssid = "bumbumbum";
wifiPassword = lib.fileContents <secrets/wifi-access-point>;
in {
in
{
# todo only open needed ports
networking.firewall.trustedInterfaces = [ wifi ];

3
nixos/configs/workhorse/castget.nix
View file

@ -3,7 +3,8 @@ let
home = "/home/syncthing/podcasts";
in {
in
{
custom.services.castget = {
enable = true;
user = "root";

9
nixos/configs/workhorse/finance.nix
View file

@ -20,7 +20,8 @@ let
stocks = import ../../private_assets/finance/stocks;
stocksFile = toString /home/syncthing/finance/hledger/stocks.journal;
in {
in
{
systemd.services.pull_stocks = {
enable = true;
@ -30,7 +31,8 @@ in {
Type = "oneshot";
};
script = let
script =
let
command = { symbol, name, currency, ... }: ''
APIKEY=${lib.fileContents ../../private_assets/finance/alphavantage/apiKey}
SYMBOL="${symbol}"
@ -41,7 +43,8 @@ in {
>> ${stocksFile}
sleep 1
'';
in lib.concatStringsSep "\n" (map command stocks);
in
lib.concatStringsSep "\n" (map command stocks);
};
systemd.timers.pull_stocks = {

3
nixos/configs/workhorse/gogs.nix
View file

@ -28,7 +28,8 @@ let
};
};
in {
in
{
services.nginx = {
enable = true;

12
nixos/configs/workhorse/hardware-configuration.nix
View file

@ -70,7 +70,8 @@ in {
imports = [
# automount
# ---------
(let mediaUUID = "b8ba192e-e2aa-47dd-85ec-dcf97ec9310a";
(
let mediaUUID = "b8ba192e-e2aa-47dd-85ec-dcf97ec9310a";
in {
fileSystems."/media" = {
device = "/dev/disk/by-uuid/${mediaUUID}";
@ -89,9 +90,11 @@ in {
what = "/dev/disk/by-uuid/${mediaUUID}";
where = "/media";
}];
})
}
)
(let backupUUID = "f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89";
(
let backupUUID = "f7fa1c0e-ac9f-4955-b4bd-644c1ddb0d89";
in {
fileSystems."/backup" = {
device = "/dev/disk/by-uuid/${backupUUID}";
@ -110,7 +113,8 @@ in {
what = "/dev/disk/by-uuid/${backupUUID}";
where = "/backup";
}];
})
}
)
];
}

21
nixos/configs/workhorse/jenkins.nix
View file

@ -9,7 +9,8 @@ let
sync-repo = library.jenkins.syncJob;
job = library.jenkins.job;
in {
in
{
environment.systemPackages = [ pkgs.cabal-install ];
@ -62,7 +63,8 @@ in {
accessUser = "admin";
# https://docs.openstack.org/infra/jenkins-job-builder/definition.html#modules
nixJobs = let
nixJobs =
let
# ssh username + key
gogs-id = "bc584c99-0fb7-43fb-af75-4076d64c51b2";
# ssh username + key
@ -71,17 +73,21 @@ in {
sshSputnik = "d91eb57c-5bff-434c-b317-68aad46848d7";
sync-to-github = name: source: target:
sync-repo name {
sync-repo name
{
url = source;
credentialsId = gogs-id;
} {
}
{
url = target;
credentialsId = github-id;
};
in [
in
[
(job "sync-retiolum" {
(job "sync-retiolum"
{
url = "git@github.com:krebs/retiolum.git";
credentialsId = github-id;
triggers = [{ timed = "H/30 * * * *"; }];
@ -112,7 +118,8 @@ in {
}
])
(job "test-taskninja" {
(job "test-taskninja"
{
url = "ssh://gogs@workhorse.private:2222/palo/taskninja.git";
credentialsId = gogs-id;
} [

6
nixos/configs/workhorse/jupyter.nix
View file

@ -9,7 +9,8 @@
#NOTE: you need to keep the single quote inside nix string.
password = "'sha1:1b961dc713fb:88483270a63e57d18d43cf337e629539de1436ba'";
kernels = {
python3 = let
python3 =
let
env = (pkgs.python3.withPackages (pythonPackages:
with pythonPackages; [
ipykernel
@ -29,7 +30,8 @@
# pdf export
nbconvert
]));
in {
in
{
displayName = "Python 3";
argv = [
"${env.interpreter}"

65
nixos/configs/workhorse/mail-fetcher.nix
View file

@ -364,17 +364,17 @@ let
}
];
notmuchTagging = let
notmuchTagging =
let
template = index:
{ tags, query, message ? "generic", ... }:
let
command = ''
${pkgs.notmuch}/bin/notmuch tag ${
lib.concatStringsSep " " tags
} -- "${query}"
${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}"
'';
in ''
in
''
echo '${command}'
${command}
'';
@ -385,10 +385,12 @@ let
message = "generic junk filter";
};
in pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n"
in
pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n"
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
notmuchTaggingNew = let
notmuchTaggingNew =
let
template = index:
{ tags, query, message ? "generic", ... }:
@ -398,7 +400,8 @@ let
lib.concatStringsSep " " tags
} -- "${query} AND tag:new"
'';
in ''
in
''
echo '${command}'
${command}
'';
@ -409,10 +412,12 @@ let
query = query;
message = "generic junk filter";
};
in pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n"
in
pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n"
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
in {
in
{
backup.dirs = [ "/home/mailfetcher" ];
@ -431,12 +436,30 @@ in {
name = "mailfetcher";
};
sops.secrets.mail_terranix.owner = "mailUser";
sops.secrets.mail_gmail.owner = "mailUser";
sops.secrets.mail_gmx_palo.owner = "mailUser";
sops.secrets.mail_gmx_ingolf.owner = "mailUser";
sops.secrets.mail_web.owner = "mailUser";
sops.secrets.mail_siteground.owner = "mailUser";
sops.secrets.mail_terranix = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmail = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmx_palo = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_gmx_ingolf = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_web = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
sops.secrets.mail_siteground = {
owner = config.users.users.mailUser.name;
group = config.users.users.mailUser.group;
};
environment.systemPackages = [ pkgs.muchsync ];
@ -598,7 +621,8 @@ in {
echo "tag threads with ${tag}"
${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag})
'';
in {
in
{
enable = true;
serviceConfig = { User = config.users.users.mailUser.name; };
environment.NOTMUCH_CONFIG =
@ -607,7 +631,6 @@ in {
echo "run mbsync"
${pkgs.isync}/bin/mbsync \
--all
echo "run getmail"
${pkgs.getmail}/bin/getmail \
--quiet \
@ -619,8 +642,6 @@ in {
${threadTag "muted"}
${threadTag "wohnung"}
${threadTag "flagged"}
echo "delete threads"
${pkgs.notmuch}/bin/notmuch tag +deleted $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:deleted)
'';
};
systemd.timers.fetchmail = {
@ -635,9 +656,5 @@ in {
enable = true;
new.tags = [ "unread" "inbox" "new" ];
};
#home-manager.users.mailUser.home.file."notmuch" = {
# source = "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
# target = ".notmuch-config";
#};
}

3
nixos/configs/workhorse/mining.nix
View file

@ -7,7 +7,8 @@ let
rig = config.networking.hostName;
recheckInterval = 2000;
package = pkgs.ethminer;
in {
in
{
systemd.services.ethminer = {
description = "ethminer ethereum mining service";

25
nixos/configs/workhorse/nextcloud.nix
View file

@ -4,11 +4,22 @@ let
hostAddress = "192.168.100.10";
containerAddress = "192.168.100.11";
#syncthingGid = config.users.groups.syncthing.gid;
nextcloudUid = 1000;
in {
in
{
sops.secrets.nextcloud_database_password = {};
sops.secrets.nextcloud_root_password = {};
sops.secrets.nextcloud_database_password = {
owner = "nextcloud";
};
sops.secrets.nextcloud_root_password = {
owner = "nextcloud";
};
users.users.nextcloud = {
isSystemUser = true;
uid = nextcloudUid;
};
containers.nextcloud = {
@ -85,6 +96,8 @@ in {
config = { config, pkgs, lib, ... }: {
users.users.nextcloud.uid = nextcloudUid;
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
@ -93,10 +106,12 @@ in {
recommendedTlsSettings = lib.mkDefault true;
# for graylog logging
commonHttpConfig = let
commonHttpConfig =
let
access_log_sink = "${hostAddress}:12304";
error_log_sink = "${hostAddress}:12305";
in ''
in
''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"facility": "nginx", '
'"src_addr": "$remote_addr", '

12
nixos/configs/workhorse/transmission.nix
View file

@ -1,10 +1,16 @@
{ pkgs, ... }:
{ pkgs, config, ... }:
let
hostAddress = "192.168.100.30";
containerAddress = "192.168.100.31";
in {
in
{
#users.users.transmission = {
# isSystemUser = true;
# uid = config.ids.uids.transmission;
#};
sops.secrets.nordvpn = { };
@ -185,7 +191,7 @@ in {
remote-cert-tls server
auth-user-pass /run/secrets/nordvpn.txt
auth-user-pass /run/secrets/nordvpn
verb 3
pull

3
nixos/configs/workout/lan.nix
View file

@ -5,7 +5,8 @@ let
ipAddress = "10.1.0.1";
prefixLength = 24;
in {
in
{
networking.extraHosts = ''
10.1.0.1 workout.lan

6
nixos/configs/workout/packages.nix
View file

@ -4,8 +4,10 @@
nixpkgs.overlays = [ (import <mozilla-overlay/rust-overlay.nix>) ];
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz") {
nur = import
(builtins.fetchTarball
"https://github.com/nix-community/NUR/archive/master.tar.gz")
{
inherit pkgs;
};
};

101
nixos/flake.lock
View file

@ -199,6 +199,28 @@
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"nixpkgs-fmt",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1631067971,
"narHash": "sha256-z+qlJaCaw/OAoFGdzm0nDKkjRdCwstHzduF74nMn3bY=",
"owner": "nix-community",
"repo": "fenix",
"rev": "0771140f0a6a6622c509fb2d6d2c87f0bfda703d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "fenix",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1623875721,
@ -215,6 +237,21 @@
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1629481132,
"narHash": "sha256-JHgasjPR0/J1J3DRm4KxM4zTyAj4IOJY8vIl75v/kPI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "997f7efcb746a9c140ce1f13c72263189225f482",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
@ -286,6 +323,27 @@
"url": "https://git.ingolf-wagner.de/nix-modules/krops.git"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
"nixpkgs-fmt",
"nixpkgs"
]
},
"locked": {
"lastModified": 1631004250,
"narHash": "sha256-LGh0CjAZwh13AVkTi9w9lITEC7x6bwSQyFViOZ6HyNo=",
"owner": "nmattia",
"repo": "naersk",
"rev": "08afb3d1dbfe016108b72e05b02ba0f6ecb3c8e1",
"type": "github"
},
"original": {
"owner": "nmattia",
"repo": "naersk",
"type": "github"
}
},
"nix-straight": {
"flake": false,
"locked": {
@ -319,6 +377,29 @@
"type": "github"
}
},
"nixpkgs-fmt": {
"inputs": {
"fenix": "fenix",
"flake-utils": "flake-utils_2",
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1631557044,
"narHash": "sha256-5VPeqRvNhRxTv07NSvxQSXvtuGnrjWmmwss0PGhFzTI=",
"owner": "nix-community",
"repo": "nixpkgs-fmt",
"rev": "c7f66ec1b969ed118231fdf7f596c5ed2c2cfe49",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs-fmt",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1634782485,
@ -463,7 +544,7 @@
},
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
@ -505,6 +586,7 @@
"home-manager-utils": "home-manager-utils",
"krops-lib": "krops-lib",
"nixpkgs": "nixpkgs",
"nixpkgs-fmt": "nixpkgs-fmt",
"nixpkgs-unstable": "nixpkgs-unstable",
"polygon-art": "polygon-art",
"sops-nix": "sops-nix"
@ -526,6 +608,23 @@
"type": "github"
}
},
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1630943734,
"narHash": "sha256-jqgAKhvrVDEkv8HB56hVIgvMDuuQ7X4D2zE9ATV+baI=",
"owner": "rust-analyzer",
"repo": "rust-analyzer",
"rev": "3dae94bf2b3e496adb049da589c7efef272a39b8",
"type": "github"
},
"original": {
"owner": "rust-analyzer",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3"

31
nixos/flake.nix
View file

@ -33,11 +33,27 @@
"git+https://git.ingolf-wagner.de/nix-modules/cluster.git?rev=ef621797a30f8a57de16bf33672abdd411cbcece";
flake = false;
};
nixpkgs-fmt = {
url = "github:nix-community/nixpkgs-fmt";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, sops-nix, nixpkgs, home-manager, home-manager-utils
, doom-emacs-nix, backup-module, nixpkgs-unstable, krops-lib, cluster-module
, polygon-art, ... }:
outputs =
{ self
, sops-nix
, nixpkgs
, home-manager
, home-manager-utils
, doom-emacs-nix
, backup-module
, nixpkgs-unstable
, krops-lib
, cluster-module
, polygon-art
, nixpkgs-fmt
, ...
}:
let
nixosSystem = nixpkgs.lib.nixosSystem;
@ -70,13 +86,13 @@
}
];
desktopModules = [
home-manager.nixosModules.home-manager
{
home-manager.users.mainUser = {
imports = [ doom-emacs-nix.hmModule home-manager-utils.hmModule ];
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
environment.systemPackages = [
nixpkgs-fmt.defaultPackage."x86_64-linux"
];
}
];
desktopConfiguration = initPath:
@ -89,7 +105,8 @@
system = "x86_64-linux";
modules = defaultModules ++ [ initPath ];
};
in {
in
{
nixosConfigurations = {
sterni = desktopConfiguration ./configs/sterni/configuration.nix;
sternchen = desktopConfiguration ./configs/sternchien/configuration.nix;

14
nixos/krops.nix
View file

@ -5,8 +5,9 @@ let
command = targetPath:
let
commandLine =
"TMPDIR=/tmp nixos-rebuild build --flake ${targetPath} -L --keep-going";
in ''
"TMPDIR=/tmp nixos-rebuild test --flake ${targetPath} -L --keep-going";
in
''
echo '${commandLine}'
nix-shell \
-E "with import <nixpkgs> {}; mkShell { buildInputs = [ git (nixos { nix.package = nixFlakes; }).nixos-rebuild ]; }" \
@ -64,7 +65,8 @@ let
target = lib.mkTarget "root@${host}/var/krops";
inherit command;
};
in {
in
{
"${name}" = pkgs.writers.writeBashBin name ''
echo "deploy system"
${system}/bin/system
@ -89,7 +91,8 @@ let
force = true;
target = lib.mkTarget "root@${host}/etc/NetworkManager";
};
in {
in
{
"${name}" = pkgs.writers.writeBashBin "${name}-all" ''
echo "deploy network secerts"
${network}/bin/secrets
@ -98,7 +101,8 @@ let
'';
};
in (desktop {
in
(desktop {
name = "sterni";
host = "sterni.private";
}) // (desktop {

7
nixos/library/default.nix
View file

@ -1,7 +1,10 @@
{ pkgs, lib, ... }: {
desktopFile = bin:
{ comment ? "No Comment", longName ? "Script"
, command ? "${bin}/bin/${bin.name}", ... }:
{ comment ? "No Comment"
, longName ? "Script"
, command ? "${bin}/bin/${bin.name}"
, ...
}:
pkgs.writeTextFile {
name = "${bin.name}.desktop";
destination = "/share/applications/${bin.name}.desktop";

31
nixos/library/jenkins.nix
View file

@ -7,41 +7,51 @@ with builtins;
{
# source container url and credentialsId
job = name:
{ url, credentialsId, branch ? "master",
# https://docs.openstack.org/infra/jenkins-job-builder/triggers.html
{ url
, credentialsId
, branch ? "master"
, # https://docs.openstack.org/infra/jenkins-job-builder/triggers.html
triggers ? [{
pollscm = {
cron = "H/30 * * * *";
ignore-post-commit-hooks = true;
};
}], ... }:
}]
, ...
}:
config: {
job = {
inherit name triggers;
sandbox = true;
project-type = "pipeline";
dsl = let
dsl =
let
stage = elem:
let
stageName = head (attrNames elem);
stateScripts = map (stage:
stateScripts = map
(stage:
lib.getAttr (typeOf stage) {
string = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage}'
}'';
set = let
set =
let
script = ''
withEnv(['PATH=/run/current-system/sw/bin/','NIX_PATH=/var/src/']) {
sh '${toString stage.script}'
}
'';
in if (stage.credentialsId != null) then ''
in
if (stage.credentialsId != null) then ''
sshagent(['${stage.credentialsId}']) { ${script} }
'' else
script;
}) (getAttr stageName elem);
in ''
})
(getAttr stageName elem);
in
''
stage('${stageName}') {
steps {
${concatStringsSep "\n" stateScripts}
@ -49,7 +59,8 @@ with builtins;
}
'';
stages = map stage config;
in ''
in
''
pipeline {
agent any
post {

47
nixos/modules/programs/browser.nix
View file

@ -45,7 +45,8 @@ let
backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock";
in pkgs.writeShellScriptBin "${name}-clean" # sh
in
pkgs.writeShellScriptBin "${name}-clean" # sh
''
sudo killall -9 -u ${name}
sudo rm -f ${lockFile}
@ -57,7 +58,8 @@ let
backupFile = "${homeBackup}.tar.lzma";
rolloutFile = "${home}.tar.lzma";
lockFile = "${home}-lock";
in pkgs.writeShellScriptBin "${name}" # sh
in
pkgs.writeShellScriptBin "${name}" # sh
''
# set -x
if [[ ! -e ${lockFile} ]]
@ -81,23 +83,27 @@ let
sudo -u ${user} ${browser}
'';
browserExecutableList = let
browserExecutableList =
let
allBrowser = flip mapAttrsToList cfg.configList (name: config:
let
browser = if config.browserType == "chrome" then
browser =
if config.browserType == "chrome" then
''${chromiumBin} "$@"''
else if config.browserType == "google" then
''${chromeBin} "$@"''
else
''${firefoxBin} "$@"'';
in createBrowser name config.user browser config.home config.homeBackup);
in
createBrowser name config.user browser config.home config.homeBackup);
xclipBrowser = [
(pkgs.writeShellScriptBin "copy-to-xclip" # sh
''
echo "$*" | ${pkgs.xclip}/bin/xclip
'')
];
in allBrowser ++ xclipBrowser;
in
allBrowser ++ xclipBrowser;
createBackupScript = name: home: backupHome:
pkgs.writeShellScriptBin "${name}-backup" # sh
@ -116,19 +122,25 @@ let
cp ${home}.tar.lzma ${backupHome}.tar.lzma
'';
allBackupScripts = let
allBackupScripts =
let
filteredConfigs =
filterAttrs (name: browserConfig: browserConfig.homeBackup != null)
cfg.configList;
in mapAttrsToList (name: browserConfig:
in
mapAttrsToList
(name: browserConfig:
createBackupScript name browserConfig.home browserConfig.homeBackup)
filteredConfigs;
allCleanScripts = let
allCleanScripts =
let
filteredConfigs =
filterAttrs (name: browserConfig: browserConfig.homeBackup != null)
cfg.configList;
in mapAttrsToList (name: browserConfig:
in
mapAttrsToList
(name: browserConfig:
cleanBrowser name name browserConfig.home browserConfig.homeBackup)
filteredConfigs;
@ -153,7 +165,8 @@ let
$BIN "$@"
'';
in {
in
{
options.programs.custom.browser = {
enable = mkEnableOption "enable browsers";
@ -214,9 +227,11 @@ in {
config = mkIf cfg.enable {
# add sudo rights
security.sudo.extraConfig = let
security.sudo.extraConfig =
let
extraRules = flip mapAttrsToList cfg.configList (name: values:
concatStringsSep "" (map (sudoUser: ''
concatStringsSep "" (map
(sudoUser: ''
# sudo configuration to control browser
${sudoUser} ALL=(${values.user}) NOPASSWD: ALL
${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/mkdir -p ${values.home}
@ -224,8 +239,10 @@ in {
${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/killall -9 -u ${name}
${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -rf ${values.home}
${sudoUser} ALL=(root) NOPASSWD: /run/current-system/sw/bin/rm -f ${values.home}-lock
'') values.sudoUsers));
in lib.concatStringsSep "\n" extraRules;
'')
values.sudoUsers));
in
lib.concatStringsSep "\n" extraRules;
# create users
users.users = flip mapAttrs cfg.configList (name: config: {

3
nixos/modules/programs/citate.nix
View file

@ -19,7 +19,8 @@ let
scriptAxel = citateScript (toString ../../assets/sprueche-axel) "axel";
scriptSiw = citateScript (toString ../../assets/sprueche-siw) "siw";
in {
in
{
options.programs.custom.citate = {
enable = mkEnableOption "enable programs.custom.citate";

3
nixos/modules/programs/curl-scripts.nix
View file

@ -18,7 +18,8 @@ let
cfg = config.programs.custom.curlScripts;
in {
in
{
options.programs.custom.curlScripts.enable =
mkEnableOption "enable curl scripts";

3
nixos/modules/programs/easytag.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.easytag;
in {
in
{
options.programs.custom.easytag.enable =
mkEnableOption "install easytag with dependencies";

3
nixos/modules/programs/elm.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.elm;
in {
in
{
options.programs.custom.elm.enable = mkEnableOption "enable elm stack";

3
nixos/modules/programs/espeak.nix
View file

@ -36,7 +36,8 @@ let
cfg = config.programs.custom.espeak;
in {
in
{
options.programs.custom.espeak.enable =
mkEnableOption "enable espeak scripts";

24
nixos/modules/programs/ffmpeg.nix
View file

@ -5,8 +5,13 @@ let
cfg = config.programs.custom.ffmpeg;
ffmpegTemplate = name:
{ profile, preset, tune ? null, width ? 1280, height ? 720
, resolution ? "720p" }:
{ profile
, preset
, tune ? null
, width ? 1280
, height ? 720
, resolution ? "720p"
}:
pkgs.writeShellScriptBin "ffmpeg-${name}" ''
if [ $# -eq 0 ]
@ -99,7 +104,8 @@ let
];
tunes = [ "film" "animation" "grain" "stillimage" "fastdecode" ];
ffmpegs = let
ffmpegs =
let
configurations = lib.cartesianProductOfSets {
profile = profiles;
@ -116,9 +122,11 @@ let
width = 1920;
resolution = "1080p";
};
in (map p720 configurations) ++ (map p1080 configurations);
in
(map p720 configurations) ++ (map p1080 configurations);
ffmpegsTune = let
ffmpegsTune =
let
configurations = lib.cartesianProductOfSets {
profile = profiles;
preset = presets;
@ -138,9 +146,11 @@ let
resolution = "1080p";
};
in (map p720 configurations) ++ (map p1080 configurations);
in
(map p720 configurations) ++ (map p1080 configurations);
in {
in
{
options.programs.custom.ffmpeg = {
enable = mkEnableOption "enable programs.custom.ffmpeg";

3
nixos/modules/programs/git.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.git;
in {
in
{
options.programs.custom.git.enable =
mkEnableOption "install git and all its tools";

3
nixos/modules/programs/shell-tools.nix
View file

@ -29,7 +29,8 @@ let
cfg = config.programs.custom.shellTools;
in {
in
{
options.programs.custom.shellTools.enable =
mkEnableOption "enable shell tools";

3
nixos/modules/programs/shell-zsh.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.zsh;
in {
in
{
options.programs.custom.zsh = {
enable = mkEnableOption "enable zsh";

15
nixos/modules/programs/slack.nix
View file

@ -14,10 +14,12 @@ let
# ---------------------------
command = "${pkgs.slack}/bin/slack";
desktopFile = let
desktopFile =
let
name = program;
comment = "Chat Programm";
in pkgs.writeTextFile {
in
pkgs.writeTextFile {
name = "${name}.desktop";
destination = "/share/applications/${name}.desktop";
text = ''
@ -35,11 +37,13 @@ let
# the script
# ----------
bin = let
bin =
let
backupFile = "${cfg.homeBackup}.tar.lzma";
rolloutFile = "${cfg.home}.tar.lzma";
lockFile = "${cfg.home}-lock";
in pkgs.writeShellScriptBin "${program}" ''
in
pkgs.writeShellScriptBin "${program}" ''
# set -x
if [[ ! -e ${lockFile} ]]
then
@ -75,7 +79,8 @@ let
cfg = config.programs.custom.slack;
in {
in
{
options.programs.custom.slack = {
enable = mkEnableOption "install slack";

3
nixos/modules/programs/steam.nix
View file

@ -14,7 +14,8 @@ let
cfg = config.programs.custom.steam;
in {
in
{
options.programs.custom.steam.enable = mkEnableOption "enable steam";

3
nixos/modules/programs/taskwarrior.nix
View file

@ -34,7 +34,8 @@ let
});
#vit = pkgs.vit;
in {
in
{
options.programs.custom.taskwarrior.enable =
mkEnableOption "Enable Taskwarrior services";

18
nixos/modules/programs/urxvt.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.urxvt;
in {
in
{
options.programs.custom.urxvt = {
@ -63,7 +64,8 @@ in {
URxvt.fading: 0
'';
"X11/Xresource.d/urxvt-font".source = let
"X11/Xresource.d/urxvt-font".source =
let
fontFamily = "terminus";
normalFont = fontSize:
"-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
@ -80,7 +82,8 @@ in {
}\007\033]711;${boldFont fontSize},${backupFont fontSize}\007
'';
in pkgs.writeText "Xresource-urxvt-font" ''
in
pkgs.writeText "Xresource-urxvt-font" ''
URxvt.allow_bold: true
URxvt.xftAntialias: true
@ -110,8 +113,10 @@ in {
${fontCommand "F4" (cfg.fontSize + 20)}
'';
"X11/Xresource.d/urxvt-colors".source = let
colorTheme = if (cfg.colorTheme == "dark") then ''
"X11/Xresource.d/urxvt-colors".source =
let
colorTheme =
if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
@ -131,7 +136,8 @@ in {
#define S_base3 #002b36
'';
in pkgs.writeText "Xresource-urxvt-colors" ''
in
pkgs.writeText "Xresource-urxvt-colors" ''
!! Common
!! ------

9
nixos/modules/programs/video.nix
View file

@ -9,7 +9,8 @@ let
# show keyboard input on desktop for screencasts
screenKey = pkgs.symlinkJoin {
name = "screen-keys";
paths = let
paths =
let
screenKeyScript = { position ? "bottom", size ? "small", ... }:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
''
@ -21,12 +22,14 @@ let
-s ${size} \
"$@"
'';
in lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
in
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
lib.flip map [ "top" "center" "bottom" ]
(position: screenKeyScript { inherit size position; })));
};
in {
in
{
options.programs.custom.video.enable = mkEnableOption "enable video tools";

3
nixos/modules/programs/vim.nix
View file

@ -200,7 +200,8 @@ let
'';
in {
in
{
# no options
options.programs.custom.vim.enable = lib.mkEnableOption "vim";

18
nixos/modules/programs/xterm.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.programs.custom.xterm;
in {
in
{
options.programs.custom.xterm = {
enable = mkEnableOption "configure and enable urxvt";
@ -41,7 +42,8 @@ in {
'';
"X11/Xresource.d/xterm-font".source = let
"X11/Xresource.d/xterm-font".source =
let
fontFamily = "terminus";
normalFont = fontSize:
"-*-${fontFamily}-medium-*-*-*-${toString fontSize}-*-*-*-*-*-*-*";
@ -51,7 +53,8 @@ in {
itallicBoldFont = boldFont;
backupFont = fontSize:
"xft:TerminessTTF Nerd Font:pixelsize=${toString fontSize}";
in pkgs.writeText "Xresource-xterm-font" ''
in
pkgs.writeText "Xresource-xterm-font" ''
XTerm.allow_bold: true
XTerm.xftAntialias: true
@ -76,8 +79,10 @@ in {
XTerm.*.bolditalicFont: ${itallicBoldFont cfg.fontSize}
'';
"X11/Xresource.d/xterm-colors".source = let
colorTheme = if (cfg.colorTheme == "dark") then ''
"X11/Xresource.d/xterm-colors".source =
let
colorTheme =
if (cfg.colorTheme == "dark") then ''
#define S_base03 #002b36
#define S_base02 #073642
#define S_base01 #586e75
@ -98,7 +103,8 @@ in {
#define S_base3 #002b36
'';
in pkgs.writeText "Xresource-xterm-colors" ''
in
pkgs.writeText "Xresource-xterm-colors" ''
!! Color Configuration
!! -------------------

27
nixos/modules/services/castget.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.custom.services.castget;
in {
in
{
options.custom.services.castget = {
enable = mkEnableOption "enable custom.services.castget";
@ -67,23 +68,31 @@ in {
restartIfChanged = false;
serviceConfig.User = cfg.user;
preStart = let
preStart =
let
mkSpools =
mapAttrsToList (ignore: value: "mkdir -p ${value.spool}") cfg.feeds;
in concatStringsSep "\n" mkSpools;
script = let
in
concatStringsSep "\n" mkSpools;
script =
let
channels = mapAttrsToList (key: ignore: key) cfg.feeds;
castget = "${pkgs.castget}/bin/castget";
configurationFile = let
configurations = mapAttrsToList (key: value: ''
configurationFile =
let
configurations = mapAttrsToList
(key: value: ''
[${key}]
url=${value.url}
spool=${value.spool}
'') cfg.feeds;
in (pkgs.writeText "castget-configuration"
'')
cfg.feeds;
in
(pkgs.writeText "castget-configuration"
(concatStringsSep "" configurations));
in (concatMapStringsSep "\n"
in
(concatMapStringsSep "\n"
(channel: "${castget} --rcfile ${configurationFile} ${channel}")
channels);
};

9
nixos/modules/services/home-assistant.nix
View file

@ -11,7 +11,8 @@ let
inherit example description default;
type = with lib.types;
let
valueType = nullOr (oneOf [
valueType = nullOr
(oneOf [
bool
int
float
@ -22,10 +23,12 @@ let
description = "";
emptyValue.value = { };
};
in valueType;
in
valueType;
};
in {
in
{
options.services.homeAssistantConfig = mkMagicMergeOption {
description = ''

9
nixos/modules/services/lektor.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.services.lektor;
in {
in
{
options.services.lektor = {
enable = mkEnableOption "enable services.lektor";
@ -107,7 +108,8 @@ in {
TimeoutStartSec =
"infinity"; # it might take some time will this thing is up
ExecStartPre = let
ExecStartPre =
let
sshKeyTarget = "/run/keys.lektor/id_rsa";
@ -157,7 +159,8 @@ in {
${pkgs.git}/bin/git clone ${cfg.repository} ~/${cfg.user}
'';
in [ "+${sshKeyScript}" "-${cloneScript}" ];
in
[ "+${sshKeyScript}" "-${cloneScript}" ];
};
# todo : add restart ruling

9
nixos/modules/services/light-control.nix
View file

@ -11,7 +11,8 @@ let
inherit example description default;
type = with lib.types;
let
valueType = nullOr (oneOf [
valueType = nullOr
(oneOf [
bool
int
float
@ -22,13 +23,15 @@ let
description = "";
emptyValue.value = { };
};
in valueType;
in
valueType;
};
lightControlConfig =
pkgs.writeText "light-control.json" (builtins.toJSON cfg.config);
in {
in
{
options.services.mqtt.light-control = {
enable = mkEnableOption "enable mqtt.light-control";

13
nixos/modules/services/samba-share.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.custom.samba-share;
in {
in
{
options.custom.samba-share = {
enable = mkEnableOption "enable custom.samba-share";
@ -61,7 +62,8 @@ in {
disable spoolss = yes
'';
shares = mapAttrs' (name: path: {
shares = mapAttrs'
(name: path: {
name = name;
value = {
browsable = "yes";
@ -70,7 +72,9 @@ in {
"read only" = "yes";
"guest ok" = "yes";
};
}) cfg.folders // (mapAttrs' (name:
})
cfg.folders // (mapAttrs'
(name:
{ users, folder, ... }: {
name = name;
value = {
@ -81,7 +85,8 @@ in {
"valid users" = users;
"guest ok" = "false";
};
}) cfg.private);
})
cfg.private);
};
users.users.smbguest = {

9
nixos/modules/services/sshd.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.services.custom.ssh;
in {
in
{
options.services.custom.ssh = {
tools.enable = mkEnableOption "Add ssh tools";
@ -44,11 +45,13 @@ in {
Banner /etc/sshd/banner-line
'';
environment.etc."sshd/banner-line".text = let
environment.etc."sshd/banner-line".text =
let
text = config.networking.hostName;
size = 80 - (lib.stringLength text);
space = lib.fixedWidthString size " " "";
in ''
in
''
${space}${text}
'';

3
nixos/modules/services/taskwarrior-pushover.nix
View file

@ -55,7 +55,8 @@ in
DynamicUser = true;
StateDirectory = name;
};
script = let
script =
let
taskwarriorCommand = pkgs.writers.writeDash "taskwarrior-push" ''
${pkgs.taskwarrior}/bin/task \
rc.recurrence=${cfg.recurrence} \

12
nixos/modules/services/videoencoder.nix
View file

@ -30,7 +30,8 @@ let
fi
'';
in {
in
{
options.service.videoencoder = {
enable = mkEnableOption "enable service.videoencoder";
@ -91,11 +92,14 @@ in {
systemd.services."videoEncoding" = {
wantedBy = [ "multi-user.target" ];
enable = true;
script = let
myList = map (value:
script =
let
myList = map
(value:
createEncoder "/tmp/videoencoder" value.inputFile value.outputFile)
cfg.fileConfig;
in ''
in
''
set -x
${concatStringsSep "\n" myList}
'';

3
nixos/modules/system/audio.nix
View file

@ -41,7 +41,8 @@ let
cfg = config.system.custom.audio;
in {
in
{
options.system.custom.audio = {
enable = mkEnableOption "use PluseAudio";

3
nixos/modules/system/bluetooth.nix
View file

@ -4,7 +4,8 @@ let
cfg = config.system.custom.bluetooth;
in {
in
{
options.system.custom.bluetooth.enable =
lib.mkEnableOption "enable bluetooth support";

3
nixos/modules/system/font.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.system.custom.fonts;
in {
in
{
options.system.custom.fonts = {
enable = mkEnableOption "enable fonts";

6
nixos/modules/system/mainUser.nix
View file

@ -9,12 +9,14 @@ let
dockerGroup =
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then
vboxGroup =
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
in {
in
{
options.system.custom.mainUser = {

3
nixos/modules/system/on-failure.nix
View file

@ -55,7 +55,8 @@ let
${cfg.url}
'';
in {
in
{
options.on-failure = api;

12
nixos/modules/system/permown.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.system.permown;
nameGenerator = path: "permown.${replaceStrings [ "/" ] [ "_" ] path}";
in {
in
{
options.system.permown = mkOption {
default = { };
@ -45,15 +46,18 @@ in {
}));
};
config = let plans = lib.attrValues cfg;
config =
let plans = lib.attrValues cfg;
in mkIf (plans != [ ]) {
system.activationScripts.permown = let
system.activationScripts.permown =
let
mkdir = { path, ... }: ''
${pkgs.coreutils}/bin/mkdir -p ${path}
'';
in concatMapStrings mkdir plans;
in
concatMapStrings mkdir plans;
systemd.services = listToAttrs (flip map plans
({ path, directory-mode, file-mode, owner, group, umask, ... }: {

3
nixos/modules/system/wifi.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.system.custom.wifi;
in {
in
{
options.system.custom.wifi = {
enable = mkEnableOption "enable wifi";

3
nixos/modules/system/x11.nix
View file

@ -6,7 +6,8 @@ let
cfg = config.system.custom.x11;
in {
in
{
options.system.custom.x11 = {
enable = mkEnableOption "enable x11";

3
nixos/pkgs/bitwig-studio/bitwig-studio-environment.nix
View file

@ -12,7 +12,8 @@ let
# function call
# -------------
in (pkgs.buildFHSUserEnv {
in
(pkgs.buildFHSUserEnv {
# name of the programm
# --------------------

27
nixos/pkgs/bitwig-studio/bitwig-studio1.nix
View file

@ -1,6 +1,27 @@
{ stdenv, fetchurl, alsaLib, bzip2, cairo, dpkg, freetype, gdk_pixbuf, glib
, gtk2, harfbuzz, jdk, lib, xorg, libbsd, libjack2, libpng, libxkbcommon
, makeWrapper, pixman, xdg_utils, zenity, zlib }:
{ stdenv
, fetchurl
, alsaLib
, bzip2
, cairo
, dpkg
, freetype
, gdk_pixbuf
, glib
, gtk2
, harfbuzz
, jdk
, lib
, xorg
, libbsd
, libjack2
, libpng
, libxkbcommon
, makeWrapper
, pixman
, xdg_utils
, zenity
, zlib
}:
stdenv.mkDerivation rec {
name = "bitwig-studio-${version}";

3
nixos/pkgs/emoji/default.nix
View file

@ -42,7 +42,8 @@ let
@}-,-`- | rose
'';
in writeShellScriptBin "emoticons" ''
in
writeShellScriptBin "emoticons" ''
set -efu
data=$(${coreutils}/bin/cat ${emoticons})

6
nixos/pkgs/gitlog2json/default.nix
View file

@ -1,9 +1,11 @@
{ pkgs, lib, ... }:
pkgs.writers.writePython3Bin "gitlog2json" {
pkgs.writers.writePython3Bin "gitlog2json"
{
libraries = [
pkgs.python3Packages.GitPython
pkgs.python3Packages.click
pkgs.python3Packages.elasticsearch
];
} (lib.fileContents ./gitlog2json.py)
}
(lib.fileContents ./gitlog2json.py)

9
nixos/pkgs/landingpage/default.nix
View file

@ -1,5 +1,10 @@
{ lib, writeTextFile, jsonConfig ? { }, title ? "Landing Page"
, destination ? "/index.html", ... }:
{ lib
, writeTextFile
, jsonConfig ? { }
, title ? "Landing Page"
, destination ? "/index.html"
, ...
}:
with lib;

14
nixos/pkgs/otpmenu/default.nix
View file

@ -1,5 +1,12 @@
{ lib, symlinkJoin, rofi, gnused, pass-otp, writeTextFile, writeShellScriptBin
, xdotool }:
{ lib
, symlinkJoin
, rofi
, gnused
, pass-otp
, writeTextFile
, writeShellScriptBin
, xdotool
}:
let
@ -36,7 +43,8 @@ let
printf %s "$otp" | ${xdotool}/bin/xdotool type -f -
'';
in symlinkJoin rec {
in
symlinkJoin rec {
version = "1.0.0";
name = "otpMenu-${version}";
paths = [ bin desktopFile ];

38
nixos/pkgs/q/default.nix
View file

@ -1,14 +1,24 @@
{ pkgs, lib
{ pkgs
, lib
# tzselect is your frind do find timezones
, timeZones ? [ ], timeColor ? 9, timeZoneColor ? 10, calBackgroundColor ? 10
, calWeekColor ? 13, calDayColor ? 9, enableIntelBacklight ? true
, userHighlight ? [ "palo" ], enableBattery ? true, ... }:
, timeZones ? [ ]
, timeColor ? 9
, timeZoneColor ? 10
, calBackgroundColor ? 10
, calWeekColor ? 13
, calDayColor ? 9
, enableIntelBacklight ? true
, userHighlight ? [ "palo" ]
, enableBattery ? true
, ...
}:
let
hrule = "${pkgs.terminal-tools}/bin/hrule";
q-cal = let
q-cal =
let
# Maximum width of cal's output.
calwidth = 23;
@ -48,7 +58,8 @@ let
}m&/
"
}'';
in ''
in
''
cols=$(${pkgs.ncurses}/bin/tput cols)
${pkgs.coreutils}/bin/paste \
<(if test $cols -ge ${toString (need_width 3)}; then
@ -88,13 +99,15 @@ let
comment = lib.optionalString (zone != null)
" : ${lib.fixedWidthString size " " zone}";
# sh
in ''
in
''
${timeZoneVariable} ${pkgs.coreutils}/bin/date ${
dateString comment
} | ${pkgs.terminal-tools}/bin/center
'';
q-timeZoneDates = if timeZones == [ ] then
q-timeZoneDates =
if timeZones == [ ] then
q-timeZoneDate 0 null
else
let size = lib.foldr lib.max 0 (map builtins.stringLength timeZones);
@ -116,7 +129,8 @@ let
'
'';
q-power_supply = let
q-power_supply =
let
power_supply = pkgs.writers.writeBash "power_supply" ''
set -efu
uevent=$1
@ -249,7 +263,8 @@ let
}
'
'';
in ''
in
''
for uevent in /sys/class/power_supply/*/uevent; do
${power_supply} "$uevent" || :
done
@ -323,7 +338,8 @@ let
'';
# bash needed for <(...)
in pkgs.writers.writeBashBin "q" ''
in
pkgs.writers.writeBashBin "q" ''
set -eu
export PATH=/var/empty
${hrule}

3
nixos/pkgs/sononym-crawler/default.nix
View file

@ -32,7 +32,8 @@ let
};
in (pkgs.buildFHSUserEnv {
in
(pkgs.buildFHSUserEnv {
# name it
# -------

3
nixos/pkgs/sononym/default.nix
View file

@ -32,7 +32,8 @@ let
};
in (pkgs.buildFHSUserEnv {
in
(pkgs.buildFHSUserEnv {
# name it
# -------

12
nixos/system/all/borg-jobs.nix
View file

@ -20,7 +20,8 @@
};
};
config = let
config =
let
servers = [
{
@ -59,18 +60,21 @@
};
in {
in
{
sops.secrets.backup_repository_passphrase = { };
sops.secrets.backup_ssh_rsa_private = { };
services.borgbackup.jobs = let
services.borgbackup.jobs =
let
setups = map ({ name, host }: { "${name}" = setup host; }) servers;
setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups;
nonEmptySetups =
lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0)
setupAttrs;
in nonEmptySetups;
in
nonEmptySetups;
};

10
nixos/system/all/borg-scripts.nix
View file

@ -1,6 +1,7 @@
{ pkgs, lib, ... }: {
environment.systemPackages = let
environment.systemPackages =
let
createScript = command: host: repository:
pkgs.writers.writeBashBin
"borg-${command}-on-${host}-for-${repository}" ''
@ -12,9 +13,12 @@
hosts = [ "workhorse" "pepe" ];
repositories = [ "workhorse" "pepe" "sterni" "workout" ];
commands = [ "list" ];
in lib.flatten (map (command:
in
lib.flatten (map
(command:
map
(host: map (repository: createScript command host repository) repositories)
hosts) commands);
hosts)
commands);
}

3
nixos/system/all/grub.nix
View file

@ -5,7 +5,8 @@ let
rev = "fe27cbc99e994d50bb4269a9388e3f7d60492ffa";
sha256 = "1z8zc4k2mh8d56ipql8vfljvdjczrrna5ckgzjsdyrndfkwv8ghw";
};
in {
in
{
boot.loader.grub.extraConfig = ''
set theme=($drive1)//themes/fallout-grub-theme/theme.txt

6
nixos/system/all/networking-qos.nix
View file

@ -26,7 +26,8 @@
};
};
config = let
config =
let
kbits = number:
import (pkgs.runCommand "round-${toString number}" { }
''awk 'BEGIN{printf "\"%ikbit\"", ${toString number}}' > $out'');
@ -42,7 +43,8 @@
lib.mapAttrsToList (name: configuration: toString configuration.port)
config.module.cluster.services.tinc;
in {
in
{
# https://firehol.org/tutorial/fireqos-new-user/
services.fireqos.enable = config.configuration.fireqos.enable;

12
nixos/system/all/nginx-landingpage.nix
View file

@ -228,21 +228,25 @@
}
{
text = "Syncthings";
items = map ({ name, host ? "${name}.private", ... }: {
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:8384/";
image =
"https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
}) (map (name: { inherit name; }) (lib.attrNames
})
(map (name: { inherit name; }) (lib.attrNames
config.module.cluster.services.tinc."private".hosts));
}
{
text = "netdata";
items = map ({ name, host ? "${name}.private", ... }: {
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
}) (map (name: { inherit name; }) [
})
(map (name: { inherit name; }) [
"workhorse"
"porani"
"pepe"

3
nixos/system/all/nginx.nix
View file

@ -2,7 +2,8 @@
let
access_log_sink = "workhorse.private:12304";
error_log_sink = "workhorse.private:12305";
in {
in
{
security.acme.email = "contact@ingolf-wagner.de";
security.acme.acceptTerms = true;

9
nixos/system/all/packages.nix
View file

@ -29,14 +29,17 @@ let
EOF
'';
storepath = let
storepath =
let
dirname = "${pkgs.coreutils-full}/bin/dirname";
readlink = "${pkgs.coreutils-full}/bin/readlink";
in pkgs.writers.writeBashBin "storepath" ''
in
pkgs.writers.writeBashBin "storepath" ''
${dirname} $( ${readlink} $( type -p "$1" ) )
'';
in {
in
{
#imports = [ ./packages/llvm-config-dummy.nix ];

6
nixos/system/all/packages/llvm-config-dummy.nix
View file

@ -1,6 +1,7 @@
{ pkgs, config, lib, ... }:
with pkgs.lib; {
environment.systemPackages = let
environment.systemPackages =
let
llvm = pkgs.llvm;
llvm-config = pkgs.writers.writeBashBin "llvm-config" ''
while [[ $# -gt 0 ]]; do
@ -37,5 +38,6 @@ with pkgs.lib; {
shift
done
'';
in [ llvm-config ];
in
[ llvm-config ];
}

4
nixos/system/all/shell.nix
View file

@ -1,4 +1,2 @@
{ config, lib, ... }:
{
}
{ }

47
nixos/system/all/sshd-known-hosts-bootup.nix
View file

@ -3,38 +3,45 @@ with lib;
let
computers = {
workhorse = {
onionId = fileContents ../../private_assets/onion_id_workhorse;
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
};
porani = {
onionId = fileContents ../../private_assets/onion_id_porani;
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
};
#workhorse = {
# onionId = fileContents ../../private_assets/onion_id_workhorse;
# publicKey =
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
#};
#porani = {
# onionId = fileContents ../../private_assets/onion_id_porani;
# publicKey =
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
#};
};
in {
in
{
services.openssh.knownHosts = mapAttrs' (name:
services.openssh.knownHosts = mapAttrs'
(name:
{ onionId, publicKey, ... }: {
name = "${name}-init-ssh";
value = {
hostNames = [ onionId ];
inherit publicKey;
};
}) computers;
})
computers;
environment.systemPackages = let
environment.systemPackages =
let
ssh = mapAttrsToList (name:
ssh = mapAttrsToList
(name:
{ onionId, ... }:
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23
'') computers;
'')
computers;
password = mapAttrsToList (name:
password = mapAttrsToList
(name:
{ onionId, ... }:
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '
@ -42,8 +49,10 @@ in {
read password
echo "$password" > /crypt-ramfs/passphrase
'
'') computers;
'')
computers;
in ssh ++ password;
in
ssh ++ password;
}

6
nixos/system/all/syncthing.nix
View file

@ -5,7 +5,8 @@ with lib; {
guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
declarative = {
overrideDevices = true;
devices = let
devices =
let
device = name: id: {
"${name}" = {
name = name;
@ -14,7 +15,8 @@ with lib; {
[ "tcp://${name}.private:22000" "tcp://${name}.private:21027" ];
};
};
in (device "workhorse"
in
(device "workhorse"
"AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI")
// (device "pepe"
"SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG")

Some files were not shown because too many files have changed in this diff Show more