palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: palo:2bc86a4912a72188f1c1d9535d799570c6676155
Branches Tags
palo:main
palo:feature/bugwarrior3
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works
..
compare: palo:7a6510a4e65d6c3b5e0bc788e2f340612d288872
Branches Tags
palo:main
palo:feature/bugwarrior3
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works

2 commits
2bc86a4912 ... 7a6510a4e6

Author SHA1 Message Date
Ingolf Wagner
7a6510a4e6
nix fmt 2024-08-29 08:26:04 +07:00
Ingolf Wagner
200063fcb1
introduce treefmt-nix 2024-08-29 08:25:41 +07:00
200 changed files with 3451 additions and 2081 deletions
Show stats Expand all files Collapse all files

10
.forgejo/workflows/nix_build.yaml
View file

@ -1,18 +1,15 @@
name: Build all NixOS Configurations name: Build all NixOS Configurations
on: on:
push: push:
branches: branches:
- "**" - "**"
schedule: schedule:
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour - cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs: jobs:
nix build: nix build:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- name: update nix flakes - name: update nix flakes
if: ${{ github.event_name == 'schedule' }} if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes # we need to use our ssh key here because we need access to private flakes
@ -30,7 +27,6 @@ jobs:
echo $SSH_AGENT_PID echo $SSH_AGENT_PID
kill $SSH_AGENT_PID kill $SSH_AGENT_PID
rm .ssh_key rm .ssh_key
- name: nix flake archive/check - name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes # we need to use our ssh key here because we need access to private flakes
run: | run: |
@ -48,22 +44,16 @@ jobs:
echo $SSH_AGENT_PID echo $SSH_AGENT_PID
kill $SSH_AGENT_PID kill $SSH_AGENT_PID
rm .ssh_key rm .ssh_key
- name: nix build orbi - name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
- name: nix build cream - name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry - name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus - name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build usbstick - name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push - name: commit & push
if: ${{ github.event_name == 'schedule' }} if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch # only if all nix builds are fine we update our branch

7
components/chaospott.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

1
components/default.nix
View file

@ -14,5 +14,4 @@
./yubikey.nix ./yubikey.nix
]; ];
} }

7
components/gui/audio.nix
View file

@ -1,5 +1,10 @@
# TODO test `alsactl init` after suspend to reinit mic # TODO test `alsactl init` after suspend to reinit mic
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.audio.enable = mkOption { options.components.gui.audio.enable = mkOption {

7
components/gui/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {
options.components.gui = { options.components.gui = {

7
components/gui/home-manager/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {

25
components/gui/kmonad.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
options.components.gui.kmonad.enable = lib.mkOption { options.components.gui.kmonad.enable = lib.mkOption {
@ -79,9 +84,21 @@
in in
{ {
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ]; nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ]; "lctl"
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ]; "lmet"
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
}; };
}; };
}; };

7
components/gui/noti.nix
View file

@ -1,6 +1,11 @@
# notify me when a command is finished # notify me when a command is finished
# todo : secret managment is shit # todo : secret managment is shit
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.noti.enable = mkOption { options.components.gui.noti.enable = mkOption {

14
components/gui/pass.nix
View file

@ -1,11 +1,17 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
# desktop file # desktop file
# ------------ # ------------
# makes it possible to be used by other programs # makes it possible to be used by other programs
desktopFile = name: bin: desktopFile =
name: bin:
pkgs.writeTextFile { pkgs.writeTextFile {
name = "${name}.desktop"; name = "${name}.desktop";
destination = "/share/applications/${name}.desktop"; destination = "/share/applications/${name}.desktop";
@ -34,7 +40,9 @@ in
environment.systemPackages = [ environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ])) (pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator # todo : use upstream desktop file creator
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10") (desktopFile "passmenu" "${
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
pkgs.otpmenu pkgs.otpmenu

14
components/gui/steam.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.steam.enable = mkOption { options.components.gui.steam.enable = mkOption {
@ -22,7 +27,12 @@ with lib;
isSystemUser = true; isSystemUser = true;
home = "/home/steam"; home = "/home/steam";
createHome = true; createHome = true;
extraGroups = [ "audio" "input" "video" "pipewire" ]; extraGroups = [
"audio"
"input"
"video"
"pipewire"
];
group = "steam"; group = "steam";
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
}; };

17
components/gui/suspend.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.suspend.enable = mkOption { options.components.gui.suspend.enable = mkOption {
@ -13,13 +18,11 @@ with lib;
requiredBy = [ "sleep.target" ]; requiredBy = [ "sleep.target" ];
environment = environment =
let let
display = display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
if (config.services.xserver.display != null) then
config.services.xserver.display
else
0;
in in
{ DISPLAY = ":${toString display}"; }; {
DISPLAY = ":${toString display}";
};
script = '' script = ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
sleep 1 sleep 1

7
components/gui/vscode.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.vscode.enable = mkOption { options.components.gui.vscode.enable = mkOption {

7
components/gui/wayland.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {

8
components/gui/xorg/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
@ -78,4 +83,3 @@ with lib;
}; };
} }

7
components/gui/xorg/xlock.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
with lib; with lib;
let let

28
components/mainUser.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -6,15 +11,10 @@ let
cfg = config.components.mainUser; cfg = config.components.mainUser;
# todo : use optionalList # todo : use optionalList
dockerGroup = dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList # todo : use optionalList
vboxGroup = vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
in in
{ {
@ -73,8 +73,16 @@ in
uid = cfg.uid; uid = cfg.uid;
home = "/home/${cfg.userName}"; home = "/home/${cfg.userName}";
initialPassword = cfg.userName; initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ] extraGroups = [
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups; "wheel"
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles; openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name; group = config.users.groups.mainUser.name;
}; };

7
components/media/icecast.nix
View file

@ -4,7 +4,12 @@
# * connect via mixxx to it. # * connect via mixxx to it.
# * add the podcast to mpd in the same network # * add the podcast to mpd in the same network
# -------------------------------------------------- # --------------------------------------------------
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let

7
components/media/tts.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {

46
components/media/video.nix
View file

@ -1,10 +1,14 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
obs-cmd = pkgs.rustPlatform.buildRustPackage obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
rec {
pname = "obs-cmd"; pname = "obs-cmd";
version = "v0.15.2"; version = "v0.15.2";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
@ -53,7 +57,12 @@ let
name = "screen-keys"; name = "screen-keys";
paths = paths =
let let
screenKeyScript = { position ? "bottom", size ? "small", ... }: screenKeyScript =
{
position ? "bottom",
size ? "small",
...
}:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
'' ''
${pkgs.screenkey}/bin/screenkey \ ${pkgs.screenkey}/bin/screenkey \
@ -65,15 +74,29 @@ let
"$@" "$@"
''; '';
in in
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size: lib.flatten (
lib.flip map [ "top" "center" "bottom" ] lib.flip map
(position: screenKeyScript { inherit size position; }))); [
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
}; };
mpvReview = mpvReview =
let let
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" '' moveToDir =
key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}" tmp_dir = "${dir}"
function move_current_track_${key}() function move_current_track_${key}()
@ -110,7 +133,6 @@ in
config = mkIf (config.components.media.video.enable) { config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.obs-studio = { programs.obs-studio = {
@ -123,7 +145,6 @@ in
} }
]; ];
boot.kernelModules = [ "v4l2loopback" ]; boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -137,7 +158,6 @@ in
alphaSafe alphaSafe
sanitizeFolder sanitizeFolder
# obs studio stuff # obs studio stuff
obs-cli obs-cli
v4l-utils v4l-utils
@ -154,8 +174,6 @@ in
handbrake handbrake
ffmpeg-full ffmpeg-full
]; ];
}; };
} }

13
components/monitor/logs-promtail.nix
View file

@ -49,7 +49,15 @@ in
_end = ''{{ end }}''; _end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}"; elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}"; ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}"; createTemplateLine =
list:
"${
concatStrings (
imap0 (
index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement
) list
)
}${_end}";
in in
[ [
{ {
@ -117,8 +125,7 @@ in
} }
{ {
# Map facility to human readable # Map facility to human readable
template = template = {
{
source = "facility_label"; source = "facility_label";
template = createTemplateLine [ template = createTemplateLine [
"kern" # Kernel messages "kern" # Kernel messages

13
components/monitor/metrics-export-zfs.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -18,9 +23,11 @@ with types;
{ {
job_name = "zfs"; job_name = "zfs";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [{ static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ]; targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}]; }
];
} }
]; ];
service.pipelines.metrics.receivers = [ "prometheus" ]; service.pipelines.metrics.receivers = [ "prometheus" ];

7
components/monitor/metrics-netdata.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
with lib; with lib;
with types; with types;
{ {

11
components/monitor/metrics-telegraf.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -24,7 +29,9 @@ in
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}"; receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ]; service.pipelines.metrics.receivers = [ "influxdb" ];
}; };
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ]; services.telegraf.extraConfig.outputs.influxdb_v2.urls = [
"http://127.0.0.1:${toString cfg.influxDBPort}"
];
}) })
(mkIf config.components.monitor.telegraf.enable { (mkIf config.components.monitor.telegraf.enable {

55
components/monitor/opentelemetry.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -22,7 +27,10 @@ in
description = "endpoint to ship opentelementry data too"; description = "endpoint to ship opentelementry data too";
}; };
exporter.debug = mkOption { exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]); type = nullOr (enum [
"logs"
"metrics"
]);
default = null; default = null;
description = "enable debug exporter."; description = "enable debug exporter.";
}; };
@ -61,11 +69,13 @@ in
include = ".*"; include = ".*";
match_type = "regexp"; match_type = "regexp";
action = "update"; action = "update";
operations = [{ operations = [
{
action = "add_label"; action = "add_label";
new_label = "machine"; new_label = "machine";
new_value = config.networking.hostName; new_value = config.networking.hostName;
}]; }
];
} }
]; ];
}; };
@ -85,7 +95,6 @@ in
}; };
}) })
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) { (mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
exporters.debug = { exporters.debug = {
@ -111,24 +120,26 @@ in
}) })
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.exporter.endpoint != null && config.components.monitor.opentelemetry.exporter.endpoint != null
config.components.monitor.logs.enable && config.components.monitor.logs.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ]; service.pipelines.logs.exporters = [ "otlp" ];
}; };
}) }
)
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.exporter.endpoint != null && config.components.monitor.opentelemetry.exporter.endpoint != null
config.components.monitor.metrics.enable && config.components.monitor.metrics.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ]; service.pipelines.metrics.exporters = [ "otlp" ];
}; };
}) }
)
# ship from other instance # ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) { (mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
@ -138,26 +149,26 @@ in
}) })
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.receiver.endpoint != null && config.components.monitor.opentelemetry.receiver.endpoint != null
config.components.monitor.logs.enable && config.components.monitor.logs.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ]; service.pipelines.logs.receivers = [ "otlp" ];
}; };
}) }
)
(mkIf (mkIf
( (
config.components.monitor.opentelemetry.receiver.endpoint != null && config.components.monitor.opentelemetry.receiver.endpoint != null
config.components.monitor.metrics.enable && config.components.monitor.metrics.enable
) )
{ {
services.opentelemetry-collector.settings = { services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ]; service.pipelines.metrics.receivers = [ "otlp" ];
}; };
}) }
)
# scrape opentelemetry-colectors metrics # scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?) # todo: this should be collected another way (opentelemetry internal?)
@ -169,9 +180,11 @@ in
{ {
job_name = "otelcol"; job_name = "otelcol";
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [{ static_configs = [
{
targets = [ cfg.metrics.endpoint ]; targets = [ cfg.metrics.endpoint ];
}]; }
];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
source_labels = [ "__name__" ]; source_labels = [ "__name__" ];

59
components/network/nginx.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, assets, ... }: {
config,
lib,
pkgs,
assets,
...
}:
with lib; with lib;
{ {
options.components.network.nginx.enable = mkOption { options.components.network.nginx.enable = mkOption {
@ -16,8 +22,13 @@ with lib;
environment.systemPackages = [ environment.systemPackages = [
pkgs.nginx-config-formatter pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; } (pkgs.writers.writePython3Bin "nginx-show-config" {
(lib.fileContents "${assets}/nginx-show-config.py")) flakeIgnore = [
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
]; ];
security.acme.defaults.email = "contact@ingolf-wagner.de"; security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -85,7 +96,11 @@ with lib;
root = pkgs.landingpage.override { root = pkgs.landingpage.override {
jsonConfig = jsonConfig =
let let
entry = { machine, items ? [ ] }: entry =
{
machine,
items ? [ ],
}:
{ {
text = machine; text = machine;
items = [ items = [
@ -174,14 +189,12 @@ with lib;
{ {
label = "Hetzner Cloud"; label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects"; href = "https://console.hetzner.cloud/projects";
image = image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
} }
{ {
label = "Cups"; label = "Cups";
href = "http://localhost:631/"; href = "http://localhost:631/";
image = image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
} }
]; ];
} }
@ -191,52 +204,42 @@ with lib;
{ {
label = "NixOS Manual"; label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/"; href = "https://nixos.org/nixos/manual/";
image = image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
} }
{ {
label = "Nixpkgs Manual"; label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/"; href = "https://nixos.org/nixpkgs/manual/";
image = image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
} }
{ {
label = "NixOS Reference"; label = "NixOS Reference";
href = href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library"; image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
} }
{ {
label = "Nix Packages"; label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html"; href = "https://nixos.org/nixos/packages.html";
image = image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
} }
{ {
label = "NixOS Language specific helpers"; label = "NixOS Language specific helpers";
href = href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
"https://nixos.wiki/wiki/Language-specific_package_helpers"; image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
} }
{ {
label = "NixOS Weekly"; label = "NixOS Weekly";
href = "https://weekly.nixos.org/"; href = "https://weekly.nixos.org/";
image = image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
} }
{ {
label = "NixOS Security"; label = "NixOS Security";
href = "https://broken.sh/"; href = "https://broken.sh/";
image = image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
} }
{ {
label = "NixOS RFCs"; label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/"; href = "https://github.com/NixOS/rfcs/";
image = image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
} }
]; ];
} }

11
components/network/sshd/default.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }: {
pkgs,
config,
lib,
assets,
...
}:
with lib; with lib;
with types; with types;
let let
@ -6,8 +12,7 @@ let
cfg = config.components.network.sshd; cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here # maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner" sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
''; '';

8
components/network/sshd/known-hosts-manual.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, clanLib, ... }: {
pkgs,
config,
lib,
clanLib,
...
}:
with lib; with lib;
let let
publicKey = clanLib.readFact "ssh.id_ed25519.pub"; publicKey = clanLib.readFact "ssh.id_ed25519.pub";

64
components/network/sshd/known-hosts-public.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
config = mkIf (config.components.network.sshd.enable) { config = mkIf (config.components.network.sshd.enable) {
@ -28,65 +33,66 @@ with lib;
}; };
gitlab = { gitlab = {
hostNames = [ "gitlab.com" ]; hostNames = [ "gitlab.com" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
}; };
gitlab-bk = { gitlab-bk = {
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ]; hostNames = [
publicKey = "gitlab.bk-bund-berlin.de"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw="; "116.203.133.59"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
}; };
# space-left # space-left
gitlabSpaceLeft = { gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ]; hostNames = [ "git.space-left.org" ];
publicKey = publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
}; };
# c-base # c-base
"bnd-cbase" = { "bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ]; hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
}; };
"shell.cbase" = { "shell.cbase" = {
hostNames = [ "shell.c-base.org" ]; hostNames = [ "shell.c-base.org" ];
publicKey = publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
}; };
"kgb.cbase" = { "kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ]; hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
}; };
"cns.cbase" = { "cns.cbase" = {
hostNames = [ "cns.c-base.org" ]; hostNames = [ "cns.c-base.org" ];
publicKey = publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
}; };
"lassulus" = { "lassulus" = {
hostNames = [ "[lassul.us]:45621" ]; hostNames = [ "[lassul.us]:45621" ];
publicKey = publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
}; };
renoise = { renoise = {
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ]; hostNames = [
publicKey = "*.renoise.com"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE="; "renoise.com"
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
}; };
git-renoise = { git-renoise = {
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ]; hostNames = [
publicKey = "[git.renoise.com]:2229"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH"; "[94.130.128.97]:2229"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
}; };
"siteground" = { "siteground" = {
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ]; hostNames = [
publicKey = "[es5.siteground.eu]:18765"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0="; "[37.60.224.6]:18765"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
}; };
"cracksucht.de" = { "cracksucht.de" = {
hostNames = [ "cracksucht.de" ]; hostNames = [ "cracksucht.de" ];
publicKey = publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
}; };
}; };

24
components/network/sshd/known-hosts-zerotier.nix
View file

@ -1,34 +1,34 @@
{ lib, config, clanLib, ... }: {
lib,
config,
clanLib,
...
}:
with lib; with lib;
with types; with types;
let let
machines = clanLib.allMachineNames; machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub"; publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain; tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines knownHosts = lib.genAttrs machines (machine: {
(machine:
{
hostNames = [ hostNames = [
"${machine}" "${machine}"
"${machine}.${tld}" "${machine}.${tld}"
"${machine}.private" "${machine}.private"
]; ];
publicKey = publicKey machine; publicKey = publicKey machine;
} });
);
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub"; bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs' knownBootHosts = lib.mapAttrs' (
(machine: publicKey: nameValuePair machine: publicKey:
"boot_${machine}" nameValuePair "boot_${machine}" {
{
inherit publicKey; inherit publicKey;
hostNames = [ hostNames = [
"[${machine}]:2222" "[${machine}]:2222"
"[${machine}.public]:2222" "[${machine}.public]:2222"
]; ];
} }
) ) bootMachines;
bootMachines;
in in
{ {

80
components/network/syncthing.nix
View file

@ -1,5 +1,13 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }: {
with lib; { config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
{
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ]; # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -19,7 +27,12 @@ with lib; {
id = facts."syncthing.pub"; id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ]; addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
}) })
(clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]); (
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: { device = machine: id: {
"${machine}" = { "${machine}" = {
name = machine; name = machine;
@ -30,20 +43,26 @@ with lib; {
in in
clanMachines clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF") // (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ") // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
;
settings.folders = { settings.folders = {
audiobooks = { audiobooks = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks"; path = lib.mkDefault "/tmp/audiobooks";
devices = [ "chungus" "orbi" ]; devices = [
"chungus"
"orbi"
];
}; };
books = { books = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books"; path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "2"; params.keep = "2";
@ -52,12 +71,20 @@ with lib; {
desktop = { desktop = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop"; path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
}; };
finance = { finance = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance"; path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -66,27 +93,46 @@ with lib; {
flix = { flix = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix"; path = lib.mkDefault "/tmp/flix";
devices = [ "chungus" "orbi" ]; devices = [
"chungus"
"orbi"
];
}; };
logseq = { logseq = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq"; path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" "iPhone" ]; devices = [
"chungus"
"cream"
"cherry"
"iPhone"
];
}; };
lectures = { lectures = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures"; path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ]; devices = [
"chungus"
"orbi"
];
}; };
oscar_cpap = { oscar_cpap = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap"; path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
}; };
password-store = { password-store = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store"; path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "cherry" ]; devices = [
"chungus"
"cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -96,7 +142,11 @@ with lib; {
share = { share = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store"; path = lib.mkDefault "/tmp/password-store";
devices = [ "cream" "cherry" "orbi" ]; devices = [
"cream"
"cherry"
"orbi"
];
}; };
}; };
}; };

21
components/network/tinc/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, factsGenerator, clanLib, ... }: {
lib,
config,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
{ {
@ -20,18 +26,21 @@ with lib;
}; };
config = mkMerge [ config = mkMerge [
(mkIf config.tinc.private.enable (import ./private.nix { (mkIf config.tinc.private.enable (
import ./private.nix {
ipv4 = config.tinc.private.ipv4; ipv4 = config.tinc.private.ipv4;
ipv6 = null; ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList; inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib; inherit config factsGenerator clanLib;
})) }
(mkIf config.tinc.secret.enable (import ./secret.nix { ))
(mkIf config.tinc.secret.enable (
import ./secret.nix {
ipv4 = config.tinc.secret.ipv4; ipv4 = config.tinc.secret.ipv4;
ipv6 = null; ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList; inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib; inherit config factsGenerator clanLib;
})) }
))
]; ];
} }

26
components/network/tinc/private.nix
View file

@ -1,12 +1,13 @@
{ ipv4 {
, ipv6 ipv4,
, config ipv6,
, optionalString config,
, concatStringsSep optionalString,
, factsGenerator concatStringsSep,
, mapAttrsToList factsGenerator,
, clanLib mapAttrsToList,
, ... clanLib,
...
}: }:
let let
hosts = { hosts = {
@ -51,7 +52,8 @@ in
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path; ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap"; interfaceType = "tap";
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
@ -100,6 +102,8 @@ in
LinkLocalAddressing = no LinkLocalAddressing = no
''; '';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)); networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
} }

51
components/network/tinc/secret.nix
View file

@ -1,11 +1,12 @@
{ ipv4 {
, ipv6 ipv4,
, config ipv6,
, optionalString config,
, concatStringsSep optionalString,
, mapAttrsToList concatStringsSep,
, factsGenerator mapAttrsToList,
, ... factsGenerator,
...
}: }:
let let
port = 721; port = 721;
@ -23,7 +24,8 @@ in
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path; ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
Port = ${toString port} Port = ${toString port}
@ -46,7 +48,12 @@ in
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
}; };
robi = { robi = {
addresses = [{ address = "144.76.13.147"; port = port; }]; addresses = [
{
address = "144.76.13.147";
port = port;
}
];
subnets = [ { address = hosts.robi; } ]; subnets = [ { address = hosts.robi; } ];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
}; };
@ -68,23 +75,37 @@ in
LinkLocalAddressing = no LinkLocalAddressing = no
''; '';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts); networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
services.openssh.knownHosts = { services.openssh.knownHosts = {
"cream.${network}" = { "cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ]; hostNames = [
"cream.${network}"
hosts.cream
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
}; };
"sternchen.${network}" = { "sternchen.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ]; hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
}; };
"sterni.${network}" = { "sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ]; hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
}; };
"robi" = { "robi" = {
hostNames = [ "robi.${network}" hosts.robi ]; hostNames = [
"robi.${network}"
hosts.robi
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
}; };
}; };

9
components/network/wifi.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -22,7 +27,6 @@ with types;
# Setting this value to 1 means to try activation once, without retry. # Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999; networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing. # because Networkd-wait-online is just failing.
@ -47,4 +51,3 @@ with types;
}; };
} }

2
components/network/wireguard.nix
View file

@ -28,6 +28,4 @@ with lib;
''; '';
}; };
} }

7
components/nixos/upgrade-diff.nix
View file

@ -1,5 +1,10 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
options.components.nixos.update-diff.enable = lib.mkOption { options.components.nixos.update-diff.enable = lib.mkOption {

8
components/terminal/bash.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.bash.enable = mkOption { options.components.terminal.bash.enable = mkOption {
@ -16,7 +21,6 @@ with lib;
interactiveShellInit = "set -o vi"; interactiveShellInit = "set -o vi";
shellAliases = { shellAliases = {
ls = "ls --color=tty"; ls = "ls --color=tty";
l = "ls -CFh"; l = "ls -CFh";

7
components/terminal/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal = { options.components.terminal = {

12
components/terminal/direnv.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.direnv.enable = mkOption { options.components.terminal.direnv.enable = mkOption {
@ -12,7 +17,10 @@ with lib;
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.direnv.enable = true; programs.direnv.enable = true;
programs.git.ignores = [ ".envrc" ".direnv" ]; programs.git.ignores = [
".envrc"
".direnv"
];
} }
]; ];

9
components/terminal/git.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.git.enable = mkOption { options.components.terminal.git.enable = mkOption {
@ -8,7 +13,6 @@ with lib;
config = mkIf (config.components.terminal.git.enable) { config = mkIf (config.components.terminal.git.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gita gita
@ -29,4 +33,3 @@ with lib;
]; ];
}; };
} }

7
components/terminal/heygpt.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
options.components.terminal.heygpt.enable = mkOption { options.components.terminal.heygpt.enable = mkOption {

31
components/terminal/hoard.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
hoardSrc = pkgs.fetchFromGitHub { hoardSrc = pkgs.fetchFromGitHub {
@ -31,10 +36,26 @@ in
config_home_path = "/home/palo/.config/hoard"; config_home_path = "/home/palo/.config/hoard";
trove_path = "/home/palo/.config/hoard/trove.yml"; trove_path = "/home/palo/.config/hoard/trove.yml";
query_prefix = " >"; query_prefix = " >";
primary_color = [ 87 142 87 ]; primary_color = [
secondary_color = [ 203 184 144 ]; 87
tertiary_color = [ 30 30 30 ]; 142
command_color = [ 30 30 30 ]; 87
];
secondary_color = [
203
184
144
];
tertiary_color = [
30
30
30
];
command_color = [
30
30
30
];
parameter_token = "#"; parameter_token = "#";
read_from_current_directory = true; read_from_current_directory = true;
}; };

7
components/terminal/remote-install.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.remote-install.enable = mkOption { options.components.terminal.remote-install.enable = mkOption {

180
components/terminal/wtf.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
@ -54,8 +59,8 @@ let
echo echo
''; '';
userHighlight = map ({ user, ... }: user) userHighlight =
(builtins.attrValues config.services.browser.configList) map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ]; ++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" '' activeUsers = pkgs.writers.writeBash "active-users" ''
@ -63,14 +68,20 @@ let
| ${pkgs.gnused}/bin/sed '1 d' \ | ${pkgs.gnused}/bin/sed '1 d' \
| ${pkgs.coreutils}/bin/sort \ | ${pkgs.coreutils}/bin/sort \
| ${pkgs.coreutils}/bin/uniq \ | ${pkgs.coreutils}/bin/uniq \
| ${pkgs.gnugrep}/bin/egrep --color=always '(${ | ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
pkgs.lib.concatStringsSep "|" userHighlight
})|$'
''; '';
# default settings # default settings
wtfModule = wtfModule =
args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }: args@{
height ? 1,
width ? 1,
top,
left,
enabled ? true,
type,
...
}:
{ {
enabled = enabled; enabled = enabled;
focusable = false; focusable = false;
@ -78,33 +89,50 @@ let
position.left = left; position.left = left;
position.height = height; position.height = height;
position.width = width; position.width = width;
} // (lib.filterAttrs }
(key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ]) // (lib.filterAttrs (
args); key: _:
lib.all (x: x != key) [
"height"
"width"
"top"
"left"
]
) args);
# command runner module # command runner module
cmdRunner = args@{ cmd, ... }: cmdRunner =
wtfModule ({ args@{ cmd, ... }:
wtfModule (
{
type = "cmdrunner"; type = "cmdrunner";
focusable = false; focusable = false;
refreshInterval = 300; refreshInterval = 300;
} // args); }
// args
);
modules = { modules = {
inherit cmdRunner; inherit cmdRunner;
digitalclock = args@{ top, left, ... }: digitalclock =
cmdRunner ({ args@{ top, left, ... }:
cmdRunner (
{
cmd = pkgs.writers.writeDash "clock" '' cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"` ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y" ${pkgs.coreutils}/bin/date +"%B %d %Y"
''; '';
title = ""; title = "";
refreshInterval = 30; refreshInterval = 30;
} // args); }
// args
);
clocks = args@{ top, left, ... }: clocks =
wtfModule ({ args@{ top, left, ... }:
wtfModule (
{
type = "clocks"; type = "clocks";
title = ""; title = "";
border = false; border = false;
@ -121,25 +149,37 @@ let
}; };
sort = "alphabetical"; sort = "alphabetical";
refreshInterval = 60; refreshInterval = 60;
} // args); }
// args
);
resourceusage = args@{ top, left, ... }: resourceusage =
wtfModule ({ args@{ top, left, ... }:
wtfModule (
{
type = "resourceusage"; type = "resourceusage";
title = ""; title = "";
cpuCombined = false; cpuCombined = false;
refreshInterval = 5; refreshInterval = 5;
} // args); }
// args
);
power = args@{ top, left, ... }: power =
wtfModule ({ args@{ top, left, ... }:
wtfModule (
{
type = "power"; type = "power";
title = ""; title = "";
refreshInterval = 100; refreshInterval = 100;
} // args); }
// args
);
prettyweather = args@{ top, left, ... }: prettyweather =
wtfModule ({ args@{ top, left, ... }:
wtfModule (
{
type = "prettyweather"; type = "prettyweather";
title = ""; title = "";
city = "Essen"; city = "Essen";
@ -147,10 +187,19 @@ let
view = 0; view = 0;
language = "en"; language = "en";
refreshInterval = 3600; refreshInterval = 3600;
} // args); }
// args
);
feedreader = args@{ top, left, feeds, ... }: feedreader =
wtfModule ({ args@{
top,
left,
feeds,
...
}:
wtfModule (
{
type = "feedreader"; type = "feedreader";
title = ""; title = "";
refreshInterval = 3600; refreshInterval = 3600;
@ -160,10 +209,20 @@ let
even = "white"; even = "white";
odd = "white"; odd = "white";
}; };
} // args); }
// args
);
github = args@{ top, left, username, apiKey, ... }: github =
wtfModule ({ args@{
top,
left,
username,
apiKey,
...
}:
wtfModule (
{
type = "github"; type = "github";
title = ""; title = "";
refreshInterval = 3600; refreshInterval = 3600;
@ -178,7 +237,9 @@ let
# - "wtfutil/wtf" # - "wtfutil/wtf"
# - "wtfutil/docs" # - "wtfutil/docs"
# - "umbrella-corp/wesker-api" # - "umbrella-corp/wesker-api"
} // args); }
// args
);
}; };
@ -191,8 +252,20 @@ let
normal = "green"; normal = "green";
}; };
grid = { grid = {
columns = [ 28 0 0 ]; columns = [
rows = [ 9 9 9 9 9 9 0 ]; 28
0
0
];
rows = [
9
9
9
9
9
9
0
];
}; };
refreshInterval = 1; refreshInterval = 1;
mods = with modules; { mods = with modules; {
@ -227,8 +300,7 @@ let
top = 4; top = 4;
left = 1; left = 1;
height = 1; height = 1;
feeds = feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
}; };
nixos = feedreader { nixos = feedreader {
title = "NixOS Weekly"; title = "NixOS Weekly";
@ -265,8 +337,20 @@ let
normal = "green"; normal = "green";
}; };
grid = { grid = {
columns = [ 33 12 28 36 0 ]; columns = [
rows = [ 9 4 6 6 0 ]; 33
12
28
36
0
];
rows = [
9
4
6
6
0
];
}; };
refreshInterval = 1; refreshInterval = 1;
mods = with modules; { mods = with modules; {
@ -312,7 +396,12 @@ let
calendar = cmdRunner { calendar = cmdRunner {
title = ""; title = "";
args = [ "-3" "--monday" "--color=never" "-w" ]; args = [
"-3"
"--monday"
"--color=never"
"-w"
];
cmd = "cal"; cmd = "cal";
top = 1; top = 1;
left = 1; left = 1;
@ -374,9 +463,12 @@ let
}; };
}; };
createDashboard = { json, name }: createDashboard =
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json); { json, name }:
in pkgs.writers.writeBashBin name '' let
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in
pkgs.writers.writeBashBin name ''
${pkgs.wtf}/bin/wtfutil --config=${toString configuration} ${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
''; '';

7
components/terminal/zsh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.zsh.enable = mkOption { options.components.terminal.zsh.enable = mkOption {

7
components/virtualisation/docker.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/podman.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/qemu.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/virtualbox.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

8
components/yubikey.nix
View file

@ -1,7 +1,12 @@
# References: # References:
# * https://github.com/drduh/YubiKey-Guide # * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey # * https://nixos.wiki/wiki/Yubikey
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
@ -16,7 +21,6 @@ with lib;
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = [ environment.systemPackages = [
pkgs.yubikey-personalization pkgs.yubikey-personalization

13
features/boot/ssh.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }: {
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
with types; with types;
@ -11,8 +18,7 @@ with types;
kernelModules = mkOption { kernelModules = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [ ];
description = description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
"nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
}; };
}; };
@ -42,4 +48,3 @@ with types;
}; };
} }

27
features/boot/tor.nix
View file

@ -1,4 +1,11 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }: {
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -16,14 +23,13 @@ with types;
name = "initrd"; name = "initrd";
addressPrefix = "init"; addressPrefix = "init";
}; };
boot.initrd.secrets = boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) genAttrs [
(genAttrs [
"hostname" "hostname"
"hs_ed25519_public_key" "hs_ed25519_public_key"
"hs_ed25519_secret_key" "hs_ed25519_secret_key"
] ] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
(secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)); );
boot.initrd.systemd.storePaths = [ boot.initrd.systemd.storePaths = [
pkgs.tor pkgs.tor
@ -43,7 +49,10 @@ with types;
boot.initrd.systemd.services.tor = { boot.initrd.systemd.services.tor = {
description = "tor during init"; description = "tor during init";
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
after = [ "network.target" "initrd-nixos-copy-secrets.service" ]; after = [
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ]; before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ]; conflicts = [ "shutdown.target" ];
@ -53,8 +62,7 @@ with types;
pkgs.iproute2 pkgs.iproute2
pkgs.coreutils pkgs.coreutils
]; ];
script = script = ''
''
echo "tor: preparing onion folder" echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start # have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor chmod -R 700 /etc/tor
@ -66,4 +74,3 @@ with types;
}; };
}; };
} }

7
features/network/fail2ban.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
options.features.network.fail2ban.enable = mkOption { options.features.network.fail2ban.enable = mkOption {

8
features/network/sshguard.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }: {
pkgs,
config,
lib,
assets,
...
}:
with lib; with lib;
with types; with types;
{ {

23
flake.lock
View file

@ -843,7 +843,8 @@
"retiolum": "retiolum", "retiolum": "retiolum",
"srvos": "srvos", "srvos": "srvos",
"stylix": "stylix", "stylix": "stylix",
"taskshell": "taskshell" "taskshell": "taskshell",
"treefmt-nix": "treefmt-nix_3"
} }
}, },
"sops-nix": { "sops-nix": {
@ -1029,6 +1030,26 @@
"repo": "treefmt-nix", "repo": "treefmt-nix",
"type": "github" "type": "github"
} }
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724833132,
"narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

129
flake.nix
View file

@ -58,6 +58,11 @@
srvos.url = "github:nix-community/srvos"; srvos.url = "github:nix-community/srvos";
treefmt-nix = {
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
landingpage = { landingpage = {
#url = "git+file:///home/palo/dev/landingpage"; #url = "git+file:///home/palo/dev/landingpage";
url = "github:mrVanDalo/landingpage"; url = "github:mrVanDalo/landingpage";
@ -91,28 +96,30 @@
}; };
outputs = outputs =
inputs@{ self inputs@{
, clan-core self,
, clan-fact-generators clan-core,
, flake-parts clan-fact-generators,
, home-manager flake-parts,
, home-manager-utils home-manager,
, kmonad home-manager-utils,
, landingpage kmonad,
, nixos-anywhere landingpage,
, nixos-hardware nixos-anywhere,
, nixpkgs nixos-hardware,
, nixpkgs-legacy_2211 nixpkgs,
, nixpkgs-legacy_2311 nixpkgs-legacy_2211,
, nixpkgs-legacy_2405 nixpkgs-legacy_2311,
, nixpkgs-unstable-small nixpkgs-legacy_2405,
, permown nixpkgs-unstable-small,
, polygon-art permown,
, private_assets polygon-art,
, retiolum private_assets,
, srvos retiolum,
, stylix srvos,
, taskshell stylix,
taskshell,
treefmt-nix,
}: }:
let let
@ -165,7 +172,10 @@
inherit inputs; inherit inputs;
assets = ./assets; assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; }; factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; }; clanLib = import ./lib/clanlib.nix {
inherit (pkgs) lib;
machineDir = ./machines;
};
zerotierDeviceName = "ztbn67ogn2"; zerotierDeviceName = "ztbn67ogn2";
components = ./components; components = ./components;
features = ./features; features = ./features;
@ -173,30 +183,36 @@
}; };
clanSetup = clanSetup =
{ name {
, host name,
, modules host,
}: { modules,
}:
{
clan.core.networking.targetHost = lib.mkDefault "root@${host}"; clan.core.networking.targetHost = lib.mkDefault "root@${host}";
nixpkgs.pkgs = meta.pkgs; nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system; nixpkgs.hostPlatform = meta.system;
clan.core.facts.secretStore = "password-store"; clan.core.facts.secretStore = "password-store";
imports = modules ++ defaultModules ++ [ imports =
modules
++ defaultModules
++ [
./machines/${name}/configuration.nix ./machines/${name}/configuration.nix
]; ];
}; };
zerotierControllerModule = zerotierControllerModule = {
{
clan.core.networking.zerotier.controller = { clan.core.networking.zerotier.controller = {
enable = true; enable = true;
public = false; public = false;
}; };
}; };
zerotierModules = { pkgs, ... }: { zerotierModules =
{ pkgs, ... }:
{
imports = [ imports = [
# this magically adds all my machines in the zero tier network # this magically adds all my machines in the zero tier network
@ -231,7 +247,9 @@
_module.args.inputs = self.inputs; _module.args.inputs = self.inputs;
} }
# ssh keys # ssh keys
({ config, ... }: { (
{ config, ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
# master key # master key
./assets/mrvandalo_rsa.pub ./assets/mrvandalo_rsa.pub
@ -239,7 +257,8 @@
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub" "${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
]; ];
}) }
)
{ {
# disable emergency mode everywhere, although it might be needed on laptops # disable emergency mode everywhere, although it might be needed on laptops
boot.initrd.systemd.emergencyAccess = false; boot.initrd.systemd.emergencyAccess = false;
@ -250,11 +269,20 @@
systemd.enableEmergencyMode = false; systemd.enableEmergencyMode = false;
} }
# configure nix # configure nix
({ pkgs, lib, clanLib, ... }: (
{
pkgs,
lib,
clanLib,
...
}:
{ {
nix.settings.substituters = [ "http://cache.orbi.wg0" ]; nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ]; nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = 1; nix.settings.max-jobs = 1;
# no channesl needed this way # no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -282,7 +310,8 @@
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10; boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10; boot.loader.grub.configurationLimit = lib.mkDefault 10;
}) }
)
# My Structure # My Structure
./components ./components
./features ./features
@ -293,15 +322,20 @@
permown.nixosModules.permown permown.nixosModules.permown
kmonad.nixosModules.default kmonad.nixosModules.default
# some default things I always want # some default things I always want
({ pkgs, ... }: { (
{ pkgs, ... }:
{
boot.tmp.useTmpfs = lib.mkDefault true; boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ environment.systemPackages = [
pkgs.nixpkgs-fmt pkgs.nixpkgs-fmt
]; ];
}) }
)
]; ];
stylixModules = { pkgs, config, ... }: { stylixModules =
{ pkgs, config, ... }:
{
imports = [ stylix.nixosModules.stylix ]; imports = [ stylix.nixosModules.stylix ];
stylix.enable = true; stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
@ -327,7 +361,9 @@
}; };
}; };
homeManagerModules = { pkgs, config, ... }: { homeManagerModules =
{ pkgs, config, ... }:
{
imports = [ imports = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
]; ];
@ -345,7 +381,9 @@
in in
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: { flake-parts.lib.mkFlake { inherit inputs; } (
{ self, pkgs, ... }:
{
# We define our own systems below. you can still use this to add system specific outputs to your flake. # We define our own systems below. you can still use this to add system specific outputs to your flake.
# See: https://flake.parts/getting-started # See: https://flake.parts/getting-started
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
@ -353,9 +391,12 @@
# import clan-core modules # import clan-core modules
imports = [ imports = [
clan-core.flakeModules.default clan-core.flakeModules.default
./nix/formatter.nix
]; ];
perSystem = { pkgs, ... }: { perSystem =
{ pkgs, ... }:
{
packages.pkl = pkgs.callPackage ./pkgs/pkl { }; packages.pkl = pkgs.callPackage ./pkgs/pkl { };
}; };
@ -496,7 +537,7 @@
}; };
}); }
);
} }

7
homes/common/oh-my-posh/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }: {
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
programs.oh-my-posh = { programs.oh-my-posh = {

4
homes/common/oh-my-posh/gmay.json
View file

@ -86,7 +86,9 @@
}, },
{ {
"background": "#427B58", "background": "#427B58",
"background_templates": ["{{ if gt .Code 0 }}#9D0006{{ end }}"], "background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2", "foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>", "leading_diamond": "<transparent,background>\ue0b0</>",
"properties": { "properties": {

8
homes/common/oh-my-posh/gruvbox.json
View file

@ -13,9 +13,13 @@
}, },
{ {
"background": "#fbf1c7", "background": "#fbf1c7",
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"], "background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828", "foreground": "#282828",
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"], "foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0", "powerline_symbol": "\ue0b0",
"style": "powerline", "style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ", "template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",

8
homes/common/packages.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -41,7 +46,6 @@ with lib;
} }
(mkIf config.gui.enable { (mkIf config.gui.enable {
home.packages = [ home.packages = [
libreoffice libreoffice

7
homes/common/terminal.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, assets, ... }: {
lib,
pkgs,
assets,
...
}:
{ {
programs.zsh = { programs.zsh = {

7
homes/common/zfs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

3
homes/palo/default.nix
View file

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
imports = [ imports = [
../common ../common

7
homes/palo/doom-emacs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
config = mkMerge [ config = mkMerge [

11
homes/palo/git.nix
View file

@ -10,7 +10,15 @@ with pkgs;
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true; signByDefault = true;
}; };
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ]; ignores = [
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
extraConfig = { extraConfig = {
init.defaultBranch = "main"; init.defaultBranch = "main";
pull.ff = "only"; pull.ff = "only";
@ -19,7 +27,6 @@ with pkgs;
difftastic.enable = true; difftastic.enable = true;
}; };
home.packages = [ home.packages = [
pre-commit pre-commit
gita gita

3
homes/palo/gpg.nix
View file

@ -12,8 +12,7 @@
keyserver = "keyserver.ubuntu.com"; keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512"; personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512"; cert-digest-algo = "SHA512";
default-preference-list = default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
}; };
}; };

7
homes/palo/gui/alacritty.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {

8
homes/palo/gui/kitty.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
with lib; with lib;
{ {
@ -31,6 +36,5 @@ with lib;
}; };
}; };
}; };
} }

1
homes/palo/hyperland.nix
View file

@ -158,4 +158,3 @@
''; '';
} }

44
homes/palo/i3.nix
View file

@ -1,8 +1,20 @@
{ config, lib, pkgs, osConfig, ... }: {
config,
lib,
pkgs,
osConfig,
...
}:
with lib; with lib;
let let
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; }; rofi = pkgs.rofi.override {
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
backgroundCommand = pkgs.writers.writeDash "background" '' backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \ ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -140,21 +152,25 @@ in
focus = { focus = {
followMouse = true; followMouse = true;
}; };
colors.focused = colors.focused = with config.lib.stylix.colors.withHashtag; {
with config.lib.stylix.colors.withHashtag;
{
# stylix color overrides # stylix color overrides
border = lib.mkForce base08; border = lib.mkForce base08;
background = lib.mkForce base0A; background = lib.mkForce base0A;
text = lib.mkForce base00; text = lib.mkForce base00;
}; };
startup = startup = [
[
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; } #{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
{ command = toString backgroundCommand; always = true; }
{ {
command = toString (pkgs.writers.writeDash "xsettings" '' command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
always = true;
}
{
command = toString backgroundCommand;
always = true;
}
{
command = toString (
pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X # to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost + ${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap # no shitty pcspkr crap
@ -162,13 +178,15 @@ in
# no sleeping monitor # no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms ${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off ${pkgs.xorg.xset}/bin/xset s off
''); ''
);
always = true; always = true;
} }
]; ];
bars = [ bars = [
(config.lib.stylix.i3.bar // (
{ config.lib.stylix.i3.bar
// {
#mode = "hide"; #mode = "hide";
hiddenState = "hide"; hiddenState = "hide";
position = "top"; position = "top";

43
homes/palo/packages/development.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -29,15 +34,18 @@ with lib;
jetbrains.pycharm-professional jetbrains.pycharm-professional
# planing # planing
((ganttproject-bin.override { (
(ganttproject-bin.override {
jre = pkgs.openjdk11; jre = pkgs.openjdk11;
}).overrideAttrs (old: { }).overrideAttrs
(old: {
version = "3.1.3100"; version = "3.1.3100";
src = pkgs.fetchzip { src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip"; url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4="; sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
}; };
})) })
)
# Pkl # Pkl
# --- # ---
@ -101,7 +109,8 @@ with lib;
{ {
home.packages = home.packages =
let let
pandocScript = { inputFormat, outputFormat }: pandocScript =
{ inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" '' pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \ ${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \ --from ${inputFormat} \
@ -135,10 +144,26 @@ with lib;
${pkgs.less}/bin/less ${pkgs.less}/bin/less
'') '')
] ++ (map pandocScript (lib.cartesianProduct { ]
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ]; ++ (map pandocScript (
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ]; lib.cartesianProduct {
})); inputFormat = [
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
} }
]; ];

7
homes/palo/packages/graphics.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

7
homes/palo/packages/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

7
homes/palo/packages/media.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

13
homes/palo/packages/nextcloud.nix
View file

@ -1,10 +1,16 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
let let
nextcloud-client = pkgs.legacy_2311.nextcloud-client; nextcloud-client = pkgs.legacy_2311.nextcloud-client;
nextcloudSync = folder: nextcloudSync =
folder:
let let
password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )"; password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
user = "palo"; user = "palo";
@ -16,8 +22,7 @@ let
"https://${user}:${password}@nextcloud.ingolf-wagner.de" "https://${user}:${password}@nextcloud.ingolf-wagner.de"
''; '';
borrow = pkgs.writers.writeDashBin "borrow" borrow = pkgs.writers.writeDashBin "borrow" ''
''
${getExe hledger-ui} \ ${getExe hledger-ui} \
--all \ --all \
--theme=terminal \ --theme=terminal \

8
homes/palo/packages/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -8,7 +13,6 @@ with lib;
# ¯\_(ツ)_/¯ # ¯\_(ツ)_/¯
home.packages = [ home.packages = [
nixos-shell nixos-shell
# bluetooth gui # bluetooth gui

7
homes/palo/packages/social.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

7
homes/palo/ssh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
{ {
home.packages = [ pkgs.sshuttle ]; home.packages = [ pkgs.sshuttle ];

47
homes/palo/taskwarrior.nix
View file

@ -1,21 +1,40 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }: mkMagicMergeOption =
{
description ? "",
example ? { },
default ? { },
apply ? id,
...
}:
mkOption { mkOption {
inherit example description default apply; inherit
type = with lib.types; example
description
default
apply
;
type =
with lib.types;
let let
valueType = nullOr valueType =
(oneOf [ nullOr (oneOf [
bool bool
int int
float float
str str
(attrsOf valueType) (attrsOf valueType)
(listOf valueType) (listOf valueType)
]) // { ])
// {
description = "bool, int, float or str"; description = "bool, int, float or str";
emptyValue.value = { }; emptyValue.value = { };
}; };
@ -23,7 +42,6 @@ let
valueType; valueType;
}; };
taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui; taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
in in
@ -31,7 +49,8 @@ in
{ {
# bugwarrior (a bit fiddly) # bugwarrior (a bit fiddly)
imports = [{ imports = [
{
options.bugwarrior.config = mkMagicMergeOption { options.bugwarrior.config = mkMagicMergeOption {
type = attrs; type = attrs;
@ -39,7 +58,9 @@ in
}; };
config = { config = {
home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config; home.file.".config/bugwarrior/bugwarrior.toml".source =
(pkgs.formats.toml { }).generate "bugwarriorrc.toml"
config.bugwarrior.config;
# todo : before deleting this, put it in logseq # todo : before deleting this, put it in logseq
home.packages = [ home.packages = [
@ -61,12 +82,12 @@ in
]; ];
}; };
}]; }
];
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
home.packages = with pkgs; home.packages = with pkgs; [
[
taskwarrior taskwarrior
taskwarrior-tui taskwarrior-tui

15
homes/tina/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -6,10 +11,14 @@ with lib;
home.packages = [ home.packages = [
logseq logseq
]; ];
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json" home.file.".config/Logseq/Preferences".source =
(pkgs.formats.json { }).generate "LogseqPreferences.json"
{ {
spellcheck = { spellcheck = {
dictionaries = [ "en-US" "de-DE" ]; dictionaries = [
"en-US"
"de-DE"
];
dictionary = ""; dictionary = "";
}; };
}; };

10
homes/tina/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -25,10 +30,7 @@ with lib;
pdfarranger pdfarranger
calibre calibre
]; ];
}; };
} }

30
images/lib/remote-access.nix
View file

@ -1,11 +1,16 @@
{ {
# cat ~/.ssh/id_rsa.pub # cat ~/.ssh/id_rsa.pub
publicSshKey ? "" publicSshKey ? "",
, # remote-install-get-hiddenReceiver # remote-install-get-hiddenReceiver
hiddenReceiver ? "" hiddenReceiver ? "",
,
}: }:
{ config, lib, pkgs, ... }: { {
config,
lib,
pkgs,
...
}:
{
imports = [ imports = [
{ {
@ -13,7 +18,9 @@
networking.hostName = "liveos"; networking.hostName = "liveos";
users.extraUsers = { users.extraUsers = {
root = { openssh.authorizedKeys.keys = [ publicSshKey ]; }; root = {
openssh.authorizedKeys.keys = [ publicSshKey ];
};
}; };
} }
{ {
@ -104,15 +111,20 @@
client.enable = true; client.enable = true;
relay.onionServices.hidden-ssh = { relay.onionServices.hidden-ssh = {
version = 3; version = 3;
map = [{ map = [
{
port = 22; port = 22;
target.port = 22; target.port = 22;
}]; }
];
}; };
}; };
systemd.services.hidden-ssh-announce = { systemd.services.hidden-ssh-announce = {
description = "irc announce hidden ssh"; description = "irc announce hidden ssh";
after = [ "tor.service" "network-online.target" ]; after = [
"tor.service"
"network-online.target"
];
wants = [ "tor.service" ]; wants = [ "tor.service" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig = { serviceConfig = {

15
images/machine-init-configuration.nix
View file

@ -1,9 +1,13 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = imports = [
[
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
@ -42,7 +46,9 @@
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
@ -52,5 +58,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

3
images/remote-install/config.nix
View file

@ -4,8 +4,7 @@ let
remote-access = import ../lib/remote-access.nix { remote-access = import ../lib/remote-access.nix {
# cat ~/.ssh/id_rsa.pub # cat ~/.ssh/id_rsa.pub
publicSshKey = publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
# remote-install-get-hiddenReceiver # remote-install-get-hiddenReceiver
hiddenReceiver = ""; hiddenReceiver = "";

18
images/translate-setup/audio.nix
View file

@ -1,10 +1,22 @@
{ pkgs, lib, config, ... }: { {
users.users.mainUser.extraGroups = [ "audio" "pipewire" ]; pkgs,
lib,
config,
...
}:
{
users.users.mainUser.extraGroups = [
"audio"
"pipewire"
];
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
environment.systemPackages = with pkgs; [ alsaUtils pavucontrol ]; environment.systemPackages = with pkgs; [
alsaUtils
pavucontrol
];
} }

13
images/translate-setup/config.nix
View file

@ -1,6 +1,15 @@
{ pkgs, lib, config, ... }: { {
pkgs,
lib,
config,
...
}:
{
imports = [ ./x11.nix ./audio.nix ]; imports = [
./x11.nix
./audio.nix
];
#networking.networkmanager.enable = true; #networking.networkmanager.enable = true;
#networking.wireless.enable = false; #networking.wireless.enable = false;

15
images/translate-setup/x11.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, ... }: { {
pkgs,
config,
lib,
...
}:
{
services.xserver = { services.xserver = {
enable = true; enable = true;
@ -44,6 +50,11 @@
# Packages # Packages
# -------- # --------
environment.systemPackages = with pkgs; [ flameshot pavucontrol mumble vlc ]; environment.systemPackages = with pkgs; [
flameshot
pavucontrol
mumble
vlc
];
} }

17
images/usb-init-configuration.nix
View file

@ -1,17 +1,19 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = [
imports =
[
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
networking.hostName = "nixos"; networking.hostName = "nixos";
# grub configuraton # grub configuraton
# ----------------- # -----------------
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -41,7 +43,9 @@
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ]; users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de"
];
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
@ -51,5 +55,4 @@
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }

8
images/windows-rescue/config.nix
View file

@ -8,8 +8,7 @@ let
plainTextPassword = ""; plainTextPassword = "";
}; };
remote-access = import ../lib/remote-access.nix { remote-access = import ../lib/remote-access.nix {
publicSshKey = publicSshKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw==";
hiddenReceiver = ""; hiddenReceiver = "";
}; };
in in
@ -17,7 +16,10 @@ in
imports = [ remote-access ]; imports = [ remote-access ];
environment.systemPackages = [ pkgs.chntpw pkgs.ntfs3g ]; environment.systemPackages = [
pkgs.chntpw
pkgs.ntfs3g
];
networking.dhcpcd.enable = true; networking.dhcpcd.enable = true;
networking.wireless = { networking.wireless = {

3
images/yubikey-image.nix
View file

@ -12,8 +12,7 @@ let
sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq"; sha256 = "0rzy06a5xgfjpaklxdgrxml24d0vhk78lb577l3z4x7a2p32dbyq";
}; };
buildInputs = [ pkgs.pandoc ]; buildInputs = [ pkgs.pandoc ];
installPhase = installPhase = "pandoc --highlight-style pygments -s --toc README.md -o $out";
"pandoc --highlight-style pygments -s --toc README.md -o $out";
}; };
in in
{ {

39
lib/clanlib.nix
View file

@ -3,17 +3,14 @@ let
allMachineNames = lib.mapAttrsToList (name: _: name) (builtins.readDir machineDir); allMachineNames = lib.mapAttrsToList (name: _: name) (builtins.readDir machineDir);
getFactPath = fact: machine: getFactPath = fact: machine: "${machineDir}/${machine}/facts/${fact}";
"${machineDir}/${machine}/facts/${fact}";
readFact = fact: machine: readFact =
fact: machine:
let let
path = getFactPath fact machine; path = getFactPath fact machine;
in in
if builtins.pathExists path then if builtins.pathExists path then builtins.readFile path else null;
builtins.readFile path
else
null;
# Example: # Example:
# #
@ -22,7 +19,8 @@ let
# machineA = "1.2.3.4"; # machineA = "1.2.3.4";
# machineB = "5.6.7.8"; # machineB = "5.6.7.8";
# }; # };
readFactFromAllMachines = fact: readFactFromAllMachines =
fact:
let let
machines = allMachineNames; machines = allMachineNames;
facts = lib.genAttrs machines (readFact fact); facts = lib.genAttrs machines (readFact fact);
@ -47,18 +45,27 @@ let
# "synching.pub" = "23456719"; # "synching.pub" = "23456719";
# }; # };
# }; # };
readFactsFromAllMachines = facts: readFactsFromAllMachines =
facts:
let let
# machine -> fact -> factvalue # machine -> fact -> factvalue
machinesFactsAttrs = lib.genAttrs allMachineNames (machine: lib.genAttrs facts (fact: readFact fact machine)); machinesFactsAttrs = lib.genAttrs allMachineNames (
machine: lib.genAttrs facts (fact: readFact fact machine)
);
# remove all machines which don't have all facts set # remove all machines which don't have all facts set
filteredMachineFactAttrs = filteredMachineFactAttrs = lib.filterAttrs (
lib.filterAttrs (_machine: values: builtins.all (fact: values.${fact} != null) facts) _machine: values: builtins.all (fact: values.${fact} != null) facts
machinesFactsAttrs; ) machinesFactsAttrs;
in in
filteredMachineFactAttrs; filteredMachineFactAttrs;
in in
{ inherit allMachineNames getFactPath readFact readFactFromAllMachines readFactsFromAllMachines; } {
inherit
allMachineNames
getFactPath
readFact
readFactFromAllMachines
readFactsFromAllMachines
;
}

7
machines/cherry/37c3.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
interface = "wlp170s0"; interface = "wlp170s0";
in in

21
machines/cherry/configuration.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
{ {
imports = [ imports = [
@ -37,7 +42,6 @@
# (promptKey "pushover.user_key") // # (promptKey "pushover.user_key") //
# (promptKey "pushover.api_key"); # (promptKey "pushover.api_key");
components.virtualisation.enable = true; components.virtualisation.enable = true;
components.gui.enable = true; components.gui.enable = true;
@ -52,11 +56,13 @@
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi
#components.monitor.opentelemetry.exporter.debug = "logs"; #components.monitor.opentelemetry.exporter.debug = "logs";
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
home-manager.users.mainUser.bugwarrior.config = { home-manager.users.mainUser.bugwarrior.config = {
general = { general = {
targets = [ "terranix" "my_github" ]; targets = [
"terranix"
"my_github"
];
log_level = "INFO"; log_level = "INFO";
static_fields = [ "priority" ]; static_fields = [ "priority" ];
merge_annotations = false; merge_annotations = false;
@ -84,12 +90,15 @@
add_tags = "github"; add_tags = "github";
include_user_issues = true; include_user_issues = true;
include_user_repos = true; include_user_repos = true;
exclude_repos = [ "azubi" "csv-to-qif" "stepp0r" ]; exclude_repos = [
"azubi"
"csv-to-qif"
"stepp0r"
];
}; };
# todo : add github issues # todo : add github issues
}; };
users.users.mainUser.extraGroups = [ "pipewire" ]; users.users.mainUser.extraGroups = [ "pipewire" ];
services.nginx.enable = true; services.nginx.enable = true;

9
machines/cherry/hardware-configuration/default.nix
View file

@ -1,4 +1,9 @@
{ lib, config, factsGenerator, ... }: {
lib,
config,
factsGenerator,
...
}:
{ {
imports = [ imports = [
./disko-config.nix ./disko-config.nix
@ -24,6 +29,4 @@
ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none" ACTION=="add|change", KERNEL=="sd[a-z]*[0-9]*|mmcblk[0-9]*p[0-9]*|nvme[0-9]*n[0-9]*p[0-9]*", ENV{ID_FS_TYPE}=="zfs_member", ATTR{../queue/scheduler}="none"
''; '';
} }

1
machines/cherry/hardware-configuration/disko-config.nix
View file

@ -70,4 +70,3 @@
}; };
} }

4
machines/cherry/hardware-configuration/graphics.nix
View file

@ -14,6 +14,8 @@
hardware.graphics.enable32Bit = true; hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ]; hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [ intel-vaapi-driver ];
environment.sessionVariables = { LIBVA_DRIVER_NAME = "i965"; }; # Optionally, set the environment variable environment.sessionVariables = {
LIBVA_DRIVER_NAME = "i965";
}; # Optionally, set the environment variable
} }

19
machines/cherry/hardware-configuration/hardware-configuration.nix
View file

@ -1,15 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"thunderbolt"
"nvme"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];

6
machines/cherry/network-tinc_retiolum.nix
View file

@ -7,8 +7,10 @@
networking.retiolum.nodename = "cherry"; networking.retiolum.nodename = "cherry";
services.tinc.networks.retiolum = { services.tinc.networks.retiolum = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path; ed25519PrivateKeyFile =
rsaPrivateKeyFile = config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path; config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
}; };
#fileSystems."/retiolum/sicily" = { #fileSystems."/retiolum/sicily" = {

7
machines/cherry/network-wireguard-wg0.nix
View file

@ -1,4 +1,9 @@
{ config, factsGenerator, clanLib, ... }: {
config,
factsGenerator,
clanLib,
...
}:
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };

8
machines/cherry/network-wireguard-wg1.nix
View file

@ -14,10 +14,14 @@
}; };
home-manager.users.root.home.packages = [ home-manager.users.root.home.packages = [
(pkgs.writers.writeBashBin "wg1-up" '' (pkgs.writers.writeBashBin "wg1-up" ''
${pkgs.wireguard-tools}/bin/wg-quick up ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} ${pkgs.wireguard-tools}/bin/wg-quick up ${
config.clan.core.facts.services.wg1.secret."wg1.conf".path
}
'') '')
(pkgs.writers.writeBashBin "wg1-down" '' (pkgs.writers.writeBashBin "wg1-down" ''
${pkgs.wireguard-tools}/bin/wg-quick down ${config.clan.core.facts.services.wg1.secret."wg1.conf".path} ${pkgs.wireguard-tools}/bin/wg-quick down ${
config.clan.core.facts.services.wg1.secret."wg1.conf".path
}
'') '')
]; ];
} }

Some files were not shown because too many files have changed in this diff Show more