palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

..

51 commits
e436e48ad9 ... 10dbcb8572

Author SHA1 Message Date
Ingolf Wagner
10dbcb8572
⬆️ nix flake update 2025-02-13 21:07:12 +13:00
Ingolf Wagner
1e9d3c08cf
🔨 add devshells.nix 2025-02-13 20:52:49 +13:00
Ingolf Wagner
518d509f47
migrated facts to vars for generator openssh for machine usbstick 2025-02-13 20:51:44 +13:00
Ingolf Wagner
9cc5e08555
migrated facts to vars for generator openssh for machine chungus 2025-02-13 20:51:41 +13:00
Ingolf Wagner
6571a788ea
migrated facts to vars for generator openssh for machine cherry 2025-02-13 20:51:37 +13:00
Ingolf Wagner
b29d70ea9c
migrated facts to vars for generator openssh for machine orbi 2025-02-12 21:55:08 +13:00
Ingolf Wagner
19da47e544
🚧 make nix flake check work 2025-02-12 20:06:52 +13:00
Ingolf Wagner
a6c3212bb1
🔧 fix orbi oci-container nonsense 2025-02-09 19:19:08 +13:00
Ingolf Wagner
fa65a98052
🐛 Don't use jellyseerr so far 2025-02-08 19:37:26 +13:00
Ingolf Wagner
7d68e0bc56
🚚 rename find-service-config to systemctl-find-service-config.sh 2025-02-07 01:05:57 +13:00
Ingolf Wagner
4d76f96a7b
🔧 make forgejo-runner work with docker 2025-02-07 01:05:56 +13:00
Ingolf Wagner
f97483df07
🔧 add i3 sticky command 2025-02-07 01:05:55 +13:00
Forgejo Action :robot
4e70b69f6f ⬆️ nix flake update 2025-02-05 16:07:01 +01:00
Forgejo Action :robot
17fffe0e2f ⬆️ nix flake update 2025-02-05 09:42:48 +01:00
Forgejo Action :robot
f669613121 ⬆️ nix flake update 2025-02-05 03:51:35 +01:00
Forgejo Action :robot
ddec7c7958 ⬆️ nix flake update 2025-02-04 21:40:26 +01:00
Forgejo Action :robot
8c609fd960 ⬆️ nix flake update 2025-02-04 15:50:41 +01:00
Forgejo Action :robot
fafd3c633d ⬆️ nix flake update 2025-02-04 09:42:57 +01:00
Forgejo Action :robot
40862f5a0a ⬆️ nix flake update 2025-02-04 04:19:34 +01:00
Forgejo Action :robot
461bd108e9 ⬆️ nix flake update 2025-02-03 21:55:44 +01:00
Ingolf Wagner
6894dd13bb
🐛 update paperless healthcheck 2025-02-03 21:29:35 +13:00
Ingolf Wagner
71d39e58f2
⬆️ update private-parts 2025-02-03 21:27:19 +13:00
Ingolf Wagner
bf28baffc1
⬆️ update nixos-telemetry 2025-02-03 20:11:48 +13:00
Forgejo Action :robot
ae39a6484c ⬆️ nix flake update 2025-02-03 06:25:38 +01:00
Forgejo Action :robot
610bc615fc ⬆️ nix flake update 2025-02-02 16:07:53 +01:00
Forgejo Action :robot
adb6a8dc80 ⬆️ nix flake update 2025-02-02 09:40:03 +01:00
Forgejo Action :robot
8723159f32 ⬆️ nix flake update 2025-02-02 03:40:07 +01:00
Forgejo Action :robot
877e41e213 ⬆️ nix flake update 2025-02-01 21:41:24 +01:00
Forgejo Action :robot
7940eb2c66 ⬆️ nix flake update 2025-02-01 15:46:30 +01:00
Forgejo Action :robot
65c8b37a2a ⬆️ nix flake update 2025-02-01 09:42:28 +01:00
Forgejo Action :robot
49af990984 ⬆️ nix flake update 2025-01-31 21:40:21 +01:00
Forgejo Action :robot
01e990bd4a ⬆️ nix flake update 2025-01-31 16:05:01 +01:00
Forgejo Action :robot
f2349c9575 ⬆️ nix flake update 2025-01-31 03:55:12 +01:00
Forgejo Action :robot
7703e37732 ⬆️ nix flake update 2025-01-30 21:45:18 +01:00
Forgejo Action :robot
5053442794 ⬆️ nix flake update 2025-01-30 03:41:07 +01:00
Forgejo Action :robot
fbb16a6db2 ⬆️ nix flake update 2025-01-29 21:43:42 +01:00
Forgejo Action :robot
e5926d4711 ⬆️ nix flake update 2025-01-28 17:20:15 +01:00
Forgejo Action :robot
a693cae061 ⬆️ nix flake update 2025-01-28 03:53:15 +01:00
Ingolf Wagner
eafb3c7d5c
introduced private-parts for orbi 2025-01-28 13:51:41 +13:00
Ingolf Wagner
75008eb0c4
podman push git.ingolf-wagner.de/.. works now 2025-01-28 13:51:24 +13:00
Forgejo Action :robot
572c761799 ⬆️ nix flake update 2025-01-27 21:40:03 +01:00
Forgejo Action :robot
a4b56ec543 ⬆️ nix flake update 2025-01-27 15:40:21 +01:00
Forgejo Action :robot
04ddce2d40 ⬆️ nix flake update 2025-01-27 09:46:33 +01:00
Forgejo Action :robot
c82d94cef6 ⬆️ nix flake update 2025-01-27 03:40:06 +01:00
Forgejo Action :robot
9e474eb02b ⬆️ nix flake update 2025-01-26 21:51:04 +01:00
Forgejo Action :robot
6c9dd481d2 ⬆️ nix flake update 2025-01-26 10:15:11 +01:00
Forgejo Action :robot
7562016e1c ⬆️ nix flake update 2025-01-25 21:40:12 +01:00
Forgejo Action :robot
fc97359e5b ⬆️ nix flake update 2025-01-25 15:47:34 +01:00
Forgejo Action :robot
16907811cf ⬆️ nix flake update 2025-01-25 10:09:32 +01:00
Forgejo Action :robot
6a0162714e ⬆️ nix flake update 2025-01-25 03:59:57 +01:00
Ingolf Wagner
da1a2021b1
configure browser plugins 2025-01-22 06:45:22 +13:00
20 changed files with 246 additions and 117 deletions
components
gui
browser.nix
virtualisation
docker.nixpodman.nix
flake.lockflake.nix
homes/palo
i3.nix
machines
chungus
service-paperless-healthchecks.nix
orbi
configuration.nixmedia-arr.nixservice-forgejo-runner.nixservice-forgejo.nix
nix
devshells.nix
packages
default.nix
find-service-config
default.nix
systemctl-find-service-config
default.nixsystemctl-find-service-config.sh
vars/per-machine
cherry/openssh/ssh.id_ed25519.pub
value
chungus/openssh/ssh.id_ed25519.pub
value
orbi/openssh/ssh.id_ed25519.pub
value
usbstick/openssh/ssh.id_ed25519.pub
value

5
components/gui/browser.nix
View file

@ -13,8 +13,9 @@ in
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
"dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
"mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
# "dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
# "mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
# "hnkcfpcejkafcihlgbojoidoihckciin" # Referer Control
];
# overwrite use zram on small RAM systems

1
components/virtualisation/docker.nix
View file

@ -15,6 +15,7 @@ with lib;
config = mkIf config.components.virtualisation.docker.enable {
virtualisation.docker.enable = true;
virtualisation.docker.extraPackages = [ pkgs.zfs ];
};

17
components/virtualisation/podman.nix
View file

@ -12,13 +12,20 @@ with lib;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.podman.enable {
config = mkMerge [
(mkIf config.components.virtualisation.podman.enable {
virtualisation.podman.enable = true;
virtualisation.podman.enable = true;
# make sure /var/lib/containers/storage is a zfs dataset
virtualisation.podman.extraPackages = [ pkgs.zfs ];
# make sure /var/lib/containers/storage is a zfs dataset
virtualisation.podman.extraPackages = [ pkgs.zfs ];
};
})
(mkIf (config.components.virtualisation.podman.enable && (!config.virtualisation.docker.enable)) {
virtualisation.podman.dockerCompat = true;
virtualisation.podman.dockerSocket.enable = true;
})
];
}

218
flake.lock generated
View file

@ -53,16 +53,17 @@
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1735953590,
"narHash": "sha256-YbQwaApLFJobn/0lbpMKcJ8N5axKlW2QIGkDS5+xoSU=",
"lastModified": 1732806396,
"narHash": "sha256-e0bpPySdJf0F68Ndanwm+KWHgQiZ0s7liLhvJSWDNsA=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "c2a1232aa2c0ed27dcbf005779bcfe0e0ab5e85d",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "577fe8125d74ff456cf942c733a85d769afe58b7",
"type": "github"
}
},
@ -81,16 +82,15 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1730374010,
"narHash": "sha256-nEw0d7gbH5vFdr+ps5zlRywzaQ6zjbHFoQLjYyHhIeg=",
"lastModified": 1739430267,
"narHash": "sha256-hBCShC3uV/3uQNtBUuODJkomckhk5YwJ8/L26ZVuOyg=",
"ref": "refs/heads/main",
"rev": "1bd3af310ea074d0ea9de6233376476c6ca9149a",
"revCount": 4535,
"rev": "a22d426b25bd60e80c50780eb349fe096e965f33",
"revCount": 5653,
"type": "git",
"url": "https://git.clan.lol/clan/clan-core"
},
"original": {
"rev": "1bd3af310ea074d0ea9de6233376476c6ca9149a",
"type": "git",
"url": "https://git.clan.lol/clan/clan-core"
}
@ -104,11 +104,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1723143645,
"narHash": "sha256-/71L2ZBM9AmUpEQC19Rf7AxA+BhIquObB8aZDkfVRz8=",
"lastModified": 1739428569,
"narHash": "sha256-uvW5PQqw4+cqjoaoPB/frHY7EjO+ehRryOHAkJKYX5A=",
"owner": "mrvandalo",
"repo": "clan-fact-generators",
"rev": "620c5d3185594b3e2d91e29a7590f44abae4319c",
"rev": "882fc040fcd283044a940a5e11e81a7e86aa76ce",
"type": "github"
},
"original": {
@ -118,6 +118,24 @@
}
},
"devshell": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1735644329,
"narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
"owner": "numtide",
"repo": "devshell",
"rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"nix-topology",
@ -146,11 +164,11 @@
]
},
"locked": {
"lastModified": 1730045523,
"narHash": "sha256-W5Avk1THhZALXITHGazKfZbIZ5+Bc4nSYvAYHUn96EU=",
"lastModified": 1738765162,
"narHash": "sha256-3Z40qHaFScWUCVQrGc4Y+RdoPsh1R/wIh+AN4cTXP0I=",
"owner": "nix-community",
"repo": "disko",
"rev": "89e458a3bb3693e769bfb2b2447c3fe72092d498",
"rev": "ff3568858c54bd306e9e1f2886f0f781df307dff",
"type": "github"
},
"original": {
@ -254,11 +272,11 @@
]
},
"locked": {
"lastModified": 1736143030,
"narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=",
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github"
},
"original": {
@ -597,11 +615,11 @@
]
},
"locked": {
"lastModified": 1737299337,
"narHash": "sha256-0NBrY2A7buujKmeCbieopOMSbLxTu8TFcTLqAbTnQDw=",
"lastModified": 1739416022,
"narHash": "sha256-Af1CIT+XlXEb+Dk11sgPDzJoOUiada2Xoj5hA8TBvLY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "f8ef4541bb8a54a8b52f19b52912119e689529b3",
"rev": "c9d343cfa0565671cc7e8d5aefebaf61cc840abd",
"type": "github"
},
"original": {
@ -633,7 +651,7 @@
"landingpage": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1709213960,
@ -651,7 +669,7 @@
},
"nix-topology": {
"inputs": {
"devshell": "devshell",
"devshell": "devshell_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
@ -659,11 +677,11 @@
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1737125456,
"narHash": "sha256-MHjmUcYO8VT0aDf1AdIsPdcRE7vxdo+TB1gAGpDPP1k=",
"lastModified": 1738246091,
"narHash": "sha256-2+KkZsRO+XlOFbXbRgMZbRtlqn5MBNYj4HNmZ/2Tojg=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "ddee77422129896886ed1a0b32f0e08b882ea99f",
"rev": "5526269fa3eedf4f4bc00c0bf7a03db31d24b029",
"type": "github"
},
"original": {
@ -678,15 +696,15 @@
"flake-parts": "flake-parts_4",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1735024884,
"narHash": "sha256-aoTJqEImmpgsol+TyDASuyHW6tuL7NIS8gusUJ/kxyk=",
"lastModified": 1739018452,
"narHash": "sha256-HC9kugsuRpPdR1dfRV0hTIqAn+PSR9rn8QWCETILI4o=",
"owner": "nix-community",
"repo": "nixos-anywhere",
"rev": "97b45ac774699b1cfd267e98a8bdecb74bace593",
"rev": "e8e5d63e46f99fc75d300fb0d0447456d5057698",
"type": "github"
},
"original": {
@ -697,11 +715,11 @@
},
"nixos-facter-modules": {
"locked": {
"lastModified": 1730026316,
"narHash": "sha256-AzP+trH/ykBJGTx3twkpuwbkhFSmsY1PJDQtRmK4k4c=",
"lastModified": 1736931726,
"narHash": "sha256-aY55yiifyo1XPPpbpH0kWlV1g2dNGBlx6622b7OK8ks=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "15b6531d44aa6f0bbd2fd8309cd2a6d7f183ba32",
"rev": "fa11d87b61b2163efbb9aed7b7a5ae0299e5ab9c",
"type": "github"
},
"original": {
@ -712,11 +730,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1737306472,
"narHash": "sha256-+X9KAryvDsIE7lQ0FdfiD1u33nOVgsgufedqspf77N4=",
"lastModified": 1738816619,
"narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "cb3173dc5c746fa95bca1f035a7e4d2b588894ac",
"rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
"type": "github"
},
"original": {
@ -832,11 +850,11 @@
},
"nixpkgs-legacy_2411": {
"locked": {
"lastModified": 1737299813,
"narHash": "sha256-Qw2PwmkXDK8sPQ5YQ/y/icbQ+TYgbxfjhgnkNJyT1X8=",
"lastModified": 1739206421,
"narHash": "sha256-PwQASeL2cGVmrtQYlrBur0U20Xy07uSWVnFup2PHnDs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "107d5ef05c0b1119749e381451389eded30fb0d5",
"rev": "44534bc021b85c8d78e465021e21f33b856e2540",
"type": "github"
},
"original": {
@ -920,11 +938,11 @@
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1737274611,
"narHash": "sha256-tmD7875tu1P0UvhI3Q/fXvIe8neJo7H9ZrPQ+QF7Q3E=",
"lastModified": 1739392530,
"narHash": "sha256-f9m6q0Z4RdVhPrGr78x+LFSgPkldfatdEdPh6HCN5J4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "50165c4f7eb48ce82bd063e1fb8047a0f515f8ce",
"rev": "dbf733f7a95551ce0767d97dcfb02a0c524b7725",
"type": "github"
},
"original": {
@ -935,6 +953,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722073938,
"narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1645527175,
"narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
@ -949,7 +983,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1734057604,
"narHash": "sha256-EC3eHb8Mk54jnk+C8Mtq2sRAaPJzg6zPvRY6OdNHwSc=",
@ -965,13 +999,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1737274611,
"narHash": "sha256-tmD7875tu1P0UvhI3Q/fXvIe8neJo7H9ZrPQ+QF7Q3E=",
"lastModified": 1739392530,
"narHash": "sha256-f9m6q0Z4RdVhPrGr78x+LFSgPkldfatdEdPh6HCN5J4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "50165c4f7eb48ce82bd063e1fb8047a0f515f8ce",
"rev": "dbf733f7a95551ce0767d97dcfb02a0c524b7725",
"type": "github"
},
"original": {
@ -981,7 +1015,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -995,13 +1029,13 @@
"type": "indirect"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1737274611,
"narHash": "sha256-tmD7875tu1P0UvhI3Q/fXvIe8neJo7H9ZrPQ+QF7Q3E=",
"lastModified": 1739392530,
"narHash": "sha256-f9m6q0Z4RdVhPrGr78x+LFSgPkldfatdEdPh6HCN5J4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "50165c4f7eb48ce82bd063e1fb8047a0f515f8ce",
"rev": "dbf733f7a95551ce0767d97dcfb02a0c524b7725",
"type": "github"
},
"original": {
@ -1034,7 +1068,7 @@
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1688766095,
@ -1086,11 +1120,11 @@
"treefmt-nix": "treefmt-nix_4"
},
"locked": {
"lastModified": 1737257129,
"narHash": "sha256-Q1p7cYn55DOowpq1BXZIJmH6Qs5MLNI2ChwtipQPCQ8=",
"lastModified": 1739081745,
"narHash": "sha256-FGaxXNmvDd6fL22fvbVS9eb+Lr+4UR+xZtkKkUoYuKI=",
"ref": "main",
"rev": "c49ce68e86b0c1e2d8e117596c6d3a11c5854f83",
"revCount": 84,
"rev": "0d764189384d5fa7d9850b4d2f35ed98a0598871",
"revCount": 89,
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
},
@ -1102,11 +1136,11 @@
},
"retiolum": {
"locked": {
"lastModified": 1731340814,
"narHash": "sha256-2SiSp+UV9c45FPeDUUtjiIOMgyOKYAbpO0IEEjkgb54=",
"lastModified": 1737987273,
"narHash": "sha256-WQCLoDbthUO5PcdYDBxZZQgpQbEXab50EcwChkukxN4=",
"owner": "Mic92",
"repo": "retiolum",
"rev": "30c7f45de25bd35641ba09bd7bbde084804f2b61",
"rev": "514fe96610f745435b89355822691b1961dc4857",
"type": "github"
},
"original": {
@ -1119,6 +1153,7 @@
"inputs": {
"clan-core": "clan-core",
"clan-fact-generators": "clan-fact-generators",
"devshell": "devshell",
"flake-parts": "flake-parts_2",
"healthchecks": "healthchecks",
"home-manager": "home-manager",
@ -1127,7 +1162,7 @@
"nix-topology": "nix-topology",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-legacy_2211": "nixpkgs-legacy_2211",
"nixpkgs-legacy_2311": "nixpkgs-legacy_2311",
"nixpkgs-legacy_2405": "nixpkgs-legacy_2405",
@ -1173,35 +1208,33 @@
"nixpkgs": [
"clan-core",
"nixpkgs"
],
"nixpkgs-stable": [
"clan-core"
]
},
"locked": {
"lastModified": 1729999681,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "Mic92",
"lastModified": 1736953253,
"narHash": "sha256-shJxzy7qypjq9hpETQ3gJsBZXO5E3KR0INca/xwiVp4=",
"owner": "pinpox",
"repo": "sops-nix",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"rev": "a7c6e64401b6dde13c0de90230cb64087c9d9693",
"type": "github"
},
"original": {
"owner": "Mic92",
"owner": "pinpox",
"ref": "lazy-assertions",
"repo": "sops-nix",
"type": "github"
}
},
"srvos": {
"inputs": {
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1737334500,
"narHash": "sha256-B7GZrCLJ2ei3OHZOBddmq0b39/uq2mGzaB4jAhI6w7A=",
"lastModified": 1739408661,
"narHash": "sha256-piGA3oWqqJ1O0nh7pr0h4aZRyWBc87UvjpabFZGchRI=",
"owner": "nix-community",
"repo": "srvos",
"rev": "db87013780628b2e8387a3b4ccd3bc7bda0af447",
"rev": "02f6ebf3421677bd8e810814ec6026631136792b",
"type": "github"
},
"original": {
@ -1230,15 +1263,16 @@
"systems": "systems_3",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1737207873,
"narHash": "sha256-XTCuMv753lpm8DvdVf9q2mH3rhlfsKrCUYbaADPC/bA=",
"lastModified": 1739375014,
"narHash": "sha256-0fNbvZ1Dod4rDIfwGnC7CzJ3wRFSF1v5AvNCmNkVgXo=",
"owner": "danth",
"repo": "stylix",
"rev": "51ad2cec11e773a949bdbec88bed2524f098f49a",
"rev": "e86de61bb8f5f2b6459d0be3e3291ad16db4b777",
"type": "github"
},
"original": {
@ -1361,11 +1395,11 @@
"treefmt-nix": "treefmt-nix_7"
},
"locked": {
"lastModified": 1735977305,
"narHash": "sha256-my1stiHZQnGNBGCyOCZp3dR6OeN2En8/IJxq2Dqlxmc=",
"lastModified": 1738566582,
"narHash": "sha256-Sl+0RRf9DpxuBfiXNZkJIfDreRE1JoABhvXVGWNBL+k=",
"owner": "mrvandalo",
"repo": "nixos-telemetry",
"rev": "140d56579d9ae68f9f30f3875402ac44574c576a",
"rev": "d5bb7a31de3e826e43919897b486649fcdc3fb9a",
"type": "github"
},
"original": {
@ -1408,6 +1442,22 @@
"type": "github"
}
},
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1737565458,
"narHash": "sha256-y+9cvOA6BLKT0WfebDsyUpUa/YxKow9hTjBp6HpQv68=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "ae31625ba47aeaa4bf6a98cf11a8d4886f9463d9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
@ -1448,11 +1498,11 @@
]
},
"locked": {
"lastModified": 1729242555,
"narHash": "sha256-6jWSWxv2crIXmYSEb3LEVsFkCkyVHNllk61X4uhqfCs=",
"lastModified": 1738953846,
"narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "d986489c1c757f6921a48c1439f19bfb9b8ecab5",
"rev": "4f09b473c936d41582dd744e19f34ec27592c5fd",
"type": "github"
},
"original": {
@ -1594,11 +1644,11 @@
]
},
"locked": {
"lastModified": 1737103437,
"narHash": "sha256-uPNWcYbhY2fjY3HOfRCR5jsfzdzemhfxLSxwjXYXqNc=",
"lastModified": 1738953846,
"narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "d1ed3b385f8130e392870cfb1dbfaff8a63a1899",
"rev": "4f09b473c936d41582dd744e19f34ec27592c5fd",
"type": "github"
},
"original": {

32
flake.nix
View file

@ -5,7 +5,7 @@
clan-core.inputs.flake-parts.follows = "flake-parts";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
clan-fact-generators.inputs.clan-core.follows = "clan-core";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
@ -49,6 +49,7 @@
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
treefmt-nix.url = "github:numtide/treefmt-nix";
devshell.url = "github:numtide/devshell";
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
@ -62,6 +63,7 @@
inputs@{
clan-core,
clan-fact-generators,
devshell,
flake-parts,
healthchecks,
home-manager,
@ -152,7 +154,7 @@
inherit (self.packages.${system})
otpmenu
nsxiv
find-service-config
systemctl-find-service-config
;
})
];
@ -239,9 +241,9 @@
# yubikey key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
"${config.clan.core.settings.directory}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.settings.directory}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.settings.directory}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
];
environment.systemPackages = [ pkgs.borgbackup ];
};
@ -294,7 +296,7 @@
clan-core.nixosModules.clanCore
telemetry.nixosModules.telemetry
{
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
clan.core.settings.directory = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
}
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
@ -305,7 +307,7 @@
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10;
environment.systemPackages = [ pkgs.find-service-config ];
environment.systemPackages = [ pkgs.systemctl-find-service-config ];
}
)
# My Structure
@ -412,6 +414,7 @@
clan-core.flakeModules.default
healthchecks.flakeModule
./nix/formatter.nix
./nix/devshells.nix
./nix/packages
./nix/topology
];
@ -441,14 +444,14 @@
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
clan.core.settings.machine.description = "Laptop";
}
(
{ config, ... }:
{
# keys only to access cherry
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
"${config.clan.core.settings.directory}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
];
}
)
@ -471,14 +474,14 @@
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
clan.core.settings.machine.description = "Home Server";
}
(
{ config, ... }:
{
# keys only to access chungus
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
"${config.clan.core.settings.directory}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
];
}
)
@ -496,6 +499,7 @@
stylixModules
zerotierModules
srvos.nixosModules.hardware-hetzner-online-intel
private-parts.nixosModules.orbi
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
@ -503,7 +507,7 @@
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
clan.core.settings.machine.description = "Internet Server";
}
];
};
@ -525,7 +529,7 @@
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
clan.core.settings.machine.description = "Dummy Internet Server";
}
];
};
@ -545,7 +549,7 @@
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "USB-Stick for Backup";
clan.core.settings.machine.description = "USB-Stick for Backup";
}
];
};

3
homes/palo/i3.nix
View file

@ -236,6 +236,9 @@ in
"${modifier}+Shift+Up" = "move up";
"${modifier}+Shift+Right" = "move right";
# sticky window toggle
"${modifier}+Shift+s" = "sticky toggle";
"${modifier}+h" = "split h";
"${modifier}+v" = "split v";
"${modifier}+f" = "fullscreen toggle";

2
machines/chungus/service-paperless-healthchecks.nix
View file

@ -8,7 +8,7 @@
{
healthchecks.http.paperless = {
url = "http://paperless.ingolf-wagner.de/accounts/login/?next=/";
url = "http://paperless.chungus.private/accounts/login/?next=/";
expectedContent = "paperless.chungus.private";
};
healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];

3
machines/orbi/configuration.nix
View file

@ -56,6 +56,9 @@
components.network.enable = true;
components.network.nginx.landingpage.enable = false;
components.network.wifi.enable = false;
components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly
components.virtualisation.podman.enable = false;
virtualisation.oci-containers.backend = "docker";
features.network.fail2ban.enable = true;
features.boot.ssh.enable = true;

6
machines/orbi/media-arr.nix
View file

@ -56,9 +56,9 @@
#user = "media";
};
services.jellyseerr = {
enable = true;
};
#services.jellyseerr = {
# enable = true;
#};
services.permown."/media/arr" = {
owner = "media";

30
machines/orbi/service-forgejo-runner.nix
View file

@ -10,9 +10,12 @@ let
in
{
virtualisation.podman.enable = true;
# note:
# I can't for some reason use any run-on: ubuntu-latest (docker container) to build docker contains,
# I have to use native and run the docker commands via `run: docker build ...`.
#
# `run-on: ubuntu-latest` and `docker/login-action` or `docker/build-and-push-action` does not work.
#nix.settings.trusted-users = [ "root" "gitea-runner"];
nix.settings.allowed-users = [
"*"
"gitea-runner"
@ -39,6 +42,10 @@ in
serviceConfig = {
DynamicUser = lib.mkForce false;
};
environment = {
# make docker build output readable
BUILDKIT_PROGRESS = "plain";
};
};
services.gitea-actions-runner = {
@ -49,6 +56,9 @@ in
runner = {
timeout = "12h";
};
#container.network = "host";
#container.network = "bridge";
#container.docker_host = "unix:///var/run/podman/podman.sock";
};
hostPackages = [
pkgs.bash
@ -61,18 +71,30 @@ in
pkgs.wget
pkgs.nix
pkgs.openssh
pkgs.podman
pkgs.docker
];
url = "https://git.ingolf-wagner.de";
tokenFile = config.clan.core.facts.services.gitea-runner.secret."gitea-runner.token".path;
name = "orbi";
labels = [
# The labels of a runner are used to determine which jobs the runner can run, and how to run them.
# Like: "macos-arm64:host" or "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
# Find more images provided by Gitea at https://gitea.com/gitea/runner-images .
# If it's empty when registering, it will ask for inputting labels.
# If it's empty when execute `daemon`, will use labels in `.runner` file.
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
"ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
# provide native execution on the host
"native:host"
# provide a debian base with nodejs for actions
#"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
#"ubuntu-latest:docker://node:18-bullseye"
# provide native execution on the host
"native:host"
];
};
};

3
machines/orbi/service-forgejo.nix
View file

@ -33,6 +33,9 @@ in
"git.ingolf-wagner.de" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 2048M; # 2 GB (adjust as needed), for docker/podman push
'';
locations."/" = {
proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
};

29
nix/devshells.nix Normal file
View file

@ -0,0 +1,29 @@
{ inputs, ... }:
{
imports = [ inputs.devshell.flakeModule ];
perSystem =
{
pkgs,
self',
system,
...
}:
{
devshells.default = {
commands = [
{
help = "example command";
name = "example";
command = "echo 'this is an example command'";
}
];
packages = [
inputs.clan-core.packages.${system}.clan-cli
];
};
};
}

2
nix/packages/default.nix
View file

@ -10,7 +10,7 @@
{
packages.pkl = callPackage ./pkl { };
packages.otpmenu = callPackage ./otpmenu { };
packages.find-service-config = callPackage ./find-service-config { };
packages.systemctl-find-service-config = callPackage ./systemctl-find-service-config { };
#packages.sononym = callPackage ./sononym { };
#packages.sononym-crawler = callPackage ./sononym-crawler { };

3
nix/packages/find-service-config/default.nix
View file

@ -1,3 +0,0 @@
{ pkgs }:
pkgs.writers.writeBashBin "find-service-config" (pkgs.lib.fileContents ./find-service-config.sh)

5
nix/packages/systemctl-find-service-config/default.nix Normal file
View file

@ -0,0 +1,5 @@
{ pkgs }:
pkgs.writers.writeBashBin "sysetmctl-find-service-config" (
pkgs.lib.fileContents ./systemctl-find-service-config.sh
)

0
nix/packages/find-service-config/find-service-config.sh → nix/packages/systemctl-find-service-config/systemctl-find-service-config.sh
View file

1
vars/per-machine/cherry/openssh/ssh.id_ed25519.pub/value Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAlU4UCMW/1l72JdjuRrDnMneAZksrz5SOSIAr4AV1Tp nixbld@cherry

1
vars/per-machine/chungus/openssh/ssh.id_ed25519.pub/value Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOumy/Y6eFZf+z8MqJjh0nWuYMN77qhkcHolkCL6DA2d nixbld@cherry

1
vars/per-machine/orbi/openssh/ssh.id_ed25519.pub/value Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDocsL5ThfjxeV7r0gzUsVtgWr4L7OMuvU8+kyKZB9H6 nixbld@cherry

1
vars/per-machine/usbstick/openssh/ssh.id_ed25519.pub/value Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1Jma/RepkDoEdmc1mwGRvK9r4qr4AplNAdX8V/dAhZ nixbld@cream