palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

...
Sign in to create a new pull request.

72 commits
feature/cl ... main

Author SHA1 Message Date
Ingolf Wagner
bca574d19d
make photoprism available via zerotier 2025-04-03 16:51:17 +02:00
Ingolf Wagner
30168d8aaa
⬆️ update flake.lock 2025-04-03 16:50:57 +02:00
Ingolf Wagner
0404bb5314
🔒 fix firewall configuration because of hetzner mac address problem 2025-04-03 16:50:40 +02:00
Ingolf Wagner
01304d1852
🔧 configure media services to use ipv6 and zerotier 2025-03-28 09:29:27 +01:00
Ingolf Wagner
439912b50b
🔧 enable service access via zerotier 2025-03-25 17:25:36 +01:00
Ingolf Wagner
b5555ac4b4
🔧 manual upgrade bambu studio 2025-03-19 09:29:50 +01:00
Ingolf Wagner
e98f1f8bd0
🚑 try to fix hetzner issues 2025-03-19 09:29:33 +01:00
Ingolf Wagner
ca763d0077
🐛 make virtualbox work again 2025-03-19 09:29:02 +01:00
Ingolf Wagner
009567e423
🔧 add windows folder nextcloud sync 2025-03-11 15:12:31 +01:00
Ingolf Wagner
4f71f39d2d
🔧 set timestamp back to germany 2025-03-11 10:24:58 +01:00
Forgejo Action :robot
14207fd7ea ⬆️ nix flake update 2025-03-01 21:47:25 +01:00
Forgejo Action :robot
ba11783c6a ⬆️ nix flake update 2025-03-01 16:08:42 +01:00
Forgejo Action :robot
4a9e0a232c ⬆️ nix flake update 2025-02-28 21:42:18 +01:00
Forgejo Action :robot
d523076140 ⬆️ nix flake update 2025-02-28 15:46:47 +01:00
Forgejo Action :robot
e06fa19ecd ⬆️ nix flake update 2025-02-28 09:41:32 +01:00
Forgejo Action :robot
bc9e5de27f ⬆️ nix flake update 2025-02-28 03:40:14 +01:00
Ingolf Wagner
e5acd5e0ce
🔧 add atuin healthcheck 2025-02-28 05:55:33 +07:00
Ingolf Wagner
1a95d95576
🎨 nix fmt 2025-02-28 05:40:54 +07:00
Ingolf Wagner
12054828f9
🔧 configure nix fmt 2025-02-28 05:39:33 +07:00
Forgejo Action :robot
0fd2eb288b ⬆️ nix flake update 2025-02-27 21:42:04 +01:00
Forgejo Action :robot
39524b282f ⬆️ nix flake update 2025-02-27 15:45:20 +01:00
Ingolf Wagner
f0bd90c896
🔥 delete old stuff 2025-02-27 18:19:06 +07:00
Forgejo Action :robot
1ed5bf9288 ⬆️ nix flake update 2025-02-27 09:41:18 +01:00
Ingolf Wagner
07f15e92ea
user container-telemetry-non-private-network 2025-02-27 09:54:57 +07:00
Forgejo Action :robot
17ff0c0635 ⬆️ nix flake update 2025-02-27 03:46:09 +01:00
Ingolf Wagner
76f20fb831
🔧 add wireguard ping 2025-02-27 09:29:40 +07:00
Ingolf Wagner
6e74b0e916
🔧 update loki instance_name 2025-02-27 08:16:37 +07:00
Ingolf Wagner
aec360748f
🔧 add fx package for json browsing 2025-02-27 08:16:36 +07:00
Forgejo Action :robot
e208035919 ⬆️ nix flake update 2025-02-26 21:58:40 +01:00
Forgejo Action :robot
ba3503aaed ⬆️ nix flake update 2025-02-26 15:41:35 +01:00
Ingolf Wagner
fa62983e2c
⬆️ use new nixos-telemetry architecture 2025-02-26 14:57:23 +07:00
Ingolf Wagner
e99c573791
🐛 fix bugwarrior pull because of i3 rust bar 2025-02-26 14:56:53 +07:00
Forgejo Action :robot
28b0eff1ca ⬆️ nix flake update 2025-02-26 03:42:08 +01:00
Forgejo Action :robot
e10adad3d8 ⬆️ nix flake update 2025-02-25 21:44:15 +01:00
Forgejo Action :robot
353f593b64 ⬆️ nix flake update 2025-02-25 16:26:32 +01:00
Forgejo Action :robot
86c164e05a ⬆️ nix flake update 2025-02-25 03:52:56 +01:00
Forgejo Action :robot
2fd9434feb ⬆️ nix flake update 2025-02-24 21:39:11 +01:00
Ingolf Wagner
42cdc5b508
🔧 enable mosh ports by default 2025-02-25 02:16:44 +07:00
Forgejo Action :robot
653c14ee0e ⬆️ nix flake update 2025-02-24 03:39:07 +01:00
Forgejo Action :robot
2f2027fe85 ⬆️ nix flake update 2025-02-23 21:39:12 +01:00
Forgejo Action :robot
e8f3287759 ⬆️ nix flake update 2025-02-23 15:46:42 +01:00
Ingolf Wagner
077c53e67f
🐛 atuin daemon seems not to work for user root 2025-02-23 17:16:25 +07:00
Ingolf Wagner
eca1792a70
🗑️ get rid of tinc-retiolum 2025-02-23 16:26:59 +07:00
Forgejo Action :robot
cecbc8f708 ⬆️ nix flake update 2025-02-23 09:59:57 +01:00
Ingolf Wagner
1b99e1b09d
🗑️ get rid of legacy packages 2025-02-23 12:38:57 +07:00
Ingolf Wagner
574fffb715
🗑️ get rid of legacy packages 2025-02-23 12:16:08 +07:00
Ingolf Wagner
e72cb6241f
🗑️ bump logseq version 2025-02-23 10:00:38 +07:00
Ingolf Wagner
c7ba3deafe
🗑️ clean up legacy packages 2025-02-23 09:52:57 +07:00
Ingolf Wagner
e9583eae10
🐛 fix stylix qt problem. Don't know why the default is ignored 2025-02-23 09:39:30 +07:00
Ingolf Wagner
7adc65f482
🐛 fix build error related to sway lock 2025-02-22 09:07:22 +07:00
Ingolf Wagner
ba7c206479
✏️ fix systemctl-find-service-config typo 2025-02-19 13:47:54 +07:00
Ingolf Wagner
8beb5617d4
📦 install healthchecks package 2025-02-19 13:47:32 +07:00
Ingolf Wagner
5cf4010bcf
🔥 disable zellij 2025-02-18 18:53:10 +07:00
Ingolf Wagner
8e873ecd9c
🔧 update timezone 2025-02-18 23:06:21 +13:00
Ingolf Wagner
bc05c958d7
🔧 enable audio again 2025-02-18 22:57:36 +13:00
Ingolf Wagner
e1cb5e8f57
⬆️ nixos-unstable-small -> nixpkgs-unstable 2025-02-18 21:29:05 +13:00
Ingolf Wagner
a83bbcb9bd
🐛 fix taskwarrior flake package installation mistake 2025-02-18 20:03:37 +13:00
Ingolf Wagner
99d8b79580
🐛 don't override taskwarrior flake inputs 2025-02-18 19:17:53 +13:00
Ingolf Wagner
b838caa222
🔧 sharpen the xorg component a bit 2025-02-18 17:08:58 +13:00
Ingolf Wagner
9e96d809d3
🔥 get rid of not used tools 2025-02-17 22:48:53 +13:00
Ingolf Wagner
55eaa80e98
⬆️ update nixos-healthchecks 2025-02-16 16:26:42 +13:00
Ingolf Wagner
3aacad45f3
🐛 fix wireguard forwarding 2025-02-16 16:26:18 +13:00
Ingolf Wagner
f721410bdd
install nixos-healthchecks 2025-02-14 23:36:56 +13:00
Ingolf Wagner
9a33ca1283
nix-serve -> harmonia for nix-cache 2025-02-14 21:46:45 +13:00
Ingolf Wagner
83ef3a0b9b
⬆️ update nixos-healthchecks 2025-02-14 21:46:14 +13:00
Ingolf Wagner
8c839e282d
🔧 remove vsync because it does not work 2025-02-14 20:32:09 +13:00
Ingolf Wagner
a7b0ddfa5d
🩹 fix pulseaudio warning 2025-02-14 20:16:23 +13:00
Ingolf Wagner
ea82349a38
🐛 remove handbreak because it's broken 2025-02-14 19:56:52 +13:00
Ingolf Wagner
3dad841848
🐛 remove simplescreenrecorder because it's broken 2025-02-14 19:56:51 +13:00
Ingolf Wagner
8807164c20
🐛 remove obs-studio because it's broken 2025-02-14 19:56:50 +13:00
Ingolf Wagner
25e0fd8212
🐛 remove xtrlock-pam because it's broken 2025-02-14 19:56:49 +13:00
Ingolf Wagner
7a3a6f3498
introduce vsync for intel graphic cards 2025-02-14 19:56:46 +13:00
74 changed files with 825 additions and 1015 deletions

2
components/chaospott.nix
View file

@ -13,7 +13,7 @@ with lib;
}; };
config = mkIf (config.components.chaospott.enable && config.components.gui.audio.enable) { config = mkIf (config.components.chaospott.enable && config.components.gui.audio.enable) {
hardware.pulseaudio.zeroconf.discovery.enable = true; services.pulseaudio.zeroconf.discovery.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
paprefs paprefs
]; ];

21
components/gui/audio.nix
View file

@ -12,12 +12,10 @@ with lib;
default = config.components.gui.enable; default = config.components.gui.enable;
}; };
config = mkIf (config.components.gui.audio.enable) { config = mkMerge [
(mkIf (config.components.gui.audio.enable) {
security.rtkit.enable = true; security.rtkit.enable = true;
hardware.pulseaudio.enable = false;
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
@ -34,7 +32,7 @@ with lib;
]; ];
services.pipewire = { services.pipewire = {
enable = true; #enable = true;
systemWide = true; systemWide = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
@ -52,5 +50,16 @@ with lib;
} }
''; '';
}; };
}; })
{
# this is always true
# seems other options enable this one
services.pipewire.enable = config.components.gui.audio.enable;
services.pulseaudio.enable = false;
}
];
} }

1
components/gui/default.nix
View file

@ -16,6 +16,7 @@ with lib;
./browser.nix ./browser.nix
./cups.nix ./cups.nix
./home-manager ./home-manager
./kde.nix
./kmonad.nix ./kmonad.nix
./noti.nix # todo: make this different (use password store and such) ./noti.nix # todo: make this different (use password store and such)
./pass.nix ./pass.nix

19
components/gui/kde.nix Normal file
View file

@ -0,0 +1,19 @@
{
config,
pkgs,
lib,
...
}:
{
options.components.gui.kde.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = lib.mkIf (config.components.gui.kde.enable) {
services.desktopManager.plasma6.enable = true;
};
}

43
components/gui/xorg/default.nix
View file

@ -14,30 +14,41 @@ with lib;
default = config.components.gui.enable; default = config.components.gui.enable;
}; };
config = mkIf (config.components.gui.xorg.enable && config.components.gui.enable) { options.components.gui.xorg.lightdm.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.xorg.enable;
};
options.components.gui.xorg.sddm.enable = mkOption {
type = lib.types.bool;
default = !config.components.gui.xorg.lightdm.enable;
};
config = mkMerge [
(mkIf (config.components.gui.xorg.lightdm.enable && config.components.gui.xorg.enable) {
# system.custom.fonts.enable = true;
services.displayManager = { services.displayManager = {
defaultSession = lib.mkDefault "none+i3"; defaultSession = "none+i3";
autoLogin.enable = lib.mkDefault true; autoLogin.enable = lib.mkDefault true;
autoLogin.user = config.users.users.mainUser.name; autoLogin.user = config.users.users.mainUser.name;
}; };
services.xserver = { services.xserver.displayManager.lightdm.enable = true;
enable = true; })
displayManager = { (mkIf (config.components.gui.xorg.sddm.enable && config.components.gui.xorg.enable) {
lightdm.enable = lib.mkDefault true;
};
desktopManager.xterm.enable = false; services.xserver.displayManager.sddm.enable = true;
windowManager.i3.enable = true;
# mouse/touchpad })
# --------------
}; (mkIf (config.components.gui.xorg.enable && config.components.gui.enable) {
services.xserver.enable = true;
services.xserver.windowManager.i3.enable = true;
services.libinput = { services.libinput = {
enable = true; enable = true;
@ -56,7 +67,7 @@ with lib;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
xclip xclip
xtrlock-pam #xtrlock-pam
xorg.xev xorg.xev
dmenu dmenu
@ -81,5 +92,7 @@ with lib;
''; '';
environment.etc."/X11/Xresource.d/.keep".text = ""; environment.etc."/X11/Xresource.d/.keep".text = "";
}; })
];
} }

8
components/media/video.nix
View file

@ -136,7 +136,7 @@ in
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.obs-studio = { programs.obs-studio = {
enable = true; enable = false;
plugins = with pkgs.obs-studio-plugins; [ plugins = with pkgs.obs-studio-plugins; [
obs-backgroundremoval obs-backgroundremoval
obs-vaapi obs-vaapi
@ -161,17 +161,17 @@ in
# obs studio stuff # obs studio stuff
obs-cli obs-cli
v4l-utils v4l-utils
obs-cmd #obs-cmd
# to record your screen # to record your screen
# --------------------- # ---------------------
simplescreenrecorder #simplescreenrecorder
screenKey screenKey
#obs-studio #obs-studio
# to transcode video material # to transcode video material
# --------------------------- # ---------------------------
handbrake # handbrake
ffmpeg-full ffmpeg-full
]; ];

21
components/monitor/container.nix
View file

@ -1,21 +0,0 @@
{
lib,
config,
inputs,
...
}:
with lib;
with types;
{
imports = [
../timezone.nix
];
config = {
telemetry.enable = mkDefault true;
telemetry.metrics.enable = mkDefault false;
telemetry.opentelemetry.enable = false;
services.journald.extraConfig = "SystemMaxUse=1G";
};
}

17
components/network/sshd/default.nix
View file

@ -36,6 +36,13 @@ in
make sure ssh is only available trough the tinc make sure ssh is only available trough the tinc
''; '';
}; };
allowMosh = mkOption {
type = bool;
default = true;
description = ''
make mosh port available
'';
};
}; };
config = mkMerge [ config = mkMerge [
@ -69,6 +76,16 @@ in
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0 iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
''; '';
}) })
(mkIf (cfg.allowMosh && cfg.enable) {
networking.firewall.allowedUDPPortRanges = [
{
from = 60000;
to = 61000;
}
];
})
]; ];
} }

11
components/virtualisation/virtualbox.nix
View file

@ -14,10 +14,13 @@ with lib;
config = mkIf config.components.virtualisation.virtualbox.enable { config = mkIf config.components.virtualisation.virtualbox.enable {
virtualisation.virtualbox = { virtualisation.virtualbox.host.enable = true;
host.enable = true; virtualisation.virtualbox.host.enableExtensionPack = true;
guest.enable = true; virtualisation.virtualbox.guest.enable = true;
}; virtualisation.virtualbox.guest.dragAndDrop = true;
# https://discourse.nixos.org/t/issue-with-virtualbox-in-24-11/57607/2
boot.kernelParams = [ "kvm.enable_virt_at_load=0" ];
users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ]; users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ];

399
flake.lock generated
View file

@ -82,11 +82,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1739259543, "lastModified": 1740718722,
"narHash": "sha256-AW5UFLVstsfzTUVRJGJLmyhc9wDxo/1aROjsawEBD/c=", "narHash": "sha256-QhvkAvtgwZl89/7FjCFe+frxGxdQhYNfqc2+ymFdfcA=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "15e8df894e8ca457dadb8953750b28363f1bae6c", "rev": "bcd6c7108afbc692b0b3bd39299fa153eefe1104",
"revCount": 5648, "revCount": 5739,
"type": "git", "type": "git",
"url": "https://git.clan.lol/clan/clan-core" "url": "https://git.clan.lol/clan/clan-core"
}, },
@ -104,11 +104,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1723143645, "lastModified": 1739428569,
"narHash": "sha256-/71L2ZBM9AmUpEQC19Rf7AxA+BhIquObB8aZDkfVRz8=", "narHash": "sha256-uvW5PQqw4+cqjoaoPB/frHY7EjO+ehRryOHAkJKYX5A=",
"owner": "mrvandalo", "owner": "mrvandalo",
"repo": "clan-fact-generators", "repo": "clan-fact-generators",
"rev": "620c5d3185594b3e2d91e29a7590f44abae4319c", "rev": "882fc040fcd283044a940a5e11e81a7e86aa76ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -156,6 +156,24 @@
"type": "github" "type": "github"
} }
}, },
"devshell_3": {
"inputs": {
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1735644329,
"narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=",
"owner": "numtide",
"repo": "devshell",
"rev": "f7795ede5b02664b57035b3b757876703e2c3eac",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -164,11 +182,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738765162, "lastModified": 1739634831,
"narHash": "sha256-3Z40qHaFScWUCVQrGc4Y+RdoPsh1R/wIh+AN4cTXP0I=", "narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "ff3568858c54bd306e9e1f2886f0f781df307dff", "rev": "fa5746ecea1772cf59b3f34c5816ab3531478142",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -202,11 +220,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1736899990, "lastModified": 1739223196,
"narHash": "sha256-S79Hqn2EtSxU4kp99t8tRschSifWD4p/51++0xNWUxw=", "narHash": "sha256-vAxN2f3rvl5q62gQQjZGVSvF93nAsOxntuFz+e/655w=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "91ca1f82d717b02ceb03a3f423cbe8082ebbb26d", "rev": "a89108e6272426f4eddd93ba17d0ea101c34fb21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -232,7 +250,6 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
@ -362,14 +379,18 @@
}, },
"flake-parts_7": { "flake-parts_7": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_5" "nixpkgs-lib": [
"stylix",
"nur",
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1726153070, "lastModified": 1733312601,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=", "narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a", "rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -379,6 +400,24 @@
} }
}, },
"flake-parts_8": { "flake-parts_8": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_5"
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_9": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_6" "nixpkgs-lib": "nixpkgs-lib_6"
}, },
@ -512,11 +551,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735882644, "lastModified": 1737465171,
"narHash": "sha256-3FZAG+pGt3OElQjesCAWeMkQ7C/nB1oTHLRQ8ceP110=", "narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "a5a961387e75ae44cc20f0a57ae463da5e959656", "rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -595,11 +634,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1729744850, "lastModified": 1739947726,
"narHash": "sha256-2tggkyfZKEHPsubKxqW1KhN9vzNJVpxLdFtyaFNTJR0=", "narHash": "sha256-5GUrVccTk1iIuM7JbJsTqM57Etxek9ebo6e+loQadus=",
"owner": "mrvandalo", "owner": "mrvandalo",
"repo": "nixos-healthchecks", "repo": "nixos-healthchecks",
"rev": "22119198994f20ba6d68efa2c1106aae83d74a8f", "rev": "45da1993e4b568590170cee8d70e7c2266b2f536",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -615,11 +654,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738753876, "lastModified": 1740845322,
"narHash": "sha256-yXT82kERWL4R81hfun9BuT478Q6ut0dJzdQjAxjRS38=", "narHash": "sha256-AXEgFj3C0YJhu9k1OhbRhiA6FnDr81dQZ65U3DhaWpw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f20b7a8ab527a2482f13754dc00b2deaddc34599", "rev": "fcac3d6d88302a5e64f6cb8014ac785e08874c8d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -700,11 +739,11 @@
"treefmt-nix": "treefmt-nix_3" "treefmt-nix": "treefmt-nix_3"
}, },
"locked": { "locked": {
"lastModified": 1738399995, "lastModified": 1740657886,
"narHash": "sha256-2s+b7M2UayudwHQTVSo2RSF1sKbasqCXHYbE3XStVVI=", "narHash": "sha256-7kHxBQuzb7gcHzVmLGljJ4kF6BDDSYVCIxYFDmYPnAo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-anywhere", "repo": "nixos-anywhere",
"rev": "d4a3ecf32bd3cc9d243e0a2f37de91bc84b14216", "rev": "77e6a4e14baa93a29952ea9f0e4a59a29cca09e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -715,11 +754,11 @@
}, },
"nixos-facter-modules": { "nixos-facter-modules": {
"locked": { "locked": {
"lastModified": 1736931726, "lastModified": 1738752252,
"narHash": "sha256-aY55yiifyo1XPPpbpH0kWlV1g2dNGBlx6622b7OK8ks=", "narHash": "sha256-/nA3tDdp/2g0FBy8966ppC2WDoyXtUWaHkZWL+N3ZKc=",
"owner": "numtide", "owner": "numtide",
"repo": "nixos-facter-modules", "repo": "nixos-facter-modules",
"rev": "fa11d87b61b2163efbb9aed7b7a5ae0299e5ab9c", "rev": "60f8b8f3f99667de6a493a44375e5506bf0c48b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -730,11 +769,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1738638143, "lastModified": 1740646007,
"narHash": "sha256-ZYMe4c4OCtIUBn5hx15PEGr0+B1cNEpl2dsaLxwY2W0=", "narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9bdd53f5908453e4d03f395eb1615c3e9a351f70", "rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -755,11 +794,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734098258, "lastModified": 1740452541,
"narHash": "sha256-3mzGstXtPqt+zWzXqesgQ2haEI6LNCFhc/uU3Bcj6Ak=", "narHash": "sha256-aa5gPveHysMTVkxj+0iH0BdcSn8+v8lZPud+IItOSaQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-images", "repo": "nixos-images",
"rev": "231f5f6370e78d04675c9fa8199be6c3b1b85773", "rev": "283bbacb81bd2c1a7b89f33e011ecabe398a564e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -800,70 +839,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-legacy_2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-legacy_2311": {
"locked": {
"lastModified": 1720535198,
"narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-legacy_2405": {
"locked": {
"lastModified": 1735563628,
"narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-legacy_2411": {
"locked": {
"lastModified": 1738702386,
"narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1717284937, "lastModified": 1717284937,
@ -914,14 +889,14 @@
}, },
"nixpkgs-lib_5": { "nixpkgs-lib_5": {
"locked": { "locked": {
"lastModified": 1725233747, "lastModified": 1738452942,
"narHash": "sha256-Ss8QWLXdr2JCBPcYChJhz4xJm+h/xjl4G0c0XlP6a74=", "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/356624c12086a18f2ea2825fed34523d60ccc4e3.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
} }
}, },
"nixpkgs-lib_6": { "nixpkgs-lib_6": {
@ -938,11 +913,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1738758495, "lastModified": 1740848276,
"narHash": "sha256-CZ8T4vP3ag2hwkpSZjatxJb55ouszvmnWw09qxGW9TU=", "narHash": "sha256-bYeI3FEs824X+MJYksKboNlmglehzplqzn+XvcojWMc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ceaea203f3ae1787b1bd13f021f686391696fc5b", "rev": "e9b0ff70ddc61c42548501b0fafb86bb49cca858",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1001,16 +976,16 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1738758495, "lastModified": 1740791350,
"narHash": "sha256-CZ8T4vP3ag2hwkpSZjatxJb55ouszvmnWw09qxGW9TU=", "narHash": "sha256-igS2Z4tVw5W/x3lCZeeadt0vcU9fxtetZ/RyrqsCRQ0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ceaea203f3ae1787b1bd13f021f686391696fc5b", "rev": "199169a2135e6b864a888e89a2ace345703c025d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-unstable-small", "ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -1031,11 +1006,11 @@
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1738178544, "lastModified": 1740301968,
"narHash": "sha256-UbM+zJFlze877N5j2YMLKYFX7t05VvmuNX2M0vJ7RfI=", "narHash": "sha256-eDAiNagpMExcLoSIgjdef2ZYyvjuy1VTF8r9OZXCMGc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "975ac0ab33ee7fea64842047a96f5d679d90913c", "rev": "b7fe81518095c48a8ba94fc7cfe5c0fc8370851b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1045,6 +1020,61 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": {
"locked": {
"lastModified": 1740367490,
"narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1722073938,
"narHash": "sha256-OpX0StkL8vpXyWOGUD6G+MA26wAXK6SpT94kLJXo6B4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e36e9f57337d0ff0cf77aceb58af4c805472bfae",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_7",
"nixpkgs": [
"stylix",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_6"
},
"locked": {
"lastModified": 1740408283,
"narHash": "sha256-2xECnhgF3MU9YjmvOkrRp8wRFo2OjjewgCtlfckhL5s=",
"owner": "nix-community",
"repo": "NUR",
"rev": "496a4a11162bdffb9a7b258942de138873f019f7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NUR",
"type": "github"
}
},
"permown": { "permown": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -1120,11 +1150,11 @@
"treefmt-nix": "treefmt-nix_4" "treefmt-nix": "treefmt-nix_4"
}, },
"locked": { "locked": {
"lastModified": 1739081745, "lastModified": 1743686840,
"narHash": "sha256-FGaxXNmvDd6fL22fvbVS9eb+Lr+4UR+xZtkKkUoYuKI=", "narHash": "sha256-233lgDM2Jnmfq85LK4vwq+bVLHCvs76fHHEHD6W7/fs=",
"ref": "main", "ref": "main",
"rev": "0d764189384d5fa7d9850b4d2f35ed98a0598871", "rev": "b6239a1dcf31962426f28eab4b7f834a5025cea0",
"revCount": 89, "revCount": 90,
"type": "git", "type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git" "url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
}, },
@ -1134,21 +1164,6 @@
"url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git" "url": "ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git"
} }
}, },
"retiolum": {
"locked": {
"lastModified": 1737987273,
"narHash": "sha256-WQCLoDbthUO5PcdYDBxZZQgpQbEXab50EcwChkukxN4=",
"owner": "Mic92",
"repo": "retiolum",
"rev": "514fe96610f745435b89355822691b1961dc4857",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "retiolum",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"clan-core": "clan-core", "clan-core": "clan-core",
@ -1163,21 +1178,16 @@
"nixos-anywhere": "nixos-anywhere", "nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_5",
"nixpkgs-legacy_2211": "nixpkgs-legacy_2211",
"nixpkgs-legacy_2311": "nixpkgs-legacy_2311",
"nixpkgs-legacy_2405": "nixpkgs-legacy_2405",
"nixpkgs-legacy_2411": "nixpkgs-legacy_2411",
"nixpkgs-unstable-small": "nixpkgs-unstable-small", "nixpkgs-unstable-small": "nixpkgs-unstable-small",
"permown": "permown", "permown": "permown",
"polygon-art": "polygon-art", "polygon-art": "polygon-art",
"private-parts": "private-parts", "private-parts": "private-parts",
"retiolum": "retiolum",
"share-http": "share-http", "share-http": "share-http",
"srvos": "srvos", "srvos": "srvos",
"stylix": "stylix", "stylix": "stylix",
"taskwarrior": "taskwarrior", "taskwarrior": "taskwarrior",
"telemetry": "telemetry", "telemetry": "telemetry",
"treefmt-nix": "treefmt-nix_8" "treefmt-nix": "treefmt-nix_9"
} }
}, },
"share-http": { "share-http": {
@ -1230,11 +1240,11 @@
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1738198321, "lastModified": 1740358604,
"narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=", "narHash": "sha256-Wi87Dx5j8JH+ETlU0zrPSAe7zD2wQkEY6DtITCeyOdI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "srvos", "repo": "srvos",
"rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079", "rev": "b3065811ae1c822b856af8a254e07703172a0e76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1260,18 +1270,20 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nur": "nur",
"systems": "systems_3", "systems": "systems_3",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
"tinted-tmux": "tinted-tmux", "tinted-tmux": "tinted-tmux",
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1738611626, "lastModified": 1740769934,
"narHash": "sha256-IgjqlYPaS8Bg+jc6a691w27XDFhBeM7gkP4eDcR2EBs=", "narHash": "sha256-iyxUwII/NQNClT77VqQiDpaXJz1r0Z8tNVxgY64mLak=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "d513f59da5856978c363d2f82103f708f4a6024d", "rev": "de4ee5899042801b62f988687acd454d4d411075",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1364,19 +1376,17 @@
}, },
"taskwarrior": { "taskwarrior": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_7", "flake-parts": "flake-parts_8",
"nixpkgs": [ "nixpkgs": "nixpkgs_8",
"nixpkgs"
],
"taskshell": "taskshell", "taskshell": "taskshell",
"treefmt-nix": "treefmt-nix_6" "treefmt-nix": "treefmt-nix_7"
}, },
"locked": { "locked": {
"lastModified": 1727417586, "lastModified": 1740648759,
"narHash": "sha256-z3ahlvbUWENgrvatJYd7FtPL0OoV4E+zNZiBzRx9S1E=", "narHash": "sha256-sIgoU5sXAISeQwvpkW9f8h4uKmTT1okuDEqIihYo5zw=",
"owner": "mrvandalo", "owner": "mrvandalo",
"repo": "taskwarrior-flake", "repo": "taskwarrior-flake",
"rev": "9433b3b1c4afb18c554d067fadf37d979b129b09", "rev": "927ebf78a525272616028cf8e9973bfdc0c5a0cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1387,18 +1397,19 @@
}, },
"telemetry": { "telemetry": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_8", "devshell": "devshell_3",
"flake-parts": "flake-parts_9",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"treefmt-nix": "treefmt-nix_7" "treefmt-nix": "treefmt-nix_8"
}, },
"locked": { "locked": {
"lastModified": 1738566582, "lastModified": 1740624189,
"narHash": "sha256-Sl+0RRf9DpxuBfiXNZkJIfDreRE1JoABhvXVGWNBL+k=", "narHash": "sha256-GET3URhKXO5uq62tAPr9xSe6fSco1m0+p1UvK9iAukM=",
"owner": "mrvandalo", "owner": "mrvandalo",
"repo": "nixos-telemetry", "repo": "nixos-telemetry",
"rev": "d5bb7a31de3e826e43919897b486649fcdc3fb9a", "rev": "bb8713fc2cd19c316c051fa1e643a36531c12364",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1441,14 +1452,30 @@
"type": "github" "type": "github"
} }
}, },
"tinted-schemes": {
"flake": false,
"locked": {
"lastModified": 1740351358,
"narHash": "sha256-Hdk850xgAd3DL8KX0AbyU7tC834d3Lej1jOo3duWiOA=",
"owner": "tinted-theming",
"repo": "schemes",
"rev": "a1bc2bd89e693e7e3f5764cfe8114e2ae150e184",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "schemes",
"type": "github"
}
},
"tinted-tmux": { "tinted-tmux": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1735737224, "lastModified": 1740272597,
"narHash": "sha256-FO2hRBkZsjlIRqzNHCPc/52yxg11kHGA8MEtSun9RwE=", "narHash": "sha256-/etfUV3HzAaLW3RSJVwUaW8ULbMn3v6wbTlXSKbcoWQ=",
"owner": "tinted-theming", "owner": "tinted-theming",
"repo": "tinted-tmux", "repo": "tinted-tmux",
"rev": "aead506a9930c717ebf81cc83a2126e9ca08fa64", "rev": "b6c7f46c8718cc484f2db8b485b06e2a98304cd0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1481,11 +1508,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1738953846, "lastModified": 1739829690,
"narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=", "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "4f09b473c936d41582dd744e19f34ec27592c5fd", "rev": "3d0579f5cc93436052d94b73925b48973a104204",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1581,16 +1608,17 @@
"treefmt-nix_6": { "treefmt-nix_6": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"taskwarrior", "stylix",
"nur",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1727252110, "lastModified": 1733222881,
"narHash": "sha256-3O7RWiXpvqBcCl84Mvqa8dXudZ1Bol1ubNdSmQt7nF4=", "narHash": "sha256-JIPcz1PrpXUCbaccEnrcUS8jjEb/1vJbZz5KkobyFdM=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "1bff2ba6ec22bc90e9ad3f7e94cca0d37870afa3", "rev": "49717b5af6f80172275d47a418c9719a31a78b53",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1600,6 +1628,27 @@
} }
}, },
"treefmt-nix_7": { "treefmt-nix_7": {
"inputs": {
"nixpkgs": [
"taskwarrior",
"nixpkgs"
]
},
"locked": {
"lastModified": 1739829690,
"narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3d0579f5cc93436052d94b73925b48973a104204",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_8": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"telemetry", "telemetry",
@ -1620,18 +1669,18 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix_8": { "treefmt-nix_9": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1738680491, "lastModified": 1739829690,
"narHash": "sha256-8X7tR3kFGkE7WEF5EXVkt4apgaN85oHZdoTGutCFs6I=", "narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "64dbb922d51a42c0ced6a7668ca008dded61c483", "rev": "3d0579f5cc93436052d94b73925b48973a104204",
"type": "github" "type": "github"
}, },
"original": { "original": {

52
flake.nix
View file

@ -22,26 +22,20 @@
nix-topology.url = "github:oddlama/nix-topology"; nix-topology.url = "github:oddlama/nix-topology";
nixos-anywhere.url = "github:nix-community/nixos-anywhere"; nixos-anywhere.url = "github:nix-community/nixos-anywhere";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
permown.inputs.nixpkgs.follows = "nixpkgs"; permown.inputs.nixpkgs.follows = "nixpkgs";
permown.url = "github:mrVanDalo/module.permown"; permown.url = "github:mrVanDalo/module.permown";
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main"; private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts"; #private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
retiolum.url = "github:Mic92/retiolum";
share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main"; share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
srvos.url = "github:nix-community/srvos"; srvos.url = "github:nix-community/srvos";
stylix.inputs.home-manager.follows = "home-manager"; stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs"; stylix.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix"; stylix.url = "github:danth/stylix";
taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
taskwarrior.url = "github:mrvandalo/taskwarrior-flake"; taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake"; #taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
telemetry.inputs.nixpkgs.follows = "nixpkgs"; telemetry.inputs.nixpkgs.follows = "nixpkgs";
@ -73,15 +67,10 @@
nixos-anywhere, nixos-anywhere,
nixos-hardware, nixos-hardware,
nixpkgs, nixpkgs,
nixpkgs-legacy_2211,
nixpkgs-legacy_2311,
nixpkgs-legacy_2405,
nixpkgs-legacy_2411,
nixpkgs-unstable-small, nixpkgs-unstable-small,
permown, permown,
polygon-art, polygon-art,
private-parts, private-parts,
retiolum,
self, self,
share-http, share-http,
srvos, srvos,
@ -125,24 +114,6 @@
inherit allowUnfree permittedInsecurePackages; inherit allowUnfree permittedInsecurePackages;
}; };
}; };
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
polygon-art = polygon-art.packages.${system}; polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain; landingpage = landingpage.packages.${system}.plain;
share-via-http = share-http.packages.${system}.default; share-via-http = share-http.packages.${system}.default;
@ -151,6 +122,7 @@
tasksh tasksh
taskwarrior-hooks taskwarrior-hooks
; ;
healthchecks = self.packages.${system}.healthchecks;
inherit (self.packages.${system}) inherit (self.packages.${system})
otpmenu otpmenu
nsxiv nsxiv
@ -301,13 +273,15 @@
# inputs.stylix.nixosModules.stylix # fixme: not working # inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown permown.nixosModules.permown
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working
]; ];
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10; boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10; boot.loader.grub.configurationLimit = lib.mkDefault 10;
environment.systemPackages = [ pkgs.systemctl-find-service-config ]; environment.systemPackages = [
pkgs.systemctl-find-service-config
pkgs.healthchecks
];
} }
) )
# My Structure # My Structure
@ -315,12 +289,6 @@
./features ./features
./modules # todo : spread this across features and components ./modules # todo : spread this across features and components
#./system/all # todo : spread this across features and components #./system/all # todo : spread this across features and components
(
{ lib, pkgs, ... }:
{
telemetry.netdata.enable = false;
}
)
# some modules I always use # some modules I always use
telemetry.nixosModules.telemetry telemetry.nixosModules.telemetry
@ -353,6 +321,8 @@
# https://github.com/danth/stylix/issues/543 # https://github.com/danth/stylix/issues/543
stylix.targets.hyprpaper.enable = lib.mkForce false; stylix.targets.hyprpaper.enable = lib.mkForce false;
stylix.targets.hyprland.enable = lib.mkForce false; stylix.targets.hyprland.enable = lib.mkForce false;
stylix.targets.swaylock.enable = lib.mkForce false;
stylix.targets.qt.platform = "qtct";
# running into strange problems # running into strange problems
# fixme: remove if possible # fixme: remove if possible
@ -373,10 +343,6 @@
name = "JetBrains Mono"; name = "JetBrains Mono";
}; };
emoji = config.stylix.fonts.monospace; emoji = config.stylix.fonts.monospace;
# emoji = {
# package = pkgs.noto-fonts-emoji;
# name = "Noto Color Emoji";
# };
sizes.popups = 15; sizes.popups = 15;
}; };
}; };
@ -434,7 +400,6 @@
healthchecks.nixosModules.default healthchecks.nixosModules.default
zerotierModules zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry private-parts.nixosModules.cherry
homeManagerModules homeManagerModules
stylixModules stylixModules
@ -467,7 +432,6 @@
zerotierControllerModule zerotierControllerModule
homeManagerModules homeManagerModules
stylixModules stylixModules
retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus private-parts.nixosModules.chungus
{ {
home-manager.users.mainUser = import ./homes/palo; home-manager.users.mainUser = import ./homes/palo;

3
homes/common/default.nix
View file

@ -1,13 +1,14 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [ imports = [
./editor.nix ./editor.nix
./network.nix ./network.nix
#./oh-my-posh
./starship-rs ./starship-rs
./packages.nix ./packages.nix
./terminal.nix ./terminal.nix
./zfs.nix ./zfs.nix
]; ];
options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?"; options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
} }

5
homes/common/editor.nix
View file

@ -4,7 +4,6 @@
enable = true; enable = true;
defaultEditor = lib.mkDefault true; defaultEditor = lib.mkDefault true;
}; };
programs.helix = { # enable = true;
enable = true; #};
};
} }

15
homes/common/oh-my-posh/default.nix
View file

@ -1,15 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
programs.oh-my-posh = {
enable = true;
# https://ohmyposh.dev/docs/themes
#useTheme = "gmay"; # ganz nice, aber farben sind ein bisl schrill
settings = builtins.fromJSON (builtins.readFile ./gmay.json);
};
}

121
homes/common/oh-my-posh/gmay.json
View file

@ -1,121 +0,0 @@
{
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
"blocks": [
{
"alignment": "left",
"segments": [
{
"background": "#076678",
"foreground": "#EBDBB2",
"leading_diamond": "\ue0b6",
"style": "diamond",
"template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
"type": "os"
},
{
"background": "#AF3A03",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " \uf0e7 ",
"type": "root"
},
{
"background": "#076678",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ",
"type": "session"
},
{
"background": "#B57614",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"style": "full"
},
"style": "powerline",
"template": " \ue5ff {{ .Path }} ",
"type": "path"
},
{
"background": "#79740E",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"time_format": "2006-01-02 15:04:05"
},
"style": "powerline",
"template": " {{ .CurrentDate | date .Format }} ",
"type": "time"
},
{
"type": "project",
"style": "powerline",
"powerline_symbol": "",
"foreground": "#193549",
"background": "#ffeb3b",
"template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
},
{
"type": "git",
"style": "powerline",
"powerline_symbol": "",
"background": "#427b58",
"foreground": "#EBDBB2",
"background_templates": [
"{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}",
"{{ if gt .Ahead 0 }}#076678{{ end }}",
"{{ if gt .Behind 0 }}#076678{{ end }}"
],
"template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }}  {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }}  {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }}  {{ .StashCount }}{{ end }}",
"properties": {
"fetch_status": true,
"fetch_upstream_icon": true,
"untracked_modes": {
"/Users/user/Projects/oh-my-posh/": "no"
},
"source": "cli",
"mapped_branches": {
"feat/*": "🚀 ",
"bug/*": "🐛 "
}
}
},
{
"background": "#427B58",
"background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>",
"properties": {
"always_enabled": true
},
"style": "diamond",
"template": " \ueb05 ",
"trailing_diamond": "\ue0b4",
"type": "status"
}
],
"type": "prompt"
},
{
"alignment": "left",
"newline": true,
"segments": [
{
"foreground": "#076678",
"style": "plain",
"template": "\uf0a9 ",
"type": "text"
}
],
"type": "prompt"
}
],
"final_space": true,
"version": 2
}

69
homes/common/oh-my-posh/gruvbox.json
View file

@ -1,69 +0,0 @@
{
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
"blocks": [
{
"alignment": "left",
"segments": [
{
"background": "#3A3A3A",
"foreground": "#ffffff",
"style": "powerline",
"template": "{{ if .WSL }}WSL at{{ end }} {{.Icon}} ",
"type": "os"
},
{
"background": "#fbf1c7",
"background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828",
"foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
"type": "session"
},
{
"background": "#458588",
"foreground": "#282828",
"powerline_symbol": "\ue0b0",
"properties": {
"style": "full"
},
"style": "powerline",
"template": " {{ .Path }} ",
"type": "path"
},
{
"background": "#98971A",
"background_templates": [
"{{ if or (.Working.Changed) (.Staging.Changed) }}#FF9248{{ end }}",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#ff4500{{ end }}",
"{{ if gt .Ahead 0 }}#B388FF{{ end }}",
"{{ if gt .Behind 0 }}#B388FF{{ end }}"
],
"foreground": "#282828",
"leading_diamond": "\ue0b6",
"powerline_symbol": "\ue0b0",
"properties": {
"branch_max_length": 25,
"fetch_stash_count": true,
"fetch_status": true,
"branch_icon": "\uE0A0 ",
"branch_identical_icon": "\u25CF"
},
"style": "powerline",
"template": " {{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }} \uf044 {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }} \uf046 {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }} \ueb4b {{ .StashCount }}{{ end }} ",
"trailing_diamond": "\ue0b4",
"type": "git"
}
],
"type": "prompt"
}
],
"console_title_template": "{{ .Folder }}",
"final_space": true,
"version": 2
}

25
homes/common/terminal.nix
View file

@ -37,29 +37,4 @@
enableZshIntegration = true; enableZshIntegration = true;
}; };
# provide better `Ctrl+r` command in terminal
programs.atuin = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
#package = pkgs.atuin;
package = pkgs.legacy_2405.atuin.overrideAttrs (_old: {
# as cursed as doing mitigations=off in the kernel command line
patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
});
settings = {
auto_sync = true;
sync_frequency = "5m";
sync_address = "http://chungus.private:8888";
search_mode = "fuzzy";
style = "full";
inline_height = 20;
keymap_mode = "vim-normal";
# With workspace filtering enabled, Atuin will filter for commands executed
# in any directory within a git repository tree.
workspaces = true;
};
};
} }

28
homes/palo/atuin.nix Normal file
View file

@ -0,0 +1,28 @@
{
# provide better `Ctrl+r` command in terminal
programs.atuin = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
daemon.enable = true;
settings = {
auto_sync = true;
sync_frequency = "5m";
sync_address = "http://chungus.private:8888";
search_mode = "fuzzy";
style = "full";
inline_height = 20;
keymap_mode = "vim-normal";
# because the daemon can't remember my mode (with Ctrl-r)
filter_mode = "directory";
# With workspace filtering enabled, Atuin will filter for commands executed
# in any directory within a git repository tree.
workspaces = true;
};
};
}

3
homes/palo/default.nix
View file

@ -3,6 +3,7 @@
imports = [ imports = [
../common ../common
./atuin.nix
./git.nix ./git.nix
./gpg.nix ./gpg.nix
./gui ./gui
@ -12,7 +13,7 @@
./stylix.nix ./stylix.nix
./taskwarrior.nix ./taskwarrior.nix
./tmux.nix ./tmux.nix
./zellij.nix #./zellij.nix
]; ];
home.stateVersion = "22.11"; home.stateVersion = "22.11";

1
homes/palo/git.nix
View file

@ -14,6 +14,7 @@ with pkgs;
"*.swp" "*.swp"
"*~" "*~"
".idea" ".idea"
"*.iml"
".*penis.*" ".*penis.*"
"result" "result"
".envrc" ".envrc"

61
homes/palo/i3.nix
View file

@ -87,36 +87,37 @@ in
format = "$icon $percentage $time"; format = "$icon $percentage $time";
} }
{ block = "uptime"; } { block = "uptime"; }
{ # interferes with `bugwarrior pull`
block = "taskwarrior"; # {
interval = 60; # block = "taskwarrior";
format = " $icon $count.eng(w:3) todo "; # interval = 60;
format_singular = " $icon 1 task "; # format = " $icon $count.eng(w:3) todo ";
format_everything_done = ""; # format_singular = " $icon 1 task ";
warning_threshold = 10; # format_everything_done = "";
critical_threshold = 20; # warning_threshold = 10;
filters = [ # critical_threshold = 20;
{ # filters = [
name = "active"; # {
filter = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )"; # name = "active";
} # filter = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )";
]; # }
} # ];
{ # }
block = "taskwarrior"; # {
interval = 60; # block = "taskwarrior";
format = " $icon $count.eng(w:2) "; # interval = 60;
format_singular = " $icon 1 task "; # format = " $icon $count.eng(w:2) ";
format_everything_done = ""; # format_singular = " $icon 1 task ";
warning_threshold = 3; # format_everything_done = "";
critical_threshold = 5; # warning_threshold = 3;
filters = [ # critical_threshold = 5;
{ # filters = [
name = "started"; # {
filter = "+PENDING and +ACTIVE"; # name = "started";
} # filter = "+PENDING and +ACTIVE";
]; # }
} # ];
# }
{ {
block = "time"; block = "time";
interval = 60; interval = 60;

5
homes/palo/packages/development.nix
View file

@ -18,7 +18,7 @@ with lib;
jetbrains.idea-ultimate jetbrains.idea-ultimate
vscode vscode
zed-editor #zed-editor
# minicom # for flipper zero # minicom # for flipper zero
@ -47,8 +47,6 @@ with lib;
termtosvg termtosvg
vhs vhs
#legacy_2311.blockdiag
# nomad # nomad
#nomad #nomad
#vault #vault
@ -116,6 +114,7 @@ with lib;
yq-go yq-go
gojq gojq
jq jq
fx
ijq ijq
miller miller

20
homes/palo/packages/graphics.nix
View file

@ -6,6 +6,22 @@
}: }:
with pkgs; with pkgs;
with lib; with lib;
let
use_override = false;
bambu-studio =
if use_override then
pkgs.bambu-studio.overrideAttrs (old: rec {
version = "01.10.02.76";
src = pkgs.fetchFromGitHub {
owner = "bambulab";
repo = "BambuStudio";
rev = "v${version}";
hash = "sha256-LvAi3I5lnnumhOUagyej28uVy0Lgd3e19HNQXOUWSvQ=";
};
})
else
pkgs.bambu-studio;
in
{ {
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
@ -26,7 +42,9 @@ with lib;
# CAD & 3D Plotting # CAD & 3D Plotting
openscad openscad
fstl fstl
legacy_2311.cura
orca-slicer
bambu-studio
qrencode qrencode

2
homes/palo/packages/logseq.nix
View file

@ -9,7 +9,7 @@ with lib;
{ {
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
home.packages = [ home.packages = [
pkgs.legacy_2405.logseq pkgs.logseq
]; ];
#home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json" #home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
# { # {

3
homes/palo/packages/nextcloud.nix
View file

@ -7,7 +7,7 @@
with pkgs; with pkgs;
with lib; with lib;
let let
nextcloud-client = pkgs.legacy_2311.nextcloud-client; nextcloud-client = pkgs.nextcloud-client;
nextcloudSync = nextcloudSync =
folder: folder:
@ -51,6 +51,7 @@ in
(nextcloudSync "Kunstbuch") (nextcloudSync "Kunstbuch")
(nextcloudSync "Flipper") (nextcloudSync "Flipper")
(nextcloudSync "AWS-SolutionArchitect-Professional") (nextcloudSync "AWS-SolutionArchitect-Professional")
(nextcloudSync "windows")
borrow borrow

4
homes/palo/packages/social.nix
View file

@ -9,12 +9,10 @@ with lib;
{ {
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
programs.obs-studio.enable = true; programs.obs-studio.enable = false;
home.packages = [ home.packages = [
emoji-picker emoji-picker
signal-desktop signal-desktop
#legacy_2311.fluffychat
#fluffychat
]; ];
}; };

2
homes/palo/stylix.nix
View file

@ -1,8 +1,6 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
stylix.targets.swaylock.enable = config.gui.enable;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.fonts = { stylix.fonts = {

2
homes/palo/taskwarrior.nix
View file

@ -8,7 +8,6 @@ with lib;
with types; with types;
let let
#taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
taskwarrior-tui = pkgs.taskwarrior-tui; taskwarrior-tui = pkgs.taskwarrior-tui;
taskwarrior = pkgs.taskwarrior3; taskwarrior = pkgs.taskwarrior3;
@ -23,6 +22,7 @@ in
home.packages = [ home.packages = [
pkgs.timewarrior pkgs.timewarrior
pkgs.bugwarrior
taskwarrior taskwarrior
pkgs.tasksh pkgs.tasksh

2
homes/tina/stylix.nix
View file

@ -1,8 +1,6 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
stylix.targets.swaylock.enable = config.gui.enable;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.fonts = { stylix.fonts = {

11
machines/cherry/configuration.nix
View file

@ -13,7 +13,6 @@
./syncthing.nix ./syncthing.nix
./network-tinc.nix ./network-tinc.nix
./network-tinc_retiolum.nix
./network-wireguard-wg0.nix ./network-wireguard-wg0.nix
./network-wireguard-wg1.nix ./network-wireguard-wg1.nix
@ -27,12 +26,6 @@
]; ];
#time.timeZone = lib.mkForce "Asia/Bangkok";
#time.timeZone = lib.mkForce "Asia/Tokyo";
time.timeZone = lib.mkForce "Pacific/Auckland";
#time.timeZone = lib.mkForce "Asia/Singapore";
#time.timeZone = lib.mkForce "Asia/Makassar";
#clan.core.facts.services = #clan.core.facts.services =
# let # let
# promptKey = key: # promptKey = key:
@ -53,8 +46,10 @@
# (promptKey "pushover.api_key"); # (promptKey "pushover.api_key");
components.virtualisation.enable = true; components.virtualisation.enable = true;
components.virtualisation.qemu.enable = false;
components.gui.enable = true; components.gui.enable = true;
#components.gui.audio.enable = false;
components.mainUser.enable = true; components.mainUser.enable = true;
components.media.enable = true; components.media.enable = true;
components.media.tts-client.enable = false; components.media.tts-client.enable = false;
@ -63,7 +58,7 @@
components.terminal.enable = true; components.terminal.enable = true;
telemetry.enable = true; telemetry.enable = true;
telemetry.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi telemetry.apps.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ]; home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
# todo: move to homemanager # todo: move to homemanager

38
machines/cherry/network-tinc_retiolum.nix
View file

@ -1,38 +0,0 @@
{
config,
factsGenerator,
pkgs,
...
}:
{
clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
networking.retiolum.port = 720;
networking.retiolum.nodename = "cherry";
healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
'';
services.tinc.networks.retiolum = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
};
#fileSystems."/retiolum/sicily" = {
# device = "//sicily.r/tonne";
# fsType = "cifs";
# options = [
# "guest"
# "nofail"
# "noauto"
# "ro"
# "rsize=16777216"
# "cache=loose"
# "x-systemd.after=network.target"
# ];
#};
}

3
machines/cherry/network-wireguard-wg0.nix
View file

@ -18,6 +18,9 @@
"wireguard.wg0.ip" = "10.100.0.7"; "wireguard.wg0.ip" = "10.100.0.7";
}; };
# actually important to make machine visible over wireguard
services.telegraf.extraConfig.inputs.ping = [ { urls = [ "10.100.0.1" ]; } ];
# Enable WireGuard # Enable WireGuard
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
# Hub and Spoke Setup # Hub and Spoke Setup

6
machines/chungus/configuration.nix
View file

@ -15,9 +15,8 @@
./packages.nix ./packages.nix
./network-tinc-retiolum.nix # make sure no service is open for this vpn!
./network-tinc.nix ./network-tinc.nix
./network-wireguard.nix ./network-wireguard-wg0.nix
./hass-mqtt.nix ./hass-mqtt.nix
./hass-zigbee2mqtt.nix ./hass-zigbee2mqtt.nix
@ -72,12 +71,11 @@
features.boot.tor.enable = true; features.boot.tor.enable = true;
telemetry.enable = true; telemetry.enable = true;
telemetry.opentelemetry.receiver.endpoint = "0.0.0.0:4317"; telemetry.apps.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
healthchecks.closed.wg0.host = "10.100.0.2"; healthchecks.closed.wg0.host = "10.100.0.2";
healthchecks.closed.retiolum.host = "centauri.r";
services.printing.enable = false; services.printing.enable = false;

1
machines/chungus/hass-mqtt.nix
View file

@ -16,5 +16,4 @@
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ]; networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 1883 ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ 1883 ];
healthchecks.closed.retiolum.ports.mqtt = [ 1883 ];
} }

5
machines/chungus/hass-zigbee2mqtt.nix
View file

@ -8,11 +8,6 @@
{ {
imports = [ ./hass-mqtt.nix ]; imports = [ ./hass-mqtt.nix ];
healthchecks.closed.retiolum.ports.zigbee2mqtt = [
1337
9666
];
services.zigbee2mqtt = { services.zigbee2mqtt = {
enable = true; enable = true;
dataDir = "/srv2/zigbee2mqtt"; dataDir = "/srv2/zigbee2mqtt";

4
machines/chungus/hass.nix
View file

@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
zerotierInterface,
... ...
}: }:
{ {
@ -17,7 +18,6 @@
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8123 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8123 ];
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ 8123 ];
healthchecks.closed.retiolum.ports.hass = [ 8123 ];
} }

73
machines/chungus/media-audiobookshelf.nix
View file

@ -2,43 +2,68 @@
config, config,
lib, lib,
pkgs, pkgs,
zerotierInterface,
... ...
}: }:
with pkgs;
let let
port = 8000;
group = "media"; group = "media";
port = 9002;
in in
{ {
healthchecks.http.audiobookshelf-via-zerotier = {
url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString port}";
expectedContent = "audiobookshelf";
};
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ port ];
users.users.audiobookshelf = { users.users.audiobookshelf = {
isSystemUser = true; isSystemUser = true;
group = group; group = lib.mkForce group;
}; };
# make available in retiolum # systemd.services.audiobookshelf = {
#networking.firewall.interfaces."tinc.retiolum".allowedTCPPorts = [ port ]; # enable = true;
#networking.firewall.interfaces."tinc.retiolum".allowedUDPPorts = [ port ]; # description = "Self-hosted audiobook server for managing and playing audiobooks";
# serviceConfig = {
# Type = "simple";
# WorkingDirectory = "/srv/audiobookshelf";
# ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}";
# ExecReload = "${util-linux}/bin/kill -HUP $MAINPID";
# Restart = "always";
# User = config.users.users.audiobookshelf.name;
# Group = config.users.users.audiobookshelf.group;
# };
# wantedBy = [ "multi-user.target" ];
# requires = [ "network.target" ];
# };
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ port ]; services.audiobookshelf = {
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ port ];
networking.firewall.interfaces.wg0.allowedTCPPorts = [ port ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ port ];
systemd.services.audiobookshelf = {
enable = true; enable = true;
description = "Self-hosted audiobook server for managing and playing audiobooks"; port = 8000;
serviceConfig = { };
Type = "simple";
WorkingDirectory = "/srv/audiobookshelf"; services.nginx = {
ExecStart = "${audiobookshelf}/bin/audiobookshelf --port ${toString port}"; enable = true;
ExecReload = "${util-linux}/bin/kill -HUP $MAINPID"; recommendedProxySettings = true;
Restart = "always"; virtualHosts."audiobookshelf.${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}" =
User = config.users.users.audiobookshelf.name; {
Group = config.users.users.audiobookshelf.group; listen = [
{
addr = "[::]";
port = port;
ssl = false;
}
];
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.audiobookshelf.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// $scheme://;
'';
};
}; };
wantedBy = [ "multi-user.target" ];
requires = [ "network.target" ];
}; };
} }

3
machines/chungus/media-jellyfin.nix
View file

@ -7,7 +7,7 @@
{ {
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;
openFirewall = true; # todo: will open for retiolum as well openFirewall = true;
group = "media"; group = "media";
user = "media"; user = "media";
}; };
@ -15,7 +15,6 @@
healthchecks.http.jellyfin = { healthchecks.http.jellyfin = {
url = "flix.${config.networking.hostName}.private"; url = "flix.${config.networking.hostName}.private";
}; };
healthchecks.closed.retiolum.ports.jellyfin = [ 8096 ];
services.nginx = { services.nginx = {
enable = true; enable = true;

17
machines/chungus/media-navidrome.nix
View file

@ -2,23 +2,32 @@
config, config,
lib, lib,
pkgs, pkgs,
zerotierInterface,
... ...
}: }:
{ {
healthchecks.http.navidrome = { healthchecks.http.navidrome-tinc = {
url = "${config.networking.hostName}.wg0:${toString config.services.navidrome.settings.Port}/app/#/login"; url = "${config.networking.hostName}.private:${toString config.services.navidrome.settings.Port}/app/#/login";
expectedContent = "Navidrome"; expectedContent = "Navidrome";
}; };
healthchecks.closed.retiolum.ports.navidrome = [ config.services.navidrome.settings.Port ]; healthchecks.http.navidrome-via-zerotier = {
url = "${config.networking.hostName}.${config.clan.static-hosts.topLevelDomain}:${toString config.services.navidrome.settings.Port}/app/#/login";
expectedContent = "Navidrome";
};
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
config.services.navidrome.settings.Port
];
services.navidrome = { services.navidrome = {
enable = true; enable = true;
openFirewall = true; openFirewall = true;
group = "media"; group = "media";
user = "media"; user = "media";
settings.Address = "0.0.0.0"; settings.Address = "[::]";
settings.Port = 4533;
settings.MusicFolder = "/media/arr/lidarr"; settings.MusicFolder = "/media/arr/lidarr";
}; };

6
machines/chungus/media-share.nix
View file

@ -1,12 +1,6 @@
{ config, ... }: { config, ... }:
{ {
healthchecks.closed.retiolum.ports.share = [
137
138
139
445
];
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [
445 445
139 139

1
machines/chungus/media-syncthing.nix
View file

@ -10,7 +10,6 @@
url = config.services.syncthing.guiAddress; url = config.services.syncthing.guiAddress;
expectedContent = "syncthing"; expectedContent = "syncthing";
}; };
healthchecks.closed.retiolum.ports.syncthing-gui = [ 8384 ];
services.syncthing = { services.syncthing = {
enable = true; enable = true;

23
machines/chungus/network-tinc-retiolum.nix
View file

@ -1,23 +0,0 @@
{
config,
factsGenerator,
pkgs,
...
}:
{
clan.core.facts.services.tinc_retiolum = factsGenerator.tinc { name = "retiolum"; };
networking.retiolum.port = 720;
networking.retiolum.nodename = "chungus";
healthchecks.localCommands.ping-retiolum = pkgs.writers.writeBash "ping-retiolum" ''
ping -c 1 -W 5 ${config.networking.retiolum.nodename}.r
'';
services.tinc.networks.retiolum = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.ed25519_key.priv".path;
rsaPrivateKeyFile =
config.clan.core.facts.services.tinc_retiolum.secret."tinc.retiolum.rsa_key.priv".path;
};
}

3
machines/chungus/network-wireguard.nix → machines/chungus/network-wireguard-wg0.nix
View file

@ -18,6 +18,9 @@
"wireguard.wg0.ip" = "10.100.0.2"; "wireguard.wg0.ip" = "10.100.0.2";
}; };
# actually important to make machine visible over wireguard
services.telegraf.extraConfig.inputs.ping = [ { urls = [ "10.100.0.1" ]; } ];
# Enable WireGuard # Enable WireGuard
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
# Hub and Spoke Setup # Hub and Spoke Setup

16
machines/chungus/service-atuin.nix
View file

@ -5,15 +5,21 @@
... ...
}: }:
{ {
healthchecks.http.atuin-tinc = {
url = "${config.networking.hostName}.private:${toString config.services.atuin.port}";
expectedContent = "version";
};
healthchecks.closed.retiolum.ports.atuin = [ config.services.atuin.port ]; # healthchecks.http.atuin-wg0 = {
# url = "${config.networking.hostName}.wg0:${toString config.services.atuin.port}";
# expectedContent = "version";
# };
# networking.firewall.interfaces.wg0.allowedTCPPorts = [
# config.services.atuin.port
# ];
services.atuin = { services.atuin = {
enable = true; enable = true;
package = pkgs.legacy_2405.atuin.overrideAttrs (_old: {
# as cursed as doing mitigations=off in the kernel command line
patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
});
host = "0.0.0.0"; host = "0.0.0.0";
maxHistoryLength = 999999; maxHistoryLength = 999999;
openRegistration = false; openRegistration = false;

2
machines/chungus/service-forgejo.nix
View file

@ -10,8 +10,6 @@
expectedContent = "nixinate"; expectedContent = "nixinate";
}; };
healthchecks.closed.retiolum.ports.forgejo = [ config.services.forgejo.settings.server.HTTP_PORT ];
services.nginx = { services.nginx = {
enable = true; enable = true;
statusPage = true; statusPage = true;

1
machines/chungus/service-paperless-healthchecks.nix
View file

@ -11,6 +11,5 @@
url = "http://paperless.chungus.private/accounts/login/?next=/"; url = "http://paperless.chungus.private/accounts/login/?next=/";
expectedContent = "paperless.chungus.private"; expectedContent = "paperless.chungus.private";
}; };
healthchecks.closed.retiolum.ports.paperless = [ config.services.paperless.port ];
} }

7
machines/chungus/service-paperless.nix
View file

@ -2,13 +2,15 @@
config, config,
pkgs, pkgs,
lib, lib,
zerotierInterface,
... ...
}: }:
{ {
services.paperless = { services.paperless = {
enable = true; enable = true;
address = "0.0.0.0"; address = "[::]";
port = 28981;
package = pkgs.paperless-ngx; package = pkgs.paperless-ngx;
settings = { settings = {
PAPERLESS_OCR_LANGUAGE = "deu+eng"; PAPERLESS_OCR_LANGUAGE = "deu+eng";
@ -35,6 +37,9 @@
}; };
networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [
config.services.paperless.port
];
services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = { services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
serverAliases = [ "paperless.ingolf-wagner.de" ]; serverAliases = [ "paperless.ingolf-wagner.de" ];

5
machines/chungus/service-s3.nix
View file

@ -1,11 +1,6 @@
{ config, factsGenerator, ... }: { config, factsGenerator, ... }:
{ {
healthchecks.closed.retiolum.ports.s3 = [
9000
9001
];
healthchecks.http.s3 = { healthchecks.http.s3 = {
url = "http://s3.chungus.private:9001/login"; url = "http://s3.chungus.private:9001/login";
expectedContent = "minio"; expectedContent = "minio";

2
machines/chungus/service-taskwarrior.nix
View file

@ -6,8 +6,6 @@
}: }:
{ {
healthchecks.closed.retiolum.ports.taskwarrior-webui = [ 8080 ];
virtualisation.oci-containers = { virtualisation.oci-containers = {
containers.taskwarrior-webui = { containers.taskwarrior-webui = {
volumes = [ volumes = [

2
machines/chungus/service-vault.nix
View file

@ -1,8 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
healthchecks.closed.retiolum.ports.vault = [ 8200 ];
services.vault = { services.vault = {
enable = true; enable = true;
#adress = "chungus.private:8200"; #adress = "chungus.private:8200";

4
machines/chungus/telemetry/loki.nix
View file

@ -7,7 +7,7 @@
default_labels_enabled = { default_labels_enabled = {
exporter = true; exporter = true;
job = true; job = true;
instance = true; instance_name = true;
level = true; level = true;
}; };
}; };
@ -16,7 +16,7 @@
{ {
action = "insert"; action = "insert";
key = "loki.attribute.labels"; key = "loki.attribute.labels";
value = "job, unit, boot_id, instance, facility, facility_label, priority, priority_label"; value = "job, unit, boot_id, instance_name, facility, facility_label, priority, priority_label";
} }
]; ];
resource.attributes = [ resource.attributes = [

8
machines/chungus/telemetry/prometheus.nix
View file

@ -22,12 +22,8 @@
}; };
}; };
services.prometheus = { telemetry.apps.prometheus.enable = true;
checkConfig = "syntax-only"; telemetry.apps.prometheus.retentionTime = "90d";
enable = true;
# keep data for 30 days
extraFlags = [ "--storage.tsdb.retention.time=90d" ];
};
services.grafana.provision.datasources.settings = { services.grafana.provision.datasources.settings = {
apiVersion = 1; apiVersion = 1;

6
machines/chungus/topology.nix
View file

@ -22,11 +22,5 @@ with config.lib.topology;
# type = "tinc"; # type = "tinc";
virtual = true; virtual = true;
}; };
interfaces."tinc.retiolum" = {
network = "tinc.retiolum";
# type = "tinc";
virtual = true;
};
}; };
} }

2
machines/chungus/zerotier-controller.nix
View file

@ -22,8 +22,6 @@ let
in in
{ {
healthchecks.closed.retiolum.ports.vault = [ 9993 ];
environment.systemPackages = [ environment.systemPackages = [
(zerotierCommand "zerotier-script-members" '' (zerotierCommand "zerotier-script-members" ''
curl "http://localhost:9993/controller/network/''${NWID}/member" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq curl "http://localhost:9993/controller/network/''${NWID}/member" -H "X-ZT1-AUTH: ''${TOKEN}" | gojq

11
machines/orbi/configuration.nix
View file

@ -45,6 +45,10 @@
]; ];
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.extraCommands = ''
iptables -P FORWARD DROP
'';
boot.kernel.sysctl."net.ipv4.ip_forwarding" = false;
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
@ -56,16 +60,19 @@
components.network.enable = true; components.network.enable = true;
components.network.nginx.landingpage.enable = false; components.network.nginx.landingpage.enable = false;
components.network.wifi.enable = false; components.network.wifi.enable = false;
components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly components.virtualisation.enable = true; # we only enable this stuff where we need it explicitly
components.virtualisation.podman.enable = false; components.virtualisation.podman.enable = false;
components.virtualisation.virtualbox.enable = false;
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
features.network.fail2ban.enable = true; features.network.fail2ban.enable = true;
features.boot.ssh.enable = true; features.boot.ssh.enable = true;
telemetry.enable = true; telemetry.enable = true;
telemetry.opentelemetry.receiver.endpoint = "0.0.0.0:4317"; telemetry.apps.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
telemetry.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus telemetry.apps.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
healthchecks.closed.public.ports.opentelemetry = [ 4317 ]; healthchecks.closed.public.ports.opentelemetry = [ 4317 ];

3
machines/orbi/media-nextcloud.nix
View file

@ -114,9 +114,8 @@ in
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
imports = [ imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.telemetry inputs.telemetry.nixosModules.container-telemetry-non-private-network
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

4
machines/orbi/media-transmission2.nix
View file

@ -35,9 +35,8 @@ in
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
imports = [ imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.telemetry inputs.telemetry.nixosModules.container-telemetry-non-private-network
]; ];
system.stateVersion = "21.05"; system.stateVersion = "21.05";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
@ -50,7 +49,6 @@ in
services.transmission = { services.transmission = {
enable = true; enable = true;
package = pkgs.legacy_2405.transmission_4;
settings = { settings = {
download-dir = "/media/torrent/downloads"; download-dir = "/media/torrent/downloads";
incomplete-dir = "/media/torrent/incomplete"; incomplete-dir = "/media/torrent/incomplete";

7
machines/orbi/network-wireguard.nix
View file

@ -20,6 +20,11 @@ let
in in
{ {
networking.firewall.allowedUDPPorts = [ 51820 ]; networking.firewall.allowedUDPPorts = [ 51820 ];
networking.firewall.extraCommands = ''
iptables -A FORWARD -i wg0 -j ACCEPT
'';
boot.kernel.sysctl."net.ipv4.conf.wg0.forwarding" = true;
clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; }; clan.core.facts.services.wireguard = factsGenerator.wireguard { name = "wg0"; };
clan.core.facts.services.wireguard_ip = factsGenerator.public { clan.core.facts.services.wireguard_ip = factsGenerator.public {
"wireguard.wg0.endpoint" = "95.216.66.212:51820"; "wireguard.wg0.endpoint" = "95.216.66.212:51820";
@ -31,8 +36,6 @@ in
ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value} ping -c 1 -W 5 ${config.clan.core.facts.services.wireguard_ip.public."wireguard.wg0.ip".value}
''; '';
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
# Enable WireGuard # Enable WireGuard
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
# Hub and Spoke Setup # Hub and Spoke Setup

3
machines/orbi/service-forgejo.nix
View file

@ -60,9 +60,8 @@ in
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
imports = [ imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.telemetry inputs.telemetry.nixosModules.container-telemetry-non-private-network
]; ];
system.stateVersion = "24.11"; system.stateVersion = "24.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

40
machines/orbi/service-nix-cache.nix
View file

@ -4,12 +4,11 @@
pkgs, pkgs,
... ...
}: }:
let
port = 5005;
in
{ {
# nixpkgs.config.packageOverrides = p: {
# nix-serve = p.haskellPackages.nix-serve-ng;
# };
# generate private key with: # generate private key with:
# nix-store --generate-binary-cache-key my-secret-key my-public-key # nix-store --generate-binary-cache-key my-secret-key my-public-key
clan.core.facts.services."nix-serve" = { clan.core.facts.services."nix-serve" = {
@ -26,34 +25,31 @@
''; '';
}; };
services.nix-serve = { services.harmonia = {
enable = true; enable = true;
secretKeyFile = config.clan.core.facts.services.nix-serve.secret."nix-serve.key".path; signKeyPaths = [ config.clan.core.facts.services.nix-serve.secret."nix-serve.key".path ];
port = 5005; settings = {
bind = "127.0.0.1:${toString port}";
priority = 100;
};
}; };
healthchecks.closed.public.ports.nix-serve = [ config.services.nix-serve.port ]; healthchecks.closed.public.ports.nix-cache = [ port ];
healthchecks.http.nix-serve = { healthchecks.http.nix-cache = {
url = "cache.${config.networking.hostName}.wg0/nix-cache-info"; url = "cache.${config.networking.hostName}.wg0/nix-cache-info";
expectedContent = "Priority: 50"; expectedContent = "Priority: ${toString config.services.harmonia.settings.priority}";
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."cache.${config.networking.hostName}.wg0" = { virtualHosts."cache.${config.networking.hostName}.wg0" = {
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port}; proxy_pass http://localhost:${toString port};
allow ${config.wireguard.wg0.subnet}; proxy_set_header Host $host;
deny all; proxy_http_version 1.1;
''; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# curl https://cache.nixos.org/nix-cache-info proxy_set_header Upgrade $http_upgrade;
# lower priority means ask first. proxy_set_header Connection $connection_upgrade;
locations."= /nix-cache-info".extraConfig = ''
alias ${pkgs.writeText "cache-info" ''
StoreDir: /nix/store
WantMassQuery: 1
Priority: 50
''};
allow ${config.wireguard.wg0.subnet}; allow ${config.wireguard.wg0.subnet};
deny all; deny all;
''; '';

9
machines/orbi/service-photoprism.nix
View file

@ -4,6 +4,7 @@
lib, lib,
components, components,
inputs, inputs,
zerotierInterface,
... ...
}: }:
let let
@ -14,17 +15,19 @@ in
{ {
networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ];
# networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];
healthchecks.closed.public.ports.photoprism = [ healthchecks.closed.public.ports.photoprism = [
photoprismPort photoprismPort
mysqlPort mysqlPort
]; ];
healthchecks.http.photoprism = { healthchecks.http.photoprism = {
url = "http://10.100.0.1:2342/library/login"; url = "http://10.100.0.1:2342/library/login";
expectedContent = "AI-Powered Photos App"; expectedContent = "AI-Powered Photos App";
}; };
networking.firewall.interfaces.${zerotierInterface}.allowedTCPPorts = [ photoprismPort ];
containers.photoprism = { containers.photoprism = {
privateNetwork = false; privateNetwork = false;
autoStart = true; autoStart = true;
@ -34,9 +37,8 @@ in
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
imports = [ imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.telemetry inputs.telemetry.nixosModules.container-telemetry-non-private-network
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here
@ -50,7 +52,6 @@ in
services.photoprism = { services.photoprism = {
enable = true; enable = true;
port = photoprismPort; port = photoprismPort;
package = pkgs.legacy_2405.photoprism;
originalsPath = "/var/lib/private/photoprism/originals"; originalsPath = "/var/lib/private/photoprism/originals";
address = "0.0.0.0"; address = "0.0.0.0";
settings = { settings = {

3
machines/orbi/service-surrealdb.nix
View file

@ -25,9 +25,8 @@ in
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
imports = [ imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.telemetry inputs.telemetry.nixosModules.container-telemetry-non-private-network
]; ];
system.stateVersion = "24.05"; system.stateVersion = "24.05";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

3
machines/orbi/social-matrix-terranix.nix
View file

@ -90,9 +90,8 @@ in
{ {
nixpkgs.pkgs = pkgs; nixpkgs.pkgs = pkgs;
imports = [ imports = [
"${components}/monitor/container.nix"
inputs.nix-topology.nixosModules.default inputs.nix-topology.nixosModules.default
inputs.telemetry.nixosModules.telemetry inputs.telemetry.nixosModules.container-telemetry-non-private-network
]; ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
services.logrotate.checkConfig = false; # because uid 3000 does not exist in here services.logrotate.checkConfig = false; # because uid 3000 does not exist in here

1
machines/usbstick/hardware-configuration/hardware-configuration.nix
View file

@ -50,7 +50,6 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s25.useDHCP = lib.mkDefault true; # networking.interfaces.enp0s25.useDHCP = lib.mkDefault true;
# networking.interfaces.tinc.private.useDHCP = lib.mkDefault true; # networking.interfaces.tinc.private.useDHCP = lib.mkDefault true;
# networking.interfaces.tinc.retiolum.useDHCP = lib.mkDefault true;
# networking.interfaces.tinc.secret.useDHCP = lib.mkDefault true; # networking.interfaces.tinc.secret.useDHCP = lib.mkDefault true;
# networking.interfaces.virbr0.useDHCP = lib.mkDefault true; # networking.interfaces.virbr0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;

3
machines/usbstick/network-wireguard-wg0.nix
View file

@ -12,6 +12,9 @@
"wireguard.wg0.ip" = "10.100.0.100"; "wireguard.wg0.ip" = "10.100.0.100";
}; };
# actually important to make machine visible over wireguard
services.telegraf.extraConfig.inputs.ping = [ { urls = [ "10.100.0.1" ]; } ];
# Enable WireGuard # Enable WireGuard
networking.wg-quick.interfaces = { networking.wg-quick.interfaces = {
# Hub and Spoke Setup # Hub and Spoke Setup

15
nix/formatter.nix
View file

@ -13,6 +13,21 @@
programs.deno.enable = true; programs.deno.enable = true;
programs.yamlfmt.enable = true; programs.yamlfmt.enable = true;
programs.black.enable = true; programs.black.enable = true;
programs.beautysh.enable = true;
programs.taplo.enable = true;
programs.clang-format.enable = true;
settings.global.excludes = [
"machines/*/facts/*"
"old-machines/*/facts/*"
"vars/*"
"*.gpg"
"*.pub"
".git-crypt/*"
"*.png"
"LICENSE"
"*.gitignore"
".gitattributes"
];
}; };
}; };
} }

3
nix/packages/default.nix
View file

@ -4,9 +4,6 @@
perSystem = perSystem =
{ pkgs, system, ... }: { pkgs, system, ... }:
with pkgs; with pkgs;
let
legacy_2311 = import inputs.nixpkgs-legacy_2311 { inherit system; };
in
{ {
packages.pkl = callPackage ./pkl { }; packages.pkl = callPackage ./pkl { };
packages.otpmenu = callPackage ./otpmenu { }; packages.otpmenu = callPackage ./otpmenu { };

22
nix/packages/nsxiv/config.def.h
View file

@ -6,7 +6,8 @@ static const int WIN_HEIGHT = 600;
/* colors and font can be overwritten via X resource properties. /* colors and font can be overwritten via X resource properties.
* See nsxiv(1), X(7) section Resources and xrdb(1) for more information. * See nsxiv(1), X(7) section Resources and xrdb(1) for more information.
* X resource value (NULL == default) */ * X resource value (NULL ==
* default) */
static const char *WIN_BG[] = {"Nsxiv.window.background", "white"}; static const char *WIN_BG[] = {"Nsxiv.window.background", "white"};
static const char *WIN_FG[] = {"Nsxiv.window.foreground", "black"}; static const char *WIN_FG[] = {"Nsxiv.window.foreground", "black"};
static const char *MARK_FG[] = {"Nsxiv.mark.foreground", NULL}; static const char *MARK_FG[] = {"Nsxiv.mark.foreground", NULL};
@ -25,10 +26,8 @@ static const bool TOP_STATUSBAR = false;
/* levels (in percent) to use when zooming via '-' and '+': /* levels (in percent) to use when zooming via '-' and '+':
* (first/last value is used as min/max zoom level) * (first/last value is used as min/max zoom level)
*/ */
static const float zoom_levels[] = { static const float zoom_levels[] = {12.5, 25.0, 50.0, 75.0, 100.0,
12.5, 25.0, 50.0, 75.0, 150.0, 200.0, 400.0, 800.0};
100.0, 150.0, 200.0, 400.0, 800.0
};
/* default slideshow delay (in sec, overwritten via -S option): */ /* default slideshow delay (in sec, overwritten via -S option): */
static const int SLIDESHOW_DELAY = 5; static const int SLIDESHOW_DELAY = 5;
@ -53,9 +52,12 @@ static const int PAN_FRACTION = 5;
* NOTE: higher cache size means better image reloading performance, but also * NOTE: higher cache size means better image reloading performance, but also
* higher memory usage. * higher memory usage.
*/ */
static const int CACHE_SIZE_MEM_PERCENTAGE = 3; /* use 3% of total memory for cache */ static const int CACHE_SIZE_MEM_PERCENTAGE =
static const int CACHE_SIZE_LIMIT = 256 * 1024 * 1024; /* but not above 256MiB */ 3; /* use 3% of total memory for cache */
static const int CACHE_SIZE_FALLBACK = 32 * 1024 * 1024; /* fallback to 32MiB if we can't determine total memory */ static const int CACHE_SIZE_LIMIT =
256 * 1024 * 1024; /* but not above 256MiB */
static const int CACHE_SIZE_FALLBACK =
32 * 1024 * 1024; /* fallback to 32MiB if we can't determine total memory */
#endif #endif
#ifdef INCLUDE_OPTIONS_CONFIG #ifdef INCLUDE_OPTIONS_CONFIG
@ -215,8 +217,6 @@ static const bool NAV_IS_REL = true;
static const unsigned int NAV_WIDTH = 33; static const unsigned int NAV_WIDTH = 33;
/* mouse cursor on left, middle and right part of the window */ /* mouse cursor on left, middle and right part of the window */
static const cursor_t imgcursor[3] = { static const cursor_t imgcursor[3] = {CURSOR_LEFT, CURSOR_ARROW, CURSOR_RIGHT};
CURSOR_LEFT, CURSOR_ARROW, CURSOR_RIGHT
};
#endif #endif

2
nix/packages/systemctl-find-service-config/default.nix
View file

@ -1,5 +1,5 @@
{ pkgs }: { pkgs }:
pkgs.writers.writeBashBin "sysetmctl-find-service-config" ( pkgs.writers.writeBashBin "systemctl-find-service-config" (
pkgs.lib.fileContents ./systemctl-find-service-config.sh pkgs.lib.fileContents ./systemctl-find-service-config.sh
) )

11
nix/packages/systemctl-find-service-config/systemctl-find-service-config.sh
View file

@ -8,12 +8,19 @@ display_usage() {
exit 1 exit 1
} }
# Prüfen, ob genügend Argumente übergeben wurden # Prüfen, ob mindestens ein Argument übergeben wurde
if [ $# -ne 2 ]; then if [ $# -lt 1 ] || [ $# -gt 2 ]; then
display_usage display_usage
fi fi
SERVICE=$1 SERVICE=$1
# Spezialfall: Wenn nur ein Argument übergeben wurde
if [ $# -eq 1 ]; then
systemctl cat "$SERVICE"
exit 0
fi
REGEX=$2 REGEX=$2
# Holen der Service-Konfiguration # Holen der Service-Konfiguration

4
nix/topology/networks.nix
View file

@ -20,8 +20,4 @@ with config.lib.topology;
cidrv4 = "10.23.42.0/24"; cidrv4 = "10.23.42.0/24";
}; };
networks."tinc.retiolum" = {
name = "tinc retiolum";
};
} }

3
system/all/defaults.nix
View file

@ -7,9 +7,6 @@
{ {
imports = [ ./packages.nix ]; imports = [ ./packages.nix ];
# provide overlays
# -----------------
# nixpkgs.overlays = [ (import ../../pkgs) ];
# allow un-free # allow un-free
# ------------- # -------------

17
system/all/on-failure.nix
View file

@ -1,17 +0,0 @@
{ lib, ... }:
{
#on-failure = {
# enable = true;
# plans = {
# tinc_private.name = "tinc.private";
# tinc_retiolum.name = "tinc.retiolum";
# sshd.name = "sshd";
# tor.name = "tor";
# dnsmasq.name = "dnsmasq";
# #backup_on_workhorse.name = "backup.on-workhorse.private";
# #backup_on_workout.name = "backup.on-workout.private";
# #backup_on_porani.name = "backup.on-porani.private";
# syncthing.name = "syncthing";
# };
#};
}