palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity

Compare commits

merge into: palo:feature/clan.lol
Branches Tags
palo:main
palo:feature/clan.lol
palo:feature/nixinite
palo:feature/refacoring
palo:feature/wireguard
palo:feature/hass
...
pull from: palo:main
Branches Tags
palo:main
palo:feature/clan.lol
palo:feature/nixinite
palo:feature/refacoring
palo:feature/wireguard
palo:feature/hass

113 commits
feature/cl ... main

Author SHA1 Message Date
Ingolf Wagner 63aa6f5831
sops -> pass : add syncoid ssh key 2024-05-31 22:02:52 +02:00
Ingolf Wagner 88a791d708
Update facts/secrets for service syncoid in machine chungus 2024-05-31 21:43:06 +02:00
Ingolf Wagner ec09017440
Update facts/secrets for service openssh in machine chungus 2024-05-31 21:42:20 +02:00
Ingolf Wagner 529fa4ad6a
sops -> pass : cherry works (wip) 2024-05-31 21:02:22 +02:00
Ingolf Wagner 903674fd7c
Update facts/secrets for service openssh in machine cherry 2024-05-31 20:38:48 +02:00
Ingolf Wagner e5bece2a63
Update facts/secrets for service openssh in machine cherry 2024-05-31 17:56:30 +02:00
Ingolf Wagner ab5c225a11
make network manager application 2024-05-31 12:10:21 +02:00
Ingolf Wagner 54cdc5f43f
make jellyfin nicer 2024-05-31 11:00:38 +02:00
Ingolf Wagner 00b5e41e5d
flake.nix refactorings 2024-05-30 16:38:33 +02:00
Ingolf Wagner 650959264e
add difftastic 2024-05-30 14:53:01 +02:00
Ingolf Wagner 39070cc3a9
update (and fix srvos problem) 2024-05-30 11:33:44 +02:00
Ingolf Wagner 546a29808f
remove old packages 2024-05-30 11:12:02 +02:00
Ingolf Wagner fced4cfa7a
update 2024-05-30 11:03:55 +02:00
Ingolf Wagner 1e565470ff
remove hyperland 2024-05-30 10:59:28 +02:00
Ingolf Wagner 38613cd6b8
remove mors 2024-05-30 09:35:07 +02:00
Ingolf Wagner a220dab526
archive robi and sterni 2024-05-30 09:34:10 +02:00
Ingolf Wagner 22eb918cd0
add flix syncthing part 2024-05-30 09:33:55 +02:00
Ingolf Wagner 3714de0a16
fixed loki (boltdb -> tsdb) 2024-05-29 23:36:43 +02:00
Ingolf Wagner 2665f35441
add ssh config for clan tld 2024-05-29 23:23:49 +02:00
Ingolf Wagner c84664d1a2
set tld for clan machines 2024-05-29 23:11:51 +02:00
Ingolf Wagner e0c0751e26
use old clan config 2024-05-29 21:54:53 +02:00
Ingolf Wagner 70f8da231e
use zerotier with clan 2024-05-29 20:16:04 +02:00
Ingolf Wagner 59c0f5d4ed
Update facts/secrets for service zerotier in machine sternchen 2024-05-29 18:38:59 +02:00
Ingolf Wagner 897f09c4d3
Update facts/secrets for service zerotier in machine cherry 2024-05-29 18:38:33 +02:00
Ingolf Wagner a9f61e99a5
Update facts/secrets for service zerotier in machine chungus 2024-05-29 18:38:26 +02:00
Ingolf Wagner 152d89482b
Update facts/secrets for service zerotier in machine cream 2024-05-29 18:25:20 +02:00
Ingolf Wagner 0e3dc0453c
Update facts/secrets for service zerotier in machine orbi 2024-05-29 18:18:28 +02:00
Ingolf Wagner 7f664a749c
use old taskwarrior-tui 2024-05-29 10:27:23 +02:00
Ingolf Wagner 48478ec02f
update chungus to clan (wip) 2024-05-29 10:05:07 +02:00
Ingolf Wagner 7b7dc77621
update upgrade-diff.nix 2024-05-28 17:01:27 +02:00
Ingolf Wagner 3c056b4e9b
use old fluffychat version again 2024-05-27 21:19:01 +02:00
Ingolf Wagner b9254dbf7f
update nextcloud 2024-05-27 21:02:15 +02:00
Ingolf Wagner 545ba732d4
add clan description 2024-05-27 19:35:34 +02:00
Ingolf Wagner 07ca34cc29
nix flake check 2024-05-27 19:10:54 +02:00
Ingolf Wagner 7f8659d8af
fiddle with yubikey and ssh 2024-05-27 18:50:31 +02:00
Ingolf Wagner e840ff3b3d
Merge branch 'feature/clan.lol' 2024-05-27 10:48:38 +02:00
Ingolf Wagner 2bedf3a3ec
upgrade to unstable (cherry) 2024-05-25 02:58:23 +02:00
Ingolf Wagner eeedd5b850
upgrade to unstable 2024-05-24 19:04:21 +02:00
Ingolf Wagner 435a658dd0
remove logseq config because it's to stressful 2024-05-24 14:41:15 +02:00
Ingolf Wagner ad55e799e0
update 2024-05-24 14:22:57 +02:00
Ingolf Wagner 9601fd454d
move taskwarrior to home-manager 2024-05-24 10:54:21 +02:00
Ingolf Wagner e105d2c306
remove some unnecessary programs from sternchen 2024-05-23 22:40:29 +02:00
Ingolf Wagner 629d3d6f6c
update sternchen 2024-05-23 22:31:30 +02:00
Ingolf Wagner 22e87888b5
deploy sternchen 2024-05-23 16:04:36 +02:00
Ingolf Wagner 64bad7f2e0
update 2024-05-22 20:54:36 +02:00
Ingolf Wagner cce89574e1
update 2024-05-22 17:07:57 +02:00
Ingolf Wagner 714c042a84
add gitup 2024-05-22 11:01:03 +02:00
Ingolf Wagner cf68a595d5
add paperless to wireguard 2024-05-22 09:28:11 +02:00
Ingolf Wagner 74926ffb1c
fix taskwarrior-tui problem. 2024-05-21 13:06:20 +02:00
Ingolf Wagner cb8a4979a5
update 2024-05-20 11:06:45 +02:00
Ingolf Wagner 3e17996965
improve a bit the monitor infrastructure for containers 2024-05-19 10:44:37 +02:00
Ingolf Wagner 8866476c9d
add some syncoid packages 2024-05-19 01:29:29 +02:00
Ingolf Wagner fda2ea3119
migrate nextcloud and matrix-terranix backup to syncoid 2024-05-19 01:17:45 +02:00
Ingolf Wagner ab4a870d0f
cleanup of chungus files 2024-05-19 00:20:54 +02:00
Ingolf Wagner e825dfd9d1
clean up of orbi files 2024-05-19 00:10:42 +02:00
Ingolf Wagner 67840babe4
add monitoring to transmission 2024-05-18 19:05:32 +02:00
Ingolf Wagner b890a69e30
monitor containers 2024-05-18 12:02:21 +02:00
Ingolf Wagner 3a4ed070f2
Properly handle labels in promtail 2024-05-18 01:04:39 +02:00
Ingolf Wagner 09138dc3a4
Add debug flag to opentelemetry.nix 2024-05-17 22:21:14 +02:00
Ingolf Wagner 1b37948192
Revert "update" 
This reverts commit 325f07bdd8.
 2024-05-17 21:31:02 +02:00
Ingolf Wagner 325f07bdd8
update 2024-05-17 21:10:25 +02:00
Ingolf Wagner 2ba782a204
update promtail position 2024-05-17 20:06:43 +02:00
Ingolf Wagner 73e8b6e77b
use ip address instead domain name to connect to orbi. 2024-05-17 19:50:56 +02:00
Ingolf Wagner ded4be9f5d
fix loki problems with "too many requests" 2024-05-17 10:15:03 +02:00
Ingolf Wagner 9160b34178
some improvements 2024-05-16 13:10:48 +02:00
Ingolf Wagner a5234a2a84
some improvements 2024-05-16 10:57:57 +02:00
Ingolf Wagner 9f6d63cabe
automatic configure prometheus 2024-05-16 09:49:22 +02:00
Ingolf Wagner 5fbe52eb11
make loki, promtail better 
(better indices and so on)
 2024-05-15 22:54:12 +02:00
Ingolf Wagner f328d740e0
make nginx logs properly work 2024-05-15 17:11:41 +02:00
Ingolf Wagner e69fdc44d9
add promtail log shipping 2024-05-15 14:39:21 +02:00
Ingolf Wagner 4903ab6fd9
make monitoring a component and easy to configure 2024-05-15 11:59:24 +02:00
Ingolf Wagner a7f72610d4
refactoring 2024-05-15 01:31:07 +02:00
Ingolf Wagner 6f527173d9
default tags right is done by opentelemetry now 2024-05-15 01:11:06 +02:00
Ingolf Wagner 661c350544
refactor otlp 2024-05-15 00:25:32 +02:00
Ingolf Wagner fce4a39b94
refactoring 2024-05-14 23:02:13 +02:00
Ingolf Wagner 7016ef880a
opentelemetry all the way. 2024-05-14 22:36:08 +02:00
Ingolf Wagner 0521dce440
add opentelemetry everywhere 2024-05-14 20:02:37 +02:00
Ingolf Wagner 9f3e7b698a
configure opentelemetry on orbi 2024-05-14 17:06:38 +02:00
Ingolf Wagner 4857e6a766
add pdf arranger 2024-05-12 17:27:21 +02:00
Ingolf Wagner 285b1a1963
update paperless 2024-05-12 09:32:04 +02:00
Ingolf Wagner 60422a1900
add 2 more devices to wireguard 2024-05-11 15:46:59 +02:00
Ingolf Wagner 424d9e4224
syncoid on photoprism 2024-05-11 00:20:55 +02:00
Ingolf Wagner 2859b2747d
fix forgejo error 2024-05-10 23:18:04 +02:00
Ingolf Wagner 0aac16e831
enable photoprism on orbi 2024-05-10 23:17:45 +02:00
Ingolf Wagner 2a96cc02d3
add photoprism on orbi 2024-05-10 20:53:21 +02:00
Ingolf Wagner 60140abca2
update 2024-05-10 19:51:09 +02:00
Ingolf Wagner ff2ac19279
gitea -> forgejo 2024-05-08 22:07:30 +02:00
Ingolf Wagner 4c6f37ed89
update private_assets 2024-05-08 21:45:10 +02:00
Ingolf Wagner 94dfd5c8b6
update private_assets modules 2024-05-08 21:21:02 +02:00
Ingolf Wagner 99dda7fc86
fix kmonad 2024-05-06 07:53:14 +02:00
Ingolf Wagner 518ca37253
rename vault 2024-05-05 14:12:24 +02:00
Ingolf Wagner 98fcb131ea
fiddle around with wayland 2024-05-04 23:02:41 +02:00
Ingolf Wagner 708e93b9ba
fiddle around with wayland 2024-05-04 10:20:22 +02:00
Ingolf Wagner 670ce72ce9
wip wayland 2024-05-04 10:02:43 +02:00
Ingolf Wagner 43127e2660
wip on wayland 2024-05-03 23:43:26 +02:00
Ingolf Wagner 4b10d4a813
update 2024-05-02 16:48:41 +02:00
Ingolf Wagner d55efba45d
add marp 2024-04-28 19:55:42 +02:00
Ingolf Wagner c8d75a912a
logseq 10.8 version is a bit broken 2024-04-27 11:29:59 +02:00
Ingolf Wagner db3634eb5e
fix syncthing errors 2024-04-25 11:44:15 +02:00
Ingolf Wagner e163d452d9
add zfs commands 2024-04-25 11:39:11 +02:00
Ingolf Wagner 65eac0b41c
add OSCAR and to read CPAP data 2024-04-25 11:16:49 +02:00
Ingolf Wagner 57771e1147
update 2024-04-25 10:19:14 +02:00
Ingolf Wagner 467a0daa6a
add iPhone and iPad to syncthing.nix 2024-04-24 17:28:41 +02:00
Ingolf Wagner 0d36555a4e
fix bitwarden again 2024-04-23 14:30:01 +02:00
Ingolf Wagner 3fdec0d307
add some tools for presentations 2024-04-23 10:00:51 +02:00
Ingolf Wagner b6d15321d2
move atuin patch to assets 2024-04-21 21:15:45 +02:00
Ingolf Wagner 81039c1f8e
update 2024-04-21 14:00:59 +02:00
Ingolf Wagner 6fe2d22fc8
update rofi-calc 2024-04-21 14:00:51 +02:00
Ingolf Wagner fdf68b1382
update smoke-test 2024-04-21 11:21:04 +02:00
Ingolf Wagner d1c723d077
rename 2024-04-21 11:03:13 +02:00
Ingolf Wagner 86d22b1559
fix atuin again 2024-04-19 21:07:41 +02:00
Ingolf Wagner 8da88a8ea5
use rofi instead of albert now 2024-04-19 20:27:25 +02:00
Ingolf Wagner 353cb14efa
use rofi instead of albert now 2024-04-19 20:16:28 +02:00
181 changed files with 2396 additions and 3529 deletions
Show stats Expand all files Collapse all files

1110
flake.lock
View file

File diff suppressed because it is too large Load diff

323
flake.nix
View file

@ -2,7 +2,7 @@
inputs = { inputs = {
secrets = { secrets = {
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main"; url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
flake = false; flake = false;
}; };
@ -11,126 +11,113 @@
clan-core = { clan-core = {
url = "git+https://git.clan.lol/clan/clan-core"; url = "git+https://git.clan.lol/clan/clan-core";
#url = "git+file:///home/palo/dev/nixos/clan-core";
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable. inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
inputs.flake-parts.follows = "flake-parts"; inputs.flake-parts.follows = "flake-parts";
}; };
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-legacy_2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05"; nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-anywhere.url = "github:nix-community/nixos-anywhere"; nixos-anywhere.url = "github:nix-community/nixos-anywhere";
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; #url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; url = "github:nix-community/home-manager";
#inputs.nixpkgs.follows = "nixpkgs";
}; };
polygon-art = { polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
}; };
sops-nix.url = "github:Mic92/sops-nix";
doom-emacs-nix = {
url = "github:nix-community/nix-doom-emacs";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-utils = { home-manager-utils = {
url = "github:mrvandalo/home-manager-utils"; url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
nixpkgs-fmt = {
url = "github:nix-community/nixpkgs-fmt";
inputs.nixpkgs.follows = "nixpkgs";
};
grocy-scanner = {
url = "github:mrVanDalo/grocy-scanner";
inputs.nixpkgs.follows = "nixpkgs";
};
permown = { permown = {
url = "github:mrVanDalo/module.permown"; url = "github:mrVanDalo/module.permown";
#url = "git+file:///home/palo/dev/nixos/permown"; #url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
private_assets = { private_assets = {
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets"; url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main"; #url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = true; flake = true;
}; };
retiolum = { retiolum = {
url = "github:Mic92/retiolum"; url = "github:Mic92/retiolum";
#url = "git+file:///home/palo/dev/nixos/retiolum"; #url = "git+file:///home/palo/dev/nixos/retiolum";
}; };
srvos.url = "github:nix-community/srvos"; srvos.url = "github:nix-community/srvos";
srvos_nixpkgs.follows = "srvos/nixpkgs";
landingpage = { landingpage = {
#url = "git+file:///home/palo/dev/landingpage"; #url = "git+file:///home/palo/dev/landingpage";
url = "github:mrVanDalo/landingpage"; url = "github:mrVanDalo/landingpage";
}; };
# todo: mabye use https://github.com/jtroo/kanata instead
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
kmonad = { kmonad = {
url = "github:kmonad/kmonad?dir=nix"; url = "github:kmonad/kmonad?dir=nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixinate.url = "github:matthewcroughan/nixinate";
stylix = { stylix = {
#url = "github:danth/stylix?ref=35cab8eb76c1d3672b2b290a64f357847c30d090"; #url = "github:danth/stylix?ref=35cab8eb76c1d3672b2b290a64f357847c30d090";
url = "github:danth/stylix/release-23.11"; #url = "github:danth/stylix/release-23.11";
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager"; inputs.home-manager.follows = "home-manager";
}; };
smoke = {
url = github:SamirTalwar/smoke; # smoke test framwork to trigger tests (enable if I want to use it for real)
inputs.nixpkgs.follows = "nixpkgs"; #smoke = {
}; # url = github:SamirTalwar/smoke;
# inputs.nixpkgs.follows = "nixpkgs";
#};
# had to override it to remove colors
taskshell = { taskshell = {
url = "github:mrvandalo/taskshell"; url = "github:mrvandalo/taskshell";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
overviewer.url = "git+ssh://gitea@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
# my own tool
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
}; };
outputs = outputs =
inputs@{ self inputs@{ self
, clan-core , clan-core
, disko
, dns
, doom-emacs-nix
, flake-parts , flake-parts
, grocy-scanner
, home-manager , home-manager
, home-manager-utils , home-manager-utils
, kmonad , kmonad
, landingpage , landingpage
, nixinate
, nixos-anywhere , nixos-anywhere
, nixos-hardware , nixos-hardware
, nixpkgs , nixpkgs
, nixpkgs-fmt
, nixpkgs-legacy_2105 , nixpkgs-legacy_2105
, nixpkgs-legacy_2205 , nixpkgs-legacy_2205
, nixpkgs-legacy_2211 , nixpkgs-legacy_2211
, nixpkgs-legacy_2305 , nixpkgs-legacy_2305
, nixpkgs-unstable , nixpkgs-legacy_2311
, overviewer , overviewer
, permown , permown
, polygon-art , polygon-art
, private_assets , private_assets
, retiolum , retiolum
, secrets , secrets
, smoke
, sops-nix
, srvos , srvos
, srvos_nixpkgs
, stylix , stylix
, taskshell , taskshell
}: }:
@ -147,28 +134,28 @@
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
config.permittedInsecurePackages = [ config.permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6" "python-2.7.18.6"
"python-2.7.18.7" "python-2.7.18.7"
"electron-24.8.6" # for bitwarden "python-2.7.18.8"
]; ];
overlays = [ overlays = [
(_self: _super: { (_self: _super: {
unstable = import nixpkgs-unstable { # todo : remove this, we are on unstable in the future
unstable = import nixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
}; };
legacy_2211 = import nixpkgs-legacy_2211 { inherit system; };
legacy_2205 = import nixpkgs-legacy_2205 { inherit system; }; legacy_2205 = import nixpkgs-legacy_2205 { inherit system; };
legacy_2105 = nixpkgs-legacy_2105 { inherit system; }; legacy_2211 = import nixpkgs-legacy_2211 { inherit system; };
legacy_2305 = nixpkgs-legacy_2105 { inherit system; }; legacy_2305 = import nixpkgs-legacy_2305 { inherit system; };
legacy_2311 = import nixpkgs-legacy_2311 { inherit system; };
polygon-art = polygon-art.packages.${system}; polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain; landingpage = landingpage.packages.${system}.plain;
trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server;
kmonad = kmonad.packages.${system}.kmonad; kmonad = kmonad.packages.${system}.kmonad;
tasksh = taskshell.packages.${system}.tasksh; tasksh = taskshell.packages.${system}.tasksh;
overviewer = overviewer.packages.${system}.overviewer; overviewer = overviewer.packages.${system}.overviewer;
smoke = smoke.packages.${system}.default;
}) })
(import ./nixos/pkgs) (import ./nixos/pkgs)
]; ];
@ -184,57 +171,73 @@
{ name { name
, host , host
, modules , modules
#, nixpackages ? meta.nixpkgs
}: { }: {
clan.networking.targetHost = lib.mkDefault "root@${host}"; clan.networking.targetHost = lib.mkDefault "root@${host}";
clanCore.machineIcon = null; # Optional, a path to an image file
#nixpkgs.pkgs = nixpackages;
nixpkgs.pkgs = meta.pkgs; nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system; nixpkgs.hostPlatform = meta.system;
clanCore.facts.secretStore = "password-store";
imports = modules ++ defaultModules ++ [ imports = modules ++ defaultModules ++ [
{ ./nixos/machines/${name}/configuration.nix
# clan core configuration
({ pkgs, ... }: {
imports = [ imports = [
./nixos/machines/${name}/configuration.nix # this magically adds all my machines in the zero tier network
(sopsModule name) # and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
]; ];
} clan.static-hosts.topLevelDomain = "gummybear";
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
];
})
]; ];
}; };
defaultModules = [ defaultModules = [
({ pkgs, lib, ... }: { # make flake inputs accessiable in NixOS
# todo : check if this is still needed {
nix = { _module.args.self = self;
# no channesl needed this way _module.args.inputs = self.inputs;
nixPath = [ "nixpkgs=${pkgs.path}" ]; }
# make flakes available # ssh keys
package = pkgs.nixUnstable; ({ config, ... }: {
extraOptions = '' users.users.root.openssh.authorizedKeys.keyFiles = [
experimental-features = nix-command flakes # master key
''; ./nixos/assets/ssh/palo_rsa.pub
}; # backup key
"${config.clanCore.clanDir}/machines/chungus/facts/syncoid.ssh.id_ed25519.pub"
];
}) })
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; } # configure nix
({ pkgs, ... }:
{
nix.settings.substituters = [ "https://cache.nixos.org/" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.max-jobs = 1;
# no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
})
# some modules I always use
permown.nixosModules.permown
kmonad.nixosModules.default
# some default things I always want
({ pkgs, ... }: { ({ pkgs, ... }: {
boot.tmp.useTmpfs = lib.mkDefault true; boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${pkgs.system} ]; environment.systemPackages = [
imports = [ pkgs.nixpkgs-fmt
permown.nixosModules.permown
disko.nixosModules.disko
kmonad.nixosModules.default
grocy-scanner.nixosModule
]; ];
}) })
]; ];
homeManagerModules = { pkgs, config, ... }: { stylixModules = { pkgs, config, ... }: {
imports = [ imports = [ stylix.nixosModules.stylix ];
home-manager.nixosModules.home-manager
stylix.nixosModules.stylix
];
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./nixos/assets/wallpaper.png; stylix.image = ./nixos/assets/wallpaper.png;
stylix.fonts = { stylix.fonts = {
@ -254,22 +257,29 @@
package = pkgs.noto-fonts-emoji; package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji"; name = "Noto Color Emoji";
}; };
sizes.popups = 15;
}; };
# todo: remove this if not needed anymore
#home-manager.sharedModules = [
# { stylix.targets.bemenu.enable = false; }
#];
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = [
doom-emacs-nix.hmModule
home-manager-utils.hmModule
{ stylix.targets.bemenu.enable = false; }
];
home-manager.users.mainUser.home.stateVersion = "22.11";
home-manager.users.root.home.stateVersion = "22.11";
}; };
sopsModule = name: { lib, ... }: { homeManagerModules = { pkgs, config, ... }: {
#imports = [ sops-nix.nixosModules.sops ]; imports = [
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml"; home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
inherit private_assets;
assets = ./nixos/assets;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
];
}; };
in in
@ -286,34 +296,56 @@
# Define your clan # Define your clan
clan = { clan = {
# Clan wide settings. (Required) # Clan wide settings.
clanName = "gummybears"; # Ensure to choose a unique name. clanName = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs; specialArgs = meta.specialArgs;
machines = { machines = {
sternchen = clanSetup { sternchen = clanSetup {
name = "sternchen"; name = "sternchen";
host = "sternchen.secure"; #host = "sternchen.secure";
host = "192.168.178.25";
modules = [ modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-x220 nixos-hardware.nixosModules.lenovo-thinkpad-x220
homeManagerModules homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./nixos/homes/tina;
home-manager.users.root = import ./nixos/homes/root;
}
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
({ lib, ... }: {
home-manager.sharedModules = [
{
programs.atuin.enable = lib.mkForce false;
}
];
})
{
clanCore.machineDescription = "LaLaptop";
}
]; ];
}; };
cream = clanSetup { cream = clanSetup {
name = "cream"; name = "cream";
#host = "1.2.3.4";
host = "cream.private"; host = "cream.private";
modules = [ modules = [
nixos-hardware.nixosModules.framework-12th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
private_assets.nixosModules.jobrad private_assets.nixosModules.cream
private_assets.nixosModules.yubikey
homeManagerModules homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser.gui.enable = true; }
{ {
home-manager.users.mainUser = import ./nixos/homes/palo; home-manager.users.mainUser = import ./nixos/homes/palo;
home-manager.users.root = import ./nixos/homes/root; home-manager.users.root = import ./nixos/homes/root;
} }
{
clanCore.machineDescription = "Laptop";
}
]; ];
}; };
@ -323,11 +355,16 @@
modules = [ modules = [
nixos-hardware.nixosModules.framework-13th-gen-intel nixos-hardware.nixosModules.framework-13th-gen-intel
homeManagerModules homeManagerModules
stylixModules
private_assets.nixosModules.yubikey
{ home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser.gui.enable = true; }
{ {
home-manager.users.mainUser = import ./nixos/homes/palo; home-manager.users.mainUser = import ./nixos/homes/palo;
home-manager.users.root = import ./nixos/homes/root; home-manager.users.root = import ./nixos/homes/root;
} }
{
clanCore.machineDescription = "Laptop";
}
]; ];
}; };
@ -336,42 +373,57 @@
host = "chungus.private"; host = "chungus.private";
modules = [ modules = [
homeManagerModules homeManagerModules
stylixModules
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
private_assets.nixosModules.chungus
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{ {
home-manager.users.mainUser = import ./nixos/homes/palo; home-manager.users.mainUser = import ./nixos/homes/palo;
home-manager.users.root = import ./nixos/homes/root; home-manager.users.root = import ./nixos/homes/root;
} }
{
clanCore.machineDescription = "Home Server";
}
]; ];
}; };
orbi = clanSetup { orbi = clanSetup {
name = "orbi"; name = "orbi";
host = "orbi.private"; host = "orbi.private";
# host = "95.216.66.212";
modules = [ modules = [
{
clan.networking.zerotier.controller = {
enable = true;
public = false;
};
}
homeManagerModules homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-online-intel srvos.nixosModules.hardware-hetzner-online-intel
srvos.nixosModules.server srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo srvos.nixosModules.mixins-terminfo
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; } {
# not needed for servers in general
boot.initrd.systemd.emergencyAccess = false;
systemd.enableEmergencyMode = false;
}
{ {
home-manager.users.mainUser = import ./nixos/homes/palo; home-manager.users.mainUser = import ./nixos/homes/palo;
home-manager.users.root = import ./nixos/homes/root; home-manager.users.root = import ./nixos/homes/root;
} }
{
clanCore.machineDescription = "Internet Server";
}
{
# can be removed when this is fixed https://github.com/nix-community/srvos/issues/434
system.switch.enableNg = false;
system.switch.enable = true;
}
]; ];
}; };
robi = clanSetup {
name = "robi";
host = "robi.private";
modules = [
homeManagerModules
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
{
home-manager.users.mainUser = import ./nixos/homes/palo;
home-manager.users.root = import ./nixos/homes/root;
}
];
};
}; };
}; };
@ -379,40 +431,3 @@
}); });
} }
# devShells.${system}.default =
# pkgs.mkShell {
# buildInputs = [
# nixpkgs-fmt.defaultPackage.${system}
# nixos-anywhere.packages.${system}.nixos-anywhere
# ];
# };
#apps = nixinate.nixinate.x86_64-linux self;
# packages = with nixpkgs.lib; {
# ${system} =
# let
# vms = mapAttrs'
# (host: sys: {
# name = "vm-${host}";
# value = sys.config.system.build.vm;
# })
# self.nixosConfigurations;
# sds = mapAttrs'
# (host: sys: {
# name = "sd-${host}";
# value = sys.config.system.build.sdImage;
# })
# (filterAttrs
# (n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
# self.nixosConfigurations);
# in
# vms // sds;
# };
# nixosConfigurations =
# };

1
machines/cherry/facts/ssh.id_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICsH/mPf/uURkv0UmDi/Bkm04aFbDbfzxRWT6oNSj/P nixbld@cherry

1
machines/cherry/facts/zerotier-ip Normal file
View file

@ -0,0 +1 @@
fd88:5dd8:2cf1:64aa:6999:934f:7234:bb56

1
machines/chungus/facts/ssh.id_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIqf2nOj4bC13KG6S/+QbTbKftes2qFWsEZeC5wq7TC+ nixbld@cherry

1
machines/chungus/facts/syncoid.ssh.id_ed25519.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICrdJ4EXJ0HeZXTb4AzRKQeAORBWwcawOxj4EJhV62De nixbld@cherry

1
machines/chungus/facts/zerotier-ip Normal file
View file

@ -0,0 +1 @@
fd88:5dd8:2cf1:64aa:6999:93af:db91:b46f

1
machines/cream/facts/zerotier-ip Normal file
View file

@ -0,0 +1 @@
fd88:5dd8:2cf1:64aa:6999:935d:b965:865b

1
machines/orbi/facts/zerotier-ip Normal file
View file

@ -0,0 +1 @@
fd88:5dd8:2cf1:64aa:6999:9388:5dd8:2cf1

1
machines/orbi/facts/zerotier-network-id Normal file
View file

@ -0,0 +1 @@
885dd82cf164aa69

1
machines/sternchen/facts/zerotier-ip Normal file
View file

@ -0,0 +1 @@
fd88:5dd8:2cf1:64aa:6999:9381:db7f:b93e

36
nixos/homes/common/0001-make-atuin-on-zfs-fast-again.patch → nixos/assets/0001-make-atuin-on-zfs-fast-again.patch
View file

@ -1,6 +1,6 @@
From b75e6fd3159896966dce2cf3af5b5be7e286ce1a Mon Sep 17 00:00:00 2001 From 4797a2f62ab3d2716d313aa4a3170ba9672a93b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Mon, 6 Nov 2023 15:56:26 +0100 Date: Fri, 22 Mar 2024 08:46:07 +0100
Subject: [PATCH] make atuin on zfs fast again Subject: [PATCH] make atuin on zfs fast again
MIME-Version: 1.0 MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8 Content-Type: text/plain; charset=UTF-8
@ -8,38 +8,38 @@ Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io> Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
--- ---
atuin-client/src/database.rs | 3 ++- atuin-client/src/database.rs | 4 ++--
atuin-client/src/record/sqlite_store.rs | 3 ++- atuin-client/src/record/sqlite_store.rs | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-) 2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/atuin-client/src/database.rs b/atuin-client/src/database.rs diff --git a/atuin-client/src/database.rs b/atuin-client/src/database.rs
index c4b45302..29006d59 100644 index b0bcae31..d8db492b 100644
--- a/atuin-client/src/database.rs --- a/atuin-client/src/database.rs
+++ b/atuin-client/src/database.rs +++ b/atuin-client/src/database.rs
@@ -130,7 +130,8 @@ pub async fn new(path: impl AsRef<Path>) -> Result<Self> { @@ -137,9 +137,9 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
} }
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())? let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
- .journal_mode(SqliteJournalMode::Wal) - .journal_mode(SqliteJournalMode::Wal)
+ .journal_mode(SqliteJournalMode::Memory) + .journal_mode(SqliteJournalMode::Memory)
.optimize_on_close(true, None)
- .synchronous(SqliteSynchronous::Normal)
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off) + .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
.with_regexp()
.create_if_missing(true); .create_if_missing(true);
let pool = SqlitePoolOptions::new().connect_with(opts).await?;
diff --git a/atuin-client/src/record/sqlite_store.rs b/atuin-client/src/record/sqlite_store.rs diff --git a/atuin-client/src/record/sqlite_store.rs b/atuin-client/src/record/sqlite_store.rs
index db709f20..eaed6f7a 100644 index 6333bb27..1f25a55b 100644
--- a/atuin-client/src/record/sqlite_store.rs --- a/atuin-client/src/record/sqlite_store.rs
+++ b/atuin-client/src/record/sqlite_store.rs +++ b/atuin-client/src/record/sqlite_store.rs
@@ -37,7 +37,8 @@ pub async fn new(path: impl AsRef<Path>) -> Result<Self> { @@ -42,6 +42,8 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
}
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())? let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
- .journal_mode(SqliteJournalMode::Wal) .journal_mode(SqliteJournalMode::Wal)
+ .journal_mode(SqliteJournalMode::Memory) + .journal_mode(SqliteJournalMode::Memory)
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off) + .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
.foreign_keys(true)
.create_if_missing(true); .create_if_missing(true);
let pool = SqlitePoolOptions::new().connect_with(opts).await?;
--
2.42.0
--
2.43.1

4
nixos/components/gui/default.nix
View file

@ -13,12 +13,12 @@ with lib;
./fonts.nix ./fonts.nix
./home-manager ./home-manager
./kmonad.nix ./kmonad.nix
./noti.nix #./noti.nix
./pass.nix ./pass.nix
./steam.nix ./steam.nix
./suspend.nix ./suspend.nix
./taskwarrior.nix
./vscode.nix ./vscode.nix
./wayland.nix
./xorg ./xorg
]; ];

6
nixos/components/gui/kmonad.nix
View file

@ -14,8 +14,8 @@
users.users.mainUser.extraGroups = [ "input" ]; users.users.mainUser.extraGroups = [ "input" ];
services.xserver = { services.xserver = {
layout = "us"; xkb.layout = "us";
xkbOptions = "compose:ralt"; xkb.options = "compose:ralt";
}; };
services.kmonad = { services.kmonad = {
@ -81,7 +81,7 @@
{ {
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ]; nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ]; dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-if01-event-kbd" [ "lctl" "lmet" "lalt" ]; uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
}; };
}; };
}; };

2
nixos/components/gui/noti.nix
View file

@ -1,4 +1,5 @@
# notify me when a command is finished # notify me when a command is finished
# todo : secret managment is shit
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
{ {
@ -7,6 +8,7 @@ with lib;
default = config.components.gui.enable; default = config.components.gui.enable;
}; };
# todo : put this in `/homes`
config = mkIf (config.components.gui.noti.enable) { config = mkIf (config.components.gui.noti.enable) {
sops.secrets.pushover_user_key = { }; sops.secrets.pushover_user_key = { };

90
nixos/components/gui/taskwarrior.nix
View file

@ -1,90 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
with types;
let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
mkOption {
inherit example description default apply;
type = with lib.types;
let
valueType = nullOr
(oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "bool, int, float or str";
emptyValue.value = { };
};
in
valueType;
};
in
{
options.components.gui.taskwarrior.enable = mkOption {
type = bool;
default = config.components.gui.enable;
};
options.components.gui.taskwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
config = mkIf (config.components.gui.taskwarrior.enable) {
environment.systemPackages = with pkgs; [
unstable.taskwarrior-tui
taskwarrior
timewarrior
miller
tasksh
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
(pkgs.writers.writeBashBin "calendar" ''
${pkgs.taskwarrior}/bin/task calendar
${pkgs.taskwarrior}/bin/task calendar_report
'')
unstable.vit
(pkgs.writers.writeBashBin "active" "${unstable.taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${unstable.taskwarrior-tui}/bin/taskwarrior-tui -r todo")
taskwarrior-hooks
vdirsyncer
khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
# todo : before deleting this, put it in trilium
(python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop";
src = pkgs.fetchFromGitHub {
owner = "ralphbean";
repo = "bugwarrior";
rev = "eb19a702a698f9c8c3ce2a1fe41f35872d9ae398";
sha256 = "sha256-Geon+ddE58WJ10L4unotzvmZj1Ye0yjZHVQgrR2YWgE=";
};
propagatedBuildInputs = old.propagatedBuildInputs ++ [
python3Packages.pydantic
python3Packages.tomli
python3Packages.email-validator
python3Packages.packaging
];
}))
];
#home-manager.users.mainUser.home.file.".config/bugwarrior/bugwarriorrc".source = ./bugwarriorc.ini;
#home-manager.users.mainUser.home.file.".config/bugwarrior/bugwarriorrc".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.components.gui.taskwarrior.config;
home-manager.users.mainUser.home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.components.gui.taskwarrior.config;
};
}

13
nixos/components/gui/wayland.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
{
options.components.gui.wayland.enable = mkOption {
type = lib.types.bool;
default = ! config.components.gui.xorg.enable;
};
config = mkIf config.components.gui.wayland.enable {
programs.hyprland.enable = true;
};
}

48
nixos/components/gui/xorg/default.nix
View file

@ -4,46 +4,48 @@ with lib;
imports = [ ./xlock.nix ]; imports = [ ./xlock.nix ];
config = mkIf config.components.gui.enable { options.components.gui.xorg.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf config.components.gui.xorg.enable {
# system.custom.fonts.enable = true; # system.custom.fonts.enable = true;
services.displayManager = {
defaultSession = lib.mkDefault "none+i3";
autoLogin.enable = lib.mkDefault true;
autoLogin.user = config.users.users.mainUser.name;
};
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager = { displayManager = {
defaultSession = lib.mkDefault "none+i3";
autoLogin.enable = lib.mkDefault true;
autoLogin.user = config.users.users.mainUser.name;
lightdm.enable = lib.mkDefault true; lightdm.enable = lib.mkDefault true;
}; };
desktopManager = { desktopManager.xterm.enable = false;
xterm.enable = false; windowManager.i3.enable = true;
};
windowManager = {
xmonad.enable = true;
xmonad.enableContribAndExtras = true;
i3.enable = true;
};
# mouse/touchpad # mouse/touchpad
# -------------- # --------------
libinput = {
enable = true;
touchpad = {
disableWhileTyping = true;
tapping = true;
scrollMethod = "twofinger";
accelSpeed = "1.3";
naturalScrolling = true;
horizontalScrolling = true;
};
};
}; };
services.libinput = {
enable = true;
touchpad = {
disableWhileTyping = true;
tapping = true;
scrollMethod = "twofinger";
accelSpeed = "1.3";
naturalScrolling = true;
horizontalScrolling = true;
};
};
# Packages # Packages
# -------- # --------
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

2
nixos/components/gui/xorg/xlock.nix
View file

@ -11,7 +11,7 @@ let
in in
{ {
config = mkIf config.components.gui.enable { config = mkIf config.components.gui.xorg.enable {
environment.systemPackages = [ environment.systemPackages = [
lockProgram lockProgram
(pkgs.makeDesktopItem { (pkgs.makeDesktopItem {

15
nixos/components/monitor/container.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib, config, ... }:
with lib;
with types;
{
imports = [ ./default.nix ];
config = {
components.monitor.enable = mkDefault true;
components.monitor.metrics.enable = mkDefault false;
components.monitor.opentelemetry.enable = false;
services.journald.extraConfig = "SystemMaxUse=1G";
};
}

20
nixos/components/monitor/default.nix
View file

@ -1,20 +1,32 @@
{ lib, ... }: { lib, config, ... }:
with lib; with lib;
with types; with types;
{ {
options.components.monitor = { options.components.monitor = {
enable = mkOption { enable = mkOption {
type = bool; type = bool;
default = true; default = true;
}; };
metrics.enable = mkOption {
type = bool;
default = config.components.monitor.enable;
};
logs.enable = mkOption {
type = bool;
default = config.components.monitor.enable;
};
}; };
imports = [ imports = [
./netdata.nix ./logs-promtail.nix
./metrics-export-zfs.nix
./metrics-netdata.nix
./metrics-prometheus.nix
./metrics-telegraf.nix
./opentelemetry.nix
]; ];
config = mkIf config.components.monitor.enable { }; config = mkIf config.components.monitor.enable { };
} }

178
nixos/components/monitor/logs-promtail.nix Normal file
View file

@ -0,0 +1,178 @@
{ config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.promtail;
in
{
options.components.monitor.promtail = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.logs.enable;
};
port = mkOption {
type = int;
default = 3500;
description = "port to provide promtail export";
};
};
config = mkMerge [
(mkIf config.components.monitor.opentelemetry.enable {
services.opentelemetry-collector.settings = {
receivers.loki = {
protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
use_incoming_timestamp = true;
};
service.pipelines.logs.receivers = [ "loki" ];
};
})
(mkIf config.components.monitor.promtail.enable {
services.promtail = {
enable = true;
configuration = {
server. disable = true;
positions.filename = "/var/cache/promtail/positions.yaml";
clients = [
{ url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
];
scrape_configs =
let
_replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
_elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
_if = index: ''{{ if eq .Value "${toString index}" }}'';
_end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
in
[
{
job_name = "journal";
journal = {
json = true;
max_age = "12h";
labels.job = "systemd-journal";
};
pipeline_stages = [
{
# Set of key/value pairs of JMESPath expressions. The key will be
# the key in the extracted data while the expression will be the value,
# evaluated as a JMESPath from the source data.
json.expressions = {
# journalctl -o json | jq and you'll see these
boot_id = "_BOOT_ID";
facility = "SYSLOG_FACILITY";
facility_label = "SYSLOG_FACILITY";
instance = "_HOSTNAME";
msg = "MESSAGE";
priority = "PRIORITY";
priority_label = "PRIORITY";
transport = "_TRANSPORT";
unit = "_SYSTEMD_UNIT";
# coredump
#coredump_cgroup = "COREDUMP_CGROUP";
#coredump_exe = "COREDUMP_EXE";
#coredump_cmdline = "COREDUMP_CMDLINE";
#coredump_uid = "COREDUMP_UID";
#coredump_gid = "COREDUMP_GID";
};
}
{
# Set the unit (defaulting to the transport like audit and kernel)
template = {
source = "unit";
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
};
}
{
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
replace = {
source = "unit";
expression = "^(session-\\d+.scope)$";
replace = "session.scope";
};
}
{
# Map priority to human readable
template = {
source = "priority_label";
#template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
template = createTemplateLine [
"emergency"
"alert"
"critical"
"error"
"warning"
"notice"
"info"
"debug"
];
};
}
{
# Map facility to human readable
template =
{
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
}
{
# Key is REQUIRED and the name for the label that will be created.
# Value is optional and will be the name from extracted data whose value
# will be used for the value of the label. If empty, the value will be
# inferred to be the same as the key.
labels = {
boot_id = "";
facility = "";
facility_label = "";
instance = "";
priority = "";
priority_label = "";
transport = "";
unit = "";
};
}
{
# Write the proper message instead of JSON
output.source = "msg";
}
];
}
];
};
};
})
];
}

32
nixos/components/monitor/metrics-export-zfs.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, config, lib, ... }:
with lib;
with types;
{
options.components.monitor.exporters.zfs.enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
config = mkMerge [
(mkIf config.components.monitor.exporters.zfs.enable {
services.telegraf.extraConfig.inputs.zfs = { };
services.prometheus.exporters.zfs.enable = true;
services.opentelemetry-collector.settings = {
receivers.prometheus.config.scrape_configs = [
{
job_name = "zfs";
scrape_interval = "10s";
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
];
service.pipelines.metrics.receivers = [ "prometheus" ];
};
})
];
}

35
nixos/components/monitor/metrics-netdata.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, pkgs, config, ... }:
with lib;
with types;
{
options.components.monitor.netdata = {
enable = mkOption {
type = bool;
default = config.components.monitor.metrics.enable;
};
};
config = mkIf config.components.monitor.netdata.enable {
# netdata sink
services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
{
job_name = "netdata";
scrape_interval = "10s";
metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ];
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
}
];
# https://docs.netdata.cloud/daemon/config/
services.netdata = {
enable = lib.mkDefault true;
config = {
global = {
"memory mode" = "ram";
};
};
};
};
}

45
nixos/components/monitor/metrics-prometheus.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.prometheus;
in
{
options.components.monitor.prometheus = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
port = mkOption {
type = int;
default = 8090;
description = "port to provide Prometheus export";
};
};
config = mkMerge [
(mkIf config.components.monitor.prometheus.enable {
services.prometheus = {
checkConfig = "syntax-only";
enable = true;
};
})
(mkIf config.components.monitor.prometheus.enable {
services.opentelemetry-collector.settings = {
exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
service.pipelines.metrics.exporters = [ "prometheus" ];
};
services.prometheus.scrapeConfigs = [
{
job_name = "opentelemetry";
metrics_path = "/metrics";
scrape_interval = "10s";
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
}
];
})
];
}

50
nixos/components/monitor/metrics-telegraf.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, pkgs, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.telegraf;
in
{
options.components.monitor.telegraf = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
influxDBPort = mkOption {
type = int;
default = 8088;
description = "Port to listen on influxDB input";
};
};
config = lib.mkMerge [
(mkIf config.components.monitor.telegraf.enable {
# opentelemetry wireing
services.opentelemetry-collector.settings = {
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ];
};
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
})
(mkIf config.components.monitor.telegraf.enable {
systemd.services.telegraf.path = [ pkgs.inetutils ];
services.telegraf = {
enable = true;
extraConfig = {
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
inputs = {
cpu = { };
diskio = { };
processes = { };
system = { };
systemd_units = { };
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
};
};
};
})
];
}

33
nixos/components/monitor/netdata.nix
View file

@ -1,33 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
with types;
{
config = lib.mkIf config.components.monitor.enable {
services.netdata = {
enable = lib.mkDefault true;
# https://docs.netdata.cloud/daemon/config/
config = {
global = {
"memory mode" = "ram";
};
};
#configDir."python.d.conf" = pkgs.writeText "python.d.conf" ''
# example: yes
# default_run: no
# samba: yes
#'';
};
# add samba to path of python plugin
#systemd.services.netdata.path = [ pkgs.sudo pkgs.samba ];
#systemd.services.netdata.serviceConfig.CapabilityBoundingSet = [ "~" ];
#security.sudo.extraConfig = ''
# netdata ALL=(root) NOPASSWD: ${pkgs.samba}/bin/smbstatus
# netdata ALL=(root) NOPASSWD: /run/current-system/sw/bin/smbstatus
#'';
};
}

205
nixos/components/monitor/opentelemetry.nix Normal file
View file

@ -0,0 +1,205 @@
{ pkgs, config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.opentelemetry;
in
{
options.components.monitor.opentelemetry = {
enable = mkOption {
type = bool;
default = config.components.monitor.enable;
description = "weather or not to use opentelemetry";
};
receiver.endpoint = mkOption {
type = nullOr str;
default = null;
description = "endpoint to receive the opentelementry data from other collectors";
};
exporter.endpoint = mkOption {
type = nullOr str;
default = null;
description = "endpoint to ship opentelementry data too";
};
exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]);
default = null;
description = "enable debug exporter.";
};
metrics.endpoint = mkOption {
type = str;
default = "127.0.0.1:8100";
description = "endpoint on where to provide opentelementry metrics";
};
};
config = mkMerge [
(mkIf config.components.monitor.opentelemetry.enable {
services.opentelemetry-collector = {
enable = true;
package = pkgs.unstable.opentelemetry-collector-contrib;
};
})
# add default tags to metrics
# todo : make sure we filter out metrics from otlp receivers
(mkIf config.components.monitor.enable {
services.opentelemetry-collector.settings = {
processors = {
# https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
"resourcedetection/system" = {
detectors = [ "system" ];
override = false;
system.hostname_sources = [ "os" ];
};
metricstransform.transforms = [
{
include = ".*";
match_type = "regexp";
action = "update";
operations = [{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}];
}
];
};
};
})
(mkIf config.components.monitor.metrics.enable {
services.opentelemetry-collector.settings = {
service.pipelines.metrics.processors = [
"metricstransform"
"resourcedetection/system"
];
};
})
(mkIf config.components.monitor.logs.enable {
services.opentelemetry-collector.settings = {
service.pipelines.logs.processors = [ "resourcedetection/system" ];
};
})
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = {
exporters.debug = {
verbosity = "detailed";
sampling_initial = 5;
sampling_thereafter = 200;
};
service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
exporters = [ "debug" ];
};
};
})
# ship to next instance
(mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
services.opentelemetry-collector.settings = {
exporters.otlp = {
endpoint = cfg.exporter.endpoint;
tls.insecure = true;
};
};
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ];
};
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ];
};
})
# ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
services.opentelemetry-collector.settings = {
receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
};
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ];
};
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ];
};
})
# scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?)
# todo : enable me only when metrics.endpoint is set.
(mkIf config.components.monitor.metrics.enable {
services.opentelemetry-collector.settings = {
receivers = {
prometheus.config.scrape_configs = [
{
job_name = "otelcol";
scrape_interval = "10s";
static_configs = [{
targets = [ cfg.metrics.endpoint ];
}];
metric_relabel_configs = [
{
source_labels = [ "__name__" ];
regex = ".*grpc_io.*";
action = "drop";
}
];
}
];
};
service = {
pipelines.metrics = {
receivers = [ "prometheus" ];
};
# todo : this should be automatically be collected
# open telemetries own metrics?
telemetry.metrics.address = cfg.metrics.endpoint;
};
};
})
(mkIf (! config.components.monitor.metrics.enable) {
services.opentelemetry-collector.settings = {
service.telemetry.metrics.level = "none";
};
})
];
}

3
nixos/components/network/hosts.nix
View file

@ -1,6 +1,5 @@
{ {
networking.extraHosts = '' networking.extraHosts = ''
144.76.13.147 robi 95.216.66.212 orbi.public
95.216.66.212 orbi
''; '';
} }

32
nixos/components/network/nginx.nix
View file

@ -33,23 +33,37 @@ with lib;
# for loki logging # for loki logging
commonHttpConfig = '' commonHttpConfig = ''
log_format logfmt escape=json 'timestamp=$time_iso8601 ' log_format logfmt
'facility=nginx ' 'timestamp="$time_iso8601" '
'src_addr=$remote_addr ' 'facility="nginx" '
'body_bytes_sent=$body_bytes_sent ' 'src_addr="$remote_addr" '
'request_time=$request_time ' 'body_bytes_sent="$body_bytes_sent" '
'response_status=$status ' 'request_time="$request_time" '
'request="$request" ' 'response_status="$status" '
'request_method="$request_method" ' 'request_method="$request_method" '
'request="$request" '
'host="$host" ' 'host="$host" '
'upstream_cache_status="$upstream_cache_status" ' 'upstream_cache_status="$upstream_cache_status" '
'upstream_addr="$upstream_addr" ' 'upstream_addr="$upstream_addr" '
'http_x_forwarded_for="$http_x_forwarded_for" ' 'http_x_forwarded_for="$http_x_forwarded_for" '
'http_referrer="$http_referer" ' 'http_referrer="$http_referer" '
'http_user_agent="$http_user_agent"'; 'http_user_agent="$http_user_agent" ';
log_format json_combined escape=json
'{'
'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"request":"$request",'
'"status": "$status",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_time":"$request_time",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
# log to local journald # log to local journald
access_log syslog:server=unix:/dev/log logfmt; access_log syslog:server=unix:/dev/log,nohostname logfmt;
''; '';
}; };

3
nixos/components/network/sshd/default.nix
View file

@ -82,7 +82,8 @@ in
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles; users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
services.openssh.banner = builtins.readFile sshBanner; # todo enable again when I can it's possible to set the `-q` ssh option in clan
#services.openssh.banner = builtins.readFile sshBanner;
}) })

77
nixos/components/network/syncthing.nix
View file

@ -31,18 +31,13 @@ with lib; {
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK") // (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
// (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH") // (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH")
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ") // (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
// { // {
bumba = { bumba = {
name = "windows-bumba"; name = "windows-bumba";
id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ"; id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
}; };
}
// {
mors = {
name = "lassulus-mors";
id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
addresses = [ "tcp://mors.r:22000" ];
};
}; };
settings.folders = { settings.folders = {
@ -54,16 +49,6 @@ with lib; {
path = lib.mkDefault "/tmp/audiobooks"; path = lib.mkDefault "/tmp/audiobooks";
devices = [ "chungus" "orbi" ]; devices = [ "chungus" "orbi" ];
}; };
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" ];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ];
};
books = { books = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books"; path = lib.mkDefault "/tmp/books";
@ -73,15 +58,6 @@ with lib; {
params.keep = "2"; params.keep = "2";
}; };
}; };
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
desktop = { desktop = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop"; path = lib.mkDefault "/tmp/desktop";
@ -90,22 +66,51 @@ with lib; {
finance = { finance = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance"; path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "mobi" "bobi" ]; devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
flix = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix";
devices = [ "chungus" "orbi" ];
};
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" "iPhone" "iPad" ];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ];
};
oscar_cpap = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ "chungus" "cream" "cherry" ];
};
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
}; };
}; };
# todo remove if zfs is is used # todo remove if zfs is is used
nextcloud_backup = { #nextcloud_backup = {
enable = lib.mkDefault false; # enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lost-fotos"; # path = lib.mkDefault "/tmp/lost-fotos";
devices = [ "chungus" "robi" ]; # devices = [ "chungus" "robi" ];
versioning = { # versioning = {
type = "simple"; # type = "simple";
params.keep = "2"; # params.keep = "2";
}; # };
}; #};
}; };
}; };

62
nixos/components/network/tinc/private.nix
View file

@ -24,6 +24,7 @@ let
"sonarr.orbi" = hosts.orbi; "sonarr.orbi" = hosts.orbi;
"radarr.orbi" = hosts.orbi; "radarr.orbi" = hosts.orbi;
"prowlarr.orbi" = hosts.orbi; "prowlarr.orbi" = hosts.orbi;
"photoprism.orbi" = hosts.orbi;
# robi # robi
"grafana.robi" = hosts.robi; "grafana.robi" = hosts.robi;
"loki.robi" = hosts.robi; "loki.robi" = hosts.robi;
@ -49,23 +50,23 @@ let
"minio.chungus" = hosts.chungus; "minio.chungus" = hosts.chungus;
"sync.chungus" = hosts.chungus; "sync.chungus" = hosts.chungus;
"tdarr.chungus" = hosts.chungus; "tdarr.chungus" = hosts.chungus;
"trilium.chungus" = hosts.chungus;
"tts.chungus" = hosts.chungus; "tts.chungus" = hosts.chungus;
"paperless.chungus" = hosts.chungus; "paperless.chungus" = hosts.chungus;
# cream
"trilium.cream" = hosts.cream;
}; };
network = "private"; network = "private";
in in
{ {
networking.firewall.trustedInterfaces = [ "tinc.${network}" ]; networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
sops.secrets.tinc_ed25519_key = { }; clanCore.facts.services.tinc_private = {
secret."tinc_private.ed25519_key" = { };
generator.script = "";
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path; ed25519PrivateKeyFile = config.clanCore.facts.services.tinc_private.secret."tinc_private.ed25519_key".path;
interfaceType = "tap"; interfaceType = "tap";
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
@ -129,55 +130,4 @@ in
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)); networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
services.openssh.knownHosts = {
"orbi" = {
hostNames = [
"orbi.${network}"
hosts.orbi
"orbi"
"95.216.66.212"
"git.ingolf-wagner.de"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTqV5ch4BokqDniDgCquRwfTz6aXXMTdZovIvqShfLV";
};
"robi" = {
hostNames = [
"robi.${network}"
hosts.robi
"robi"
"144.76.13.147"
"taskd.ingolf-wagner.de"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
};
"cherry.${network}" = {
hostNames = [ "cherry.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUXkewyZ94A7CeCyVvN0KCqPn+8x1BZaGWMAojlfCXO";
};
"pepe.${network}" = {
hostNames = [ "pepe.${network}" hosts.pepe ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
};
"chungus.${network}" = {
hostNames = [ "chungus.${network}" hosts.chungus ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9jrbOJbgapreRjttyOKWv5vxGMThn7kAwlk8WnSyL9";
};
"bobi.${network}" = {
hostNames = [ "bobi.${network}" hosts.bobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
};
"mobi.${network}" = {
hostNames = [ "mobi.${network}" hosts.mobi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
};
};
} }

15
nixos/components/network/wifi.nix
View file

@ -14,14 +14,13 @@ with types;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.networkmanager.wifi.powersave = lib.mkDefault true; networking.networkmanager.wifi.powersave = lib.mkDefault true;
networking.networkmanager.extraConfig = ''
# The number of times a connection activation should be automatically tried # The number of times a connection activation should be automatically tried
# before switching to another one. This value applies only to connections # before switching to another one. This value applies only to connections
# that can auto-connect and have a connection. autoconnect-retries property set to -1. # that can auto-connect and have a connection. autoconnect-retries property set to -1.
# If not specified, connections will be tried 4 times. # If not specified, connections will be tried 4 times.
# Setting this value to 1 means to try activation once, without retry. # Setting this value to 1 means to try activation once, without retry.
autoconnect-retries-default=999 networking.networkmanager.settings.main.autoconnect-retries-default = 999;
'';
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;

12
nixos/components/network/wireguard.nix
View file

@ -11,5 +11,17 @@ with lib;
}; };
}; };
# todo: use networking.wireguard instead of networking wg-quick
# with dynamicEndpointRefreshSeconds
#config = {
# systemd.services.wg-quick-wg0.serviceConfig = {
# Restart = "always";
# RestartSec = 50;
# Type = mkForce "simple";
# RemainAfterExit = mkForce false;
# };
#};
} }

4
nixos/components/nixos/upgrade-diff.nix
View file

@ -1,5 +1,5 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ config, lib, ... }: { config, lib, pkgs, ... }:
{ {
options.components.nixos.update-diff.enable = lib.mkOption { options.components.nixos.update-diff.enable = lib.mkOption {
@ -13,7 +13,7 @@
text = '' text = ''
if [[ -e /run/current-system ]]; then if [[ -e /run/current-system ]]; then
echo "--- diff to current-system" echo "--- diff to current-system"
${config.nix.package}/bin/nix --extra-experimental-features nix-command store diff-closures /run/current-system "$systemConfig" ${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig"
echo "---" echo "---"
fi fi
''; '';

10
nixos/components/yubikey.nix
View file

@ -14,14 +14,7 @@ with lib;
config = mkIf config.components.yubikey.enable { config = mkIf config.components.yubikey.enable {
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [ services.udev.packages = [ pkgs.yubikey-personalization ];
pkgs.yubikey-personalization
# additional services, but I just want gpg
# pkgs.libu2f-host
];
environment.systemPackages = [ environment.systemPackages = [
@ -43,6 +36,7 @@ with lib;
]; ];
## managed by home-manager now ## managed by home-manager now
#environment.shellInit = '' #environment.shellInit = ''
# export GPG_TTY="$(tty)" # export GPG_TTY="$(tty)"

1
nixos/homes/common/default.nix
View file

@ -3,6 +3,7 @@
imports = [ imports = [
./packages.nix ./packages.nix
./terminal.nix ./terminal.nix
./zfs.nix
]; ];
options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?"; options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
} }

1
nixos/homes/common/packages.nix
View file

@ -11,6 +11,7 @@ with lib;
ipcalc ipcalc
units units
difftastic
parallel parallel

15
nixos/homes/common/terminal.nix
View file

@ -1,4 +1,4 @@
{ lib, pkgs, ... }: { lib, pkgs, assets, ... }:
{ {
programs.zsh = { programs.zsh = {
@ -18,7 +18,7 @@
# a better cat # a better cat
programs.bat = { programs.bat = {
enable = true; enable = true;
config.theme = "gruvbox-light"; #config.theme = "gruvbox-light";
}; };
home.shellAliases.cat = "${pkgs.bat}/bin/bat --theme='gruvbox-light'"; home.shellAliases.cat = "${pkgs.bat}/bin/bat --theme='gruvbox-light'";
@ -36,12 +36,11 @@
enable = true; enable = true;
enableBashIntegration = true; enableBashIntegration = true;
enableZshIntegration = true; enableZshIntegration = true;
package = pkgs.unstable.atuin; #package = pkgs.unstable.atuin;
# todo not needed anymore package = pkgs.unstable.atuin.overrideAttrs (_old: {
#package = pkgs.unstable.atuin.overrideAttrs (_old: { # as cursed as doing mitigations=off in the kernel command line
# # as cursed as doing mitigations=off in the kernel command line patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
# patches = [ ./0001-make-atuin-on-zfs-fast-again.patch ]; });
#});
settings = { settings = {
auto_sync = true; auto_sync = true;
sync_frequency = "5m"; sync_frequency = "5m";

27
nixos/homes/common/zfs.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, pkgs, lib, ... }:
with pkgs;
with lib;
{
config = mkMerge [
{
home.packages = [
(
let
options = [
"name"
"mountpoint"
"compression"
"com.sun:auto-snapshot:yearly"
"com.sun:auto-snapshot:monthly"
"com.sun:auto-snapshot:daily"
"com.sun:auto-snapshot:hourly"
];
in
pkgs.writers.writeBashBin "zfs-overview" ''
${pkgs.zfs}/bin/zfs list -o ${concatStringsSep "," options} "$@"
''
)
];
}
];
}

6
nixos/homes/palo/default.nix
View file

@ -2,16 +2,16 @@
imports = [ imports = [
../common ../common
./doom-emacs.nix ./editor.nix
./git.nix ./git.nix
./gpg.nix ./gpg.nix
#./hyperland.nix
./i3.nix ./i3.nix
./packages ./packages
./ssh.nix ./ssh.nix
./stylix.nix ./stylix.nix
./taskwarrior.nix
./tmux.nix ./tmux.nix
./vim.nix
./yubikey.nix
./zellij.nix ./zellij.nix
]; ];

11
nixos/homes/palo/editor.nix Normal file
View file

@ -0,0 +1,11 @@
{
programs.vim = {
enable = true;
defaultEditor = true;
};
programs.helix = {
enable = true;
# defaultEditor = true;
};
}

1
nixos/homes/palo/git.nix
View file

@ -23,6 +23,7 @@ with pkgs;
home.packages = [ home.packages = [
pre-commit pre-commit
gita gita
git-repo-updater
tig tig
lazygit lazygit
git-crypt git-crypt

2
nixos/homes/palo/gpg.nix
View file

@ -26,6 +26,6 @@
# sshKeys = []; # sshKeys = [];
defaultCacheTtl = 30; defaultCacheTtl = 30;
defaultCacheTtlSsh = 30; defaultCacheTtlSsh = 30;
pinentryPackage = pkgs.pinentry-gtk2;
}; };
} }

161
nixos/homes/palo/hyperland.nix Normal file
View file

@ -0,0 +1,161 @@
{ pkgs, ... }:
{
home.file.".config/hypr/hyperland.conf".text = ''
autogenerated = 1 # remove this line to remove the warning
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,auto
# Some default env vars.
env = XCURSOR_SIZE,24
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = no
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
gaps_in = 5
gaps_out = 20
border_size = 2
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
layout = dwindle
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
}
decoration {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
rounding = 10
blur {
enabled = true
size = 3
passes = 1
}
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = true
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
misc {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
device:epic-mouse-v1 {
sensitivity = -0.5
}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
$mainMod = SUPER
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, enter, exec, alacritty
bind = $mainMod, C, killactive,
bind = $mainMod, Q, exit,
bind = $mainMod, E, exec, dolphin
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, wofi --show drun
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
'';
}

24
nixos/homes/palo/i3.nix
View file

@ -3,6 +3,8 @@ let
cfg = config.xsession.windowManager.i3; cfg = config.xsession.windowManager.i3;
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
backgroundCommand = pkgs.writers.writeDash "background" '' backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \ ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
${pkgs.gnused}/bin/sed -E "s/primary //" | \ ${pkgs.gnused}/bin/sed -E "s/primary //" | \
@ -37,6 +39,7 @@ in
fixXhost fixXhost
pkgs.autorandr pkgs.autorandr
pkgs.polygon-art.polygon-art pkgs.polygon-art.polygon-art
pkgs.xdotool # needed for rofi-emoji
]; ];
@ -154,7 +157,8 @@ in
}; };
startup = startup =
[ [
{ command = "${pkgs.albert}/bin/albert"; always = true; } { command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
{ command = toString backgroundCommand; always = true; } { command = toString backgroundCommand; always = true; }
{ {
command = toString (pkgs.writers.writeDash "xsettings" '' command = toString (pkgs.writers.writeDash "xsettings" ''
@ -258,7 +262,7 @@ in
set -o pipefail set -o pipefail
${pkgs.i3}/bin/i3-msg -t get_workspaces | \ ${pkgs.i3}/bin/i3-msg -t get_workspaces | \
${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \ ${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \
${pkgs.rofi}/bin/rofi -dmenu -p 'Select Workspace' | \ ${rofi}/bin/rofi -dmenu -p 'Select Workspace ' | \
while read line while read line
do do
${pkgs.i3}/bin/i3-msg workspace "$line" ${pkgs.i3}/bin/i3-msg workspace "$line"
@ -274,7 +278,7 @@ in
set -o pipefail set -o pipefail
${pkgs.i3}/bin/i3-msg -t get_workspaces | \ ${pkgs.i3}/bin/i3-msg -t get_workspaces | \
${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \ ${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \
${pkgs.rofi}/bin/rofi -dmenu -p 'Move to Workspace' | \ ${rofi}/bin/rofi -dmenu -p 'Move to Workspace ' | \
while read line while read line
do do
${pkgs.i3}/bin/i3-msg move container to workspace "$line" ${pkgs.i3}/bin/i3-msg move container to workspace "$line"
@ -283,6 +287,7 @@ in
in in
"exec ${script}"; "exec ${script}";
"${cfg.config.modifier}+space" = "exec ${rofi}/bin/rofi -show drun -display-drun ''";
"${cfg.config.modifier}+Shift+c" = "reload"; "${cfg.config.modifier}+Shift+c" = "reload";
"${cfg.config.modifier}+Shift+r" = "restart"; "${cfg.config.modifier}+Shift+r" = "restart";
"${cfg.config.modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'"; "${cfg.config.modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
@ -476,6 +481,19 @@ in
}; };
}; };
# rofi > albert
programs.rofi = {
enable = true;
cycle = true;
package = rofi;
# pass.enable = true;
extraConfig = {
modi = "drun,calc,emoji,combi";
show-icons = true;
terminal = "alacritty";
};
};
xdg.configFile."albert/albert.conf".text = '' xdg.configFile."albert/albert.conf".text = ''
[General] [General]
hotkey=Meta+Space hotkey=Meta+Space

9
nixos/homes/palo/packages/development.nix
View file

@ -40,6 +40,14 @@ with lib;
mermaid-cli mermaid-cli
# terminal code to image/movie renderer
vhs
carbon-now-cli
asciinema
asciinema-scenario
asciinema
marp-cli # markdown to presentation framework
]; ];
}) })
{ {
@ -76,6 +84,7 @@ with lib;
gojq gojq
jq jq
ijq ijq
miller
# nomad # nomad
unstable.nomad unstable.nomad

3
nixos/homes/palo/packages/graphics.nix
View file

@ -16,12 +16,15 @@ with lib;
blender blender
lightburn lightburn
darktable darktable
colorpicker
# CAD & 3D Plotting # CAD & 3D Plotting
openscad openscad
freecad freecad
cura cura
qrencode
]; ];
}; };

16
nixos/homes/palo/packages/logseq.nix
View file

@ -4,15 +4,15 @@ with lib;
{ {
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
home.packages = [ home.packages = [
unstable.logseq logseq
]; ];
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json" #home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
{ # {
spellcheck = { # spellcheck = {
dictionaries = [ "en-US" "de-DE" ]; # dictionaries = [ "en-US" "de-DE" ];
dictionary = ""; # dictionary = "";
}; # };
}; # };
}; };
} }

4
nixos/homes/palo/packages/nextcloud.nix
View file

@ -46,10 +46,6 @@ in
borrow borrow
(pkgs.writeShellScriptBin "nixFlakes" ''
exec ${pkgs.nixUnstable}/bin/nix --experimental-features "nix-command flakes" "$@"
'')
nextcloud-client nextcloud-client
]; ];

7
nixos/homes/palo/packages/packages.nix
View file

@ -40,12 +40,15 @@ with lib;
bitwarden bitwarden
rbw rbw
unstable.trilium-desktop # old (use logseq now)
nginx-config-formatter nginx-config-formatter
unstable.yt-dlp unstable.yt-dlp
OSCAR
# office
pdfarranger
]; ];
}; };

33
nixos/homes/palo/packages/social.nix
View file

@ -6,40 +6,9 @@ with lib;
config = mkIf config.gui.enable { config = mkIf config.gui.enable {
programs.obs-studio.enable = true; programs.obs-studio.enable = true;
home.packages = [ home.packages = [
#(pkgs.makeDesktopItem {
# name = "streamdeck-ui";
# desktopName = "Streamdeck";
# exec = "${streamdeck-ui}/bin/streamdeck-ui";
# terminal = false;
#})
streamdeck-ui
emoji-picker emoji-picker
signal-desktop signal-desktop
legacy_2311.fluffychat
# matrix clients
# --------------
#element-desktop
#fractal
#legacy_2205.mirage-im
#cinny-desktop
fluffychat
#(fluffychat.overrideAttrs
# (old: rec {
# version = "1.13.0";
# src = fetchFromGitHub {
# owner = "krille-chan";
# repo = "fluffychat";
# rev = "v${version}";
# hash = "sha256-w29Nxs/d0b18jMvWnrRUjEGqY4jGtuEGodg+ncCAaVc=";
# };
# vendorHash = "";
# })
#)
]; ];
}; };

3
nixos/homes/palo/ssh.nix
View file

@ -21,6 +21,9 @@
"*.private" = { "*.private" = {
user = "root"; user = "root";
}; };
"*.gummybear" = {
user = "root";
};
"*.lan" = { "*.lan" = {
user = "root"; user = "root";
}; };

97
nixos/homes/palo/taskwarrior.nix Normal file
View file

@ -0,0 +1,97 @@
{ config, pkgs, lib, ... }:
with lib;
with types;
let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
mkOption {
inherit example description default apply;
type = with lib.types;
let
valueType = nullOr
(oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "bool, int, float or str";
emptyValue.value = { };
};
in
valueType;
};
taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
in
{
# bugwarrior (a bit fiddly)
imports = [{
options.bugwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
config = {
home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config;
# todo : before deleting this, put it in logseq
home.packages = [
(pkgs.python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop";
src = pkgs.fetchFromGitHub {
owner = "ralphbean";
repo = "bugwarrior";
rev = "eb19a702a698f9c8c3ce2a1fe41f35872d9ae398";
sha256 = "sha256-Geon+ddE58WJ10L4unotzvmZj1Ye0yjZHVQgrR2YWgE=";
};
propagatedBuildInputs = old.propagatedBuildInputs ++ [
pkgs.python3Packages.pydantic
pkgs.python3Packages.tomli
pkgs.python3Packages.email-validator
pkgs.python3Packages.packaging
];
}))
];
};
}];
home.packages = with pkgs;
[
taskwarrior
taskwarrior-tui
timewarrior
tasksh
taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
unstable.vit
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
(pkgs.writers.writeBashBin "calendar" ''
${pkgs.taskwarrior}/bin/task calendar
${pkgs.taskwarrior}/bin/task calendar_report
'')
# todo : belongs to calendar.nix
vdirsyncer
khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
];
}

6
nixos/homes/palo/vim.nix
View file

@ -1,6 +0,0 @@
{
programs.vim = {
enable = true;
defaultEditor = true;
};
}

4
nixos/homes/palo/yubikey.nix
View file

@ -1,4 +0,0 @@
{ pkgs, osConfig, ... }:
{
pam.yubico.authorizedYubiKeys.path = toString osConfig.sops.secrets.yubikey_u2fAuthFile.path;
}

3
nixos/homes/root/default.nix
View file

@ -1,8 +1,9 @@
{ {
imports = [ imports = [
../common ../common
../palo/doom-emacs.nix
]; ];
gui.enable = false; gui.enable = false;
home.stateVersion = "22.11";
} }

11
nixos/homes/tina/default.nix
View file

@ -1 +1,12 @@
{ pkgs, ... }:
{
imports = [
../common
./stylix.nix
./logseq.nix
./packages.nix
./kde.nix
];
home.stateVersion = "22.11";
}

3
nixos/homes/tina/kde.nix Normal file
View file

@ -0,0 +1,3 @@
{
stylix.targets.kde.enable = true;
}

18
nixos/homes/tina/logseq.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
{
config = mkIf config.gui.enable {
home.packages = [
logseq
];
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
{
spellcheck = {
dictionaries = [ "en-US" "de-DE" ];
dictionary = "";
};
};
};
}

34
nixos/homes/tina/packages.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
{
config = mkIf config.gui.enable {
home.packages = [
tor-browser-bundle-bin
#(tor-browser-bundle-bin.overrideAttrs (old: rec {
# version = "11.0.1";
# name = "tor-browser-bundle-${version}";
# src = pkgs.fetchurl {
# url = "https://dist.torproject.org/torbrowser/11.0.1/tor-browser-linux64-11.0.1_en-US.tar.xz";
# sha256 = "1ah69jmfgik063f9gkvyv9d4k706pqihmzc4k7cc95zyd17v8wrs";
# };
#}))
bitwarden
unstable.yt-dlp
# office
pdfarranger
calibre
];
};
}

28
nixos/homes/tina/stylix.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, config, ... }:
{
stylix.targets.swaylock.enable = config.gui.enable;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.fonts = {
serif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
sansSerif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
}

0
nixos/machines/chungus/hass-wifi.nix → nixos/legacy/hass-wifi.nix
View file

0
nixos/machines/chungus/kiosk.nix → nixos/legacy/kiosk.nix
View file

4
nixos/legacy/media-tdarr.nix
View file

@ -31,8 +31,8 @@
}; };
}; };
networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ]; networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8266 ];
networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8266 ];
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ]; networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ]; networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];

0
nixos/machines/orbi/media-transmission.nix → nixos/legacy/media-transmission.nix
View file

4
nixos/legacy/media-unmanic.nix
View file

@ -20,8 +20,8 @@
}; };
}; };
#networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ]; #networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8266 ];
#networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ]; #networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8266 ];
#networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ]; #networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
#networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ]; #networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];

0
nixos/machines/robi/borg.nix → nixos/legacy/robi/borg.nix
View file

0
nixos/machines/chungus/cache.nix → nixos/legacy/robi/cache.nix
View file

0
nixos/machines/robi/codimd.nix → nixos/legacy/robi/codimd.nix
View file

0
nixos/machines/robi/configuration.nix → nixos/legacy/robi/configuration.nix
View file

0
nixos/machines/robi/gitea.nix → nixos/legacy/robi/gitea.nix
View file

0
nixos/machines/orbi/grafana.nix → nixos/legacy/robi/grafana.nix
View file

0
nixos/machines/orbi/grocy.nix → nixos/legacy/robi/grocy.nix
View file

0
nixos/machines/robi/hardware-configuration.nix → nixos/legacy/robi/hardware-configuration.nix
View file

0
nixos/machines/robi/hetzner.nix → nixos/legacy/robi/hetzner.nix
View file

0
nixos/machines/chungus/loki-promtail.nix → nixos/legacy/robi/loki-promtail.nix
View file

0
nixos/machines/chungus/loki.nix → nixos/legacy/robi/loki.nix
View file

0
nixos/machines/robi/media-arr.nix → nixos/legacy/robi/media-arr.nix
View file

0
nixos/machines/robi/media-jellyfin.nix → nixos/legacy/robi/media-jellyfin.nix
View file

0
nixos/machines/robi/media-share.nix → nixos/legacy/robi/media-share.nix
View file

0
nixos/machines/robi/media-syncthing.nix → nixos/legacy/robi/media-syncthing.nix
View file

4
nixos/machines/orbi/media-tdarr.nix → nixos/legacy/robi/media-tdarr.nix
View file

@ -34,8 +34,8 @@
}; };
}; };
#networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ]; #networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8266 ];
#networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ]; #networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8266 ];
#networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ]; #networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
#networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ]; #networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];

0
nixos/machines/robi/media-transmission.nix → nixos/legacy/robi/media-transmission.nix
View file

0
nixos/machines/robi/media-transmission2.nix → nixos/legacy/robi/media-transmission2.nix
View file

0
nixos/machines/robi/network-tinc.nix → nixos/legacy/robi/network-tinc.nix
View file

0
nixos/machines/robi/network-wireguard.nix → nixos/legacy/robi/network-wireguard.nix
View file

2
nixos/machines/robi/nextcloud.nix → nixos/legacy/robi/nextcloud.nix
View file

@ -253,7 +253,7 @@ in
trustedProxies = [ "144.76.13.147" hostAddress ]; trustedProxies = [ "144.76.13.147" hostAddress ];
dbtype = "mysql"; dbtype = "mysql";
dbpassFile = "/run/secrets/nextcloud_database_password"; dbpassFile = "/run/secrets/nextcloud_database_password";
dbport = 3306; dbhost = "localhost:3306";
defaultPhoneRegion = "DE"; defaultPhoneRegion = "DE";
}; };
}; };

0
nixos/machines/robi/nginx-wkd.nix → nixos/legacy/robi/nginx-wkd.nix
View file

0
nixos/machines/robi/nginx.nix → nixos/legacy/robi/nginx.nix
View file

0
nixos/machines/robi/packages.nix → nixos/legacy/robi/packages.nix
View file

0
nixos/machines/orbi/prometheus.nix → nixos/legacy/robi/prometheus.nix
View file

0
nixos/machines/robi/social-jitsi.nix → nixos/legacy/robi/social-jitsi.nix
View file

0
nixos/machines/robi/social-matrix.nix → nixos/legacy/robi/social-matrix.nix
View file

0
nixos/machines/orbi/sync-opentracker.nix → nixos/legacy/robi/sync-opentracker.nix
View file

0
nixos/machines/orbi/sync-torrent.nix → nixos/legacy/robi/sync-torrent.nix
View file

0
nixos/machines/robi/taskserver.nix → nixos/legacy/robi/taskserver.nix
View file

0
nixos/machines/orbi/telegraf.nix → nixos/legacy/robi/telegraf.nix
View file

0
nixos/machines/robi/vaultwarden.nix → nixos/legacy/robi/vaultwarden.nix
View file

Some files were not shown because too many files have changed in this diff Show more