palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: palo:main
Branches Tags
palo:main
palo:feature/bugwarrior3
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works
..
compare: palo:e8492a17bbb059f0e9eb0cd4bd7e6e4bd6b6c966
Branches Tags
palo:main
palo:feature/bugwarrior3
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works

No commits in common. "main" and "e8492a17bbb059f0e9eb0cd4bd7e6e4bd6b6c966" have entirely different histories.
main ... e8492a17bb

675 changed files with 29313 additions and 19106 deletions
Show stats Expand all files Collapse all files

68
.forgejo/workflows/nix_build.yaml
View file

@ -1,68 +0,0 @@
name: Build all NixOS Configurations
on:
push:
branches:
- "**"
schedule:
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs:
nix build:
runs-on: native
steps:
- uses: actions/checkout@v4
with:
clean: true
- name: update nix flakes
if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes
run: |
cat <<EOF > .ssh_key
${{ secrets.SSH_KEY }}
EOF
chmod 600 .ssh_key
eval $(ssh-agent)
ssh-add .ssh_key
nix flake update
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes
run: |
cat <<EOF > .ssh_key
${{ secrets.SSH_KEY }}
EOF
chmod 600 .ssh_key
eval $(ssh-agent)
ssh-add .ssh_key
nix flake archive
nix flake check --verbose --log-format raw
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
# - name: nix build cream
# run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push
if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch
run: |
git config --local user.email "action@git.ingolf-wagner.de"
git config --local user.name "Forgejo Action :robot:"
git diff --quiet && \
git diff --staged --quiet || \
(git commit -am ":arrow_up: nix flake update" && git push)

9
.gitmodules vendored Normal file
View file

@ -0,0 +1,9 @@
[submodule "assets/video-browser"]
path = assets/video-browser
url = ssh://gogs@git.ingolf-wagner.de:443/palo/video-browser.git
[submodule "wetten"]
path = wetten
url = ssh://gogs@git.ingolf-wagner.de:443/palo/wetten.git
[submodule "submodules/property"]
path = submodules/property
url = ssh://gogs@git.ingolf-wagner.de:443/palo/property_crawlers.git

30
README.md
View file

@ -1,26 +1,14 @@
# My NixOS configuration
## terranix
some terranix scripts
## images
some images I use and build via nixos-generators.
## nixos
### system
Holds system type information like `server` and `desktop`.
## Folder Structure
### configs
This should container system specific configurations
## library
### system
some nix-lang functions and tools I use.
Holds system type information like `server` and `desktop`.
### modules
@ -33,3 +21,15 @@ My overlay is in here.
### assets
assets, like scripts which I dont want to write in nix-lang.
### terranix
some terranix scripts
### library
some nix-lang functions and tools I use.
### images
some images I use and build via nixos-generators.

45
assets/0001-make-atuin-on-zfs-fast-again.patch
View file

@ -1,45 +0,0 @@
From 4797a2f62ab3d2716d313aa4a3170ba9672a93b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 22 Mar 2024 08:46:07 +0100
Subject: [PATCH] make atuin on zfs fast again
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
---
atuin-client/src/database.rs | 4 ++--
atuin-client/src/record/sqlite_store.rs | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/atuin-client/src/database.rs b/atuin-client/src/database.rs
index b0bcae31..d8db492b 100644
--- a/atuin-client/src/database.rs
+++ b/atuin-client/src/database.rs
@@ -137,9 +137,9 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
}
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
- .journal_mode(SqliteJournalMode::Wal)
+ .journal_mode(SqliteJournalMode::Memory)
.optimize_on_close(true, None)
- .synchronous(SqliteSynchronous::Normal)
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
.with_regexp()
.create_if_missing(true);
diff --git a/atuin-client/src/record/sqlite_store.rs b/atuin-client/src/record/sqlite_store.rs
index 6333bb27..1f25a55b 100644
--- a/atuin-client/src/record/sqlite_store.rs
+++ b/atuin-client/src/record/sqlite_store.rs
@@ -42,6 +42,8 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
.journal_mode(SqliteJournalMode::Wal)
+ .journal_mode(SqliteJournalMode::Memory)
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
.foreign_keys(true)
.create_if_missing(true);
--
2.43.1

245
assets/mrvandalo.gpg
View file

@ -1,245 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBF2s+AoBEAC7LAJyphLfJrh2A4H+NKWyhzC4CVpGI1q8Ea7JVPZnGZvJ29AX
NZlF/T3fZE+97p0z9lvxef7Ob/rpEIxOs8zg+0o6dqv8t7JMb5xzk8DFUnnFV8Xc
NpobWx/buOEHoMY0N3FaYstlZx2onnP+ga+krNVjRQf9kAmGIs7RHmSGoZiNKBYd
ulv4C6IRgiioQsfDKXV+8/9RZGMypMuY+xSuiM74uh2SZvUdLpUasYYkxgrqJtUl
Z433tV3gL7Bv8tfZzpKNCZT4XwUABk1+j6YiiFPIW7Lo7KYn4jcLWTTZ8xP/KH/n
FrosQhPwTxQts4ZR8JH53Zehe45NWbi99EnSzwG7Wg4jc5J2W3/bzHwdOcETUalx
0H4S77EGvd3RWkNKuu88KhVEXS2fgrG8ktAlafEO4yFyxwH3oeDCjxqIB2b64B9X
+E/W6WpL/p6APqLJ3A2QtyWzxFz1W6+51DVx4eaLKjfW5QEOmSZ1yktjAgHehJVD
ft+uch5VhrwYzVv4/00QLO7ZCtku35ZMv/r1oEhdDkOREgFCloJsZ54ZagnVVfyC
bnbmu1RBzqATLdhscBRu+JslgcLnWw/LxSbRStfoCVJuxoi78U13zFAHpqsmxKVm
vzNAQluaCX+QaHBzHVzbkO1BGoLe36/zTpzDFtzpx0pf/7+8kv/UXIZfpwARAQAB
tChJbmdvbGYgV2FnbmVyIDxjb250YWN0QGluZ29sZi13YWduZXIuZGU+iQJMBBMB
CgA2FiEEQqxRyUgtCDTPSIrxOJ7C1krHHqwFAl2s+AoCGwMECwkIBwQVCgkIBRYC
AwEAAh4BAheAAAoJEDiewtZKxx6sJpQQALaoXNIrSCHyZgFvtrohR3A7MgVIMIlu
NYOsnPmgefbjFlR2Y7I4hCi+ahWTZnnaQjP+DjahwukLzeCsmuDTZ1nyQC5rQljR
jRtjW+FG3kcRHaRGW9OgbxRHTbhP826YmTyatYH6Np/xgaUIplB/03AGxOP1kNat
ZbiGQwMxn+meDSrbY0JgR6LBDrhX0pfGrFmlEP4B5eTpjy8mZpYWgfhTHhsqAPkx
xBe98+rE0NrfbCxlVDuUR5Wx/DJBOcpvMJq4Td9ggWGeyhjZqdKBW73yu1GzfBAe
xqDDp6YDlJ7x8rh3UrDfWaP5LRN1Hvym3atFPBJh427ovJxoBIMAitodQLMt2V/e
M/EtCh3HsUtf+0mBjs3cQ5KYWDpba6cWeKitqbQ90thmhmqhBngIzSvDW0HVTLSG
c+DF8g9F7SR2Sbs4ALjp6pY7kncigexXdaSNWVIjDM0+5Ma2u08urxOvKHJ6i3ZC
1JyWUuVwJLJD7h+pGmq9W3sSw7VxOp3CH+hz9+bc0ZbsOy7i7+IJA30vPX3JVQxd
X1KEtUdEmX+QWb5h4MbtBEXi9Wl1lO7cc31VJtF8SUUlNImQ8jyTLbVFQWF+3A6e
Q1d6azpOb2te8vOChe6SlrenkNLRxQO2ddR7WZ8IDb6ULtKvPbHuD9jfIROdRw1f
GkUHHneOA5LqiQJMBBMBCgA2AhsDBAsJCAcEFQoJCAUWAgMBAAIeAQIXgBYhBEKs
UclILQg0z0iK8TiewtZKxx6sBQJkpchRAAoJEDiewtZKxx6skbYQAIkoRtqXd4eJ
M0KnrmntF3KxAr90dn4QeBvzTyRoVddfIAHkNiRaVfdMgcFF6aEdjpOreqUMNhHH
nofw8q3uBz4oAYANT3bHtWjobTLSEXjDxWCZWtuSPhOJoTBUuFOBFOSoZV+aHxjs
TMmOlSiuD/ei4jGNthRCUdEhsL8zQKGthIoZUwtmS8TLt/yjgjzhR8R8V9kSQkCV
9N+5mciF+HzvJT58HdCHDnAF7n5At2kB6zUbeMHHmFljxUFmADVx1xQbkBpzAFFO
de3dE9/oynpIjP1rvtjQJEiq4tCbeMg0E8e+sWN5BycfgMF0mwdSzkUlTGVINFHr
GaEXroXJ7rMRU2gs31/Yz+Haa0j5dHvG1DvqVyGzI5oJ6TVMio7pCCJJZ6TwEXmL
uJftW7oshgE+hOiGv6il7vSx+nkhu/S/GpZ9OoWxrfbfGSvo+03QH31pLUcz3ts0
b9kPOT1Ej7blx0cnKdfdED0zY6MsSSYt5oZbxPOR1/c2x02DSyF3vmIyisR29bqD
bNG38rHln/QRXXQ0R782+5oD2EYIYbt3xzrQ50j8e/nH29erfDN3TqjdlFneDJix
lkiaOXNLGjvQzWhGEmxmyr8B2eKQZQrUqkdhg15LMllDCDARki3pozuno9oHYSLD
r4qlGV6bywqJeLrd1CrG9v7Up/z2N9xttB9JbmdvbGYgV2FnbmVyIDxwYWxvQGMt
YmFzZS5vcmc+iQJMBBMBCgA2FiEEQqxRyUgtCDTPSIrxOJ7C1krHHqwFAl2s/IMC
GwMECwkIBwQVCgkIBRYCAwEAAh4BAheAAAoJEDiewtZKxx6sQVwP/1vWKV5bzG5V
y/ULw1aB9e9KRAY3f7C+t4Rrxlnp9C3bMzipODRGtmb77k2hTooFs3Oe2zPBSEQF
oRYZwCjaLJmQdZKT8PIzntUIpPT5vnIO1/dxNauajjQTDPrbaAe2sHwLbNcrFepe
DdJ88D3V9CxGnHOruovQxMAKfmJPmccXzZingNIpRqX5XzrTJevuJ6h/djhTzCLU
8M827O7SXA7LPcnCeoH+wVTXoHBugWlBgzIKNMnhI6Eikfb/XeL5MzKpYwngbTgf
bxMumZvzEcCCKBaEz2U3a6CQnhrkiIn6ohjiCWff4bJFMGsHdNWTb10VAVk4shrI
JGT1ABiQ9Q1LonIXNGduKpGyqaOd60yWYDj3Uo2q3xkSBDgTiBU2XUpzMKe/T3/0
1fsewe6f2hF/F9/A2NYSxzCeV2GSoMtngmjo30qWlBANjP3L65KCblNSaDHRQxL1
1bOoCfrEJiG0O4Vtj6lPoKdE1EiNi9GB+aoKMeTVKzCFDhjFWgNq1ZZ9hTbbYTvx
9KfEGFfsjyLXLbLoOeey6pgodFksd/FsxO8u83KO4+87v1yzUg82IoY1FnPHj7KN
cwjefOXpDFYmRAKKlhvAlT6Y18IZZn7inOfUIu574PDsiLWOMqNbrdonYMc6d+r0
kkM1qWsJUsYhMAARA5uZZdg4+zMRMk69iQJMBBMBCgA2AhsDBAsJCAcEFQoJCAUW
AgMBAAIeAQIXgBYhBEKsUclILQg0z0iK8TiewtZKxx6sBQJkpchRAAoJEDiewtZK
xx6sxboP+QGB0ZkVy8+GFa5XoKoVZTJZzSyJaX6WySMRKahBzrOUEV89i7YKlEjt
3nUslwN3NyxIGQ3eMuzwCGgkCvFQvgz5zqkFfe7OueoZXvgNnoIbCkmL/TUnyqEZ
wpxyxr8EMKuiPKsGw10ZtfRPZbhr6x9NpxVcIbXRqIA3m4s7XCDYmJU+LfxfrqXg
Tt2MJhMZ3SelnNUIoTKkfaYb1cAeCv5/K10K92iC4vqYA1NxCLUM6d3Z2Z8Ju0zA
ALTm2PG3zoP3aXmG2Zxq8ppN70R2yKvEnoouupByYOLvupeTOQHurmU7g1UVoAax
+NAplvIGvU38Q9kjxq62NFuZJ/PWgRZtNuxgZYbBJ0EzPnTxO9mnqfh1RzL+URZ8
eeI9g36Pku5z/F9A07qfO4qPaPH+IO5uI5rvXJ7itdMsVjZtY89kfiU7JSoTzhbD
z3kixyJU0bml1WBC9X4bh/vPuoFNdUiEKVF0lZty0zH8cY/a3OoN5UKQ4gU98sft
ngwvd9tRp64cln61n1x8Os215oYchMhQlDizb8mAGndDIkfL6jO7OupuGJj264jI
Fn+9p2WGzIQxnCnGmTG/Fi34RJudkm557zjpbVzJngN8qYQkkVju9Iu0xTqi/B0s
9rp8IyHdIQYWmcHhb5T7gJA5D1HVuR4UC4CP+38bSkg0CSsj5stUtChJbmdvbGYg
V2FnbmVyIDxwYWxpcGFsbzlAZ29vZ2xlbWFpbC5jb20+iQJMBBMBCgA2FiEEQqxR
yUgtCDTPSIrxOJ7C1krHHqwFAl2s/JgCGwMECwkIBwQVCgkIBRYCAwEAAh4BAheA
AAoJEDiewtZKxx6sMiwQAIPqxUl03+w1UnyvTOUmJD4u0V29wNS3U4BmIVCqOWFB
wtQhejZTRZu874TXi/73hL9n7qspqDB6uXd/OqoSBF/S05Aj6z9u2mKJOUS5TOx0
K4nGc4uidE0DHv6/BMAhzOJp2HtIiQQXCIkwLmWnI7tCHhRjfUVWK8LnfrMCwjXE
lhmk7y56EqgyCnctcdowpdgyvcBMBLvfKxQ/RN0uPCRy98J8IbgoIjphwp47hCVM
xX36ZC5BqUeYyXQznnFIzE0jJdCPGy10zKkncYVNxa3OxMbEdeRIQExEGKqNVFWU
mDbC8gSVP3GRuX30nZTEPwWIH4F6TXktxFAcm1AZPXhSd+FSNgYAKICVIxbn2Dre
crFfuU9/9uQf8kCINgU6g+dVzt3NH2k7d74WWIYVCx2zsXp9VhWXqVtMa0uIJeSd
iZoLNFj1MIalmlmqUqQzukqw5h00+nlt6rX16JM1QEz8zWEWFE948FWStlrAQbXT
yPW3RGmxa1Et2OFmqivgkNqencx6Dc6ElXMqiGNIGL778PB836SkYDRCJPd71vdJ
rX/DltLEUHiHB/la7lKvG2+W4RfzohdiBGKeJgUjRd0cDPixY3MdQIlGVen7VJQ1
gZhSsmJhjn+cOV/LlohCK/y730cB39DYi8zBK0UfUeFU6swnsy4uceWcxO8knZyp
iQJMBBMBCgA2AhsDBAsJCAcEFQoJCAUWAgMBAAIeAQIXgBYhBEKsUclILQg0z0iK
8TiewtZKxx6sBQJkpchRAAoJEDiewtZKxx6sFbAP+QG5S4QFTofhduOksZUpRiJQ
lKAsH/f0rbc/szkSxvEohPAF5kzYv/WxqhW2FoOBnfNfor297vbHHmC8OiKD7U+W
4sKPy++WnPAxvmYNSRdJL+NE2SVrq+FLy6m8vBcJNPjdNatvtol5u6P8yQJYvte1
xb5p8EhSUHnvnyIe7KPNfZOBQ3rD+V4mn8WlEHEKrqk/p4dXR0+ivutRMKcqyVFQ
JNLWDoVshm2RBKHus3sm2h+pgCRNKrDz1j9oKdk65hD/08l9vX5+Ngt67XLWra8w
9K4cXEizxUX1xahgHVDpZeVGaONh0u/gbzipRPPMNpAtYAWe/hDXlehKvBJ64Utz
OkqA32iAHrJ3xEEm8f8PJPbHdyLIGPYbFjTRgmWuuU6pMiBo/CSik94x/0nO5eMi
Udd0EMMXUG7FR+V2Xnyl3h53YIoa1EBzqmS3roB9jVn4v87KnOgxXMn2IzlLFoN0
0mqUzvRC0lnW8oAeoPab9brfn8+Y1V7DbO9SvRZvZJ8w15opCXP4zwwyE9Zh2e3F
LeVO6je6RJh0ymD787wjtENl29yjplfHHyWYtvktk052TfijlPAeja3kDwNyN7pA
ivDsU8FK9XXiwcDRY1hoBj2lZasWUzIImVsifJ0H7iKjdENtBGoCOHkQvTBJTkvO
E2wBMsqC1Et7uAFj8grEtCBJbmdvbGYgV2FnbmVyIDxwYWxvQHNvbm9ueW0ubmV0
PokCTAQTAQoANhYhBEKsUclILQg0z0iK8TiewtZKxx6sBQJdrPyuAhsDBAsJCAcE
FQoJCAUWAgMBAAIeAQIXgAAKCRA4nsLWSscerMfcD/9voSuhhl0XRpm88c9NBVY1
QEadTBi+M3jkmXYJ9G5XDjpziTRSSEkz1aCYbKXHFnI541q1Xp8uNoKp+qh3MqIu
/elbbgR0hB+M6F+cMg3P7QMzxQ8CHniQCWk3oC6F2i8gZlY3PVV7Cs7qIcyJIMpW
lgwuwnrH3atlgx8tdDOgDclc926PNu2mTwNKS8FzNtfsHby/WzMSgbFBx02+jLSE
bl2spXipVF2pwGL71D2Z01Yn+agoAKQY17u2S4SE1rkq3iBmdIBGG+yTtsYD8DZo
Z27gykpHw/FkdjTxwIUa2Hl34C++XEAurWQ5+GvFVkKgPEsdvQDVUOYVkjTcyt+i
KLt+/m6EbihoTeyk1ZY2lEX8TXvmOQ0PUaoO5hZzvhEnGehAfrEQHoJbUFcrsDkT
hEyxvDj+/+vU97S3ViEPQotL6RvmY1AU4rWFeMXZW3iMLher65tPLU/+PwS7Cl0C
mzeREWYKvEW8rnIk6vzrfHLb+rGvj2AwCSsSutN5N9U3VLbFu9VQvvG290w+iuFQ
a1OedATghlO7F2jDGC3PQtATbrxc/hRtc8zgTQkLh30tzmZ6rpOrXHSUn+q9gfgo
f5PtZ0olv0LWTzT139P2VXdxaxBh1L0EZTVovgwywhPk3tcCuD/FnuKrrzZvUaZX
vM4xScoHkhmEVMDlwm0xn4kCTAQTAQoANgIbAwQLCQgHBBUKCQgFFgIDAQACHgEC
F4AWIQRCrFHJSC0INM9IivE4nsLWSscerAUCZKXITQAKCRA4nsLWSscerMcuEACw
TE1gDgdeeYdUKBV6L8g5f80kj9jftcLSnE0u/Tud+CCz7vyKdpKTcNO0UmY5niGc
DC85LxieTLo3tZeuzgAByDRWB7Ok6GvMYwjCLXFEGW0kfsrtcUl+2+2PliQtnwGT
p9n66PZQHF+w2kyOgyD4i5J1f57wzGDAdeCD7WQXjOUgevjHb+p289Lvmqlfh301
0YBJ3CyOIT+MH0DyycaBKbd0GJCTRGFBypkTtBN/L4BY0RNIybf2WC1Ie3ipt7Ff
BGd/Z1dEuQy/ez1AQsBIfqF6zymmy+xiX7eoNUg/e05JA4tpW5zF4g3NasUN7pjl
2IZAXQiGBLf8e9RtJhqRZWA57d/uaBcn3Gr5XGvqgdD44Kj68s2IjukR+CQRSMUK
eczYQEUxit8VUs7gt0ldSk0jom1Pz3kwuTq3zkE+V7A3bTTrAeRbKivIWnnSaB9z
1iSqAhwhekFLUlT1yW04V3O9dAptPG83aZMe5vpyEDrlkhabBgVi0Yy6CYU4IKGA
wsseHu18X+OZJZjaXhABxfzq1TYdQcPhhF/ZLv3HcuLiFKDCkdV4VDmynMwkpGHa
qUgutzV2xBSoGBZBbM3aUDXxEUNFAN/YYLN3KEUpYxhY79VaObCWkQ0fdARcqUYG
vFI3REUciiLxU7wIBm0Rf3YkOfGfH3YItmVSJTM9nLkCDQRdrPiuARAA1PYQCoMl
w51ghEHVU19xUSqtttUSTjTZPxhqt2tIqNTp2QhgZCjOhAInoFWFirf1QmEOKpEd
2c7ZkLQ8BlW6x93JUz9IoVwY5X68ZD1F5JmGvILBCooqhJlFKjCwnE5J1y7Hw7QL
P6PSN8tBVfyNCD1HsviYnhacHU9SgXwaLU+4L+QLQ4jOWGNMAhqe98mZqXyVK4wg
2WhpX9sWWZVjFmyaa2TGsTqRDS61z1iXtK+TapYiW2VZX2XJCeWiN1S6+M8jtV5i
WZax+VfGdWESLvhVpRnHbroJWYUtcRwQVf0c1KiUB0hQydgC43DmMksKms6t0oYP
HO00u9X8S7bm1OP2m2NLpU1velLgCHijTG073dKIqHnnLx5/ZAPxGTZJ0keZWKm4
EP4YXKy8aSGRcqjM9xZKhyjmsH6Eh+L3+S6ttmP7A+R7FAbpVnx82JQftGliMKoH
zwrSQWOO99rAZxkRC3t1z1vHSt6yJp6ScSdp/UTo3A6WdAH9gwECCugH5LFF+Y+A
IObYicK8Pe5pcdzhHW+USzbJG8KP1LZTu9B86ilyxz9cxsUWmOoEFOEZW3XRbc2f
5Fd5zAF79Uq/dl2KlQJ1Qt8PYLPEWWMh1QBlFCbMHT9LxXMT0K5PaaOdD6K73JOY
TGqw1nLdseLdFuZLryLVfj7pUI+6kVja0VMAEQEAAYkEcgQYAQoAJgIbAhYhBEKs
UclILQg0z0iK8TiewtZKxx6sBQJg6omJBQkG//fbAkDBdCAEGQEKAB0WIQTQqTa4
Ibvl2OdBVht2v18ZKLlhiwUCXaz4rgAKCRB2v18ZKLlhi8/xEACnw1p4iFvFfaYV
DklpKJjHDDX022OhL8SNgQ0WjFpuXUaTNRCYwzR/yO0d+7wufXwm19xtw5DgTNsr
NMPp2nTbMylJFqTpPqEXFFbtLS4++yr8ICgJ/AJ0erlxSiB17RKj/t1wFnbJANJE
3JBsAaZJgeq0cswYndr4QDK9uOSWlZHj+fT0vC3IFA7oHGY6C9U8uAgd3YAgbTzp
6VYjlCKoAGsCemXSI04op6J1tKQkA9DEnJa5qh4ZFy3fPvd/uh6lmajWz0eZZgyH
+LVqNhJorlgi7P/Rwvx6lH9B6Iz6L1/Vo5pvdstgswE6d/6a3o+DHsYvF0X9Hds1
ci2kTZCSSTVhKleSfXt/LFRNnnb4xX/bY9Y5LuQVdQBvPldq7DUcs+PnkAl/roEF
pmLRuUeYv5oaUpaDSmvXogPuPjGB2m2j0ieRUcHHVqVIHA2tJQv5cnsm4GR9cAuG
xm1p+a/yIEfDqzAvc6KoWy1YNbm3ndNvUuzoP7n1pCM6Wk/A43FCDpKLtywSPfhU
/eoCgdv40rC3QH68QKR9dPx97DFC/BMylr59rkVrgdayN6UhoDCJICMdOv+nfVqs
MO2/lMTccFxlgJL2LBbD5bCHRhAbVeuqVAeWMO5sM10oR23k3w8oWdibma9yaALx
j2Bw3K0E7/sXDYBk01RmhmJx5omaFAkQOJ7C1krHHqx7JA//Yie7QD4HJXMbtEhA
OM+c415Tk8EmP7nwZfxrP5pknSi9Pyq13godbzhSHL+q8Fzydo5AFR9Ske506K+W
j3XxGa3b3HxkLhki6amWbIriJVw4YRA8ujHp/BSXFLNA0odj2c/pcNKmwpishaRQ
zBRhOQUDhStZM3IuAx4WDKCxCtQXZAt8BenL1raKu5++9WpQjsZijeD7THfyU9Tz
1tuQxE04bA25KuHwdFjAYoZ7cpXjSxrjDgFbPoRe4Y9SbWXB/ySkE/t9W4pKi8wH
RNxL/no1558MA7VdkvHLvha7iEfHJIKb8Tp/sGTuAOIe7JCcq9HzjJ7TZEAwtEBb
uphOybbnxewWkNCC5AwQpyGEr+7z+yIpq+ItMPItkLU9hnFFkjDFjxDIwLPKQ+fs
Ep1cdfp6w74pRNCFhaCWOshoh2q8lQJpNmRRLmdTNGW5hoKVvEYVt6TmQBBbtL5O
KwzV1Gmw9iO30hjID2UkVELlwGDyCdCfp1ijqPGS7Xp4moPQohhDn2ZebpKOtzaI
l8Nz99a86Jbg6qVoFYcn8xkDkdjQgI41ZrLQyjJaKo0cevBEDDB8TJKQzJzE7TIX
iKcaKHzi2s6VoJiCq4QNDdBj4GGrQ/BA5Hgo8v1SVahyduk+3L7mM8MqGGT87Dsd
KXGtcJDVquwUe1TjwpZtxdZtzsaJBGwEGAEKACACGwIWIQRCrFHJSC0INM9IivE4
nsLWSscerAUCZKXIpwJAwXQgBBkBCgAdFiEE0Kk2uCG75djnQVYbdr9fGSi5YYsF
Al2s+K4ACgkQdr9fGSi5YYvP8RAAp8NaeIhbxX2mFQ5JaSiYxww19NtjoS/EjYEN
Foxabl1GkzUQmMM0f8jtHfu8Ln18JtfcbcOQ4EzbKzTD6dp02zMpSRak6T6hFxRW
7S0uPvsq/CAoCfwCdHq5cUogde0So/7dcBZ2yQDSRNyQbAGmSYHqtHLMGJ3a+EAy
vbjklpWR4/n09LwtyBQO6BxmOgvVPLgIHd2AIG086elWI5QiqABrAnpl0iNOKKei
dbSkJAPQxJyWuaoeGRct3z73f7oepZmo1s9HmWYMh/i1ajYSaK5YIuz/0cL8epR/
QeiM+i9f1aOab3bLYLMBOnf+mt6Pgx7GLxdF/R3bNXItpE2Qkkk1YSpXkn17fyxU
TZ52+MV/22PWOS7kFXUAbz5Xauw1HLPj55AJf66BBaZi0blHmL+aGlKWg0pr16ID
7j4xgdpto9InkVHBx1alSBwNrSUL+XJ7JuBkfXALhsZtafmv8iBHw6swL3OiqFst
WDW5t53Tb1Ls6D+59aQjOlpPwONxQg6Si7csEj34VP3qAoHb+NKwt0B+vECkfXT8
fewxQvwTMpa+fa5Fa4HWsjelIaAwiSAjHTr/p31arDDtv5TE3HBcZYCS9iwWw+Ww
h0YQG1XrqlQHljDubDNdKEdt5N8PKFnYm5mvcmgC8Y9gcNytBO/7Fw2AZNNUZoZi
ceaJmhQJEDiewtZKxx6sulMQAIJ9RbRm0/N/rRSayJBicrN8F8KRP5jwZVAn+6sJ
quJOQ0Y7If005pzhfXsst5dWu+6M5qVLREQd6vOU7tf+14P1QXNr6uND/NOM2z2L
RVnYX6twG7a1v7XE/yVvya3+CIT6YxccLkOJTUxCl9dxrgUnT03zyl9hQ0ZH/ZhN
QFbbXIK+q/4JtBYu2HZGXcCThbkkV1T94CsyZCL0a1gMOyii0ikkr8qr1m89vMjX
ls/zv6eDfioU/KL7Os6Wq0adlVJtfCYsmc6CZn6f7sbG0ENhm52tmQ+0i9Y96CA1
poSgg4YXOEswa8IDUbhzQw8gQQ+Uat4JJbYadTuEVb+BmK07x81bVRFmpauu1+3D
MVCDcBcedKR0oa+ByrKZ0amAkLbwaU+XJKGfcKK9TTs+guqr/6jrIMabPkbwJbSP
MR9fw0y22kB1xiYyUszMBOdu8BQ+Rg11+ATnLaO3ukxSHGUtD94rxzO7vrWePgkB
Y2OAQeJeyKksOC1hbR1FdjtfRqc1aWpj/AYlJK/BR+HG3xXWAC68/ktQJKAREI9o
B94jPSiSQ6Dn4dvd7BtM6KAT8SQUBlXY6zuQWL24V+Vc0jasfGB0gVRkIflb6dmN
YnCipuLzBsZlIZhBpI6BaSqOe42QfUlWbDAOFYZ5+Flq7j3z0tOEpncEsLNtCPSp
+bNGuQINBF2s+MABEACvy7XaZmhL+Fn07+7xFIbQ47S7tWAAq2luZrDgKphtTWmE
MdHSkkUvLAZeKcO+a2QjN7xtZIl7bv6z20LovZcP/HX8J69SzpcLtKqMcsEiCSxW
UGH5JVLFkNMyyLyMgMzzBQ1aDYTfS6RqEFovuCwEgzUMtSk6qch5fsKWtZlK1Pb0
k72VTyyK//RTx9SRWf+BVs2YRIrDLFaL/weiQLsCfFhC6HWP0E/ROd+74N1eUW3Q
yaQ7SwXRdqhdA3AxNAVK1HJpQ7KpPaUHiLTbB+EnMNo53nzS7ZxryfjJKmr8Tghz
teN9Z7W0jliKBJqhfJW/3+/Z9FEFTahXGlC3fqeX3mfPnsNNfUibvKyjf7fg42EH
vyXyNzKFmB63SZEhguy/REAi7NRYwE5Gb7vpPtnCffEgA5SUiadOq808Jx3U6QR6
SgoqU3gpMsMwLNadOYPykg8Ng0eYD+32B+SkzQpz2amjrfrRMHJ5LHUJ4jYv1YX4
Me6PAnLo7smS2cdVYv08L5F2qsKeFf43Ty2d9IwMzF4IJN4XBLy7aO1FGENNFsWF
Q0ZwBqKcsZUBtnJ1OcJ3Yysxn5ExQXafWLX4CfwpxMsbgxOJFlguH0Du2OqRVF93
1pDV7lKRpk9O8RDCh6+mYFjR/Zs/tPvRVcUDnj63XknWOuvxZF1591QexNxvcQAR
AQABiQI8BBgBCgAmAhsMFiEEQqxRyUgtCDTPSIrxOJ7C1krHHqwFAmDqiYoFCQb/
98kACgkQOJ7C1krHHqyHuxAAteTdVozQyUrCL0Ho2EW+c95nbnPAnV53imOtNGMM
dBeDfckGv94IqtD9Qf/ZIjfxF0BDsT77oLuTM30UW08GMRHBeZ7J+bLnJQVenwUu
lAU7ig2v4XE1R8LZrFXXd/bi3SGiGg2zcZ+yV2rw/Puou7Rq/1baOfvMlSkSjppf
srCDIuPa2o3vgQB6BcQSM7XyOBDjgr30UVtoDBA+rQmoKKtZm8DXYOGmZyaBZzFV
Hgm28Ckmnb4DRyKY+T2f28a6RMF6N9JgV+ZZ4EzwB2kg3kl/jBgmD2ZAFZlVAX0I
CZiNlGfh+mgq1wcw7HxH6CBssiTClSSadoHBWBf0a5d4KZzoC2Q6rEHXbw8Xntmd
AiuJK9Fb3qbcdkEouaZM2jKSoejH2t+nl/ylWxKSSemca7XYIYBMFYlTHikeSyZv
hhGQ5AO4ocw7NVD/fiVTiyFNaejAj/1jDPNajE+Qa0hdVBgaLxYJwEAHrJun9ONN
uDKqzwNT9R4I4Cd3+sOvlw1hEkOYMGyHe/KSXM4HCNlXQ/D5iluytYrtOMkcGbz2
aPj2O37IROBuscI/wC1G5SRBs9mTBgPaf5evBYhf+N2Co0T8H39h8vDTfdkyDiZq
V5wTPfXpLLjnLoCS+xeGtqQp90dn6GMBb1ZtEdlSfI21G/CYMwlkq3jWa4bo1HVv
UaSJAjYEGAEKACACGwwWIQRCrFHJSC0INM9IivE4nsLWSscerAUCZKXIpwAKCRA4
nsLWSscerPvqEACgdS9bUs4TfxJeu9R//kCsrg1ESrUuqnmcAbHCANiBozIQ634W
w11tLWAbx0LV5BUgHlbJ+rmfVbA99oPerYtWkIPldE+XDEb4MwMSvid8YyMd4XnV
Yzv9CHoxBqi7hkLDcdVASYCGtd7crg5SS9eiB4WzYm5j6WzJKHTS9zknsD19Dz/x
6mLHiUKPGvEyi3kZpkvOmIdvR0stNiIgd4Konn7hHNbOHpTgYnm+LpmqvWgBgxMb
egkEgBeK1FWonO9gZpsFh0DI1XwN8jKOij3igdxnDNvazC8PZjcHnypk/Pr3m9h9
MxwQN3PY122VLMbHBmKMI3x93tkcnKLXIaLd8qx9jQcWhqeNd3e2vxFKCmmhFxgO
RpBQ+0JDOCzB3jgSvz16VZMvAu7/A6SfGaKZ2o+O8M0wvihCfxQQ/ErUEY+gYskF
5DmUKnXINWHIf8eaYQN+P5W5lI4grMZXoTD76Me9Djk3Zji8VT9eau3eNin381US
C542u81YAT+2XqQHmO5CqCZTqJwI7L0bLZLRiOp+F9+3g3iNiVgVZFwYTxNP5TKF
NB9OHd2ft1ZPY0tg/4ub4WZUVuj1ssMNQBdEFXLdHmZRMDt9AD8l3G4pOAY6P7cK
CBnPR3INpZ3bLLGy4v6MCs4aIZASOmF3jvAdBC2rC2vdr6GPFL+Pu46tzLkCDQRd
rPjZARAAurs2utvhqPbARbN12RNjpLoAb/Tye2L/HmwrJBOVmD3GoTGSCpEMPs5B
iPBBszjyYUBL9sZPlwX9lTs49BbaOJ4fF+fi5W9ZzPmMUD5NUlZcGzQJYYduC9cN
ryrQbTMtu+zBeBD/nGhnHmD+oJIufg85T1EnRUgBBRVoDdVj5IslIoteV4t0LgjE
fBdfHW8FVGG09db8DYXYgF1qYa0Bvsj4LgCwRkfttSTOn33zpZ9wYaA1KdqaFXOU
HthAblG0VFd/3zlOB8FlSmeyghby2QUlRbrVwo+R7jVieU90brsSUpmOZWLhWcfY
A/p/gwBCbd9Il1nGiZZlKkAeWsHAdUtnfaSdeNVeL44gjClCRyHbKRayNt6xTWA/
ZNmVwwPFTp0BN9wc5oBfcTlYeqq+BtKBKbDaiaCsm1U1HkspePon83UADaLr8koC
yVf6XKmsV9bK0gyFJXDNrwzFgLN68gmtGgJZgFWSB4EYYesGviF1vICGLfuW4j1l
LooSeMxgRMJMlV139sbHnDFggBj1jwy9P3wX2PZKzXwuTNrKsXstkoRSKvkf8DHW
iO8lY1AhdkCFDYiHRWyS+mw6w8h5xFySTfqwKNt41KE2WUb+yatwwfwOR+2u91Qn
G5WclJsDEpaYN8KLO6XcOQrbWt80D6MaAChktbmfsk3mWzzJnW8AEQEAAYkCPAQY
AQoAJgIbIBYhBEKsUclILQg0z0iK8TiewtZKxx6sBQJg6omKBQkG//ewAAoJEDie
wtZKxx6sDisP/RDY07sWms9Yi0y1wdNnW5t9GhnMhL5iwhrw67n7IAUWc+U+NNGy
kV5k6zmE/GdPOy1MiSkZAOSFs6irurUOZZkn7aD7XHzi3B6ShqOyVPZlJPmedHMc
HFvtSJlONQgOmQOmVYwyQpIUexumaJDvv9WoTnBInBCb7VgqOfcuCz8Y/gM1gaE4
8wgmZnmGIG1aPabnju9+xL/Q2OwlrdvM8+QCq/Y7MogCqytu2CBYcgE1++fhS6os
/zLu2cv7SeU8OBjt5MwUVUzXDIlSILEMqNO+q/p7F5IvKvDlWkyxzE5RQh29I2JR
/zX530B3h2zeNjMdMXMHCPSCaAFzkB3LzD8did0KmHkZZz8qmjetEkgJMPg+l0qp
avSshzj8qqZhQY3KpK62IY9aSOUgMSNTEuJq6YRV6lOE/x+i+85CgTMXBuIQc6Ds
aSd4bCpZ7vrcZsfHZa7QfqBfHO5AKPbGqpJoFJHdByUhoqtFuGUJL1fEw5Shgw9u
DaAsZOca0npWROeUSjCvOl4gXCz397VFkLrM1uROKFB4ne1Cmq54z4sHsvs5Ww8Y
6O1NuSAk/XpEl8zv279KS/DWUG2zhaDHN8YceQfguy/QDuP75mOVImPdQrSt2EeM
HyBKiIvfRPiINgy/RsitzJaCKRYbhnthHXWkW1KzhweorVHdnplmCJhgiQI2BBgB
CgAgAhsgFiEEQqxRyUgtCDTPSIrxOJ7C1krHHqwFAmSlyKcACgkQOJ7C1krHHqzo
SRAAqWl97trOKviUb7WW9OjknHgc5GG2sPg60PRnVeblFwn2DNiBLj8cZsMVhyNF
8xFstn1hfnWvB93pS+lFwYtZcXKgv09Kx0j27ShG5n2r+qwPSMN98v4gSiBWnyng
bGWj+j3CnWQM3Qj2fVSJpGu1bNIigkaCzeFncsZL9/lLPEJ2sk/Wcl9LhlnvZ+6/
VHhMGMB9Gc5Bm/se5e3Wb1VrRbYIiCkGzY5IL+S3muOgS16Di+xO5FLkqaRJVRwQ
rZt1X3ni/T929xWfoakU2JKxBZQMXgWDo2BiV6YpskvzqaIagwWLPo4lWqCyARLP
o/5xzF00EfObYA5TETXjy5xO1gNpdbemnUFB3PIw5tUklujfau7xWzrOkY4RnEhY
0YpffFRaExiHLnhi6zuqiPsYOcREaD7f9/NQHxAJa1Ss0S4pkv82qBiXfFjzTBGB
HHf78c8lhvH7JhWuDwVUBZIwdce430VSzG47pw7TRtX6DDDOVVZ39djf+e0svoL5
sU2kE08lRWKraTT6+ZNF6qGdKSHZlaF88XiBS5uc+tGYzkh3Fo1m70RhYypyc03K
/m3olXJfnsUXgHi8CRhIfJDfDqr1fUXkFbtG3hgNB1oSbEeOTWcDfRNBtsjEZL3r
p4lWlwSNgm/rLUg5b6jFdilnf10xrOO/lQbc8FgjorlCKGk=
=VuMF
-----END PGP PUBLIC KEY BLOCK-----

BIN
assets/wallpaper.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 696 KiB

10
collect-network-connections.sh Normal file
View file

@ -0,0 +1,10 @@
#!/usr/bin/env bash
# collect all network configurations and save them in the store
sudo ls /etc/NetworkManager/system-connections \
| while read file
do
sudo cat "/etc/NetworkManager/system-connections/$file" \
| pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
done

8
components/README.md
View file

@ -1,8 +0,0 @@
# components concept
- components are kinda opinionated.
- should be project agnostic (e.g.: configure bugwarrior via options but leave
specifics out).
- `component.<toplevel>.enabled` should usually be the default for all it
subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- But default should make sense here!

21
components/chaospott.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.chaospott.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.chaospott.enable && config.components.gui.audio.enable) {
hardware.pulseaudio.zeroconf.discovery.enable = true;
environment.systemPackages = with pkgs; [
paprefs
];
};
}

16
components/default.nix
View file

@ -1,16 +0,0 @@
{ lib, ... }:
{
imports = [
./chaospott.nix
./gui
./mainUser.nix
./media
./network
./nixos
./terminal
./timezone.nix
./virtualisation
./yubikey.nix
];
}

56
components/gui/audio.nix
View file

@ -1,56 +0,0 @@
# TODO test `alsactl init` after suspend to reinit mic
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.gui.audio.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.audio.enable) {
security.rtkit.enable = true;
hardware.pulseaudio.enable = false;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
environment.systemPackages = with pkgs; [
alsa-utils
# PulseAudio control
# ------------------
ponymix
pavucontrol
lxqt.pavucontrol-qt
];
services.pipewire = {
enable = true;
systemWide = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
environment.etc = {
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
bluez_monitor.properties = {
["bluez5.enable-sbc-xq"] = true,
["bluez5.enable-msbc"] = true,
["bluez5.enable-hw-volume"] = true,
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
}
'';
};
};
}

97
components/gui/browser.nix
View file

@ -1,97 +0,0 @@
{ config, lib, ... }:
let
backupFolder = "~/desktop/browser-images";
homeFolder = "/browsers";
in
{
config = lib.mkIf config.components.gui.enable {
programs.chromium.extensions = [
"nngceckbapebfimnlniiiahkandclblb" # bitwarden
# "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
"dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
"mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
];
# overwrite use zram on small RAM systems
fileSystems."/share" = lib.mkDefault {
device = "tmpfs";
fsType = "tmpfs";
};
# overwrite use zram on small RAM systems
fileSystems."${homeFolder}" = lib.mkDefault {
device = "tmpfs";
fsType = "tmpfs";
};
services.browser = {
enable = lib.mkDefault true;
configList = {
development = {
home = "${homeFolder}/development-browser";
homeBackup = "${backupFolder}/development-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
google = {
home = "${homeFolder}/google-browser";
homeBackup = "${backupFolder}/google-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
finance = {
home = "${homeFolder}/finance-browser";
homeBackup = "${backupFolder}/finance-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
facebook = {
home = "${homeFolder}/facebook-browser";
homeBackup = "${backupFolder}/facebook-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
shopping = {
home = "${homeFolder}/shopping-browser";
homeBackup = "${backupFolder}/shopping-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
jobrad = {
browserType = "chrome";
home = "${homeFolder}/jobrad-chrome";
homeBackup = "${backupFolder}/jobrad-chrome";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
firefox-tmp = {
browserType = "firefox";
home = "${homeFolder}/firefox-tmp";
homeBackup = "${backupFolder}/firefox-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
chromium-tmp = {
browserType = "chrome";
home = "${homeFolder}/chromium-tmp";
homeBackup = "${backupFolder}/chrome-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
google-tmp = {
browserType = "google";
home = "${homeFolder}/google-tmp";
homeBackup = "${backupFolder}google-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
};
};
};
}

28
components/gui/cups.nix
View file

@ -1,28 +0,0 @@
{ config, lib, ... }:
with lib;
{
options.components.gui.cups.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.cups.enable) {
hardware.printers.ensurePrinters = [
{
description = "Lexmark E350d";
deviceUri = "usb://Lexmark/E350d?serial=622Z9ZC";
location = "office";
name = "Lexmark_E350d";
model = "drv:///sample.drv/generic.ppd";
ppdOptions = {
job-sheets = "none, none";
media = "na_letter_8.5x11in";
sides = "one-sided";
};
}
];
};
}

35
components/gui/default.nix
View file

@ -1,35 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
{
options.components.gui = {
enable = lib.mkEnableOption "GUI configurations";
};
imports = [
# todo : structure with home-manager and such is not cool, create another structure
./audio.nix
./browser.nix
./cups.nix
./home-manager
./kmonad.nix
#./noti.nix # todo: make this different (use password store and such)
./pass.nix
./steam.nix
./suspend.nix
./vscode.nix
./wayland.nix
./xorg
];
config = mkIf config.components.gui.enable {
# todo extract xorg stuff to prepare wayland
environment.enableAllTerminfo = true;
qt.platformTheme = "qt5ct";
};
}

16
components/gui/home-manager/default.nix
View file

@ -1,16 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
{
config = mkIf config.components.gui.enable {
# don't run autoload -U compinit && compinit before ~/.zshrc
programs.zsh.enableGlobalCompInit = false;
};
}

105
components/gui/kmonad.nix
View file

@ -1,105 +0,0 @@
{
config,
pkgs,
lib,
...
}:
{
options.components.gui.kmonad.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = lib.mkIf (config.components.gui.kmonad.enable) {
# only needed if you have an UHK
hardware.keyboard.uhk.enable = true;
environment.systemPackages = [ pkgs.uhk-agent ];
users.users.mainUser.extraGroups = [ "input" ];
services.xserver = {
xkb.layout = "us";
xkb.options = "compose:ralt";
};
services.kmonad = {
enable = true;
keyboards =
let
keyboard = device: leftOfSpace: {
device = device;
extraGroups = [ "video" ];
defcfg = {
enable = true;
fallthrough = true;
allowCommands = true;
};
config = ''
(defsrc
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
caps a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft
${lib.concatStringsSep " " leftOfSpace} spc ralt rmet cmp rctl
)
(defalias sym (layer-toggle symbols))
(defalias alt (around (layer-toggle alt-qwerty)
(layer-toggle arrows)))
(deflayer qwerty
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
esc a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft
lctl lmet @alt spc @sym rmet cmp rctrl
)
(deflayer symbols
_ ½ ² ³ _ _ _
_ _ _ _ _ ü _ ö _ _ _ _
caps ä ß _ _ _ _ _ _ _ _ _ _
_ _ _ ¢ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _)
;; alt => alt
;; alt + jkli => left down right up
;; alt + caps + jkli => alt + left down right up
(deflayer alt-qwerty
(around lalt grv ) (around lalt 1) (around lalt 2) (around lalt 3) (around lalt 4) (around lalt 5 ) (around lalt 6) (around lalt 7) (around lalt 8) (around lalt 9) (around lalt 0) (around lalt - ) (around lalt = ) (around lalt bspc)
_ (around lalt q) (around lalt w) (around lalt e) (around lalt r) (around lalt t ) (around lalt y) (around lalt u) (around lalt i) (around lalt o) (around lalt p) (around lalt [ ) (around lalt ] ) (around lalt \ )
_ (around lalt a) (around lalt s) (around lalt d) (around lalt f) (around lalt g ) (around lalt h) (around lalt j) (around lalt k) (around lalt l) (around lalt ;) (around lalt ' ) (around lalt ret)
_ (around lalt z) (around lalt x) (around lalt c) (around lalt v) (around lalt b ) (around lalt n) (around lalt m) (around lalt ,) (around lalt .) (around lalt /) (around lalt rsft)
_ _ _ (around lalt spc) _ _ _ _
)
(deflayer arrows
_ _ _ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _ up _ _ _ _ _
lalt _ _ _ _ _ _ left down right _ _ _
_ _ _ _ _ _ _ _ _ _ _ _
_ _ _ _ _ _ _ _)
'';
};
in
{
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
"lctl"
"lmet"
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
};
};
};
}

44
components/gui/noti.nix
View file

@ -1,44 +0,0 @@
# notify me when a command is finished
# todo : secret managment is shit
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.noti.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
# todo : put this in `/homes`
config = mkIf (config.components.gui.noti.enable) {
sops.secrets.pushover_user_key = { };
sops.secrets.pushover_api_key = { };
sops.templates."noti.yaml".owner = config.users.users.mainUser.name;
sops.templates."noti.yaml".group = config.users.users.mainUser.group;
sops.templates."noti.yaml".content = ''
pushover:
userKey: ${config.sops.placeholder.pushover_user_key}
apiToken: ${config.sops.placeholder.pushover_api_key}
'';
home-manager.users.mainUser = {
home.packages = [
(pkgs.writers.writeBashBin "noti" ''
${pkgs.noti}/bin/noti --file ${config.sops.templates."noti.yaml".path} "$@"
'')
(pkgs.writers.writeBashBin "noti-pushover" ''
${pkgs.noti}/bin/noti --pushover --file ${config.sops.templates."noti.yaml".path} "$@"
'')
];
## not working :(
#programs.noti.enable = true;
#xdg.configFile."noti/noti.yaml".source = toString config.sops.templates."noti.yaml".path;
};
};
}

58
components/gui/pass.nix
View file

@ -1,58 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
let
# desktop file
# ------------
# makes it possible to be used by other programs
desktopFile =
name: bin:
pkgs.writeTextFile {
name = "${name}.desktop";
destination = "/share/applications/${name}.desktop";
text = ''
[Desktop Entry]
Categories=Application;Utility;
Comment=password dialog
Encoding=UTF-8
Exec=${bin}
Icon=gnome-lockscreen
Name=${name}
Terminal=false
Type=Application
'';
};
in
{
options.components.gui.pass.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.pass.enable) {
environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator
(desktopFile "passmenu" "${
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
pkgs.otpmenu
# todo ein script machen was hier tut
# zbarimg -q --raw 2018-12-18-114509.png | pass otp insert mindcurv/cloudamqp/otp
pkgs.zbar
pkgs.ctmg
pkgs.pinentry
pkgs.pinentry-curses
];
};
}

50
components/gui/steam.nix
View file

@ -1,50 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.steam.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.steam.enable) {
environment.systemPackages = [
(pkgs.writeShellScriptBin "steam" ''
/var/run/wrappers/bin/sudo -u steam -i ${pkgs.steam}/bin/steam $@
'')
pkgs.xorg.xhost
# to use xbox controllers
pkgs.xboxdrv
];
users.users.steam = {
isNormalUser = false;
isSystemUser = true;
home = "/home/steam";
createHome = true;
extraGroups = [
"audio"
"input"
"video"
"pipewire"
];
group = "steam";
shell = pkgs.bashInteractive;
};
users.groups.steam = { };
# for steam
# ---------
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
security.sudo.extraConfig = ''
${config.users.extraUsers.mainUser.name} ALL=(steam) NOPASSWD: ALL
'';
};
}

32
components/gui/vscode.nix
View file

@ -1,32 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.vscode.enable = mkOption {
type = lib.types.bool;
#default = config.components.gui.enable;
default = false;
};
config = mkIf (config.components.gui.vscode.enable) {
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
ms-python.python
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
vscodevim.vim
rust-lang.rust-analyzer
#github.copilot-labs
github.copilot
#github.copilot-chat
];
})
];
};
}

18
components/gui/wayland.nix
View file

@ -1,18 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.wayland.enable = mkOption {
type = lib.types.bool;
default = !config.components.gui.xorg.enable;
};
config = mkIf (config.components.gui.wayland.enable && config.components.gui.enable) {
programs.sway.enable = false;
};
}

85
components/gui/xorg/default.nix
View file

@ -1,85 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
imports = [ ./xlock.nix ];
options.components.gui.xorg.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.xorg.enable && config.components.gui.enable) {
# system.custom.fonts.enable = true;
services.displayManager = {
defaultSession = lib.mkDefault "none+i3";
autoLogin.enable = lib.mkDefault true;
autoLogin.user = config.users.users.mainUser.name;
};
services.xserver = {
enable = true;
displayManager = {
lightdm.enable = lib.mkDefault true;
};
desktopManager.xterm.enable = false;
windowManager.i3.enable = true;
# mouse/touchpad
# --------------
};
services.libinput = {
enable = true;
touchpad = {
disableWhileTyping = true;
tapping = true;
scrollMethod = "twofinger";
accelSpeed = "1.3";
naturalScrolling = true;
horizontalScrolling = true;
};
};
# Packages
# --------
environment.systemPackages = with pkgs; [
xclip
xtrlock-pam
xorg.xev
dmenu
arandr
xcalib
flameshot
feh
];
# Xresources config
# -----------------
# spread the Xresource config
# across different files
# just add a file into `/etc/X11/Xresource.d/` and it will be
# evaluated.
services.xserver.displayManager.sessionCommands = ''
for file in `ls /etc/X11/Xresource.d/`
do
${pkgs.xorg.xrdb}/bin/xrdb -merge /etc/X11/Xresource.d/$file
done
'';
environment.etc."/X11/Xresource.d/.keep".text = "";
};
}

30
components/gui/xorg/xlock.nix
View file

@ -1,30 +0,0 @@
{
lib,
pkgs,
config,
...
}:
with lib;
let
name = "lock";
# the lock program
lockProgram = pkgs.writeShellScriptBin "${name}" ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
'';
in
{
config = mkIf config.components.gui.xorg.enable {
environment.systemPackages = [
lockProgram
(pkgs.makeDesktopItem {
name = "lock";
desktopName = "lock";
exec = "${lockProgram}/bin/lock";
terminal = false;
})
];
};
}

93
components/mainUser.nix
View file

@ -1,93 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
cfg = config.components.mainUser;
# todo : use optionalList
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
in
{
options.components.mainUser = {
enable = mkEnableOption "enable mainUser for a system";
userName = mkOption {
type = str;
default = "palo";
description = ''
name of the main user
'';
};
uid = mkOption {
type = int;
default = 1337;
description = ''
uid of main user
'';
};
extraGroups = mkOption {
default = [ ];
type = listOf str;
description = ''
list of groups the main user should also be in
'';
};
authorizedKeyFiles = mkOption {
default = [ ];
type = listOf str;
description = ''
list of keys allowed to login as this user
'';
};
};
config = mkIf cfg.enable {
users = {
mutableUsers = lib.mkDefault true;
defaultUserShell = pkgs.zsh;
groups.mainUser.name = cfg.userName;
users.mainUser = {
isNormalUser = true;
name = cfg.userName;
uid = cfg.uid;
home = "/home/${cfg.userName}";
initialPassword = cfg.userName;
extraGroups = [
"wheel"
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name;
};
};
};
}

15
components/media/default.nix
View file

@ -1,15 +0,0 @@
{ pkgs, lib, ... }:
with lib;
{
options.components.media = {
enable = lib.mkEnableOption "Media configurations";
};
imports = [
./icecast.nix
./tts.nix
./video.nix
];
config = mkIf config.components.media.enable { };
}

76
components/media/icecast.nix
View file

@ -1,76 +0,0 @@
# --------------------------------------------------
# How to use?
# * start the icecast
# * connect via mixxx to it.
# * add the podcast to mpd in the same network
# --------------------------------------------------
{
pkgs,
config,
lib,
...
}:
with lib;
let
# todo : make option
user = "username";
password = "password";
mountPoint = "/radio.mp3";
maxListeners = 20;
in
{
options.components.media.icecast.enable = mkOption {
type = lib.types.bool;
#default = config.components.media.enable;
default = false;
};
config = mkIf (config.components.media.icecast.enable) {
services.icecast = {
enable = true;
hostname = config.networking.hostName;
admin = {
user = "palo";
password = "palo";
};
# http://icecast.org/docs/icecast-2.4.1/config-file.html
extraConf = ''
<mount type="normal">
<mount-name>${mountPoint}</mount-name>
<username>${user}</username>
<password>${password}</password>
<max-listeners>${toString maxListeners}</max-listeners>
<max-listener-duration>3600</max-listener-duration>
<charset>UTF8</charset>
<public>1</public>
<stream-name>Palos Awesome Stream</stream-name>
<stream-description>Kick ass Tracks</stream-description>
<stream-url>https://ingolf-wagner.de</stream-url>
<genre>classical</genre>
<bitrate>320</bitrate>
<type>application/ogg</type>
<subtype>vorbis</subtype>
<hidden>1</hidden>
<burst-size>65536</burst-size>
<mp3-metadata-interval>4096</mp3-metadata-interval>
</mount>
'';
};
# use port which I can see in iptable -L -v -n
networking.firewall = {
allowedTCPPorts = [ config.services.icecast.listen.port ];
allowedUDPPorts = [ config.services.icecast.listen.port ];
};
# don't want to have the service running all the time
# ---------------------------------------------------
systemd.services.icecast.wantedBy = lib.mkForce [ ];
systemd.services.icecast.after = lib.mkForce [ ];
};
}

19
components/media/sanitize_folder.sh
View file

@ -1,19 +0,0 @@
#!/bin/bash
# todo : add a dry-run
sanitize() {
shopt -s extglob
filename=$(basename "$1")
directory=$(dirname "$1")
filename_clean="${filename//+([^[:alnum:]_-\\.])/_}"
if [[ $filename != "$filename_clean" ]]; then
mv -v --backup=numbered "$1" "$directory/$filename_clean"
fi
}
export -f sanitize
find "$1" -depth -exec bash -c 'sanitize "$0"' {} \;

79
components/media/tts.nix
View file

@ -1,79 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.media.tts-server.enable = mkOption {
type = lib.types.bool;
#default = config.components.media.enable;
default = false;
};
options.components.media.tts-client.enable = mkOption {
type = lib.types.bool;
default = config.components.media.enable;
};
config = mkMerge [
(mkIf (config.components.media.tts-client.enable) {
environment.systemPackages = [
pkgs.espeak-ng
pkgs.tts
(pkgs.writers.writeDashBin "tts-en" ''
${pkgs.tts}/bin/tts --model_name "tts_models/en/ljspeech/vits" "$@"
'')
(pkgs.writers.writeDashBin "tts-de" ''
${pkgs.tts}/bin/tts --model_name "tts_models/de/thorsten/vits" "$@"
'')
];
})
(mkIf (config.components.media.tts-server.enable) {
# find models with ${pkgs.tts}/bin/tts --list_models
services.tts = {
servers = {
english = {
enable = true;
port = 5300;
#model = "tts_models/en/ljspeech/tacotron2-DDC";
model = "tts_models/en/ljspeech/vits";
};
german = {
enable = true;
port = 5301;
#model = "tts_models/de/thorsten/tacotron2-DDC";
model = "tts_models/de/thorsten/vits";
};
};
};
# fixes some issues
systemd.services.tts-german.serviceConfig.RestrictAddressFamilies = [
"AF_UNIX"
];
systemd.services.tts-english.serviceConfig.RestrictAddressFamilies = [
"AF_UNIX"
];
services.nginx = {
recommendedProxySettings = true;
enable = true;
virtualHosts."tts.${config.networking.hostName}.private" = {
locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.english.port}";
};
virtualHosts."en.tts.${config.networking.hostName}.private" = {
locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.english.port}";
};
virtualHosts."de.tts.${config.networking.hostName}.private" = {
locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.german.port}";
};
};
})
];
}

179
components/media/video.nix
View file

@ -1,179 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
let
obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
};
# Lassulus streaming setup
# -------------------------
# ffmpeg \
# -f pulse \
# -i default \
# -vaapi_device /dev/dri/renderD128 \
# -f x11grab \
# -video_size 1366x768 \
# -i :0 \
# -vf 'hwupload,scale_vaapi=format=nv12' \
# -c:v h264_vaapi \
# -c:a aac \
# -b:a 96k \
# -af "highpass=f=200, lowpass=f=3000" \
# -qp 30 \
# -f flv \
# rtmp://lassul.us:1935/stream/nixos \
# ./rc3-output-$(date +%d%H%M%S).mp4
#
# Dann abspielen mit :
# mpv rtmp://lassul.us:1935/stream/nixos
# show keyboard input on desktop for screencasts
screenKey = pkgs.symlinkJoin {
name = "screen-keys";
paths =
let
screenKeyScript =
{
position ? "bottom",
size ? "small",
...
}:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
''
${pkgs.screenkey}/bin/screenkey \
--no-detach \
--bg-color '#fdf6e3' \
--font-color '#073642' \
-p ${position} \
-s ${size} \
"$@"
'';
in
lib.flatten (
lib.flip map
[
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
};
mpvReview =
let
moveToDir =
key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
delete = moveToDir "D" "./.graveyard";
good = moveToDir "G" "./.good";
in
pkgs.writers.writeDashBin "mpv-review" ''
exec ${pkgs.mpv}/bin/mpv --no-config --script=${delete} --script=${good} "$@"
'';
alphaSafe = pkgs.writers.writeBashBin "alpha-safe" ''
export PATH=${pkgs.gnused}/bin:$PATH
echo "$1" | sed 's/[^a-zA-Z0-9]/-/g' | sed 's/--/-/g' | sed 's/-$//g'
'';
sanitizeFolder = pkgs.writers.writeBashBin "sanitize-folder" (fileContents ./sanitize_folder.sh);
in
{
options.components.media.video.enable = mkOption {
type = lib.types.bool;
default = config.components.media.enable;
};
config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [
{
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-backgroundremoval
obs-vaapi
];
};
}
];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
environment.systemPackages = with pkgs; [
yt-dlp
mplayer
mpv
mpvReview
# sanitazion
alphaSafe
sanitizeFolder
# obs studio stuff
obs-cli
v4l-utils
obs-cmd
# to record your screen
# ---------------------
simplescreenrecorder
screenKey
#obs-studio
# to transcode video material
# ---------------------------
handbrake
ffmpeg-full
];
};
}

21
components/monitor/container.nix
View file

@ -1,21 +0,0 @@
{
lib,
config,
inputs,
...
}:
with lib;
with types;
{
imports = [
../timezone.nix
];
config = {
telemetry.enable = mkDefault true;
telemetry.metrics.enable = mkDefault false;
telemetry.opentelemetry.enable = false;
services.journald.extraConfig = "SystemMaxUse=1G";
};
}

23
components/network/avahi.nix
View file

@ -1,23 +0,0 @@
{ ... }:
{
# true => ping chungus working
# false => ping chungus not working
services.resolved = {
llmnr = "false";
#extraConfig = "mDNS=false";
};
#systemd.services.systemd-resolved.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
#services.avahi.enable = false;
services.avahi = {
enable = true;
nssmdns = true;
extraConfig = ''
[server]
disallow-other-stacks=yes
'';
interfaces = [ "tinc.private" ];
};
}

24
components/network/default.nix
View file

@ -1,24 +0,0 @@
{ pkgs, lib, ... }:
with lib;
with types;
{
options.components.network = {
enable = mkOption {
type = bool;
default = true;
};
};
imports = [
#./avahi.nix
./hosts.nix
./nginx.nix
./sshd
./syncthing.nix
./tinc
./wifi.nix
./wireguard.nix
];
config = mkIf config.components.network.enable { };
}

9
components/network/hosts.nix
View file

@ -1,9 +0,0 @@
{ clanLib, ... }:
{
networking.extraHosts = ''
95.216.66.212 orbi.public
'';
services.openssh.knownHosts = {
"orbi.public".publicKey = clanLib.readFact "ssh.id_ed25519.pub" "orbi";
};
}

254
components/network/nginx.nix
View file

@ -1,254 +0,0 @@
{
config,
lib,
pkgs,
assets,
...
}:
with lib;
{
options.components.network.nginx.enable = mkOption {
type = lib.types.bool;
default = config.components.network.enable;
};
options.components.network.nginx.landingpage.enable = mkOption {
type = lib.types.bool;
default = config.components.network.nginx.enable;
};
config = mkMerge [
(mkIf (config.components.network.nginx.enable) {
environment.systemPackages = [
pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" {
flakeIgnore = [
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
];
security.acme.defaults.email = "contact@ingolf-wagner.de";
security.acme.acceptTerms = true;
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for loki logging
commonHttpConfig = ''
log_format logfmt
'timestamp="$time_iso8601" '
'facility="nginx" '
'src_addr="$remote_addr" '
'body_bytes_sent="$body_bytes_sent" '
'request_time="$request_time" '
'response_status="$status" '
'request_method="$request_method" '
'request="$request" '
'host="$host" '
'upstream_cache_status="$upstream_cache_status" '
'upstream_addr="$upstream_addr" '
'http_x_forwarded_for="$http_x_forwarded_for" '
'http_referrer="$http_referer" '
'http_user_agent="$http_user_agent" ';
log_format json_combined escape=json
'{'
'"timestamp":"$time_iso8601",'
'"facility":"nginx",'
'"src_addr":"$remote_addr",'
'"body_bytes_sent":"$body_bytes_sent",'
'"request_time":"$request_time",'
'"response_status":"$status",'
'"request_method":"$request_method",'
'"request":"$request",'
'"host":"$host",'
'"upstream_cache_status":"$upstream_cache_status",'
'"upstream_addr":"$upstream_addr",'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"http_referrer":"$http_referer",'
'"http_user_agent":"$http_user_agent"'
'}';
# log to local journald
access_log syslog:server=unix:/dev/log,nohostname logfmt;
'';
};
services.nginx.package = pkgs.nginxMainline;
})
(mkIf (config.components.network.nginx.landingpage.enable) {
services.nginx.virtualHosts."${config.networking.hostName}.private" = {
default = lib.mkDefault true;
locations."/" = {
root = pkgs.landingpage.override {
jsonConfig =
let
entry =
{
machine,
items ? [ ],
}:
{
text = machine;
items = [
{
label = "Syncthing";
href = "http://${machine}.private:8384/";
image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
}
{
label = "netdata";
href = "http://${machine}.private:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
}
] ++ items;
};
in
[
{ title = "System Links"; }
(entry {
machine = "orbi";
items = [
{
label = "Jellyfin";
href = "http://flix.ingolf-wagner.de/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "PhotoPrism";
href = "http://10.100.0.1:2342/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Build Bot";
href = "http://orbi.private:8010";
image = "https://i.giphy.com/media/v1.Y2lkPTc5MGI3NjExd2gxZDg4Mm92c280OWxlZXJoZ3V6MWozamI5c3M2dnd1M3pma2lydiZlcD12MV9pbnRlcm5hbF9naWZfYnlfaWQmY3Q9Zw/UqcFByCQIOloWRXUxs/giphy.gif";
}
];
})
(entry {
machine = "chungus";
items = [
{
label = "Grafana";
href = "http://grafana.chungus.private/explore";
image = "https://raw.githubusercontent.com/cncf/landscape/master/hosted_logos/grafana-loki.svg";
}
{
label = "Jellyfin";
href = "http://chungus:8096/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "HomeAssistant";
href = "http://chungus.private:8123/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Zigbee2Mqtt";
href = "http://chungus.private:9666/";
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
}
{
label = "Kitchen";
href = "http://192.168.178.101/";
image = "https://i.giphy.com/3o7TKsrMIW65QT7VWo.webp";
}
{
label = "Living Room";
href = "http://192.168.178.102/";
image = "https://i.giphy.com/3o7TKsrMIW65QT7VWo.webp";
}
];
})
(entry { machine = "cherry"; })
#(entry { machine = "cream"; })
(entry { machine = "mobi"; })
(entry { machine = "bobi"; })
{
title = "Various Links";
items = [
{
label = "Terrapen";
href = "http://192.168.178.31/";
image = "https://i.giphy.com/W08brEWFt7EpA5y2jI.webp";
}
{
label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects";
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
}
{
label = "Cups";
href = "http://localhost:631/";
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
}
];
}
{
text = "NixOS Links";
items = [
{
label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "NixOS Reference";
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html";
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
}
{
label = "NixOS Language specific helpers";
href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "NixOS Weekly";
href = "https://weekly.nixos.org/";
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
}
{
label = "NixOS Security";
href = "https://broken.sh/";
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
}
{
label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/";
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
}
];
}
{ urlEncode = true; }
];
};
};
};
})
];
}

74
components/network/sshd/default.nix
View file

@ -1,74 +0,0 @@
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
let
cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
'';
in
{
imports = [
./known-hosts-public.nix
./known-hosts-manual.nix
./known-hosts-zerotier.nix
];
options.components.network.sshd = {
enable = mkOption {
type = bool;
default = true;
};
onlyTincAccess = mkOption {
type = bool;
default = false;
description = ''
make sure ssh is only available trough the tinc
'';
};
};
config = mkMerge [
(mkIf cfg.enable {
environment.systemPackages = [
pkgs.sshfs
pkgs.mosh
];
services.openssh = {
enable = true;
settings.X11Forwarding = false;
settings.PasswordAuthentication = false;
# We might want to remove this once, openssh is fixed everywhere:
# Workaround for CVE-2024-6387 and CVE-2024-6409
# https://github.com/NixOS/nixpkgs/pull/323753#issuecomment-2199762128
# settings.LoginGraceTime = 0;
};
# todo enable again when I can it's possible to set the `-q` ssh option in clan
#services.openssh.banner = builtins.readFile sshBanner;
})
(mkIf (cfg.onlyTincAccess && cfg.enable) {
# fixme: this is not working
networking.firewall.extraCommands = ''
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
'';
})
];
}

33
components/network/sshd/known-hosts-manual.nix
View file

@ -1,33 +0,0 @@
{
pkgs,
config,
lib,
clanLib,
...
}:
with lib;
let
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
in
{
config = {
services.openssh.knownHosts = {
orbi = {
hostNames = [
"95.216.66.212"
];
publicKey = publicKey "orbi";
};
forgejo = {
hostNames = [
"[git.ingolf-wagner.de]:2222"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
};
};
};
}

100
components/network/sshd/known-hosts-public.nix
View file

@ -1,100 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
config = mkIf (config.components.network.sshd.enable) {
services.openssh.knownHosts = {
github = {
hostNames = [
"*.github.com"
# List generated with
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
"192.30.252.*"
"192.30.253.*"
"192.30.254.*"
"192.30.255.*"
"185.199.108.*"
"185.199.109.*"
"185.199.110.*"
"185.199.111.*"
"13.229.188.59"
"13.250.177.223"
"18.194.104.89"
"18.195.85.27"
"35.159.8.160"
"52.74.223.119"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
gitlab = {
hostNames = [ "gitlab.com" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
};
gitlab-bk = {
hostNames = [
"gitlab.bk-bund-berlin.de"
"116.203.133.59"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
};
# space-left
gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
};
# c-base
"bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
};
"shell.cbase" = {
hostNames = [ "shell.c-base.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
};
"kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
};
"cns.cbase" = {
hostNames = [ "cns.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
};
"lassulus" = {
hostNames = [ "[lassul.us]:45621" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
renoise = {
hostNames = [
"*.renoise.com"
"renoise.com"
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
};
git-renoise = {
hostNames = [
"[git.renoise.com]:2229"
"[94.130.128.97]:2229"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
};
"siteground" = {
hostNames = [
"[es5.siteground.eu]:18765"
"[37.60.224.6]:18765"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
};
"cracksucht.de" = {
hostNames = [ "cracksucht.de" ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
};
};
};
}

46
components/network/sshd/known-hosts-zerotier.nix
View file

@ -1,46 +0,0 @@
{
lib,
config,
clanLib,
...
}:
with lib;
with types;
let
machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines (machine: {
hostNames = [
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
});
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs' (
machine: publicKey:
nameValuePair "boot_${machine}" {
inherit publicKey;
hostNames = [
"[${machine}]:2222"
"[${machine}.public]:2222"
];
}
) bootMachines;
in
{
# todo : move this to the proper place
options.components.network.zerotier = {
enable = mkOption {
type = bool;
default = false; # todo : properly set this
};
};
config = mkIf config.components.network.zerotier.enable {
services.openssh.knownHosts = knownHosts // knownBootHosts;
};
}

155
components/network/syncthing.nix
View file

@ -1,155 +0,0 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
{
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
clan.core.facts.services.syncthing = factsGenerator.syncthing { };
services.syncthing = {
guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
overrideDevices = lib.mkDefault true;
key = config.clan.core.facts.services.syncthing.secret."syncthing.key".path;
cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
settings.devices =
let
clanMachines =
lib.mapAttrs
(machine: facts: {
name = machine;
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: {
"${machine}" = {
name = machine;
id = id;
#addresses = [ "tcp://${machine}.private:22000" ];
};
};
in
clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "iPad" "NEGOJYU-EEDRM4E-XVZUKFO-63LAIOO-WHFFS2V-3SH3KR2-VYEFQLW-4QOFBQU")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
settings.folders = {
audiobooks = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks";
devices = [
"chungus"
"orbi"
];
};
books = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [
"chungus"
# "cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "2";
};
};
desktop = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [
"chungus"
# "cream"
"cherry"
];
};
finance = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [
"chungus"
# "cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "10";
};
};
flix = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix";
devices = [
"chungus"
"orbi"
];
};
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [
"cherry"
"chungus"
"iPad"
"iPhone"
];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [
"chungus"
"orbi"
];
};
oscar_cpap = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap";
devices = [
"chungus"
# "cream"
"cherry"
];
};
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [
"chungus"
# "cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "10";
};
};
# to share big stuff public
share = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [
# "cream"
"cherry"
"orbi"
];
};
};
};
}

46
components/network/tinc/default.nix
View file

@ -1,46 +0,0 @@
{
lib,
config,
factsGenerator,
clanLib,
...
}:
with lib;
{
options.tinc = {
private = {
enable = mkEnableOption "private tinc setup";
ipv4 = mkOption { type = types.str; };
subnet = mkOption {
type = types.str;
default = "10.23.42.0/24";
};
};
secret = {
enable = mkEnableOption "secret tinc setup";
ipv4 = mkOption {
type = types.str;
};
};
};
config = mkMerge [
(mkIf config.tinc.private.enable (
import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
(mkIf config.tinc.secret.enable (
import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
];
}

110
components/network/tinc/private.nix
View file

@ -1,110 +0,0 @@
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
factsGenerator,
mapAttrsToList,
clanLib,
...
}:
let
hosts = {
bobi = "10.23.42.25";
cherry = "10.23.42.29";
chungus = "10.23.42.28";
# cream = "10.23.42.27";
mobi = "10.23.42.23";
orbi = "10.23.42.100";
};
subDomains = {
# orbi
"transmission2.orbi" = hosts.orbi;
"sonarr.orbi" = hosts.orbi;
"radarr.orbi" = hosts.orbi;
"lidarr.orbi" = hosts.orbi;
"prowlarr.orbi" = hosts.orbi;
"photoprism.orbi" = hosts.orbi;
# chungus
"video.chungus" = hosts.chungus;
"music.chungus" = hosts.chungus;
"de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus;
"git.chungus" = hosts.chungus;
"grafana.chungus" = hosts.chungus;
"loki.chungus" = hosts.chungus;
"prometheus.chungus" = hosts.chungus;
"s3.chungus" = hosts.chungus;
"minio.chungus" = hosts.chungus;
"sync.chungus" = hosts.chungus;
"tdarr.chungus" = hosts.chungus;
"tts.chungus" = hosts.chungus;
"paperless.chungus" = hosts.chungus;
};
network = "private";
Ed25519PublicKey = clanLib.readFact "tinc.private.ed25519_key.pub";
in
{
networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
clan.core.facts.services.tinc_private = factsGenerator.tinc { name = "private"; };
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [ { address = hosts.mobi; } ];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
bobi = {
subnets = [ { address = hosts.bobi; } ];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
# cream = {
# subnets = [ { address = hosts.cream; } ];
# settings.Ed25519PublicKey = Ed25519PublicKey "cream";
# };
cherry = {
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
};
chungus = {
subnets = [ { address = hosts.chungus; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
};
orbi = {
addresses = [ { address = "95.216.66.212"; } ];
subnets = [ { address = hosts.orbi; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
};
};
};
};
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
}

113
components/network/tinc/secret.nix
View file

@ -1,113 +0,0 @@
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
mapAttrsToList,
factsGenerator,
...
}:
let
port = 721;
hosts = {
cherry = "10.123.42.29";
# cream = "10.123.42.27";
robi = "10.123.42.123";
sternchen = "10.123.42.25";
sterni = "10.123.42.24";
};
network = "secret";
in
{
clan.core.facts.services.tinc_secret = factsGenerator.tinc { name = "secret"; };
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = ''
LocalDiscovery = yes
Port = ${toString port}
'';
hostSettings = {
sternchen = {
subnets = [ { address = hosts.sternchen; } ];
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
};
# cream = {
# subnets = [ { address = hosts.cream; } ];
# settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
# };
cherry = {
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
};
sterni = {
subnets = [ { address = hosts.sterni; } ];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
robi = {
addresses = [
{
address = "144.76.13.147";
port = port;
}
];
subnets = [ { address = hosts.robi; } ];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
};
};
};
};
systemd.network.enable = true;
systemd.network.networks.${network}.extraConfig = ''
[Match]
Name = tinc.${network}
[Link]
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
MTUBytes=1377
[Network]
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
RequiredForOnline = no
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
services.openssh.knownHosts = {
# "cream.${network}" = {
# hostNames = [
# "cream.${network}"
# hosts.cream
# ];
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
# };
"sternchen.${network}" = {
hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
};
"sterni.${network}" = {
hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"robi" = {
hostNames = [
"robi.${network}"
hosts.robi
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
};
}

53
components/network/wifi.nix
View file

@ -1,53 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
with types;
{
options.components.network.wifi.enable = mkOption {
type = bool;
default = config.components.network.enable;
};
config = mkIf config.components.network.wifi.enable {
networking.usePredictableInterfaceNames = true;
networking.networkmanager.enable = true;
networking.networkmanager.wifi.powersave = lib.mkDefault true;
# The number of times a connection activation should be automatically tried
# before switching to another one. This value applies only to connections
# that can auto-connect and have a connection. autoconnect-retries property set to -1.
# If not specified, connections will be tried 4 times.
# Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing.
# systemd.services.systemd-networkd-wait-online.enable = false;
systemd.services.NetworkManager-wait-online.enable = false;
environment.systemPackages = [
(pkgs.writeShellScriptBin "scan-wifi" ''
# todo : use column to make a nice view
${pkgs.wirelesstools}/bin/iwlist scan | \
grep -v "Interface doesn't support scanning" | \
sed -e '/^\s*$/d' | \
grep -e "ESSID" -e "Encrypt" | \
sed -e "s/Encryption key:on/encrypted/g" | \
sed -e "s/Encryption key:off/open/g" | \
sed -e "s/ESSID://g" | \
xargs -L 2 printf "%9s - '%s'\n"
'')
];
};
}

33
components/network/wireguard.nix
View file

@ -1,33 +0,0 @@
{ lib, config, ... }:
with lib;
{
options.wireguard = {
wg0 = {
subnet = mkOption {
type = types.str;
default = "10.100.0.1/24";
};
};
};
# todo: use networking.wireguard instead of networking wg-quick
# with dynamicEndpointRefreshSeconds
#config = {
# systemd.services.wg-quick-wg0.serviceConfig = {
# Restart = "always";
# RestartSec = 50;
# Type = mkForce "simple";
# RemainAfterExit = mkForce false;
# };
#};
config = {
networking.extraHosts = ''
10.100.0.1 cache.orbi.wg0
10.100.0.1 orbi.wg0
10.100.0.2 chungus.wg0
'';
};
}

14
components/nixos/default.nix
View file

@ -1,14 +0,0 @@
{ config, lib, ... }:
{
imports = [
./upgrade-diff.nix
];
options.components.nixos.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
config = lib.mkIf (config.components.nixos.enable) { };
}

27
components/nixos/upgrade-diff.nix
View file

@ -1,27 +0,0 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{
config,
lib,
pkgs,
...
}:
{
options.components.nixos.update-diff.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.nixos.enable;
};
config = lib.mkIf (config.components.nixos.update-diff.enable) {
system.activationScripts.diff = {
supportsDryActivation = true;
text = ''
if [[ -e /run/current-system ]]; then
echo "--- diff to current-system"
${pkgs.nvd}/bin/nvd --nix-bin-dir=${config.nix.package}/bin diff /run/current-system "$systemConfig"
echo "---"
fi
'';
};
};
}

42
components/terminal/bash.nix
View file

@ -1,42 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.bash.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.bash.enable) {
programs.bash = {
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
interactiveShellInit = "set -o vi";
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";
la = "ls -Ah";
ll = "ls -lh";
lt = "ls -lct --reverse";
less = "less -S";
top = "htop";
version = "date '+%Y%m%d%H%M%S'";
vclip = "xclip -selection clipboard";
df = "df -h";
timestamp = "date +%Y%m%d%H%M%S";
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
};
};
};
}

33
components/terminal/default.nix
View file

@ -1,33 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.terminal = {
enable = mkOption {
type = types.bool;
default = true;
};
};
imports = [
./direnv.nix
./git.nix
./heygpt.nix
./remote-install.nix
./wtf.nix
./zsh.nix
];
config = mkIf config.components.terminal.enable {
environment.systemPackages = [
pkgs.ranger # datei browser
pkgs.retry # retry command till success
pkgs.silver-searcher
pkgs.treefmt
];
};
}

34
components/terminal/direnv.nix
View file

@ -1,34 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.direnv.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.direnv.enable) {
environment.systemPackages = [ pkgs.direnv ];
home-manager.sharedModules = [
{
programs.direnv.enable = true;
programs.git.ignores = [
".envrc"
".direnv"
];
}
];
programs.zsh.interactiveShellInit = ''
eval "$(${pkgs.direnv}/bin/direnv hook zsh)"
'';
programs.bash.interactiveShellInit = ''
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
'';
};
}

31
components/terminal/heygpt.nix
View file

@ -1,31 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.terminal.heygpt.enable = mkOption {
type = lib.types.bool;
#default = config.components.terminal.enable;
default = false;
};
config = mkIf (config.components.terminal.heygpt.enable) {
environment.systemPackages = [
(pkgs.writers.writeBashBin "heygpt" ''
export OPENAI_API_BASE="https://api.openai.com/v1"
export OPENAI_API_KEY=$(pass openai/apikey)
${lib.getExe pkgs.heygpt} "$@"
'')
(pkgs.writers.writeBashBin "heygpt-models" ''
export OPENAI_API_KEY=$(pass openai/apikey)
${getExe pkgs.curl} https://api.openai.com/v1/models \
-H "Authorization: Bearer $OPENAI_API_KEY" \
| ${getExe pkgs.jq} --raw-output '.data[] | .id' \
| ${getExe pkgs.gum} filter
'')
];
};
}

31
components/terminal/remote-install.nix
View file

@ -1,31 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.remote-install.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.remote-install.enable) {
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.liveos.map = [ { port = 1337; } ];
};
environment.systemPackages = [
(pkgs.writeShellScriptBin "remote-install-start-service" ''
echo "starting announcment server to receive remote-install iso onion id"
${pkgs.nmap}/bin/ncat -k -l -p 1337
'')
(pkgs.writeShellScriptBin "remote-install-get-hiddenReceiver" ''
sudo cat /var/lib/tor/onion/liveos/hostname
'')
];
};
}

56
components/terminal/zsh.nix
View file

@ -1,56 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.zsh.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.zsh.enable) {
# root uses zsh on default
users.users.root.shell = pkgs.zsh;
programs.zsh = {
enable = true;
enableCompletion = true;
syntaxHighlighting.enable = true;
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";
la = "ls -Ah";
ll = "ls -lh";
lt = "ls -lct --reverse";
less = "less -S";
top = "htop";
version = "date '+%Y%m%d%H%M%S'";
vclip = "xclip -selection clipboard";
df = "df -h";
timestamp = "date +%Y%m%d%H%M%S";
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
};
interactiveShellInit = ''
kpaste() {
arg=cat
if [[ $# -ne 0 ]]; then
arg+=("''${@}")
elif [[ -t 0 ]] && [[ -o interactive ]]; then
arg=(wl-paste)
fi
"''${arg[@]}" | curl -sS http://p.r --data-binary @- | \
sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
}
'';
};
};
}

9
components/timezone.nix
View file

@ -1,9 +0,0 @@
{ lib, ... }:
{
# some system stuff
# -----------------
time.timeZone = "Europe/Berlin";
#time.timeZone = "Pacific/Auckland";
#time.timeZone = "Asia/Singapore";
#time.timeZone = "Asia/Makassar";
}

15
components/virtualisation/default.nix
View file

@ -1,15 +0,0 @@
{ config, lib, ... }:
{
imports = [
./docker.nix
./podman.nix
./virtualbox.nix
./qemu.nix
];
options.components.virtualisation.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}

21
components/virtualisation/docker.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.docker.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.docker.enable {
virtualisation.docker.enable = true;
};
}

24
components/virtualisation/podman.nix
View file

@ -1,24 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.podman.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.podman.enable {
virtualisation.podman.enable = true;
# make sure /var/lib/containers/storage is a zfs dataset
virtualisation.podman.extraPackages = [ pkgs.zfs ];
};
}

32
components/virtualisation/qemu.nix
View file

@ -1,32 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.qemu.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.qemu.enable {
virtualisation.libvirtd.enable = true;
#virtualisation.libvirtd.allowedBridges = ["virbr0"];
virtualisation.libvirtd.onShutdown = "shutdown";
environment.systemPackages = [
pkgs.qemu_kvm
#(pkgs.quickemu.override { qemu_full = pkgs.qemu_kvm; })
pkgs.quickemu
pkgs.virt-manager
];
users.users.mainUser.extraGroups = [ "libvirtd" ];
};
}

26
components/virtualisation/virtualbox.nix
View file

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.virtualbox.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.virtualbox.enable {
virtualisation.virtualbox = {
host.enable = true;
guest.enable = true;
};
users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ];
};
}

50
components/yubikey.nix
View file

@ -1,50 +0,0 @@
# References:
# * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.yubikey.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
# todo move this tho home manager
config = mkIf config.components.yubikey.enable {
services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = [
pkgs.yubikey-personalization
pkgs.yubikey-personalization-gui
pkgs.yubikey-manager
pkgs.yubikey-manager-qt
# for `gpg --export $keyid | hokey lint` to check keys
#pkgs.haskellPackages.hopenpgp-tools
# for otp keys (but I use pass otp)
# pkgs.yubioath-desktop
(pkgs.writers.writeDashBin "gpg-reset-yubikey-id" ''
echo "reset gpg to make new key available"
set -x
set -e
${pkgs.psmisc}/bin/killall gpg-agent
rm -r ~/.gnupg/private-keys-v1.d/
${pkgs.gnupg}/bin/gpg --card-status
echo "now the new key should work"
'')
];
};
}

6
features/boot/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./ssh.nix
./tor.nix
];
}

50
features/boot/ssh.nix
View file

@ -1,50 +0,0 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
{
options.features.boot.ssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
kernelModules = mkOption {
type = listOf str;
default = [ ];
description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
};
};
config = mkIf (config.features.boot.ssh.enable) {
# ssh host key
clan.core.facts.services."boot.ssh" = factsGenerator.ssh { name = "boot"; };
# todo: maybe put this in a component
# boot
boot.initrd.systemd.enable = true;
boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
# network
boot.initrd.systemd.network.enable = true;
boot.initrd.availableKernelModules = config.features.boot.ssh.kernelModules;
# ssh
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222;
hostKeys = [ config.clan.core.facts.services."boot.ssh".secret."ssh.boot.id_ed25519".path ];
};
};
}

76
features/boot/tor.nix
View file

@ -1,76 +0,0 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
{
options.features.boot.tor = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
config = mkIf (config.features.boot.tor.enable) {
# tor secrets
clan.core.facts.services."initrd.tor" = factsGenerator.tor {
name = "initrd";
addressPrefix = "init";
};
boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
genAttrs [
"hostname"
"hs_ed25519_public_key"
"hs_ed25519_secret_key"
] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
);
boot.initrd.systemd.storePaths = [
pkgs.tor
pkgs.iproute2
pkgs.coreutils
];
boot.initrd.systemd.contents = {
"/etc/tor/tor.rc".text = ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 2222 127.0.0.1:2222
'';
};
boot.initrd.systemd.services.tor = {
description = "tor during init";
wantedBy = [ "initrd.target" ];
after = [
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
path = [
pkgs.tor
pkgs.iproute2
pkgs.coreutils
];
script = ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "tor: starting tor"
tor -f /etc/tor/tor.rc --verify-config
tor -f /etc/tor/tor.rc
'';
};
};
}

6
features/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./boot
./network
];
}

6
features/network/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./fail2ban.nix
./sshguard.nix
];
}

58
features/network/fail2ban.nix
View file

@ -1,58 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.features.network.fail2ban.enable = mkOption {
type = lib.types.bool;
default = false;
};
config = mkMerge [
(mkIf config.features.network.fail2ban.enable {
environment.systemPackages = [ pkgs.fail2ban ];
services.fail2ban = {
enable = true;
#package = pkgs.legacy_2311.fail2ban;
jails = { };
};
})
# custom defined jails
# --------------------
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
(mkIf config.features.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-not-found.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";
};
environment.etc = {
# Defines a filter that detects URL probing by reading the Nginx access log
"fail2ban/filter.d/nginx-git-not-found.local".text = ''
[Definition]
failregex = src_addr="<HOST>".*response_statu="404".*host="git\.ingolf-wagner\.de"
journalmatch = _SYSTEMD_UNIT=nginx.service
'';
};
})
(mkIf config.features.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-bad-request.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";
};
environment.etc = {
# Defines a filter that detects URL probing by reading the Nginx access log
"fail2ban/filter.d/nginx-git-bad-request.local".text = ''
[Definition]
failregex = src_addr="<HOST>".*response_statu="400".*host="git\.ingolf-wagner\.de"
journalmatch = _SYSTEMD_UNIT=nginx.service
'';
};
})
];
}

24
features/network/sshguard.nix
View file

@ -1,24 +0,0 @@
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
{
options.features.network.sshguard = {
enable = mkOption {
type = bool;
default = false;
};
};
config = mkIf config.features.network.sshguard.enable {
environment.systemPackages = [ pkgs.ipset ];
services.sshguard.enable = true;
};
}

1420
flake.lock
View file

File diff suppressed because it is too large Load diff

554
flake.nix
View file

@ -1,535 +1,41 @@
{
# "git+file:///<full-path>" for fixing an input
description = "my krops file";
inputs = {
clan-core.inputs.flake-parts.follows = "flake-parts";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
clan-fact-generators.inputs.clan-core.follows = "clan-core";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts";
healthchecks.inputs.nixpkgs.follows = "nixpkgs";
healthchecks.url = "github:mrvandalo/nixos-healthchecks";
#healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
home-manager-utils.inputs.home-manager.follows = "home-manager";
home-manager-utils.url = "github:mrvandalo/home-manager-utils";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
landingpage.url = "github:mrVanDalo/landingpage";
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
permown.inputs.nixpkgs.follows = "nixpkgs";
permown.url = "github:mrVanDalo/module.permown";
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
retiolum.url = "github:Mic92/retiolum";
srvos.url = "github:nix-community/srvos";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix";
taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
telemetry.inputs.nixpkgs.follows = "nixpkgs";
telemetry.url = "github:mrvandalo/nixos-telemetry";
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
treefmt-nix.url = "github:numtide/treefmt-nix";
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
# url = github:SamirTalwar/smoke;
# inputs.nixpkgs.follows = "nixpkgs";
#};
secrets = {
url = "git+ssh://gitlab@gitlab.ingolf-wagner.de/palo/nixos-secrets?ref=main";
flake = false;
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05";
krops = {
url = "github:Mic92/krops";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
inputs@{
clan-core,
clan-fact-generators,
flake-parts,
healthchecks,
home-manager,
home-manager-utils,
landingpage,
nix-topology,
nixos-anywhere,
nixos-hardware,
nixpkgs,
nixpkgs-legacy_2211,
nixpkgs-legacy_2311,
nixpkgs-legacy_2405,
nixpkgs-unstable-small,
permown,
polygon-art,
private-parts,
retiolum,
self,
srvos,
stylix,
taskwarrior,
telemetry,
treefmt-nix,
}:
outputs = { self, nixpkgs, krops, secrets, ... }:
let
inherit (nixpkgs) lib;
meta = rec {
system = "x86_64-linux";
pkgs =
let
allowUnfree = true;
permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
];
in
import nixpkgs {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
inherit (taskwarrior.packages.${system})
bugwarrior
tasksh
taskwarrior-hooks
;
inherit (self.packages.${system})
otpmenu
nsxiv
;
})
];
};
specialArgs = {
inherit inputs;
assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix {
inherit (pkgs) lib;
machineDir = ./machines;
};
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
zerotierInterface = "ztbn67ogn2";
components = ./components;
features = ./features;
};
};
clanSetup =
{
name,
host,
modules,
}:
{
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system;
clan.core.facts.secretStore = "password-store";
imports =
modules
++ defaultModules
++ [
./machines/${name}/configuration.nix
nix-topology.nixosModules.default
];
};
zerotierControllerModule = {
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
};
};
zerotierModules =
{ pkgs, ... }:
{
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
}
];
};
defaultAuthorizedKeys =
{ config, pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
# yubikey key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
];
environment.systemPackages = [ pkgs.borgbackup ];
};
defaultModules = [
# make flake inputs accessiable in NixOS
{
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
# disable emergency mode everywhere, although it might be needed on laptops
boot.initrd.systemd.emergencyAccess = false;
boot.initrd.systemd.suppressedUnits = [
"emergency.service"
"emergency.target"
];
systemd.enableEmergencyMode = false;
}
# configure nix
(
{
pkgs,
lib,
clanLib,
...
}:
{
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = 1;
# no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
# documentation
# =============
documentation.nixos.enable = true;
#documentation.nixos.includeAllModules = true; # fixme : not working (see down there)
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
documentation.nixos.extraModules = [
./components
./features
#./modules
clan-core.nixosModules.clanCore
telemetry.nixosModules.telemetry
{
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
}
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working
];
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10;
}
)
# My Structure
./components
./features
./modules # todo : spread this across features and components
#./system/all # todo : spread this across features and components
# some modules I always use
telemetry.nixosModules.telemetry
permown.nixosModules.permown
# some default things I always want
(
{ pkgs, ... }:
{
boot.tmp.useTmpfs = lib.mkDefault true;
}
)
];
stylixModules =
{
pkgs,
config,
lib,
...
}:
{
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
home-manager.sharedModules = [
{
# no need for hyperland
# https://github.com/danth/stylix/issues/543
stylix.targets.hyprpaper.enable = lib.mkForce false;
stylix.targets.hyprland.enable = lib.mkForce false;
}
];
stylix.fonts = {
serif = {
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
name = "Ubuntu";
};
sansSerif = {
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
name = "Ubuntu";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
name = "JetBrains Mono";
};
emoji = config.stylix.fonts.monospace;
# emoji = {
# package = pkgs.noto-fonts-emoji;
# name = "Noto Color Emoji";
# };
sizes.popups = 15;
};
};
homeManagerModules =
{ pkgs, config, ... }:
{
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
assets = ./assets;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
taskwarrior.hmModules.bugwarrior
];
};
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
writeCommand = krops.packages.${system}.writeCommand;
in
flake-parts.lib.mkFlake { inherit inputs; } (
{
self,
self',
pkgs,
...
}:
{
systems = [ "x86_64-linux" ];
imports = [
clan-core.flakeModules.default
healthchecks.flakeModule
./nix/formatter.nix
./nix/packages
./nix/topology
];
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
machines = {
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
healthchecks.nixosModules.default
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
(
{ config, ... }:
{
# keys only to access cherry
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
];
}
)
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
healthchecks.nixosModules.default
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
(
{ config, ... }:
{
# keys only to access chungus
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
];
}
)
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
defaultAuthorizedKeys
healthchecks.nixosModules.default
homeManagerModules
stylixModules
zerotierModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
probe = clanSetup {
name = "probe";
#host = "167.235.205.150";
host = "95.217.18.54";
modules = [
defaultAuthorizedKeys
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
#inputs.clan-core.clanModules.sshd
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
usbstick = clanSetup {
name = "usbstick";
#host = "usbstick.bear";
host = "10.100.0.100";
modules = [
defaultAuthorizedKeys
homeManagerModules
stylixModules
zerotierModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "USB-Stick for Backup";
}
];
};
};
{
# deployment
apps.${system} = {
# nix run ".#deploy.sterni"
deploy = pkgs.callPackage ./nixos/krops.nix {
inherit writeCommand secrets;
lib = krops.lib;
};
}
);
# nix run ".#test.sterni"
test = pkgs.callPackage ./nixos/krops.nix {
inherit writeCommand secrets;
lib = krops.lib;
nixosRebuildCommand = "test";
};
};
};
}

13
homes/common/default.nix
View file

@ -1,13 +0,0 @@
{ lib, ... }:
{
imports = [
./editor.nix
./network.nix
#./oh-my-posh
./starship-rs
./packages.nix
./terminal.nix
./zfs.nix
];
options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
}

10
homes/common/editor.nix
View file

@ -1,10 +0,0 @@
{ lib, ... }:
{
programs.vim = {
enable = true;
defaultEditor = lib.mkDefault true;
};
programs.helix = {
enable = true;
};
}

34
homes/common/network.nix
View file

@ -1,34 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
config = mkMerge [
{
home.packages = [
# firewall analysis
pkgs.nftables
pkgs.nixos-firewall-tool
# analyser
pkgs.dnsutils
pkgs.tcpdump
pkgs.nmap
pkgs.rustscan
# helper
pkgs.ipcalc
];
}
(mkIf config.gui.enable {
home.packages = [
pkgs.wireshark
];
})
];
}

15
homes/common/oh-my-posh/default.nix
View file

@ -1,15 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
programs.oh-my-posh = {
enable = true;
# https://ohmyposh.dev/docs/themes
#useTheme = "gmay"; # ganz nice, aber farben sind ein bisl schrill
settings = builtins.fromJSON (builtins.readFile ./gmay.json);
};
}

121
homes/common/oh-my-posh/gmay.json
View file

@ -1,121 +0,0 @@
{
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
"blocks": [
{
"alignment": "left",
"segments": [
{
"background": "#076678",
"foreground": "#EBDBB2",
"leading_diamond": "\ue0b6",
"style": "diamond",
"template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
"type": "os"
},
{
"background": "#AF3A03",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " \uf0e7 ",
"type": "root"
},
{
"background": "#076678",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ",
"type": "session"
},
{
"background": "#B57614",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"style": "full"
},
"style": "powerline",
"template": " \ue5ff {{ .Path }} ",
"type": "path"
},
{
"background": "#79740E",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"time_format": "2006-01-02 15:04:05"
},
"style": "powerline",
"template": " {{ .CurrentDate | date .Format }} ",
"type": "time"
},
{
"type": "project",
"style": "powerline",
"powerline_symbol": "",
"foreground": "#193549",
"background": "#ffeb3b",
"template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
},
{
"type": "git",
"style": "powerline",
"powerline_symbol": "",
"background": "#427b58",
"foreground": "#EBDBB2",
"background_templates": [
"{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}",
"{{ if gt .Ahead 0 }}#076678{{ end }}",
"{{ if gt .Behind 0 }}#076678{{ end }}"
],
"template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }}  {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }}  {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }}  {{ .StashCount }}{{ end }}",
"properties": {
"fetch_status": true,
"fetch_upstream_icon": true,
"untracked_modes": {
"/Users/user/Projects/oh-my-posh/": "no"
},
"source": "cli",
"mapped_branches": {
"feat/*": "🚀 ",
"bug/*": "🐛 "
}
}
},
{
"background": "#427B58",
"background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>",
"properties": {
"always_enabled": true
},
"style": "diamond",
"template": " \ueb05 ",
"trailing_diamond": "\ue0b4",
"type": "status"
}
],
"type": "prompt"
},
{
"alignment": "left",
"newline": true,
"segments": [
{
"foreground": "#076678",
"style": "plain",
"template": "\uf0a9 ",
"type": "text"
}
],
"type": "prompt"
}
],
"final_space": true,
"version": 2
}

69
homes/common/oh-my-posh/gruvbox.json
View file

@ -1,69 +0,0 @@
{
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
"blocks": [
{
"alignment": "left",
"segments": [
{
"background": "#3A3A3A",
"foreground": "#ffffff",
"style": "powerline",
"template": "{{ if .WSL }}WSL at{{ end }} {{.Icon}} ",
"type": "os"
},
{
"background": "#fbf1c7",
"background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828",
"foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
"type": "session"
},
{
"background": "#458588",
"foreground": "#282828",
"powerline_symbol": "\ue0b0",
"properties": {
"style": "full"
},
"style": "powerline",
"template": " {{ .Path }} ",
"type": "path"
},
{
"background": "#98971A",
"background_templates": [
"{{ if or (.Working.Changed) (.Staging.Changed) }}#FF9248{{ end }}",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#ff4500{{ end }}",
"{{ if gt .Ahead 0 }}#B388FF{{ end }}",
"{{ if gt .Behind 0 }}#B388FF{{ end }}"
],
"foreground": "#282828",
"leading_diamond": "\ue0b6",
"powerline_symbol": "\ue0b0",
"properties": {
"branch_max_length": 25,
"fetch_stash_count": true,
"fetch_status": true,
"branch_icon": "\uE0A0 ",
"branch_identical_icon": "\u25CF"
},
"style": "powerline",
"template": " {{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }} \uf044 {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }} \uf046 {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }} \ueb4b {{ .StashCount }}{{ end }} ",
"trailing_diamond": "\ue0b4",
"type": "git"
}
],
"type": "prompt"
}
],
"console_title_template": "{{ .Folder }}",
"final_space": true,
"version": 2
}

72
homes/common/packages.nix
View file

@ -1,72 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with pkgs;
with lib;
{
config = mkMerge [
{
home.packages = [
hexyl
units
difftastic
parallel
progress
wget
curl
gimoji
#tldr
tealdeer
navi # cheatsheet manager
bandwhich # todo : put this to common/networking.nix
unzip
genpass
tree
killall
nix-tree
vulnix
(writers.writeBashBin "vulnix-system" ''
${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
'')
# cpu load monitor
glances
];
# cpu load monitor
programs.btop.enable = true;
}
(mkIf config.gui.enable {
home.packages = [
libreoffice
hunspell
hunspellDicts.de-de
hunspellDicts.en-us
aspell
aspellDicts.de
aspellDicts.en
aspellDicts.es
evince
nsxiv
gimp
inkscape
transmission-remote-gtk
];
})
];
}

33
homes/common/starship-rs/default.nix
View file

@ -1,33 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
with config.lib.stylix.colors.withHashtag;
{
programs.starship = {
enable = true;
# download presets from : https://starship.rs/presets/
settings = builtins.fromTOML ((builtins.readFile ./gruvbox-rainbow.toml)) // {
palettes.stylix = {
color_fg0 = base01;
color_terminal_fg = base05;
color_terminal_bg = base00;
color_bg1 = base04;
color_bg2 = base02;
color_bg3 = base03;
color_blue = base0D;
color_aqua = base0C;
color_green = base0B;
color_orange = base0F;
color_purple = base0E;
color_red = base08;
color_yellow = base0A;
};
};
};
}

184
homes/common/starship-rs/gruvbox-rainbow.toml
View file

@ -1,184 +0,0 @@
"$schema" = 'https://starship.rs/config-schema.json'
format = """
$os\
$username\
$hostname \
[](bg:color_yellow fg:color_terminal_bg)\
$directory\
[](fg:color_yellow bg:color_aqua)\
$git_branch\
$git_status\
[](fg:color_aqua bg:color_blue)\
$c\
$rust\
$golang\
$nodejs\
$php\
$java\
$kotlin\
$haskell\
$python\
[](fg:color_blue bg:color_bg3)\
$docker_context\
$conda\
[](fg:color_bg3 bg:color_bg1)\
$time\
[ ](fg:color_bg1)\
$character"""
palette = 'stylix' # we use stylix instead of gruvbox_dark
# todo : use stylix/base16 scheme
[palettes.gruvbox_dark]
color_fg0 = '#fbf1c7'
color_terminal_bg = '#fbf1c7' # original background
color_terminal_fg = '#3c3836' # original foreground
color_bg1 = '#3c3836'
color_bg2 = '#665c54'
color_bg3 = '#665c54'
color_blue = '#458588'
color_aqua = '#689d6a'
color_green = '#98971a'
color_orange = '#d65d0e'
color_purple = '#b16286'
color_red = '#cc241d'
color_yellow = '#d79921'
[os]
disabled = false
style = "bold bg:color_blue fg:color_terminal_bg"
#format = "[$symbol ]($style)"
format = "[](color_blue)[$symbol ]($style)[ ](fg:color_blue bg:color_terminal_bg)"
[os.symbols]
Alpine = ""
Amazon = ""
Android = ""
Arch = "󰣇"
Artix = "󰣇"
CentOS = ""
Debian = "󰣚"
EndeavourOS = ""
Fedora = "󰣛"
Gentoo = "󰣨"
Linux = "󰌽"
Macos = "󰀵"
Manjaro = ""
Mint = "󰣭"
NixOS = ""
Pop = ""
Raspbian = "󰐿"
RedHatEnterprise = "󱄛"
Redhat = "󱄛"
SUSE = ""
Ubuntu = "󰕈"
Windows = "󰍲"
[username]
show_always = true
style_user = "bg:color_terminal_bg fg:color_terminal_fg"
style_root = "bg:color_terminal_bg fg:color_red bold"
format = '[$user]($style)'
[hostname]
ssh_only = true
style = "bg:color_terminal_bg fg:color_terminal_fg"
ssh_symbol = "@"
format = "[$ssh_symbol$hostname]($style)"
[directory]
style = "fg:color_fg0 bg:color_yellow"
format = "[ $path ]($style)"
truncation_length = 3
truncation_symbol = "…/"
[directory.substitutions]
"Documents" = "󰈙 "
"Downloads" = " "
"Music" = "󰝚 "
"Pictures" = " "
"Developer" = "󰲋 "
"dev" = "󰲋 "
[git_branch]
symbol = ""
style = "bg:color_aqua"
format = '[[ $symbol $branch ](fg:color_fg0 bg:color_aqua)]($style)'
[git_status]
style = "bg:color_aqua"
format = '[[($all_status$ahead_behind )](fg:color_fg0 bg:color_aqua)]($style)'
[nodejs]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[c]
symbol = " "
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[rust]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[golang]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[php]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[java]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[kotlin]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[haskell]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[python]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[docker_context]
symbol = ""
style = "bg:color_bg3"
format = '[[ $symbol( $context) ](fg:color_fg0 bg:color_bg3)]($style)'
[conda]
style = "bg:color_bg3"
format = '[[ $symbol( $environment) ](fg:color_fg0 bg:color_bg3)]($style)'
[time]
disabled = false
time_format = "%R"
style = "bg:color_bg1"
format = '[[  $time ](fg:color_fg0 bg:color_bg1)]($style)'
[line_break]
disabled = false
[character]
disabled = false
success_symbol = "[](fg:color_bg2)[ ](bold fg:color_terminal_fg bg:color_bg2)[](fg:color_bg2)"
error_symbol = "[](fg:color_bg2)[ ](bold fg:color_red bg:color_bg2)[](fg:color_bg2)"
vimcmd_symbol = '[](bold fg:color_green)'
vimcmd_replace_one_symbol = '[](bold fg:color_purple)'
vimcmd_replace_symbol = '[](bold fg:color_purple)'
vimcmd_visual_symbol = '[](bold fg:color_yellow)'

65
homes/common/terminal.nix
View file

@ -1,65 +0,0 @@
{
lib,
pkgs,
assets,
...
}:
{
programs.zsh = {
enable = true;
defaultKeymap = lib.mkDefault "viins";
};
programs.bash = {
enable = true;
bashrcExtra = ''
set -o vi
'';
};
# to prevent strange errors
programs.kitty.enable = true;
# a better cat
programs.bat = {
enable = true;
#config.theme = "gruvbox-light";
};
home.shellAliases.cat = "${pkgs.bat}/bin/bat --theme='gruvbox-light'";
home.shellAliases.llt = "${pkgs.eza}/bin/exa -a --tree";
# use z instead of cd
# use zi to fuzzy search through all registered directories
programs.zoxide = {
enable = true;
enableZshIntegration = true;
};
# provide better `Ctrl+r` command in terminal
programs.atuin = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
#package = pkgs.atuin;
package = pkgs.legacy_2405.atuin.overrideAttrs (_old: {
# as cursed as doing mitigations=off in the kernel command line
patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
});
settings = {
auto_sync = true;
sync_frequency = "5m";
sync_address = "http://chungus.private:8888";
search_mode = "fuzzy";
style = "full";
inline_height = 20;
keymap_mode = "vim-normal";
# With workspace filtering enabled, Atuin will filter for commands executed
# in any directory within a git repository tree.
workspaces = true;
};
};
}

33
homes/common/zfs.nix
View file

@ -1,33 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with pkgs;
with lib;
{
config = mkMerge [
{
home.packages = [
(
let
options = [
"name"
"mountpoint"
"compression"
"com.sun:auto-snapshot:yearly"
"com.sun:auto-snapshot:monthly"
"com.sun:auto-snapshot:daily"
"com.sun:auto-snapshot:hourly"
];
in
pkgs.writers.writeBashBin "zfs-overview" ''
${pkgs.zfs}/bin/zfs list -o ${concatStringsSep "," options} "$@"
''
)
pkgs.zfs-prune-snapshots
];
}
];
}

78
homes/palo/default.nix
View file

@ -1,78 +0,0 @@
{ pkgs, ... }:
{
imports = [
../common
./git.nix
./gpg.nix
./gui
./i3.nix
./packages
./ssh.nix
./stylix.nix
./taskwarrior.nix
./tmux.nix
./zellij.nix
];
home.stateVersion = "22.11";
programs.htop = {
enable = true;
settings.highlight_base_name = true;
settings.tree_view = true;
};
xdg.configFile."mimeapps.list".text = ''
[Default Applications]
text/html=browser-select.desktop
x-scheme-handler/http=browser-select.desktop
x-scheme-handler/https=browser-select.desktop
x-scheme-handler/about=browser-select.desktop
x-scheme-handler/mailto=thunderbird.desktop;
x-scheme-handler/unknown=browser-select.desktop
x-scheme-handler/postman=Postman.desktop
image/png=sxiv.desktop
image/jpeg=sxiv.desktop
x-scheme-handler/magnet=userapp-transmission-gtk-YPS6F2.desktop
'';
xdg.configFile."khal/config".text = ''
[calendars]
[[local_calendar]]
path = ~/.calendars/*
type = discover
[locale]
timeformat = %H:%M
dateformat = %Y-%m-%d
longdateformat = %Y-%m-%d
datetimeformat = %Y-%m-%d %H:%M
longdatetimeformat = %Y-%m-%d %H:%M
'';
xdg.configFile."vdirsyncer/config".text = ''
[general]
# A folder where vdirsyncer can store some metadata about each pair.
status_path = "~/.vdirsyncer/status/"
# CALDAV
[pair my_calendar]
a = "nextcloud_calendar"
b = "local_calendar"
collections = ["from a", "from b"]
[storage nextcloud_calendar]
type = "caldav"
url = "https://nextcloud.ingolf-wagner.de/"
username = "palo"
password.fetch = ["command", "${pkgs.pass}/bin/pass", "home/nextcloud/palo/nextcloudcmd-token"]
[storage local_calendar]
type = "filesystem"
path = "~/.calendars/"
fileext = ".ics"
'';
}

43
homes/palo/git.nix
View file

@ -1,43 +0,0 @@
{ pkgs, ... }:
with pkgs;
{
programs.git = {
enable = true;
userName = "Ingolf Wagner";
userEmail = "contact@ingolf-wagner.de";
signing = {
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true;
};
ignores = [
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
extraConfig = {
init.defaultBranch = "main";
pull.ff = "only";
push.autoSetupRemote = true;
};
#diff-so-fancy.enable = true;
difftastic.enable = true;
};
home.packages = [
pre-commit
gita
git-repo-updater
tig
lazygit
git-crypt
gitAndTools.gitflow
gitAndTools.gitSVN
gitAndTools.git2cl
];
}

30
homes/palo/gpg.nix
View file

@ -1,30 +0,0 @@
{ pkgs, ... }:
{
programs.gpg = {
enable = true;
settings = {
auto-key-locate = "local";
keyid-format = "long";
utf8-strings = "";
verbose = "";
with-fingerprint = "";
keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
};
};
services.gpg-agent = {
enable = true;
enableBashIntegration = true;
enableExtraSocket = true;
enableSshSupport = true;
enableZshIntegration = true;
# sshKeys = [];
defaultCacheTtl = 30;
defaultCacheTtlSsh = 30;
pinentryPackage = pkgs.pinentry-gtk2;
};
}

23
homes/palo/gui/alacritty.nix
View file

@ -1,23 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
{
options.gui.alacritty.enable = mkOption {
type = lib.types.bool;
default = config.gui.enable;
};
config = lib.mkIf config.gui.alacritty.enable {
programs.alacritty = {
enable = true;
settings = {
font.size = mkForce 6.5;
};
};
};
}

6
homes/palo/gui/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./alacritty.nix
./kitty.nix
];
}

40
homes/palo/gui/kitty.nix
View file

@ -1,40 +0,0 @@
{
lib,
pkgs,
config,
...
}:
with lib;
{
options.gui.kitty.enable = mkOption {
type = lib.types.bool;
default = config.gui.enable;
};
config = lib.mkIf config.gui.kitty.enable {
programs.kitty = {
enable = true;
settings = {
enable_audio_bell = "no";
focus_follows_mouse = "yes";
#mouse_map left click ungrabbed mouse_handle_click prompt
#mouse_map ctrl+left click ungrabbed mouse_handle_click link
#map ctrl+c copy_to_clipboard
copy_on_select = "yes";
strip_trailing_spaces = "always";
confirm_os_window_close = 0; # 0 disables it; -1 enables it
};
keybindings = {
"super+shift+return" = "new_os_window_with_cwd";
"shift+page_up" = "scroll_page_up";
"shift+page_down" = "scroll_page_down";
# font scaling
"ctrl+equal" = "change_font_size all +1.0";
"ctrl+plus" = "change_font_size all +1.0";
"ctrl+minus" = "change_font_size all -1.0";
};
};
};
}

525
homes/palo/i3.nix
View file

@ -1,525 +0,0 @@
{
config,
lib,
pkgs,
osConfig,
...
}:
with lib;
let
rofi = pkgs.rofi.override {
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
${pkgs.gnused}/bin/sed -E "s/primary //" | \
${pkgs.coreutils-full}/bin/cut -d' ' -f 3 | \
${pkgs.gnused}/bin/sed -E 's/\+.*$//g' | \
${pkgs.coreutils-full}/bin/sort -r | \
${pkgs.coreutils-full}/bin/head -n 1 | \
${pkgs.gawk}/bin/awk -F 'x' '{print "--width="$1" --height="$2}' | \
${pkgs.findutils}/bin/xargs \
${pkgs.polygon-art.polygon-art}/bin/rings \
/dev/shm/background.png && \
${pkgs.imagemagick}/bin/convert /dev/shm/background.png \
-font ${pkgs.ubuntu_font_family}/share/fonts/ubuntu/UbuntuMono-B.ttf \
-gravity Center -pointsize 30 -annotate 0 '${osConfig.networking.hostName}' \
/dev/shm/background_with_text.png && \
${pkgs.feh}/bin/feh --bg-scale /dev/shm/background_with_text.png
'';
in
{
options.gui.i3.enable = mkOption {
type = lib.types.bool;
default = config.gui.enable;
};
config = lib.mkIf config.gui.i3.enable {
home.packages =
let
fixXhost = pkgs.writers.writeBashBin "fix-xhost" ''
${pkgs.xorg.xhost}/bin/xhost + &> /dev/null
'';
in
[
fixXhost
pkgs.autorandr
pkgs.polygon-art.polygon-art
pkgs.xdotool # needed for rofi-emoji
pkgs.xclicker # makes stuff much easier
];
programs.i3status-rust = {
enable = true;
bars = {
my = {
icons = "material-nf"; # nerd fonts (influenced by stylix.font settings)
theme = "gruvbox-light"; # not configured by stylix yet.
# https://github.com/greshake/i3status-rust/blob/v0.22.0/doc/blocks.md
blocks = [
{
block = "cpu";
interval = 1;
}
{
block = "memory";
format = "$icon $mem_used_percents ";
}
{
block = "load";
interval = 1;
format = "$icon $1m";
}
{ block = "net"; }
{ block = "sound"; }
{
block = "battery";
interval = 10;
format = "$icon $percentage $time";
}
{ block = "uptime"; }
{
block = "taskwarrior";
interval = 60;
format = " $icon $count.eng(w:3) todo ";
format_singular = " $icon 1 task ";
format_everything_done = "";
warning_threshold = 10;
critical_threshold = 20;
filters = [
{
name = "active";
filter = "+PENDING and ( +ACTIVE or +DUETODAY or +TODAY or +OVERDUE )";
}
];
}
{
block = "taskwarrior";
interval = 60;
format = " $icon $count.eng(w:2) ";
format_singular = " $icon 1 task ";
format_everything_done = "";
warning_threshold = 3;
critical_threshold = 5;
filters = [
{
name = "started";
filter = "+PENDING and +ACTIVE";
}
];
}
{
block = "time";
interval = 60;
format = " $icon $timestamp.datetime(f:'%Y-%m-%d %R', l:de_DE) ";
}
{
block = "tea_timer";
format = " $icon {$minutes:$seconds |}";
done_cmd = "${pkgs.noti}/bin/noti -t 'Timer Finished'";
}
];
};
};
};
services.copyq = {
enable = true;
};
stylix.targets.i3.enable = true;
xsession = {
enable = true;
windowManager.i3 = {
enable = true;
extraConfig = ''
default_border pixel
default_orientation vertical
'';
config = {
modifier = "Mod4";
#terminal = "alacritty";
terminal = "kitty";
focus = {
followMouse = true;
};
colors.focused = with config.lib.stylix.colors.withHashtag; {
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup = [
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; }
{
command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
always = true;
}
{
command = toString backgroundCommand;
always = true;
}
{
command = toString (
pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap
${pkgs.xorg.xset}/bin/xset -b
# no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off
''
);
always = true;
}
];
bars = [
(
config.lib.stylix.i3.bar
// {
#mode = "hide";
hiddenState = "hide";
position = "top";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ${config.home.homeDirectory}/.config/i3status-rust/config-my.toml";
fonts.size = 10.0;
trayOutput = "primary";
}
)
];
keybindings =
let
cfg = config.xsession.windowManager.i3;
modifier = config.xsession.windowManager.i3.config.modifier;
in
{
"Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
# --- Brightness controls --- #
"XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
# --- Pulse/Pipewire Audio controls --- #
"XF86AudioRaiseVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"${modifier}+Return" = "exec ${cfg.config.terminal}";
"${modifier}+Shift+q" = "exit";
"${modifier}+q" = "kill";
"${modifier}+Left" = "focus left";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Right" = "focus right";
"${modifier}+j" = "focus next";
"${modifier}+k" = "focus prev";
"${modifier}+Shift+Left" = "move left";
"${modifier}+Shift+Down" = "move down";
"${modifier}+Shift+Up" = "move up";
"${modifier}+Shift+Right" = "move right";
"${modifier}+h" = "split h";
"${modifier}+v" = "split v";
"${modifier}+f" = "fullscreen toggle";
"${modifier}+s" = "layout stacking";
"${modifier}+w" = "layout tabbed";
"${modifier}+e" = "layout toggle split";
"${modifier}+t" = "floating toggle";
"${modifier}+b" = "exec ${backgroundCommand}";
"${modifier}+p" = "focus parent";
"${modifier}+Shift+minus" = "move scratchpad";
"${modifier}+minus" = "scratchpad show";
"${modifier}+1" = "workspace 1";
"${modifier}+2" = "workspace 2";
"${modifier}+3" = "workspace 3";
"${modifier}+4" = "workspace 4";
"${modifier}+5" = "workspace 5";
"${modifier}+6" = "workspace 6";
"${modifier}+7" = "workspace 7";
"${modifier}+8" = "workspace 8";
"${modifier}+9" = "workspace 9";
"${modifier}+0" = "workspace 10";
"${modifier}+Shift+1" = "move container to workspace number 1";
"${modifier}+Shift+2" = "move container to workspace number 2";
"${modifier}+Shift+3" = "move container to workspace number 3";
"${modifier}+Shift+4" = "move container to workspace number 4";
"${modifier}+Shift+5" = "move container to workspace number 5";
"${modifier}+Shift+6" = "move container to workspace number 6";
"${modifier}+Shift+7" = "move container to workspace number 7";
"${modifier}+Shift+8" = "move container to workspace number 8";
"${modifier}+Shift+9" = "move container to workspace number 9";
"${modifier}+Shift+0" = "move container to workspace number 10";
"${modifier}+Escape" = "workspace back_and_forth";
# rename workspace
"${modifier}+n" = ''
exec i3-input -F 'rename workspace to "%s"' -P 'New name for this workspace: '
'';
# change to named workspace
"${modifier}+grave" =
let
script = pkgs.writers.writeBash "select-workspace" ''
set -e
set -o pipefail
${pkgs.i3}/bin/i3-msg -t get_workspaces | \
${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \
${rofi}/bin/rofi -dmenu -p 'Select Workspace ' | \
while read line
do
${pkgs.i3}/bin/i3-msg workspace "$line"
done
'';
in
"exec ${script}";
"${modifier}+Shift+grave" =
let
script = pkgs.writers.writeBash "move-workspace" ''
set -e
set -o pipefail
${pkgs.i3}/bin/i3-msg -t get_workspaces | \
${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \
${rofi}/bin/rofi -dmenu -p 'Move to Workspace ' | \
while read line
do
${pkgs.i3}/bin/i3-msg move container to workspace "$line"
done
'';
in
"exec ${script}";
"${modifier}+space" = "exec ${rofi}/bin/rofi -show drun -display-drun ''";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+r" = "mode resize";
# multiple monitors
# autorandr --save docked # to save setup
# autorandr --save undocked # to save setup
# autorandr --change # automatically detects the setup
"${modifier}+BackSpace" =
let
script = pkgs.writers.writeBash "autorandr" ''
${pkgs.autorandr}/bin/autorandr --change
${backgroundCommand}
'';
in
"exec ${toString script}";
# like vimperator
"${modifier}+a" = "exec ${pkgs.i3-easyfocus}/bin/i3-easyfocus";
};
};
};
};
# notification tool
services.dunst = {
enable = true;
settings = {
global = {
# Allow a small subset of html markup:
# <b>bold</b>
# <i>italic</i>
# <s>strikethrough</s>
# <u>underline</u>
#
# For a complete reference see
# <http://developer.gnome.org/pango/stable/PangoMarkupFormat.html>.
# If markup is not allowed, those tags will be stripped out of the
# message.
markup = "yes";
plain_text = "no";
# The format of the message. Possible variables are:
# %a appname
# %s summary
# %b body
# %i iconname (including its path)
# %I iconname (without its path)
# %p progress value if set ([ 0%] to [100%]) or nothing
# Markup is allowed
format = ''
%a
<b>%s</b>
%b'';
# Sort messages by urgency.
sort = "yes";
# Show how many messages are currently hidden (because of geometry).
indicate_hidden = "yes";
# Alignment of message text.
# Possible values are "left", "center" and "right".
alignment = "center";
# The frequency with wich text that is longer than the notification
# window allows bounces back and forth.
# This option conflicts with "word_wrap".
# Set to 0 to disable.
bounce_freq = 0;
# Show age of message if message is older than show_age_threshold
# seconds.
# Set to -1 to disable.
show_age_threshold = 1;
# Split notifications into multiple lines if they don't fit into
# geometry.
word_wrap = "yes";
# Ignore newlines '\n' in notifications.
ignore_newline = "no";
# Hide duplicate's count and stack them
stack_duplicates = "yes";
hide_duplicates_count = "no";
# The geometry of the window:
# [{width}]x{height}[+/-{x}+/-{y}]
# The geometry of the message window.
# The height is measured in number of notifications everything else
# in pixels. If the width is omitted but the height is given
# ("-geometry x2"), the message window expands over the whole screen
# (dmenu-like). If width is 0, the window expands to the longest
# message displayed. A positive x is measured from the left, a
# negative from the right side of the screen. Y is measured from
# the top and down respectevly.
# The width can be negative. In this case the actual width is the
# screen width minus the width defined in within the geometry option.
geometry = "500x10-0+0";
# Shrink window if it's smaller than the width. Will be ignored if
# width is 0.
shrink = "no";
# Don't remove messages, if the user is idle (no mouse or keyboard input)
# for longer than idle_threshold seconds.
# Set to 0 to disable.
idle_threshold = 0;
# The transparency of the window. Range: [0; 100].
# This option will only work if a compositing windowmanager is
# present (e.g. xcompmgr, compiz, etc.).
# transparency = 5
# Which monitor should the notifications be displayed on.
#monitor = keyboard
# Display notification on focused monitor. Possible modes are:
# mouse: follow mouse pointer
# keyboard: follow window with keyboard focus
# none: don't follow anything
#
# "keyboard" needs a windowmanager that exports the
# _NET_ACTIVE_WINDOW property.
# This should be the case for almost all modern windowmanagers.
#
# If this option is set to mouse or keyboard, the monitor option
# will be ignored.
follow = "none";
# Should a notification popped up from history be sticky or timeout
# as if it would normally do.
sticky_history = "yes";
# Maximum amount of notifications kept in history
history_length = 15;
# Display indicators for URLs (U) and actions (A).
show_indicators = "no";
# The height of a single line. If the height is smaller than the
# font height, it will get raised to the font height.
# This adds empty space above and under the text.
line_height = 3;
# Draw a line of "separatpr_height" pixel height between two
# notifications.
# Set to 0 to disable.
separator_height = 1;
# Padding between text and separator.
padding = 1;
# Horizontal padding.
horizontal_padding = 1;
# Print a notification on startup.
# This is mainly for error detection, since dbus (re-)starts dunst
# automatically after a crash.
startup_notification = true;
# Align icons left/right/off
icon_position = "off";
max_icon_size = 80;
frame_width = 2;
};
shortcuts = {
# Shortcuts are specified as [modifier+][modifier+]...key
# Available modifiers are "ctrl", "mod1" (the alt-key), "mod2",
# "mod3" and "mod4" (windows-key).
# Xev might be helpful to find names for keys.
# Close notification.
close = "ctrl+space";
# Close all notifications.
close_all = "ctrl+shift+space";
# Redisplay last message(s).
# On the US keyboard layout "grave" is normally above TAB and left
# of "1".
#history = "ctrl+grave";
# Context menu.
context = "mod4+u";
};
};
};
# rofi > albert
programs.rofi = {
enable = true;
cycle = true;
package = rofi;
# pass.enable = true;
extraConfig = {
modi = "drun,calc,emoji,combi";
show-icons = true;
#terminal = "alacritty";
terminal = "kitty";
};
};
};
}

11
homes/palo/packages/default.nix
View file

@ -1,11 +0,0 @@
{
imports = [
./development.nix
./graphics.nix
./logseq.nix
./media.nix
./nextcloud.nix
./packages.nix
./social.nix
];
}

153
homes/palo/packages/development.nix
View file

@ -1,153 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with pkgs;
with lib;
{
config = mkMerge [
(mkIf config.gui.enable {
home.packages = [
# general
jetbrains.idea-ultimate
#vscode
zed-editor
minicom # for flipper zero
#jetbrains.mps
#jetbrains.datagrip
# Rust
# ----
#jetbrains.rust-rover
#gcc
#rustup
# Python
# ------
jetbrains.pycharm-professional
# Pkl
# ---
# pkl (not working yet)
# terminal code to image/movie renderer
asciinema
asciinema-agg
asciinema-scenario
carbon-now-cli
termtosvg
vhs
#legacy_2311.blockdiag
# nomad
#nomad
#vault
#consul
#wander
# terraform
terragrunt
terraform
terraform-docs
awscli2
#packer
# documentation renderers
mdbook
zola
mermaid-cli
marp-cli # markdown to presentation framework
#surrealist
#surrealdb # fixme: not working because of rust update or something
boxes
#nodePackages.prettier
#shfmt
#black
#pre-commit
#nixpkgs-fmt
#treefmt
# python
python3Full
pipenv
# qFlipper (not working for some reason)
];
})
{
home.packages =
let
pandocScript =
{ inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \
--to ${outputFormat} \
--standalone \
"$@"
'';
in
[
lnav
tmux
nethogs
netsniff-ng
iftop
# shell
gum
yq-go
gojq
jq
ijq
miller
(pkgs.writers.writeBashBin "ssl-check-cert-of-domain" ''
DOMAIN=$1
echo | \
${pkgs.openssl}/bin/openssl s_client -servername ''${DOMAIN} -connect ''${DOMAIN}:443 2>/dev/null | \
${pkgs.openssl}/bin/openssl x509 -text | \
${pkgs.less}/bin/less
'')
]
++ (map pandocScript (
lib.cartesianProduct {
inputFormat = [
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
}
];
}

40
homes/palo/packages/graphics.nix
View file

@ -1,40 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
config = mkIf config.gui.enable {
home.packages = [
#pureref
gimp
inkscape
imagemagick
blender
lightburn
# to convert HEIC -> JPG
# heif-dec -q 92 <name>.HEIC
libheif
darktable
# CAD & 3D Plotting
openscad
fstl
legacy_2311.cura
qrencode
xclicker
xdotool
];
};
}

23
homes/palo/packages/logseq.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
config = mkIf config.gui.enable {
home.packages = [
pkgs.legacy_2405.logseq
];
#home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
# {
# spellcheck = {
# dictionaries = [ "en-US" "de-DE" ];
# dictionary = "";
# };
# };
};
}

31
homes/palo/packages/media.nix
View file

@ -1,31 +0,0 @@
{
pkgs,
lib,
config,
...
}:
with lib;
{
config = mkMerge [
(mkIf config.gui.enable {
home.packages = [
pkgs.freetube
pkgs.vlc
# music editors
# =============
pkgs.picard # musicbrainz editor
pkgs.easytag
pkgs.dconf
pkgs.jellyfin-mpv-shim
];
})
{
home.packages = [ ];
}
];
}

67
homes/palo/packages/nextcloud.nix
View file

@ -1,67 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
let
nextcloud-client = pkgs.legacy_2311.nextcloud-client;
nextcloudSync =
folder:
let
password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
user = "palo";
in
pkgs.writers.writeBashBin "nextcloud-sync-${folder}" ''
${nextcloud-client}/bin/nextcloudcmd \
--path "${folder}" \
~/Nextcloud/${folder} \
"https://${user}:${password}@nextcloud.ingolf-wagner.de"
'';
borrow = pkgs.writers.writeDashBin "borrow" ''
${getExe hledger-ui} \
--all \
--theme=terminal \
--file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
${getExe gum} confirm \
--affirmative="update" \
--negative="skip" \
--default=false \
"Syncronize with Nextcloud?" && ${getExe (nextcloudSync "Unterlagen")}
'';
in
{
config = mkIf (config.gui.enable) {
home.packages = [
(nextcloudSync "InstantUpload")
(nextcloudSync "Pictures")
(nextcloudSync "Comics")
(nextcloudSync "Unterlagen")
(nextcloudSync "Nähen")
(nextcloudSync "NähenTina")
(nextcloudSync "Video")
(nextcloudSync "Kunstbuch")
(nextcloudSync "Flipper")
(nextcloudSync "AWS-SolutionArchitect-Professional")
borrow
nextcloud-client
];
home.shellAliases = {
schulden = "borrow";
};
};
}

62
homes/palo/packages/packages.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
config = mkIf config.gui.enable {
# ¯\_(ツ)_/¯
home.packages = [
nixos-shell
# bluetooth gui
blueberry
mosquitto
(pkgs.writers.writeBashBin "mqtt-tail" ''
${pkgs.mosquitto}/bin/mosquitto_sub -v \
-h pepe.private \
-u homeassistant \
-P password \
-t "#"
'')
tor-browser-bundle-bin
#(tor-browser-bundle-bin.overrideAttrs (old: rec {
# version = "11.0.1";
# name = "tor-browser-bundle-${version}";
# src = pkgs.fetchurl {
# url = "https://dist.torproject.org/torbrowser/11.0.1/tor-browser-linux64-11.0.1_en-US.tar.xz";
# sha256 = "1ah69jmfgik063f9gkvyv9d4k706pqihmzc4k7cc95zyd17v8wrs";
# };
#}))
scraper
bitwarden
rbw
nginx-config-formatter
yt-dlp
OSCAR
# office
pdfarranger
# sewing
#seamly2d
#valentina
];
};
}

21
homes/palo/packages/social.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
config = mkIf config.gui.enable {
programs.obs-studio.enable = true;
home.packages = [
emoji-picker
signal-desktop
#legacy_2311.fluffychat
#fluffychat
];
};
}

52
homes/palo/ssh.nix
View file

@ -1,52 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
home.packages = [ pkgs.sshuttle ];
programs.ssh.enable = true;
programs.ssh.matchBlocks = {
"*" = {
identityFile = "~/.ssh/mrvandalo_rsa.pub";
identitiesOnly = true;
};
"lassul.us" = {
user = "download";
port = 45621;
};
"*.r" = {
user = "palo";
};
"*.secret" = {
user = "root";
};
"*.private" = {
user = "root";
};
"*.bear" = {
user = "root";
};
"*.lan" = {
user = "root";
};
"github.com" = {
hostname = "ssh.github.com";
user = "root";
};
"es5.siteground.eu" = {
user = "ingolfwa";
port = 18765;
};
"*.onion" = {
user = "root";
};
#"*.compute.amazonaws.com".extraOptions = {
# ProxyCommand = ''
# sh -c "${pkgs.awscli2}/bin/aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
# '';
#};
};
}

30
homes/palo/stylix.nix
View file

@ -1,30 +0,0 @@
{ pkgs, config, ... }:
{
stylix.targets.swaylock.enable = config.gui.enable;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.fonts = {
serif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
sansSerif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes = {
terminal = 10;
};
};
}

54
homes/palo/taskwarrior.nix
View file

@ -1,54 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
#taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
taskwarrior-tui = pkgs.taskwarrior-tui;
taskwarrior = pkgs.taskwarrior3;
in
{
config = mkIf config.gui.enable {
bugwarrior.enable = true;
home.packages = [
pkgs.timewarrior
taskwarrior
pkgs.tasksh
pkgs.taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${taskwarrior}/bin/task "$@"'')
pkgs.vit
taskwarrior-tui
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
(pkgs.writers.writeBashBin "calendar" ''
${taskwarrior}/bin/task calendar
${taskwarrior}/bin/task calendar_report
'')
# todo : belongs to calendar.nix
pkgs.vdirsyncer
pkgs.khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
];
};
}

14
homes/palo/tmux.nix
View file

@ -1,14 +0,0 @@
{ pkgs, ... }:
with pkgs;
{
programs.tmux = {
enable = true;
aggressiveResize = true;
baseIndex = 1;
clock24 = true;
historyLimit = 150000;
keyMode = "vi";
mouse = true;
secureSocket = true;
};
}

13
homes/palo/zellij.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }:
with pkgs;
{
programs.zellij = {
enable = true;
# zsh will automatically start in zelllij
#enableZshIntegration = true;
settings = {
on_force_close = "quit";
};
};
}

10
homes/root/default.nix
View file

@ -1,10 +0,0 @@
{
imports = [
../common
];
gui.enable = false;
home.stateVersion = "22.11";
}

Some files were not shown because too many files have changed in this diff Show more