Compare commits
1 Commits
main
...
feature/ha
Author | SHA1 | Date |
---|---|---|
Ingolf Wagner | 7a371654de |
|
@ -33,3 +33,4 @@ My overlay is in here.
|
|||
### assets
|
||||
|
||||
assets, like scripts which I dont want to write in nix-lang.
|
||||
|
||||
|
|
1064
flake.lock
1064
flake.lock
File diff suppressed because it is too large
Load Diff
480
flake.nix
480
flake.nix
|
@ -1,36 +1,45 @@
|
|||
{
|
||||
inputs = {
|
||||
|
||||
description = "my krops file";
|
||||
|
||||
inputs = {
|
||||
secrets = {
|
||||
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
|
||||
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
|
||||
flake = false;
|
||||
};
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
nixpkgs-legacy_2305.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
||||
nixpkgs-legacy_2205.url = "github:nixos/nixpkgs/nixos-22.05";
|
||||
nixpkgs-legacy_2105.url = "github:nixos/nixpkgs/nixos-21.05";
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
||||
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-23.11";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-22.11";
|
||||
# colmena
|
||||
# -------
|
||||
colmena = {
|
||||
url = "github:zhaofengli/colmena";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||
polygon-art = {
|
||||
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
||||
};
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
emacs-overlay = {
|
||||
url = "github:nix-community/emacs-overlay";
|
||||
flake = false;
|
||||
};
|
||||
doom-emacs-nix = {
|
||||
url = "github:nix-community/nix-doom-emacs";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
#inputs.emacs-overlay.follows = "emacs-overlay";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager/release-22.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager-utils = {
|
||||
url = "github:mrvandalo/home-manager-utils";
|
||||
inputs.home-manager.follows = "home-manager";
|
||||
};
|
||||
cluster-module = {
|
||||
url = "github:mrvandalo/module.cluster";
|
||||
#url = "git+file:///home/palo/dev/nixos/module.cluster";
|
||||
};
|
||||
nixpkgs-fmt = {
|
||||
url = "github:nix-community/nixpkgs-fmt";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -45,180 +54,98 @@
|
|||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
private_assets = {
|
||||
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
|
||||
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
||||
flake = true;
|
||||
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
||||
flake = false;
|
||||
};
|
||||
retiolum = {
|
||||
url = "github:Mic92/retiolum";
|
||||
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
||||
url = "github:krebs/retiolum";
|
||||
flake = false;
|
||||
};
|
||||
srvos.url = "github:nix-community/srvos";
|
||||
srvos_nixpkgs.follows = "srvos/nixpkgs";
|
||||
landingpage = {
|
||||
#url = "git+file:///home/palo/dev/landingpage";
|
||||
url = "github:mrVanDalo/landingpage";
|
||||
};
|
||||
kmonad = {
|
||||
url = "github:kmonad/kmonad?dir=nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
disko = {
|
||||
url = "github:nix-community/disko";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
dns = {
|
||||
url = "github:kirelagin/dns.nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
nixinate.url = "github:matthewcroughan/nixinate";
|
||||
stylix = {
|
||||
#url = "github:danth/stylix?ref=35cab8eb76c1d3672b2b290a64f357847c30d090";
|
||||
url = "github:danth/stylix/release-23.11";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
inputs.home-manager.follows = "home-manager";
|
||||
};
|
||||
smoke = {
|
||||
url = github:SamirTalwar/smoke;
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
taskshell = {
|
||||
url = "github:mrvandalo/taskshell";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
|
||||
};
|
||||
|
||||
outputs =
|
||||
{ self
|
||||
, disko
|
||||
, dns
|
||||
, cluster-module
|
||||
, colmena
|
||||
, doom-emacs-nix
|
||||
, emacs-overlay
|
||||
, grocy-scanner
|
||||
, home-manager
|
||||
, home-manager-utils
|
||||
, kmonad
|
||||
, landingpage
|
||||
, nixinate
|
||||
, nixos-anywhere
|
||||
, nixos-hardware
|
||||
, nixpkgs
|
||||
, nixpkgs-fmt
|
||||
, nixpkgs-legacy_2105
|
||||
, nixpkgs-legacy_2205
|
||||
, nixpkgs-legacy_2211
|
||||
, nixpkgs-legacy_2305
|
||||
, nixpkgs-unstable
|
||||
, overviewer
|
||||
, permown
|
||||
, polygon-art
|
||||
, private_assets
|
||||
, retiolum
|
||||
, permown
|
||||
, secrets
|
||||
, srvos
|
||||
, srvos_nixpkgs
|
||||
, smoke
|
||||
, sops-nix
|
||||
, stylix
|
||||
, taskshell
|
||||
, retiolum
|
||||
, landingpage
|
||||
}:
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
inherit (nixpkgs) lib;
|
||||
|
||||
|
||||
meta = { nixpackages ? nixpkgs }: rec {
|
||||
system = "x86_64-linux";
|
||||
pkgs = import nixpackages {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
config.permittedInsecurePackages = [
|
||||
"python-2.7.18.6"
|
||||
"python-2.7.18.7"
|
||||
"electron-24.8.6" # for bitwarden
|
||||
];
|
||||
|
||||
overlays = [
|
||||
(_self: _super: {
|
||||
unstable = import nixpkgs-unstable {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
legacy_2211 = import nixpkgs-legacy_2211 { inherit system; };
|
||||
legacy_2205 = import nixpkgs-legacy_2205 { inherit system; };
|
||||
legacy_2105 = nixpkgs-legacy_2105 { inherit system; };
|
||||
legacy_2305 = nixpkgs-legacy_2105 { inherit system; };
|
||||
polygon-art = polygon-art.packages.${system};
|
||||
landingpage = landingpage.packages.${system}.plain;
|
||||
kmonad = kmonad.packages.${system}.kmonad;
|
||||
tasksh = taskshell.packages.${system}.tasksh;
|
||||
overviewer = overviewer.packages.${system}.overviewer;
|
||||
smoke = smoke.packages.${system}.default;
|
||||
})
|
||||
(import ./nixos/pkgs)
|
||||
];
|
||||
};
|
||||
specialArgs = {
|
||||
inherit private_assets;
|
||||
assets = ./nixos/assets;
|
||||
};
|
||||
};
|
||||
|
||||
# todo : why redefine it?
|
||||
# Mic92 means, is not needed anymore
|
||||
nixosSystem = args:
|
||||
(lib.makeOverridable lib.nixosSystem)
|
||||
(lib.recursiveUpdate args {
|
||||
modules =
|
||||
args.modules
|
||||
++ [
|
||||
{
|
||||
config.nixpkgs.pkgs = lib.mkDefault args.pkgs;
|
||||
config.nixpkgs.localSystem = lib.mkDefault args.pkgs.stdenv.hostPlatform;
|
||||
}
|
||||
];
|
||||
});
|
||||
|
||||
nixosConfigurationSetup =
|
||||
{ name
|
||||
, host ? "${name}.private"
|
||||
, modules
|
||||
, nixpackages ? nixpkgs
|
||||
}:
|
||||
nixosSystem {
|
||||
inherit (meta { nixpackages = nixpackages; }) system specialArgs pkgs;
|
||||
modules = modules ++ defaultModules ++ [
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = host;
|
||||
sshUser = "root";
|
||||
buildOn = "remote"; # valid args are "local" or "remote"
|
||||
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
|
||||
#hermetic = false; # ??? don't know what this is
|
||||
nixOptions = [ "--max-jobs 1" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
imports = [
|
||||
./nixos/machines/${name}/configuration.nix
|
||||
(sopsModule name)
|
||||
];
|
||||
}
|
||||
pullNetworkPasswords = pkgs.writers.writeBashBin "pull-network-passwords" ''
|
||||
# collect all network configurations and save them in the store
|
||||
sudo ls /etc/NetworkManager/system-connections \
|
||||
| while read file
|
||||
do
|
||||
sudo cat "/etc/NetworkManager/system-connections/$file" \
|
||||
| ${pkgs.pass}/bin/pass insert -m "krops/desktop_secrets/network-manager/system-connections/$file"
|
||||
done
|
||||
'';
|
||||
pushNetworkPasswords = pkgs.writers.writeBashBin "push-network-passwords" ''
|
||||
echo "push network passwords to $1"
|
||||
'';
|
||||
in
|
||||
{
|
||||
# colmena
|
||||
devShell.${system} =
|
||||
pkgs.mkShell {
|
||||
buildInputs = [
|
||||
colmena.packages.${system}.colmena
|
||||
pushNetworkPasswords
|
||||
pullNetworkPasswords
|
||||
nixpkgs-fmt.defaultPackage.${system}
|
||||
];
|
||||
};
|
||||
|
||||
defaultModules = [
|
||||
colmena =
|
||||
let
|
||||
sopsModule = name: { lib, ... }: {
|
||||
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
|
||||
imports = [
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
# todo : find out what this is?
|
||||
# make flake inputs accessiable in NixOS
|
||||
_module.args.self = self;
|
||||
_module.args.inputs = self.inputs;
|
||||
}
|
||||
({ pkgs, lib, ... }:
|
||||
{
|
||||
# todo : check if this is still needed
|
||||
|
||||
meta = {
|
||||
nixpkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
overlays = [
|
||||
(_self: _super: {
|
||||
# we assign the overlay created before to the overlays of nixpkgs.
|
||||
unstable = nixpkgs-unstable.legacyPackages.${pkgs.system};
|
||||
polygon-art = polygon-art.packages.${pkgs.system};
|
||||
landingpage = landingpage.packages.${pkgs.system}.plain;
|
||||
})
|
||||
];
|
||||
};
|
||||
specialArgs = {
|
||||
inherit private_assets retiolum;
|
||||
};
|
||||
};
|
||||
|
||||
defaults = { name, pkgs, ... }: {
|
||||
deployment.buildOnTarget = true;
|
||||
nix = {
|
||||
# no channesl needed this way
|
||||
nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||
|
@ -228,176 +155,101 @@
|
|||
experimental-features = nix-command flakes
|
||||
'';
|
||||
};
|
||||
})
|
||||
{ nix.settings.substituters = [ "https://cache.nixos.org/" ]; }
|
||||
{
|
||||
boot.tmp.useTmpfs = lib.mkDefault true;
|
||||
environment.systemPackages = [ nixpkgs-fmt.defaultPackage.${system} ];
|
||||
imports = [
|
||||
permown.nixosModules.permown
|
||||
disko.nixosModules.disko
|
||||
kmonad.nixosModules.default
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
homeManagerModules = { config, ... }: {
|
||||
imports = [
|
||||
home-manager.nixosModules.home-manager
|
||||
stylix.nixosModules.stylix
|
||||
];
|
||||
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
|
||||
stylix.image = ./nixos/assets/wallpaper.png;
|
||||
stylix.fonts = {
|
||||
serif = {
|
||||
package = pkgs.ubuntu_font_family;
|
||||
name = "Ubuntu";
|
||||
environment.systemPackages = [
|
||||
nixpkgs-fmt.defaultPackage.${system}
|
||||
colmena.packages.${system}.colmena
|
||||
];
|
||||
imports = [
|
||||
./nixos/machines/${name}/configuration.nix
|
||||
cluster-module.nixosModules.tinc
|
||||
(sopsModule name)
|
||||
home-manager.nixosModules.home-manager
|
||||
permown.nixosModules.permown
|
||||
];
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
};
|
||||
sansSerif = {
|
||||
package = pkgs.ubuntu_font_family;
|
||||
name = "Ubuntu";
|
||||
|
||||
sterni = { name, nodes, pkgs, ... }: {
|
||||
deployment.allowLocalDeployment = true;
|
||||
deployment.targetHost = "${name}.private";
|
||||
deployment.tags = [ "desktop" "online" "private" ];
|
||||
imports = [
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
home-manager.users.mainUser = {
|
||||
imports = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
];
|
||||
};
|
||||
};
|
||||
monospace = {
|
||||
package = pkgs.jetbrains-mono;
|
||||
name = "JetBrains Mono";
|
||||
|
||||
sternchen = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "${name}.secret";
|
||||
deployment.tags = [ "desktop" ];
|
||||
imports = [
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
home-manager.users.mainUser = {
|
||||
imports = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
];
|
||||
programs.doom-emacs.enable = false;
|
||||
};
|
||||
};
|
||||
emoji = {
|
||||
package = pkgs.noto-fonts-emoji;
|
||||
name = "Noto Color Emoji";
|
||||
};
|
||||
sizes.popups = 15;
|
||||
};
|
||||
|
||||
home-manager.extraSpecialArgs = {
|
||||
inherit private_assets;
|
||||
assets = ./nixos/assets;
|
||||
};
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.sharedModules = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
{ stylix.targets.bemenu.enable = false; }
|
||||
];
|
||||
home-manager.users.mainUser.home.stateVersion = "22.11";
|
||||
home-manager.users.root.home.stateVersion = "22.11";
|
||||
};
|
||||
|
||||
sopsModule = name: { lib, ... }: {
|
||||
imports = [ sops-nix.nixosModules.sops ];
|
||||
sops.defaultSopsFile = lib.mkForce "${secrets}/secrets/${name}.yaml";
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
devShells.${system}.default =
|
||||
pkgs.mkShell {
|
||||
buildInputs = [
|
||||
nixpkgs-fmt.defaultPackage.${system}
|
||||
nixos-anywhere.packages.${system}.nixos-anywhere
|
||||
];
|
||||
};
|
||||
|
||||
apps = nixinate.nixinate.x86_64-linux self;
|
||||
|
||||
packages = with nixpkgs.lib; {
|
||||
${system} =
|
||||
let
|
||||
vms = mapAttrs'
|
||||
(host: sys: {
|
||||
name = "vm-${host}";
|
||||
value = sys.config.system.build.vm;
|
||||
})
|
||||
self.nixosConfigurations;
|
||||
sds = mapAttrs'
|
||||
(host: sys: {
|
||||
name = "sd-${host}";
|
||||
value = sys.config.system.build.sdImage;
|
||||
})
|
||||
(filterAttrs
|
||||
(n: hasAttrByPath [ "config" "system" "build" "sdImage" ])
|
||||
self.nixosConfigurations);
|
||||
in
|
||||
vms // sds;
|
||||
};
|
||||
|
||||
nixosConfigurations =
|
||||
{
|
||||
sternchen = nixosConfigurationSetup {
|
||||
name = "sternchen";
|
||||
host = "sternchen.secret";
|
||||
#host = "192.168.178.25";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
||||
homeManagerModules
|
||||
pepe = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "${name}.private";
|
||||
deployment.tags = [ "server" "online" "private" ];
|
||||
imports = [
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
};
|
||||
cream = nixosConfigurationSetup {
|
||||
name = "cream";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.framework-12th-gen-intel
|
||||
retiolum.nixosModules.retiolum
|
||||
private_assets.nixosModules.cream
|
||||
homeManagerModules
|
||||
{ home-manager.users.mainUser.gui.enable = true; }
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
}
|
||||
|
||||
robi = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "${name}.private";
|
||||
deployment.tags = [ "server" "online" "private" ];
|
||||
imports = [
|
||||
];
|
||||
};
|
||||
cherry = nixosConfigurationSetup {
|
||||
name = "cherry";
|
||||
modules = [
|
||||
nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||
homeManagerModules
|
||||
{ home-manager.users.mainUser.gui.enable = true; }
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
}
|
||||
|
||||
bobi = { name, nodes, pkgs, ... }: {
|
||||
#deployment.targetHost = "${name}.private";
|
||||
deployment.targetHost = "localhost";
|
||||
deployment.targetPort = 2222;
|
||||
deployment.tags = [ "desktop" "usb" "private" ];
|
||||
imports = [
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
home-manager.users.mainUser = {
|
||||
imports = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
];
|
||||
};
|
||||
};
|
||||
chungus = nixosConfigurationSetup {
|
||||
name = "chungus";
|
||||
modules = [
|
||||
homeManagerModules
|
||||
retiolum.nixosModules.retiolum
|
||||
private_assets.nixosModules.chungus
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
}
|
||||
];
|
||||
};
|
||||
orbi = nixosConfigurationSetup {
|
||||
name = "orbi";
|
||||
host = "95.216.66.212";
|
||||
modules = [
|
||||
homeManagerModules
|
||||
srvos.nixosModules.hardware-hetzner-online-intel
|
||||
srvos.nixosModules.server
|
||||
srvos.nixosModules.mixins-terminfo
|
||||
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
}
|
||||
];
|
||||
};
|
||||
robi = nixosConfigurationSetup {
|
||||
name = "robi";
|
||||
modules = [
|
||||
homeManagerModules
|
||||
{ home-manager.sharedModules = [{ programs.doom-emacs.enable = false; }]; }
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
}
|
||||
|
||||
mobi = { name, nodes, pkgs, ... }: {
|
||||
deployment.targetHost = "${name}.private";
|
||||
deployment.tags = [ "desktop" "usb" "private" ];
|
||||
imports = [
|
||||
grocy-scanner.nixosModule
|
||||
];
|
||||
home-manager.users.mainUser = {
|
||||
imports = [
|
||||
doom-emacs-nix.hmModule
|
||||
home-manager-utils.hmModule
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
}
|
||||
{
|
||||
# installed packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
#style
|
||||
most
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
|
||||
imports =
|
||||
[
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
|
||||
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
|
||||
(import ./disko-config.nix { })
|
||||
];
|
||||
|
||||
networking.hostName = "nixos";
|
||||
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
# head -c4 /dev/urandom | od -A none -t x4
|
||||
networking.hostId = "4750e4b8";
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
vim
|
||||
wget
|
||||
htop
|
||||
silver-searcher
|
||||
];
|
||||
|
||||
environment.extraInit = ''
|
||||
# use vi shortcuts
|
||||
# ----------------
|
||||
set -o vi
|
||||
EDITOR=vim
|
||||
'';
|
||||
|
||||
services.openssh.enable = true;
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
|
||||
|
||||
}
|
|
@ -1,18 +1,19 @@
|
|||
# remote installation iso
|
||||
|
||||
- `./config.nix` : to generate the installation image
|
||||
- `./remote-service.nix` : tor configuration you have to start on your machine.
|
||||
* `./config.nix` : to generate the installation image
|
||||
* `./remote-service.nix` : tor configuration you have to start on your machine.
|
||||
|
||||
|
||||
## Steps
|
||||
|
||||
- import `./remote-service.nix` in your `/etc/nixos/configuration.nix`
|
||||
- `nixos-rebuild switch`
|
||||
- run `remote-install-get-hiddenReceiver` and enter the result in `./config.nix` as `hiddenReceiver`
|
||||
- set the public key in `./config.nix`
|
||||
- run `nixos-generate -f install-iso -c ./config.nix`
|
||||
- prepare the usb stick : `sudo if=<path of the iso> of=/dev/<device> bs=4096`
|
||||
- boot the usb-stick at the new machine
|
||||
- run `remote-install-start-service`
|
||||
- after some time you will see a you can use to login to the new machine.
|
||||
* import `./remote-service.nix` in your `/etc/nixos/configuration.nix`
|
||||
* `nixos-rebuild switch`
|
||||
* run `remote-install-get-hiddenReceiver` and enter the result in `./config.nix` as `hiddenReceiver`
|
||||
* set the public key in `./config.nix`
|
||||
* run `nixos-generate -f install-iso -c ./config.nix`
|
||||
* prepare the usb stick : `sudo if=<path of the iso> of=/dev/<device> bs=4096`
|
||||
* boot the usb-stick at the new machine
|
||||
* run `remote-install-start-service`
|
||||
* after some time you will see a you can use to login to the new machine.
|
||||
|
||||
Now you can do the normal installations procedure.
|
||||
|
|
|
@ -32,3 +32,4 @@ nix-shell -I nixpkgs=channel:nixos-unstable -p nixos-generators
|
|||
iptables -F # kill firewall
|
||||
python -m http.server 80 # nix-shell -p python3Full
|
||||
```
|
||||
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
'';
|
||||
|
||||
networking.hostName = "translate";
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
programs.bash = {
|
||||
enableCompletion = true;
|
||||
|
|
|
@ -49,7 +49,7 @@
|
|||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -2,12 +2,12 @@
|
|||
|
||||
## reset password
|
||||
|
||||
- use `sfdisk -l` to list partitions
|
||||
- find the partition which holds `Windows/System32/config`
|
||||
- mount it `mkdir -p /media/sda2; mount /dev/sda2 /media/sda2`
|
||||
- `cd /media/sda2/Windows/System32/config`
|
||||
- list SAM database `chntpw -l SAM`
|
||||
- edit SAM database `chntpw -i SAM`
|
||||
- reboot
|
||||
* use `sfdisk -l` to list partitions
|
||||
* find the partition which holds `Windows/System32/config`
|
||||
* mount it `mkdir -p /media/sda2; mount /dev/sda2 /media/sda2`
|
||||
* `cd /media/sda2/Windows/System32/config`
|
||||
* list SAM database `chntpw -l SAM`
|
||||
* edit SAM database `chntpw -i SAM`
|
||||
* reboot
|
||||
|
||||
more details [here](https://opensource.com/article/18/3/how-reset-windows-password-linux).
|
||||
|
|
|
@ -0,0 +1,2 @@
|
|||
venv
|
||||
**/__pycache__
|
|
@ -0,0 +1,147 @@
|
|||
import time
|
||||
from enum import Enum
|
||||
from typing import Dict
|
||||
|
||||
import paho.mqtt.client as mqtt
|
||||
import json
|
||||
import threading
|
||||
|
||||
scene = "up-dark"
|
||||
|
||||
|
||||
class Position(Enum):
|
||||
UP = 1
|
||||
DOWN = 2
|
||||
HALF = 3
|
||||
|
||||
|
||||
class Fyrtur:
|
||||
def __init__(self, topic, top, bottom):
|
||||
self.topic = topic
|
||||
self.top = top
|
||||
self.bottom = bottom
|
||||
self.current_position = 100
|
||||
self.wanted_position = 100
|
||||
|
||||
def update_position(self, payload):
|
||||
self.current_position = payload["position"]
|
||||
|
||||
def needs_publish(self):
|
||||
return self.wanted_position != self.current_position
|
||||
|
||||
def topic_and_payload_for_set(self):
|
||||
payload = {"position": self.wanted_position}
|
||||
return ("%s/set" % self.topic), json.dumps(payload)
|
||||
|
||||
|
||||
class FyrturWatcher:
|
||||
def __init__(self, fyrturs: Dict[str, Fyrtur]):
|
||||
self.fyrturs = fyrturs
|
||||
|
||||
def get_topics(self):
|
||||
return [fyrtur.topic for fyrtur in self.fyrturs.values()]
|
||||
|
||||
def update_position(self, topic, payload):
|
||||
for fyrtur in self.fyrturs.values():
|
||||
if fyrtur.topic == topic:
|
||||
fyrtur.update_position(payload)
|
||||
return
|
||||
|
||||
def update(self, name, position: Position):
|
||||
fyrtur: Fyrtur = self.fyrturs.get(name)
|
||||
if position == Position.UP:
|
||||
fyrtur.wanted_position = fyrtur.top
|
||||
elif position == Position.DOWN:
|
||||
fyrtur.wanted_position = fyrtur.bottom
|
||||
elif position == Position.HALF:
|
||||
fyrtur.wanted_position = round(
|
||||
(fyrtur.top - fyrtur.bottom) / 2 + fyrtur.bottom
|
||||
)
|
||||
|
||||
def publish(self, client):
|
||||
for fyrtur in self.fyrturs.values():
|
||||
if fyrtur.needs_publish():
|
||||
topic, payload = fyrtur.topic_and_payload_for_set()
|
||||
client.publish(topic, payload)
|
||||
time.sleep(2)
|
||||
|
||||
|
||||
watcher = FyrturWatcher(
|
||||
{
|
||||
"office1": Fyrtur(topic="zigbee2mqtt/office_fyrtur_1", top=100, bottom=16),
|
||||
"office2": Fyrtur(topic="zigbee2mqtt/office_fyrtur_2", top=100, bottom=22),
|
||||
"bedroom": Fyrtur(topic="zigbee2mqtt/bedroom_fyrtur_1", top=100, bottom=16),
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
# The callback for when the client receives a CONNACK response from the server.
|
||||
def on_connect(client, _userdata, _flags, rc):
|
||||
print("Connected with result code " + str(rc))
|
||||
|
||||
threading.Thread(target=loop_thread, args=(client,), daemon=True).start()
|
||||
|
||||
# Subscribing in on_connect() means that if we lose the connection and
|
||||
# reconnect then subscriptions will be renewed.
|
||||
client.subscribe("control/lights/set")
|
||||
for topic in watcher.get_topics():
|
||||
client.subscribe(topic)
|
||||
|
||||
|
||||
# The callback for when a PUBLISH message is received from the server.
|
||||
def on_message(client, _userdata, msg):
|
||||
global scene
|
||||
(topic, payload) = parse_message(msg)
|
||||
if topic == "control/lights/set":
|
||||
print("set scene %s -> %s" % (scene, payload["scene"]))
|
||||
scene = payload["scene"]
|
||||
update_scene(client)
|
||||
else:
|
||||
print("got %s" % topic)
|
||||
watcher.update_position(topic, payload)
|
||||
|
||||
|
||||
def parse_message(msg):
|
||||
m_decode = str(msg.payload.decode("utf-8", "ignore"))
|
||||
payload = json.loads(m_decode) # decode json data
|
||||
return msg.topic, payload
|
||||
|
||||
|
||||
def update_scene(client):
|
||||
if scene in ["night", "down"]:
|
||||
watcher.update("office1", Position.DOWN)
|
||||
watcher.update("office2", Position.DOWN)
|
||||
watcher.update("bedroom", Position.DOWN)
|
||||
elif scene in ["default", "up-bright", "up-dark", "outside"]:
|
||||
watcher.update("office1", Position.UP)
|
||||
watcher.update("office2", Position.UP)
|
||||
watcher.update("bedroom", Position.UP)
|
||||
elif scene in ["half"]:
|
||||
watcher.update("office1", Position.HALF)
|
||||
watcher.update("office2", Position.HALF)
|
||||
watcher.update("bedroom", Position.HALF)
|
||||
else:
|
||||
watcher.update("office1", Position.UP)
|
||||
watcher.update("office2", Position.UP)
|
||||
watcher.update("bedroom", Position.UP)
|
||||
|
||||
watcher.publish(client)
|
||||
|
||||
|
||||
def loop_thread(client):
|
||||
while True:
|
||||
watcher.publish(client)
|
||||
time.sleep(120)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
mqttClient = mqtt.Client()
|
||||
mqttClient.on_connect = on_connect
|
||||
mqttClient.on_message = on_message
|
||||
mqttClient.username_pw_set("homeassistant", password="password")
|
||||
mqttClient.connect("pepe.private", 1883, 60)
|
||||
# Blocking call that processes network traffic, dispatches callbacks and
|
||||
# handles reconnecting.
|
||||
# Other loop*() functions are available that give a threaded interface and a
|
||||
# manual interface.
|
||||
mqttClient.loop_forever()
|
|
@ -0,0 +1,170 @@
|
|||
import json
|
||||
import paho.mqtt.client as mqtt
|
||||
import threading
|
||||
import time
|
||||
from typing import Dict
|
||||
|
||||
|
||||
class Heater:
|
||||
def __init__(self, topic):
|
||||
self.not_initialized_yet = True
|
||||
self.wanted_temperature = 14
|
||||
self.actual_temperature = 14
|
||||
self.topic = topic
|
||||
|
||||
def needs_publish(self):
|
||||
if self.not_initialized_yet:
|
||||
return True
|
||||
else:
|
||||
return self.wanted_temperature != self.actual_temperature
|
||||
|
||||
def update_actual_heating_point(self, payload):
|
||||
heating_setpoint = int(payload["current_heating_setpoint"])
|
||||
if self.not_initialized_yet:
|
||||
self.not_initialized_yet = False
|
||||
self.wanted_temperature = heating_setpoint
|
||||
print(
|
||||
"%s: update wanted temperature %d"
|
||||
% (self.topic, self.actual_temperature)
|
||||
)
|
||||
self.actual_temperature = heating_setpoint
|
||||
print(
|
||||
"%s: update actual temperature %d" % (self.topic, self.actual_temperature)
|
||||
)
|
||||
|
||||
def topic_and_payload_for_query(self):
|
||||
payload = {
|
||||
"current_heating_setpoint": "",
|
||||
"occupied_heating_setpoint": "",
|
||||
"unoccupied_heating_setpoint": "",
|
||||
"local_temperature": "",
|
||||
# "pi_heating_demand": "",
|
||||
# "system_mode": "",
|
||||
}
|
||||
return ("%s/get" % self.topic), json.dumps(payload)
|
||||
|
||||
def topic_and_payload_for_set(self):
|
||||
payload = {
|
||||
"system_mode": "auto",
|
||||
# "current_heating_setpoint": str(self.wanted_temperature),
|
||||
"occupied_heating_setpoint": str(self.wanted_temperature),
|
||||
"unoccupied_heating_setpoint": str(self.wanted_temperature),
|
||||
"eurotronic_host_flags": {"window_open": True},
|
||||
}
|
||||
return ("%s/set" % self.topic), json.dumps(payload)
|
||||
|
||||
|
||||
class Watcher:
|
||||
def __init__(self, heater: Dict[str, Heater]):
|
||||
self.heater = heater
|
||||
|
||||
def publish(self, client):
|
||||
for heater in self.heater.values():
|
||||
if heater.needs_publish():
|
||||
topic, payload = heater.topic_and_payload_for_set()
|
||||
client.publish(topic, payload)
|
||||
time.sleep(2)
|
||||
|
||||
def update(self, name, temperature):
|
||||
heater: Heater = self.heater.get(name)
|
||||
heater.wanted_temperature = temperature
|
||||
|
||||
def get_topics(self):
|
||||
return [heater.topic for heater in self.heater.values()]
|
||||
|
||||
def update_actual_heating_point_for_topic(self, topic, payload):
|
||||
for heater in self.heater.values():
|
||||
if heater.topic == topic:
|
||||
heater.update_actual_heating_point(payload)
|
||||
return
|
||||
|
||||
def pull_values(self, client):
|
||||
for heater in self.heater.values():
|
||||
topic, payload = heater.topic_and_payload_for_query()
|
||||
client.publish(topic, payload)
|
||||
|
||||
|
||||
scene = "default"
|
||||
|
||||
watcher = Watcher(
|
||||
{
|
||||
"office1": Heater(topic="zigbee2mqtt/office_heater_1"),
|
||||
"office2": Heater(topic="zigbee2mqtt/office_heater_2"),
|
||||
"bedroom": Heater(topic="zigbee2mqtt/bedroom_heater_1"),
|
||||
"storage": Heater(topic="zigbee2mqtt/storage_heater_1"),
|
||||
}
|
||||
)
|
||||
|
||||
|
||||
# The callback for when the client receives a CONNACK response from the server.
|
||||
def on_connect(client, _userdata, _flags, rc):
|
||||
print("Connected with result code " + str(rc))
|
||||
|
||||
threading.Thread(target=loop_thread, args=(client,), daemon=True).start()
|
||||
|
||||
# Subscribing in on_connect() means that if we lose the connection and
|
||||
# reconnect then subscriptions will be renewed.
|
||||
client.subscribe("control/lights/set")
|
||||
for topic in watcher.get_topics():
|
||||
client.subscribe(topic)
|
||||
watcher.pull_values(client)
|
||||
|
||||
|
||||
# The callback for when a PUBLISH message is received from the server.
|
||||
def on_message(client, _userdata, msg):
|
||||
global scene
|
||||
(topic, payload) = parse_message(msg)
|
||||
if topic == "control/lights/set":
|
||||
print("set scene %s -> %s" % (scene, payload["scene"]))
|
||||
scene = payload["scene"]
|
||||
update_scene(client)
|
||||
else:
|
||||
print("got %s" % topic)
|
||||
watcher.update_actual_heating_point_for_topic(topic, payload)
|
||||
|
||||
|
||||
def parse_message(msg):
|
||||
m_decode = str(msg.payload.decode("utf-8", "ignore"))
|
||||
payload = json.loads(m_decode) # decode json data
|
||||
return msg.topic, payload
|
||||
|
||||
|
||||
def update_scene(client):
|
||||
if scene in ["night", "outside"]:
|
||||
watcher.update("office1", 14)
|
||||
watcher.update("office2", 14)
|
||||
watcher.update("bedroom", 14)
|
||||
watcher.update("storage", 14)
|
||||
elif scene in ["default", "up-bright", "up-dark", "half", "down"]:
|
||||
watcher.update("office1", 25)
|
||||
watcher.update("office2", 25)
|
||||
watcher.update("bedroom", 18)
|
||||
watcher.update("storage", 18)
|
||||
else:
|
||||
watcher.update("office1", 14)
|
||||
watcher.update("office2", 14)
|
||||
watcher.update("bedroom", 14)
|
||||
watcher.update("storage", 14)
|
||||
|
||||
watcher.publish(client)
|
||||
|
||||
|
||||
def loop_thread(client):
|
||||
while True:
|
||||
watcher.publish(client)
|
||||
watcher.pull_values(client)
|
||||
time.sleep(120)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
mqttClient = mqtt.Client()
|
||||
mqttClient.on_connect = on_connect
|
||||
mqttClient.on_message = on_message
|
||||
mqttClient.username_pw_set("homeassistant", password="password")
|
||||
mqttClient.connect("pepe.private", 1883, 60)
|
||||
|
||||
# Blocking call that processes network traffic, dispatches callbacks and
|
||||
# handles reconnecting.
|
||||
# Other loop*() functions are available that give a threaded interface and a
|
||||
# manual interface.
|
||||
mqttClient.loop_forever()
|
|
@ -0,0 +1 @@
|
|||
paho-mqtt
|
|
@ -0,0 +1,20 @@
|
|||
{ pkgs ? import <nixpkgs> { } }:
|
||||
let
|
||||
|
||||
myPython = pkgs.python3.withPackages
|
||||
(python-packages: with python-packages; [ paho-mqtt ]);
|
||||
|
||||
startServer = pkgs.writers.writeBashBin "start-server" ''
|
||||
${myPython}/bin/python ./heater.py
|
||||
'';
|
||||
|
||||
reformat = pkgs.writers.writeBashBin "reformat" ''
|
||||
${pkgs.black}/bin/black --exclude venv ${toString ./.}
|
||||
'';
|
||||
|
||||
in
|
||||
pkgs.mkShell {
|
||||
|
||||
buildInputs = with pkgs; [ myPython startServer reformat ];
|
||||
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
From 4797a2f62ab3d2716d313aa4a3170ba9672a93b6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
|
||||
Date: Fri, 22 Mar 2024 08:46:07 +0100
|
||||
Subject: [PATCH] make atuin on zfs fast again
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
|
||||
---
|
||||
atuin-client/src/database.rs | 4 ++--
|
||||
atuin-client/src/record/sqlite_store.rs | 2 ++
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/atuin-client/src/database.rs b/atuin-client/src/database.rs
|
||||
index b0bcae31..d8db492b 100644
|
||||
--- a/atuin-client/src/database.rs
|
||||
+++ b/atuin-client/src/database.rs
|
||||
@@ -137,9 +137,9 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
|
||||
}
|
||||
|
||||
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
|
||||
- .journal_mode(SqliteJournalMode::Wal)
|
||||
+ .journal_mode(SqliteJournalMode::Memory)
|
||||
.optimize_on_close(true, None)
|
||||
- .synchronous(SqliteSynchronous::Normal)
|
||||
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
|
||||
.with_regexp()
|
||||
.create_if_missing(true);
|
||||
|
||||
diff --git a/atuin-client/src/record/sqlite_store.rs b/atuin-client/src/record/sqlite_store.rs
|
||||
index 6333bb27..1f25a55b 100644
|
||||
--- a/atuin-client/src/record/sqlite_store.rs
|
||||
+++ b/atuin-client/src/record/sqlite_store.rs
|
||||
@@ -42,6 +42,8 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
|
||||
|
||||
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
|
||||
.journal_mode(SqliteJournalMode::Wal)
|
||||
+ .journal_mode(SqliteJournalMode::Memory)
|
||||
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
|
||||
.foreign_keys(true)
|
||||
.create_if_missing(true);
|
||||
|
||||
--
|
||||
2.43.1
|
Binary file not shown.
|
@ -1,10 +1,8 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -e
|
||||
|
||||
defaultDevice=PCH
|
||||
|
||||
start_jack() {
|
||||
start_jack(){
|
||||
|
||||
internal_device_number=-1
|
||||
komplete_device_number=$(aplay -l | grep Vestax | cut -d":" -f1 | cut -d" " -f2)
|
||||
|
@ -41,27 +39,30 @@ start_jack() {
|
|||
#
|
||||
# to find configuration options do
|
||||
# jack_control dp
|
||||
if [[ $device_number -eq -1 ]]; then
|
||||
if [[ $device_number -eq -1 ]]
|
||||
then
|
||||
# we use alsa in reality, but pulse opens up all the pulse
|
||||
# sink and source stuff
|
||||
# jack_control ds pulse # not working for some reason
|
||||
jack_control ds alsa
|
||||
jack_control dps device hw:$defaultDevice
|
||||
else
|
||||
jack_control ds alsa
|
||||
jack_control dps device "hw:$device_number" # use usb card
|
||||
jack_control ds alsa
|
||||
jack_control dps device hw:$device_number # use usb card
|
||||
fi
|
||||
|
||||
jack_control dps duplex True # record and playback ports
|
||||
jack_control dps hwmon False # no hardware monitoring
|
||||
jack_control dps rate 48000 # use cd sample rate
|
||||
jack_control dps duplex True # record and playback ports
|
||||
jack_control dps hwmon False # no hardware monitoring
|
||||
jack_control dps rate 48000 # use cd sample rate
|
||||
|
||||
|
||||
# nperiods are the splitup of the
|
||||
# sound-ring-buffer. 2 are ok for internal cards
|
||||
# but for usb you should use 3 because
|
||||
# you can have to write in junks to the card
|
||||
# so there is one backup slice in the middle
|
||||
if [[ $internal_device_number -ne -1 ]]; then
|
||||
if [[ $internal_device_number -ne -1 ]]
|
||||
then
|
||||
jack_control dps nperiods 3
|
||||
fi
|
||||
|
||||
|
@ -81,7 +82,7 @@ start_jack() {
|
|||
jack_control start
|
||||
}
|
||||
|
||||
stop_jack() {
|
||||
stop_jack(){
|
||||
jack_control exit
|
||||
}
|
||||
|
||||
|
@ -91,18 +92,14 @@ status_jack() {
|
|||
jack_control status
|
||||
}
|
||||
|
||||
|
||||
case $1 in
|
||||
start)
|
||||
start_jack
|
||||
;;
|
||||
stop)
|
||||
stop_jack
|
||||
;;
|
||||
restart)
|
||||
stop_jack
|
||||
start_jack
|
||||
;;
|
||||
*)
|
||||
status_jack
|
||||
;;
|
||||
start) start_jack
|
||||
;;
|
||||
stop) stop_jack
|
||||
;;
|
||||
restart) stop_jack ; start_jack
|
||||
;;
|
||||
*) status_jack
|
||||
;;
|
||||
esac
|
||||
|
|
|
@ -1,48 +1,50 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
function stop_program() {
|
||||
echo "stop $1"
|
||||
sudo systemctl stop "$1"
|
||||
function stop_program(){
|
||||
echo "stop $1"
|
||||
sudo systemctl stop $1
|
||||
}
|
||||
|
||||
function start_program() {
|
||||
echo "start $1"
|
||||
sudo systemctl stop "$1"
|
||||
function start_program(){
|
||||
echo "start $1"
|
||||
sudo systemctl stop $1
|
||||
}
|
||||
|
||||
function start() {
|
||||
echo "starting programs again"
|
||||
echo "-----------------------"
|
||||
echo
|
||||
start_program backup.on-porani.insecure.timer
|
||||
start_program backup.on-workhorse.insecure.timer
|
||||
start_program backup.on-workout.insecure.timer
|
||||
start_program syncthing.service
|
||||
start_program tlp.service
|
||||
start_program tor.service
|
||||
|
||||
function start(){
|
||||
echo "starting programs again"
|
||||
echo "-----------------------"
|
||||
echo
|
||||
start_program backup.on-porani.insecure.timer
|
||||
start_program backup.on-workhorse.insecure.timer
|
||||
start_program backup.on-workout.insecure.timer
|
||||
start_program syncthing.service
|
||||
start_program tlp.service
|
||||
start_program tor.service
|
||||
}
|
||||
|
||||
function stop() {
|
||||
echo "stopping programs"
|
||||
echo "-----------------"
|
||||
echo
|
||||
stop_program backup.on-porani.insecure.timer
|
||||
stop_program backup.on-workhorse.insecure.timer
|
||||
stop_program backup.on-workout.insecure.timer
|
||||
stop_program syncthing.service
|
||||
stop_program tlp.service
|
||||
stop_program tor.service
|
||||
function stop(){
|
||||
echo "stopping programs"
|
||||
echo "-----------------"
|
||||
echo
|
||||
stop_program backup.on-porani.insecure.timer
|
||||
stop_program backup.on-workhorse.insecure.timer
|
||||
stop_program backup.on-workout.insecure.timer
|
||||
stop_program syncthing.service
|
||||
stop_program tlp.service
|
||||
stop_program tor.service
|
||||
}
|
||||
|
||||
|
||||
# ----
|
||||
# main
|
||||
# ----
|
||||
|
||||
|
||||
stop
|
||||
|
||||
echo
|
||||
echo -n "wait to start again -> "
|
||||
read -r
|
||||
read
|
||||
echo
|
||||
|
||||
start
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -p nginx-config-formatter python3 -i python3
|
||||
|
||||
import os
|
||||
import re
|
||||
import shutil
|
||||
import subprocess
|
||||
import sys
|
||||
from tempfile import TemporaryDirectory
|
||||
|
||||
|
||||
def nginx_config() -> str:
|
||||
reload_config = "/etc/nginx/nginx.conf"
|
||||
if os.path.exists(reload_config):
|
||||
return reload_config
|
||||
out = subprocess.check_output(["systemctl", "cat", "nginx"])
|
||||
match = re.search(r"-c '(\S+-nginx\.conf)", out.decode("utf-8"))
|
||||
if not match:
|
||||
print("Could not find nginx.conf in nginx.service", file=sys.stderr)
|
||||
sys.exit(1)
|
||||
|
||||
return match.group(1)
|
||||
|
||||
|
||||
def main():
|
||||
config_path = nginx_config()
|
||||
with TemporaryDirectory() as temp_dir:
|
||||
temp_path = os.path.join(temp_dir, "nginx.conf")
|
||||
with open(temp_path, "wb+") as temp_file, open(
|
||||
config_path, "rb"
|
||||
) as config_file:
|
||||
shutil.copyfileobj(config_file, temp_file)
|
||||
temp_file.flush()
|
||||
subprocess.check_call(["nginxfmt", temp_file.name])
|
||||
editor = os.environ.get("EDITOR", "cat")
|
||||
subprocess.check_call([editor, temp_file.name] + sys.argv[1:])
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
|
@ -10,7 +10,7 @@ from tempfile import TemporaryDirectory
|
|||
|
||||
|
||||
def nginx_config() -> str:
|
||||
reload_config = "/etc/nginx/nginx.conf"
|
||||
reload_config ="/etc/nginx/nginx.conf"
|
||||
if os.path.exists(reload_config):
|
||||
return reload_config
|
||||
out = subprocess.check_output(["systemctl", "cat", "nginx"])
|
||||
|
@ -26,9 +26,8 @@ def main():
|
|||
config_path = nginx_config()
|
||||
with TemporaryDirectory() as temp_dir:
|
||||
temp_path = os.path.join(temp_dir, "nginx.conf")
|
||||
with open(temp_path, "wb+") as temp_file, open(
|
||||
config_path, "rb"
|
||||
) as config_file:
|
||||
with open(temp_path, "wb+") as temp_file, \
|
||||
open(config_path, "rb") as config_file:
|
||||
shutil.copyfileobj(config_file, temp_file)
|
||||
temp_file.flush()
|
||||
subprocess.check_call(["nginxfmt", temp_file.name])
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA4N0Pm09nePnlTUtmJLVTxEP41i+9kd4tke6KjG+PIbGI0xrgZJBX
|
||||
sP6wK3vf5q3PZp6U3a452SjzSWKQtjXA94Zmr4HaWqYQJPtJlJcsNeWbx/I0WoaA
|
||||
918iltvgkLkPKITZ1Gp6iYtKjIn2vxOKv+Pm/YYSRGB4RE3GE5M7TVcitnC89lxm
|
||||
bK8GAnUs4xUXE4DWund0h81j7XWJpF6T3N3+rlCrfmEfYYmSYg2DRkprGHvAVP26
|
||||
kWzjei9sIfPVgL0iSprOxqfAw/3Sz0uk3Ny6YvsJU+N4e8QTKQTi75XlkAWbG9OF
|
||||
P1+1xFDX3d0MdPPNq2c6hHI4VmTMDYVqMPztZNOOKKe+GWBtz/Mlbb55cccNECYA
|
||||
eVrAkhgUqjFF2lOFK1j7Ivf8ogETUcYRCEaLEZyf5Q+DuHkGzct1DBVEKn23dR2E
|
||||
B8eDm4ap4YxmrZymPbbl5IUyc/d9pmm04MFWMOifDlw5KEH3+ia93ma3ByBI3UjP
|
||||
kAg8po3rh3WWjpI26E8icjSjkJ7f1rRsEWmNAf54JwPHkWBZIoUufVxvMNZ9PXn9
|
||||
7GdP2Z7z+Tn6zUDA62Z9DRDmRGEnuDio450dNMP6ZNWj6leYBbnkP5JtfpRymVKW
|
||||
GVJfpMwSlf/qP00Jd0WQQyICKQOIns+4jzCvRcOLzSaPj7OvgVUnx00CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAxubIDrvtrZ6fKPkuwQ+sK6YlToTfVtg3HCTOR7iDf47arkuG3dTb
|
||||
BgnkbB/8+KzztaYLQoLnGFugxKKtMGBvMGCo6YLtxrjuaz3aDmhpmGCJh80r80/i
|
||||
8WWg1CAkboKHmaiFpS/LBxAWQUGP+YJSoTLuDwtd794wX9MxLh4x5uGRp4rCj9+4
|
||||
DdGemLZkZz6Je+cBkf8qrw1Dr8CPiJk47a7bZhyKVnQ3PyvrGOjFolfcI22xp8j3
|
||||
7y55DIMWhVsm6EWFK4/pzAqi9JdRd7xy8c9WRIcAHJDlSdf+ERbIjUDJC8fgMlNl
|
||||
UII0SqLnBscIbqz2dMuoldeqg9S1fOiTekReLJqpLmAIn+iwpT8KW5QaESu2eh6M
|
||||
Ok0sJ8A+aphuZ+FDd2FUmWQiENnPzFGYQ/SuNAA7hR5plSCbjpodulNQFY93I8y3
|
||||
vRru6rm/ac+7SehWPBgHGl12UJluvHn32Q85bJ2vdtn9ONgcOdjSLA58nzfc1hv/
|
||||
OA5MzIJTvDJqwjZew8A/pyz6kxrGBqnXCzzt46tvj0yZ/VhIgL3qDTR/wzRV3N14
|
||||
3Z7TToIQKBPSYNxxCEHXxVQb8oWdGzeE7X52iFeYKhxj+ikZxkoXhCgIRYrDBQ0k
|
||||
lnpJU+fbeFddZ4bAdqPxVT+perK33Wzgp9s4+KLh8ldpcRm8S29sNIcCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAmAyz71GoQq2Mn4XeUVcN9yfgxeWT57li7i6Te9lq7OVAXQ+CBtD3
|
||||
puTMrW3/LXOIS678E2iMYPmdQzMZLmADi8+ZrXOqX98uceNv5bPrTJF0z/RA9Tif
|
||||
kfh78GcJCGHmZz+GGWu1ExtSa5ekBdamEtehW6vAGbrPM6Umu9B2UCn8zaSx+RGe
|
||||
Y7Z81wO21+ywUorMPTbHeuPYZW+Z8L+QKHO9NdYhzZ9zMPeVMi0x/mwIZqXJ57Wz
|
||||
57nx0rrPh+e+5cj3Jh+i4HC76mxPGCyCdvf+60d7W87UZxPqRiTLt2SwgltEKf56
|
||||
jBsVeOb5Fjzb6LcNGWfF8zNh0w6rAQsG4W7l93VlerTd46GtG2XW42JkGhuKb8JJ
|
||||
L1olPUmbcDbxlQGGUNaI7thAzubszAzinqyat3oU8NjgDJJIueHLmo752RW+yHUY
|
||||
giyRSBYtDRM9cE3s848WsToO5BtjXLkg/rC4WIWX2MNJFsAZXzfHWDmae+ajpoVy
|
||||
Gl6tGYbLhjd8KtSWB9kB0OWsV56f4KmWeRxHwTgylMO30l6v+XRdnoRUAp9wj8dV
|
||||
c6HJHnn5b2q4dk+qwWOYgwvpRFnSixbCCT4PoedEU9xVOzLmzxRtGmkzPsOXEOj5
|
||||
6r4Jvk0jw2LTkhEVX1CPblTrGpms9NO02SXNHkF/Akw7PGuJu+w3HZUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = 9JI8y56NWiKMRS6g/k2H3VgTEw0q+8UEDDJdiCjOl8O
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA4Ff6XRvf83XSuWUkb70Yz+cWo1/dq4LBh5ZG7SJypdIXYnWQpQJc
|
||||
sLRfAS6nJZ6VixNADx7A03c8TdADVaAgl591rLd4CSzM22EgaOFstU2VO/MfMKHf
|
||||
v+WUQsrTE6CQ48SW+MDbSZZ7M7FRa/A6hwqZc5qygxdG/tgTei9pmTfqW+ZdQBWl
|
||||
IeCCINiNSA/fD+FjWXslZIFRZ5sQ7AYZJgL2nFAueY+cKtRZy3tcDL1v6mhDdIrE
|
||||
h8JjEUiayQDGnWmBlflLqE3ODqEsEKoL6W7epqK6PcwvZQxSNwrZe/wzH3oTC43m
|
||||
Yg7TQGr0v3SnSziXv3cJvcHfwr9+huo37wTbUJNmozGpI8nLszfUTEIfhbu2ODQv
|
||||
R2iM7FJcE4wV48y9aybEnESKA0vsjgI23RIQfxkN0oii7L6NAZVHgl/JJBOtCMXf
|
||||
V5uXAdOtkv9UvfofrrV0uahncvbz5efPTSPF8fS5EiwzWfDUW6KHrp/9+gDcnirn
|
||||
H8HvmmNVeOGWA1xlrKgi8kiBHv5BxCXfurD0aD6ZIlxdLjJCvGfnLnJZ6gr//GAf
|
||||
1BJJVei98uZzihNe4VbRF6Iaphns1KezsdygMsEV9gDIJw3IIqTukcUK7AcBXhb4
|
||||
IJ792j2iRwUOyiAcUYLeVYzAt3xFN6wPNcC/Opdo6TVbdMZu2uS1ZN8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = kc1SACqsoYjk5GimZfP+eszfJmUzZkMQhWeW42UKjfL
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA2ACttoosnRZ99o+OyMrxBdUWPqsT5btzSIQ5dU1XWqGjO4nRchCE
|
||||
8tO0b/4jqVgJVTRZVIUJQESZRlSmclsCAjdM8tsGj74CJrm7tBvgbBn2IObSs5+4
|
||||
oJWe57VsQaeHPuI2JZuGqv8Z3Esw+B07bQS5VTaC1ISo7vnLG/q5XLCbKHB9JZc/
|
||||
ztYbk4bEQHwbulfoPjD9FY3heLnTzqPw9Xr3ixao5gbAXfWNJM+iCluMq+Q2g1BD
|
||||
ozSnyYvaGLQ6h4yksDp+xuK8YCqiRj174EkXySI8Jee1CBMuI8ciX/5Q7yzvzscQ
|
||||
ZQ/MLVdx3MRW+VeT0ctaRzoA9E09ILqPe+56DjpsKzt4Ne8qeMG5HdpzO9UdNzTu
|
||||
MuibsCL7CJy5Ytl38PK+LAXHQr3Os1Z4OHjeTZ38vTAZcOUJZEkl6w9nO1XjcyBL
|
||||
rIaG+20Nx0ZU79MlJZFiG7ovlUiDfIEKNygng8v/yoTMaqMYLxQZ/leQwLMNLujo
|
||||
sku8+oV4Jvx4SyUjuAS6jgG9CnejLCnHP/yyDGdaMQSzmlzYXacLMfnPZE3r7bj1
|
||||
EjA6yQbkPixm7xLCyMm5u2leWtqtbg1oRA6Mw3UyYkNy3hiTU+jTvztEI3SCliDH
|
||||
yjGlESH4/edryKjLNjmYP77VFbM9ZSQ+QGlbMGPvjcn6XCdJGdxm3PUCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA1wwdd6+Qgn7fiC5C5ueeAsgfG6LlP+5zfb2r8/RZzFkKK+wX0QRx
|
||||
6i3Dm0SwAvkKYKowEHhpDg941CrkuTGN2wnKvxoUNvaAe+RBK2EZM3xPh0eTP33T
|
||||
igNEHAcdHlgwd3aaNRmYxC41uUlAjD8JPkQ14yAvi4ZMeDRGQxw3on7Mx8NBwgDp
|
||||
V2F45c9WpYzaocPCREQE7xLpY3prYpOljqd3hGnBQjdruxnAtIh7nb1SSlMci4RT
|
||||
Y2d6aOCiDKgtqrPtMSWp0RkuhIlT17AK1b/5+TE4vzcFNkt6xQJnH2rm7D9niXZ2
|
||||
+yzl5DsVONk4z29MnEInqzcVY8m6iypjjntBTkHtFWJc4ZMnJC9FBt7il4V2NL+/
|
||||
T7uHV1KDFwRZOtfd0WWlgpg3HsZLc+pmZNl77bggcc56+t3FC5UPZKMEEmU7TYtp
|
||||
jIPYnOV9C7ReaOpYvHJi/6NrtYUjBd2XbtD959cTFR9PpXMaNWh2R8+K7r/tFZrG
|
||||
q252aCc51J+JegfnhtTfOfPPn7BHV+ZsSQBjMrxz29igOlMPnyOvaxB4mxf6ipoX
|
||||
HDY7QnQ82HTZCGQ3vPVEgNz0MfsZU0VocazOYOh3RpKBbKaYqo1i8PqKpqfjC7aR
|
||||
AdbrqBXGFcBbXkna3BQDS4xmK35sUG08OR1g24uiNFKzy8rK+xcp790CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = ZK9iznseTpMqjaMgDJ7MdjYaq62QlEOFquLfVxlLpFK
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAzBU8x9aB7F3sPJlcg9avJiSrsAoTHsMkfk6uRKFVjUjuNJgb3rjW
|
||||
gyQ7krftLAyxLkTYJzpD+4D+qWiudEgju7W+BU65/hudMIvBmbRYqXmcQlD9B9Pv
|
||||
0bVAazHJ80wN8GJD060Wq6XTtkrtAJhPmQSyMt0xU4WmWw/39QBX9rWtOTy75813
|
||||
qrfuv1I11YcVQ3jegPLUIzlZqz6LeouCXiP7IRIa+WUXIwAdAYtO/RJC+tty6zyI
|
||||
BXNd0Mkvpf0Qaw5joQJRXkdb1sWHOZYh75JW1QWqFMWCclkGG7/Dve4KzuO9N5XZ
|
||||
ZMs/MCtDkJQpweNDT3aaiqZa8Oj29OXs4HR4FFrvYkY+qqmKCUqS70FYLo45uNx1
|
||||
sRb7GKX8/dsPyOGHfXDuFTSXsKLh9gNLMlF/kuTQ2yJMfeMKdC5jDClL145Fm0ux
|
||||
akH/PWSS9DENxSu0GH1sTQnLyhc4mVzOehu1XfR9EALjYY0BNBUir7aAaiLTCbq9
|
||||
LKwMaF/D467W3j3Zp5xEAsf8xYC2CyMl1Df43zxcxLY+3K8/kUM2rkU7ocl2VT3o
|
||||
7yNC+JqQz41n4SDOXBZc6cfxUXj2MqqEw9Ywgs+aXZiSCaVOulhyXj0TSE1mX1NI
|
||||
woDHEzyx7q4AryQOWQsLq5JimI0v2/xN2yz+cNXoetDypjEWnws4e/ECAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA1vhCFsFK0QSYDlXSS6ngpZbilplYtaPBzbxWYGAxa5vNtwoaO2Tz
|
||||
BZ4ptvE26TR2+Jygvlk5xdoNYAL/yhNI9p86vs/pA+sJmBlsYAWOA5qAnXoIL2u4
|
||||
1CBB9t+uMnQKhyPoBoDq6QXmM1HlFhxtkKVlLyEHxARxu7g/inFtghPqYD/HyjVJ
|
||||
V6h9OdKEgY+wcn6GGLXGjrSMAsIZP2w8fPQfS45UAtjK+cFODFKElxGZrjqgJP1w
|
||||
/Jw6nB03yKMGsMHNkiwC2BJbK3+pT92JfyqXRg3REw0hVMZghcsoNtWfBoNYLvFY
|
||||
qwk+bvf5bVdLxLMEv33+B3F8SScXuwMUpBwCeMi58ltt+OuOVhh8PLA9ncA6tGa9
|
||||
tzyUo7i8qjGTremSilWIdRYqOexriPKCdnYcJcw/L9Vl2H3QbIj7uVxbszQbqDGS
|
||||
KM43U5cXgpMIYI9CwxnWB8np7n/IXZFG5E+9afd4kYTLShzaObzu2I1yom0O4Ks7
|
||||
HsdvlsBgv4iT6ctquHtU6IFsa/Wfm4ntDiAcczoQEXs0F2v839FH62TPTY70xzyd
|
||||
wQhAdCegb6MYVmVmQL9jv8QDfxwUxtsohbW3ncBDYrdy2rmeiZDGaRJVEbyf6MKI
|
||||
OfaobRGXY0NnOURX9/fkXSydDKd3rIhOMubfUq0+Smm3YrsHWeZVvNMCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = Hm+YwSe6XiRNQD4HfJPgTB8UFVMyVi0vy+3ofMnW6jD
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEAu7Ajx9+mEaDK/ASZ5hoVj3X3IkWl+8MAhmj7dwnhqc4YrPrvwKE4
|
||||
cOnVcEUp4K4pyIHUG8zhsesstfpu/0owLQaz8Cekr4CyQWsjDfi7K/QiAN+v2O2m
|
||||
DQOjrYzDvRyBa20A2MnO1kZU/aFHE9qcIHefZhQUZyv97j+QcsE/FDuIH/RAua6/
|
||||
p+br2tfecePGH6f0fMk8dp+YbxcjjVyhJkjyaYF2r+n+YflDl5y3ngxUFJ0UnNE0
|
||||
RfYJf2NE1wzt4rIdnYobFP3vifDIeYj6M0LGHnURPsT6zP+zStZ81MYZKrNlTJ37
|
||||
sbZhorVmO6x46xEWaDUd7UqcKJBpb7u8iSAE4S3tHLFRxBs60dPS+3UEraiTvTHr
|
||||
FvWTq1Q+t/FivTxXEkVt74N5auOKbT5AAkztak21Izx6enspdx6da2aLuJD5I0OU
|
||||
3F4kd8lW5PqEZubkYziDwcVoNsx88hQzHi5l2aRdzY57o82+ltWw4xXmAFR2o605
|
||||
SwVJ4AUmORHuIoDYSR+UgbtKHguxVaTLVggdfvHzlDQ1VERwEU58awMwPLU1k+jP
|
||||
3QW7ehPLKRN+StB6LBlnmRD1ltkaPY5iy+NMXj17hJx0trpz3qoCuv+5TRvsGvQ7
|
||||
Je/G7c6suIGd4HbA9TvCinW6/JLbJQlDiG7MD2oCOPS1pdayUuB9Jw0CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = sPs48jzCdtTv0Viy2Of3HlXipfxH5Y8bA+KYVkOrSiK
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA01HJ49zxmnixWC9YMP0c3UFxZc4Hl5UK9nJvhMRBOuxm75kpzZsz
|
||||
3v6mSy1YrVE9rrGXYjZ76wKrRhchMpvrMKKD8/DRjVqTkuFwtGgUEigzpSFoSLtC
|
||||
u2Wis7Z6GW3nLgAS79NU9IUUEoeevND1zzglDb0HdERuiImiZVg3I+VXLyA31X3L
|
||||
Z/B7T4QLmZGIRvFw0y1TawMjFMJZmDBtzMqfO7behkms2O1ORAciGhGxmZ9gd7yk
|
||||
n/NKCpSSzeC6sJ28i33LRrWF3hRUXAEJFgq8YRxm6mjRoPLsJVsw2S98DvTcxmjN
|
||||
eyVnqPVQi7JuKrOQsewQvwV2KiqI9ibEYH1zZNXwy+l05b3QSaAcyRtDpwRW7FCY
|
||||
H4B3S0vjte75D4bEuYTFgT3wCzlAjdB7fPZ4jyZXdrP8G3IfbMmgsdECz5uIMwam
|
||||
UaSZISlHkSJv+erA8TMJLBnqAO7ERKYI7PRIDdIun0VtX2QjRJpWIdVpxEcL4fZU
|
||||
w6gzX8lOQe5NnoH/MFUfU0LyBuUH1k6WX7xdwrynUVS087vwaQN+H/VTp0QSX6PQ
|
||||
oCLYPCGKS2B/St954uaPanzeG7QZQpWbvttaFVmUSkilx78xqqu3zDm9pSofFKCX
|
||||
08TGlluy8JAwUqAxekQVKey2PdLmKjlMCcoUeNYbJybGplc9gv2hYhsCAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
|
@ -0,0 +1,14 @@
|
|||
Ed25519PublicKey = r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O
|
||||
-----BEGIN RSA PUBLIC KEY-----
|
||||
MIICCgKCAgEA7/bur2JIXzNrsgjQ7kfoaLUVCC9S7HNNdDrlnSdum0sWvN9urdxS
|
||||
1OfzqG+kjDhQ0sS4fEeYyLMU8W3/aHkSbMjfKBiZS70bg5yHRepUEPZNqDqR3+rO
|
||||
LTAGWMi/IQQQmnfcN5SjaNY/ZyXoaPd1emlpV2UXBvXo/bQTl+pmOt7AIAh7Z7M6
|
||||
X5KAwU23kUwrfn/7zFCw98euNEPcCKpdF5oD4+G+S0PGfFvBmE6Xoi2blM1rcjJ4
|
||||
39IGVCsKAlW1Vg48yj7FypSSjaFvIW+kyRcNNTEZ4V5p50Vm7DfylfW96NqAOeuz
|
||||
2aSVaLhvmu8fU9z+g95MdGZOJYd57jFt76GbkwcLCF8KBCP9NhMfOQu0i1glk+AP
|
||||
CcJcDa/Oj7lLQVB2+holJhw5fkHH2Yi+L+UsjIF0iLiOSTjGJp4yRT9Al9pgMCj2
|
||||
O1JUMYxQ490mSFHBomNv1fq+f5VJnytEwAkJH6AgH+RIcAC5/r+sowfLv+Gy0ga8
|
||||
jKG6t9d/x6lRNv0x5sUhYkiUD9Naq0NncaZz1GtkBAyu+hUZx2+zg3r8He4XoiXx
|
||||
zWAQEgcW3X1/9VC7IBvaK9cdLG5pbeGCBaDv8S0Ue332mM0XNDlffjdC7Sg9f/TG
|
||||
YV8MHpR3RwwUqdi6WFPQqVz5Hv1pE02v/Uw6tby1UgAnzskrufPh+m8CAwEAAQ==
|
||||
-----END RSA PUBLIC KEY-----
|
Binary file not shown.
Before Width: | Height: | Size: 39 KiB |
|
@ -1,6 +0,0 @@
|
|||
# components concept
|
||||
|
||||
- components are kinda opinionated.
|
||||
- should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
|
||||
- `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
|
||||
- But default should make sense here!
|
|
@ -1,21 +0,0 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./gui
|
||||
./mainUser.nix
|
||||
./media
|
||||
./monitor
|
||||
./network
|
||||
./nixos
|
||||
./terminal
|
||||
./yubikey.nix
|
||||
];
|
||||
|
||||
# some system stuff
|
||||
# -----------------
|
||||
time.timeZone = lib.mkDefault "Europe/Berlin";
|
||||
#time.timeZone = lib.mkDefault "Pacific/Auckland";
|
||||
#time.timeZone = lib.mkDefault "Asia/Singapore";
|
||||
#time.timeZone = lib.mkDefault "Asia/Makassar";
|
||||
|
||||
}
|
|
@ -1,52 +0,0 @@
|
|||
# TODO test `alsactl init` after suspend to reinit mic
|
||||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.audio.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.pass.enable) {
|
||||
|
||||
security.rtkit.enable = true;
|
||||
|
||||
hardware.pulseaudio.enable = false;
|
||||
|
||||
hardware.bluetooth = {
|
||||
enable = true;
|
||||
powerOnBoot = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
alsa-utils
|
||||
alsaUtils
|
||||
|
||||
# PulseAudio control
|
||||
# ------------------
|
||||
ponymix
|
||||
pavucontrol
|
||||
lxqt.pavucontrol-qt
|
||||
];
|
||||
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
systemWide = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
environment.etc = {
|
||||
"wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = ''
|
||||
bluez_monitor.properties = {
|
||||
["bluez5.enable-sbc-xq"] = true,
|
||||
["bluez5.enable-msbc"] = true,
|
||||
["bluez5.enable-hw-volume"] = true,
|
||||
["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]"
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,86 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
backupFolder = "~/desktop/browser-images";
|
||||
homeFolder = "/browsers";
|
||||
in
|
||||
{
|
||||
config = lib.mkIf config.components.gui.enable {
|
||||
|
||||
programs.chromium.extensions = [
|
||||
"nngceckbapebfimnlniiiahkandclblb" # bitwarden
|
||||
"edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
|
||||
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
|
||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
|
||||
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
|
||||
];
|
||||
|
||||
# overwrite use zram on small RAM systems
|
||||
fileSystems."/share" = lib.mkDefault {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
# overwrite use zram on small RAM systems
|
||||
fileSystems."${homeFolder}" = lib.mkDefault {
|
||||
device = "tmpfs";
|
||||
fsType = "tmpfs";
|
||||
};
|
||||
|
||||
services.browser = {
|
||||
enable = lib.mkDefault true;
|
||||
configList = {
|
||||
development = {
|
||||
home = "${homeFolder}/development-browser";
|
||||
homeBackup = "${backupFolder}/development-browser";
|
||||
gpu = false;
|
||||
};
|
||||
google = {
|
||||
home = "${homeFolder}/google-browser";
|
||||
homeBackup = "${backupFolder}/google-browser";
|
||||
gpu = false;
|
||||
};
|
||||
finance = {
|
||||
home = "${homeFolder}/finance-browser";
|
||||
homeBackup = "${backupFolder}/finance-browser";
|
||||
gpu = false;
|
||||
};
|
||||
facebook = {
|
||||
home = "${homeFolder}/facebook-browser";
|
||||
homeBackup = "${backupFolder}/facebook-browser";
|
||||
gpu = false;
|
||||
};
|
||||
shopping = {
|
||||
home = "${homeFolder}/shopping-browser";
|
||||
homeBackup = "${backupFolder}/shopping-browser";
|
||||
gpu = false;
|
||||
};
|
||||
jobrad = {
|
||||
browserType = "chrome";
|
||||
home = "${homeFolder}/jobrad-chrome";
|
||||
homeBackup = "${backupFolder}/jobrad-chrome";
|
||||
gpu = false;
|
||||
};
|
||||
firefox-tmp = {
|
||||
browserType = "firefox";
|
||||
home = "${homeFolder}/firefox-tmp";
|
||||
homeBackup = "${backupFolder}/firefox-tmp-browser";
|
||||
gpu = false;
|
||||
};
|
||||
chromium-tmp = {
|
||||
browserType = "chrome";
|
||||
home = "${homeFolder}/chromium-tmp";
|
||||
homeBackup = "${backupFolder}/chrome-tmp-browser";
|
||||
gpu = false;
|
||||
};
|
||||
google-tmp = {
|
||||
browserType = "google";
|
||||
home = "${homeFolder}/google-tmp";
|
||||
homeBackup = "${backupFolder}google-tmp-browser";
|
||||
gpu = false;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.components.gui.cups.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.cups.enable) {
|
||||
|
||||
hardware.printers.ensurePrinters = [
|
||||
{
|
||||
description = "Lexmark E350d";
|
||||
deviceUri = "usb://Lexmark/E350d?serial=622Z9ZC";
|
||||
location = "office";
|
||||
name = "Lexmark_E350d";
|
||||
model = "drv:///sample.drv/generic.ppd";
|
||||
ppdOptions = {
|
||||
job-sheets = "none, none";
|
||||
media = "na_letter_8.5x11in";
|
||||
sides = "one-sided";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui = {
|
||||
enable = lib.mkEnableOption "GUI configurations";
|
||||
};
|
||||
|
||||
imports = [
|
||||
# todo : structure with home-manager and such is not cool, create another structure
|
||||
./audio.nix
|
||||
./browser.nix
|
||||
./cups.nix
|
||||
./fonts.nix
|
||||
./home-manager
|
||||
./kmonad.nix
|
||||
./noti.nix
|
||||
./pass.nix
|
||||
./steam.nix
|
||||
./suspend.nix
|
||||
./taskwarrior.nix
|
||||
./vscode.nix
|
||||
./wayland.nix
|
||||
./xorg
|
||||
];
|
||||
|
||||
config = mkIf config.components.gui.enable {
|
||||
# todo extract xorg stuff to prepare wayland
|
||||
environment.enableAllTerminfo = true;
|
||||
};
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.style.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.style.enable) {
|
||||
|
||||
fonts.packages = with pkgs; [
|
||||
|
||||
corefonts
|
||||
hasklig
|
||||
inconsolata
|
||||
source-code-pro
|
||||
symbola
|
||||
ubuntu_font_family
|
||||
|
||||
# symbol fonts
|
||||
# ------------
|
||||
nerdfonts
|
||||
powerline-fonts
|
||||
font-awesome
|
||||
fira-code-symbols
|
||||
jetbrains-mono
|
||||
|
||||
# shell font
|
||||
# ----------
|
||||
terminus_font
|
||||
gohufont
|
||||
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
config = mkIf config.components.gui.enable {
|
||||
|
||||
# don't run autoload -U compinit && compinit before ~/.zshrc
|
||||
programs.zsh.enableGlobalCompInit = false;
|
||||
|
||||
};
|
||||
}
|
|
@ -1,88 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
|
||||
options.components.gui.kmonad.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
config = lib.mkIf (config.components.gui.kmonad.enable) {
|
||||
|
||||
# only needed if you have an UHK
|
||||
hardware.keyboard.uhk.enable = true;
|
||||
environment.systemPackages = [ pkgs.unstable.uhk-agent ];
|
||||
users.users.mainUser.extraGroups = [ "input" ];
|
||||
|
||||
services.xserver = {
|
||||
layout = "us";
|
||||
xkbOptions = "compose:ralt";
|
||||
};
|
||||
|
||||
services.kmonad = {
|
||||
enable = true;
|
||||
keyboards =
|
||||
let
|
||||
keyboard = device: leftOfSpace: {
|
||||
device = device;
|
||||
extraGroups = [ "video" ];
|
||||
defcfg = {
|
||||
enable = true;
|
||||
fallthrough = true;
|
||||
allowCommands = true;
|
||||
};
|
||||
config = ''
|
||||
(defsrc
|
||||
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
|
||||
tab q w e r t y u i o p [ ] \
|
||||
caps a s d f g h j k l ; ' ret
|
||||
lsft z x c v b n m , . / rsft
|
||||
${lib.concatStringsSep " " leftOfSpace} spc ralt rmet cmp rctl
|
||||
)
|
||||
|
||||
(defalias sym (layer-toggle symbols))
|
||||
(defalias alt (around (layer-toggle alt-qwerty)
|
||||
(layer-toggle arrows)))
|
||||
|
||||
(deflayer qwerty
|
||||
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
|
||||
tab q w e r t y u i o p [ ] \
|
||||
esc a s d f g h j k l ; ' ret
|
||||
lsft z x c v b n m , . / rsft
|
||||
lctl lmet @alt spc @sym rmet cmp rctrl
|
||||
)
|
||||
|
||||
(deflayer symbols
|
||||
_ ½ ² ³ ⁴ ⁵ ⁶ ⁷ ⁸ ⁹ ∞ _ _ _
|
||||
_ _ _ € _ ™ _ ü _ ö _ _ _ _
|
||||
caps ä ß _ _ _ _ _ _ _ _ _ _
|
||||
_ _ _ ¢ _ _ _ _ _ _ _ _
|
||||
_ _ _ _ _ _ _ _)
|
||||
|
||||
;; alt => alt
|
||||
;; alt + jkli => left down right up
|
||||
;; alt + caps + jkli => alt + left down right up
|
||||
(deflayer alt-qwerty
|
||||
(around lalt grv ) (around lalt 1) (around lalt 2) (around lalt 3) (around lalt 4) (around lalt 5 ) (around lalt 6) (around lalt 7) (around lalt 8) (around lalt 9) (around lalt 0) (around lalt - ) (around lalt = ) (around lalt bspc)
|
||||
_ (around lalt q) (around lalt w) (around lalt e) (around lalt r) (around lalt t ) (around lalt y) (around lalt u) (around lalt i) (around lalt o) (around lalt p) (around lalt [ ) (around lalt ] ) (around lalt \ )
|
||||
_ (around lalt a) (around lalt s) (around lalt d) (around lalt f) (around lalt g ) (around lalt h) (around lalt j) (around lalt k) (around lalt l) (around lalt ;) (around lalt ' ) (around lalt ret)
|
||||
_ (around lalt z) (around lalt x) (around lalt c) (around lalt v) (around lalt b ) (around lalt n) (around lalt m) (around lalt ,) (around lalt .) (around lalt /) (around lalt rsft)
|
||||
_ _ _ (around lalt spc) _ _ _ _
|
||||
)
|
||||
(deflayer arrows
|
||||
_ _ _ _ _ _ _ _ _ _ _ _ _ _
|
||||
_ _ _ _ _ _ _ _ up _ _ _ _ _
|
||||
lalt _ _ _ _ _ _ left down right _ _ _
|
||||
_ _ _ _ _ _ _ _ _ _ _ _
|
||||
_ _ _ _ _ _ _ _)
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,37 +0,0 @@
|
|||
# notify me when a command is finished
|
||||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.noti.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.noti.enable) {
|
||||
|
||||
sops.secrets.pushover_user_key = { };
|
||||
sops.secrets.pushover_api_key = { };
|
||||
sops.templates."noti.yaml".owner = config.users.users.mainUser.name;
|
||||
sops.templates."noti.yaml".group = config.users.users.mainUser.group;
|
||||
sops.templates."noti.yaml".content = ''
|
||||
pushover:
|
||||
userKey: ${config.sops.placeholder.pushover_user_key}
|
||||
apiToken: ${config.sops.placeholder.pushover_api_key}
|
||||
'';
|
||||
|
||||
home-manager.users.mainUser = {
|
||||
home.packages = [
|
||||
(pkgs.writers.writeBashBin "noti" ''
|
||||
${pkgs.noti}/bin/noti --file ${config.sops.templates."noti.yaml".path} "$@"
|
||||
'')
|
||||
(pkgs.writers.writeBashBin "noti-pushover" ''
|
||||
${pkgs.noti}/bin/noti --pushover --file ${config.sops.templates."noti.yaml".path} "$@"
|
||||
'')
|
||||
];
|
||||
|
||||
## not working :(
|
||||
#programs.noti.enable = true;
|
||||
#xdg.configFile."noti/noti.yaml".source = toString config.sops.templates."noti.yaml".path;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
|
||||
# desktop file
|
||||
# ------------
|
||||
# makes it possible to be used by other programs
|
||||
desktopFile = name: bin:
|
||||
pkgs.writeTextFile {
|
||||
name = "${name}.desktop";
|
||||
destination = "/share/applications/${name}.desktop";
|
||||
text = ''
|
||||
[Desktop Entry]
|
||||
Categories=Application;Utility;
|
||||
Comment=password dialog
|
||||
Encoding=UTF-8
|
||||
Exec=${bin}
|
||||
Icon=gnome-lockscreen
|
||||
Name=${name}
|
||||
Terminal=false
|
||||
Type=Application
|
||||
'';
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
options.components.gui.pass.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.pass.enable) {
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
|
||||
# todo : use upstream desktop file creator
|
||||
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
|
||||
|
||||
pkgs.otpmenu
|
||||
|
||||
# todo ein script machen was hier tut
|
||||
# zbarimg -q --raw 2018-12-18-114509.png | pass otp insert mindcurv/cloudamqp/otp
|
||||
pkgs.zbar
|
||||
|
||||
pkgs.ctmg
|
||||
pkgs.pinentry
|
||||
pkgs.pinentry-curses
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,90 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
|
||||
mkOption {
|
||||
inherit example description default apply;
|
||||
type = with lib.types;
|
||||
let
|
||||
valueType = nullOr
|
||||
(oneOf [
|
||||
bool
|
||||
int
|
||||
float
|
||||
str
|
||||
(attrsOf valueType)
|
||||
(listOf valueType)
|
||||
]) // {
|
||||
description = "bool, int, float or str";
|
||||
emptyValue.value = { };
|
||||
};
|
||||
in
|
||||
valueType;
|
||||
};
|
||||
in
|
||||
|
||||
{
|
||||
options.components.gui.taskwarrior.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
options.components.gui.taskwarrior.config = mkMagicMergeOption {
|
||||
type = attrs;
|
||||
default = { };
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.taskwarrior.enable) {
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
unstable.taskwarrior-tui
|
||||
taskwarrior
|
||||
timewarrior
|
||||
miller
|
||||
tasksh
|
||||
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
|
||||
|
||||
(pkgs.writers.writeBashBin "calendar" ''
|
||||
${pkgs.taskwarrior}/bin/task calendar
|
||||
${pkgs.taskwarrior}/bin/task calendar_report
|
||||
'')
|
||||
|
||||
unstable.vit
|
||||
(pkgs.writers.writeBashBin "active" "${unstable.taskwarrior-tui}/bin/taskwarrior-tui -r active")
|
||||
(pkgs.writers.writeBashBin "todo" "${unstable.taskwarrior-tui}/bin/taskwarrior-tui -r todo")
|
||||
|
||||
taskwarrior-hooks
|
||||
vdirsyncer
|
||||
khal
|
||||
(pkgs.writers.writeBashBin "kalendar" ''
|
||||
${pkgs.vdirsyncer}/bin/vdirsyncer sync
|
||||
${pkgs.khal}/bin/ikhal
|
||||
'')
|
||||
|
||||
# todo : before deleting this, put it in logseq
|
||||
(python3Packages.bugwarrior.overrideAttrs (old: {
|
||||
version = "develop";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ralphbean";
|
||||
repo = "bugwarrior";
|
||||
rev = "eb19a702a698f9c8c3ce2a1fe41f35872d9ae398";
|
||||
sha256 = "sha256-Geon+ddE58WJ10L4unotzvmZj1Ye0yjZHVQgrR2YWgE=";
|
||||
};
|
||||
propagatedBuildInputs = old.propagatedBuildInputs ++ [
|
||||
python3Packages.pydantic
|
||||
python3Packages.tomli
|
||||
python3Packages.email-validator
|
||||
python3Packages.packaging
|
||||
];
|
||||
}))
|
||||
];
|
||||
|
||||
#home-manager.users.mainUser.home.file.".config/bugwarrior/bugwarriorrc".source = ./bugwarriorc.ini;
|
||||
#home-manager.users.mainUser.home.file.".config/bugwarrior/bugwarriorrc".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.components.gui.taskwarrior.config;
|
||||
home-manager.users.mainUser.home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.components.gui.taskwarrior.config;
|
||||
|
||||
};
|
||||
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.vscode.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
#default = config.components.gui.enable;
|
||||
default = false;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.gui.vscode.enable) {
|
||||
environment.systemPackages = with pkgs; [
|
||||
(vscode-with-extensions.override {
|
||||
vscodeExtensions = with vscode-extensions; [
|
||||
bbenoist.nix
|
||||
ms-python.python
|
||||
ms-azuretools.vscode-docker
|
||||
ms-vscode-remote.remote-ssh
|
||||
vscodevim.vim
|
||||
rust-lang.rust-analyzer
|
||||
#github.copilot-labs
|
||||
github.copilot
|
||||
#github.copilot-chat
|
||||
];
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.components.gui.wayland.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = ! config.components.gui.xorg.enable;
|
||||
};
|
||||
|
||||
config = mkIf config.components.gui.wayland.enable {
|
||||
programs.hyprland.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
let
|
||||
|
||||
name = "lock";
|
||||
|
||||
# the lock program
|
||||
lockProgram = pkgs.writeShellScriptBin "${name}" ''
|
||||
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1
|
||||
'';
|
||||
|
||||
in
|
||||
{
|
||||
config = mkIf config.components.gui.xorg.enable {
|
||||
environment.systemPackages = [
|
||||
lockProgram
|
||||
(pkgs.makeDesktopItem {
|
||||
name = "lock";
|
||||
desktopName = "lock";
|
||||
exec = "${lockProgram}/bin/lock";
|
||||
terminal = false;
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
{ pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.media = {
|
||||
enable = lib.mkEnableOption "Media configurations";
|
||||
};
|
||||
|
||||
imports = [
|
||||
./icecast.nix
|
||||
./tts.nix
|
||||
./video.nix
|
||||
];
|
||||
|
||||
config = mkIf config.components.media.enable { };
|
||||
}
|
|
@ -1,71 +0,0 @@
|
|||
# --------------------------------------------------
|
||||
# How to use?
|
||||
# * start the icecast
|
||||
# * connect via mixxx to it.
|
||||
# * add the podcast to mpd in the same network
|
||||
# --------------------------------------------------
|
||||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
|
||||
let
|
||||
# todo : make option
|
||||
user = "username";
|
||||
password = "password";
|
||||
mountPoint = "/radio.mp3";
|
||||
maxListeners = 20;
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
options.components.media.icecast.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
#default = config.components.media.enable;
|
||||
default = false;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.media.icecast.enable) {
|
||||
|
||||
services.icecast = {
|
||||
enable = true;
|
||||
hostname = config.networking.hostName;
|
||||
admin = {
|
||||
user = "palo";
|
||||
password = "palo";
|
||||
};
|
||||
# http://icecast.org/docs/icecast-2.4.1/config-file.html
|
||||
extraConf = ''
|
||||
<mount type="normal">
|
||||
<mount-name>${mountPoint}</mount-name>
|
||||
<username>${user}</username>
|
||||
<password>${password}</password>
|
||||
<max-listeners>${toString maxListeners}</max-listeners>
|
||||
<max-listener-duration>3600</max-listener-duration>
|
||||
<charset>UTF8</charset>
|
||||
<public>1</public>
|
||||
<stream-name>Palos Awesome Stream</stream-name>
|
||||
<stream-description>Kick ass Tracks</stream-description>
|
||||
<stream-url>https://ingolf-wagner.de</stream-url>
|
||||
<genre>classical</genre>
|
||||
<bitrate>320</bitrate>
|
||||
<type>application/ogg</type>
|
||||
<subtype>vorbis</subtype>
|
||||
<hidden>1</hidden>
|
||||
<burst-size>65536</burst-size>
|
||||
<mp3-metadata-interval>4096</mp3-metadata-interval>
|
||||
</mount>
|
||||
'';
|
||||
};
|
||||
|
||||
# use port which I can see in iptable -L -v -n
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ config.services.icecast.listen.port ];
|
||||
allowedUDPPorts = [ config.services.icecast.listen.port ];
|
||||
};
|
||||
|
||||
# don't want to have the service running all the time
|
||||
# ---------------------------------------------------
|
||||
systemd.services.icecast.wantedBy = lib.mkForce [ ];
|
||||
systemd.services.icecast.after = lib.mkForce [ ];
|
||||
|
||||
};
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# todo : add a dry-run
|
||||
|
||||
sanitize() {
|
||||
shopt -s extglob
|
||||
|
||||
filename=$(basename "$1")
|
||||
directory=$(dirname "$1")
|
||||
|
||||
filename_clean="${filename//+([^[:alnum:]_-\\.])/_}"
|
||||
|
||||
if [[ $filename != "$filename_clean" ]]; then
|
||||
mv -v --backup=numbered "$1" "$directory/$filename_clean"
|
||||
fi
|
||||
}
|
||||
|
||||
export -f sanitize
|
||||
find "$1" -depth -exec bash -c 'sanitize "$0"' {} \;
|
|
@ -1,74 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.components.media.tts-server.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
#default = config.components.media.enable;
|
||||
default = false;
|
||||
};
|
||||
|
||||
options.components.media.tts-client.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.media.enable;
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf (config.components.media.tts-client.enable) {
|
||||
environment.systemPackages = [
|
||||
pkgs.espeak-ng
|
||||
pkgs.tts
|
||||
(pkgs.writers.writeDashBin "tts-en" ''
|
||||
${pkgs.tts}/bin/tts --model_name "tts_models/en/ljspeech/vits" "$@"
|
||||
'')
|
||||
(pkgs.writers.writeDashBin "tts-de" ''
|
||||
${pkgs.tts}/bin/tts --model_name "tts_models/de/thorsten/vits" "$@"
|
||||
'')
|
||||
];
|
||||
})
|
||||
|
||||
(mkIf (config.components.media.tts-server.enable) {
|
||||
|
||||
# find models with ${pkgs.tts}/bin/tts --list_models
|
||||
services.tts = {
|
||||
servers = {
|
||||
english = {
|
||||
enable = true;
|
||||
port = 5300;
|
||||
#model = "tts_models/en/ljspeech/tacotron2-DDC";
|
||||
model = "tts_models/en/ljspeech/vits";
|
||||
};
|
||||
german = {
|
||||
enable = true;
|
||||
port = 5301;
|
||||
#model = "tts_models/de/thorsten/tacotron2-DDC";
|
||||
model = "tts_models/de/thorsten/vits";
|
||||
};
|
||||
};
|
||||
};
|
||||
# fixes some issues
|
||||
systemd.services.tts-german.serviceConfig.RestrictAddressFamilies = [
|
||||
"AF_UNIX"
|
||||
];
|
||||
systemd.services.tts-english.serviceConfig.RestrictAddressFamilies = [
|
||||
"AF_UNIX"
|
||||
];
|
||||
|
||||
services.nginx = {
|
||||
recommendedProxySettings = true;
|
||||
enable = true;
|
||||
virtualHosts."tts.${config.networking.hostName}.private" = {
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.english.port}";
|
||||
};
|
||||
virtualHosts."en.tts.${config.networking.hostName}.private" = {
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.english.port}";
|
||||
};
|
||||
virtualHosts."de.tts.${config.networking.hostName}.private" = {
|
||||
locations."/".proxyPass = "http://localhost:${toString config.services.tts.servers.german.port}";
|
||||
};
|
||||
};
|
||||
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,162 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
obs-cmd = pkgs.unstable.rustPlatform.buildRustPackage
|
||||
rec {
|
||||
pname = "obs-cmd";
|
||||
version = "v0.15.2";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "grigio";
|
||||
repo = "obs-cmd";
|
||||
rev = version;
|
||||
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
|
||||
#cargoSha256 = fakeSha256;
|
||||
|
||||
meta = with lib; {
|
||||
description = "a minimal obs CLI for obs-websocket v5";
|
||||
homepage = "https://github.com/grigio/obs-cmd";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.mrVanDalo ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
};
|
||||
|
||||
# Lassulus streaming setup
|
||||
# -------------------------
|
||||
# ffmpeg \
|
||||
# -f pulse \
|
||||
# -i default \
|
||||
# -vaapi_device /dev/dri/renderD128 \
|
||||
# -f x11grab \
|
||||
# -video_size 1366x768 \
|
||||
# -i :0 \
|
||||
# -vf 'hwupload,scale_vaapi=format=nv12' \
|
||||
# -c:v h264_vaapi \
|
||||
# -c:a aac \
|
||||
# -b:a 96k \
|
||||
# -af "highpass=f=200, lowpass=f=3000" \
|
||||
# -qp 30 \
|
||||
# -f flv \
|
||||
# rtmp://lassul.us:1935/stream/nixos \
|
||||
# ./rc3-output-$(date +%d%H%M%S).mp4
|
||||
#
|
||||
# Dann abspielen mit :
|
||||
# mpv rtmp://lassul.us:1935/stream/nixos
|
||||
|
||||
# show keyboard input on desktop for screencasts
|
||||
screenKey = pkgs.symlinkJoin {
|
||||
name = "screen-keys";
|
||||
paths =
|
||||
let
|
||||
screenKeyScript = { position ? "bottom", size ? "small", ... }:
|
||||
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
|
||||
''
|
||||
${pkgs.screenkey}/bin/screenkey \
|
||||
--no-detach \
|
||||
--bg-color '#fdf6e3' \
|
||||
--font-color '#073642' \
|
||||
-p ${position} \
|
||||
-s ${size} \
|
||||
"$@"
|
||||
'';
|
||||
in
|
||||
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
|
||||
lib.flip map [ "top" "center" "bottom" ]
|
||||
(position: screenKeyScript { inherit size position; })));
|
||||
};
|
||||
|
||||
|
||||
mpvReview =
|
||||
let
|
||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
||||
tmp_dir = "${dir}"
|
||||
|
||||
function move_current_track_${key}()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||
mp.command("playlist-next")
|
||||
end
|
||||
|
||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||
'';
|
||||
delete = moveToDir "D" "./.graveyard";
|
||||
good = moveToDir "G" "./.good";
|
||||
in
|
||||
pkgs.writers.writeDashBin "mpv-review" ''
|
||||
exec ${pkgs.mpv}/bin/mpv --no-config --script=${delete} --script=${good} "$@"
|
||||
'';
|
||||
|
||||
alphaSafe = pkgs.writers.writeBashBin "alpha-safe" ''
|
||||
export PATH=${pkgs.gnused}/bin:$PATH
|
||||
echo "$1" | sed 's/[^a-zA-Z0-9]/-/g' | sed 's/--/-/g' | sed 's/-$//g'
|
||||
'';
|
||||
|
||||
sanitizeFolder = pkgs.writers.writeBashBin "sanitize-folder" (fileContents ./sanitize_folder.sh);
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
options.components.media.video.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.media.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.media.video.enable) {
|
||||
|
||||
|
||||
home-manager.sharedModules = [
|
||||
{
|
||||
programs.obs-studio = {
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [
|
||||
obs-backgroundremoval
|
||||
obs-vaapi
|
||||
];
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
|
||||
boot.kernelModules = [ "v4l2loopback" ];
|
||||
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
unstable.youtube-dl
|
||||
unstable.yt-dlp
|
||||
mplayer
|
||||
mpv
|
||||
mpvReview
|
||||
|
||||
# sanitazion
|
||||
alphaSafe
|
||||
sanitizeFolder
|
||||
|
||||
|
||||
# obs studio stuff
|
||||
unstable.obs-cli
|
||||
v4l-utils
|
||||
obs-cmd
|
||||
|
||||
# to record your screen
|
||||
# ---------------------
|
||||
simplescreenrecorder
|
||||
screenKey
|
||||
#obs-studio
|
||||
|
||||
# to transcode video material
|
||||
# ---------------------------
|
||||
handbrake
|
||||
ffmpeg-full
|
||||
|
||||
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
imports = [ ./default.nix ];
|
||||
|
||||
options.components.monitor.container.promtail.port = mkOption {
|
||||
type = int;
|
||||
};
|
||||
|
||||
config = {
|
||||
components.monitor.enable = mkDefault true;
|
||||
components.monitor.metrics.enable = mkDefault false;
|
||||
components.monitor.promtail.port = config.components.monitor.container.promtail.port;
|
||||
components.monitor.opentelemetry.exporter.endpoint = mkDefault "127.0.0.1:4317";
|
||||
};
|
||||
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
|
||||
options.components.monitor = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
};
|
||||
metrics.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.enable;
|
||||
};
|
||||
logs.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.enable;
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
./logs-promtail.nix
|
||||
./metrics-export-zfs.nix
|
||||
./metrics-netdata.nix
|
||||
./metrics-prometheus.nix
|
||||
./metrics-telegraf.nix
|
||||
./opentelemetry.nix
|
||||
];
|
||||
|
||||
config = mkIf config.components.monitor.enable { };
|
||||
|
||||
}
|
|
@ -1,177 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.promtail;
|
||||
in
|
||||
{
|
||||
options.components.monitor.promtail = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.logs.enable;
|
||||
};
|
||||
port = mkOption {
|
||||
type = int;
|
||||
default = 3500;
|
||||
description = "port to provide promtail export";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf config.components.monitor.promtail.enable {
|
||||
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.loki = {
|
||||
protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
|
||||
use_incoming_timestamp = true;
|
||||
};
|
||||
service.pipelines.logs.receivers = [ "loki" ];
|
||||
};
|
||||
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server. disable = true;
|
||||
positions.filename = "/var/cache/promtail/positions.yaml";
|
||||
|
||||
clients = [
|
||||
{ url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
|
||||
];
|
||||
|
||||
scrape_configs =
|
||||
|
||||
let
|
||||
_replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
|
||||
_elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
|
||||
_if = index: ''{{ if eq .Value "${toString index}" }}'';
|
||||
_end = ''{{ end }}'';
|
||||
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
|
||||
ifblock = index: replacement: "${_if index}${_replace index replacement}";
|
||||
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
|
||||
in
|
||||
[
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
json = true;
|
||||
max_age = "12h";
|
||||
labels.job = "systemd-journal";
|
||||
};
|
||||
pipeline_stages = [
|
||||
{
|
||||
# Set of key/value pairs of JMESPath expressions. The key will be
|
||||
# the key in the extracted data while the expression will be the value,
|
||||
# evaluated as a JMESPath from the source data.
|
||||
json.expressions = {
|
||||
# journalctl -o json | jq and you'll see these
|
||||
boot_id = "_BOOT_ID";
|
||||
facility = "SYSLOG_FACILITY";
|
||||
facility_label = "SYSLOG_FACILITY";
|
||||
instance = "_HOSTNAME";
|
||||
msg = "MESSAGE";
|
||||
priority = "PRIORITY";
|
||||
priority_label = "PRIORITY";
|
||||
transport = "_TRANSPORT";
|
||||
unit = "_SYSTEMD_UNIT";
|
||||
# coredump
|
||||
#coredump_cgroup = "COREDUMP_CGROUP";
|
||||
#coredump_exe = "COREDUMP_EXE";
|
||||
#coredump_cmdline = "COREDUMP_CMDLINE";
|
||||
#coredump_uid = "COREDUMP_UID";
|
||||
#coredump_gid = "COREDUMP_GID";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Set the unit (defaulting to the transport like audit and kernel)
|
||||
template = {
|
||||
source = "unit";
|
||||
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
|
||||
replace = {
|
||||
source = "unit";
|
||||
expression = "^(session-\\d+.scope)$";
|
||||
replace = "session.scope";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Map priority to human readable
|
||||
template = {
|
||||
source = "priority_label";
|
||||
#template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
|
||||
template = createTemplateLine [
|
||||
"emergency"
|
||||
"alert"
|
||||
"critical"
|
||||
"error"
|
||||
"warning"
|
||||
"notice"
|
||||
"info"
|
||||
"debug"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
# Map facility to human readable
|
||||
template =
|
||||
{
|
||||
source = "facility_label";
|
||||
template = createTemplateLine [
|
||||
"kern" # Kernel messages
|
||||
"user" # User-level messages
|
||||
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
|
||||
"daemon" # System daemons All daemons, including systemd and its subsystems
|
||||
"auth" # Security/authorization messages Also watch for different facility 10
|
||||
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
|
||||
"lpr" # Line printer subsystem (archaic subsystem)
|
||||
"news" # Network news subsystem (archaic subsystem)
|
||||
"uucp" # UUCP subsystem (archaic subsystem)
|
||||
"clock" # Clock daemon systemd-timesyncd
|
||||
"authpriv" # Security/authorization messages Also watch for different facility 4
|
||||
"ftp" # FTP daemon
|
||||
"-" # NTP subsystem
|
||||
"-" # Log audit
|
||||
"-" # Log alert
|
||||
"cron" # Scheduling daemon
|
||||
"local0" # Local use 0 (local0)
|
||||
"local1" # Local use 1 (local1)
|
||||
"local2" # Local use 2 (local2)
|
||||
"local3" # Local use 3 (local3)
|
||||
"local4" # Local use 4 (local4)
|
||||
"local5" # Local use 5 (local5)
|
||||
"local6" # Local use 6 (local6)
|
||||
"local7" # Local use 7 (local7)
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
# Key is REQUIRED and the name for the label that will be created.
|
||||
# Value is optional and will be the name from extracted data whose value
|
||||
# will be used for the value of the label. If empty, the value will be
|
||||
# inferred to be the same as the key.
|
||||
labels = {
|
||||
boot_id = "";
|
||||
facility = "";
|
||||
facility_label = "";
|
||||
instance = "";
|
||||
priority = "";
|
||||
priority_label = "";
|
||||
transport = "";
|
||||
unit = "";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Write the proper message instead of JSON
|
||||
output.source = "msg";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
options.components.monitor.exporters.zfs.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf config.components.monitor.exporters.zfs.enable {
|
||||
|
||||
services.telegraf.extraConfig.inputs.zfs = { };
|
||||
|
||||
services.prometheus.exporters.zfs.enable = true;
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.prometheus.config.scrape_configs = [
|
||||
{
|
||||
job_name = "zfs";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
service.pipelines.metrics.receivers = [ "prometheus" ];
|
||||
};
|
||||
|
||||
})
|
||||
];
|
||||
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
options.components.monitor.netdata = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.components.monitor.netdata.enable {
|
||||
|
||||
# netdata sink
|
||||
services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
|
||||
{
|
||||
job_name = "netdata";
|
||||
scrape_interval = "10s";
|
||||
metrics_path = "/api/v1/allmetrics";
|
||||
params.format = [ "prometheus" ];
|
||||
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
|
||||
}
|
||||
];
|
||||
|
||||
# https://docs.netdata.cloud/daemon/config/
|
||||
services.netdata = {
|
||||
enable = lib.mkDefault true;
|
||||
config = {
|
||||
global = {
|
||||
"memory mode" = "ram";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.prometheus;
|
||||
in
|
||||
{
|
||||
options.components.monitor.prometheus = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
port = mkOption {
|
||||
type = int;
|
||||
default = 8090;
|
||||
description = "port to provide Prometheus export";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf config.components.monitor.prometheus.enable {
|
||||
services.prometheus = {
|
||||
checkConfig = "syntax-only";
|
||||
enable = true;
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf config.components.monitor.prometheus.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
|
||||
service.pipelines.metrics.exporters = [ "prometheus" ];
|
||||
};
|
||||
services.prometheus.scrapeConfigs = [
|
||||
{
|
||||
job_name = "opentelemetry";
|
||||
metrics_path = "/metrics";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
|
||||
}
|
||||
];
|
||||
})
|
||||
|
||||
];
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.telegraf;
|
||||
in
|
||||
{
|
||||
options.components.monitor.telegraf = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
influxDBPort = mkOption {
|
||||
type = int;
|
||||
default = 8088;
|
||||
description = "Port to listen on influxDB input";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(mkIf config.components.monitor.telegraf.enable {
|
||||
# opentelemetry wireing
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
|
||||
service.pipelines.metrics.receivers = [ "influxdb" ];
|
||||
};
|
||||
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
|
||||
})
|
||||
|
||||
(mkIf config.components.monitor.telegraf.enable {
|
||||
|
||||
systemd.services.telegraf.path = [ pkgs.inetutils ];
|
||||
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
|
||||
inputs = {
|
||||
cpu = { };
|
||||
diskio = { };
|
||||
processes = { };
|
||||
system = { };
|
||||
systemd_units = { };
|
||||
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,200 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.opentelemetry;
|
||||
in
|
||||
{
|
||||
options.components.monitor.opentelemetry = {
|
||||
receiver.endpoint = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = "endpoint to receive the opentelementry data from other collectors";
|
||||
};
|
||||
exporter.endpoint = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = "endpoint to ship opentelementry data too";
|
||||
};
|
||||
exporter.debug = mkOption {
|
||||
type = nullOr (enum [ "logs" "metrics" ]);
|
||||
default = null;
|
||||
description = "enable debug exporter.";
|
||||
};
|
||||
metrics.endpoint = mkOption {
|
||||
type = str;
|
||||
default = "127.0.0.1:8100";
|
||||
description = "endpoint on where to provide opentelementry metrics";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf config.components.monitor.enable {
|
||||
services.opentelemetry-collector = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.opentelemetry-collector-contrib;
|
||||
};
|
||||
})
|
||||
|
||||
# add default tags to metrics
|
||||
# todo : make sure we filter out metrics from otlp receivers
|
||||
(mkIf config.components.monitor.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
|
||||
processors = {
|
||||
|
||||
# https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
|
||||
"resourcedetection/system" = {
|
||||
detectors = [ "system" ];
|
||||
override = false;
|
||||
system.hostname_sources = [ "os" ];
|
||||
};
|
||||
|
||||
metricstransform.transforms = [
|
||||
{
|
||||
include = ".*";
|
||||
match_type = "regexp";
|
||||
action = "update";
|
||||
operations = [{
|
||||
action = "add_label";
|
||||
new_label = "machine";
|
||||
new_value = config.networking.hostName;
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
(mkIf config.components.monitor.metrics.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.processors = [
|
||||
"metricstransform"
|
||||
"resourcedetection/system"
|
||||
];
|
||||
};
|
||||
})
|
||||
(mkIf config.components.monitor.logs.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.processors = [ "resourcedetection/system" ];
|
||||
};
|
||||
})
|
||||
|
||||
|
||||
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.debug = {
|
||||
verbosity = "detailed";
|
||||
sampling_initial = 5;
|
||||
sampling_thereafter = 200;
|
||||
};
|
||||
service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
|
||||
exporters = [ "debug" ];
|
||||
};
|
||||
|
||||
};
|
||||
})
|
||||
|
||||
# ship to next instance
|
||||
(mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.otlp = {
|
||||
endpoint = cfg.exporter.endpoint;
|
||||
tls.insecure = true;
|
||||
};
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
||||
config.components.monitor.logs.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.exporters = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
||||
config.components.monitor.metrics.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.exporters = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
|
||||
# ship from other instance
|
||||
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
||||
config.components.monitor.logs.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.receivers = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
||||
config.components.monitor.metrics.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.receivers = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
|
||||
|
||||
|
||||
# scrape opentelemetry-colectors metrics
|
||||
# todo: this should be collected another way (opentelemetry internal?)
|
||||
# todo : enable me only when metrics.endpoint is set.
|
||||
(mkIf config.components.monitor.metrics.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers = {
|
||||
prometheus.config.scrape_configs = [
|
||||
{
|
||||
job_name = "otelcol";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{
|
||||
targets = [ cfg.metrics.endpoint ];
|
||||
}];
|
||||
metric_relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__name__" ];
|
||||
regex = ".*grpc_io.*";
|
||||
action = "drop";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
service = {
|
||||
pipelines.metrics = {
|
||||
receivers = [ "prometheus" ];
|
||||
};
|
||||
|
||||
# todo : this should be automatically be collected
|
||||
# open telemetries own metrics?
|
||||
telemetry.metrics.address = cfg.metrics.endpoint;
|
||||
};
|
||||
|
||||
};
|
||||
})
|
||||
(mkIf (! config.components.monitor.metrics.enable) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.telemetry.metrics.level = "none";
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
}
|
|
@ -1,23 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
|
||||
# true => ping chungus working
|
||||
# false => ping chungus not working
|
||||
services.resolved = {
|
||||
llmnr = "false";
|
||||
#extraConfig = "mDNS=false";
|
||||
};
|
||||
|
||||
#systemd.services.systemd-resolved.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
|
||||
|
||||
#services.avahi.enable = false;
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
nssmdns = true;
|
||||
extraConfig = ''
|
||||
[server]
|
||||
disallow-other-stacks=yes
|
||||
'';
|
||||
interfaces = [ "tinc.private" ];
|
||||
};
|
||||
}
|
|
@ -1,24 +1,8 @@
|
|||
{ pkgs, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{ ... }:
|
||||
{
|
||||
options.components.network = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
#./avahi.nix
|
||||
./hosts.nix
|
||||
./nginx.nix
|
||||
./sshd
|
||||
./syncthing.nix
|
||||
./tinc
|
||||
./wifi.nix
|
||||
./wireguard.nix
|
||||
./hosts.nix
|
||||
];
|
||||
|
||||
config = mkIf config.components.network.enable { };
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
networking.extraHosts = ''
|
||||
192.168.0.24 scanner
|
||||
144.76.13.147 robi
|
||||
95.216.66.212 orbi
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,279 +0,0 @@
|
|||
{ config, lib, pkgs, assets, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.network.nginx.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.network.enable;
|
||||
};
|
||||
|
||||
options.components.network.nginx.landingpage.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.network.nginx.enable;
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf (config.components.network.nginx.enable) {
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.nginx-config-formatter
|
||||
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
|
||||
(lib.fileContents "${assets}/nginx-show-config.py"))
|
||||
];
|
||||
|
||||
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
||||
security.acme.acceptTerms = true;
|
||||
|
||||
services.nginx = {
|
||||
|
||||
# Use recommended settings
|
||||
recommendedGzipSettings = lib.mkDefault true;
|
||||
recommendedOptimisation = lib.mkDefault true;
|
||||
recommendedProxySettings = lib.mkDefault true;
|
||||
recommendedTlsSettings = lib.mkDefault true;
|
||||
|
||||
# for loki logging
|
||||
commonHttpConfig = ''
|
||||
log_format logfmt
|
||||
'timestamp="$time_iso8601" '
|
||||
'facility="nginx" '
|
||||
'src_addr="$remote_addr" '
|
||||
'body_bytes_sent="$body_bytes_sent" '
|
||||
'request_time="$request_time" '
|
||||
'response_status="$status" '
|
||||
'request_method="$request_method" '
|
||||
'request="$request" '
|
||||
'host="$host" '
|
||||
'upstream_cache_status="$upstream_cache_status" '
|
||||
'upstream_addr="$upstream_addr" '
|
||||
'http_x_forwarded_for="$http_x_forwarded_for" '
|
||||
'http_referrer="$http_referer" '
|
||||
'http_user_agent="$http_user_agent" ';
|
||||
|
||||
log_format json_combined escape=json
|
||||
'{'
|
||||
'"time_local":"$time_local",'
|
||||
'"remote_addr":"$remote_addr",'
|
||||
'"remote_user":"$remote_user",'
|
||||
'"request":"$request",'
|
||||
'"status": "$status",'
|
||||
'"body_bytes_sent":"$body_bytes_sent",'
|
||||
'"request_time":"$request_time",'
|
||||
'"http_referrer":"$http_referer",'
|
||||
'"http_user_agent":"$http_user_agent"'
|
||||
'}';
|
||||
|
||||
# log to local journald
|
||||
access_log syslog:server=unix:/dev/log,nohostname logfmt;
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
services.nginx.package = pkgs.nginxMainline;
|
||||
|
||||
})
|
||||
|
||||
(mkIf (config.components.network.nginx.landingpage.enable) {
|
||||
|
||||
services.nginx.virtualHosts."${config.networking.hostName}.private" = {
|
||||
default = lib.mkDefault true;
|
||||
locations."/" = {
|
||||
root = pkgs.landingpage.override {
|
||||
|
||||
|
||||
jsonConfig = [
|
||||
{ title = "System Links"; }
|
||||
{
|
||||
text = "Syncthings";
|
||||
items = map
|
||||
({ name, host ? "${name}.private", ... }: {
|
||||
label = name;
|
||||
href = "http://${host}:8384/";
|
||||
image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
|
||||
})
|
||||
(lib.flatten (lib.mapAttrsToList (name: { ... }: { inherit name; })
|
||||
config.services.tinc.networks."private".hostSettings));
|
||||
}
|
||||
{
|
||||
text = "robi";
|
||||
items = [
|
||||
{
|
||||
label = "Jellyfin";
|
||||
href = "http://flix.ingolf-wagner.de/";
|
||||
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "netdata";
|
||||
href = "http://robi.private:19999/";
|
||||
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "logs";
|
||||
href = "http://grafana.robi.private/explore";
|
||||
image = "https://raw.githubusercontent.com/cncf/landscape/master/hosted_logos/grafana-loki.svg";
|
||||
}
|
||||
{
|
||||
label = "grafana";
|
||||
href = "http://grafana.robi.private/";
|
||||
image = "https://www.vectorlogo.zone/logos/grafana/grafana-icon.svg";
|
||||
}
|
||||
{
|
||||
label = "prometheus";
|
||||
href = "http://prometheus.robi.private/";
|
||||
image = "https://www.vectorlogo.zone/logos/prometheusio/prometheusio-icon.svg";
|
||||
}
|
||||
|
||||
];
|
||||
}
|
||||
{
|
||||
text = "chungus";
|
||||
items = [
|
||||
{
|
||||
label = "HomeAssistant";
|
||||
href = "http://chungus.private:8123/";
|
||||
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Zigbee2Mqtt";
|
||||
href = "http://chungus.private:9666/";
|
||||
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Flix";
|
||||
href = "http://chungus:8096/";
|
||||
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "netdata";
|
||||
href = "http://chungus.private:19999/";
|
||||
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "logs";
|
||||
href = "http://grafana.chungus.private/explore";
|
||||
image = "https://raw.githubusercontent.com/cncf/landscape/master/hosted_logos/grafana-loki.svg";
|
||||
}
|
||||
{
|
||||
label = "grafana";
|
||||
href = "http://grafana.chungus.private/";
|
||||
image = "https://www.vectorlogo.zone/logos/grafana/grafana-icon.svg";
|
||||
}
|
||||
{
|
||||
label = "prometheus";
|
||||
href = "http://prometheus.chungus.private/";
|
||||
image = "https://www.vectorlogo.zone/logos/prometheusio/prometheusio-icon.svg";
|
||||
}
|
||||
{
|
||||
label = "Kitchen";
|
||||
href = "http://192.168.178.101/";
|
||||
image = "https://i.giphy.com/3o7TKsrMIW65QT7VWo.webp";
|
||||
}
|
||||
{
|
||||
label = "Living Room";
|
||||
href = "http://192.168.178.102/";
|
||||
image = "https://i.giphy.com/3o7TKsrMIW65QT7VWo.webp";
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
title = "Various Links";
|
||||
items = [
|
||||
{
|
||||
label = "Terrapen";
|
||||
href = "http://192.168.178.31/";
|
||||
image = "https://i.giphy.com/W08brEWFt7EpA5y2jI.webp";
|
||||
}
|
||||
{
|
||||
label = "NeverSSL";
|
||||
href = "https://oldslowfreshlight.neverssl.com/";
|
||||
image = "https://media.giphy.com/media/fyLi0OuWysotq/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Hetzner Cloud";
|
||||
href = "https://console.hetzner.cloud/projects";
|
||||
image =
|
||||
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Pass the Popcorn";
|
||||
href = "https://passthepopcorn.me/";
|
||||
image =
|
||||
"https://media.giphy.com/media/NipFetnQOuKhW/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "redacted";
|
||||
href = "https://redacted.ch/";
|
||||
image =
|
||||
"https://media.giphy.com/media/ku5EcFe4PNGWA/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Cups";
|
||||
href = "http://localhost:631/";
|
||||
image =
|
||||
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
text = "NixOS Links";
|
||||
items = [
|
||||
{
|
||||
label = "NixOS Manual";
|
||||
href = "https://nixos.org/nixos/manual/";
|
||||
image =
|
||||
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Nixpkgs Manual";
|
||||
href = "https://nixos.org/nixpkgs/manual/";
|
||||
image =
|
||||
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Reference";
|
||||
href =
|
||||
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
|
||||
image =
|
||||
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Nix Packages";
|
||||
href = "https://nixos.org/nixos/packages.html";
|
||||
image =
|
||||
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Language specific helpers";
|
||||
href =
|
||||
"https://nixos.wiki/wiki/Language-specific_package_helpers";
|
||||
image =
|
||||
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Weekly";
|
||||
href = "https://weekly.nixos.org/";
|
||||
image =
|
||||
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Security";
|
||||
href = "https://broken.sh/";
|
||||
image =
|
||||
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS RFCs";
|
||||
href = "https://github.com/NixOS/rfcs/";
|
||||
image =
|
||||
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
|
||||
}
|
||||
];
|
||||
}
|
||||
{ urlEncode = true; }
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,60 +1,35 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
with types;
|
||||
|
||||
let
|
||||
cfg = config.component.network.sshd;
|
||||
defaultRootKeyFiles = [ (toString ../../../assets/ssh/palo_rsa.pub) ];
|
||||
cfg = config.components.network.sshd;
|
||||
|
||||
# maybe ascii-image-converter is also nice here
|
||||
sshBanner = pkgs.runCommand "ssh-banner"
|
||||
{
|
||||
nativeBuildInputs = [
|
||||
(pkgs.boxes.overrideAttrs (old: rec {
|
||||
version = "2.3.0";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ascii-boxes";
|
||||
repo = "boxes";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-/gc/5vDflmEwOtQbtLwRcchyr22rLQcWqs5GrwRxY70=";
|
||||
};
|
||||
nativeBuildInputs = old.nativeBuildInputs ++ [
|
||||
pkgs.libunistring
|
||||
pkgs.pcre2
|
||||
pkgs.ncurses
|
||||
];
|
||||
installPhase = ''
|
||||
install -Dm755 -t $out/bin out/boxes
|
||||
install -Dm644 -t $out/share/boxes boxes-config
|
||||
install -Dm644 -t $out/share/man/man1 doc/boxes.1
|
||||
'';
|
||||
}))
|
||||
];
|
||||
} ''
|
||||
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
|
||||
'';
|
||||
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
imports = [
|
||||
./known-hosts-bootup.nix
|
||||
./known-hosts-private.nix
|
||||
./known-hosts-public.nix
|
||||
];
|
||||
|
||||
options.components.network.sshd = {
|
||||
options.component.network.sshd = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
description = "add ssh tools";
|
||||
};
|
||||
rootKeyFiles = mkOption {
|
||||
type = with types; listOf path;
|
||||
default = [ ];
|
||||
description = "keys to root login";
|
||||
};
|
||||
sshguard.enable = mkOption {
|
||||
tools.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.network.sshd.enable;
|
||||
default = true;
|
||||
description = "add ssh tools";
|
||||
};
|
||||
onlyTincAccess = mkOption {
|
||||
type = bool;
|
||||
|
@ -67,28 +42,36 @@ in
|
|||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf cfg.enable {
|
||||
(mkIf cfg.tools.enable {
|
||||
environment.systemPackages = [ pkgs.sshfs ];
|
||||
})
|
||||
|
||||
environment.systemPackages = [
|
||||
pkgs.sshfs
|
||||
pkgs.mosh
|
||||
];
|
||||
(mkIf cfg.enable {
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.X11Forwarding = false;
|
||||
settings.PasswordAuthentication = false;
|
||||
forwardX11 = false;
|
||||
passwordAuthentication = false;
|
||||
};
|
||||
|
||||
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
|
||||
users.users.root.openssh.authorizedKeys.keyFiles =
|
||||
cfg.rootKeyFiles ++ defaultRootKeyFiles;
|
||||
|
||||
services.openssh.banner = builtins.readFile sshBanner;
|
||||
services.openssh.extraConfig = ''
|
||||
Banner /etc/ssh/banner-line
|
||||
'';
|
||||
|
||||
})
|
||||
environment.etc."ssh/banner-line".text =
|
||||
let
|
||||
text = config.networking.hostName;
|
||||
size = 80 - (lib.stringLength text);
|
||||
space = lib.fixedWidthString size " " "";
|
||||
in
|
||||
''
|
||||
────────────────────────────────────────────────────────────────────────────────
|
||||
${space}${text}
|
||||
'';
|
||||
|
||||
(mkIf cfg.sshguard.enable {
|
||||
environment.systemPackages = [ pkgs.ipset ];
|
||||
services.sshguard.enable = lib.mkDefault true;
|
||||
})
|
||||
|
||||
(mkIf (cfg.onlyTincAccess && cfg.enable) {
|
||||
|
|
|
@ -8,78 +8,56 @@ let
|
|||
# SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a";
|
||||
};
|
||||
chungus = {
|
||||
onionId = fileContents "${private_assets}/onion_id_chungus";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
config = mkIf (config.components.network.sshd.enable) {
|
||||
services.openssh.knownHosts = {
|
||||
"robi-init-ssh" = {
|
||||
hostNames = [
|
||||
"[robi]:2222"
|
||||
"[144.76.13.147]:2222"
|
||||
];
|
||||
# SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";
|
||||
};
|
||||
} // (mapAttrs'
|
||||
(name:
|
||||
{ onionId, publicKey, ... }: {
|
||||
name = "${name}-init-ssh";
|
||||
value = {
|
||||
hostNames = [ "[${onionId}]:2222" ];
|
||||
inherit publicKey;
|
||||
};
|
||||
})
|
||||
computers);
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
"robi-init-ssh" = {
|
||||
hostNames = [
|
||||
"[robi]:2222"
|
||||
"[144.76.13.147]:2222"
|
||||
];
|
||||
# SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";
|
||||
};
|
||||
} // (mapAttrs'
|
||||
(name:
|
||||
{ onionId, publicKey, ... }: {
|
||||
name = "${name}-init-ssh";
|
||||
value = {
|
||||
hostNames = [ "[${onionId}]:2222" ];
|
||||
inherit publicKey;
|
||||
};
|
||||
})
|
||||
computers);
|
||||
environment.systemPackages =
|
||||
let
|
||||
|
||||
environment.systemPackages =
|
||||
let
|
||||
ssh = mapAttrsToList
|
||||
(name:
|
||||
{ onionId, ... }:
|
||||
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
|
||||
'')
|
||||
computers;
|
||||
|
||||
sshTor = mapAttrsToList
|
||||
(name:
|
||||
{ onionId, ... }:
|
||||
pkgs.writers.writeDashBin "ssh-boot-to-${name}-via-tor" ''
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
|
||||
'')
|
||||
computers;
|
||||
password = mapAttrsToList
|
||||
(name:
|
||||
{ onionId, ... }:
|
||||
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '
|
||||
echo -n "enter password : "
|
||||
read password
|
||||
echo "$password" > /crypt-ramfs/passphrase
|
||||
'
|
||||
'')
|
||||
computers;
|
||||
|
||||
passwordTor = mapAttrsToList
|
||||
(name:
|
||||
{ onionId, ... }:
|
||||
pkgs.writers.writeDashBin "unlock-boot-${name}-via-tor" ''
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '
|
||||
echo -n "enter password : "
|
||||
read password
|
||||
echo "$password" > /crypt-ramfs/passphrase
|
||||
'
|
||||
'')
|
||||
computers;
|
||||
in
|
||||
ssh ++ password;
|
||||
|
||||
unlockInit = mapAttrsToList
|
||||
(name:
|
||||
{ public_ip, ... }:
|
||||
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
|
||||
${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 '
|
||||
echo -n "enter password : "
|
||||
read password
|
||||
echo "$password" | systemctl default
|
||||
'
|
||||
'')
|
||||
{
|
||||
orbi = {
|
||||
public_ip = "95.216.66.212";
|
||||
};
|
||||
};
|
||||
|
||||
in
|
||||
sshTor ++ passwordTor ++ unlockInit;
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -0,0 +1,64 @@
|
|||
# generated by updateSshKeys.sh
|
||||
{ config, lib, ... }: {
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
#"robi_init" = {
|
||||
# hostNames = [
|
||||
# "robi:2222"
|
||||
# "144.76.13.147:2222"
|
||||
# ];
|
||||
# fingerprints
|
||||
# 256 SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g root@rescue (ED25519)
|
||||
# 3072 SHA256:KBVMQLNWaDpzlCZERN9OeEDFAhUoADOZRfenXWHxswU root@rescue (RSA)
|
||||
# publicKey = "";
|
||||
#};
|
||||
"robi" = {
|
||||
hostNames = [
|
||||
"robi.private"
|
||||
"robi"
|
||||
"144.76.13.147"
|
||||
"git.ingolf-wagner.de"
|
||||
"taskd.ingolf-wagner.de"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
|
||||
};
|
||||
"sternchen.secret" = {
|
||||
hostNames = [
|
||||
"sternchen.secret"
|
||||
config.module.cluster.services.tinc.secret.hosts.sternchen.tincIp
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
|
||||
};
|
||||
"sterni.private" = {
|
||||
hostNames = [
|
||||
"sterni.private"
|
||||
"sterni.secret"
|
||||
config.module.cluster.services.tinc.private.hosts.sterni.tincIp
|
||||
config.module.cluster.services.tinc.secret.hosts.sterni.tincIp
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
||||
};
|
||||
"pepe.private" = {
|
||||
hostNames = [
|
||||
"pepe.private"
|
||||
"pepe.lan"
|
||||
config.module.cluster.services.tinc.private.hosts.pepe.tincIp
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
||||
};
|
||||
"bobi.private" = {
|
||||
hostNames = [
|
||||
"bobi.private"
|
||||
config.module.cluster.services.tinc.private.hosts.bobi.tincIp
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
|
||||
};
|
||||
"mobi.private" = {
|
||||
hostNames = [
|
||||
"mobi.private"
|
||||
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,94 +1,95 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
config = mkIf (config.components.network.sshd.enable) {
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
github = {
|
||||
hostNames = [
|
||||
"*.github.com"
|
||||
# List generated with
|
||||
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
|
||||
"192.30.252.*"
|
||||
"192.30.253.*"
|
||||
"192.30.254.*"
|
||||
"192.30.255.*"
|
||||
"185.199.108.*"
|
||||
"185.199.109.*"
|
||||
"185.199.110.*"
|
||||
"185.199.111.*"
|
||||
"13.229.188.59"
|
||||
"13.250.177.223"
|
||||
"18.194.104.89"
|
||||
"18.195.85.27"
|
||||
"35.159.8.160"
|
||||
"52.74.223.119"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
|
||||
};
|
||||
gitlab = {
|
||||
hostNames = [ "gitlab.com" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
|
||||
};
|
||||
gitlab-bk = {
|
||||
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
|
||||
};
|
||||
# space-left
|
||||
gitlabSpaceLeft = {
|
||||
hostNames = [ "git.space-left.org" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
|
||||
};
|
||||
# c-base
|
||||
"bnd-cbase" = {
|
||||
hostNames = [ "bnd.cbrp3.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
|
||||
};
|
||||
"shell.cbase" = {
|
||||
hostNames = [ "shell.c-base.org" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
|
||||
};
|
||||
"kgb.cbase" = {
|
||||
hostNames = [ "kgb.cbrp3.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
|
||||
};
|
||||
"cns.cbase" = {
|
||||
hostNames = [ "cns.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
|
||||
};
|
||||
"lassulus" = {
|
||||
hostNames = [ "[lassul.us]:45621" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
};
|
||||
renoise = {
|
||||
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
|
||||
};
|
||||
git-renoise = {
|
||||
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
|
||||
publicKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
|
||||
};
|
||||
"siteground" = {
|
||||
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
|
||||
};
|
||||
"cracksucht.de" = {
|
||||
hostNames = [ "cracksucht.de" ];
|
||||
publicKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
|
||||
};
|
||||
services.openssh.knownHosts = {
|
||||
github = {
|
||||
hostNames = [
|
||||
"*.github.com"
|
||||
# List generated with
|
||||
# curl -sS https://api.github.com/meta | jq -r .git[] | cidr2glob
|
||||
"192.30.252.*"
|
||||
"192.30.253.*"
|
||||
"192.30.254.*"
|
||||
"192.30.255.*"
|
||||
"185.199.108.*"
|
||||
"185.199.109.*"
|
||||
"185.199.110.*"
|
||||
"185.199.111.*"
|
||||
"13.229.188.59"
|
||||
"13.250.177.223"
|
||||
"18.194.104.89"
|
||||
"18.195.85.27"
|
||||
"35.159.8.160"
|
||||
"52.74.223.119"
|
||||
];
|
||||
publicKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
|
||||
};
|
||||
gitlab = {
|
||||
hostNames = [ "gitlab.com" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
|
||||
};
|
||||
gitlab-bk = {
|
||||
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
|
||||
};
|
||||
# space-left
|
||||
gitlabSpaceLeft = {
|
||||
hostNames = [ "git.space-left.org" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
|
||||
};
|
||||
# c-base
|
||||
"bnd-cbase" = {
|
||||
hostNames = [ "bnd.cbrp3.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
|
||||
};
|
||||
"shell.cbase" = {
|
||||
hostNames = [ "shell.c-base.org" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
|
||||
};
|
||||
"kgb.cbase" = {
|
||||
hostNames = [ "kgb.cbrp3.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
|
||||
};
|
||||
"cns.cbase" = {
|
||||
hostNames = [ "cns.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
|
||||
};
|
||||
"lassulus" = {
|
||||
hostNames = [ "[lassul.us]:45621" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||
};
|
||||
renoise = {
|
||||
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
|
||||
};
|
||||
git-renoise = {
|
||||
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
|
||||
publicKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
|
||||
};
|
||||
"siteground" = {
|
||||
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
|
||||
};
|
||||
"cracksucht.de" = {
|
||||
hostNames = [ "cracksucht.de" ];
|
||||
publicKey =
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -1,119 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib; {
|
||||
|
||||
services.syncthing = {
|
||||
guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
|
||||
overrideDevices = lib.mkDefault true;
|
||||
settings.devices =
|
||||
let
|
||||
device = name: id: {
|
||||
"${name}" = {
|
||||
name = name;
|
||||
id = id;
|
||||
addresses = [ "tcp://${name}.private:22000" ];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
"robi" = {
|
||||
name = "robi";
|
||||
id = "B6P22RF-5BC2LTZ-6GHVWRZ-5D3OLXC-D66E45Y-JEB3WYT-ZQ442WZ-5FFAMQ7";
|
||||
addresses = [ "tcp://144.76.13.147:22000" ];
|
||||
};
|
||||
"orbi" = {
|
||||
name = "orbi";
|
||||
id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
|
||||
addresses = [ "tcp://95.216.66.212:22000" ];
|
||||
};
|
||||
}
|
||||
// (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
|
||||
// (device "bobi" "FOJ3D27-W5OJMQR-7S77A3V-AS5BCG2-CIGWVMP-UBSVQNN-QZLHAIZ-IO7GKAE")
|
||||
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
|
||||
// (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH")
|
||||
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
|
||||
// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
|
||||
// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
|
||||
// {
|
||||
bumba = {
|
||||
name = "windows-bumba";
|
||||
id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
|
||||
};
|
||||
}
|
||||
// {
|
||||
mors = {
|
||||
name = "lassulus-mors";
|
||||
id = "ZPRS57K-YK32ROQ-7A6MRAV-VOYXQ3I-CQCXISZ-C5PCV2A-GSFLG3I-K7UGGAH";
|
||||
addresses = [ "tcp://mors.r:22000" ];
|
||||
};
|
||||
};
|
||||
|
||||
settings.folders = {
|
||||
|
||||
# needs to be on encrypted drives
|
||||
# -------------------------------
|
||||
oscar_cpap = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/oscar_cpap";
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
};
|
||||
audiobooks = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/audiobooks";
|
||||
devices = [ "chungus" "orbi" ];
|
||||
};
|
||||
logseq = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/logseq";
|
||||
devices = [ "chungus" "cream" "cherry" "iPhone" "iPad" ];
|
||||
};
|
||||
lectures = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/lectures";
|
||||
devices = [ "chungus" "orbi" ];
|
||||
};
|
||||
books = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/books";
|
||||
devices = [ "chungus" "robi" "cream" "cherry" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "2";
|
||||
};
|
||||
};
|
||||
password-store = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/password-store";
|
||||
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "10";
|
||||
};
|
||||
};
|
||||
desktop = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/desktop";
|
||||
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
|
||||
};
|
||||
finance = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/finance";
|
||||
devices = [ "chungus" "cream" "mobi" "bobi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "10";
|
||||
};
|
||||
};
|
||||
# todo remove if zfs is is used
|
||||
nextcloud_backup = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/lost-fotos";
|
||||
devices = [ "chungus" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "2";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,37 +1,14 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.tinc = {
|
||||
private = {
|
||||
enable = mkEnableOption "private tinc setup";
|
||||
ipv4 = mkOption { type = types.str; };
|
||||
subnet = mkOption {
|
||||
type = types.str;
|
||||
default = "10.23.42.0/24";
|
||||
};
|
||||
};
|
||||
secret = {
|
||||
enable = mkEnableOption "secret tinc setup";
|
||||
ipv4 = mkOption {
|
||||
type = types.str;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf config.tinc.private.enable (import ./private.nix {
|
||||
ipv4 = config.tinc.private.ipv4;
|
||||
ipv6 = null;
|
||||
inherit (lib) optionalString concatStringsSep mapAttrsToList;
|
||||
inherit config;
|
||||
}))
|
||||
(mkIf config.tinc.secret.enable (import ./secret.nix {
|
||||
ipv4 = config.tinc.secret.ipv4;
|
||||
ipv6 = null;
|
||||
inherit (lib) optionalString concatStringsSep mapAttrsToList;
|
||||
inherit config;
|
||||
}))
|
||||
imports = [
|
||||
./private.nix
|
||||
./retiolum.nix
|
||||
./secret.nix
|
||||
];
|
||||
|
||||
# keys for secret and private tinc network
|
||||
sops.secrets.tinc_ed25519_key = { };
|
||||
sops.secrets.tinc_rsa_key = { };
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,181 +1,46 @@
|
|||
{ ipv4
|
||||
, ipv6
|
||||
, config
|
||||
, optionalString
|
||||
, concatStringsSep
|
||||
, mapAttrsToList
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
hosts = {
|
||||
mobi = "10.23.42.23";
|
||||
sterni = "10.23.42.24";
|
||||
bobi = "10.23.42.25";
|
||||
pepe = "10.23.42.26";
|
||||
cream = "10.23.42.27";
|
||||
chungus = "10.23.42.28";
|
||||
cherry = "10.23.42.29";
|
||||
robi = "10.23.42.111";
|
||||
orbi = "10.23.42.100";
|
||||
};
|
||||
subDomains = {
|
||||
# orbi
|
||||
"transmission2.orbi" = hosts.orbi;
|
||||
"sonarr.orbi" = hosts.orbi;
|
||||
"radarr.orbi" = hosts.orbi;
|
||||
"prowlarr.orbi" = hosts.orbi;
|
||||
"photoprism.orbi" = hosts.orbi;
|
||||
# robi
|
||||
"grafana.robi" = hosts.robi;
|
||||
"loki.robi" = hosts.robi;
|
||||
"prometheus.robi" = hosts.robi;
|
||||
"sync.robi" = hosts.robi;
|
||||
"transmission.robi" = hosts.robi;
|
||||
"transmission2.robi" = hosts.robi;
|
||||
"sonarr.robi" = hosts.robi;
|
||||
"radarr.robi" = hosts.robi;
|
||||
"tdarr.robi" = hosts.robi;
|
||||
"prowlarr.robi" = hosts.robi;
|
||||
"jellyseerr.robi" = hosts.robi;
|
||||
"unmanic.robi" = hosts.robi;
|
||||
# chungus
|
||||
"de.tts.chungus" = hosts.chungus;
|
||||
"en.tts.chungus" = hosts.chungus;
|
||||
"flix.chungus" = hosts.chungus;
|
||||
"git.chungus" = hosts.chungus;
|
||||
"grafana.chungus" = hosts.chungus;
|
||||
"loki.chungus" = hosts.chungus;
|
||||
"prometheus.chungus" = hosts.chungus;
|
||||
"s3.chungus" = hosts.chungus;
|
||||
"minio.chungus" = hosts.chungus;
|
||||
"sync.chungus" = hosts.chungus;
|
||||
"tdarr.chungus" = hosts.chungus;
|
||||
"tts.chungus" = hosts.chungus;
|
||||
"paperless.chungus" = hosts.chungus;
|
||||
};
|
||||
network = "private";
|
||||
in
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
networking.firewall.trustedInterfaces = [ "tinc.${network}" ];
|
||||
|
||||
sops.secrets.tinc_ed25519_key = { };
|
||||
networking.firewall.trustedInterfaces = [ "tinc.private" ];
|
||||
|
||||
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||
services.tinc.networks = {
|
||||
${network} = {
|
||||
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
|
||||
interfaceType = "tap";
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
'';
|
||||
hostSettings = {
|
||||
mobi = {
|
||||
subnets = [{ address = hosts.mobi; }];
|
||||
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
|
||||
};
|
||||
cream = {
|
||||
subnets = [{ address = hosts.cream; }];
|
||||
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
|
||||
};
|
||||
cherry = {
|
||||
subnets = [{ address = hosts.cherry; }];
|
||||
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
|
||||
};
|
||||
sterni = {
|
||||
subnets = [{ address = hosts.sterni; }];
|
||||
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
|
||||
};
|
||||
bobi = {
|
||||
subnets = [{ address = hosts.bobi; }];
|
||||
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
|
||||
};
|
||||
pepe = {
|
||||
subnets = [{ address = hosts.pepe; }];
|
||||
settings.Ed25519PublicKey = "LnE+w6ZfNCky4Kad3TBxpFKRJ2PJshkSpW6mC3pcsPI";
|
||||
};
|
||||
chungus = {
|
||||
subnets = [{ address = hosts.chungus; }];
|
||||
settings.Ed25519PublicKey = "mJP+zzYGv42KItpSf3lMkr3dwa5xW3n3hi0W2Z75jfJ";
|
||||
};
|
||||
robi = {
|
||||
addresses = [{ address = "144.76.13.147"; }];
|
||||
subnets = [{ address = hosts.robi; }];
|
||||
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
|
||||
};
|
||||
orbi = {
|
||||
addresses = [{ address = "95.216.66.212"; }];
|
||||
subnets = [{ address = hosts.orbi; }];
|
||||
settings.Ed25519PublicKey = "/1OE8xsnRT6egxd/+iH9TE+tzlwiUJeNsGFIIWyc70A";
|
||||
};
|
||||
users.groups."tinc.private" = { };
|
||||
users.users."tinc.private" = {
|
||||
group = "tinc.private";
|
||||
isSystemUser = lib.mkDefault true;
|
||||
};
|
||||
|
||||
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||
module.cluster.services.tinc."private" = {
|
||||
networkSubnet = "10.23.42.0/24";
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
'';
|
||||
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
|
||||
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
|
||||
hosts = {
|
||||
pepe = {
|
||||
tincIp = "10.23.42.26";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/pepe_host_file;
|
||||
};
|
||||
sterni = {
|
||||
tincIp = "10.23.42.24";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
|
||||
};
|
||||
mobi = {
|
||||
tincIp = "10.23.42.23";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/mobi_host_file;
|
||||
};
|
||||
bobi = {
|
||||
tincIp = "10.23.42.23";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/bobi_host_file;
|
||||
};
|
||||
robi = {
|
||||
realAddress = [ "144.76.13.147" ];
|
||||
tincIp = "10.23.42.111";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.enable = true;
|
||||
systemd.network.networks.${network}.extraConfig = ''
|
||||
[Match]
|
||||
Name = tinc.${network}
|
||||
[Link]
|
||||
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
|
||||
MTUBytes=1377
|
||||
[Network]
|
||||
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
|
||||
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
|
||||
RequiredForOnline = no
|
||||
LinkLocalAddressing = no
|
||||
'';
|
||||
|
||||
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
"orbi" = {
|
||||
hostNames = [
|
||||
"orbi.${network}"
|
||||
hosts.orbi
|
||||
"orbi"
|
||||
"95.216.66.212"
|
||||
"git.ingolf-wagner.de"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTqV5ch4BokqDniDgCquRwfTz6aXXMTdZovIvqShfLV";
|
||||
};
|
||||
"robi" = {
|
||||
hostNames = [
|
||||
"robi.${network}"
|
||||
hosts.robi
|
||||
"robi"
|
||||
"144.76.13.147"
|
||||
"taskd.ingolf-wagner.de"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
|
||||
};
|
||||
"sterni.${network}" = {
|
||||
hostNames = [ "sterni.${network}" hosts.sterni ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
||||
};
|
||||
"cream.${network}" = {
|
||||
hostNames = [ "cream.${network}" hosts.cream ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
|
||||
};
|
||||
"cherry.${network}" = {
|
||||
hostNames = [ "cherry.${network}" hosts.cream ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUXkewyZ94A7CeCyVvN0KCqPn+8x1BZaGWMAojlfCXO";
|
||||
};
|
||||
"pepe.${network}" = {
|
||||
hostNames = [ "pepe.${network}" hosts.pepe ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
||||
};
|
||||
"chungus.${network}" = {
|
||||
hostNames = [ "chungus.${network}" hosts.chungus ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP9jrbOJbgapreRjttyOKWv5vxGMThn7kAwlk8WnSyL9";
|
||||
};
|
||||
"bobi.${network}" = {
|
||||
hostNames = [ "bobi.${network}" hosts.bobi ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0haepNVEaocfWh6kwVc4QsSg2iqO5k+hjarphBqMVk";
|
||||
};
|
||||
"mobi.${network}" = {
|
||||
hostNames = [ "mobi.${network}" hosts.mobi ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE3G7TwCoxcVfwhGL0913RtacEeokqKtufhzzkCxpPxk";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
{ config, pkgs, lib, retiolum, ... }:
|
||||
{
|
||||
|
||||
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||
module.cluster.services.tinc."retiolum" = {
|
||||
networkSubnet = "10.243.0.0/16";
|
||||
port = 720;
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
AutoConnect = yes
|
||||
'';
|
||||
privateEd25519KeyFile = toString config.sops.secrets.tinc_retiolum_ed25519_key.path;
|
||||
privateRsaKeyFile = toString config.sops.secrets.tinc_retiolum_rsa_key.path;
|
||||
hosts = {
|
||||
pepe = {
|
||||
tincIp = "10.243.23.1";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file;
|
||||
};
|
||||
sterni = {
|
||||
tincIp = "10.243.23.3";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/retiolum/host_file;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.extraHosts = builtins.readFile (toString "${retiolum}/etc.hosts");
|
||||
systemd.services."tinc.retiolum" = {
|
||||
preStart = ''
|
||||
cp -R ${retiolum}/hosts /etc/tinc/retiolum/ || true
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -1,91 +1,33 @@
|
|||
{ ipv4
|
||||
, ipv6
|
||||
, config
|
||||
, optionalString
|
||||
, concatStringsSep
|
||||
, mapAttrsToList
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
port = 721;
|
||||
hosts = {
|
||||
cherry = "10.123.42.29";
|
||||
cream = "10.123.42.27";
|
||||
robi = "10.123.42.123";
|
||||
sternchen = "10.123.42.25";
|
||||
sterni = "10.123.42.24";
|
||||
};
|
||||
network = "secret";
|
||||
in
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
sops.secrets.tinc_ed25519_key = { };
|
||||
|
||||
services.tinc.networks = {
|
||||
${network} = {
|
||||
ed25519PrivateKeyFile = config.sops.secrets.tinc_ed25519_key.path;
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
Port = ${toString port}
|
||||
'';
|
||||
hostSettings = {
|
||||
sternchen = {
|
||||
subnets = [{ address = hosts.sternchen; }];
|
||||
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
|
||||
};
|
||||
cream = {
|
||||
subnets = [{ address = hosts.cream; }];
|
||||
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
|
||||
};
|
||||
cherry = {
|
||||
subnets = [{ address = hosts.cherry; }];
|
||||
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
|
||||
};
|
||||
sterni = {
|
||||
subnets = [{ address = hosts.sterni; }];
|
||||
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
|
||||
};
|
||||
robi = {
|
||||
addresses = [{ address = "144.76.13.147"; port = port; }];
|
||||
subnets = [{ address = hosts.robi; }];
|
||||
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
|
||||
};
|
||||
|
||||
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||
module.cluster.services.tinc."secret" = {
|
||||
networkSubnet = "10.123.42.0/24";
|
||||
port = 721;
|
||||
extraConfig = ''
|
||||
LocalDiscovery = yes
|
||||
AutoConnect = yes
|
||||
'';
|
||||
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
|
||||
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
|
||||
hosts = {
|
||||
sternchen = {
|
||||
tincIp = "10.123.42.25";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/sternchen_host_file;
|
||||
};
|
||||
sterni = {
|
||||
tincIp = "10.123.42.24";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/workout_host_file;
|
||||
};
|
||||
robi = {
|
||||
realAddress = [ "144.76.13.147" ];
|
||||
tincIp = "10.123.42.123";
|
||||
publicKey = lib.fileContents ../../../assets/tinc/robi_host_file;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.enable = true;
|
||||
systemd.network.networks.${network}.extraConfig = ''
|
||||
[Match]
|
||||
Name = tinc.${network}
|
||||
[Link]
|
||||
# tested with `ping -6 turingmachine.r -s 1378`, not sure how low it must be
|
||||
MTUBytes=1377
|
||||
[Network]
|
||||
${optionalString (ipv4 != null) "Address=${ipv4}/24"}
|
||||
${optionalString (ipv6 != null) "Address=${ipv6}/28"}
|
||||
RequiredForOnline = no
|
||||
LinkLocalAddressing = no
|
||||
'';
|
||||
|
||||
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
"cream.${network}" = {
|
||||
hostNames = [ "cream.${network}" hosts.cream ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
|
||||
};
|
||||
"sternchen.${network}" = {
|
||||
hostNames = [ "sterni.${network}" hosts.sterni ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
|
||||
};
|
||||
"sterni.${network}" = {
|
||||
hostNames = [ "sterni.${network}" hosts.sterni ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
||||
};
|
||||
"robi" = {
|
||||
hostNames = [ "robi.${network}" hosts.robi ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -1,51 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
|
||||
options.components.network.wifi.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.network.enable;
|
||||
};
|
||||
|
||||
config = mkIf config.components.network.wifi.enable {
|
||||
|
||||
networking.usePredictableInterfaceNames = true;
|
||||
|
||||
networking.networkmanager.enable = true;
|
||||
networking.networkmanager.wifi.powersave = lib.mkDefault true;
|
||||
networking.networkmanager.extraConfig = ''
|
||||
# The number of times a connection activation should be automatically tried
|
||||
# before switching to another one. This value applies only to connections
|
||||
# that can auto-connect and have a connection. autoconnect-retries property set to -1.
|
||||
# If not specified, connections will be tried 4 times.
|
||||
# Setting this value to 1 means to try activation once, without retry.
|
||||
autoconnect-retries-default=999
|
||||
'';
|
||||
|
||||
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
|
||||
# because Networkd-wait-online is just failing.
|
||||
# systemd.services.systemd-networkd-wait-online.enable = false;
|
||||
systemd.services.NetworkManager-wait-online.enable = false;
|
||||
|
||||
environment.systemPackages = [
|
||||
|
||||
(pkgs.writeShellScriptBin "scan-wifi" ''
|
||||
# todo : use column to make a nice view
|
||||
${pkgs.wirelesstools}/bin/iwlist scan | \
|
||||
grep -v "Interface doesn't support scanning" | \
|
||||
sed -e '/^\s*$/d' | \
|
||||
grep -e "ESSID" -e "Encrypt" | \
|
||||
sed -e "s/Encryption key:on/encrypted/g" | \
|
||||
sed -e "s/Encryption key:off/open/g" | \
|
||||
sed -e "s/ESSID://g" | \
|
||||
xargs -L 2 printf "%9s - '%s'\n"
|
||||
'')
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.wireguard = {
|
||||
wg0 = {
|
||||
subnet = mkOption {
|
||||
type = types.str;
|
||||
default = "10.100.0.1/24";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# todo: use networking.wireguard instead of networking wg-quick
|
||||
# with dynamicEndpointRefreshSeconds
|
||||
#config = {
|
||||
# systemd.services.wg-quick-wg0.serviceConfig = {
|
||||
# Restart = "always";
|
||||
# RestartSec = 50;
|
||||
# Type = mkForce "simple";
|
||||
# RemainAfterExit = mkForce false;
|
||||
# };
|
||||
#};
|
||||
|
||||
|
||||
}
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
imports = [ ./upgrade-diff.nix ];
|
||||
|
||||
options.components.nixos.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
|
||||
config = lib.mkIf (config.components.nixos.enable) { };
|
||||
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
|
||||
options.components.nixos.update-diff.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.nixos.enable;
|
||||
};
|
||||
|
||||
config = lib.mkIf (config.components.nixos.update-diff.enable) {
|
||||
system.activationScripts.diff = {
|
||||
supportsDryActivation = true;
|
||||
text = ''
|
||||
if [[ -e /run/current-system ]]; then
|
||||
echo "--- diff to current-system"
|
||||
${config.nix.package}/bin/nix --extra-experimental-features nix-command store diff-closures /run/current-system "$systemConfig"
|
||||
echo "---"
|
||||
fi
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal.bash.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.terminal.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.terminal.bash.enable) {
|
||||
|
||||
programs.bash = {
|
||||
|
||||
enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
|
||||
interactiveShellInit = "set -o vi";
|
||||
|
||||
|
||||
shellAliases = {
|
||||
ls = "ls --color=tty";
|
||||
l = "ls -CFh";
|
||||
la = "ls -Ah";
|
||||
ll = "ls -lh";
|
||||
lt = "ls -lct --reverse";
|
||||
less = "less -S";
|
||||
top = "htop";
|
||||
version = "date '+%Y%m%d%H%M%S'";
|
||||
vclip = "xclip -selection clipboard";
|
||||
df = "df -h";
|
||||
timestamp = "date +%Y%m%d%H%M%S";
|
||||
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,30 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
./direnv.nix
|
||||
./git.nix
|
||||
./heygpt.nix
|
||||
./hoard.nix
|
||||
./oh-my-posh
|
||||
./remote-install.nix
|
||||
./wtf.nix
|
||||
./zsh.nix
|
||||
];
|
||||
|
||||
config = mkIf config.components.terminal.enable {
|
||||
environment.systemPackages = [
|
||||
pkgs.ranger # datei browser
|
||||
pkgs.retry # retry command till success
|
||||
pkgs.silver-searcher
|
||||
pkgs.treefmt
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal.direnv.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.terminal.enable;
|
||||
};
|
||||
config = mkIf (config.components.terminal.direnv.enable) {
|
||||
|
||||
environment.systemPackages = [ pkgs.direnv ];
|
||||
|
||||
home-manager.sharedModules = [
|
||||
{
|
||||
programs.direnv.enable = true;
|
||||
programs.git.ignores = [ ".envrc" ".direnv" ];
|
||||
}
|
||||
];
|
||||
|
||||
programs.zsh.interactiveShellInit = ''
|
||||
eval "$(${pkgs.direnv}/bin/direnv hook zsh)"
|
||||
'';
|
||||
programs.bash.interactiveShellInit = ''
|
||||
eval "$(${pkgs.direnv}/bin/direnv hook bash)"
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal.heygpt.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
#default = config.components.terminal.enable;
|
||||
default = false;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.terminal.heygpt.enable) {
|
||||
environment.systemPackages = [
|
||||
(pkgs.writers.writeBashBin "heygpt" ''
|
||||
export OPENAI_API_BASE="https://api.openai.com/v1"
|
||||
export OPENAI_API_KEY=$(pass openai/apikey)
|
||||
${lib.getExe pkgs.unstable.heygpt} "$@"
|
||||
'')
|
||||
(pkgs.writers.writeBashBin "heygpt-models" ''
|
||||
export OPENAI_API_KEY=$(pass openai/apikey)
|
||||
${getExe pkgs.curl} https://api.openai.com/v1/models \
|
||||
-H "Authorization: Bearer $OPENAI_API_KEY" \
|
||||
| ${getExe pkgs.jq} --raw-output '.data[] | .id' \
|
||||
| ${getExe pkgs.gum} filter
|
||||
'')
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,62 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
let
|
||||
hoardSrc = pkgs.fetchFromGitHub {
|
||||
owner = "Hyde46";
|
||||
repo = "hoard";
|
||||
rev = "v1.3.1";
|
||||
sha256 = "sha256-Gm3X6/g5JQJEl7wRvWcO4j5XpROhtfRJ72LNaUeZRGc=";
|
||||
};
|
||||
in
|
||||
{
|
||||
options.components.terminal.hoard.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.terminal.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.terminal.hoard.enable) {
|
||||
|
||||
# todo : sync via syncthing
|
||||
backup.dirs = [
|
||||
"/root/.config/hoard"
|
||||
"/home/palo/.config/hoard"
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.legacy_2211.hoard ];
|
||||
|
||||
home-manager.users.mainUser = {
|
||||
xdg.configFile."hoard/config.yml".text = builtins.toJSON {
|
||||
version = "1.0.1";
|
||||
default_namespace = "default";
|
||||
config_home_path = "/home/palo/.config/hoard";
|
||||
trove_path = "/home/palo/.config/hoard/trove.yml";
|
||||
query_prefix = " >";
|
||||
primary_color = [ 87 142 87 ];
|
||||
secondary_color = [ 203 184 144 ];
|
||||
tertiary_color = [ 30 30 30 ];
|
||||
command_color = [ 30 30 30 ];
|
||||
parameter_token = "#";
|
||||
read_from_current_directory = true;
|
||||
};
|
||||
programs.zsh.initExtra = ''
|
||||
export HOARD_NOBIND=1
|
||||
source ${hoardSrc}/src/shell/hoard.zsh
|
||||
bindkey '^x' _hoard_list_widget
|
||||
'';
|
||||
};
|
||||
|
||||
# use showkey -a
|
||||
# Ctrl-h is equivalent to Ctrl-Backspace (for some reason)
|
||||
programs.zsh.interactiveShellInit = ''
|
||||
export HOARD_NOBIND=1
|
||||
source ${hoardSrc}/src/shell/hoard.zsh
|
||||
bindkey '^x' _hoard_list_widget
|
||||
'';
|
||||
programs.bash.interactiveShellInit = ''
|
||||
export HOARD_NOBIND=1
|
||||
source ${hoardSrc}/src/shell/hoard.bash
|
||||
bind -x '"\C-x": __hoard_list'
|
||||
'';
|
||||
|
||||
};
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal.oh-my-posh.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.terminal.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.terminal.oh-my-posh.enable) {
|
||||
|
||||
home-manager.users =
|
||||
let
|
||||
poshConfig = {
|
||||
programs.oh-my-posh = {
|
||||
enable = true;
|
||||
# useTheme = "gruvbox";
|
||||
settings = builtins.fromJSON (builtins.readFile ./gruvbox.json);
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
mainUser = poshConfig;
|
||||
root = poshConfig;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,65 +0,0 @@
|
|||
{
|
||||
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
|
||||
"blocks": [
|
||||
{
|
||||
"alignment": "left",
|
||||
"segments": [
|
||||
{
|
||||
"background": "#3A3A3A",
|
||||
"foreground": "#ffffff",
|
||||
"style": "powerline",
|
||||
"template": "{{ if .WSL }}WSL at{{ end }} {{.Icon}} ",
|
||||
"type": "os"
|
||||
},
|
||||
{
|
||||
"background": "#fbf1c7",
|
||||
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
|
||||
"foreground": "#282828",
|
||||
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
|
||||
"powerline_symbol": "\ue0b0",
|
||||
"style": "powerline",
|
||||
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
|
||||
"type": "session"
|
||||
},
|
||||
{
|
||||
"background": "#458588",
|
||||
"foreground": "#282828",
|
||||
"powerline_symbol": "\ue0b0",
|
||||
"properties": {
|
||||
"style": "full"
|
||||
},
|
||||
"style": "powerline",
|
||||
"template": " {{ .Path }} ",
|
||||
"type": "path"
|
||||
},
|
||||
{
|
||||
"background": "#98971A",
|
||||
"background_templates": [
|
||||
"{{ if or (.Working.Changed) (.Staging.Changed) }}#FF9248{{ end }}",
|
||||
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#ff4500{{ end }}",
|
||||
"{{ if gt .Ahead 0 }}#B388FF{{ end }}",
|
||||
"{{ if gt .Behind 0 }}#B388FF{{ end }}"
|
||||
],
|
||||
"foreground": "#282828",
|
||||
"leading_diamond": "\ue0b6",
|
||||
"powerline_symbol": "\ue0b0",
|
||||
"properties": {
|
||||
"branch_max_length": 25,
|
||||
"fetch_stash_count": true,
|
||||
"fetch_status": true,
|
||||
"branch_icon": "\uE0A0 ",
|
||||
"branch_identical_icon": "\u25CF"
|
||||
},
|
||||
"style": "powerline",
|
||||
"template": " {{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }} \uf044 {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }} \uf046 {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }} \ueb4b {{ .StashCount }}{{ end }} ",
|
||||
"trailing_diamond": "\ue0b4",
|
||||
"type": "git"
|
||||
}
|
||||
],
|
||||
"type": "prompt"
|
||||
}
|
||||
],
|
||||
"console_title_template": "{{ .Folder }}",
|
||||
"final_space": true,
|
||||
"version": 2
|
||||
}
|
|
@ -1,26 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal.remote-install.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.terminal.enable;
|
||||
};
|
||||
config = mkIf (config.components.terminal.remote-install.enable) {
|
||||
|
||||
services.tor = {
|
||||
enable = true;
|
||||
client.enable = true;
|
||||
relay.onionServices.liveos.map = [{ port = 1337; }];
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
(pkgs.writeShellScriptBin "remote-install-start-service" ''
|
||||
echo "starting announcment server to receive remote-install iso onion id"
|
||||
${pkgs.nmap}/bin/ncat -k -l -p 1337
|
||||
'')
|
||||
(pkgs.writeShellScriptBin "remote-install-get-hiddenReceiver" ''
|
||||
sudo cat /var/lib/tor/onion/liveos/hostname
|
||||
'')
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,51 +0,0 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.terminal.zsh.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.terminal.enable;
|
||||
};
|
||||
|
||||
config = mkIf (config.components.terminal.zsh.enable) {
|
||||
|
||||
# root uses zsh on default
|
||||
users.users.root.shell = pkgs.zsh;
|
||||
|
||||
programs.zsh = {
|
||||
|
||||
enable = true;
|
||||
enableCompletion = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
|
||||
shellAliases = {
|
||||
ls = "ls --color=tty";
|
||||
l = "ls -CFh";
|
||||
la = "ls -Ah";
|
||||
ll = "ls -lh";
|
||||
lt = "ls -lct --reverse";
|
||||
less = "less -S";
|
||||
top = "htop";
|
||||
version = "date '+%Y%m%d%H%M%S'";
|
||||
vclip = "xclip -selection clipboard";
|
||||
df = "df -h";
|
||||
timestamp = "date +%Y%m%d%H%M%S";
|
||||
nix-show-garbadge-roots = "ls -lh /nix/var/nix/gcroots/auto/";
|
||||
};
|
||||
|
||||
interactiveShellInit = ''
|
||||
kpaste() {
|
||||
arg=cat
|
||||
if [[ $# -ne 0 ]]; then
|
||||
arg+=("''${@}")
|
||||
elif [[ -t 0 ]] && [[ -o interactive ]]; then
|
||||
arg=(wl-paste)
|
||||
fi
|
||||
"''${arg[@]}" | curl -sS http://p.r --data-binary @- | \
|
||||
sed '$ {p;s|http://p.r|https://p.krebsco.de|}'
|
||||
}
|
||||
'';
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,66 +0,0 @@
|
|||
# References:
|
||||
# * https://github.com/drduh/YubiKey-Guide
|
||||
# * https://nixos.wiki/wiki/Yubikey
|
||||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.components.yubikey.enable = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
default = true;
|
||||
};
|
||||
|
||||
# todo move this tho home manager
|
||||
config = mkIf config.components.yubikey.enable {
|
||||
|
||||
services.pcscd.enable = true;
|
||||
services.udev.packages = [
|
||||
|
||||
pkgs.yubikey-personalization
|
||||
|
||||
# additional services, but I just want gpg
|
||||
# pkgs.libu2f-host
|
||||
|
||||
];
|
||||
|
||||
environment.systemPackages = [
|
||||
|
||||
# for `gpg --export $keyid | hokey lint` to check keys
|
||||
#pkgs.haskellPackages.hopenpgp-tools
|
||||
|
||||
# for otp keys (but I use pass otp)
|
||||
# pkgs.yubioath-desktop
|
||||
|
||||
(pkgs.writers.writeDashBin "gpg-reset-yubikey-id" ''
|
||||
echo "reset gpg to make new key available"
|
||||
set -x
|
||||
set -e
|
||||
${pkgs.psmisc}/bin/killall gpg-agent
|
||||
rm -r ~/.gnupg/private-keys-v1.d/
|
||||
${pkgs.gnupg}/bin/gpg --card-status
|
||||
echo "now the new key should work"
|
||||
'')
|
||||
|
||||
];
|
||||
|
||||
## managed by home-manager now
|
||||
#environment.shellInit = ''
|
||||
# export GPG_TTY="$(tty)"
|
||||
# gpg-connect-agent /bye
|
||||
# export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
|
||||
#'';
|
||||
#programs = {
|
||||
# ssh.startAgent = false;
|
||||
# gnupg.agent = {
|
||||
# enable = true;
|
||||
# enableSSHSupport = true;
|
||||
# };
|
||||
#};
|
||||
|
||||
## managed by home-manager now
|
||||
#security.pam.u2f.enable = true;
|
||||
#security.pam.u2f.authFile = toString config.sops.secrets.yubikey_u2fAuthFile.path;
|
||||
#sops.secrets.yubikey_u2fAuthFile = { };
|
||||
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{ lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./packages.nix
|
||||
./terminal.nix
|
||||
./zfs.nix
|
||||
];
|
||||
options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
|
||||
}
|
|
@ -1,64 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with pkgs;
|
||||
with lib;
|
||||
{
|
||||
config = mkMerge [
|
||||
{
|
||||
home.packages = [
|
||||
bind.dnsutils
|
||||
nmap
|
||||
hexyl
|
||||
ipcalc
|
||||
|
||||
units
|
||||
|
||||
parallel
|
||||
|
||||
wget
|
||||
curl
|
||||
|
||||
gimoji
|
||||
|
||||
# todo : configure this properly
|
||||
tldr
|
||||
|
||||
bandwhich
|
||||
|
||||
unzip
|
||||
genpass
|
||||
tree
|
||||
killall
|
||||
nix-tree
|
||||
|
||||
unstable.vulnix
|
||||
(writers.writeBashBin "vulnix-system" ''
|
||||
${unstable.vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
|
||||
'')
|
||||
];
|
||||
|
||||
programs.btop.enable = true;
|
||||
|
||||
}
|
||||
|
||||
|
||||
(mkIf config.gui.enable {
|
||||
home.packages = [
|
||||
libreoffice
|
||||
hunspell
|
||||
hunspellDicts.de-de
|
||||
hunspellDicts.en-us
|
||||
aspell
|
||||
aspellDicts.de
|
||||
aspellDicts.en
|
||||
aspellDicts.es
|
||||
|
||||
evince
|
||||
sxiv
|
||||
gimp
|
||||
inkscape
|
||||
|
||||
transmission-remote-gtk
|
||||
];
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
{ lib, pkgs, assets, ... }:
|
||||
{
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
defaultKeymap = lib.mkDefault "viins";
|
||||
};
|
||||
|
||||
programs.bash = {
|
||||
enable = true;
|
||||
bashrcExtra = ''
|
||||
set -o vi
|
||||
'';
|
||||
};
|
||||
|
||||
programs.thefuck.enable = true;
|
||||
|
||||
# a better cat
|
||||
programs.bat = {
|
||||
enable = true;
|
||||
config.theme = "gruvbox-light";
|
||||
};
|
||||
|
||||
home.shellAliases.cat = "${pkgs.bat}/bin/bat --theme='gruvbox-light'";
|
||||
home.shellAliases.llt = "${pkgs.eza}/bin/exa -a --tree";
|
||||
|
||||
# use z instead of cd
|
||||
# use zi to fuzzy search through all registered directories
|
||||
programs.zoxide = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
|
||||
# provide better `Ctrl+r` command in terminal
|
||||
programs.atuin = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
enableZshIntegration = true;
|
||||
#package = pkgs.unstable.atuin;
|
||||
package = pkgs.unstable.atuin.overrideAttrs (_old: {
|
||||
# as cursed as doing mitigations=off in the kernel command line
|
||||
patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
|
||||
});
|
||||
settings = {
|
||||
auto_sync = true;
|
||||
sync_frequency = "5m";
|
||||
sync_address = "http://chungus.private:8888";
|
||||
search_mode = "fuzzy";
|
||||
style = "full";
|
||||
inline_height = 20;
|
||||
keymap_mode = "vim-normal";
|
||||
|
||||
# With workspace filtering enabled, Atuin will filter for commands executed
|
||||
# in any directory within a git repository tree.
|
||||
workspaces = true;
|
||||
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with pkgs;
|
||||
with lib;
|
||||
{
|
||||
config = mkMerge [
|
||||
{
|
||||
home.packages = [
|
||||
(
|
||||
let
|
||||
options = [
|
||||
"name"
|
||||
"mountpoint"
|
||||
"compression"
|
||||
"com.sun:auto-snapshot:yearly"
|
||||
"com.sun:auto-snapshot:monthly"
|
||||
"com.sun:auto-snapshot:daily"
|
||||
"com.sun:auto-snapshot:hourly"
|
||||
];
|
||||
in
|
||||
pkgs.writers.writeBashBin "zfs-overview" ''
|
||||
${pkgs.zfs}/bin/zfs list -o ${concatStringsSep "," options} "$@"
|
||||
''
|
||||
)
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
|
@ -1,79 +0,0 @@
|
|||
{ pkgs, ... }: {
|
||||
|
||||
imports = [
|
||||
../common
|
||||
./doom-emacs.nix
|
||||
./editor.nix
|
||||
./git.nix
|
||||
./gpg.nix
|
||||
./i3.nix
|
||||
./packages
|
||||
./ssh.nix
|
||||
./stylix.nix
|
||||
./tmux.nix
|
||||
./yubikey.nix
|
||||
./zellij.nix
|
||||
./hyperland.nix
|
||||
];
|
||||
|
||||
home.stateVersion = "22.11";
|
||||
|
||||
programs.htop = {
|
||||
enable = true;
|
||||
settings.highlight_base_name = true;
|
||||
settings.tree_view = true;
|
||||
};
|
||||
|
||||
xdg.configFile."mimeapps.list".text = ''
|
||||
[Default Applications]
|
||||
text/html=browser-select.desktop
|
||||
x-scheme-handler/http=browser-select.desktop
|
||||
x-scheme-handler/https=browser-select.desktop
|
||||
x-scheme-handler/about=browser-select.desktop
|
||||
x-scheme-handler/mailto=thunderbird.desktop;
|
||||
x-scheme-handler/unknown=browser-select.desktop
|
||||
x-scheme-handler/postman=Postman.desktop
|
||||
image/png=sxiv.desktop
|
||||
image/jpeg=sxiv.desktop
|
||||
x-scheme-handler/magnet=userapp-transmission-gtk-YPS6F2.desktop
|
||||
'';
|
||||
|
||||
xdg.configFile."khal/config".text = ''
|
||||
[calendars]
|
||||
|
||||
[[local_calendar]]
|
||||
path = ~/.calendars/*
|
||||
type = discover
|
||||
|
||||
[locale]
|
||||
timeformat = %H:%M
|
||||
dateformat = %Y-%m-%d
|
||||
longdateformat = %Y-%m-%d
|
||||
datetimeformat = %Y-%m-%d %H:%M
|
||||
longdatetimeformat = %Y-%m-%d %H:%M
|
||||
'';
|
||||
|
||||
xdg.configFile."vdirsyncer/config".text = ''
|
||||
[general]
|
||||
# A folder where vdirsyncer can store some metadata about each pair.
|
||||
status_path = "~/.vdirsyncer/status/"
|
||||
|
||||
# CALDAV
|
||||
[pair my_calendar]
|
||||
a = "nextcloud_calendar"
|
||||
b = "local_calendar"
|
||||
collections = ["from a", "from b"]
|
||||
|
||||
[storage nextcloud_calendar]
|
||||
type = "caldav"
|
||||
url = "https://nextcloud.ingolf-wagner.de/"
|
||||
username = "palo"
|
||||
password.fetch = ["command", "${pkgs.pass}/bin/pass", "home/nextcloud/palo/nextcloudcmd-token"]
|
||||
|
||||
[storage local_calendar]
|
||||
type = "filesystem"
|
||||
path = "~/.calendars/"
|
||||
fileext = ".ics"
|
||||
'';
|
||||
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
config = mkMerge [
|
||||
{
|
||||
home.packages = [ pkgs.ripgrep ];
|
||||
}
|
||||
(mkIf config.gui.enable {
|
||||
programs.doom-emacs = {
|
||||
enable = lib.mkDefault true;
|
||||
doomPrivateDir = ./doom.d;
|
||||
extraConfig = ''
|
||||
;; "monospace" means use the system default. However, the default is usually two
|
||||
;; points larger than I'd like, so I specify size 12 here.
|
||||
(setq doom-font
|
||||
(font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
|
||||
;;(setq doom-font
|
||||
;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
|
||||
'';
|
||||
#emacsPackagesOverlay = self: super: {
|
||||
# # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
|
||||
# gitignore-mode = pkgs.emacsPackages.git-modes;
|
||||
# gitconfig-mode = pkgs.emacsPackages.git-modes;
|
||||
#};
|
||||
};
|
||||
})
|
||||
(mkIf (!config.gui.enable) {
|
||||
programs.doom-emacs = {
|
||||
enable = lib.mkDefault true;
|
||||
doomPrivateDir = ./doom.d;
|
||||
package = pkgs.emacs-nox;
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
;; configure theme
|
||||
(setq doom-theme 'doom-solarized-light)
|
||||
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
{
|
||||
programs.vim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
|
||||
programs.helix = {
|
||||
enable = true;
|
||||
# defaultEditor = true;
|
||||
};
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
with pkgs;
|
||||
{
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userName = "Ingolf Wagner";
|
||||
userEmail = "contact@ingolf-wagner.de";
|
||||
signing = {
|
||||
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
|
||||
signByDefault = true;
|
||||
};
|
||||
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
|
||||
extraConfig = {
|
||||
init.defaultBranch = "main";
|
||||
pull.ff = "only";
|
||||
};
|
||||
#diff-so-fancy.enable = true;
|
||||
difftastic.enable = true;
|
||||
};
|
||||
|
||||
|
||||
home.packages = [
|
||||
pre-commit
|
||||
gita
|
||||
tig
|
||||
lazygit
|
||||
git-crypt
|
||||
gitAndTools.gitflow
|
||||
gitAndTools.gitSVN
|
||||
gitAndTools.git2cl
|
||||
];
|
||||
|
||||
}
|
|
@ -1,31 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
|
||||
programs.gpg = {
|
||||
enable = true;
|
||||
settings = {
|
||||
auto-key-locate = "local";
|
||||
keyid-format = "long";
|
||||
utf8-strings = "";
|
||||
verbose = "";
|
||||
with-fingerprint = "";
|
||||
keyserver = "keyserver.ubuntu.com";
|
||||
personal-digest-preferences = "SHA512";
|
||||
cert-digest-algo = "SHA512";
|
||||
default-preference-list =
|
||||
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
|
||||
};
|
||||
};
|
||||
|
||||
services.gpg-agent = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
enableExtraSocket = true;
|
||||
enableSshSupport = true;
|
||||
enableZshIntegration = true;
|
||||
# sshKeys = [];
|
||||
defaultCacheTtl = 30;
|
||||
defaultCacheTtlSsh = 30;
|
||||
|
||||
};
|
||||
}
|
|
@ -1,161 +0,0 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
|
||||
home.file.".config/hypr/hyperland.conf".text = ''
|
||||
autogenerated = 1 # remove this line to remove the warning
|
||||
# See https://wiki.hyprland.org/Configuring/Monitors/
|
||||
monitor=,preferred,auto,auto
|
||||
|
||||
# Some default env vars.
|
||||
env = XCURSOR_SIZE,24
|
||||
|
||||
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
||||
input {
|
||||
kb_layout = us
|
||||
kb_variant =
|
||||
kb_model =
|
||||
kb_options =
|
||||
kb_rules =
|
||||
|
||||
follow_mouse = 1
|
||||
|
||||
touchpad {
|
||||
natural_scroll = no
|
||||
}
|
||||
|
||||
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
||||
}
|
||||
|
||||
general {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
|
||||
gaps_in = 5
|
||||
gaps_out = 20
|
||||
border_size = 2
|
||||
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
|
||||
col.inactive_border = rgba(595959aa)
|
||||
|
||||
layout = dwindle
|
||||
|
||||
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
||||
allow_tearing = false
|
||||
}
|
||||
|
||||
decoration {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
|
||||
rounding = 10
|
||||
|
||||
blur {
|
||||
enabled = true
|
||||
size = 3
|
||||
passes = 1
|
||||
}
|
||||
|
||||
drop_shadow = yes
|
||||
shadow_range = 4
|
||||
shadow_render_power = 3
|
||||
col.shadow = rgba(1a1a1aee)
|
||||
}
|
||||
|
||||
animations {
|
||||
enabled = yes
|
||||
|
||||
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
||||
|
||||
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
|
||||
|
||||
animation = windows, 1, 7, myBezier
|
||||
animation = windowsOut, 1, 7, default, popin 80%
|
||||
animation = border, 1, 10, default
|
||||
animation = borderangle, 1, 8, default
|
||||
animation = fade, 1, 7, default
|
||||
animation = workspaces, 1, 6, default
|
||||
}
|
||||
|
||||
dwindle {
|
||||
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
||||
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
||||
preserve_split = yes # you probably want this
|
||||
}
|
||||
|
||||
master {
|
||||
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
||||
new_is_master = true
|
||||
}
|
||||
|
||||
gestures {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
workspace_swipe = off
|
||||
}
|
||||
|
||||
misc {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
|
||||
}
|
||||
|
||||
# Example per-device config
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
|
||||
device:epic-mouse-v1 {
|
||||
sensitivity = -0.5
|
||||
}
|
||||
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
$mainMod = SUPER
|
||||
|
||||
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
|
||||
bind = $mainMod, enter, exec, alacritty
|
||||
bind = $mainMod, C, killactive,
|
||||
bind = $mainMod, Q, exit,
|
||||
bind = $mainMod, E, exec, dolphin
|
||||
bind = $mainMod, V, togglefloating,
|
||||
bind = $mainMod, R, exec, wofi --show drun
|
||||
bind = $mainMod, P, pseudo, # dwindle
|
||||
bind = $mainMod, J, togglesplit, # dwindle
|
||||
|
||||
# Move focus with mainMod + arrow keys
|
||||
bind = $mainMod, left, movefocus, l
|
||||
bind = $mainMod, right, movefocus, r
|
||||
bind = $mainMod, up, movefocus, u
|
||||
bind = $mainMod, down, movefocus, d
|
||||
|
||||
# Switch workspaces with mainMod + [0-9]
|
||||
bind = $mainMod, 1, workspace, 1
|
||||
bind = $mainMod, 2, workspace, 2
|
||||
bind = $mainMod, 3, workspace, 3
|
||||
bind = $mainMod, 4, workspace, 4
|
||||
bind = $mainMod, 5, workspace, 5
|
||||
bind = $mainMod, 6, workspace, 6
|
||||
bind = $mainMod, 7, workspace, 7
|
||||
bind = $mainMod, 8, workspace, 8
|
||||
bind = $mainMod, 9, workspace, 9
|
||||
bind = $mainMod, 0, workspace, 10
|
||||
|
||||
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
||||
bind = $mainMod SHIFT, 1, movetoworkspace, 1
|
||||
bind = $mainMod SHIFT, 2, movetoworkspace, 2
|
||||
bind = $mainMod SHIFT, 3, movetoworkspace, 3
|
||||
bind = $mainMod SHIFT, 4, movetoworkspace, 4
|
||||
bind = $mainMod SHIFT, 5, movetoworkspace, 5
|
||||
bind = $mainMod SHIFT, 6, movetoworkspace, 6
|
||||
bind = $mainMod SHIFT, 7, movetoworkspace, 7
|
||||
bind = $mainMod SHIFT, 8, movetoworkspace, 8
|
||||
bind = $mainMod SHIFT, 9, movetoworkspace, 9
|
||||
bind = $mainMod SHIFT, 0, movetoworkspace, 10
|
||||
|
||||
# Example special workspace (scratchpad)
|
||||
bind = $mainMod, S, togglespecialworkspace, magic
|
||||
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
|
||||
|
||||
# Scroll through existing workspaces with mainMod + scroll
|
||||
bind = $mainMod, mouse_down, workspace, e+1
|
||||
bind = $mainMod, mouse_up, workspace, e-1
|
||||
|
||||
# Move/resize windows with mainMod + LMB/RMB and dragging
|
||||
bindm = $mainMod, mouse:272, movewindow
|
||||
bindm = $mainMod, mouse:273, resizewindow
|
||||
|
||||
'';
|
||||
|
||||
}
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue