Compare commits

..

8 commits

Author SHA1 Message Date
Ingolf Wagner
ab640e771a
wip (works with encryption) 2024-08-07 21:37:56 +02:00
Ingolf Wagner
6637450aa5
wip (works with encryption) 2024-08-07 21:37:55 +02:00
Ingolf Wagner
1a8ae5ded2
wip (works) 2024-08-07 21:37:54 +02:00
Ingolf Wagner
cd1d0c7e74
wip ssh component refactoring 2024-08-07 21:37:53 +02:00
Ingolf Wagner
28b42e3306
Update facts/secrets for service boot.ssh in machine probe 2024-08-07 21:37:52 +02:00
Ingolf Wagner
4ae184925c
Update facts/secrets for service boot.ssh in machine probe 2024-08-07 21:37:51 +02:00
Ingolf Wagner
b7a259bf39
fix falsely installing wayland everywhere with no x 2024-08-07 21:37:50 +02:00
Ingolf Wagner
1b60bfbe21
probe encryption 2024-08-07 21:37:49 +02:00
294 changed files with 5561 additions and 6186 deletions

View file

@ -1,17 +1,18 @@
name: Build all NixOS Configurations
on:
push:
branches:
- "**"
schedule:
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
- cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs:
nix build:
runs-on: native
steps:
- uses: actions/checkout@v4
with:
clean: true
- name: update nix flakes
if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes
@ -29,6 +30,7 @@ jobs:
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes
run: |
@ -46,16 +48,22 @@ jobs:
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
# - name: nix build cream
# run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: nix build sternchen
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
- name: commit & push
if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch

Binary file not shown.

Before

Width:  |  Height:  |  Size: 696 KiB

After

Width:  |  Height:  |  Size: 39 KiB

View file

@ -1,8 +1,6 @@
# components concept
- components are kinda opinionated.
- should be project agnostic (e.g.: configure bugwarrior via options but leave
specifics out).
- `component.<toplevel>.enabled` should usually be the default for all it
subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
- `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- But default should make sense here!

View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
{

View file

@ -5,12 +5,13 @@
./gui
./mainUser.nix
./media
./monitor
./network
./nixos
./terminal
./timezone.nix
./virtualisation
./yubikey.nix
];
}

View file

@ -1,10 +1,5 @@
# TODO test `alsactl init` after suspend to reinit mic
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
options.components.gui.audio.enable = mkOption {
@ -25,6 +20,7 @@ with lib;
environment.systemPackages = with pkgs; [
alsa-utils
alsaUtils
# PulseAudio control
# ------------------

View file

@ -8,13 +8,11 @@ in
programs.chromium.extensions = [
"nngceckbapebfimnlniiiahkandclblb" # bitwarden
# "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
"edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
"dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
"mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
];
# overwrite use zram on small RAM systems
@ -36,59 +34,50 @@ in
home = "${homeFolder}/development-browser";
homeBackup = "${backupFolder}/development-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
google = {
home = "${homeFolder}/google-browser";
homeBackup = "${backupFolder}/google-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
finance = {
home = "${homeFolder}/finance-browser";
homeBackup = "${backupFolder}/finance-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
facebook = {
home = "${homeFolder}/facebook-browser";
homeBackup = "${backupFolder}/facebook-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
shopping = {
home = "${homeFolder}/shopping-browser";
homeBackup = "${backupFolder}/shopping-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
jobrad = {
browserType = "chrome";
home = "${homeFolder}/jobrad-chrome";
homeBackup = "${backupFolder}/jobrad-chrome";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
firefox-tmp = {
browserType = "firefox";
home = "${homeFolder}/firefox-tmp";
homeBackup = "${backupFolder}/firefox-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
chromium-tmp = {
browserType = "chrome";
home = "${homeFolder}/chromium-tmp";
homeBackup = "${backupFolder}/chrome-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
google-tmp = {
browserType = "google";
home = "${homeFolder}/google-tmp";
homeBackup = "${backupFolder}google-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
};

View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with lib;
{
options.components.gui = {
@ -15,6 +10,7 @@ with lib;
./audio.nix
./browser.nix
./cups.nix
./fonts.nix
./home-manager
./kmonad.nix
#./noti.nix # todo: make this different (use password store and such)

36
components/gui/fonts.nix Normal file
View file

@ -0,0 +1,36 @@
{ pkgs, config, lib, ... }:
with lib;
{
options.components.gui.style.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.style.enable) {
fonts.packages = with pkgs; [
corefonts
hasklig
inconsolata
source-code-pro
symbola
ubuntu_font_family
# symbol fonts
# ------------
nerdfonts
powerline-fonts
font-awesome
fira-code-symbols
jetbrains-mono
# shell font
# ----------
terminus_font
gohufont
];
};
}

View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with lib;
{

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
{
options.components.gui.kmonad.enable = lib.mkOption {
@ -84,21 +79,9 @@
in
{
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
"lctl"
"lmet"
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
};
};
};

View file

@ -1,11 +1,6 @@
# notify me when a command is finished
# todo : secret managment is shit
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
options.components.gui.noti.enable = mkOption {

View file

@ -1,17 +1,11 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
let
# desktop file
# ------------
# makes it possible to be used by other programs
desktopFile =
name: bin:
desktopFile = name: bin:
pkgs.writeTextFile {
name = "${name}.desktop";
destination = "/share/applications/${name}.desktop";
@ -40,9 +34,7 @@ in
environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator
(desktopFile "passmenu" "${
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
pkgs.otpmenu

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
options.components.gui.steam.enable = mkOption {
@ -27,12 +22,7 @@ with lib;
isSystemUser = true;
home = "/home/steam";
createHome = true;
extraGroups = [
"audio"
"input"
"video"
"pipewire"
];
extraGroups = [ "audio" "input" "video" "pipewire" ];
group = "steam";
shell = pkgs.bashInteractive;
};

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
options.components.gui.suspend.enable = mkOption {
@ -18,11 +13,13 @@ with lib;
requiredBy = [ "sleep.target" ];
environment =
let
display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
display =
if (config.services.xserver.display != null) then
config.services.xserver.display
else
0;
in
{
DISPLAY = ":${toString display}";
};
{ DISPLAY = ":${toString display}"; };
script = ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
sleep 1

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
options.components.gui.vscode.enable = mkOption {

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
@ -83,3 +78,4 @@ with lib;
};
}

View file

@ -1,9 +1,4 @@
{
lib,
pkgs,
config,
...
}:
{ lib, pkgs, config, ... }:
with lib;
let

View file

@ -1,20 +1,18 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
with types;
let
cfg = config.components.mainUser;
# todo : use optionalList
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
dockerGroup =
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
vboxGroup =
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
in
{
@ -73,20 +71,8 @@ in
uid = cfg.uid;
home = "/home/${cfg.userName}";
initialPassword = cfg.userName;
extraGroups =
[
"wheel"
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
]
++ dockerGroup
++ vboxGroup
++ cfg.extraGroups;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name;
};

View file

@ -4,12 +4,7 @@
# * connect via mixxx to it.
# * add the podcast to mpd in the same network
# --------------------------------------------------
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
let

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{

View file

@ -1,34 +1,30 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
let
obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
obs-cmd = pkgs.rustPlatform.buildRustPackage
rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
};
};
# Lassulus streaming setup
# -------------------------
@ -57,12 +53,7 @@ let
name = "screen-keys";
paths =
let
screenKeyScript =
{
position ? "bottom",
size ? "small",
...
}:
screenKeyScript = { position ? "bottom", size ? "small", ... }:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
''
${pkgs.screenkey}/bin/screenkey \
@ -74,41 +65,27 @@ let
"$@"
'';
in
lib.flatten (
lib.flip map
[
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
lib.flip map [ "top" "center" "bottom" ]
(position: screenKeyScript { inherit size position; })));
};
mpvReview =
let
moveToDir =
key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
delete = moveToDir "D" "./.graveyard";
good = moveToDir "G" "./.good";
in
@ -133,6 +110,7 @@ in
config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [
{
programs.obs-studio = {
@ -145,6 +123,7 @@ in
}
];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -158,6 +137,7 @@ in
alphaSafe
sanitizeFolder
# obs studio stuff
obs-cli
v4l-utils
@ -174,6 +154,8 @@ in
handbrake
ffmpeg-full
];
};
}

View file

@ -1,20 +1,17 @@
{
lib,
config,
inputs,
...
}:
{ lib, config, ... }:
with lib;
with types;
{
imports = [
./default.nix
../timezone.nix
];
config = {
telemetry.enable = mkDefault true;
telemetry.metrics.enable = mkDefault false;
telemetry.opentelemetry.enable = false;
components.monitor.enable = mkDefault true;
components.monitor.metrics.enable = mkDefault false;
components.monitor.opentelemetry.enable = false;
services.journald.extraConfig = "SystemMaxUse=1G";
};

View file

@ -0,0 +1,32 @@
{ lib, config, ... }:
with lib;
with types;
{
options.components.monitor = {
enable = mkOption {
type = bool;
default = true;
};
metrics.enable = mkOption {
type = bool;
default = config.components.monitor.enable;
};
logs.enable = mkOption {
type = bool;
default = config.components.monitor.enable;
};
};
imports = [
./logs-promtail.nix
./metrics-export-zfs.nix
./metrics-netdata.nix
./metrics-prometheus.nix
./metrics-telegraf.nix
./opentelemetry.nix
];
config = mkIf config.components.monitor.enable { };
}

View file

@ -0,0 +1,178 @@
{ config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.promtail;
in
{
options.components.monitor.promtail = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.logs.enable;
};
port = mkOption {
type = int;
default = 3500;
description = "port to provide promtail export";
};
};
config = mkMerge [
(mkIf config.components.monitor.opentelemetry.enable {
services.opentelemetry-collector.settings = {
receivers.loki = {
protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
use_incoming_timestamp = true;
};
service.pipelines.logs.receivers = [ "loki" ];
};
})
(mkIf config.components.monitor.promtail.enable {
services.promtail = {
enable = true;
configuration = {
server. disable = true;
positions.filename = "/var/cache/promtail/positions.yaml";
clients = [
{ url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
];
scrape_configs =
let
_replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
_elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
_if = index: ''{{ if eq .Value "${toString index}" }}'';
_end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
in
[
{
job_name = "journal";
journal = {
json = true;
max_age = "12h";
labels.job = "systemd-journal";
};
pipeline_stages = [
{
# Set of key/value pairs of JMESPath expressions. The key will be
# the key in the extracted data while the expression will be the value,
# evaluated as a JMESPath from the source data.
json.expressions = {
# journalctl -o json | jq and you'll see these
boot_id = "_BOOT_ID";
facility = "SYSLOG_FACILITY";
facility_label = "SYSLOG_FACILITY";
instance = "_HOSTNAME";
msg = "MESSAGE";
priority = "PRIORITY";
priority_label = "PRIORITY";
transport = "_TRANSPORT";
unit = "_SYSTEMD_UNIT";
# coredump
#coredump_cgroup = "COREDUMP_CGROUP";
#coredump_exe = "COREDUMP_EXE";
#coredump_cmdline = "COREDUMP_CMDLINE";
#coredump_uid = "COREDUMP_UID";
#coredump_gid = "COREDUMP_GID";
};
}
{
# Set the unit (defaulting to the transport like audit and kernel)
template = {
source = "unit";
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
};
}
{
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
replace = {
source = "unit";
expression = "^(session-\\d+.scope)$";
replace = "session.scope";
};
}
{
# Map priority to human readable
template = {
source = "priority_label";
#template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
template = createTemplateLine [
"emergency"
"alert"
"critical"
"error"
"warning"
"notice"
"info"
"debug"
];
};
}
{
# Map facility to human readable
template =
{
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
}
{
# Key is REQUIRED and the name for the label that will be created.
# Value is optional and will be the name from extracted data whose value
# will be used for the value of the label. If empty, the value will be
# inferred to be the same as the key.
labels = {
boot_id = "";
facility = "";
facility_label = "";
instance = "";
priority = "";
priority_label = "";
transport = "";
unit = "";
};
}
{
# Write the proper message instead of JSON
output.source = "msg";
}
];
}
];
};
};
})
];
}

View file

@ -0,0 +1,32 @@
{ pkgs, config, lib, ... }:
with lib;
with types;
{
options.components.monitor.exporters.zfs.enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
config = mkMerge [
(mkIf config.components.monitor.exporters.zfs.enable {
services.telegraf.extraConfig.inputs.zfs = { };
services.prometheus.exporters.zfs.enable = true;
services.opentelemetry-collector.settings = {
receivers.prometheus.config.scrape_configs = [
{
job_name = "zfs";
scrape_interval = "10s";
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
];
service.pipelines.metrics.receivers = [ "prometheus" ];
};
})
];
}

View file

@ -0,0 +1,35 @@
{ lib, pkgs, config, ... }:
with lib;
with types;
{
options.components.monitor.netdata = {
enable = mkOption {
type = bool;
default = config.components.monitor.metrics.enable;
};
};
config = mkIf config.components.monitor.netdata.enable {
# netdata sink
services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
{
job_name = "netdata";
scrape_interval = "10s";
metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ];
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
}
];
# https://docs.netdata.cloud/daemon/config/
services.netdata = {
enable = lib.mkDefault true;
config = {
global = {
"memory mode" = "ram";
};
};
};
};
}

View file

@ -0,0 +1,45 @@
{ config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.prometheus;
in
{
options.components.monitor.prometheus = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
port = mkOption {
type = int;
default = 8090;
description = "port to provide Prometheus export";
};
};
config = mkMerge [
(mkIf config.components.monitor.prometheus.enable {
services.prometheus = {
checkConfig = "syntax-only";
enable = true;
};
})
(mkIf config.components.monitor.prometheus.enable {
services.opentelemetry-collector.settings = {
exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
service.pipelines.metrics.exporters = [ "prometheus" ];
};
services.prometheus.scrapeConfigs = [
{
job_name = "opentelemetry";
metrics_path = "/metrics";
scrape_interval = "10s";
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
}
];
})
];
}

View file

@ -0,0 +1,50 @@
{ config, pkgs, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.telegraf;
in
{
options.components.monitor.telegraf = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
influxDBPort = mkOption {
type = int;
default = 8088;
description = "Port to listen on influxDB input";
};
};
config = lib.mkMerge [
(mkIf config.components.monitor.telegraf.enable {
# opentelemetry wireing
services.opentelemetry-collector.settings = {
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ];
};
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
})
(mkIf config.components.monitor.telegraf.enable {
systemd.services.telegraf.path = [ pkgs.inetutils ];
services.telegraf = {
enable = true;
extraConfig = {
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
inputs = {
cpu = { };
diskio = { };
processes = { };
system = { };
systemd_units = { };
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
};
};
};
})
];
}

View file

@ -0,0 +1,205 @@
{ pkgs, config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.opentelemetry;
in
{
options.components.monitor.opentelemetry = {
enable = mkOption {
type = bool;
default = config.components.monitor.enable;
description = "weather or not to use opentelemetry";
};
receiver.endpoint = mkOption {
type = nullOr str;
default = null;
description = "endpoint to receive the opentelementry data from other collectors";
};
exporter.endpoint = mkOption {
type = nullOr str;
default = null;
description = "endpoint to ship opentelementry data too";
};
exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]);
default = null;
description = "enable debug exporter.";
};
metrics.endpoint = mkOption {
type = str;
default = "127.0.0.1:8100";
description = "endpoint on where to provide opentelementry metrics";
};
};
config = mkMerge [
(mkIf config.components.monitor.opentelemetry.enable {
services.opentelemetry-collector = {
enable = true;
package = pkgs.opentelemetry-collector-contrib;
};
})
# add default tags to metrics
# todo : make sure we filter out metrics from otlp receivers
(mkIf config.components.monitor.enable {
services.opentelemetry-collector.settings = {
processors = {
# https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
"resourcedetection/system" = {
detectors = [ "system" ];
override = false;
system.hostname_sources = [ "os" ];
};
metricstransform.transforms = [
{
include = ".*";
match_type = "regexp";
action = "update";
operations = [{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}];
}
];
};
};
})
(mkIf config.components.monitor.metrics.enable {
services.opentelemetry-collector.settings = {
service.pipelines.metrics.processors = [
"metricstransform"
"resourcedetection/system"
];
};
})
(mkIf config.components.monitor.logs.enable {
services.opentelemetry-collector.settings = {
service.pipelines.logs.processors = [ "resourcedetection/system" ];
};
})
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = {
exporters.debug = {
verbosity = "detailed";
sampling_initial = 5;
sampling_thereafter = 200;
};
service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
exporters = [ "debug" ];
};
};
})
# ship to next instance
(mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
services.opentelemetry-collector.settings = {
exporters.otlp = {
endpoint = cfg.exporter.endpoint;
tls.insecure = true;
};
};
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ];
};
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ];
};
})
# ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
services.opentelemetry-collector.settings = {
receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
};
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ];
};
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ];
};
})
# scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?)
# todo : enable me only when metrics.endpoint is set.
(mkIf config.components.monitor.metrics.enable {
services.opentelemetry-collector.settings = {
receivers = {
prometheus.config.scrape_configs = [
{
job_name = "otelcol";
scrape_interval = "10s";
static_configs = [{
targets = [ cfg.metrics.endpoint ];
}];
metric_relabel_configs = [
{
source_labels = [ "__name__" ];
regex = ".*grpc_io.*";
action = "drop";
}
];
}
];
};
service = {
pipelines.metrics = {
receivers = [ "prometheus" ];
};
# todo : this should be automatically be collected
# open telemetries own metrics?
telemetry.metrics.address = cfg.metrics.endpoint;
};
};
})
(mkIf (! config.components.monitor.metrics.enable) {
services.opentelemetry-collector.settings = {
service.telemetry.metrics.level = "none";
};
})
];
}

View file

@ -11,6 +11,7 @@ with types;
imports = [
#./avahi.nix
./fail2ban.nix
./hosts.nix
./nginx.nix
./sshd

View file

@ -1,21 +1,17 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
{
options.features.network.fail2ban.enable = mkOption {
options.components.network.fail2ban.enable = mkOption {
type = lib.types.bool;
default = false;
};
config = mkMerge [
(mkIf config.features.network.fail2ban.enable {
environment.systemPackages = [ pkgs.fail2ban ];
(mkIf config.components.network.fail2ban.enable {
environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
services.fail2ban = {
enable = true;
#package = pkgs.legacy_2311.fail2ban;
jails = { };
};
})
@ -23,7 +19,7 @@ with lib;
# custom defined jails
# --------------------
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
(mkIf config.features.network.fail2ban.enable {
(mkIf config.components.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-not-found.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";
@ -37,7 +33,7 @@ with lib;
'';
};
})
(mkIf config.features.network.fail2ban.enable {
(mkIf config.components.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-bad-request.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";

View file

@ -1,9 +1,5 @@
{ clanLib, ... }:
{
networking.extraHosts = ''
95.216.66.212 orbi.public
'';
services.openssh.knownHosts = {
"orbi.public".publicKey = clanLib.readFact "ssh.id_ed25519.pub" "orbi";
};
}

View file

@ -1,10 +1,4 @@
{
config,
lib,
pkgs,
assets,
...
}:
{ config, lib, pkgs, assets, ... }:
with lib;
{
options.components.network.nginx.enable = mkOption {
@ -22,13 +16,8 @@ with lib;
environment.systemPackages = [
pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" {
flakeIgnore = [
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
(lib.fileContents "${assets}/nginx-show-config.py"))
];
security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -96,11 +85,7 @@ with lib;
root = pkgs.landingpage.override {
jsonConfig =
let
entry =
{
machine,
items ? [ ],
}:
entry = { machine, items ? [ ] }:
{
text = machine;
items = [
@ -175,7 +160,7 @@ with lib;
];
})
(entry { machine = "cherry"; })
#(entry { machine = "cream"; })
(entry { machine = "cream"; })
(entry { machine = "mobi"; })
(entry { machine = "bobi"; })
{
@ -189,12 +174,14 @@ with lib;
{
label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects";
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
image =
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
}
{
label = "Cups";
href = "http://localhost:631/";
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
image =
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
}
];
}
@ -204,42 +191,52 @@ with lib;
{
label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "NixOS Reference";
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
href =
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html";
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
image =
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
}
{
label = "NixOS Language specific helpers";
href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
href =
"https://nixos.wiki/wiki/Language-specific_package_helpers";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "NixOS Weekly";
href = "https://weekly.nixos.org/";
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
image =
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
}
{
label = "NixOS Security";
href = "https://broken.sh/";
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
image =
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
}
{
label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/";
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
image =
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
}
];
}

View file

@ -1,20 +1,17 @@
{
pkgs,
config,
lib,
assets,
...
}:
{ pkgs, config, lib, assets, ... }:
with lib;
with types;
let
defaultRootKeyFiles = [ "${assets}/mrvandalo_rsa.pub" ];
cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
sshBanner = pkgs.runCommand "ssh-banner"
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
'';
in
{
@ -29,6 +26,15 @@ in
type = bool;
default = true;
};
rootKeyFiles = mkOption {
type = with types; listOf path;
default = [ ];
description = "keys to root login";
};
sshguard.enable = mkOption {
type = bool;
default = config.components.network.sshd.enable;
};
onlyTincAccess = mkOption {
type = bool;
default = false;
@ -58,13 +64,20 @@ in
# settings.LoginGraceTime = 0;
};
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
# todo enable again when I can it's possible to set the `-q` ssh option in clan
#services.openssh.banner = builtins.readFile sshBanner;
})
(mkIf cfg.sshguard.enable {
environment.systemPackages = [ pkgs.ipset ];
services.sshguard.enable = lib.mkDefault true;
#boot.kernelModules = ["xt_set"];
})
(mkIf (cfg.onlyTincAccess && cfg.enable) {
# fixme: this is not working
networking.firewall.extraCommands = ''
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
'';

View file

@ -1,10 +1,4 @@
{
pkgs,
config,
lib,
clanLib,
...
}:
{ pkgs, config, lib, clanLib, ... }:
with lib;
let
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
@ -15,18 +9,11 @@ in
services.openssh.knownHosts = {
orbi = {
hostNames = [
"git.ingolf-wagner.de"
"95.216.66.212"
];
publicKey = publicKey "orbi";
};
forgejo = {
hostNames = [
"[git.ingolf-wagner.de]:2222"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
};
};
};

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
config = mkIf (config.components.network.sshd.enable) {
@ -33,66 +28,65 @@ with lib;
};
gitlab = {
hostNames = [ "gitlab.com" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
};
gitlab-bk = {
hostNames = [
"gitlab.bk-bund-berlin.de"
"116.203.133.59"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
};
# space-left
gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
};
# c-base
"bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
};
"shell.cbase" = {
hostNames = [ "shell.c-base.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
};
"kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
};
"cns.cbase" = {
hostNames = [ "cns.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
};
"lassulus" = {
hostNames = [ "[lassul.us]:45621" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
renoise = {
hostNames = [
"*.renoise.com"
"renoise.com"
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
};
git-renoise = {
hostNames = [
"[git.renoise.com]:2229"
"[94.130.128.97]:2229"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
};
"siteground" = {
hostNames = [
"[es5.siteground.eu]:18765"
"[37.60.224.6]:18765"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
};
"cracksucht.de" = {
hostNames = [ "cracksucht.de" ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
};
};

View file

@ -1,38 +1,27 @@
{
lib,
config,
clanLib,
...
}:
{ lib, config, clanLib, ... }:
with lib;
with types;
let
machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines (machine: {
hostNames = [
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
});
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs' (
machine: publicKey:
nameValuePair "boot_${machine}" {
inherit publicKey;
hostNames = [
"[${machine}]:2222"
"[${machine}.public]:2222"
];
}
) bootMachines;
knownHosts = lib.genAttrs machines
(machine:
{
hostNames = [
"[${machine}]:2222"
"[${machine}.${tld}]:2222"
"[${machine}.private]:2222"
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
}
);
in
{
# todo : move this to the proper place
options.components.network.zerotier = {
enable = mkOption {
type = bool;
@ -41,6 +30,6 @@ in
};
config = mkIf config.components.network.zerotier.enable {
services.openssh.knownHosts = knownHosts // knownBootHosts;
services.openssh.knownHosts = knownHosts;
};
}

View file

@ -1,13 +1,15 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
{
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
let
clanMachines =
lib.mapAttrs
(machine: facts: {
name = machine;
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
in
with lib; {
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -20,19 +22,6 @@ with lib;
cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
settings.devices =
let
clanMachines =
lib.mapAttrs
(machine: facts: {
name = machine;
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: {
"${machine}" = {
name = machine;
@ -43,27 +32,22 @@ with lib;
in
clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "iPad" "NEGOJYU-EEDRM4E-XVZUKFO-63LAIOO-WHFFS2V-3SH3KR2-VYEFQLW-4QOFBQU")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
;
settings.folders = {
# needs to be on encrypted drives
# -------------------------------
audiobooks = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks";
devices = [
"chungus"
"orbi"
];
devices = [ "chungus" "orbi" ];
};
books = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [
"chungus"
# "cream"
"cherry"
];
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "2";
@ -72,20 +56,12 @@ with lib;
desktop = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [
"chungus"
# "cream"
"cherry"
];
devices = [ "chungus" "cream" "cherry" ];
};
finance = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [
"chungus"
# "cream"
"cherry"
];
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
@ -94,46 +70,27 @@ with lib;
flix = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix";
devices = [
"chungus"
"orbi"
];
devices = [ "chungus" "orbi" ];
};
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [
"cherry"
"chungus"
"iPad"
"iPhone"
];
devices = [ "chungus" "cream" "cherry" "iPhone" ];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [
"chungus"
"orbi"
];
devices = [ "chungus" "orbi" ];
};
oscar_cpap = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap";
devices = [
"chungus"
# "cream"
"cherry"
];
devices = [ "chungus" "cream" "cherry" ];
};
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [
"chungus"
# "cream"
"cherry"
];
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
@ -143,12 +100,18 @@ with lib;
share = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [
# "cream"
"cherry"
"orbi"
];
devices = [ "cream" "cherry" "orbi" ];
};
# todo remove if zfs is is used
#nextcloud_backup = {
# enable = lib.mkDefault false;
# path = lib.mkDefault "/tmp/lost-fotos";
# devices = [ "chungus" ];
# versioning = {
# type = "simple";
# params.keep = "2";
# };
#};
};
};

View file

@ -1,10 +1,4 @@
{
lib,
config,
factsGenerator,
clanLib,
...
}:
{ lib, config, factsGenerator, clanLib, ... }:
with lib;
{
@ -26,21 +20,18 @@ with lib;
};
config = mkMerge [
(mkIf config.tinc.private.enable (
import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
(mkIf config.tinc.secret.enable (
import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
(mkIf config.tinc.private.enable (import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}))
(mkIf config.tinc.secret.enable (import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}))
];
}

View file

@ -1,20 +1,19 @@
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
factsGenerator,
mapAttrsToList,
clanLib,
...
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, factsGenerator
, mapAttrsToList
, clanLib
, ...
}:
let
hosts = {
bobi = "10.23.42.25";
cherry = "10.23.42.29";
chungus = "10.23.42.28";
# cream = "10.23.42.27";
cream = "10.23.42.27";
mobi = "10.23.42.23";
orbi = "10.23.42.100";
};
@ -27,8 +26,6 @@ let
"prowlarr.orbi" = hosts.orbi;
"photoprism.orbi" = hosts.orbi;
# chungus
"video.chungus" = hosts.chungus;
"music.chungus" = hosts.chungus;
"de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus;
@ -53,36 +50,35 @@ in
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [ { address = hosts.mobi; } ];
subnets = [{ address = hosts.mobi; }];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
bobi = {
subnets = [ { address = hosts.bobi; } ];
subnets = [{ address = hosts.bobi; }];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
# cream = {
# subnets = [ { address = hosts.cream; } ];
# settings.Ed25519PublicKey = Ed25519PublicKey "cream";
# };
cream = {
subnets = [{ address = hosts.cream; }];
settings.Ed25519PublicKey = Ed25519PublicKey "cream";
};
cherry = {
subnets = [ { address = hosts.cherry; } ];
subnets = [{ address = hosts.cherry; }];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
};
chungus = {
subnets = [ { address = hosts.chungus; } ];
subnets = [{ address = hosts.chungus; }];
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
};
orbi = {
addresses = [ { address = "95.216.66.212"; } ];
subnets = [ { address = hosts.orbi; } ];
addresses = [{ address = "95.216.66.212"; }];
subnets = [{ address = hosts.orbi; }];
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
};
};
@ -103,8 +99,6 @@ in
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
}

View file

@ -1,18 +1,17 @@
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
mapAttrsToList,
factsGenerator,
...
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, mapAttrsToList
, factsGenerator
, ...
}:
let
port = 721;
hosts = {
cherry = "10.123.42.29";
# cream = "10.123.42.27";
cream = "10.123.42.27";
robi = "10.123.42.123";
sternchen = "10.123.42.25";
sterni = "10.123.42.24";
@ -24,37 +23,31 @@ in
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = ''
LocalDiscovery = yes
Port = ${toString port}
'';
hostSettings = {
sternchen = {
subnets = [ { address = hosts.sternchen; } ];
subnets = [{ address = hosts.sternchen; }];
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
};
# cream = {
# subnets = [ { address = hosts.cream; } ];
# settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
# };
cream = {
subnets = [{ address = hosts.cream; }];
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
};
cherry = {
subnets = [ { address = hosts.cherry; } ];
subnets = [{ address = hosts.cherry; }];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
};
sterni = {
subnets = [ { address = hosts.sterni; } ];
subnets = [{ address = hosts.sterni; }];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
robi = {
addresses = [
{
address = "144.76.13.147";
port = port;
}
];
subnets = [ { address = hosts.robi; } ];
addresses = [{ address = "144.76.13.147"; port = port; }];
subnets = [{ address = hosts.robi; }];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
};
};
@ -75,37 +68,23 @@ in
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
services.openssh.knownHosts = {
# "cream.${network}" = {
# hostNames = [
# "cream.${network}"
# hosts.cream
# ];
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
# };
"cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
};
"sternchen.${network}" = {
hostNames = [
"sterni.${network}"
hosts.sterni
];
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
};
"sterni.${network}" = {
hostNames = [
"sterni.${network}"
hosts.sterni
];
hostNames = [ "sterni.${network}" hosts.sterni ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"robi" = {
hostNames = [
"robi.${network}"
hosts.robi
];
hostNames = [ "robi.${network}" hosts.robi ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
};

View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
with types;
{
@ -27,6 +22,7 @@ with types;
# Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing.
@ -51,3 +47,4 @@ with types;
};
}

View file

@ -25,9 +25,9 @@ with lib;
config = {
networking.extraHosts = ''
10.100.0.1 cache.orbi.wg0
10.100.0.1 orbi.wg0
10.100.0.2 chungus.wg0
'';
};
}

View file

@ -0,0 +1,15 @@
{ lib, config, ... }:
{
imports = [
./ssh.nix
];
options.components.nixos.boot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
config = lib.mkIf (config.components.nixos.boot.enable) { };
}

View file

@ -1,40 +1,38 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
with lib;
with types;
{
options.features.boot.ssh = {
options.components.nixos.boot.ssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
default = config.components.nixos.boot.enable;
};
kernelModules = mkOption {
type = listOf str;
default = [ ];
description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
description =
"nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
};
};
config = mkIf (config.features.boot.ssh.enable) {
config = mkIf (config.components.nixos.boot.ssh.enable) {
# root password
#clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
#users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; # fixme not working for some reason
#users.users.root.initalPassword = "admin";
# ssh host key
clan.core.facts.services."boot.ssh" = factsGenerator.ssh { name = "boot"; };
# todo: maybe put this in a component
# boot
boot.initrd.systemd.enable = true;
boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
# network
boot.initrd.systemd.network.enable = true;
boot.initrd.availableKernelModules = config.features.boot.ssh.kernelModules;
boot.initrd.availableKernelModules = config.components.nixos.boot.ssh.kernelModules;
# ssh
boot.initrd.network.enable = true;
@ -48,3 +46,4 @@ with types;
};
}

View file

@ -0,0 +1,100 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
with lib;
with types;
{
options.components.nixos.boot = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
tor.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.nixos.boot.ssh.enable;
};
};
config = mkMerge [
# todo : not working at the moment, because onion hostnames are secrets
(
let
onionIds = clanLib.readFactFromAllMachines "tor.initrd.hostname";
generateOnionUnlockScript = machine: onionId: pkgs.writers.writeDashBin "unlock-boot-${machine}-via-tor" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
'';
in
{
# add known hosts
services.openssh.knownHosts =
mapAttrs
(_machine: onionId: {
hostNames = [ "[${onionId}]:2222" ];
})
onionIds;
# create unlook tor boot script
environment.systemPackages =
mapAttrsToList generateOnionUnlockScript onionIds;
}
)
# tor part
# --------
(mkIf (config.components.nixos.boot.tor.enable) {
#services.tor = {
# enable = true;
# client.enable = true;
# relay.onionServices.bootup.map = [{ port = 2222; }];
#};
# tor setup
clan.core.facts.services.initrd_tor = factsGenerator.tor { name = ""; };
boot.initrd.secrets = {
"/etc/tor/onion/bootup/tor.priv" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.priv".path;
"/etc/tor/onion/bootup/hostname" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.hostname".path;
};
#boot.initrd.extraUtilsCommands = ''
# copy_bin_and_libs ${pkgs.tor}/bin/tor
#'';
# fixme: this thing is not working for some reason.
boot.initrd.systemd.packages = [ pkgs.tor pkgs.iproute2 pkgs.coreutils ];
boot.initrd.systemd.services.tor = {
path = [ pkgs.tor pkgs.iproute2 pkgs.coreutils ];
# todo: set wanted by
script =
let
torRc = pkgs.writeText "tor.rc" ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 2222 127.0.0.1:2222
'';
in
''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "make sure localhost is up"
ip a a 127.0.0.1/8 dev lo
ip link set lo up
echo "tor: starting tor"
tor -f ${torRc} --verify-config
tor -f ${torRc}
'';
};
})
];
}

View file

@ -2,6 +2,7 @@
{
imports = [
./upgrade-diff.nix
./boot
];
options.components.nixos.enable = lib.mkOption {

View file

@ -1,10 +1,5 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
{
options.components.nixos.update-diff.enable = lib.mkOption {

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
options.components.terminal.bash.enable = mkOption {
@ -21,6 +16,7 @@ with lib;
interactiveShellInit = "set -o vi";
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
options.components.terminal = {
@ -17,6 +12,8 @@ with lib;
./direnv.nix
./git.nix
./heygpt.nix
./hoard.nix
./oh-my-posh
./remote-install.nix
./wtf.nix
./zsh.nix

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
options.components.terminal.direnv.enable = mkOption {
@ -17,10 +12,7 @@ with lib;
home-manager.sharedModules = [
{
programs.direnv.enable = true;
programs.git.ignores = [
".envrc"
".direnv"
];
programs.git.ignores = [ ".envrc" ".direnv" ];
}
];

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
options.components.terminal.git.enable = mkOption {
@ -13,6 +8,7 @@ with lib;
config = mkIf (config.components.terminal.git.enable) {
environment.systemPackages = with pkgs; [
git
gita
@ -33,3 +29,4 @@ with lib;
];
};
}

View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with lib;
{
options.components.terminal.heygpt.enable = mkOption {

View file

@ -0,0 +1,62 @@
{ pkgs, config, lib, ... }:
with lib;
let
hoardSrc = pkgs.fetchFromGitHub {
owner = "Hyde46";
repo = "hoard";
rev = "v1.3.1";
sha256 = "sha256-Gm3X6/g5JQJEl7wRvWcO4j5XpROhtfRJ72LNaUeZRGc=";
};
in
{
options.components.terminal.hoard.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.hoard.enable) {
# todo : sync via syncthing
#backup.dirs = [
# "/root/.config/hoard"
# "/home/palo/.config/hoard"
#];
environment.systemPackages = [ pkgs.legacy_2211.hoard ];
home-manager.users.mainUser = {
xdg.configFile."hoard/config.yml".text = builtins.toJSON {
version = "1.0.1";
default_namespace = "default";
config_home_path = "/home/palo/.config/hoard";
trove_path = "/home/palo/.config/hoard/trove.yml";
query_prefix = " >";
primary_color = [ 87 142 87 ];
secondary_color = [ 203 184 144 ];
tertiary_color = [ 30 30 30 ];
command_color = [ 30 30 30 ];
parameter_token = "#";
read_from_current_directory = true;
};
programs.zsh.initExtra = ''
export HOARD_NOBIND=1
source ${hoardSrc}/src/shell/hoard.zsh
bindkey '^x' _hoard_list_widget
'';
};
# use showkey -a
# Ctrl-h is equivalent to Ctrl-Backspace (for some reason)
programs.zsh.interactiveShellInit = ''
export HOARD_NOBIND=1
source ${hoardSrc}/src/shell/hoard.zsh
bindkey '^x' _hoard_list_widget
'';
programs.bash.interactiveShellInit = ''
export HOARD_NOBIND=1
source ${hoardSrc}/src/shell/hoard.bash
bind -x '"\C-x": __hoard_list'
'';
};
}

View file

@ -0,0 +1,26 @@
{ pkgs, config, lib, ... }:
with lib;
{
options.components.terminal.oh-my-posh.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.oh-my-posh.enable) {
home-manager.users =
let
poshConfig = {
programs.oh-my-posh = {
enable = true;
# useTheme = "gruvbox";
settings = builtins.fromJSON (builtins.readFile ./gruvbox.json);
};
};
in
{
mainUser = poshConfig;
root = poshConfig;
};
};
}

View file

@ -13,13 +13,9 @@
},
{
"background": "#fbf1c7",
"background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
"foreground": "#282828",
"foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
options.components.terminal.remote-install.enable = mkOption {
@ -15,7 +10,7 @@ with lib;
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.liveos.map = [ { port = 1337; } ];
relay.onionServices.liveos.map = [{ port = 1337; }];
};
environment.systemPackages = [

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
let
@ -23,7 +18,7 @@ let
${pkgs.iw}/bin/iw dev \
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
); do
inet=$(${pkgs.iproute2}/bin/ip addr show $dev \
inet=$(${pkgs.iproute}/bin/ip addr show $dev \
| ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \
|| unset inet
ssid=$(${pkgs.iw}/bin/iw dev $dev link \
@ -59,29 +54,23 @@ let
echo
'';
userHighlight =
map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ];
userHighlight = map ({ user, ... }: user)
(builtins.attrValues config.services.browser.configList)
++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" ''
${pkgs.procps}/bin/ps -eo user \
| ${pkgs.gnused}/bin/sed '1 d' \
| ${pkgs.coreutils}/bin/sort \
| ${pkgs.coreutils}/bin/uniq \
| ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
| ${pkgs.gnugrep}/bin/egrep --color=always '(${
pkgs.lib.concatStringsSep "|" userHighlight
})|$'
'';
# default settings
wtfModule =
args@{
height ? 1,
width ? 1,
top,
left,
enabled ? true,
type,
...
}:
args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
{
enabled = enabled;
focusable = false;
@ -89,157 +78,106 @@ let
position.left = left;
position.height = height;
position.width = width;
}
// (lib.filterAttrs (
key: _:
lib.all (x: x != key) [
"height"
"width"
"top"
"left"
]
) args);
} // (lib.filterAttrs
(key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
args);
# command runner module
cmdRunner =
args@{ cmd, ... }:
wtfModule (
{
type = "cmdrunner";
focusable = false;
refreshInterval = 300;
}
// args
);
cmdRunner = args@{ cmd, ... }:
wtfModule ({
type = "cmdrunner";
focusable = false;
refreshInterval = 300;
} // args);
modules = {
inherit cmdRunner;
digitalclock =
args@{ top, left, ... }:
cmdRunner (
{
cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y"
'';
title = "";
refreshInterval = 30;
}
// args
);
digitalclock = args@{ top, left, ... }:
cmdRunner ({
cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y"
'';
title = "";
refreshInterval = 30;
} // args);
clocks =
args@{ top, left, ... }:
wtfModule (
{
type = "clocks";
title = "";
border = false;
colors.rows = {
even = "white";
odd = "white";
};
locations = {
UTC = "Etc/UTC";
Berlin = "Europe/Berlin";
Thailand = "Asia/Bangkok";
#Cuba = "America/Havana";
#Wellington = "Pacific/Auckland";
};
sort = "alphabetical";
refreshInterval = 60;
}
// args
);
clocks = args@{ top, left, ... }:
wtfModule ({
type = "clocks";
title = "";
border = false;
colors.rows = {
even = "white";
odd = "white";
};
locations = {
UTC = "Etc/UTC";
Berlin = "Europe/Berlin";
Cuba = "America/Havana";
Wellington = "Pacific/Auckland";
};
sort = "alphabetical";
refreshInterval = 60;
} // args);
resourceusage =
args@{ top, left, ... }:
wtfModule (
{
type = "resourceusage";
title = "";
cpuCombined = false;
refreshInterval = 5;
}
// args
);
resourceusage = args@{ top, left, ... }:
wtfModule ({
type = "resourceusage";
title = "";
cpuCombined = false;
refreshInterval = 5;
} // args);
power =
args@{ top, left, ... }:
wtfModule (
{
type = "power";
title = "";
refreshInterval = 100;
}
// args
);
power = args@{ top, left, ... }:
wtfModule ({
type = "power";
title = "";
refreshInterval = 100;
} // args);
prettyweather =
args@{ top, left, ... }:
wtfModule (
{
type = "prettyweather";
title = "";
city = "Essen";
unit = "m";
view = 0;
language = "en";
refreshInterval = 3600;
}
// args
);
prettyweather = args@{ top, left, ... }:
wtfModule ({
type = "prettyweather";
title = "";
city = "Essen";
unit = "m";
view = 0;
language = "en";
refreshInterval = 3600;
} // args);
feedreader =
args@{
top,
left,
feeds,
...
}:
wtfModule (
{
type = "feedreader";
title = "";
refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
}
// args
);
feedreader = args@{ top, left, feeds, ... }:
wtfModule ({
type = "feedreader";
title = "";
refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
} // args);
github =
args@{
top,
left,
username,
apiKey,
...
}:
wtfModule (
{
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
github = args@{ top, left, username, apiKey, ... }:
wtfModule ({
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
enableStatus = true;
# customQueries:
# othersPRs:
# title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil"
# repositories:
# - "wtfutil/wtf"
# - "wtfutil/docs"
# - "umbrella-corp/wesker-api"
}
// args
);
enableStatus = true;
# customQueries:
# othersPRs:
# title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil"
# repositories:
# - "wtfutil/wtf"
# - "wtfutil/docs"
# - "umbrella-corp/wesker-api"
} // args);
};
@ -252,20 +190,8 @@ let
normal = "green";
};
grid = {
columns = [
28
0
0
];
rows = [
9
9
9
9
9
9
0
];
columns = [ 28 0 0 ];
rows = [ 9 9 9 9 9 9 0 ];
};
refreshInterval = 1;
mods = with modules; {
@ -300,7 +226,8 @@ let
top = 4;
left = 1;
height = 1;
feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
feeds =
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
};
nixos = feedreader {
title = "NixOS Weekly";
@ -337,20 +264,8 @@ let
normal = "green";
};
grid = {
columns = [
33
12
28
36
0
];
rows = [
9
4
6
6
0
];
columns = [ 33 12 28 36 0 ];
rows = [ 9 4 6 6 0 ];
};
refreshInterval = 1;
mods = with modules; {
@ -376,16 +291,12 @@ let
left = 0;
};
yfinance = wtfModule {
rates = wtfModule {
type = "yfinance";
top = 3;
left = 0;
title = "rates";
symbols = [
"EURUSD=X"
"EURNZD=X"
"EURTHB=X"
];
symbols = [ "EURUSD=X" "EURNZD=X" ];
refreshInterval = 60;
};
@ -396,12 +307,7 @@ let
calendar = cmdRunner {
title = "";
args = [
"-3"
"--monday"
"--color=never"
"-w"
];
args = [ "-3" "--monday" "--color=never" "-w" ];
cmd = "cal";
top = 1;
left = 1;
@ -463,12 +369,9 @@ let
};
};
createDashboard =
{ json, name }:
let
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in
pkgs.writers.writeBashBin name ''
createDashboard = { json, name }:
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in pkgs.writers.writeBashBin name ''
${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
'';

View file

@ -1,9 +1,4 @@
{
pkgs,
config,
lib,
...
}:
{ pkgs, config, lib, ... }:
with lib;
{
options.components.terminal.zsh.enable = mkOption {

View file

@ -1,9 +1,8 @@
{ lib, ... }:
{
# some system stuff
# -----------------
time.timeZone = "Europe/Berlin";
#time.timeZone = "Pacific/Auckland";
#time.timeZone = "Asia/Singapore";
#time.timeZone = "Asia/Makassar";
#time.timeZone = lib.mkDefault "Pacific/Auckland";
#time.timeZone = lib.mkDefault "Asia/Singapore";
#time.timeZone = lib.mkDefault "Asia/Makassar";
}

View file

@ -1,15 +0,0 @@
{ config, lib, ... }:
{
imports = [
./docker.nix
./podman.nix
./virtualbox.nix
./qemu.nix
];
options.components.virtualisation.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}

View file

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.docker.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.docker.enable {
virtualisation.docker.enable = true;
};
}

View file

@ -1,24 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.podman.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.podman.enable {
virtualisation.podman.enable = true;
# make sure /var/lib/containers/storage is a zfs dataset
virtualisation.podman.extraPackages = [ pkgs.zfs ];
};
}

View file

@ -1,32 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.qemu.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.qemu.enable {
virtualisation.libvirtd.enable = true;
#virtualisation.libvirtd.allowedBridges = ["virbr0"];
virtualisation.libvirtd.onShutdown = "shutdown";
environment.systemPackages = [
pkgs.qemu_kvm
#(pkgs.quickemu.override { qemu_full = pkgs.qemu_kvm; })
pkgs.quickemu
pkgs.virt-manager
];
users.users.mainUser.extraGroups = [ "libvirtd" ];
};
}

View file

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.virtualbox.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.virtualbox.enable {
virtualisation.virtualbox = {
host.enable = true;
guest.enable = true;
};
users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ];
};
}

View file

@ -1,12 +1,7 @@
# References:
# * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with lib;
{
@ -23,11 +18,6 @@ with lib;
environment.systemPackages = [
pkgs.yubikey-personalization
pkgs.yubikey-personalization-gui
pkgs.yubikey-manager
pkgs.yubikey-manager-qt
# for `gpg --export $keyid | hokey lint` to check keys
#pkgs.haskellPackages.hopenpgp-tools

View file

@ -1,6 +0,0 @@
{
imports = [
./ssh.nix
./tor.nix
];
}

View file

@ -1,76 +0,0 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
{
options.features.boot.tor = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
config = mkIf (config.features.boot.tor.enable) {
# tor secrets
clan.core.facts.services."initrd.tor" = factsGenerator.tor {
name = "initrd";
addressPrefix = "init";
};
boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
genAttrs [
"hostname"
"hs_ed25519_public_key"
"hs_ed25519_secret_key"
] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
);
boot.initrd.systemd.storePaths = [
pkgs.tor
pkgs.iproute2
pkgs.coreutils
];
boot.initrd.systemd.contents = {
"/etc/tor/tor.rc".text = ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 2222 127.0.0.1:2222
'';
};
boot.initrd.systemd.services.tor = {
description = "tor during init";
wantedBy = [ "initrd.target" ];
after = [
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
path = [
pkgs.tor
pkgs.iproute2
pkgs.coreutils
];
script = ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "tor: starting tor"
tor -f /etc/tor/tor.rc --verify-config
tor -f /etc/tor/tor.rc
'';
};
};
}

View file

@ -1,6 +0,0 @@
{
imports = [
./boot
./network
];
}

View file

@ -1,6 +0,0 @@
{
imports = [
./fail2ban.nix
./sshguard.nix
];
}

View file

@ -1,24 +0,0 @@
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
{
options.features.network.sshguard = {
enable = mkOption {
type = bool;
default = false;
};
};
config = mkIf config.features.network.sshguard.enable {
environment.systemPackages = [ pkgs.ipset ];
services.sshguard.enable = true;
};
}

1051
flake.lock

File diff suppressed because it is too large Load diff

860
flake.nix
View file

@ -1,54 +1,80 @@
{
# "git+file:///<full-path>" for fixing an input
inputs = {
clan-core.inputs.flake-parts.follows = "flake-parts";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "git+https://git.clan.lol/clan/clan-core?rev=1bd3af310ea074d0ea9de6233376476c6ca9149a"; # last time clan was using facts instead of vars
clan-fact-generators.inputs.clan-core.follows = "clan-core";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts";
healthchecks.inputs.nixpkgs.follows = "nixpkgs";
healthchecks.url = "github:mrvandalo/nixos-healthchecks";
#healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
home-manager-utils.inputs.home-manager.follows = "home-manager";
home-manager-utils.url = "github:mrvandalo/home-manager-utils";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
landingpage.url = "github:mrVanDalo/landingpage";
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
nixos-hardware.url = "github:nixos/nixos-hardware";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
clan-fact-generators = {
url = "github:mrvandalo/clan-fact-generators";
inputs.clan-core.follows = "clan-core";
};
clan-core = {
url = "git+https://git.clan.lol/clan/clan-core";
#url = "git+file:///home/palo/dev/clan-core";
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
inputs.flake-parts.follows = "flake-parts";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-legacy_2411.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
permown.inputs.nixpkgs.follows = "nixpkgs";
permown.url = "github:mrVanDalo/module.permown";
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
retiolum.url = "github:Mic92/retiolum";
share-http.inputs.nixpkgs.follows = "nixpkgs"; # only private input
share-http.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/share-host.git?ref=main";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
home-manager = {
#url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager";
#inputs.nixpkgs.follows = "nixpkgs";
};
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
home-manager-utils = {
url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager";
};
permown = {
url = "github:mrVanDalo/module.permown";
#url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs";
};
private_assets = {
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = true;
};
retiolum = {
url = "github:Mic92/retiolum";
#url = "git+file:///home/palo/dev/nixos/retiolum";
};
srvos.url = "github:nix-community/srvos";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix";
taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
telemetry.inputs.nixpkgs.follows = "nixpkgs";
telemetry.url = "github:mrvandalo/nixos-telemetry";
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
treefmt-nix.url = "github:numtide/treefmt-nix";
landingpage = {
#url = "git+file:///home/palo/dev/landingpage";
url = "github:mrVanDalo/landingpage";
};
# todo: mabye use https://github.com/jtroo/kanata instead
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
kmonad = {
url = "github:kmonad/kmonad?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
@ -56,228 +82,174 @@
# inputs.nixpkgs.follows = "nixpkgs";
#};
# had to override it to remove colors
taskshell = {
url = "github:mrvandalo/taskshell";
inputs.nixpkgs.follows = "nixpkgs";
};
# my own tool
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
};
outputs =
inputs@{
clan-core,
clan-fact-generators,
flake-parts,
healthchecks,
home-manager,
home-manager-utils,
landingpage,
nix-topology,
nixos-anywhere,
nixos-hardware,
nixpkgs,
nixpkgs-legacy_2211,
nixpkgs-legacy_2311,
nixpkgs-legacy_2405,
nixpkgs-legacy_2411,
nixpkgs-unstable-small,
permown,
polygon-art,
private-parts,
retiolum,
self,
share-http,
srvos,
stylix,
taskwarrior,
telemetry,
treefmt-nix,
inputs@{ self
, clan-core
, clan-fact-generators
, flake-parts
, home-manager
, home-manager-utils
, kmonad
, landingpage
, nixos-anywhere
, nixos-hardware
, nixpkgs
, nixpkgs-legacy_2211
, nixpkgs-legacy_2311
, nixpkgs-legacy_2405
, nixpkgs-unstable-small
, overviewer
, permown
, polygon-art
, private_assets
, retiolum
, srvos
, stylix
, taskshell
}:
let
#system = "x86_64-linux";
#pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib;
meta = rec {
system = "x86_64-linux";
pkgs =
let
allowUnfree = true;
permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
"aspnetcore-runtime-wrapped-6.0.36" # for jellyfin
"aspnetcore-runtime-6.0.36" # for jellyfin
"dotnet-sdk-wrapped-6.0.428" # for jellyfin
"dotnet-sdk-6.0.428" # for jellyfin
];
in
import nixpkgs {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
share-via-http = share-http.packages.${system}.default;
inherit (taskwarrior.packages.${system})
bugwarrior
tasksh
taskwarrior-hooks
;
inherit (self.packages.${system})
otpmenu
nsxiv
;
})
];
};
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
config.permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
];
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config.allowUnfree = true;
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config.allowUnfree = true;
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config.allowUnfree = true;
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config.allowUnfree = true;
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
kmonad = kmonad.packages.${system}.kmonad;
tasksh = taskshell.packages.${system}.tasksh;
overviewer = overviewer.packages.${system}.overviewer;
pkl = self.packages.${system}.pkl;
})
(import ./pkgs)
];
};
specialArgs = {
inherit inputs;
inherit private_assets inputs;
assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix {
inherit (pkgs) lib;
machineDir = ./machines;
};
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
zerotierInterface = "ztbn67ogn2";
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
zerotierDeviceName = "ztbn67ogn2";
components = ./components;
features = ./features;
};
};
clanSetup =
{
name,
host,
modules,
}:
{
{ name
, host
, modules
}: {
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system;
clan.core.facts.secretStore = "password-store";
clan.core.vars.settings.secretStore = "password-store";
imports =
modules
++ defaultModules
++ [
./machines/${name}/configuration.nix
nix-topology.nixosModules.default
imports = modules ++ defaultModules ++ [
./machines/${name}/configuration.nix
];
};
zerotierControllerModule =
{
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
};
};
zerotierModules = { pkgs, ... }: {
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
};
zerotierControllerModule = {
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
};
}
];
};
zerotierModules =
{ pkgs, ... }:
{
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
}
];
};
defaultAuthorizedKeys =
{ config, pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
# yubikey key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
];
environment.systemPackages = [ pkgs.borgbackup ];
};
defaultModules = [
# make flake inputs accessiable in NixOS
{
_module.args.self = self;
_module.args.inputs = self.inputs;
}
{
# disable emergency mode everywhere, although it might be needed on laptops
boot.initrd.systemd.emergencyAccess = false;
boot.initrd.systemd.suppressedUnits = [
"emergency.service"
"emergency.target"
# ssh keys
({ config, ... }: {
users.users.root.openssh.authorizedKeys.keyFiles = [
# master key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
];
systemd.enableEmergencyMode = false;
}
})
# configure nix
(
({ pkgs, lib, clanLib, ... }:
{
pkgs,
lib,
clanLib,
...
}:
{
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# https://nix.dev/manual/nix/2.17/advanced-topics/cores-vs-jobs
#nix.settings.substituters = [ "http://cache.orbi.wg0" ];
#nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.max-jobs = 1;
nix.settings.cores = 4;
# no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -288,15 +260,10 @@
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
documentation.nixos.extraModules = [
./components
./features
#./modules
clan-core.nixosModules.clanCore
telemetry.nixosModules.telemetry
{
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
}
inputs.clan-core.nixosModules.clanCore
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
kmonad.nixosModules.default
home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working
];
@ -304,251 +271,232 @@
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10;
}
)
# My Structure
./components
./features
./modules # todo : spread this across features and components
#./system/all # todo : spread this across features and components
(
{ lib, pkgs, ... }:
{
telemetry.netdata.enable = false;
}
)
})
# some modules I always use
telemetry.nixosModules.telemetry
permown.nixosModules.permown
kmonad.nixosModules.default
# some default things I always want
(
{ pkgs, ... }:
{
boot.tmp.useTmpfs = lib.mkDefault true;
}
)
({ pkgs, ... }: {
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [
pkgs.nixpkgs-fmt
];
})
];
stylixModules =
{
pkgs,
config,
lib,
...
}:
{
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
home-manager.sharedModules = [
{
# no need for hyperland
# https://github.com/danth/stylix/issues/543
stylix.targets.hyprpaper.enable = lib.mkForce false;
stylix.targets.hyprland.enable = lib.mkForce false;
}
];
stylix.fonts = {
serif = {
package = pkgs.nerd-fonts.ubuntu;
name = "Ubuntu";
};
sansSerif = {
package = pkgs.nerd-fonts.ubuntu;
name = "Ubuntu";
};
monospace = {
package = pkgs.nerd-fonts.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = config.stylix.fonts.monospace;
# emoji = {
# package = pkgs.noto-fonts-emoji;
# name = "Noto Color Emoji";
# };
sizes.popups = 15;
stylixModules = { pkgs, config, ... }: {
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
stylix.fonts = {
serif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
};
homeManagerModules =
{ pkgs, config, ... }:
{
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
assets = ./assets;
sansSerif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
taskwarrior.hmModules.bugwarrior
];
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes.popups = 15;
};
# todo: remove this if not needed anymore
#home-manager.sharedModules = [
# { stylix.targets.bemenu.enable = false; }
#];
};
homeManagerModules = { pkgs, config, ... }: {
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
inherit private_assets;
assets = ./assets;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
];
};
in
flake-parts.lib.mkFlake { inherit inputs; } (
{
self,
self',
pkgs,
...
}:
{
systems = [ "x86_64-linux" ];
imports = [
clan-core.flakeModules.default
healthchecks.flakeModule
./nix/formatter.nix
./nix/packages
./nix/topology
];
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
# We define our own systems below. you can still use this to add system specific outputs to your flake.
# See: https://flake.parts/getting-started
systems = [ "x86_64-linux" ];
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
# import clan-core modules
imports = [
clan-core.flakeModules.default
];
machines = {
perSystem = { pkgs, ... }: {
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
};
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
healthchecks.nixosModules.default
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
(
{ config, ... }:
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
machines = {
sternchen = clanSetup {
name = "sternchen";
host = "sternchen.bear";
#host = "192.168.178.25";
modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-x220
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/tina;
home-manager.users.root = import ./homes/root;
}
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
({ lib, ... }: {
home-manager.sharedModules = [
{
# keys only to access cherry
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
];
programs.atuin.enable = lib.mkForce false;
}
)
];
};
];
})
{
clan.core.machineDescription = "LaLaptop";
}
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
healthchecks.nixosModules.default
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
(
{ config, ... }:
{
# keys only to access chungus
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
];
}
)
];
};
cream = clanSetup {
name = "cream";
host = "cream.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.cream
private_assets.nixosModules.yubikey
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
defaultAuthorizedKeys
healthchecks.nixosModules.default
homeManagerModules
stylixModules
zerotierModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.yubikey
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
probe = clanSetup {
name = "probe";
#host = "167.235.205.150";
host = "95.217.18.54";
modules = [
defaultAuthorizedKeys
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
#inputs.clan-core.clanModules.sshd
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private_assets.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
];
};
usbstick = clanSetup {
name = "usbstick";
#host = "usbstick.bear";
host = "10.100.0.100";
modules = [
defaultAuthorizedKeys
homeManagerModules
stylixModules
zerotierModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "USB-Stick for Backup";
}
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
zerotierModules
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
# not needed for servers in general
boot.initrd.systemd.emergencyAccess = false;
systemd.enableEmergencyMode = false;
}
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
probe = clanSetup {
name = "probe";
#host = "167.235.205.150";
host = "95.217.18.54";
modules = [
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
#inputs.clan-core.clanModules.sshd
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
};
}
);
};
});
}

View file

@ -1,10 +1,6 @@
{ lib, ... }:
{
imports = [
./editor.nix
./network.nix
#./oh-my-posh
./starship-rs
./packages.nix
./terminal.nix
./zfs.nix

View file

@ -1,34 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
config = mkMerge [
{
home.packages = [
# firewall analysis
pkgs.nftables
pkgs.nixos-firewall-tool
# analyser
pkgs.dnsutils
pkgs.tcpdump
pkgs.nmap
pkgs.rustscan
# helper
pkgs.ipcalc
];
}
(mkIf config.gui.enable {
home.packages = [
pkgs.wireshark
];
})
];
}

View file

@ -1,15 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
programs.oh-my-posh = {
enable = true;
# https://ohmyposh.dev/docs/themes
#useTheme = "gmay"; # ganz nice, aber farben sind ein bisl schrill
settings = builtins.fromJSON (builtins.readFile ./gmay.json);
};
}

View file

@ -1,121 +0,0 @@
{
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
"blocks": [
{
"alignment": "left",
"segments": [
{
"background": "#076678",
"foreground": "#EBDBB2",
"leading_diamond": "\ue0b6",
"style": "diamond",
"template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
"type": "os"
},
{
"background": "#AF3A03",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " \uf0e7 ",
"type": "root"
},
{
"background": "#076678",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ",
"type": "session"
},
{
"background": "#B57614",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"style": "full"
},
"style": "powerline",
"template": " \ue5ff {{ .Path }} ",
"type": "path"
},
{
"background": "#79740E",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"time_format": "2006-01-02 15:04:05"
},
"style": "powerline",
"template": " {{ .CurrentDate | date .Format }} ",
"type": "time"
},
{
"type": "project",
"style": "powerline",
"powerline_symbol": "",
"foreground": "#193549",
"background": "#ffeb3b",
"template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
},
{
"type": "git",
"style": "powerline",
"powerline_symbol": "",
"background": "#427b58",
"foreground": "#EBDBB2",
"background_templates": [
"{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}",
"{{ if gt .Ahead 0 }}#076678{{ end }}",
"{{ if gt .Behind 0 }}#076678{{ end }}"
],
"template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }}  {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }}  {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }}  {{ .StashCount }}{{ end }}",
"properties": {
"fetch_status": true,
"fetch_upstream_icon": true,
"untracked_modes": {
"/Users/user/Projects/oh-my-posh/": "no"
},
"source": "cli",
"mapped_branches": {
"feat/*": "🚀 ",
"bug/*": "🐛 "
}
}
},
{
"background": "#427B58",
"background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>",
"properties": {
"always_enabled": true
},
"style": "diamond",
"template": " \ueb05 ",
"trailing_diamond": "\ue0b4",
"type": "status"
}
],
"type": "prompt"
},
{
"alignment": "left",
"newline": true,
"segments": [
{
"foreground": "#076678",
"style": "plain",
"template": "\uf0a9 ",
"type": "text"
}
],
"type": "prompt"
}
],
"final_space": true,
"version": 2
}

View file

@ -1,16 +1,14 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with pkgs;
with lib;
{
config = mkMerge [
{
home.packages = [
bind.dnsutils
nmap
hexyl
ipcalc
units
difftastic
@ -23,11 +21,9 @@ with lib;
gimoji
#tldr
tealdeer
navi # cheatsheet manager
tldr
bandwhich # todo : put this to common/networking.nix
bandwhich
unzip
genpass
@ -39,16 +35,13 @@ with lib;
(writers.writeBashBin "vulnix-system" ''
${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
'')
# cpu load monitor
glances
];
# cpu load monitor
programs.btop.enable = true;
}
(mkIf config.gui.enable {
home.packages = [
libreoffice
@ -61,7 +54,7 @@ with lib;
aspellDicts.es
evince
nsxiv
sxiv
gimp
inkscape

View file

@ -1,33 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
with config.lib.stylix.colors.withHashtag;
{
programs.starship = {
enable = true;
# download presets from : https://starship.rs/presets/
settings = builtins.fromTOML ((builtins.readFile ./gruvbox-rainbow.toml)) // {
palettes.stylix = {
color_fg0 = base01;
color_terminal_fg = base05;
color_terminal_bg = base00;
color_bg1 = base04;
color_bg2 = base02;
color_bg3 = base03;
color_blue = base0D;
color_aqua = base0C;
color_green = base0B;
color_orange = base0F;
color_purple = base0E;
color_red = base08;
color_yellow = base0A;
};
};
};
}

View file

@ -1,184 +0,0 @@
"$schema" = 'https://starship.rs/config-schema.json'
format = """
$os\
$username\
$hostname \
[](bg:color_yellow fg:color_terminal_bg)\
$directory\
[](fg:color_yellow bg:color_aqua)\
$git_branch\
$git_status\
[](fg:color_aqua bg:color_blue)\
$c\
$rust\
$golang\
$nodejs\
$php\
$java\
$kotlin\
$haskell\
$python\
[](fg:color_blue bg:color_bg3)\
$docker_context\
$conda\
[](fg:color_bg3 bg:color_bg1)\
$time\
[ ](fg:color_bg1)\
$character"""
palette = 'stylix' # we use stylix instead of gruvbox_dark
# todo : use stylix/base16 scheme
[palettes.gruvbox_dark]
color_fg0 = '#fbf1c7'
color_terminal_bg = '#fbf1c7' # original background
color_terminal_fg = '#3c3836' # original foreground
color_bg1 = '#3c3836'
color_bg2 = '#665c54'
color_bg3 = '#665c54'
color_blue = '#458588'
color_aqua = '#689d6a'
color_green = '#98971a'
color_orange = '#d65d0e'
color_purple = '#b16286'
color_red = '#cc241d'
color_yellow = '#d79921'
[os]
disabled = false
style = "bold bg:color_blue fg:color_terminal_bg"
#format = "[$symbol ]($style)"
format = "[](color_blue)[$symbol ]($style)[ ](fg:color_blue bg:color_terminal_bg)"
[os.symbols]
Alpine = ""
Amazon = ""
Android = ""
Arch = "󰣇"
Artix = "󰣇"
CentOS = ""
Debian = "󰣚"
EndeavourOS = ""
Fedora = "󰣛"
Gentoo = "󰣨"
Linux = "󰌽"
Macos = "󰀵"
Manjaro = ""
Mint = "󰣭"
NixOS = ""
Pop = ""
Raspbian = "󰐿"
RedHatEnterprise = "󱄛"
Redhat = "󱄛"
SUSE = ""
Ubuntu = "󰕈"
Windows = "󰍲"
[username]
show_always = true
style_user = "bg:color_terminal_bg fg:color_terminal_fg"
style_root = "bg:color_terminal_bg fg:color_red bold"
format = '[$user]($style)'
[hostname]
ssh_only = true
style = "bg:color_terminal_bg fg:color_terminal_fg"
ssh_symbol = "@"
format = "[$ssh_symbol$hostname]($style)"
[directory]
style = "fg:color_fg0 bg:color_yellow"
format = "[ $path ]($style)"
truncation_length = 3
truncation_symbol = "…/"
[directory.substitutions]
"Documents" = "󰈙 "
"Downloads" = " "
"Music" = "󰝚 "
"Pictures" = " "
"Developer" = "󰲋 "
"dev" = "󰲋 "
[git_branch]
symbol = ""
style = "bg:color_aqua"
format = '[[ $symbol $branch ](fg:color_fg0 bg:color_aqua)]($style)'
[git_status]
style = "bg:color_aqua"
format = '[[($all_status$ahead_behind )](fg:color_fg0 bg:color_aqua)]($style)'
[nodejs]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[c]
symbol = " "
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[rust]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[golang]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[php]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[java]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[kotlin]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[haskell]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[python]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[docker_context]
symbol = ""
style = "bg:color_bg3"
format = '[[ $symbol( $context) ](fg:color_fg0 bg:color_bg3)]($style)'
[conda]
style = "bg:color_bg3"
format = '[[ $symbol( $environment) ](fg:color_fg0 bg:color_bg3)]($style)'
[time]
disabled = false
time_format = "%R"
style = "bg:color_bg1"
format = '[[  $time ](fg:color_fg0 bg:color_bg1)]($style)'
[line_break]
disabled = false
[character]
disabled = false
success_symbol = "[](fg:color_bg2)[ ](bold fg:color_terminal_fg bg:color_bg2)[](fg:color_bg2)"
error_symbol = "[](fg:color_bg2)[ ](bold fg:color_red bg:color_bg2)[](fg:color_bg2)"
vimcmd_symbol = '[](bold fg:color_green)'
vimcmd_replace_one_symbol = '[](bold fg:color_purple)'
vimcmd_replace_symbol = '[](bold fg:color_purple)'
vimcmd_visual_symbol = '[](bold fg:color_yellow)'

View file

@ -1,9 +1,4 @@
{
lib,
pkgs,
assets,
...
}:
{ lib, pkgs, assets, ... }:
{
programs.zsh = {

View file

@ -1,9 +1,4 @@
{
config,
pkgs,
lib,
...
}:
{ config, pkgs, lib, ... }:
with pkgs;
with lib;
{

View file

@ -1,11 +1,12 @@
{ pkgs, ... }:
{
{ pkgs, ... }: {
imports = [
../common
./editor.nix
./git.nix
./gpg.nix
./gui
#./hyperland.nix
./i3.nix
./packages
./ssh.nix

35
homes/palo/doom-emacs.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkMerge [
{
home.packages = [ pkgs.ripgrep ];
}
(mkIf config.gui.enable {
programs.doom-emacs = {
enable = lib.mkDefault true;
doomPrivateDir = ./doom.d;
extraConfig = ''
;; "monospace" means use the system default. However, the default is usually two
;; points larger than I'd like, so I specify size 12 here.
(setq doom-font
(font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
;;(setq doom-font
;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
'';
#emacsPackagesOverlay = self: super: {
# # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
# gitignore-mode = pkgs.emacsPackages.git-modes;
# gitconfig-mode = pkgs.emacsPackages.git-modes;
#};
};
})
(mkIf (!config.gui.enable) {
programs.doom-emacs = {
enable = lib.mkDefault true;
doomPrivateDir = ./doom.d;
package = pkgs.emacs-nox;
};
})
];
}

View file

@ -0,0 +1,4 @@
;; configure theme
(setq doom-theme 'doom-solarized-light)

187
homes/palo/doom.d/init.el Normal file
View file

@ -0,0 +1,187 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
ivy ; a search engine for love and life
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
;;(emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;ligatures ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
;;unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
;;(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;;rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
;;ibuffer ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
;;vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
;;(spell +flyspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;debugger ; FIXME stepping through code, to help you add bugs
;;direnv
;;docker
;;editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
;;lsp ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
;;tmux ; an API for interacting with tmux
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
;;tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
;;cc ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;elixir ; erlang done right
;;elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
;;(go +lsp) ; the hipster dialect
;;(haskell +dante) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
;;json ; At least it ain't XML
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
;;javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
;;latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
;;lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +roam2) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
;;python ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
;;yaml ; JSON, but readable
;;zig ; C, but simpler
:email
;;(mu4e +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
;;calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))

View file

View file

@ -1,10 +1,11 @@
{ lib, ... }:
{
programs.vim = {
enable = true;
defaultEditor = lib.mkDefault true;
defaultEditor = true;
};
programs.helix = {
enable = true;
# defaultEditor = true;
};
}

View file

@ -10,24 +10,16 @@ with pkgs;
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true;
};
ignores = [
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
extraConfig = {
init.defaultBranch = "main";
pull.ff = "only";
push.autoSetupRemote = true;
};
#diff-so-fancy.enable = true;
difftastic.enable = true;
};
home.packages = [
pre-commit
gita

View file

@ -12,7 +12,8 @@
keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
default-preference-list =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
};
};

View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with lib;
{

View file

@ -1,9 +1,4 @@
{
lib,
pkgs,
config,
...
}:
{ lib, pkgs, config, ... }:
with lib;
{
@ -36,5 +31,6 @@ with lib;
};
};
};
}

161
homes/palo/hyperland.nix Normal file
View file

@ -0,0 +1,161 @@
{ pkgs, ... }:
{
home.file.".config/hypr/hyperland.conf".text = ''
autogenerated = 1 # remove this line to remove the warning
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,auto
# Some default env vars.
env = XCURSOR_SIZE,24
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = no
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
gaps_in = 5
gaps_out = 20
border_size = 2
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
layout = dwindle
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
}
decoration {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
rounding = 10
blur {
enabled = true
size = 3
passes = 1
}
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = true
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
misc {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
device:epic-mouse-v1 {
sensitivity = -0.5
}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
$mainMod = SUPER
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, enter, exec, alacritty
bind = $mainMod, C, killactive,
bind = $mainMod, Q, exit,
bind = $mainMod, E, exec, dolphin
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, wofi --show drun
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
'';
}

View file

@ -1,20 +1,8 @@
{
config,
lib,
pkgs,
osConfig,
...
}:
{ config, lib, pkgs, osConfig, ... }:
with lib;
let
rofi = pkgs.rofi.override {
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -55,15 +43,14 @@ in
pkgs.autorandr
pkgs.polygon-art.polygon-art
pkgs.xdotool # needed for rofi-emoji
pkgs.xclicker # makes stuff much easier
];
programs.i3status-rust = {
enable = true;
bars = {
my = {
icons = "material-nf"; # nerd fonts (influenced by stylix.font settings)
theme = "gruvbox-light"; # not configured by stylix yet.
icons = "awesome5";
theme = "gruvbox-light";
# https://github.com/greshake/i3status-rust/blob/v0.22.0/doc/blocks.md
blocks = [
{
@ -153,25 +140,21 @@ in
focus = {
followMouse = true;
};
colors.focused = with config.lib.stylix.colors.withHashtag; {
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup = [
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; }
colors.focused =
with config.lib.stylix.colors.withHashtag;
{
command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
always = true;
}
{
command = toString backgroundCommand;
always = true;
}
{
command = toString (
pkgs.writers.writeDash "xsettings" ''
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup =
[
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
{ command = toString backgroundCommand; always = true; }
{
command = toString (pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap
@ -179,15 +162,13 @@ in
# no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off
''
);
always = true;
}
];
'');
always = true;
}
];
bars = [
(
config.lib.stylix.i3.bar
// {
(config.lib.stylix.i3.bar //
{
#mode = "hide";
hiddenState = "hide";
position = "top";
@ -207,19 +188,6 @@ in
in
{
"Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
# --- Brightness controls --- #
"XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
# --- Pulse/Pipewire Audio controls --- #
"XF86AudioRaiseVolume" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" =
"exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"${modifier}+Return" = "exec ${cfg.config.terminal}";
"${modifier}+Shift+q" = "exit";
"${modifier}+q" = "kill";
@ -318,8 +286,7 @@ in
"${modifier}+space" = "exec ${rofi}/bin/rofi -show drun -display-drun ''";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+e" =
"exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
"${modifier}+r" = "mode resize";

View file

@ -1,9 +1,4 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with pkgs;
with lib;
{
@ -20,47 +15,55 @@ with lib;
zed-editor
minicom # for flipper zero
#jetbrains.mps
#jetbrains.datagrip
jetbrains.datagrip
# Rust
# ----
#jetbrains.rust-rover
#gcc
#rustup
jetbrains.rust-rover
gcc
rustup
# Python
# ------
jetbrains.pycharm-professional
# planing
((ganttproject-bin.override {
jre = pkgs.openjdk11;
}).overrideAttrs (old: {
version = "3.1.3100";
src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
}))
# Pkl
# ---
# pkl (not working yet)
# terminal code to image/movie renderer
asciinema
asciinema-agg
asciinema-scenario
carbon-now-cli
termtosvg
vhs
carbon-now-cli
asciinema
asciinema-scenario
asciinema
#legacy_2311.blockdiag
legacy_2311.blockdiag
# nomad
#nomad
#vault
#consul
#wander
nomad
vault
consul
wander
# terraform
terragrunt
terraform
terraform-docs
awscli2
#packer
packer
# documentation renderers
mdbook
@ -69,17 +72,23 @@ with lib;
marp-cli # markdown to presentation framework
# terminal recorder
asciinema
asciinema-agg
asciinema-scenario
termtosvg
#surrealist
#surrealdb # fixme: not working because of rust update or something
surrealdb
boxes
#nodePackages.prettier
#shfmt
#black
#pre-commit
#nixpkgs-fmt
#treefmt
nodePackages.prettier
shfmt
black
pre-commit
nixpkgs-fmt
treefmt
# python
python3Full
@ -92,8 +101,7 @@ with lib;
{
home.packages =
let
pandocScript =
{ inputFormat, outputFormat }:
pandocScript = { inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \
@ -127,26 +135,10 @@ with lib;
${pkgs.less}/bin/less
'')
]
++ (map pandocScript (
lib.cartesianProduct {
inputFormat = [
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
] ++ (map pandocScript (lib.cartesianProduct {
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
}));
}
];

View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
{
@ -11,17 +6,15 @@ with lib;
home.packages = [
#pureref
pureref
valentina
gimp
inkscape
imagemagick
nsxiv
blender
lightburn
# to convert HEIC -> JPG
# heif-dec -q 92 <name>.HEIC
libheif
darktable
colorpicker
# CAD & 3D Plotting
openscad
@ -30,9 +23,6 @@ with lib;
qrencode
xclicker
xdotool
];
};

View file

@ -1,9 +1,4 @@
{
config,
lib,
pkgs,
...
}:
{ config, lib, pkgs, ... }:
with pkgs;
with lib;
{

View file

@ -1,9 +1,5 @@
{
pkgs,
lib,
config,
...
}:
{ pkgs, lib, config, ... }:
with pkgs;
with lib;
{
@ -11,24 +7,25 @@ with lib;
(mkIf config.gui.enable {
home.packages = [
pkgs.share-via-http
pkgs.freetube
pkgs.vlc
freetube
vlc
# music editors
# =============
pkgs.picard # musicbrainz editor
pkgs.easytag
pkgs.dconf
pkgs.jellyfin-mpv-shim
picard # musicbrainz editor
#kid3-qt # id3 tag editor
easytag
dconf
];
})
{
home.packages = [ ];
home.packages = [
# music editors
# =============
kid3-cli
];
}
];
}

Some files were not shown because too many files have changed in this diff Show more