palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: palo:main
Branches Tags
palo:main
palo:feature/bugwarrior3
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works
..
compare: palo:update
Branches Tags
palo:main
palo:feature/bugwarrior3
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works

1 commit
main ... update

Author SHA1 Message Date
Ingolf Wagner
3838f068ee
update 2024-08-23 07:54:41 +02:00
262 changed files with 5137 additions and 5330 deletions
Show stats Expand all files Collapse all files

19
.forgejo/workflows/nix_build.yaml
View file

@ -1,17 +1,18 @@
name: Build all NixOS Configurations name: Build all NixOS Configurations
on: on:
push: push:
branches: branches:
- "**" - "**"
schedule: schedule:
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour - cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs: jobs:
nix build: nix build:
runs-on: native runs-on: native
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with:
clean: true
- name: update nix flakes - name: update nix flakes
if: ${{ github.event_name == 'schedule' }} if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes # we need to use our ssh key here because we need access to private flakes
@ -29,6 +30,7 @@ jobs:
echo $SSH_AGENT_PID echo $SSH_AGENT_PID
kill $SSH_AGENT_PID kill $SSH_AGENT_PID
rm .ssh_key rm .ssh_key
- name: nix flake archive/check - name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes # we need to use our ssh key here because we need access to private flakes
run: | run: |
@ -46,16 +48,25 @@ jobs:
echo $SSH_AGENT_PID echo $SSH_AGENT_PID
kill $SSH_AGENT_PID kill $SSH_AGENT_PID
rm .ssh_key rm .ssh_key
- name: nix build orbi - name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
# - name: nix build cream
# run: nix build .#nixosConfigurations.cream.config.system.build.toplevel - name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry - name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus - name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build sternchen
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
- name: nix build usbstick - name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push - name: commit & push
if: ${{ github.event_name == 'schedule' }} if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch # only if all nix builds are fine we update our branch

BIN
assets/wallpaper.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 696 KiB

After

Width:  |  Height:  |  Size: 39 KiB

6
components/README.md
View file

@ -1,8 +1,6 @@
# components concept # components concept
- components are kinda opinionated. - components are kinda opinionated.
- should be project agnostic (e.g.: configure bugwarrior via options but leave - should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
specifics out). - `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- `component.<toplevel>.enabled` should usually be the default for all it
subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- But default should make sense here! - But default should make sense here!

7
components/chaospott.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

2
components/default.nix
View file

@ -5,6 +5,7 @@
./gui ./gui
./mainUser.nix ./mainUser.nix
./media ./media
./monitor
./network ./network
./nixos ./nixos
./terminal ./terminal
@ -13,4 +14,5 @@
./yubikey.nix ./yubikey.nix
]; ];
} }

8
components/gui/audio.nix
View file

@ -1,10 +1,5 @@
# TODO test `alsactl init` after suspend to reinit mic # TODO test `alsactl init` after suspend to reinit mic
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.audio.enable = mkOption { options.components.gui.audio.enable = mkOption {
@ -25,6 +20,7 @@ with lib;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alsa-utils alsa-utils
alsaUtils
# PulseAudio control # PulseAudio control
# ------------------ # ------------------

4
components/gui/browser.nix
View file

@ -8,13 +8,11 @@ in
programs.chromium.extensions = [ programs.chromium.extensions = [
"nngceckbapebfimnlniiiahkandclblb" # bitwarden "nngceckbapebfimnlniiiahkandclblb" # bitwarden
# "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere "gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium "dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey "jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
"dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
"mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
]; ];
# overwrite use zram on small RAM systems # overwrite use zram on small RAM systems

7
components/gui/default.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {
options.components.gui = { options.components.gui = {

7
components/gui/home-manager/default.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {

25
components/gui/kmonad.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
{ {
options.components.gui.kmonad.enable = lib.mkOption { options.components.gui.kmonad.enable = lib.mkOption {
@ -84,21 +79,9 @@
in in
{ {
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
"lctl" dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
"lmet" uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
}; };
}; };
}; };

7
components/gui/noti.nix
View file

@ -1,11 +1,6 @@
# notify me when a command is finished # notify me when a command is finished
# todo : secret managment is shit # todo : secret managment is shit
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.noti.enable = mkOption { options.components.gui.noti.enable = mkOption {

14
components/gui/pass.nix
View file

@ -1,17 +1,11 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
# desktop file # desktop file
# ------------ # ------------
# makes it possible to be used by other programs # makes it possible to be used by other programs
desktopFile = desktopFile = name: bin:
name: bin:
pkgs.writeTextFile { pkgs.writeTextFile {
name = "${name}.desktop"; name = "${name}.desktop";
destination = "/share/applications/${name}.desktop"; destination = "/share/applications/${name}.desktop";
@ -40,9 +34,7 @@ in
environment.systemPackages = [ environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ])) (pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator # todo : use upstream desktop file creator
(desktopFile "passmenu" "${ (desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
pkgs.otpmenu pkgs.otpmenu

14
components/gui/steam.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.steam.enable = mkOption { options.components.gui.steam.enable = mkOption {
@ -27,12 +22,7 @@ with lib;
isSystemUser = true; isSystemUser = true;
home = "/home/steam"; home = "/home/steam";
createHome = true; createHome = true;
extraGroups = [ extraGroups = [ "audio" "input" "video" "pipewire" ];
"audio"
"input"
"video"
"pipewire"
];
group = "steam"; group = "steam";
shell = pkgs.bashInteractive; shell = pkgs.bashInteractive;
}; };

17
components/gui/suspend.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.suspend.enable = mkOption { options.components.gui.suspend.enable = mkOption {
@ -18,11 +13,13 @@ with lib;
requiredBy = [ "sleep.target" ]; requiredBy = [ "sleep.target" ];
environment = environment =
let let
display = if (config.services.xserver.display != null) then config.services.xserver.display else 0; display =
if (config.services.xserver.display != null) then
config.services.xserver.display
else
0;
in in
{ { DISPLAY = ":${toString display}"; };
DISPLAY = ":${toString display}";
};
script = '' script = ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 & ${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
sleep 1 sleep 1

7
components/gui/vscode.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.gui.vscode.enable = mkOption { options.components.gui.vscode.enable = mkOption {

7
components/gui/wayland.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {

8
components/gui/xorg/default.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
@ -83,3 +78,4 @@ with lib;
}; };
} }

7
components/gui/xorg/xlock.nix
View file

@ -1,9 +1,4 @@
{ { lib, pkgs, config, ... }:
lib,
pkgs,
config,
...
}:
with lib; with lib;
let let

28
components/mainUser.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
@ -11,10 +6,15 @@ let
cfg = config.components.mainUser; cfg = config.components.mainUser;
# todo : use optionalList # todo : use optionalList
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ]; dockerGroup =
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList # todo : use optionalList
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ]; vboxGroup =
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
in in
{ {
@ -73,16 +73,8 @@ in
uid = cfg.uid; uid = cfg.uid;
home = "/home/${cfg.userName}"; home = "/home/${cfg.userName}";
initialPassword = cfg.userName; initialPassword = cfg.userName;
extraGroups = [ extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
"wheel" ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles; openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name; group = config.users.groups.mainUser.name;
}; };

7
components/media/icecast.nix
View file

@ -4,12 +4,7 @@
# * connect via mixxx to it. # * connect via mixxx to it.
# * add the podcast to mpd in the same network # * add the podcast to mpd in the same network
# -------------------------------------------------- # --------------------------------------------------
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let

7
components/media/tts.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {

46
components/media/video.nix
View file

@ -1,14 +1,10 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
let let
obs-cmd = pkgs.rustPlatform.buildRustPackage rec { obs-cmd = pkgs.rustPlatform.buildRustPackage
rec {
pname = "obs-cmd"; pname = "obs-cmd";
version = "v0.15.2"; version = "v0.15.2";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
@ -57,12 +53,7 @@ let
name = "screen-keys"; name = "screen-keys";
paths = paths =
let let
screenKeyScript = screenKeyScript = { position ? "bottom", size ? "small", ... }:
{
position ? "bottom",
size ? "small",
...
}:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
'' ''
${pkgs.screenkey}/bin/screenkey \ ${pkgs.screenkey}/bin/screenkey \
@ -74,29 +65,15 @@ let
"$@" "$@"
''; '';
in in
lib.flatten ( lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
lib.flip map lib.flip map [ "top" "center" "bottom" ]
[ (position: screenKeyScript { inherit size position; })));
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
}; };
mpvReview = mpvReview =
let let
moveToDir = moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}" tmp_dir = "${dir}"
function move_current_track_${key}() function move_current_track_${key}()
@ -133,6 +110,7 @@ in
config = mkIf (config.components.media.video.enable) { config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.obs-studio = { programs.obs-studio = {
@ -145,6 +123,7 @@ in
} }
]; ];
boot.kernelModules = [ "v4l2loopback" ]; boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -158,6 +137,7 @@ in
alphaSafe alphaSafe
sanitizeFolder sanitizeFolder
# obs studio stuff # obs studio stuff
obs-cli obs-cli
v4l-utils v4l-utils
@ -174,6 +154,8 @@ in
handbrake handbrake
ffmpeg-full ffmpeg-full
]; ];
}; };
} }

15
components/monitor/container.nix
View file

@ -1,20 +1,17 @@
{ { lib, config, ... }:
lib,
config,
inputs,
...
}:
with lib; with lib;
with types; with types;
{ {
imports = [ imports = [
./default.nix
../timezone.nix ../timezone.nix
]; ];
config = { config = {
telemetry.enable = mkDefault true; components.monitor.enable = mkDefault true;
telemetry.metrics.enable = mkDefault false; components.monitor.metrics.enable = mkDefault false;
telemetry.opentelemetry.enable = false; components.monitor.opentelemetry.enable = false;
services.journald.extraConfig = "SystemMaxUse=1G"; services.journald.extraConfig = "SystemMaxUse=1G";
}; };

32
components/monitor/default.nix Normal file
View file

@ -0,0 +1,32 @@
{ lib, config, ... }:
with lib;
with types;
{
options.components.monitor = {
enable = mkOption {
type = bool;
default = true;
};
metrics.enable = mkOption {
type = bool;
default = config.components.monitor.enable;
};
logs.enable = mkOption {
type = bool;
default = config.components.monitor.enable;
};
};
imports = [
./logs-promtail.nix
./metrics-export-zfs.nix
./metrics-netdata.nix
./metrics-prometheus.nix
./metrics-telegraf.nix
./opentelemetry.nix
];
config = mkIf config.components.monitor.enable { };
}

178
components/monitor/logs-promtail.nix Normal file
View file

@ -0,0 +1,178 @@
{ config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.promtail;
in
{
options.components.monitor.promtail = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.logs.enable;
};
port = mkOption {
type = int;
default = 3500;
description = "port to provide promtail export";
};
};
config = mkMerge [
(mkIf config.components.monitor.opentelemetry.enable {
services.opentelemetry-collector.settings = {
receivers.loki = {
protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
use_incoming_timestamp = true;
};
service.pipelines.logs.receivers = [ "loki" ];
};
})
(mkIf config.components.monitor.promtail.enable {
services.promtail = {
enable = true;
configuration = {
server. disable = true;
positions.filename = "/var/cache/promtail/positions.yaml";
clients = [
{ url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
];
scrape_configs =
let
_replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
_elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
_if = index: ''{{ if eq .Value "${toString index}" }}'';
_end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
in
[
{
job_name = "journal";
journal = {
json = true;
max_age = "12h";
labels.job = "systemd-journal";
};
pipeline_stages = [
{
# Set of key/value pairs of JMESPath expressions. The key will be
# the key in the extracted data while the expression will be the value,
# evaluated as a JMESPath from the source data.
json.expressions = {
# journalctl -o json | jq and you'll see these
boot_id = "_BOOT_ID";
facility = "SYSLOG_FACILITY";
facility_label = "SYSLOG_FACILITY";
instance = "_HOSTNAME";
msg = "MESSAGE";
priority = "PRIORITY";
priority_label = "PRIORITY";
transport = "_TRANSPORT";
unit = "_SYSTEMD_UNIT";
# coredump
#coredump_cgroup = "COREDUMP_CGROUP";
#coredump_exe = "COREDUMP_EXE";
#coredump_cmdline = "COREDUMP_CMDLINE";
#coredump_uid = "COREDUMP_UID";
#coredump_gid = "COREDUMP_GID";
};
}
{
# Set the unit (defaulting to the transport like audit and kernel)
template = {
source = "unit";
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
};
}
{
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
replace = {
source = "unit";
expression = "^(session-\\d+.scope)$";
replace = "session.scope";
};
}
{
# Map priority to human readable
template = {
source = "priority_label";
#template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
template = createTemplateLine [
"emergency"
"alert"
"critical"
"error"
"warning"
"notice"
"info"
"debug"
];
};
}
{
# Map facility to human readable
template =
{
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
}
{
# Key is REQUIRED and the name for the label that will be created.
# Value is optional and will be the name from extracted data whose value
# will be used for the value of the label. If empty, the value will be
# inferred to be the same as the key.
labels = {
boot_id = "";
facility = "";
facility_label = "";
instance = "";
priority = "";
priority_label = "";
transport = "";
unit = "";
};
}
{
# Write the proper message instead of JSON
output.source = "msg";
}
];
}
];
};
};
})
];
}

32
components/monitor/metrics-export-zfs.nix Normal file
View file

@ -0,0 +1,32 @@
{ pkgs, config, lib, ... }:
with lib;
with types;
{
options.components.monitor.exporters.zfs.enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
config = mkMerge [
(mkIf config.components.monitor.exporters.zfs.enable {
services.telegraf.extraConfig.inputs.zfs = { };
services.prometheus.exporters.zfs.enable = true;
services.opentelemetry-collector.settings = {
receivers.prometheus.config.scrape_configs = [
{
job_name = "zfs";
scrape_interval = "10s";
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
}
];
service.pipelines.metrics.receivers = [ "prometheus" ];
};
})
];
}

35
components/monitor/metrics-netdata.nix Normal file
View file

@ -0,0 +1,35 @@
{ lib, pkgs, config, ... }:
with lib;
with types;
{
options.components.monitor.netdata = {
enable = mkOption {
type = bool;
default = config.components.monitor.metrics.enable;
};
};
config = mkIf config.components.monitor.netdata.enable {
# netdata sink
services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
{
job_name = "netdata";
scrape_interval = "10s";
metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ];
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
}
];
# https://docs.netdata.cloud/daemon/config/
services.netdata = {
enable = lib.mkDefault true;
config = {
global = {
"memory mode" = "ram";
};
};
};
};
}

45
components/monitor/metrics-prometheus.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.prometheus;
in
{
options.components.monitor.prometheus = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
port = mkOption {
type = int;
default = 8090;
description = "port to provide Prometheus export";
};
};
config = mkMerge [
(mkIf config.components.monitor.prometheus.enable {
services.prometheus = {
checkConfig = "syntax-only";
enable = true;
};
})
(mkIf config.components.monitor.prometheus.enable {
services.opentelemetry-collector.settings = {
exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
service.pipelines.metrics.exporters = [ "prometheus" ];
};
services.prometheus.scrapeConfigs = [
{
job_name = "opentelemetry";
metrics_path = "/metrics";
scrape_interval = "10s";
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
}
];
})
];
}

50
components/monitor/metrics-telegraf.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, pkgs, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.telegraf;
in
{
options.components.monitor.telegraf = {
enable = mkOption {
type = lib.types.bool;
default = config.components.monitor.metrics.enable;
};
influxDBPort = mkOption {
type = int;
default = 8088;
description = "Port to listen on influxDB input";
};
};
config = lib.mkMerge [
(mkIf config.components.monitor.telegraf.enable {
# opentelemetry wireing
services.opentelemetry-collector.settings = {
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ];
};
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
})
(mkIf config.components.monitor.telegraf.enable {
systemd.services.telegraf.path = [ pkgs.inetutils ];
services.telegraf = {
enable = true;
extraConfig = {
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
inputs = {
cpu = { };
diskio = { };
processes = { };
system = { };
systemd_units = { };
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
};
};
};
})
];
}

205
components/monitor/opentelemetry.nix Normal file
View file

@ -0,0 +1,205 @@
{ pkgs, config, lib, ... }:
with lib;
with types;
let
cfg = config.components.monitor.opentelemetry;
in
{
options.components.monitor.opentelemetry = {
enable = mkOption {
type = bool;
default = config.components.monitor.enable;
description = "weather or not to use opentelemetry";
};
receiver.endpoint = mkOption {
type = nullOr str;
default = null;
description = "endpoint to receive the opentelementry data from other collectors";
};
exporter.endpoint = mkOption {
type = nullOr str;
default = null;
description = "endpoint to ship opentelementry data too";
};
exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]);
default = null;
description = "enable debug exporter.";
};
metrics.endpoint = mkOption {
type = str;
default = "127.0.0.1:8100";
description = "endpoint on where to provide opentelementry metrics";
};
};
config = mkMerge [
(mkIf config.components.monitor.opentelemetry.enable {
services.opentelemetry-collector = {
enable = true;
package = pkgs.opentelemetry-collector-contrib;
};
})
# add default tags to metrics
# todo : make sure we filter out metrics from otlp receivers
(mkIf config.components.monitor.enable {
services.opentelemetry-collector.settings = {
processors = {
# https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
"resourcedetection/system" = {
detectors = [ "system" ];
override = false;
system.hostname_sources = [ "os" ];
};
metricstransform.transforms = [
{
include = ".*";
match_type = "regexp";
action = "update";
operations = [{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}];
}
];
};
};
})
(mkIf config.components.monitor.metrics.enable {
services.opentelemetry-collector.settings = {
service.pipelines.metrics.processors = [
"metricstransform"
"resourcedetection/system"
];
};
})
(mkIf config.components.monitor.logs.enable {
services.opentelemetry-collector.settings = {
service.pipelines.logs.processors = [ "resourcedetection/system" ];
};
})
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = {
exporters.debug = {
verbosity = "detailed";
sampling_initial = 5;
sampling_thereafter = 200;
};
service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
exporters = [ "debug" ];
};
};
})
# ship to next instance
(mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
services.opentelemetry-collector.settings = {
exporters.otlp = {
endpoint = cfg.exporter.endpoint;
tls.insecure = true;
};
};
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ];
};
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ];
};
})
# ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
services.opentelemetry-collector.settings = {
receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
};
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ];
};
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ];
};
})
# scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?)
# todo : enable me only when metrics.endpoint is set.
(mkIf config.components.monitor.metrics.enable {
services.opentelemetry-collector.settings = {
receivers = {
prometheus.config.scrape_configs = [
{
job_name = "otelcol";
scrape_interval = "10s";
static_configs = [{
targets = [ cfg.metrics.endpoint ];
}];
metric_relabel_configs = [
{
source_labels = [ "__name__" ];
regex = ".*grpc_io.*";
action = "drop";
}
];
}
];
};
service = {
pipelines.metrics = {
receivers = [ "prometheus" ];
};
# todo : this should be automatically be collected
# open telemetries own metrics?
telemetry.metrics.address = cfg.metrics.endpoint;
};
};
})
(mkIf (! config.components.monitor.metrics.enable) {
services.opentelemetry-collector.settings = {
service.telemetry.metrics.level = "none";
};
})
];
}

4
components/network/hosts.nix
View file

@ -1,9 +1,5 @@
{ clanLib, ... }:
{ {
networking.extraHosts = '' networking.extraHosts = ''
95.216.66.212 orbi.public 95.216.66.212 orbi.public
''; '';
services.openssh.knownHosts = {
"orbi.public".publicKey = clanLib.readFact "ssh.id_ed25519.pub" "orbi";
};
} }

61
components/network/nginx.nix
View file

@ -1,10 +1,4 @@
{ { config, lib, pkgs, assets, ... }:
config,
lib,
pkgs,
assets,
...
}:
with lib; with lib;
{ {
options.components.network.nginx.enable = mkOption { options.components.network.nginx.enable = mkOption {
@ -22,13 +16,8 @@ with lib;
environment.systemPackages = [ environment.systemPackages = [
pkgs.nginx-config-formatter pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" { (pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
flakeIgnore = [ (lib.fileContents "${assets}/nginx-show-config.py"))
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
]; ];
security.acme.defaults.email = "contact@ingolf-wagner.de"; security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -96,11 +85,7 @@ with lib;
root = pkgs.landingpage.override { root = pkgs.landingpage.override {
jsonConfig = jsonConfig =
let let
entry = entry = { machine, items ? [ ] }:
{
machine,
items ? [ ],
}:
{ {
text = machine; text = machine;
items = [ items = [
@ -175,7 +160,7 @@ with lib;
]; ];
}) })
(entry { machine = "cherry"; }) (entry { machine = "cherry"; })
#(entry { machine = "cream"; }) (entry { machine = "cream"; })
(entry { machine = "mobi"; }) (entry { machine = "mobi"; })
(entry { machine = "bobi"; }) (entry { machine = "bobi"; })
{ {
@ -189,12 +174,14 @@ with lib;
{ {
label = "Hetzner Cloud"; label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects"; href = "https://console.hetzner.cloud/projects";
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif"; image =
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
} }
{ {
label = "Cups"; label = "Cups";
href = "http://localhost:631/"; href = "http://localhost:631/";
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif"; image =
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
} }
]; ];
} }
@ -204,42 +191,52 @@ with lib;
{ {
label = "NixOS Manual"; label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/"; href = "https://nixos.org/nixos/manual/";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif"; image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
} }
{ {
label = "Nixpkgs Manual"; label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/"; href = "https://nixos.org/nixpkgs/manual/";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif"; image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
} }
{ {
label = "NixOS Reference"; label = "NixOS Reference";
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library"; href =
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif"; "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
} }
{ {
label = "Nix Packages"; label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html"; href = "https://nixos.org/nixos/packages.html";
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif"; image =
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
} }
{ {
label = "NixOS Language specific helpers"; label = "NixOS Language specific helpers";
href = "https://nixos.wiki/wiki/Language-specific_package_helpers"; href =
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif"; "https://nixos.wiki/wiki/Language-specific_package_helpers";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
} }
{ {
label = "NixOS Weekly"; label = "NixOS Weekly";
href = "https://weekly.nixos.org/"; href = "https://weekly.nixos.org/";
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif"; image =
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
} }
{ {
label = "NixOS Security"; label = "NixOS Security";
href = "https://broken.sh/"; href = "https://broken.sh/";
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif"; image =
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
} }
{ {
label = "NixOS RFCs"; label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/"; href = "https://github.com/NixOS/rfcs/";
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif"; image =
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
} }
]; ];
} }

20
components/network/sshd/default.nix
View file

@ -1,17 +1,13 @@
{ { pkgs, config, lib, assets, ... }:
pkgs,
config,
lib,
assets,
...
}:
with lib; with lib;
with types; with types;
let let
defaultRootKeyFiles = [ "${assets}/mrvandalo_rsa.pub" ];
cfg = config.components.network.sshd; cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here # maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } '' sshBanner = pkgs.runCommand "ssh-banner"
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
''; '';
@ -29,6 +25,11 @@ in
type = bool; type = bool;
default = true; default = true;
}; };
rootKeyFiles = mkOption {
type = with types; listOf path;
default = [ ];
description = "keys to root login";
};
onlyTincAccess = mkOption { onlyTincAccess = mkOption {
type = bool; type = bool;
default = false; default = false;
@ -58,13 +59,14 @@ in
# settings.LoginGraceTime = 0; # settings.LoginGraceTime = 0;
}; };
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
# todo enable again when I can it's possible to set the `-q` ssh option in clan # todo enable again when I can it's possible to set the `-q` ssh option in clan
#services.openssh.banner = builtins.readFile sshBanner; #services.openssh.banner = builtins.readFile sshBanner;
}) })
(mkIf (cfg.onlyTincAccess && cfg.enable) { (mkIf (cfg.onlyTincAccess && cfg.enable) {
# fixme: this is not working
networking.firewall.extraCommands = '' networking.firewall.extraCommands = ''
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0 iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
''; '';

17
components/network/sshd/known-hosts-manual.nix
View file

@ -1,10 +1,4 @@
{ { pkgs, config, lib, clanLib, ... }:
pkgs,
config,
lib,
clanLib,
...
}:
with lib; with lib;
let let
publicKey = clanLib.readFact "ssh.id_ed25519.pub"; publicKey = clanLib.readFact "ssh.id_ed25519.pub";
@ -15,18 +9,11 @@ in
services.openssh.knownHosts = { services.openssh.knownHosts = {
orbi = { orbi = {
hostNames = [ hostNames = [
"git.ingolf-wagner.de"
"95.216.66.212" "95.216.66.212"
]; ];
publicKey = publicKey "orbi"; publicKey = publicKey "orbi";
}; };
forgejo = {
hostNames = [
"[git.ingolf-wagner.de]:2222"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
};
}; };
}; };

64
components/network/sshd/known-hosts-public.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
config = mkIf (config.components.network.sshd.enable) { config = mkIf (config.components.network.sshd.enable) {
@ -33,66 +28,65 @@ with lib;
}; };
gitlab = { gitlab = {
hostNames = [ "gitlab.com" ]; hostNames = [ "gitlab.com" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY="; publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
}; };
gitlab-bk = { gitlab-bk = {
hostNames = [ hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
"gitlab.bk-bund-berlin.de" publicKey =
"116.203.133.59" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
}; };
# space-left # space-left
gitlabSpaceLeft = { gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ]; hostNames = [ "git.space-left.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
}; };
# c-base # c-base
"bnd-cbase" = { "bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ]; hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E="; publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
}; };
"shell.cbase" = { "shell.cbase" = {
hostNames = [ "shell.c-base.org" ]; hostNames = [ "shell.c-base.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
}; };
"kgb.cbase" = { "kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ]; hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8="; publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
}; };
"cns.cbase" = { "cns.cbase" = {
hostNames = [ "cns.c-base.org" ]; hostNames = [ "cns.c-base.org" ];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A="; publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
}; };
"lassulus" = { "lassulus" = {
hostNames = [ "[lassul.us]:45621" ]; hostNames = [ "[lassul.us]:45621" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
}; };
renoise = { renoise = {
hostNames = [ hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
"*.renoise.com" publicKey =
"renoise.com" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
}; };
git-renoise = { git-renoise = {
hostNames = [ hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
"[git.renoise.com]:2229" publicKey =
"[94.130.128.97]:2229" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
}; };
"siteground" = { "siteground" = {
hostNames = [ hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
"[es5.siteground.eu]:18765" publicKey =
"[37.60.224.6]:18765" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
}; };
"cracksucht.de" = { "cracksucht.de" = {
hostNames = [ "cracksucht.de" ]; hostNames = [ "cracksucht.de" ];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian"; publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
}; };
}; };

24
components/network/sshd/known-hosts-zerotier.nix
View file

@ -1,34 +1,34 @@
{ { lib, config, clanLib, ... }:
lib,
config,
clanLib,
...
}:
with lib; with lib;
with types; with types;
let let
machines = clanLib.allMachineNames; machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub"; publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain; tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines (machine: { knownHosts = lib.genAttrs machines
(machine:
{
hostNames = [ hostNames = [
"${machine}" "${machine}"
"${machine}.${tld}" "${machine}.${tld}"
"${machine}.private" "${machine}.private"
]; ];
publicKey = publicKey machine; publicKey = publicKey machine;
}); }
);
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub"; bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs' ( knownBootHosts = lib.mapAttrs'
machine: publicKey: (machine: publicKey: nameValuePair
nameValuePair "boot_${machine}" { "boot_${machine}"
{
inherit publicKey; inherit publicKey;
hostNames = [ hostNames = [
"[${machine}]:2222" "[${machine}]:2222"
"[${machine}.public]:2222" "[${machine}.public]:2222"
]; ];
} }
) bootMachines; )
bootMachines;
in in
{ {

109
components/network/syncthing.nix
View file

@ -1,13 +1,15 @@
{ { config, lib, pkgs, factsGenerator, clanLib, ... }:
config, let
lib, clanMachines =
pkgs, lib.mapAttrs
factsGenerator, (machine: facts: {
clanLib, name = machine;
... id = facts."syncthing.pub";
}: addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
with lib; })
{ (clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
in
with lib; {
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ]; # networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -20,19 +22,6 @@ with lib;
cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path; cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
settings.devices = settings.devices =
let let
clanMachines =
lib.mapAttrs
(machine: facts: {
name = machine;
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: { device = machine: id: {
"${machine}" = { "${machine}" = {
name = machine; name = machine;
@ -43,27 +32,22 @@ with lib;
in in
clanMachines clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF") // (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "iPad" "NEGOJYU-EEDRM4E-XVZUKFO-63LAIOO-WHFFS2V-3SH3KR2-VYEFQLW-4QOFBQU") // (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ"); ;
settings.folders = { settings.folders = {
# needs to be on encrypted drives
# -------------------------------
audiobooks = { audiobooks = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks"; path = lib.mkDefault "/tmp/audiobooks";
devices = [ devices = [ "chungus" "orbi" ];
"chungus"
"orbi"
];
}; };
books = { books = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books"; path = lib.mkDefault "/tmp/books";
devices = [ devices = [ "chungus" "cream" "cherry" ];
"chungus"
# "cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "2"; params.keep = "2";
@ -72,20 +56,12 @@ with lib;
desktop = { desktop = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop"; path = lib.mkDefault "/tmp/desktop";
devices = [ devices = [ "chungus" "cream" "cherry" ];
"chungus"
# "cream"
"cherry"
];
}; };
finance = { finance = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance"; path = lib.mkDefault "/tmp/finance";
devices = [ devices = [ "chungus" "cream" "cherry" ];
"chungus"
# "cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -94,46 +70,27 @@ with lib;
flix = { flix = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix"; path = lib.mkDefault "/tmp/flix";
devices = [ devices = [ "chungus" "orbi" ];
"chungus"
"orbi"
];
}; };
logseq = { logseq = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq"; path = lib.mkDefault "/tmp/logseq";
devices = [ devices = [ "chungus" "cream" "cherry" "iPhone" ];
"cherry"
"chungus"
"iPad"
"iPhone"
];
}; };
lectures = { lectures = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures"; path = lib.mkDefault "/tmp/lectures";
devices = [ devices = [ "chungus" "orbi" ];
"chungus"
"orbi"
];
}; };
oscar_cpap = { oscar_cpap = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap"; path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ devices = [ "chungus" "cream" "cherry" ];
"chungus"
# "cream"
"cherry"
];
}; };
password-store = { password-store = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store"; path = lib.mkDefault "/tmp/password-store";
devices = [ devices = [ "chungus" "cream" "cherry" ];
"chungus"
# "cream"
"cherry"
];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -143,12 +100,18 @@ with lib;
share = { share = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store"; path = lib.mkDefault "/tmp/password-store";
devices = [ devices = [ "cream" "cherry" "orbi" ];
# "cream"
"cherry"
"orbi"
];
}; };
# todo remove if zfs is is used
#nextcloud_backup = {
# enable = lib.mkDefault false;
# path = lib.mkDefault "/tmp/lost-fotos";
# devices = [ "chungus" ];
# versioning = {
# type = "simple";
# params.keep = "2";
# };
#};
}; };
}; };

21
components/network/tinc/default.nix
View file

@ -1,10 +1,4 @@
{ { lib, config, factsGenerator, clanLib, ... }:
lib,
config,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
{ {
@ -26,21 +20,18 @@ with lib;
}; };
config = mkMerge [ config = mkMerge [
(mkIf config.tinc.private.enable ( (mkIf config.tinc.private.enable (import ./private.nix {
import ./private.nix {
ipv4 = config.tinc.private.ipv4; ipv4 = config.tinc.private.ipv4;
ipv6 = null; ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList; inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib; inherit config factsGenerator clanLib;
} }))
)) (mkIf config.tinc.secret.enable (import ./secret.nix {
(mkIf config.tinc.secret.enable (
import ./secret.nix {
ipv4 = config.tinc.secret.ipv4; ipv4 = config.tinc.secret.ipv4;
ipv6 = null; ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList; inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib; inherit config factsGenerator clanLib;
} }))
))
]; ];
} }

37
components/network/tinc/private.nix
View file

@ -1,20 +1,19 @@
{ { ipv4
ipv4, , ipv6
ipv6, , config
config, , optionalString
optionalString, , concatStringsSep
concatStringsSep, , factsGenerator
factsGenerator, , mapAttrsToList
mapAttrsToList, , clanLib
clanLib, , ...
...
}: }:
let let
hosts = { hosts = {
bobi = "10.23.42.25"; bobi = "10.23.42.25";
cherry = "10.23.42.29"; cherry = "10.23.42.29";
chungus = "10.23.42.28"; chungus = "10.23.42.28";
# cream = "10.23.42.27"; cream = "10.23.42.27";
mobi = "10.23.42.23"; mobi = "10.23.42.23";
orbi = "10.23.42.100"; orbi = "10.23.42.100";
}; };
@ -28,7 +27,6 @@ let
"photoprism.orbi" = hosts.orbi; "photoprism.orbi" = hosts.orbi;
# chungus # chungus
"video.chungus" = hosts.chungus; "video.chungus" = hosts.chungus;
"music.chungus" = hosts.chungus;
"de.tts.chungus" = hosts.chungus; "de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus; "en.tts.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus; "flix.chungus" = hosts.chungus;
@ -53,8 +51,7 @@ in
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap"; interfaceType = "tap";
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
@ -68,10 +65,10 @@ in
subnets = [{ address = hosts.bobi; }]; subnets = [{ address = hosts.bobi; }];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD"; settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
}; };
# cream = { cream = {
# subnets = [ { address = hosts.cream; } ]; subnets = [{ address = hosts.cream; }];
# settings.Ed25519PublicKey = Ed25519PublicKey "cream"; settings.Ed25519PublicKey = Ed25519PublicKey "cream";
# }; };
cherry = { cherry = {
subnets = [{ address = hosts.cherry; }]; subnets = [{ address = hosts.cherry; }];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry"; settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
@ -103,8 +100,6 @@ in
LinkLocalAddressing = no LinkLocalAddressing = no
''; '';
networking.extraHosts = concatStringsSep "\n" ( networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
} }

67
components/network/tinc/secret.nix
View file

@ -1,18 +1,17 @@
{ { ipv4
ipv4, , ipv6
ipv6, , config
config, , optionalString
optionalString, , concatStringsSep
concatStringsSep, , mapAttrsToList
mapAttrsToList, , factsGenerator
factsGenerator, , ...
...
}: }:
let let
port = 721; port = 721;
hosts = { hosts = {
cherry = "10.123.42.29"; cherry = "10.123.42.29";
# cream = "10.123.42.27"; cream = "10.123.42.27";
robi = "10.123.42.123"; robi = "10.123.42.123";
sternchen = "10.123.42.25"; sternchen = "10.123.42.25";
sterni = "10.123.42.24"; sterni = "10.123.42.24";
@ -24,8 +23,7 @@ in
services.tinc.networks = { services.tinc.networks = {
${network} = { ${network} = {
ed25519PrivateKeyFile = ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = '' extraConfig = ''
LocalDiscovery = yes LocalDiscovery = yes
Port = ${toString port} Port = ${toString port}
@ -35,10 +33,10 @@ in
subnets = [{ address = hosts.sternchen; }]; subnets = [{ address = hosts.sternchen; }];
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB"; settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
}; };
# cream = { cream = {
# subnets = [ { address = hosts.cream; } ]; subnets = [{ address = hosts.cream; }];
# settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL"; settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
# }; };
cherry = { cherry = {
subnets = [{ address = hosts.cherry; }]; subnets = [{ address = hosts.cherry; }];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC"; settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
@ -48,12 +46,7 @@ in
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O"; settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
}; };
robi = { robi = {
addresses = [ addresses = [{ address = "144.76.13.147"; port = port; }];
{
address = "144.76.13.147";
port = port;
}
];
subnets = [{ address = hosts.robi; }]; subnets = [{ address = hosts.robi; }];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL"; settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
}; };
@ -75,37 +68,23 @@ in
LinkLocalAddressing = no LinkLocalAddressing = no
''; '';
networking.extraHosts = concatStringsSep "\n" ( networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
services.openssh.knownHosts = { services.openssh.knownHosts = {
# "cream.${network}" = { "cream.${network}" = {
# hostNames = [ hostNames = [ "cream.${network}" hosts.cream ];
# "cream.${network}" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
# hosts.cream };
# ];
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
# };
"sternchen.${network}" = { "sternchen.${network}" = {
hostNames = [ hostNames = [ "sterni.${network}" hosts.sterni ];
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
}; };
"sterni.${network}" = { "sterni.${network}" = {
hostNames = [ hostNames = [ "sterni.${network}" hosts.sterni ];
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
}; };
"robi" = { "robi" = {
hostNames = [ hostNames = [ "robi.${network}" hosts.robi ];
"robi.${network}"
hosts.robi
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
}; };
}; };

9
components/network/wifi.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -27,6 +22,7 @@ with types;
# Setting this value to 1 means to try activation once, without retry. # Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999; networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing. # because Networkd-wait-online is just failing.
@ -51,3 +47,4 @@ with types;
}; };
} }

4
components/network/wireguard.nix
View file

@ -25,9 +25,9 @@ with lib;
config = { config = {
networking.extraHosts = '' networking.extraHosts = ''
10.100.0.1 cache.orbi.wg0 10.100.0.1 cache.orbi.wg0
10.100.0.1 orbi.wg0
10.100.0.2 chungus.wg0
''; '';
}; };
} }

7
components/nixos/upgrade-diff.nix
View file

@ -1,10 +1,5 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix # MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
options.components.nixos.update-diff.enable = lib.mkOption { options.components.nixos.update-diff.enable = lib.mkOption {

8
components/terminal/bash.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.bash.enable = mkOption { options.components.terminal.bash.enable = mkOption {
@ -21,6 +16,7 @@ with lib;
interactiveShellInit = "set -o vi"; interactiveShellInit = "set -o vi";
shellAliases = { shellAliases = {
ls = "ls --color=tty"; ls = "ls --color=tty";
l = "ls -CFh"; l = "ls -CFh";

8
components/terminal/default.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal = { options.components.terminal = {
@ -17,6 +12,7 @@ with lib;
./direnv.nix ./direnv.nix
./git.nix ./git.nix
./heygpt.nix ./heygpt.nix
./hoard.nix
./remote-install.nix ./remote-install.nix
./wtf.nix ./wtf.nix
./zsh.nix ./zsh.nix

12
components/terminal/direnv.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.direnv.enable = mkOption { options.components.terminal.direnv.enable = mkOption {
@ -17,10 +12,7 @@ with lib;
home-manager.sharedModules = [ home-manager.sharedModules = [
{ {
programs.direnv.enable = true; programs.direnv.enable = true;
programs.git.ignores = [ programs.git.ignores = [ ".envrc" ".direnv" ];
".envrc"
".direnv"
];
} }
]; ];

9
components/terminal/git.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.git.enable = mkOption { options.components.terminal.git.enable = mkOption {
@ -13,6 +8,7 @@ with lib;
config = mkIf (config.components.terminal.git.enable) { config = mkIf (config.components.terminal.git.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gita gita
@ -33,3 +29,4 @@ with lib;
]; ];
}; };
} }

7
components/terminal/heygpt.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
options.components.terminal.heygpt.enable = mkOption { options.components.terminal.heygpt.enable = mkOption {

62
components/terminal/hoard.nix Normal file
View file

@ -0,0 +1,62 @@
{ pkgs, config, lib, ... }:
with lib;
let
hoardSrc = pkgs.fetchFromGitHub {
owner = "Hyde46";
repo = "hoard";
rev = "v1.3.1";
sha256 = "sha256-Gm3X6/g5JQJEl7wRvWcO4j5XpROhtfRJ72LNaUeZRGc=";
};
in
{
options.components.terminal.hoard.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.hoard.enable) {
# todo : sync via syncthing
#backup.dirs = [
# "/root/.config/hoard"
# "/home/palo/.config/hoard"
#];
environment.systemPackages = [ pkgs.legacy_2211.hoard ];
home-manager.users.mainUser = {
xdg.configFile."hoard/config.yml".text = builtins.toJSON {
version = "1.0.1";
default_namespace = "default";
config_home_path = "/home/palo/.config/hoard";
trove_path = "/home/palo/.config/hoard/trove.yml";
query_prefix = " >";
primary_color = [ 87 142 87 ];
secondary_color = [ 203 184 144 ];
tertiary_color = [ 30 30 30 ];
command_color = [ 30 30 30 ];
parameter_token = "#";
read_from_current_directory = true;
};
programs.zsh.initExtra = ''
export HOARD_NOBIND=1
source ${hoardSrc}/src/shell/hoard.zsh
bindkey '^x' _hoard_list_widget
'';
};
# use showkey -a
# Ctrl-h is equivalent to Ctrl-Backspace (for some reason)
programs.zsh.interactiveShellInit = ''
export HOARD_NOBIND=1
source ${hoardSrc}/src/shell/hoard.zsh
bindkey '^x' _hoard_list_widget
'';
programs.bash.interactiveShellInit = ''
export HOARD_NOBIND=1
source ${hoardSrc}/src/shell/hoard.bash
bind -x '"\C-x": __hoard_list'
'';
};
}

7
components/terminal/remote-install.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.remote-install.enable = mkOption { options.components.terminal.remote-install.enable = mkOption {

195
components/terminal/wtf.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
let let
@ -23,7 +18,7 @@ let
${pkgs.iw}/bin/iw dev \ ${pkgs.iw}/bin/iw dev \
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p' | ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
); do ); do
inet=$(${pkgs.iproute2}/bin/ip addr show $dev \ inet=$(${pkgs.iproute}/bin/ip addr show $dev \
| ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \ | ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \
|| unset inet || unset inet
ssid=$(${pkgs.iw}/bin/iw dev $dev link \ ssid=$(${pkgs.iw}/bin/iw dev $dev link \
@ -59,8 +54,8 @@ let
echo echo
''; '';
userHighlight = userHighlight = map ({ user, ... }: user)
map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ]; ++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" '' activeUsers = pkgs.writers.writeBash "active-users" ''
@ -68,20 +63,14 @@ let
| ${pkgs.gnused}/bin/sed '1 d' \ | ${pkgs.gnused}/bin/sed '1 d' \
| ${pkgs.coreutils}/bin/sort \ | ${pkgs.coreutils}/bin/sort \
| ${pkgs.coreutils}/bin/uniq \ | ${pkgs.coreutils}/bin/uniq \
| ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$' | ${pkgs.gnugrep}/bin/egrep --color=always '(${
pkgs.lib.concatStringsSep "|" userHighlight
})|$'
''; '';
# default settings # default settings
wtfModule = wtfModule =
args@{ args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
height ? 1,
width ? 1,
top,
left,
enabled ? true,
type,
...
}:
{ {
enabled = enabled; enabled = enabled;
focusable = false; focusable = false;
@ -89,50 +78,33 @@ let
position.left = left; position.left = left;
position.height = height; position.height = height;
position.width = width; position.width = width;
} } // (lib.filterAttrs
// (lib.filterAttrs ( (key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
key: _: args);
lib.all (x: x != key) [
"height"
"width"
"top"
"left"
]
) args);
# command runner module # command runner module
cmdRunner = cmdRunner = args@{ cmd, ... }:
args@{ cmd, ... }: wtfModule ({
wtfModule (
{
type = "cmdrunner"; type = "cmdrunner";
focusable = false; focusable = false;
refreshInterval = 300; refreshInterval = 300;
} } // args);
// args
);
modules = { modules = {
inherit cmdRunner; inherit cmdRunner;
digitalclock = digitalclock = args@{ top, left, ... }:
args@{ top, left, ... }: cmdRunner ({
cmdRunner (
{
cmd = pkgs.writers.writeDash "clock" '' cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"` ${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y" ${pkgs.coreutils}/bin/date +"%B %d %Y"
''; '';
title = ""; title = "";
refreshInterval = 30; refreshInterval = 30;
} } // args);
// args
);
clocks = clocks = args@{ top, left, ... }:
args@{ top, left, ... }: wtfModule ({
wtfModule (
{
type = "clocks"; type = "clocks";
title = ""; title = "";
border = false; border = false;
@ -143,43 +115,30 @@ let
locations = { locations = {
UTC = "Etc/UTC"; UTC = "Etc/UTC";
Berlin = "Europe/Berlin"; Berlin = "Europe/Berlin";
Thailand = "Asia/Bangkok"; Cuba = "America/Havana";
#Cuba = "America/Havana"; Wellington = "Pacific/Auckland";
#Wellington = "Pacific/Auckland";
}; };
sort = "alphabetical"; sort = "alphabetical";
refreshInterval = 60; refreshInterval = 60;
} } // args);
// args
);
resourceusage = resourceusage = args@{ top, left, ... }:
args@{ top, left, ... }: wtfModule ({
wtfModule (
{
type = "resourceusage"; type = "resourceusage";
title = ""; title = "";
cpuCombined = false; cpuCombined = false;
refreshInterval = 5; refreshInterval = 5;
} } // args);
// args
);
power = power = args@{ top, left, ... }:
args@{ top, left, ... }: wtfModule ({
wtfModule (
{
type = "power"; type = "power";
title = ""; title = "";
refreshInterval = 100; refreshInterval = 100;
} } // args);
// args
);
prettyweather = prettyweather = args@{ top, left, ... }:
args@{ top, left, ... }: wtfModule ({
wtfModule (
{
type = "prettyweather"; type = "prettyweather";
title = ""; title = "";
city = "Essen"; city = "Essen";
@ -187,19 +146,10 @@ let
view = 0; view = 0;
language = "en"; language = "en";
refreshInterval = 3600; refreshInterval = 3600;
} } // args);
// args
);
feedreader = feedreader = args@{ top, left, feeds, ... }:
args@{ wtfModule ({
top,
left,
feeds,
...
}:
wtfModule (
{
type = "feedreader"; type = "feedreader";
title = ""; title = "";
refreshInterval = 3600; refreshInterval = 3600;
@ -209,20 +159,10 @@ let
even = "white"; even = "white";
odd = "white"; odd = "white";
}; };
} } // args);
// args
);
github = github = args@{ top, left, username, apiKey, ... }:
args@{ wtfModule ({
top,
left,
username,
apiKey,
...
}:
wtfModule (
{
type = "github"; type = "github";
title = ""; title = "";
refreshInterval = 3600; refreshInterval = 3600;
@ -237,9 +177,7 @@ let
# - "wtfutil/wtf" # - "wtfutil/wtf"
# - "wtfutil/docs" # - "wtfutil/docs"
# - "umbrella-corp/wesker-api" # - "umbrella-corp/wesker-api"
} } // args);
// args
);
}; };
@ -252,20 +190,8 @@ let
normal = "green"; normal = "green";
}; };
grid = { grid = {
columns = [ columns = [ 28 0 0 ];
28 rows = [ 9 9 9 9 9 9 0 ];
0
0
];
rows = [
9
9
9
9
9
9
0
];
}; };
refreshInterval = 1; refreshInterval = 1;
mods = with modules; { mods = with modules; {
@ -300,7 +226,8 @@ let
top = 4; top = 4;
left = 1; left = 1;
height = 1; height = 1;
feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ]; feeds =
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
}; };
nixos = feedreader { nixos = feedreader {
title = "NixOS Weekly"; title = "NixOS Weekly";
@ -337,20 +264,8 @@ let
normal = "green"; normal = "green";
}; };
grid = { grid = {
columns = [ columns = [ 33 12 28 36 0 ];
33 rows = [ 9 4 6 6 0 ];
12
28
36
0
];
rows = [
9
4
6
6
0
];
}; };
refreshInterval = 1; refreshInterval = 1;
mods = with modules; { mods = with modules; {
@ -376,16 +291,12 @@ let
left = 0; left = 0;
}; };
yfinance = wtfModule { rates = wtfModule {
type = "yfinance"; type = "yfinance";
top = 3; top = 3;
left = 0; left = 0;
title = "rates"; title = "rates";
symbols = [ symbols = [ "EURUSD=X" "EURNZD=X" ];
"EURUSD=X"
"EURNZD=X"
"EURTHB=X"
];
refreshInterval = 60; refreshInterval = 60;
}; };
@ -396,12 +307,7 @@ let
calendar = cmdRunner { calendar = cmdRunner {
title = ""; title = "";
args = [ args = [ "-3" "--monday" "--color=never" "-w" ];
"-3"
"--monday"
"--color=never"
"-w"
];
cmd = "cal"; cmd = "cal";
top = 1; top = 1;
left = 1; left = 1;
@ -463,12 +369,9 @@ let
}; };
}; };
createDashboard = createDashboard = { json, name }:
{ json, name }: let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
let in pkgs.writers.writeBashBin name ''
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in
pkgs.writers.writeBashBin name ''
${pkgs.wtf}/bin/wtfutil --config=${toString configuration} ${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
''; '';

7
components/terminal/zsh.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
options.components.terminal.zsh.enable = mkOption { options.components.terminal.zsh.enable = mkOption {

7
components/timezone.nix
View file

@ -1,9 +1,8 @@
{ lib, ... }:
{ {
# some system stuff # some system stuff
# ----------------- # -----------------
time.timeZone = "Europe/Berlin"; time.timeZone = "Europe/Berlin";
#time.timeZone = "Pacific/Auckland"; #time.timeZone = lib.mkDefault "Pacific/Auckland";
#time.timeZone = "Asia/Singapore"; #time.timeZone = lib.mkDefault "Asia/Singapore";
#time.timeZone = "Asia/Makassar"; #time.timeZone = lib.mkDefault "Asia/Makassar";
} }

7
components/virtualisation/docker.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/podman.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/qemu.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

7
components/virtualisation/virtualbox.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {

8
components/yubikey.nix
View file

@ -1,12 +1,7 @@
# References: # References:
# * https://github.com/drduh/YubiKey-Guide # * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey # * https://nixos.wiki/wiki/Yubikey
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
{ {
@ -21,6 +16,7 @@ with lib;
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.packages = [ pkgs.yubikey-personalization ];
environment.systemPackages = [ environment.systemPackages = [
pkgs.yubikey-personalization pkgs.yubikey-personalization

13
features/boot/ssh.nix
View file

@ -1,11 +1,4 @@
{ { config, lib, pkgs, factsGenerator, clanLib, ... }:
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
with types; with types;
@ -18,7 +11,8 @@ with types;
kernelModules = mkOption { kernelModules = mkOption {
type = listOf str; type = listOf str;
default = [ ]; default = [ ];
description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface"; description =
"nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
}; };
}; };
@ -48,3 +42,4 @@ with types;
}; };
} }

27
features/boot/tor.nix
View file

@ -1,11 +1,4 @@
{ { config, lib, pkgs, factsGenerator, clanLib, ... }:
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib; with lib;
with types; with types;
{ {
@ -23,13 +16,14 @@ with types;
name = "initrd"; name = "initrd";
addressPrefix = "init"; addressPrefix = "init";
}; };
boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) ( boot.initrd.secrets =
genAttrs [ mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file)
(genAttrs [
"hostname" "hostname"
"hs_ed25519_public_key" "hs_ed25519_public_key"
"hs_ed25519_secret_key" "hs_ed25519_secret_key"
] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path) ]
); (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path));
boot.initrd.systemd.storePaths = [ boot.initrd.systemd.storePaths = [
pkgs.tor pkgs.tor
@ -49,10 +43,7 @@ with types;
boot.initrd.systemd.services.tor = { boot.initrd.systemd.services.tor = {
description = "tor during init"; description = "tor during init";
wantedBy = [ "initrd.target" ]; wantedBy = [ "initrd.target" ];
after = [ after = [ "network.target" "initrd-nixos-copy-secrets.service" ];
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ]; before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ]; conflicts = [ "shutdown.target" ];
@ -62,7 +53,8 @@ with types;
pkgs.iproute2 pkgs.iproute2
pkgs.coreutils pkgs.coreutils
]; ];
script = '' script =
''
echo "tor: preparing onion folder" echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start # have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor chmod -R 700 /etc/tor
@ -74,3 +66,4 @@ with types;
}; };
}; };
} }

7
features/network/fail2ban.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with lib; with lib;
{ {
options.features.network.fail2ban.enable = mkOption { options.features.network.fail2ban.enable = mkOption {

8
features/network/sshguard.nix
View file

@ -1,10 +1,4 @@
{ { pkgs, config, lib, assets, ... }:
pkgs,
config,
lib,
assets,
...
}:
with lib; with lib;
with types; with types;
{ {

893
flake.lock
View file

File diff suppressed because it is too large Load diff

445
flake.nix
View file

@ -1,51 +1,80 @@
{ {
# "git+file:///<full-path>" for fixing an input
inputs = { inputs = {
clan-core.inputs.flake-parts.follows = "flake-parts";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
clan-fact-generators.inputs.clan-core.follows = "clan-core";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
healthchecks.inputs.nixpkgs.follows = "nixpkgs"; flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
healthchecks.url = "github:mrvandalo/nixos-healthchecks";
#healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck"; clan-fact-generators = {
home-manager-utils.inputs.home-manager.follows = "home-manager"; url = "github:mrvandalo/clan-fact-generators";
home-manager-utils.url = "github:mrvandalo/home-manager-utils"; inputs.clan-core.follows = "clan-core";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; };
home-manager.url = "github:nix-community/home-manager";
landingpage.url = "github:mrVanDalo/landingpage"; clan-core = {
nix-topology.inputs.nixpkgs.follows = "nixpkgs"; url = "git+https://git.clan.lol/clan/clan-core";
nix-topology.url = "github:oddlama/nix-topology"; #url = "git+file:///home/palo/dev/clan-core";
nixos-anywhere.url = "github:nix-community/nixos-anywhere"; inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
nixos-hardware.url = "github:nixos/nixos-hardware"; inputs.flake-parts.follows = "flake-parts";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixos-anywhere.url = "github:nix-community/nixos-anywhere";
permown.inputs.nixpkgs.follows = "nixpkgs";
permown.url = "github:mrVanDalo/module.permown"; home-manager = {
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git"; #url = "github:nix-community/home-manager/release-23.11";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input url = "github:nix-community/home-manager";
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main"; #inputs.nixpkgs.follows = "nixpkgs";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts"; };
retiolum.url = "github:Mic92/retiolum";
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
home-manager-utils = {
url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager";
};
permown = {
url = "github:mrVanDalo/module.permown";
#url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs";
};
private_assets = {
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = true;
};
retiolum = {
url = "github:Mic92/retiolum";
#url = "git+file:///home/palo/dev/nixos/retiolum";
};
srvos.url = "github:nix-community/srvos"; srvos.url = "github:nix-community/srvos";
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs"; landingpage = {
stylix.url = "github:danth/stylix"; #url = "git+file:///home/palo/dev/landingpage";
taskwarrior.inputs.nixpkgs.follows = "nixpkgs"; url = "github:mrVanDalo/landingpage";
taskwarrior.url = "github:mrvandalo/taskwarrior-flake"; };
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
telemetry.inputs.nixpkgs.follows = "nixpkgs"; # todo: mabye use https://github.com/jtroo/kanata instead
telemetry.url = "github:mrvandalo/nixos-telemetry"; # fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry"; kmonad = {
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs"; url = "github:kmonad/kmonad?dir=nix";
treefmt-nix.url = "github:numtide/treefmt-nix"; inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
# smoke test framwork to trigger tests (enable if I want to use it for real) # smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = { #smoke = {
@ -53,46 +82,54 @@
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
#}; #};
# had to override it to remove colors
taskshell = {
url = "github:mrvandalo/taskshell";
inputs.nixpkgs.follows = "nixpkgs";
};
# my own tool
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
}; };
outputs = outputs =
inputs@{ inputs@{ self
clan-core, , clan-core
clan-fact-generators, , clan-fact-generators
flake-parts, , flake-parts
healthchecks, , home-manager
home-manager, , home-manager-utils
home-manager-utils, , kmonad
landingpage, , landingpage
nix-topology, , nixos-anywhere
nixos-anywhere, , nixos-hardware
nixos-hardware, , nixpkgs
nixpkgs, , nixpkgs-legacy_2211
nixpkgs-legacy_2211, , nixpkgs-legacy_2311
nixpkgs-legacy_2311, , nixpkgs-legacy_2405
nixpkgs-legacy_2405, , nixpkgs-unstable-small
nixpkgs-unstable-small, , overviewer
permown, , permown
polygon-art, , polygon-art
private-parts, , private_assets
retiolum, , retiolum
self, , srvos
srvos, , stylix
stylix, , taskshell
taskwarrior,
telemetry,
treefmt-nix,
}: }:
let let
#system = "x86_64-linux";
#pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
meta = rec { meta = rec {
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = pkgs = import nixpkgs {
let inherit system;
allowUnfree = true; config.allowUnfree = true;
permittedInsecurePackages = [ config.permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden "electron-24.8.6" # for bitwarden
"python-2.7.18.6" "python-2.7.18.6"
"python-2.7.18.7" "python-2.7.18.7"
@ -100,99 +137,70 @@
"electron-27.3.11" # for logseq "electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq "electron-28.3.3" # for logseq
]; ];
in
import nixpkgs {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
overlays = [ overlays = [
(_self: _super: { (_self: _super: {
unstable-small = import nixpkgs-unstable-small { unstable-small = import nixpkgs-unstable-small {
inherit system; inherit system;
config = { config.allowUnfree = true;
inherit allowUnfree permittedInsecurePackages;
};
}; };
legacy_2211 = import nixpkgs-legacy_2211 { legacy_2211 = import nixpkgs-legacy_2211 {
inherit system; inherit system;
config = { config.allowUnfree = true;
inherit allowUnfree permittedInsecurePackages;
};
}; };
legacy_2311 = import nixpkgs-legacy_2311 { legacy_2311 = import nixpkgs-legacy_2311 {
inherit system; inherit system;
config = { config.allowUnfree = true;
inherit allowUnfree permittedInsecurePackages;
};
}; };
legacy_2405 = import nixpkgs-legacy_2405 { legacy_2405 = import nixpkgs-legacy_2405 {
inherit system; inherit system;
config = { config.allowUnfree = true;
inherit allowUnfree permittedInsecurePackages;
};
}; };
polygon-art = polygon-art.packages.${system}; polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain; landingpage = landingpage.packages.${system}.plain;
inherit (taskwarrior.packages.${system}) kmonad = kmonad.packages.${system}.kmonad;
bugwarrior tasksh = taskshell.packages.${system}.tasksh;
tasksh overviewer = overviewer.packages.${system}.overviewer;
taskwarrior-hooks pkl = self.packages.${system}.pkl;
;
inherit (self.packages.${system})
otpmenu
nsxiv
;
}) })
(import ./pkgs)
]; ];
}; };
specialArgs = { specialArgs = {
inherit inputs; inherit private_assets inputs;
assets = ./assets; assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; }; factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix { clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
inherit (pkgs) lib; zerotierDeviceName = "ztbn67ogn2";
machineDir = ./machines;
};
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
zerotierInterface = "ztbn67ogn2";
components = ./components; components = ./components;
features = ./features; features = ./features;
}; };
}; };
clanSetup = clanSetup =
{ { name
name, , host
host, , modules
modules, }: {
}:
{
clan.core.networking.targetHost = lib.mkDefault "root@${host}"; clan.core.networking.targetHost = lib.mkDefault "root@${host}";
nixpkgs.pkgs = meta.pkgs; nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system; nixpkgs.hostPlatform = meta.system;
clan.core.facts.secretStore = "password-store"; clan.core.facts.secretStore = "password-store";
imports = imports = modules ++ defaultModules ++ [
modules
++ defaultModules
++ [
./machines/${name}/configuration.nix ./machines/${name}/configuration.nix
nix-topology.nixosModules.default
]; ];
}; };
zerotierControllerModule = { zerotierControllerModule =
{
clan.core.networking.zerotier.controller = { clan.core.networking.zerotier.controller = {
enable = true; enable = true;
public = false; public = false;
}; };
}; };
zerotierModules = zerotierModules = { pkgs, ... }: {
{ pkgs, ... }:
{
imports = [ imports = [
# this magically adds all my machines in the zero tier network # this magically adds all my machines in the zero tier network
@ -220,26 +228,22 @@
]; ];
}; };
defaultAuthorizedKeys =
{ config, pkgs, ... }:
{
users.users.root.openssh.authorizedKeys.keyFiles = [
# yubikey key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
];
environment.systemPackages = [ pkgs.borgbackup ];
};
defaultModules = [ defaultModules = [
# make flake inputs accessiable in NixOS # make flake inputs accessiable in NixOS
{ {
_module.args.self = self; _module.args.self = self;
_module.args.inputs = self.inputs; _module.args.inputs = self.inputs;
} }
# ssh keys
({ config, ... }: {
users.users.root.openssh.authorizedKeys.keyFiles = [
# master key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
];
})
{ {
# disable emergency mode everywhere, although it might be needed on laptops # disable emergency mode everywhere, although it might be needed on laptops
boot.initrd.systemd.emergencyAccess = false; boot.initrd.systemd.emergencyAccess = false;
@ -250,20 +254,11 @@
systemd.enableEmergencyMode = false; systemd.enableEmergencyMode = false;
} }
# configure nix # configure nix
( ({ pkgs, lib, clanLib, ... }:
{
pkgs,
lib,
clanLib,
...
}:
{ {
nix.settings.substituters = [ "http://cache.orbi.wg0" ]; nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ]; nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [ "nix-command" "flakes" ];
"nix-command"
"flakes"
];
nix.settings.max-jobs = 1; nix.settings.max-jobs = 1;
# no channesl needed this way # no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -277,13 +272,10 @@
./components ./components
./features ./features
#./modules #./modules
clan-core.nixosModules.clanCore inputs.clan-core.nixosModules.clanCore
telemetry.nixosModules.telemetry
{
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
}
# inputs.stylix.nixosModules.stylix # fixme: not working # inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown permown.nixosModules.permown
kmonad.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
# retiolum.nixosModules.retiolum # fixme: not working # retiolum.nixosModules.retiolum # fixme: not working
]; ];
@ -291,8 +283,7 @@
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10; boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10; boot.loader.grub.configurationLimit = lib.mkDefault 10;
} })
)
# My Structure # My Structure
./components ./components
./features ./features
@ -300,38 +291,22 @@
#./system/all # todo : spread this across features and components #./system/all # todo : spread this across features and components
# some modules I always use # some modules I always use
telemetry.nixosModules.telemetry
permown.nixosModules.permown permown.nixosModules.permown
kmonad.nixosModules.default
# some default things I always want # some default things I always want
( ({ pkgs, ... }: {
{ pkgs, ... }:
{
boot.tmp.useTmpfs = lib.mkDefault true; boot.tmp.useTmpfs = lib.mkDefault true;
} environment.systemPackages = [
) pkgs.nixpkgs-fmt
];
})
]; ];
stylixModules = stylixModules = { pkgs, config, ... }: {
{
pkgs,
config,
lib,
...
}:
{
imports = [ stylix.nixosModules.stylix ]; imports = [ stylix.nixosModules.stylix ];
stylix.enable = true; stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml"; stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png; stylix.image = ./assets/wallpaper.png;
home-manager.sharedModules = [
{
# no need for hyperland
# https://github.com/danth/stylix/issues/543
stylix.targets.hyprpaper.enable = lib.mkForce false;
stylix.targets.hyprland.enable = lib.mkForce false;
}
];
stylix.fonts = { stylix.fonts = {
serif = { serif = {
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; }; package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
@ -345,22 +320,20 @@
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; }; package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
name = "JetBrains Mono"; name = "JetBrains Mono";
}; };
emoji = config.stylix.fonts.monospace; emoji = {
# emoji = { package = pkgs.noto-fonts-emoji;
# package = pkgs.noto-fonts-emoji; name = "Noto Color Emoji";
# name = "Noto Color Emoji"; };
# };
sizes.popups = 15; sizes.popups = 15;
}; };
}; };
homeManagerModules = homeManagerModules = { pkgs, config, ... }: {
{ pkgs, config, ... }:
{
imports = [ imports = [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
]; ];
home-manager.extraSpecialArgs = { home-manager.extraSpecialArgs = {
inherit private_assets;
assets = ./assets; assets = ./assets;
}; };
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
@ -368,29 +341,25 @@
home-manager.backupFileExtension = "backup"; home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [ home-manager.sharedModules = [
home-manager-utils.hmModule home-manager-utils.hmModule
taskwarrior.hmModules.bugwarrior
]; ];
}; };
in in
flake-parts.lib.mkFlake { inherit inputs; } ( flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
{ # We define our own systems below. you can still use this to add system specific outputs to your flake.
self, # See: https://flake.parts/getting-started
self',
pkgs,
...
}:
{
systems = [ "x86_64-linux" ]; systems = [ "x86_64-linux" ];
# import clan-core modules
imports = [ imports = [
clan-core.flakeModules.default clan-core.flakeModules.default
healthchecks.flakeModule
./nix/formatter.nix
./nix/packages
./nix/topology
]; ];
perSystem = { pkgs, ... }: {
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
};
# Define your clan # Define your clan
clan = { clan = {
# Clan wide settings. # Clan wide settings.
@ -399,15 +368,42 @@
machines = { machines = {
cherry = clanSetup { sternchen = clanSetup {
name = "cherry"; name = "sternchen";
host = "cherry.bear"; host = "sternchen.bear";
#host = "192.168.178.25";
modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-x220
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/tina;
home-manager.users.root = import ./homes/root;
}
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
({ lib, ... }: {
home-manager.sharedModules = [
{
programs.atuin.enable = lib.mkForce false;
}
];
})
{
clan.core.machineDescription = "LaLaptop";
}
];
};
cream = clanSetup {
name = "cream";
host = "cream.bear";
modules = [ modules = [
healthchecks.nixosModules.default
zerotierModules zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry private_assets.nixosModules.cream
private_assets.nixosModules.yubikey
homeManagerModules homeManagerModules
stylixModules stylixModules
{ home-manager.users.mainUser.gui.enable = true; } { home-manager.users.mainUser.gui.enable = true; }
@ -418,15 +414,28 @@
{ {
clan.core.machineDescription = "Laptop"; clan.core.machineDescription = "Laptop";
} }
(
{ config, ... }:
{
# keys only to access cherry
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
]; ];
};
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.yubikey
private_assets.nixosModules.cherry
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
} }
)
]; ];
}; };
@ -434,13 +443,12 @@
name = "chungus"; name = "chungus";
host = "chungus.bear"; host = "chungus.bear";
modules = [ modules = [
healthchecks.nixosModules.default
zerotierModules zerotierModules
zerotierControllerModule zerotierControllerModule
homeManagerModules homeManagerModules
stylixModules stylixModules
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus private_assets.nixosModules.chungus
{ {
home-manager.users.mainUser = import ./homes/palo; home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root; home-manager.users.root = import ./homes/root;
@ -448,15 +456,6 @@
{ {
clan.core.machineDescription = "Home Server"; clan.core.machineDescription = "Home Server";
} }
(
{ config, ... }:
{
# keys only to access chungus
users.users.root.openssh.authorizedKeys.keyFiles = [
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
];
}
)
]; ];
}; };
@ -465,8 +464,6 @@
host = "orbi.bear"; host = "orbi.bear";
#host = "95.216.66.212"; #host = "95.216.66.212";
modules = [ modules = [
defaultAuthorizedKeys
healthchecks.nixosModules.default
homeManagerModules homeManagerModules
stylixModules stylixModules
zerotierModules zerotierModules
@ -488,7 +485,6 @@
#host = "167.235.205.150"; #host = "167.235.205.150";
host = "95.217.18.54"; host = "95.217.18.54";
modules = [ modules = [
defaultAuthorizedKeys
homeManagerModules homeManagerModules
stylixModules stylixModules
srvos.nixosModules.hardware-hetzner-cloud srvos.nixosModules.hardware-hetzner-cloud
@ -510,7 +506,6 @@
#host = "usbstick.bear"; #host = "usbstick.bear";
host = "10.100.0.100"; host = "10.100.0.100";
modules = [ modules = [
defaultAuthorizedKeys
homeManagerModules homeManagerModules
stylixModules stylixModules
zerotierModules zerotierModules
@ -529,7 +524,7 @@
}; };
} });
);
} }

4
homes/common/default.nix
View file

@ -2,9 +2,7 @@
{ {
imports = [ imports = [
./editor.nix ./editor.nix
./network.nix ./oh-my-posh
#./oh-my-posh
./starship-rs
./packages.nix ./packages.nix
./terminal.nix ./terminal.nix
./zfs.nix ./zfs.nix

34
homes/common/network.nix
View file

@ -1,34 +0,0 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
config = mkMerge [
{
home.packages = [
# firewall analysis
pkgs.nftables
pkgs.nixos-firewall-tool
# analyser
pkgs.dnsutils
pkgs.tcpdump
pkgs.nmap
pkgs.rustscan
# helper
pkgs.ipcalc
];
}
(mkIf config.gui.enable {
home.packages = [
pkgs.wireshark
];
})
];
}

7
homes/common/oh-my-posh/default.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, config, lib, ... }:
pkgs,
config,
lib,
...
}:
with lib; with lib;
{ {
programs.oh-my-posh = { programs.oh-my-posh = {

57
homes/common/oh-my-posh/gmay.json
View file

@ -12,20 +12,11 @@
"template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ", "template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
"type": "os" "type": "os"
}, },
{
"background": "#AF3A03",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " \uf0e7 ",
"type": "root"
},
{ {
"background": "#076678", "background": "#076678",
"foreground": "#EBDBB2", "foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline", "style": "powerline",
"template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ", "template": " {{ .UserName }}@{{ .HostName }} ",
"type": "session" "type": "session"
}, },
{ {
@ -51,44 +42,28 @@
"type": "time" "type": "time"
}, },
{ {
"type": "project", "background": "#8F3F71",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"fetch_stash_count": true,
"fetch_upstream_icon": true
},
"style": "powerline", "style": "powerline",
"powerline_symbol": "", "template": " {{ .UpstreamIcon }}{{ .HEAD }}{{ if gt .StashCount 0 }} \ueb4b {{ .StashCount }}{{ end }} ",
"foreground": "#193549", "type": "git"
"background": "#ffeb3b",
"template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
}, },
{ {
"type": "git", "background": "#9D0006",
"style": "powerline",
"powerline_symbol": "",
"background": "#427b58",
"foreground": "#EBDBB2", "foreground": "#EBDBB2",
"background_templates": [ "powerline_symbol": "\ue0b0",
"{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}", "style": "powerline",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}", "template": " \uf0e7 ",
"{{ if gt .Ahead 0 }}#076678{{ end }}", "type": "root"
"{{ if gt .Behind 0 }}#076678{{ end }}"
],
"template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }}  {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }}  {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }}  {{ .StashCount }}{{ end }}",
"properties": {
"fetch_status": true,
"fetch_upstream_icon": true,
"untracked_modes": {
"/Users/user/Projects/oh-my-posh/": "no"
},
"source": "cli",
"mapped_branches": {
"feat/*": "🚀 ",
"bug/*": "🐛 "
}
}
}, },
{ {
"background": "#427B58", "background": "#427B58",
"background_templates": [ "background_templates": ["{{ if gt .Code 0 }}#9D0006{{ end }}"],
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2", "foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>", "leading_diamond": "<transparent,background>\ue0b0</>",
"properties": { "properties": {

8
homes/common/oh-my-posh/gruvbox.json
View file

@ -13,13 +13,9 @@
}, },
{ {
"background": "#fbf1c7", "background": "#fbf1c7",
"background_templates": [ "background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828", "foreground": "#282828",
"foreground_templates": [ "foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0", "powerline_symbol": "\ue0b0",
"style": "powerline", "style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ", "template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",

21
homes/common/packages.nix
View file

@ -1,16 +1,14 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
config = mkMerge [ config = mkMerge [
{ {
home.packages = [ home.packages = [
bind.dnsutils
nmap
hexyl hexyl
ipcalc
units units
difftastic difftastic
@ -23,9 +21,7 @@ with lib;
gimoji gimoji
#tldr tldr
tealdeer
navi # cheatsheet manager
bandwhich # todo : put this to common/networking.nix bandwhich # todo : put this to common/networking.nix
@ -39,16 +35,13 @@ with lib;
(writers.writeBashBin "vulnix-system" '' (writers.writeBashBin "vulnix-system" ''
${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system ${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
'') '')
# cpu load monitor
glances
]; ];
# cpu load monitor
programs.btop.enable = true; programs.btop.enable = true;
} }
(mkIf config.gui.enable { (mkIf config.gui.enable {
home.packages = [ home.packages = [
libreoffice libreoffice
@ -61,7 +54,7 @@ with lib;
aspellDicts.es aspellDicts.es
evince evince
nsxiv sxiv
gimp gimp
inkscape inkscape

33
homes/common/starship-rs/default.nix
View file

@ -1,33 +0,0 @@
{
pkgs,
config,
lib,
...
}:
with lib;
with config.lib.stylix.colors.withHashtag;
{
programs.starship = {
enable = true;
# download presets from : https://starship.rs/presets/
settings = builtins.fromTOML ((builtins.readFile ./gruvbox-rainbow.toml)) // {
palettes.stylix = {
color_fg0 = base01;
color_terminal_fg = base05;
color_terminal_bg = base00;
color_bg1 = base04;
color_bg2 = base02;
color_bg3 = base03;
color_blue = base0D;
color_aqua = base0C;
color_green = base0B;
color_orange = base0F;
color_purple = base0E;
color_red = base08;
color_yellow = base0A;
};
};
};
}

184
homes/common/starship-rs/gruvbox-rainbow.toml
View file

@ -1,184 +0,0 @@
"$schema" = 'https://starship.rs/config-schema.json'
format = """
$os\
$username\
$hostname \
[](bg:color_yellow fg:color_terminal_bg)\
$directory\
[](fg:color_yellow bg:color_aqua)\
$git_branch\
$git_status\
[](fg:color_aqua bg:color_blue)\
$c\
$rust\
$golang\
$nodejs\
$php\
$java\
$kotlin\
$haskell\
$python\
[](fg:color_blue bg:color_bg3)\
$docker_context\
$conda\
[](fg:color_bg3 bg:color_bg1)\
$time\
[ ](fg:color_bg1)\
$character"""
palette = 'stylix' # we use stylix instead of gruvbox_dark
# todo : use stylix/base16 scheme
[palettes.gruvbox_dark]
color_fg0 = '#fbf1c7'
color_terminal_bg = '#fbf1c7' # original background
color_terminal_fg = '#3c3836' # original foreground
color_bg1 = '#3c3836'
color_bg2 = '#665c54'
color_bg3 = '#665c54'
color_blue = '#458588'
color_aqua = '#689d6a'
color_green = '#98971a'
color_orange = '#d65d0e'
color_purple = '#b16286'
color_red = '#cc241d'
color_yellow = '#d79921'
[os]
disabled = false
style = "bold bg:color_blue fg:color_terminal_bg"
#format = "[$symbol ]($style)"
format = "[](color_blue)[$symbol ]($style)[ ](fg:color_blue bg:color_terminal_bg)"
[os.symbols]
Alpine = ""
Amazon = ""
Android = ""
Arch = "󰣇"
Artix = "󰣇"
CentOS = ""
Debian = "󰣚"
EndeavourOS = ""
Fedora = "󰣛"
Gentoo = "󰣨"
Linux = "󰌽"
Macos = "󰀵"
Manjaro = ""
Mint = "󰣭"
NixOS = ""
Pop = ""
Raspbian = "󰐿"
RedHatEnterprise = "󱄛"
Redhat = "󱄛"
SUSE = ""
Ubuntu = "󰕈"
Windows = "󰍲"
[username]
show_always = true
style_user = "bg:color_terminal_bg fg:color_terminal_fg"
style_root = "bg:color_terminal_bg fg:color_red bold"
format = '[$user]($style)'
[hostname]
ssh_only = true
style = "bg:color_terminal_bg fg:color_terminal_fg"
ssh_symbol = "@"
format = "[$ssh_symbol$hostname]($style)"
[directory]
style = "fg:color_fg0 bg:color_yellow"
format = "[ $path ]($style)"
truncation_length = 3
truncation_symbol = "…/"
[directory.substitutions]
"Documents" = "󰈙 "
"Downloads" = " "
"Music" = "󰝚 "
"Pictures" = " "
"Developer" = "󰲋 "
"dev" = "󰲋 "
[git_branch]
symbol = ""
style = "bg:color_aqua"
format = '[[ $symbol $branch ](fg:color_fg0 bg:color_aqua)]($style)'
[git_status]
style = "bg:color_aqua"
format = '[[($all_status$ahead_behind )](fg:color_fg0 bg:color_aqua)]($style)'
[nodejs]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[c]
symbol = " "
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[rust]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[golang]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[php]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[java]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[kotlin]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[haskell]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[python]
symbol = ""
style = "bg:color_blue"
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
[docker_context]
symbol = ""
style = "bg:color_bg3"
format = '[[ $symbol( $context) ](fg:color_fg0 bg:color_bg3)]($style)'
[conda]
style = "bg:color_bg3"
format = '[[ $symbol( $environment) ](fg:color_fg0 bg:color_bg3)]($style)'
[time]
disabled = false
time_format = "%R"
style = "bg:color_bg1"
format = '[[  $time ](fg:color_fg0 bg:color_bg1)]($style)'
[line_break]
disabled = false
[character]
disabled = false
success_symbol = "[](fg:color_bg2)[ ](bold fg:color_terminal_fg bg:color_bg2)[](fg:color_bg2)"
error_symbol = "[](fg:color_bg2)[ ](bold fg:color_red bg:color_bg2)[](fg:color_bg2)"
vimcmd_symbol = '[](bold fg:color_green)'
vimcmd_replace_one_symbol = '[](bold fg:color_purple)'
vimcmd_replace_symbol = '[](bold fg:color_purple)'
vimcmd_visual_symbol = '[](bold fg:color_yellow)'

7
homes/common/terminal.nix
View file

@ -1,9 +1,4 @@
{ { lib, pkgs, assets, ... }:
lib,
pkgs,
assets,
...
}:
{ {
programs.zsh = { programs.zsh = {

7
homes/common/zfs.nix
View file

@ -1,9 +1,4 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

4
homes/palo/default.nix
View file

@ -1,11 +1,11 @@
{ pkgs, ... }: { pkgs, ... }: {
{
imports = [ imports = [
../common ../common
./git.nix ./git.nix
./gpg.nix ./gpg.nix
./gui ./gui
#./hyperland.nix
./i3.nix ./i3.nix
./packages ./packages
./ssh.nix ./ssh.nix

35
homes/palo/doom-emacs.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkMerge [
{
home.packages = [ pkgs.ripgrep ];
}
(mkIf config.gui.enable {
programs.doom-emacs = {
enable = lib.mkDefault true;
doomPrivateDir = ./doom.d;
extraConfig = ''
;; "monospace" means use the system default. However, the default is usually two
;; points larger than I'd like, so I specify size 12 here.
(setq doom-font
(font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
;;(setq doom-font
;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
'';
#emacsPackagesOverlay = self: super: {
# # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
# gitignore-mode = pkgs.emacsPackages.git-modes;
# gitconfig-mode = pkgs.emacsPackages.git-modes;
#};
};
})
(mkIf (!config.gui.enable) {
programs.doom-emacs = {
enable = lib.mkDefault true;
doomPrivateDir = ./doom.d;
package = pkgs.emacs-nox;
};
})
];
}

4
homes/palo/doom.d/config.el Normal file
View file

@ -0,0 +1,4 @@
;; configure theme
(setq doom-theme 'doom-solarized-light)

187
homes/palo/doom.d/init.el Normal file
View file

@ -0,0 +1,187 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
ivy ; a search engine for love and life
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
;;(emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;ligatures ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
;;unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
;;(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;;rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
;;ibuffer ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
;;vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
;;(spell +flyspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;debugger ; FIXME stepping through code, to help you add bugs
;;direnv
;;docker
;;editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
;;lsp ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
;;tmux ; an API for interacting with tmux
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
;;tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
;;cc ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;elixir ; erlang done right
;;elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
;;(go +lsp) ; the hipster dialect
;;(haskell +dante) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
;;json ; At least it ain't XML
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
;;javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
;;latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
;;lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +roam2) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
;;python ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
;;yaml ; JSON, but readable
;;zig ; C, but simpler
:email
;;(mu4e +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
;;calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))

0
homes/palo/doom.d/packages.el Normal file
View file

12
homes/palo/git.nix
View file

@ -10,24 +10,16 @@ with pkgs;
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC"; key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true; signByDefault = true;
}; };
ignores = [ ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
extraConfig = { extraConfig = {
init.defaultBranch = "main"; init.defaultBranch = "main";
pull.ff = "only"; pull.ff = "only";
push.autoSetupRemote = true;
}; };
#diff-so-fancy.enable = true; #diff-so-fancy.enable = true;
difftastic.enable = true; difftastic.enable = true;
}; };
home.packages = [ home.packages = [
pre-commit pre-commit
gita gita

3
homes/palo/gpg.nix
View file

@ -12,7 +12,8 @@
keyserver = "keyserver.ubuntu.com"; keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512"; personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512"; cert-digest-algo = "SHA512";
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed"; default-preference-list =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
}; };
}; };

7
homes/palo/gui/alacritty.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with lib; with lib;
{ {

8
homes/palo/gui/kitty.nix
View file

@ -1,9 +1,4 @@
{ { lib, pkgs, config, ... }:
lib,
pkgs,
config,
...
}:
with lib; with lib;
{ {
@ -36,5 +31,6 @@ with lib;
}; };
}; };
}; };
} }

161
homes/palo/hyperland.nix Normal file
View file

@ -0,0 +1,161 @@
{ pkgs, ... }:
{
home.file.".config/hypr/hyperland.conf".text = ''
autogenerated = 1 # remove this line to remove the warning
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,auto
# Some default env vars.
env = XCURSOR_SIZE,24
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = no
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
gaps_in = 5
gaps_out = 20
border_size = 2
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
layout = dwindle
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
}
decoration {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
rounding = 10
blur {
enabled = true
size = 3
passes = 1
}
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = true
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
misc {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
device:epic-mouse-v1 {
sensitivity = -0.5
}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
$mainMod = SUPER
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, enter, exec, alacritty
bind = $mainMod, C, killactive,
bind = $mainMod, Q, exit,
bind = $mainMod, E, exec, dolphin
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, wofi --show drun
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
'';
}

57
homes/palo/i3.nix
View file

@ -1,20 +1,8 @@
{ { config, lib, pkgs, osConfig, ... }:
config,
lib,
pkgs,
osConfig,
...
}:
with lib; with lib;
let let
rofi = pkgs.rofi.override { rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
backgroundCommand = pkgs.writers.writeDash "background" '' backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \ ${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -55,7 +43,6 @@ in
pkgs.autorandr pkgs.autorandr
pkgs.polygon-art.polygon-art pkgs.polygon-art.polygon-art
pkgs.xdotool # needed for rofi-emoji pkgs.xdotool # needed for rofi-emoji
pkgs.xclicker # makes stuff much easier
]; ];
programs.i3status-rust = { programs.i3status-rust = {
@ -153,25 +140,21 @@ in
focus = { focus = {
followMouse = true; followMouse = true;
}; };
colors.focused = with config.lib.stylix.colors.withHashtag; { colors.focused =
with config.lib.stylix.colors.withHashtag;
{
# stylix color overrides # stylix color overrides
border = lib.mkForce base08; border = lib.mkForce base08;
background = lib.mkForce base0A; background = lib.mkForce base0A;
text = lib.mkForce base00; text = lib.mkForce base00;
}; };
startup = [ startup =
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; } [
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
{ command = toString backgroundCommand; always = true; }
{ {
command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; command = toString (pkgs.writers.writeDash "xsettings" ''
always = true;
}
{
command = toString backgroundCommand;
always = true;
}
{
command = toString (
pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X # to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost + ${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap # no shitty pcspkr crap
@ -179,15 +162,13 @@ in
# no sleeping monitor # no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms ${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off ${pkgs.xorg.xset}/bin/xset s off
'' '');
);
always = true; always = true;
} }
]; ];
bars = [ bars = [
( (config.lib.stylix.i3.bar //
config.lib.stylix.i3.bar {
// {
#mode = "hide"; #mode = "hide";
hiddenState = "hide"; hiddenState = "hide";
position = "top"; position = "top";
@ -207,16 +188,6 @@ in
in in
{ {
"Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/"; "Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
# --- Brightness controls --- #
"XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
# --- Pulse/Pipewire Audio controls --- #
"XF86AudioRaiseVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"${modifier}+Return" = "exec ${cfg.config.terminal}"; "${modifier}+Return" = "exec ${cfg.config.terminal}";
"${modifier}+Shift+q" = "exit"; "${modifier}+Shift+q" = "exit";
"${modifier}+q" = "kill"; "${modifier}+q" = "kill";

94
homes/palo/packages/development.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -20,47 +15,55 @@ with lib;
zed-editor zed-editor
minicom # for flipper zero
#jetbrains.mps #jetbrains.mps
#jetbrains.datagrip jetbrains.datagrip
# Rust # Rust
# ---- # ----
#jetbrains.rust-rover jetbrains.rust-rover
#gcc gcc
#rustup rustup
# Python # Python
# ------ # ------
jetbrains.pycharm-professional jetbrains.pycharm-professional
# planing
((ganttproject-bin.override {
jre = pkgs.openjdk11;
}).overrideAttrs (old: {
version = "3.1.3100";
src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
}))
# Pkl # Pkl
# --- # ---
# pkl (not working yet) # pkl (not working yet)
# terminal code to image/movie renderer # terminal code to image/movie renderer
asciinema
asciinema-agg
asciinema-scenario
carbon-now-cli
termtosvg
vhs vhs
carbon-now-cli
asciinema
asciinema-scenario
asciinema
#legacy_2311.blockdiag legacy_2311.blockdiag
# nomad # nomad
#nomad nomad
#vault vault
#consul consul
#wander wander
# terraform # terraform
terragrunt terragrunt
terraform terraform
terraform-docs terraform-docs
awscli2 awscli2
#packer packer
# documentation renderers # documentation renderers
mdbook mdbook
@ -69,17 +72,23 @@ with lib;
marp-cli # markdown to presentation framework marp-cli # markdown to presentation framework
# terminal recorder
asciinema
asciinema-agg
asciinema-scenario
termtosvg
#surrealist #surrealist
#surrealdb # fixme: not working because of rust update or something #surrealdb # fixme: not working because of rust update or something
boxes boxes
#nodePackages.prettier nodePackages.prettier
#shfmt shfmt
#black black
#pre-commit pre-commit
#nixpkgs-fmt nixpkgs-fmt
#treefmt treefmt
# python # python
python3Full python3Full
@ -92,8 +101,7 @@ with lib;
{ {
home.packages = home.packages =
let let
pandocScript = pandocScript = { inputFormat, outputFormat }:
{ inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" '' pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \ ${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \ --from ${inputFormat} \
@ -127,26 +135,10 @@ with lib;
${pkgs.less}/bin/less ${pkgs.less}/bin/less
'') '')
] ] ++ (map pandocScript (lib.cartesianProduct {
++ (map pandocScript ( inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
lib.cartesianProduct { outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
inputFormat = [ }));
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
} }
]; ];

20
homes/palo/packages/graphics.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -11,17 +6,15 @@ with lib;
home.packages = [ home.packages = [
#pureref pureref
valentina
gimp gimp
inkscape inkscape
imagemagick imagemagick
nsxiv
blender blender
lightburn lightburn
colorpicker
# to convert HEIC -> JPG
# heif-dec -q 92 <name>.HEIC
libheif
darktable
# CAD & 3D Plotting # CAD & 3D Plotting
openscad openscad
@ -30,9 +23,6 @@ with lib;
qrencode qrencode
xclicker
xdotool
]; ];
}; };

7
homes/palo/packages/logseq.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {

28
homes/palo/packages/media.nix
View file

@ -1,9 +1,5 @@
{ { pkgs, lib, config, ... }:
pkgs, with pkgs;
lib,
config,
...
}:
with lib; with lib;
{ {
@ -11,21 +7,25 @@ with lib;
(mkIf config.gui.enable { (mkIf config.gui.enable {
home.packages = [ home.packages = [
pkgs.freetube freetube
pkgs.vlc vlc
# music editors # music editors
# ============= # =============
pkgs.picard # musicbrainz editor picard # musicbrainz editor
pkgs.easytag #kid3-qt # id3 tag editor
pkgs.dconf easytag
dconf
pkgs.jellyfin-mpv-shim
]; ];
}) })
{ {
home.packages = [ ]; home.packages = [
# music editors
# =============
kid3-cli
];
} }
]; ];
} }

13
homes/palo/packages/nextcloud.nix
View file

@ -1,16 +1,10 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
let let
nextcloud-client = pkgs.legacy_2311.nextcloud-client; nextcloud-client = pkgs.legacy_2311.nextcloud-client;
nextcloudSync = nextcloudSync = folder:
folder:
let let
password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )"; password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
user = "palo"; user = "palo";
@ -22,7 +16,8 @@ let
"https://${user}:${password}@nextcloud.ingolf-wagner.de" "https://${user}:${password}@nextcloud.ingolf-wagner.de"
''; '';
borrow = pkgs.writers.writeDashBin "borrow" '' borrow = pkgs.writers.writeDashBin "borrow"
''
${getExe hledger-ui} \ ${getExe hledger-ui} \
--all \ --all \
--theme=terminal \ --theme=terminal \

12
homes/palo/packages/packages.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -13,6 +8,7 @@ with lib;
# ¯\_(ツ)_/¯ # ¯\_(ツ)_/¯
home.packages = [ home.packages = [
nixos-shell nixos-shell
# bluetooth gui # bluetooth gui
@ -51,10 +47,6 @@ with lib;
# office # office
pdfarranger pdfarranger
# sewing
#seamly2d
#valentina
]; ];
}; };

10
homes/palo/packages/social.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -13,8 +8,7 @@ with lib;
home.packages = [ home.packages = [
emoji-picker emoji-picker
signal-desktop signal-desktop
#legacy_2311.fluffychat legacy_2311.fluffychat
#fluffychat
]; ];
}; };

7
homes/palo/ssh.nix
View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }:
pkgs,
lib,
config,
...
}:
{ {
home.packages = [ pkgs.sshuttle ]; home.packages = [ pkgs.sshuttle ];

88
homes/palo/taskwarrior.nix
View file

@ -1,47 +1,93 @@
{ { config, pkgs, lib, ... }:
config,
pkgs,
lib,
...
}:
with lib; with lib;
with types; with types;
let let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
mkOption {
inherit example description default apply;
type = with lib.types;
let
valueType = nullOr
(oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "bool, int, float or str";
emptyValue.value = { };
};
in
valueType;
};
#taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
taskwarrior-tui = pkgs.taskwarrior-tui; taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
taskwarrior = pkgs.taskwarrior3;
in in
{ {
config = mkIf config.gui.enable { # bugwarrior (a bit fiddly)
imports = [{
bugwarrior.enable = true; options.bugwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
config = {
home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config;
# todo : before deleting this, put it in logseq
home.packages = [ home.packages = [
(pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop";
src = pkgs.fetchFromGitHub {
owner = "ralphbean";
repo = "bugwarrior";
rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1";
sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs=";
};
propagatedBuildInputs = old.propagatedBuildInputs ++ [
pkgs.legacy_2311.python3Packages.pydantic
pkgs.legacy_2311.python3Packages.tomli
pkgs.legacy_2311.python3Packages.email-validator
pkgs.legacy_2311.python3Packages.packaging
];
}))
];
};
pkgs.timewarrior }];
config = mkIf config.gui.enable {
home.packages = with pkgs;
[
taskwarrior taskwarrior
pkgs.tasksh
pkgs.taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${taskwarrior}/bin/task "$@"'')
pkgs.vit
taskwarrior-tui taskwarrior-tui
timewarrior
tasksh
taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
vit
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active") (pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo") (pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
(pkgs.writers.writeBashBin "calendar" '' (pkgs.writers.writeBashBin "calendar" ''
${taskwarrior}/bin/task calendar ${pkgs.taskwarrior}/bin/task calendar
${taskwarrior}/bin/task calendar_report ${pkgs.taskwarrior}/bin/task calendar_report
'') '')
# todo : belongs to calendar.nix # todo : belongs to calendar.nix
pkgs.vdirsyncer vdirsyncer
pkgs.khal khal
(pkgs.writers.writeBashBin "kalendar" '' (pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync ${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal ${pkgs.khal}/bin/ikhal

1
homes/root/default.nix
View file

@ -2,7 +2,6 @@
imports = [ imports = [
../common ../common
]; ];
gui.enable = false; gui.enable = false;
home.stateVersion = "22.11"; home.stateVersion = "22.11";

15
homes/tina/logseq.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -11,14 +6,10 @@ with lib;
home.packages = [ home.packages = [
logseq logseq
]; ];
home.file.".config/Logseq/Preferences".source = home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
(pkgs.formats.json { }).generate "LogseqPreferences.json"
{ {
spellcheck = { spellcheck = {
dictionaries = [ dictionaries = [ "en-US" "de-DE" ];
"en-US"
"de-DE"
];
dictionary = ""; dictionary = "";
}; };
}; };

10
homes/tina/packages.nix
View file

@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
with lib; with lib;
{ {
@ -30,7 +25,10 @@ with lib;
pdfarranger pdfarranger
calibre calibre
]; ];
}; };
} }

136
images/lib/remote-access.nix Normal file
View file

@ -0,0 +1,136 @@
{
# cat ~/.ssh/id_rsa.pub
publicSshKey ? ""
, # remote-install-get-hiddenReceiver
hiddenReceiver ? ""
,
}:
{ config, lib, pkgs, ... }: {
imports = [
{
# system setup
networking.hostName = "liveos";
users.extraUsers = {
root = { openssh.authorizedKeys.keys = [ publicSshKey ]; };
};
}
{
# installed packages
environment.systemPackages = with pkgs; [
#style
most
rxvt_unicode.terminfo
#monitoring tools
htop
iotop
#network
iptables
iftop
nmap
#stuff for dl
aria2
#neat utils
pciutils
psmisc
tmux
usbutils
git
#unpack stuff
p7zip
unzip
unrar
#data recovery
ddrescue
ntfs3g
dosfstools
];
}
{
# bash configuration
programs.bash = {
enableCompletion = true;
interactiveShellInit = ''
HISTCONTROL='erasedups:ignorespace'
HISTSIZE=65536
HISTFILESIZE=$HISTSIZE
shopt -s checkhash
shopt -s histappend histreedit histverify
shopt -s no_empty_cmd_completion
complete -d cd
'';
promptInit = ''
if test $UID = 0; then
PS1='\[\033[1;31m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
elif test $UID = 1337; then
PS1='\[\033[1;32m\]\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $PWD\007"'
else
PS1='\[\033[1;33m\]\u@\w\[\033[0m\] '
PROMPT_COMMAND='echo -ne "\033]0;$$ $USER@$PWD\007"'
fi
if test -n "$SSH_CLIENT"; then
PS1='\[\033[35m\]\h'" $PS1"
PROMPT_COMMAND='echo -ne "\033]0;$$ $HOSTNAME $USER@$PWD\007"'
fi
'';
};
}
{
# ssh configuration
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
}
{
# hidden ssh announce
config =
let
torDirectory = "/var/lib/tor";
hiddenServiceDir = torDirectory + "/onion/hidden-ssh";
in
{
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.hidden-ssh = {
version = 3;
map = [{
port = 22;
target.port = 22;
}];
};
};
systemd.services.hidden-ssh-announce = {
description = "irc announce hidden ssh";
after = [ "tor.service" "network-online.target" ];
wants = [ "tor.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = pkgs.writers.writeDash "irc-announce-ssh" ''
set -efu
until test -e ${hiddenServiceDir}/hostname; do
echo "still waiting for ${hiddenServiceDir}/hostname"
sleep 1
done
until ${pkgs.tor}/bin/torify ${pkgs.netcat-openbsd}/bin/nc -z ${hiddenReceiver} 1337; do sleep 1; done && \
echo "torify ssh root@$(cat ${hiddenServiceDir}/hostname) -i ~/.ssh/id_rsa" | ${pkgs.tor}/bin/torify ${pkgs.nmap}/bin/ncat ${hiddenReceiver} 1337
'';
PrivateTmp = "true";
User = "tor";
Type = "oneshot";
};
};
};
}
];
}

56
images/machine-init-configuration.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
"${builtins.fetchTarball "https://github.com/nix-community/disko/archive/master.tar.gz"}/module.nix"
(import ./disko-config.nix { })
];
networking.hostName = "nixos";
boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "4750e4b8";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmpOnTmpfs = true; # make /tmp a tmpfs (performance!)
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
environment.systemPackages = with pkgs; [
vim
wget
htop
silver-searcher
];
environment.extraInit = ''
# use vi shortcuts
# ----------------
set -o vi
EDITOR=vim
'';
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw== contact@ingolf-wagner.de" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

18
images/remote-install/README.md Normal file
View file

@ -0,0 +1,18 @@
# remote installation iso
- `./config.nix` : to generate the installation image
- `./remote-service.nix` : tor configuration you have to start on your machine.
## Steps
- import `./remote-service.nix` in your `/etc/nixos/configuration.nix`
- `nixos-rebuild switch`
- run `remote-install-get-hiddenReceiver` and enter the result in `./config.nix` as `hiddenReceiver`
- set the public key in `./config.nix`
- run `nixos-generate -f install-iso -c ./config.nix`
- prepare the usb stick : `sudo if=<path of the iso> of=/dev/<device> bs=4096`
- boot the usb-stick at the new machine
- run `remote-install-start-service`
- after some time you will see a you can use to login to the new machine.
Now you can do the normal installations procedure.

Some files were not shown because too many files have changed in this diff Show more