palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Actions Projects Releases Wiki Activity

Compare commits

merge into: palo:refactor/component/ssh
Branches Tags
palo:main
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works
...
pull from: palo:main
Branches Tags
palo:main
palo:update
palo:refactor/component/ssh
palo:orbi-ssh-unlock-works

130 commits
refactor/c ... main

Author SHA1 Message Date
Ingolf Wagner 2f769675fd
📝 add a comment
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 1h58m53s
Details
2024-09-17 08:44:54 +07:00
Ingolf Wagner a5a36ce5c8
Add Volume Commands to i3
Some checks are pending
Build all NixOS Configurations / nix build (push) Waiting to run
Details
2024-09-17 07:40:53 +07:00
Ingolf Wagner eea3ddf0cf
♻️ minor refactoring
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m31s
Details
2024-09-16 08:58:27 +07:00
Ingolf Wagner 62315ee2c2
📝 update module documentation
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-16 08:53:03 +07:00
Ingolf Wagner e43f4514bc
create verify.http options
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m40s
Details
2024-09-16 07:06:03 +07:00
Ingolf Wagner c584bb39ce
add service-taskchampion verify test
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m17s
Details
2024-09-16 06:36:08 +07:00
Forgejo Action :robot e62d841524 ⬆️ nix flake update 2024-09-15 08:43:38 +02:00
Ingolf Wagner d0a34454d4
add some more smoke tests.
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 3h2m38s
Details
2024-09-15 09:11:25 +07:00
Ingolf Wagner 743a9fc885
add some smoke tests.
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-15 07:22:02 +07:00
Ingolf Wagner a52e1b39a0
🚚 get rid of modules/default.nix in verify flake module
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-15 07:08:05 +07:00
Ingolf Wagner 614a1d8e37
add local command to verify
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-15 07:04:59 +07:00
Ingolf Wagner 7e8c3d41c9
🚸 improve verify flake
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-15 06:09:53 +07:00
Ingolf Wagner c264db7f13
📝 add documentation to verify flake module
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 12m28s
Details
2024-09-15 05:31:47 +07:00
Ingolf Wagner 577003f607
🚑 enable zfs auto snapshots again 2024-09-15 05:29:33 +07:00
Ingolf Wagner 267b8d73a0
⬆️ nix flake update
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 30m53s
Details
2024-09-15 04:53:32 +07:00
Ingolf Wagner e5f1729bdc
🔧 enable push.autoSetupRemote 2024-09-15 04:48:47 +07:00
Ingolf Wagner c53b563565
🔧 disable samba share because it has a new way to configure
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 10s
Details
2024-09-14 16:49:09 +07:00
Ingolf Wagner 8279af8370
🔧 use photoprism thumb unchached default
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 17s
Details
2024-09-14 08:52:00 +07:00
Ingolf Wagner 70aba78c06
♻️ refactor samba.extraConfig 2024-09-14 08:51:15 +07:00
Ingolf Wagner c42e7e669a
add counter to autoclicker script
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m34s
Details
2024-09-14 08:16:28 +07:00
Ingolf Wagner 9afb53585b
add autoclicker script
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 13m26s
Details
2024-09-14 07:51:31 +07:00
Ingolf Wagner 31d674132b
verify closed ports script kinda works now.
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 13m25s
Details
2024-09-14 07:09:41 +07:00
Ingolf Wagner 4c1a3ef72f
♻️ refactor the options interface 2024-09-14 06:02:32 +07:00
Ingolf Wagner f49730a0a9
🚚 renaming
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m42s
Details
2024-09-13 14:36:17 +07:00
Ingolf Wagner 7ef34db19b
🚧 poc of rustscan script generator
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-13 14:32:10 +07:00
Ingolf Wagner e795a3bed9
🚑 don't use nextcloud deck for now, because of https://github.com/GothenburgBitFactory/bugwarrior/issues/1062
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m20s
Details
2024-09-13 11:37:46 +07:00
Forgejo Action :robot a6284e6509 ⬆️ nix flake update 2024-09-11 08:40:48 +02:00
Ingolf Wagner 1d044521e8
🚧 use nextcloud deck with bugwarrior
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 13m24s
Details
2024-09-11 10:36:15 +07:00
Ingolf Wagner 84a6dd2c8f
🔧 cache.orbi.wg0: 10 -> 50 2024-09-11 10:36:14 +07:00
Forgejo Action :robot abe153cdce ⬆️ nix flake update 2024-09-08 08:41:53 +02:00
Ingolf Wagner 488a63db26
🚧 taskwarrior-webui as podman container but not working as expected
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m34s
Details
2024-09-08 11:29:49 +07:00
Ingolf Wagner 3a72b901b3
🔧 brightness configuration 2024-09-08 11:29:48 +07:00
Ingolf Wagner 347acf7e6e
🚧 working on taskwarrior-webui 
It can't use wireguard to access stuff, so we will put it on orbi behind an nginx
 2024-09-08 11:29:47 +07:00
Ingolf Wagner 903e963d05
🚑 hotfix bugwarrior by introducing bugwarrior-sync 2024-09-08 11:29:46 +07:00
Ingolf Wagner 9aa5e1ef09
📦 update bugwarrior package 2024-09-08 11:29:45 +07:00
Forgejo Action :robot 7402e5ad5e ⬆️ nix flake update 2024-09-06 08:43:33 +02:00
Ingolf Wagner f670c2af5f
🚚 rename services to service on chungus
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m17s
Details
2024-09-05 09:31:08 +07:00
Ingolf Wagner 5655847c08
📦 bump bugwarrior 2024-09-05 09:29:48 +07:00
Ingolf Wagner 7f27ccd07c
🚚 extract bugwarrior to packages 2024-09-05 09:21:16 +07:00
Ingolf Wagner 0e5387dfc0
🔧 remove hyperland from stylix
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m49s
Details
2024-09-04 16:51:59 +07:00
Ingolf Wagner 51e3d8df22
📦 add network packages
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m13s
Details
2024-09-04 16:32:40 +07:00
Ingolf Wagner ae3a14f5fa
🔧 add jellyfin-mpv-shim
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m32s
Details
2024-09-04 07:57:18 +07:00
Ingolf Wagner 394790bf0e
💄 nix fmt
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 16m37s
Details
2024-09-03 18:21:26 +07:00
Ingolf Wagner e619cc2dab
🔧 migrate to taskwarrior 3
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-09-03 18:20:29 +07:00
Ingolf Wagner c03727fd80
🔥 delete emacs 2024-09-03 18:19:24 +07:00
Ingolf Wagner 485cdfe116
add etags
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m34s
Details
2024-09-01 21:23:00 +07:00
Ingolf Wagner ad35b322c5
🐛 fix insecure packages error
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m34s
Details
2024-09-01 19:32:28 +07:00
Ingolf Wagner 96c388bbac
🔧 add some topology information
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m34s
Details
2024-08-31 23:29:18 +07:00
Forgejo Action :robot 229eff0d63 ⬆️ nix flake update 2024-08-31 08:45:44 +02:00
Ingolf Wagner 8da0bbc3ef
🔧 add some topology information
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 19m3s
Details
2024-08-31 08:33:28 +07:00
Forgejo Action :robot 3833b870dd ⬆️ nix flake update 2024-08-30 14:41:05 +02:00
Ingolf Wagner 1564bd8d72
🔧 add some topology information
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m0s
Details
2024-08-30 17:34:57 +07:00
Ingolf Wagner 55c2e14337
🔧 configure nsxiv 2024-08-30 16:32:00 +07:00
Ingolf Wagner ee13d7fa82
add nix run .#topology
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m11s
Details
2024-08-30 14:18:51 +07:00
Forgejo Action :robot 2f3a6ba574 ⬆️ nix flake update 2024-08-30 08:42:09 +02:00
Ingolf Wagner f7ac29e2fa
add nix-topology
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m5s
Details
2024-08-30 08:50:04 +07:00
Ingolf Wagner 71f9225dc6
♻️ refactored flake.nix inputs to easily sort them 2024-08-30 08:50:03 +07:00
Ingolf Wagner aed3dbd602
🚚 private_assets -> private-parts
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m30s
Details
2024-08-30 07:31:06 +07:00
Ingolf Wagner d1c9241245
♻️ move pkgs to nix/packages 2024-08-30 07:31:05 +07:00
Ingolf Wagner db2187a2e7
♻️ migrated pkgs to flake-parts 2024-08-30 07:31:05 +07:00
Forgejo Action :robot 09d8f33a01 ⬆️ nix flake update 2024-08-29 20:49:24 +02:00
Ingolf Wagner 0f42a99288
🎨 nix fmt
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m49s
Details
2024-08-29 13:22:51 +07:00
Ingolf Wagner 32e0eacffa
🔧 update formatter.nix 2024-08-29 13:22:29 +07:00
Ingolf Wagner 7a6510a4e6
nix fmt
Some checks are pending
Build all NixOS Configurations / nix build (push) Waiting to run
Details
2024-08-29 08:26:04 +07:00
Ingolf Wagner 200063fcb1
introduce treefmt-nix 2024-08-29 08:25:41 +07:00
Ingolf Wagner 2bc86a4912
improve syncthing.nix
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m11s
Details
2024-08-29 08:06:27 +07:00
Forgejo Action :robot 4c647291bc ⬆️ nix flake update 2024-08-28 08:42:30 +02:00
Ingolf Wagner 2758c873bb
made oh-my-posh look nice
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m27s
Details
2024-08-28 09:47:09 +07:00
Ingolf Wagner a48aa680a4
clean up private_assets
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m10s
Details
2024-08-28 06:02:37 +07:00
Ingolf Wagner 581d41238c
fix timezone 2024-08-28 06:01:56 +07:00
Ingolf Wagner 4489b24659
fix timezones
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 3m25s
Details
2024-08-28 05:37:18 +07:00
Forgejo Action :robot 167875c1fc ⬆️ nix flake update 2024-08-27 21:06:57 +02:00
Ingolf Wagner c4bd159888
configure photoprism
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m10s
Details
2024-08-27 17:03:22 +02:00
Ingolf Wagner 0430d97d24
fix clan core update
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m16s
Details
2024-08-27 15:30:09 +02:00
Ingolf Wagner ffc8bcafa7
remove sternchen
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m17s
Details
2024-08-27 11:31:25 +02:00
Ingolf Wagner 0209b7ca42
remove overviewer
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m15s
Details
2024-08-27 09:43:40 +02:00
Ingolf Wagner 644705cdb2
no need for clanDir it breaks stuff
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m0s
Details
2024-08-27 09:17:23 +02:00
Ingolf Wagner ec2a51c514
set clanDir manually
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 15s
Details
2024-08-27 07:30:02 +02:00
Ingolf Wagner 2e9bf75dab
don't use sternchen anymore
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m5s
Details
2024-08-27 05:17:18 +02:00
Ingolf Wagner 47f717392a
comment photoprism
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 15m9s
Details
2024-08-26 17:58:19 +02:00
Forgejo Action :robot d0ff322489 ⬆️ nix flake update 2024-08-23 20:44:13 +02:00
Ingolf Wagner 8879a739b6
fix photoprism
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m55s
Details
2024-08-23 17:02:48 +02:00
Forgejo Action :robot a2a7763b47 ⬆️ nix flake update 2024-08-23 09:18:02 +02:00
Ingolf Wagner bc595a1198
fiddeling with photoprism
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 13m34s
Details
2024-08-23 07:51:07 +02:00
Ingolf Wagner b04dd0738b
update
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 20m59s
Details
2024-08-23 06:40:05 +02:00
Ingolf Wagner 1cdd13956b
update 2024-08-23 06:39:17 +02:00
Ingolf Wagner e50d61faf4
increase update attempt rate. 2024-08-22 22:14:58 +02:00
Ingolf Wagner 11871fc506
update
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m8s
Details
2024-08-18 13:38:02 +02:00
Ingolf Wagner 8f6fa5939b
fix opengl
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m3s
Details
2024-08-17 19:01:35 +02:00
Ingolf Wagner ee4d9bcc4f
fix typo 2024-08-17 19:00:59 +02:00
Ingolf Wagner ac30776e4c
update
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 15m25s
Details
2024-08-16 23:07:02 +02:00
Forgejo Action :robot 22a49f5599 ⬆️ nix flake update 2024-08-15 03:13:29 +02:00
Ingolf Wagner 8cdd63bdcc
fix sternchen
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 16m29s
Details
2024-08-14 16:57:40 +02:00
Ingolf Wagner 33d716ea6b
vim for everybody as default
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 14s
Details
2024-08-14 16:43:55 +02:00
Ingolf Wagner aed8c552ba
update yubikey-image.nix 2024-08-14 11:24:08 +02:00
Ingolf Wagner 96ee5a488e
update
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 9s
Details
2024-08-13 13:21:55 +02:00
Ingolf Wagner eec51b58b3
update
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 8s
Details
2024-08-12 01:42:31 +02:00
Ingolf Wagner 161486b887
fix fonts and oh-my-posh
Some checks failed
Build all NixOS Configurations / nix build (push) Failing after 6s
Details
2024-08-11 21:09:53 +02:00
Ingolf Wagner 29e3213e4b
create virtualisation component.
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 15m3s
Details
2024-08-11 14:46:03 +02:00
Ingolf Wagner 7e1e13e897
enable virtualbox
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 13m59s
Details
2024-08-11 11:35:04 +02:00
Forgejo Action :robot 53187fb603 ⬆️ nix flake update 2024-08-11 03:03:25 +02:00
Ingolf Wagner 800045c1c5
working on usbstick
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 13m3s
Details
2024-08-11 00:02:35 +02:00
Ingolf Wagner 77459df69c
Update facts/secrets for service zerotier in machine usbstick 2024-08-11 00:02:34 +02:00
Forgejo Action :robot 7e2c61ad88 ⬆️ nix flake update 2024-08-10 02:42:26 +02:00
Ingolf Wagner 50688f4500
use gui on usbstick
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m22s
Details
2024-08-09 16:27:15 +02:00
Ingolf Wagner 4f6924d5d7
give access to wg0 in usbstick
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 14m55s
Details
2024-08-09 16:07:11 +02:00
Ingolf Wagner b24094155a
Update facts/secrets for service wireguard_ip in machine usbstick 2024-08-09 15:47:09 +02:00
Ingolf Wagner 1447d96b43
Update facts/secrets for service wireguard in machine usbstick 2024-08-09 15:47:08 +02:00
Ingolf Wagner 848eccb959
made usbstick work again
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m19s
Details
2024-08-09 02:45:22 +02:00
Ingolf Wagner 569d891a7e
Update facts/secrets for service zerotier in machine usbstick 2024-08-09 02:45:21 +02:00
Ingolf Wagner 7a4f203752
Update facts/secrets for service openssh in machine usbstick 2024-08-09 02:45:20 +02:00
Ingolf Wagner efd451e180
Update facts/secrets for service syncthing in machine usbstick 2024-08-09 02:45:19 +02:00
Ingolf Wagner 3fa5c09a62
make usbsticks work again 2024-08-09 02:45:18 +02:00
Forgejo Action :robot 9cdfeba305 ⬆️ nix flake update 2024-08-09 02:40:30 +02:00
Ingolf Wagner 0780abb35d
fix tor unlock for chungus
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m6s
Details
2024-08-08 21:19:42 +02:00
Ingolf Wagner 1b9105f158
initrd.systemd: disable emergency mode
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m3s
Details 
we disable emergency mode in systemd, but if systemd is enabled during boot we still end up in emergency mode eventually, this will fix that.
 2024-08-08 19:47:00 +02:00
Ingolf Wagner 26aaec9101
fixing fail2ban and set up ssh + tor on chungus
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m39s
Details
2024-08-08 19:25:19 +02:00
Ingolf Wagner cc5d655ef7
cleanup
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 11m26s
Details
2024-08-08 17:30:08 +02:00
Ingolf Wagner e471c24d93
cleanup
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 10m14s
Details
2024-08-08 17:05:09 +02:00
Ingolf Wagner 509f283924
introduced features
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m31s
Details
2024-08-08 16:39:50 +02:00
Ingolf Wagner 40e5456517
delete buildbot
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m43s
Details
2024-08-08 15:59:15 +02:00
Ingolf Wagner 060261dc90
Update facts/secrets for service boot.ssh in machine chungus
Some checks failed
Build all NixOS Configurations / nix build (push) Has been cancelled
Details
2024-08-08 15:48:27 +02:00
Forgejo Action :robot 69bbf19f91 ⬆️ nix flake update 2024-08-08 02:57:24 +02:00
Ingolf Wagner 8327f1860d
made tor work
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 12m28s
Details
2024-08-08 01:12:10 +02:00
Ingolf Wagner f411567ad6
refactor hardware/hetzner.nix
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m21s
Details
2024-08-08 00:14:52 +02:00
Ingolf Wagner ca0e7382a3
use cache.orbi.wg0 again
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m31s
Details
2024-08-07 23:08:28 +02:00
Ingolf Wagner 9b7ff29143
refactor
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 9m45s
Details
2024-08-07 22:03:11 +02:00
Ingolf Wagner 4f6ed530db
Update facts/secrets for service boot.ssh in machine orbi 2024-08-07 21:52:03 +02:00
Ingolf Wagner 2b9062e1f1
refactor 2024-08-07 21:51:43 +02:00
Ingolf Wagner d5f1ef4af6
extract nixos.boot.ssh and set up probe
All checks were successful
Build all NixOS Configurations / nix build (push) Successful in 7m44s
Details
2024-08-07 21:39:32 +02:00
258 changed files with 5840 additions and 3430 deletions
Show stats Expand all files Collapse all files

16
.forgejo/workflows/nix_build.yaml
View file

@ -1,18 +1,15 @@
name: Build all NixOS Configurations
on:
push:
branches:
- "**"
schedule:
- cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
jobs:
nix build:
runs-on: native
steps:
- uses: actions/checkout@v4
- name: update nix flakes
if: ${{ github.event_name == 'schedule' }}
# we need to use our ssh key here because we need access to private flakes
@ -30,7 +27,6 @@ jobs:
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix flake archive/check
# we need to use our ssh key here because we need access to private flakes
run: |
@ -48,22 +44,16 @@ jobs:
echo $SSH_AGENT_PID
kill $SSH_AGENT_PID
rm .ssh_key
- name: nix build orbi
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
- name: nix build cream
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
- name: nix build cherry
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
- name: nix build chungus
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
- name: nix build sternchen
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
- name: nix build usbstick
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
- name: commit & push
if: ${{ github.event_name == 'schedule' }}
# only if all nix builds are fine we update our branch

6
components/README.md
View file

@ -1,6 +1,8 @@
# components concept
- components are kinda opinionated.
- should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
- `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- should be project agnostic (e.g.: configure bugwarrior via options but leave
specifics out).
- `component.<toplevel>.enabled` should usually be the default for all it
subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
- But default should make sense here!

7
components/chaospott.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{

2
components/default.nix
View file

@ -10,8 +10,8 @@
./nixos
./terminal
./timezone.nix
./virtualisation
./yubikey.nix
];
}

7
components/gui/audio.nix
View file

@ -1,5 +1,10 @@
# TODO test `alsactl init` after suspend to reinit mic
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.gui.audio.enable = mkOption {

9
components/gui/browser.nix
View file

@ -34,50 +34,59 @@ in
home = "${homeFolder}/development-browser";
homeBackup = "${backupFolder}/development-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
google = {
home = "${homeFolder}/google-browser";
homeBackup = "${backupFolder}/google-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
finance = {
home = "${homeFolder}/finance-browser";
homeBackup = "${backupFolder}/finance-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
facebook = {
home = "${homeFolder}/facebook-browser";
homeBackup = "${backupFolder}/facebook-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
shopping = {
home = "${homeFolder}/shopping-browser";
homeBackup = "${backupFolder}/shopping-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
jobrad = {
browserType = "chrome";
home = "${homeFolder}/jobrad-chrome";
homeBackup = "${backupFolder}/jobrad-chrome";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
firefox-tmp = {
browserType = "firefox";
home = "${homeFolder}/firefox-tmp";
homeBackup = "${backupFolder}/firefox-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
chromium-tmp = {
browserType = "chrome";
home = "${homeFolder}/chromium-tmp";
homeBackup = "${backupFolder}/chrome-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
google-tmp = {
browserType = "google";
home = "${homeFolder}/google-tmp";
homeBackup = "${backupFolder}google-tmp-browser";
gpu = false;
sudoUsers = [ config.users.users.mainUser.name ];
};
};

8
components/gui/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
{
options.components.gui = {
@ -10,7 +15,6 @@ with lib;
./audio.nix
./browser.nix
./cups.nix
./fonts.nix
./home-manager
./kmonad.nix
#./noti.nix # todo: make this different (use password store and such)

36
components/gui/fonts.nix
View file

@ -1,36 +0,0 @@
{ pkgs, config, lib, ... }:
with lib;
{
options.components.gui.style.enable = mkOption {
type = lib.types.bool;
default = config.components.gui.enable;
};
config = mkIf (config.components.gui.style.enable) {
fonts.packages = with pkgs; [
corefonts
hasklig
inconsolata
source-code-pro
symbola
ubuntu_font_family
# symbol fonts
# ------------
nerdfonts
powerline-fonts
font-awesome
fira-code-symbols
jetbrains-mono
# shell font
# ----------
terminus_font
gohufont
];
};
}

7
components/gui/home-manager/default.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
{

25
components/gui/kmonad.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
options.components.gui.kmonad.enable = lib.mkOption {
@ -79,9 +84,21 @@
in
{
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
"lctl"
"lmet"
"lalt"
];
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
"lctl"
"lmet"
"lalt"
];
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
"lctl"
"lmet"
"lalt"
];
};
};
};

7
components/gui/noti.nix
View file

@ -1,6 +1,11 @@
# notify me when a command is finished
# todo : secret managment is shit
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.noti.enable = mkOption {

14
components/gui/pass.nix
View file

@ -1,11 +1,17 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
# desktop file
# ------------
# makes it possible to be used by other programs
desktopFile = name: bin:
desktopFile =
name: bin:
pkgs.writeTextFile {
name = "${name}.desktop";
destination = "/share/applications/${name}.desktop";
@ -34,7 +40,9 @@ in
environment.systemPackages = [
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
# todo : use upstream desktop file creator
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
(desktopFile "passmenu" "${
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
}/bin/passmenu --type -l 10")
pkgs.otpmenu

14
components/gui/steam.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.steam.enable = mkOption {
@ -22,7 +27,12 @@ with lib;
isSystemUser = true;
home = "/home/steam";
createHome = true;
extraGroups = [ "audio" "input" "video" "pipewire" ];
extraGroups = [
"audio"
"input"
"video"
"pipewire"
];
group = "steam";
shell = pkgs.bashInteractive;
};

17
components/gui/suspend.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.gui.suspend.enable = mkOption {
@ -13,13 +18,11 @@ with lib;
requiredBy = [ "sleep.target" ];
environment =
let
display =
if (config.services.xserver.display != null) then
config.services.xserver.display
else
0;
display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
in
{ DISPLAY = ":${toString display}"; };
{
DISPLAY = ":${toString display}";
};
script = ''
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
sleep 1

7
components/gui/vscode.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.vscode.enable = mkOption {

13
components/gui/wayland.nix
View file

@ -1,13 +1,18 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.gui.wayland.enable = mkOption {
type = lib.types.bool;
default = ! config.components.gui.xorg.enable;
default = !config.components.gui.xorg.enable;
};
config = mkIf config.components.gui.wayland.enable {
programs.hyprland.enable = true;
config = mkIf (config.components.gui.wayland.enable && config.components.gui.enable) {
programs.sway.enable = false;
};
}

10
components/gui/xorg/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
@ -9,7 +14,7 @@ with lib;
default = config.components.gui.enable;
};
config = mkIf config.components.gui.xorg.enable {
config = mkIf (config.components.gui.xorg.enable && config.components.gui.enable) {
# system.custom.fonts.enable = true;
services.displayManager = {
@ -78,4 +83,3 @@ with lib;
};
}

7
components/gui/xorg/xlock.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
with lib;
let

30
components/mainUser.nix
View file

@ -1,18 +1,20 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
cfg = config.components.mainUser;
dockerGroup =
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
# todo : use optionalList
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
vboxGroup =
if (config.virtualisation.virtualbox.host.enable) then
[ "vboxusers" ]
else
[ ];
# todo : use optionalList
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
in
{
@ -71,8 +73,16 @@ in
uid = cfg.uid;
home = "/home/${cfg.userName}";
initialPassword = cfg.userName;
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
extraGroups = [
"wheel"
"networkmanager"
"transmission"
"wireshark"
"audio"
"pipewire"
"input"
"dialout"
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
group = config.users.groups.mainUser.name;
};

7
components/media/icecast.nix
View file

@ -4,7 +4,12 @@
# * connect via mixxx to it.
# * add the podcast to mpd in the same network
# --------------------------------------------------
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let

7
components/media/tts.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{

104
components/media/video.nix
View file

@ -1,31 +1,35 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
let
obs-cmd = pkgs.rustPlatform.buildRustPackage
rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
pname = "obs-cmd";
version = "v0.15.2";
src = pkgs.fetchFromGitHub {
owner = "grigio";
repo = "obs-cmd";
rev = version;
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
};
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
#cargoSha256 = fakeSha256;
meta = with lib; {
description = "a minimal obs CLI for obs-websocket v5";
homepage = "https://github.com/grigio/obs-cmd";
license = licenses.mit;
maintainers = [ maintainers.mrVanDalo ];
platforms = platforms.all;
};
};
# Lassulus streaming setup
# -------------------------
# ffmpeg \
@ -53,7 +57,12 @@ let
name = "screen-keys";
paths =
let
screenKeyScript = { position ? "bottom", size ? "small", ... }:
screenKeyScript =
{
position ? "bottom",
size ? "small",
...
}:
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
''
${pkgs.screenkey}/bin/screenkey \
@ -65,27 +74,41 @@ let
"$@"
'';
in
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
lib.flip map [ "top" "center" "bottom" ]
(position: screenKeyScript { inherit size position; })));
lib.flatten (
lib.flip map
[
"large"
"small"
"medium"
]
(
size:
lib.flip map [
"top"
"center"
"bottom"
] (position: screenKeyScript { inherit size position; })
)
);
};
mpvReview =
let
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
moveToDir =
key: dir:
pkgs.writeText "move-with-${key}.lua" ''
tmp_dir = "${dir}"
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
function move_current_track_${key}()
track = mp.get_property("path")
os.execute("mkdir -p '" .. tmp_dir .. "'")
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
print("moved '" .. track .. "' to " .. tmp_dir)
mp.command("playlist-next")
end
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
'';
delete = moveToDir "D" "./.graveyard";
good = moveToDir "G" "./.good";
in
@ -110,7 +133,6 @@ in
config = mkIf (config.components.media.video.enable) {
home-manager.sharedModules = [
{
programs.obs-studio = {
@ -123,7 +145,6 @@ in
}
];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
@ -137,7 +158,6 @@ in
alphaSafe
sanitizeFolder
# obs studio stuff
obs-cli
v4l-utils
@ -154,8 +174,6 @@ in
handbrake
ffmpeg-full
];
};
}

71
components/monitor/logs-promtail.nix
View file

@ -33,7 +33,7 @@ in
services.promtail = {
enable = true;
configuration = {
server. disable = true;
server.disable = true;
positions.filename = "/var/cache/promtail/positions.yaml";
clients = [
@ -49,7 +49,15 @@ in
_end = ''{{ end }}'';
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
ifblock = index: replacement: "${_if index}${_replace index replacement}";
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
createTemplateLine =
list:
"${
concatStrings (
imap0 (
index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement
) list
)
}${_end}";
in
[
{
@ -117,36 +125,35 @@ in
}
{
# Map facility to human readable
template =
{
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
template = {
source = "facility_label";
template = createTemplateLine [
"kern" # Kernel messages
"user" # User-level messages
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
"daemon" # System daemons All daemons, including systemd and its subsystems
"auth" # Security/authorization messages Also watch for different facility 10
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
"lpr" # Line printer subsystem (archaic subsystem)
"news" # Network news subsystem (archaic subsystem)
"uucp" # UUCP subsystem (archaic subsystem)
"clock" # Clock daemon systemd-timesyncd
"authpriv" # Security/authorization messages Also watch for different facility 4
"ftp" # FTP daemon
"-" # NTP subsystem
"-" # Log audit
"-" # Log alert
"cron" # Scheduling daemon
"local0" # Local use 0 (local0)
"local1" # Local use 1 (local1)
"local2" # Local use 2 (local2)
"local3" # Local use 3 (local3)
"local4" # Local use 4 (local4)
"local5" # Local use 5 (local5)
"local6" # Local use 6 (local6)
"local7" # Local use 7 (local7)
];
};
}
{
# Key is REQUIRED and the name for the label that will be created.

15
components/monitor/metrics-export-zfs.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
with types;
{
@ -18,9 +23,11 @@ with types;
{
job_name = "zfs";
scrape_interval = "10s";
static_configs = [{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}];
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
}
];
}
];
service.pipelines.metrics.receivers = [ "prometheus" ];

9
components/monitor/metrics-netdata.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
with lib;
with types;
{
@ -18,7 +23,7 @@ with types;
scrape_interval = "10s";
metrics_path = "/api/v1/allmetrics";
params.format = [ "prometheus" ];
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
static_configs = [ { targets = [ "127.0.0.1:19999" ]; } ];
}
];

2
components/monitor/metrics-prometheus.nix
View file

@ -36,7 +36,7 @@ in
job_name = "opentelemetry";
metrics_path = "/metrics";
scrape_interval = "10s";
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ];
}
];
})

13
components/monitor/metrics-telegraf.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
@ -24,7 +29,9 @@ in
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
service.pipelines.metrics.receivers = [ "influxdb" ];
};
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [
"http://127.0.0.1:${toString cfg.influxDBPort}"
];
})
(mkIf config.components.monitor.telegraf.enable {
@ -41,7 +48,7 @@ in
processes = { };
system = { };
systemd_units = { };
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
ping = [ { urls = [ "10.100.0.1" ]; } ]; # actually important to make machine visible over wireguard
};
};
};

65
components/monitor/opentelemetry.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
with types;
let
@ -22,7 +27,10 @@ in
description = "endpoint to ship opentelementry data too";
};
exporter.debug = mkOption {
type = nullOr (enum [ "logs" "metrics" ]);
type = nullOr (enum [
"logs"
"metrics"
]);
default = null;
description = "enable debug exporter.";
};
@ -61,11 +69,13 @@ in
include = ".*";
match_type = "regexp";
action = "update";
operations = [{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}];
operations = [
{
action = "add_label";
new_label = "machine";
new_value = config.networking.hostName;
}
];
}
];
};
@ -85,7 +95,6 @@ in
};
})
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
services.opentelemetry-collector.settings = {
exporters.debug = {
@ -111,24 +120,26 @@ in
})
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.logs.enable
config.components.monitor.opentelemetry.exporter.endpoint != null
&& config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.exporters = [ "otlp" ];
};
})
}
)
(mkIf
(
config.components.monitor.opentelemetry.exporter.endpoint != null &&
config.components.monitor.metrics.enable
config.components.monitor.opentelemetry.exporter.endpoint != null
&& config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.exporters = [ "otlp" ];
};
})
}
)
# ship from other instance
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
@ -138,26 +149,26 @@ in
})
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.logs.enable
config.components.monitor.opentelemetry.receiver.endpoint != null
&& config.components.monitor.logs.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.logs.receivers = [ "otlp" ];
};
})
}
)
(mkIf
(
config.components.monitor.opentelemetry.receiver.endpoint != null &&
config.components.monitor.metrics.enable
config.components.monitor.opentelemetry.receiver.endpoint != null
&& config.components.monitor.metrics.enable
)
{
services.opentelemetry-collector.settings = {
service.pipelines.metrics.receivers = [ "otlp" ];
};
})
}
)
# scrape opentelemetry-colectors metrics
# todo: this should be collected another way (opentelemetry internal?)
@ -169,9 +180,11 @@ in
{
job_name = "otelcol";
scrape_interval = "10s";
static_configs = [{
targets = [ cfg.metrics.endpoint ];
}];
static_configs = [
{
targets = [ cfg.metrics.endpoint ];
}
];
metric_relabel_configs = [
{
source_labels = [ "__name__" ];
@ -195,7 +208,7 @@ in
};
})
(mkIf (! config.components.monitor.metrics.enable) {
(mkIf (!config.components.monitor.metrics.enable) {
services.opentelemetry-collector.settings = {
service.telemetry.metrics.level = "none";
};

1
components/network/default.nix
View file

@ -11,7 +11,6 @@ with types;
imports = [
#./avahi.nix
./fail2ban.nix
./hosts.nix
./nginx.nix
./sshd

59
components/network/nginx.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, assets, ... }:
{
config,
lib,
pkgs,
assets,
...
}:
with lib;
{
options.components.network.nginx.enable = mkOption {
@ -16,8 +22,13 @@ with lib;
environment.systemPackages = [
pkgs.nginx-config-formatter
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
(lib.fileContents "${assets}/nginx-show-config.py"))
(pkgs.writers.writePython3Bin "nginx-show-config" {
flakeIgnore = [
"E265"
"E225"
"W292"
];
} (lib.fileContents "${assets}/nginx-show-config.py"))
];
security.acme.defaults.email = "contact@ingolf-wagner.de";
@ -85,7 +96,11 @@ with lib;
root = pkgs.landingpage.override {
jsonConfig =
let
entry = { machine, items ? [ ] }:
entry =
{
machine,
items ? [ ],
}:
{
text = machine;
items = [
@ -174,14 +189,12 @@ with lib;
{
label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects";
image =
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
}
{
label = "Cups";
href = "http://localhost:631/";
image =
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
}
];
}
@ -191,52 +204,42 @@ with lib;
{
label = "NixOS Manual";
href = "https://nixos.org/nixos/manual/";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "Nixpkgs Manual";
href = "https://nixos.org/nixpkgs/manual/";
image =
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
}
{
label = "NixOS Reference";
href =
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "Nix Packages";
href = "https://nixos.org/nixos/packages.html";
image =
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
}
{
label = "NixOS Language specific helpers";
href =
"https://nixos.wiki/wiki/Language-specific_package_helpers";
image =
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
}
{
label = "NixOS Weekly";
href = "https://weekly.nixos.org/";
image =
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
}
{
label = "NixOS Security";
href = "https://broken.sh/";
image =
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
}
{
label = "NixOS RFCs";
href = "https://github.com/NixOS/rfcs/";
image =
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
}
];
}

22
components/network/sshd/default.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, assets, ... }:
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
let
@ -6,12 +12,10 @@ let
cfg = config.components.network.sshd;
# maybe ascii-image-converter is also nice here
sshBanner = pkgs.runCommand "ssh-banner"
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
'';
in
{
@ -31,10 +35,6 @@ in
default = [ ];
description = "keys to root login";
};
sshguard.enable = mkOption {
type = bool;
default = config.components.network.sshd.enable;
};
onlyTincAccess = mkOption {
type = bool;
default = false;
@ -71,12 +71,6 @@ in
})
(mkIf cfg.sshguard.enable {
environment.systemPackages = [ pkgs.ipset ];
services.sshguard.enable = lib.mkDefault true;
#boot.kernelModules = ["xt_set"];
})
(mkIf (cfg.onlyTincAccess && cfg.enable) {
networking.firewall.extraCommands = ''
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0

8
components/network/sshd/known-hosts-manual.nix
View file

@ -1,4 +1,10 @@
{ pkgs, config, lib, clanLib, ... }:
{
pkgs,
config,
lib,
clanLib,
...
}:
with lib;
let
publicKey = clanLib.readFact "ssh.id_ed25519.pub";

64
components/network/sshd/known-hosts-public.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
config = mkIf (config.components.network.sshd.enable) {
@ -28,65 +33,66 @@ with lib;
};
gitlab = {
hostNames = [ "gitlab.com" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
};
gitlab-bk = {
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
hostNames = [
"gitlab.bk-bund-berlin.de"
"116.203.133.59"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
};
# space-left
gitlabSpaceLeft = {
hostNames = [ "git.space-left.org" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
};
# c-base
"bnd-cbase" = {
hostNames = [ "bnd.cbrp3.c-base.org" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
};
"shell.cbase" = {
hostNames = [ "shell.c-base.org" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
};
"kgb.cbase" = {
hostNames = [ "kgb.cbrp3.c-base.org" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
};
"cns.cbase" = {
hostNames = [ "cns.c-base.org" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
};
"lassulus" = {
hostNames = [ "[lassul.us]:45621" ];
publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
};
renoise = {
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
hostNames = [
"*.renoise.com"
"renoise.com"
"94.130.128.97"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
};
git-renoise = {
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
hostNames = [
"[git.renoise.com]:2229"
"[94.130.128.97]:2229"
];
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
};
"siteground" = {
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
publicKey =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
hostNames = [
"[es5.siteground.eu]:18765"
"[37.60.224.6]:18765"
];
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
};
"cracksucht.de" = {
hostNames = [ "cracksucht.de" ];
publicKey =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
};
};

43
components/network/sshd/known-hosts-zerotier.nix
View file

@ -1,27 +1,38 @@
{ lib, config, clanLib, ... }:
{
lib,
config,
clanLib,
...
}:
with lib;
with types;
let
machines = clanLib.allMachineNames;
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.genAttrs machines
(machine:
{
hostNames = [
"[${machine}]:2222"
"[${machine}.${tld}]:2222"
"[${machine}.private]:2222"
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
}
);
knownHosts = lib.genAttrs machines (machine: {
hostNames = [
"${machine}"
"${machine}.${tld}"
"${machine}.private"
];
publicKey = publicKey machine;
});
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
knownBootHosts = lib.mapAttrs' (
machine: publicKey:
nameValuePair "boot_${machine}" {
inherit publicKey;
hostNames = [
"[${machine}]:2222"
"[${machine}.public]:2222"
];
}
) bootMachines;
in
{
# todo : move this to the proper place
options.components.network.zerotier = {
enable = mkOption {
type = bool;
@ -30,6 +41,6 @@ in
};
config = mkIf config.components.network.zerotier.enable {
services.openssh.knownHosts = knownHosts;
services.openssh.knownHosts = knownHosts // knownBootHosts;
};
}

108
components/network/syncthing.nix
View file

@ -1,15 +1,13 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
let
clanMachines =
lib.mapAttrs
(machine: facts: {
name = machine;
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
in
with lib; {
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
{
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
@ -22,6 +20,19 @@ with lib; {
cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
settings.devices =
let
clanMachines =
lib.mapAttrs
(machine: facts: {
name = machine;
id = facts."syncthing.pub";
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
})
(
clanLib.readFactsFromAllMachines [
"syncthing.pub"
"zerotier-ip"
]
);
device = machine: id: {
"${machine}" = {
name = machine;
@ -32,22 +43,26 @@ with lib; {
in
clanMachines
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
;
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
settings.folders = {
# needs to be on encrypted drives
# -------------------------------
audiobooks = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks";
devices = [ "chungus" "orbi" ];
devices = [
"chungus"
"orbi"
];
};
books = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "2";
@ -56,12 +71,20 @@ with lib; {
desktop = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
};
finance = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "10";
@ -70,27 +93,46 @@ with lib; {
flix = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix";
devices = [ "chungus" "orbi" ];
devices = [
"chungus"
"orbi"
];
};
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" "iPhone" ];
devices = [
"chungus"
"cream"
"cherry"
"iPhone"
];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ];
devices = [
"chungus"
"orbi"
];
};
oscar_cpap = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
};
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "cherry" ];
devices = [
"chungus"
"cream"
"cherry"
];
versioning = {
type = "simple";
params.keep = "10";
@ -100,18 +142,12 @@ with lib; {
share = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "cream" "cherry" "orbi" ];
devices = [
"cream"
"cherry"
"orbi"
];
};
# todo remove if zfs is is used
#nextcloud_backup = {
# enable = lib.mkDefault false;
# path = lib.mkDefault "/tmp/lost-fotos";
# devices = [ "chungus" ];
# versioning = {
# type = "simple";
# params.keep = "2";
# };
#};
};
};

37
components/network/tinc/default.nix
View file

@ -1,4 +1,10 @@
{ lib, config, factsGenerator, clanLib, ... }:
{
lib,
config,
factsGenerator,
clanLib,
...
}:
with lib;
{
@ -20,18 +26,21 @@ with lib;
};
config = mkMerge [
(mkIf config.tinc.private.enable (import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}))
(mkIf config.tinc.secret.enable (import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}))
(mkIf config.tinc.private.enable (
import ./private.nix {
ipv4 = config.tinc.private.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
(mkIf config.tinc.secret.enable (
import ./secret.nix {
ipv4 = config.tinc.secret.ipv4;
ipv6 = null;
inherit (lib) optionalString concatStringsSep mapAttrsToList;
inherit config factsGenerator clanLib;
}
))
];
}

41
components/network/tinc/private.nix
View file

@ -1,12 +1,13 @@
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, factsGenerator
, mapAttrsToList
, clanLib
, ...
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
factsGenerator,
mapAttrsToList,
clanLib,
...
}:
let
hosts = {
@ -26,6 +27,7 @@ let
"prowlarr.orbi" = hosts.orbi;
"photoprism.orbi" = hosts.orbi;
# chungus
"video.chungus" = hosts.chungus;
"de.tts.chungus" = hosts.chungus;
"en.tts.chungus" = hosts.chungus;
"flix.chungus" = hosts.chungus;
@ -50,35 +52,36 @@ in
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
interfaceType = "tap";
extraConfig = ''
LocalDiscovery = yes
'';
hostSettings = {
mobi = {
subnets = [{ address = hosts.mobi; }];
subnets = [ { address = hosts.mobi; } ];
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
};
bobi = {
subnets = [{ address = hosts.bobi; }];
subnets = [ { address = hosts.bobi; } ];
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
};
cream = {
subnets = [{ address = hosts.cream; }];
subnets = [ { address = hosts.cream; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cream";
};
cherry = {
subnets = [{ address = hosts.cherry; }];
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
};
chungus = {
subnets = [{ address = hosts.chungus; }];
subnets = [ { address = hosts.chungus; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
};
orbi = {
addresses = [{ address = "95.216.66.212"; }];
subnets = [{ address = hosts.orbi; }];
addresses = [ { address = "95.216.66.212"; } ];
subnets = [ { address = hosts.orbi; } ];
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
};
};
@ -99,6 +102,8 @@ in
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
);
}

61
components/network/tinc/secret.nix
View file

@ -1,11 +1,12 @@
{ ipv4
, ipv6
, config
, optionalString
, concatStringsSep
, mapAttrsToList
, factsGenerator
, ...
{
ipv4,
ipv6,
config,
optionalString,
concatStringsSep,
mapAttrsToList,
factsGenerator,
...
}:
let
port = 721;
@ -23,31 +24,37 @@ in
services.tinc.networks = {
${network} = {
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
ed25519PrivateKeyFile =
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
extraConfig = ''
LocalDiscovery = yes
Port = ${toString port}
'';
hostSettings = {
sternchen = {
subnets = [{ address = hosts.sternchen; }];
subnets = [ { address = hosts.sternchen; } ];
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
};
cream = {
subnets = [{ address = hosts.cream; }];
subnets = [ { address = hosts.cream; } ];
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
};
cherry = {
subnets = [{ address = hosts.cherry; }];
subnets = [ { address = hosts.cherry; } ];
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
};
sterni = {
subnets = [{ address = hosts.sterni; }];
subnets = [ { address = hosts.sterni; } ];
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
};
robi = {
addresses = [{ address = "144.76.13.147"; port = port; }];
subnets = [{ address = hosts.robi; }];
addresses = [
{
address = "144.76.13.147";
port = port;
}
];
subnets = [ { address = hosts.robi; } ];
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
};
};
@ -68,23 +75,37 @@ in
LinkLocalAddressing = no
'';
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
networking.extraHosts = concatStringsSep "\n" (
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
);
services.openssh.knownHosts = {
"cream.${network}" = {
hostNames = [ "cream.${network}" hosts.cream ];
hostNames = [
"cream.${network}"
hosts.cream
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
};
"sternchen.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
};
"sterni.${network}" = {
hostNames = [ "sterni.${network}" hosts.sterni ];
hostNames = [
"sterni.${network}"
hosts.sterni
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
};
"robi" = {
hostNames = [ "robi.${network}" hosts.robi ];
hostNames = [
"robi.${network}"
hosts.robi
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
};
};

9
components/network/wifi.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
with types;
{
@ -22,7 +27,6 @@ with types;
# Setting this value to 1 means to try activation once, without retry.
networking.networkmanager.settings.main.autoconnect-retries-default = 999;
hardware.enableRedistributableFirmware = true;
# because Networkd-wait-online is just failing.
@ -47,4 +51,3 @@ with types;
};
}

2
components/network/wireguard.nix
View file

@ -28,6 +28,4 @@ with lib;
'';
};
}

1
components/nixos/default.nix
View file

@ -2,7 +2,6 @@
{
imports = [
./upgrade-diff.nix
./tor-ssh.nix
];
options.components.nixos.enable = lib.mkOption {

137
components/nixos/tor-ssh.nix
View file

@ -1,137 +0,0 @@
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
with lib;
with types;
{
options.components.nixos.boot = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
kernelModules = mkOption {
type = listOf str;
default = [ ];
description =
"lspci -v will tell you which kernel module is used for the ethernet interface";
};
ssh.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.nixos.boot.enable;
};
tor.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.nixos.boot.ssh.enable;
};
};
config = mkMerge [
# todo : not working at the moment, because onion hostnames are secrets
(
let
onionIds = clanLib.readFactFromAllMachines "tor.initrd.hostname";
generateOnionUnlockScript = machine: onionId: pkgs.writers.writeDashBin "unlock-boot-${machine}-via-tor" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
'';
in
{
# add known hosts
services.openssh.knownHosts =
mapAttrs
(_machine: onionId: {
hostNames = [ "[${onionId}]:2222" ];
})
onionIds;
# create unlook tor boot script
environment.systemPackages =
mapAttrsToList generateOnionUnlockScript onionIds;
}
)
# tor part
# --------
(mkIf (config.components.nixos.boot.tor.enable) {
#services.tor = {
# enable = true;
# client.enable = true;
# relay.onionServices.bootup.map = [{ port = 2222; }];
#};
# tor setup
clan.core.facts.services.initrd_tor = factsGenerator.tor { name = ""; };
boot.initrd.secrets = {
"/etc/tor/onion/bootup/tor.priv" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.priv".path;
"/etc/tor/onion/bootup/hostname" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.hostname".path;
};
#boot.initrd.extraUtilsCommands = ''
# copy_bin_and_libs ${pkgs.tor}/bin/tor
#'';
# fixme: this thing is not working for some reason.
boot.initrd.systemd.packages = [ pkgs.tor pkgs.iproute2 pkgs.coreutils ];
boot.initrd.systemd.services.tor = {
path = [ pkgs.tor pkgs.iproute2 pkgs.coreutils ];
# todo: set wanted by
script =
let
torRc = pkgs.writeText "tor.rc" ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 2222 127.0.0.1:2222
'';
in
''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "make sure localhost is up"
ip a a 127.0.0.1/8 dev lo
ip link set lo up
echo "tor: starting tor"
tor -f ${torRc} --verify-config
tor -f ${torRc}
'';
};
})
# ssh part
# --------
(mkIf (config.components.nixos.boot.ssh.enable) {
# boot
boot.initrd.systemd.enable = true;
boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
# network
boot.initrd.systemd.network.enable = true;
boot.initrd.availableKernelModules = config.components.nixos.boot.kernelModules;
# ssh
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
#authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys ;
#authorizedKeyFiles = config.users.users.root.openssh.authorizedKeys.keyFiles;
port = 2222;
hostKeys = map ({ path, ... }: path) config.services.openssh.hostKeys;
};
})
];
}

7
components/nixos/upgrade-diff.nix
View file

@ -1,5 +1,10 @@
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
options.components.nixos.update-diff.enable = lib.mkOption {

8
components/terminal/bash.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.bash.enable = mkOption {
@ -16,7 +21,6 @@ with lib;
interactiveShellInit = "set -o vi";
shellAliases = {
ls = "ls --color=tty";
l = "ls -CFh";

8
components/terminal/default.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.terminal = {
@ -13,7 +18,6 @@ with lib;
./git.nix
./heygpt.nix
./hoard.nix
./oh-my-posh
./remote-install.nix
./wtf.nix
./zsh.nix

12
components/terminal/direnv.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.direnv.enable = mkOption {
@ -12,7 +17,10 @@ with lib;
home-manager.sharedModules = [
{
programs.direnv.enable = true;
programs.git.ignores = [ ".envrc" ".direnv" ];
programs.git.ignores = [
".envrc"
".direnv"
];
}
];

9
components/terminal/git.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
options.components.terminal.git.enable = mkOption {
@ -8,7 +13,6 @@ with lib;
config = mkIf (config.components.terminal.git.enable) {
environment.systemPackages = with pkgs; [
git
gita
@ -29,4 +33,3 @@ with lib;
];
};
}

7
components/terminal/heygpt.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.terminal.heygpt.enable = mkOption {

31
components/terminal/hoard.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
hoardSrc = pkgs.fetchFromGitHub {
@ -31,10 +36,26 @@ in
config_home_path = "/home/palo/.config/hoard";
trove_path = "/home/palo/.config/hoard/trove.yml";
query_prefix = " >";
primary_color = [ 87 142 87 ];
secondary_color = [ 203 184 144 ];
tertiary_color = [ 30 30 30 ];
command_color = [ 30 30 30 ];
primary_color = [
87
142
87
];
secondary_color = [
203
184
144
];
tertiary_color = [
30
30
30
];
command_color = [
30
30
30
];
parameter_token = "#";
read_from_current_directory = true;
};

26
components/terminal/oh-my-posh/default.nix
View file

@ -1,26 +0,0 @@
{ pkgs, config, lib, ... }:
with lib;
{
options.components.terminal.oh-my-posh.enable = mkOption {
type = lib.types.bool;
default = config.components.terminal.enable;
};
config = mkIf (config.components.terminal.oh-my-posh.enable) {
home-manager.users =
let
poshConfig = {
programs.oh-my-posh = {
enable = true;
# useTheme = "gruvbox";
settings = builtins.fromJSON (builtins.readFile ./gruvbox.json);
};
};
in
{
mainUser = poshConfig;
root = poshConfig;
};
};
}

9
components/terminal/remote-install.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.remote-install.enable = mkOption {
@ -10,7 +15,7 @@ with lib;
services.tor = {
enable = true;
client.enable = true;
relay.onionServices.liveos.map = [{ port = 1337; }];
relay.onionServices.liveos.map = [ { port = 1337; } ];
};
environment.systemPackages = [

311
components/terminal/wtf.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
let
@ -54,23 +59,29 @@ let
echo
'';
userHighlight = map ({ user, ... }: user)
(builtins.attrValues config.services.browser.configList)
++ [ "steam" ];
userHighlight =
map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
++ [ "steam" ];
activeUsers = pkgs.writers.writeBash "active-users" ''
${pkgs.procps}/bin/ps -eo user \
| ${pkgs.gnused}/bin/sed '1 d' \
| ${pkgs.coreutils}/bin/sort \
| ${pkgs.coreutils}/bin/uniq \
| ${pkgs.gnugrep}/bin/egrep --color=always '(${
pkgs.lib.concatStringsSep "|" userHighlight
})|$'
| ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
'';
# default settings
wtfModule =
args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
args@{
height ? 1,
width ? 1,
top,
left,
enabled ? true,
type,
...
}:
{
enabled = enabled;
focusable = false;
@ -78,106 +89,157 @@ let
position.left = left;
position.height = height;
position.width = width;
} // (lib.filterAttrs
(key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
args);
}
// (lib.filterAttrs (
key: _:
lib.all (x: x != key) [
"height"
"width"
"top"
"left"
]
) args);
# command runner module
cmdRunner = args@{ cmd, ... }:
wtfModule ({
type = "cmdrunner";
focusable = false;
refreshInterval = 300;
} // args);
cmdRunner =
args@{ cmd, ... }:
wtfModule (
{
type = "cmdrunner";
focusable = false;
refreshInterval = 300;
}
// args
);
modules = {
inherit cmdRunner;
digitalclock = args@{ top, left, ... }:
cmdRunner ({
cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y"
'';
title = "";
refreshInterval = 30;
} // args);
digitalclock =
args@{ top, left, ... }:
cmdRunner (
{
cmd = pkgs.writers.writeDash "clock" ''
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
${pkgs.coreutils}/bin/date +"%B %d %Y"
'';
title = "";
refreshInterval = 30;
}
// args
);
clocks = args@{ top, left, ... }:
wtfModule ({
type = "clocks";
title = "";
border = false;
colors.rows = {
even = "white";
odd = "white";
};
locations = {
UTC = "Etc/UTC";
Berlin = "Europe/Berlin";
Cuba = "America/Havana";
Wellington = "Pacific/Auckland";
};
sort = "alphabetical";
refreshInterval = 60;
} // args);
clocks =
args@{ top, left, ... }:
wtfModule (
{
type = "clocks";
title = "";
border = false;
colors.rows = {
even = "white";
odd = "white";
};
locations = {
UTC = "Etc/UTC";
Berlin = "Europe/Berlin";
Thailand = "Asia/Bangkok";
#Cuba = "America/Havana";
#Wellington = "Pacific/Auckland";
};
sort = "alphabetical";
refreshInterval = 60;
}
// args
);
resourceusage = args@{ top, left, ... }:
wtfModule ({
type = "resourceusage";
title = "";
cpuCombined = false;
refreshInterval = 5;
} // args);
resourceusage =
args@{ top, left, ... }:
wtfModule (
{
type = "resourceusage";
title = "";
cpuCombined = false;
refreshInterval = 5;
}
// args
);
power = args@{ top, left, ... }:
wtfModule ({
type = "power";
title = "";
refreshInterval = 100;
} // args);
power =
args@{ top, left, ... }:
wtfModule (
{
type = "power";
title = "";
refreshInterval = 100;
}
// args
);
prettyweather = args@{ top, left, ... }:
wtfModule ({
type = "prettyweather";
title = "";
city = "Essen";
unit = "m";
view = 0;
language = "en";
refreshInterval = 3600;
} // args);
prettyweather =
args@{ top, left, ... }:
wtfModule (
{
type = "prettyweather";
title = "";
city = "Essen";
unit = "m";
view = 0;
language = "en";
refreshInterval = 3600;
}
// args
);
feedreader = args@{ top, left, feeds, ... }:
wtfModule ({
type = "feedreader";
title = "";
refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
} // args);
feedreader =
args@{
top,
left,
feeds,
...
}:
wtfModule (
{
type = "feedreader";
title = "";
refreshInterval = 3600;
focusable = true;
#feedLimit = 10;
colors.rows = {
even = "white";
odd = "white";
};
}
// args
);
github = args@{ top, left, username, apiKey, ... }:
wtfModule ({
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
github =
args@{
top,
left,
username,
apiKey,
...
}:
wtfModule (
{
type = "github";
title = "";
refreshInterval = 3600;
feedlimit = 10;
enableStatus = true;
# customQueries:
# othersPRs:
# title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil"
# repositories:
# - "wtfutil/wtf"
# - "wtfutil/docs"
# - "umbrella-corp/wesker-api"
} // args);
enableStatus = true;
# customQueries:
# othersPRs:
# title: "Others Pull Requests"
# filter: "is:open is:pr -author:wtfutil"
# repositories:
# - "wtfutil/wtf"
# - "wtfutil/docs"
# - "umbrella-corp/wesker-api"
}
// args
);
};
@ -190,8 +252,20 @@ let
normal = "green";
};
grid = {
columns = [ 28 0 0 ];
rows = [ 9 9 9 9 9 9 0 ];
columns = [
28
0
0
];
rows = [
9
9
9
9
9
9
0
];
};
refreshInterval = 1;
mods = with modules; {
@ -226,8 +300,7 @@ let
top = 4;
left = 1;
height = 1;
feeds =
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
};
nixos = feedreader {
title = "NixOS Weekly";
@ -264,8 +337,20 @@ let
normal = "green";
};
grid = {
columns = [ 33 12 28 36 0 ];
rows = [ 9 4 6 6 0 ];
columns = [
33
12
28
36
0
];
rows = [
9
4
6
6
0
];
};
refreshInterval = 1;
mods = with modules; {
@ -291,12 +376,16 @@ let
left = 0;
};
rates = wtfModule {
yfinance = wtfModule {
type = "yfinance";
top = 3;
left = 0;
title = "rates";
symbols = [ "EURUSD=X" "EURNZD=X" ];
symbols = [
"EURUSD=X"
"EURNZD=X"
"EURTHB=X"
];
refreshInterval = 60;
};
@ -307,7 +396,12 @@ let
calendar = cmdRunner {
title = "";
args = [ "-3" "--monday" "--color=never" "-w" ];
args = [
"-3"
"--monday"
"--color=never"
"-w"
];
cmd = "cal";
top = 1;
left = 1;
@ -369,9 +463,12 @@ let
};
};
createDashboard = { json, name }:
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in pkgs.writers.writeBashBin name ''
createDashboard =
{ json, name }:
let
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
in
pkgs.writers.writeBashBin name ''
${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
'';

7
components/terminal/zsh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
with lib;
{
options.components.terminal.zsh.enable = mkOption {

7
components/timezone.nix
View file

@ -1,8 +1,9 @@
{ lib, ... }:
{
# some system stuff
# -----------------
time.timeZone = "Europe/Berlin";
#time.timeZone = lib.mkDefault "Pacific/Auckland";
#time.timeZone = lib.mkDefault "Asia/Singapore";
#time.timeZone = lib.mkDefault "Asia/Makassar";
#time.timeZone = "Pacific/Auckland";
#time.timeZone = "Asia/Singapore";
#time.timeZone = "Asia/Makassar";
}

15
components/virtualisation/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, ... }:
{
imports = [
./docker.nix
./podman.nix
./virtualbox.nix
./qemu.nix
];
options.components.virtualisation.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
}

21
components/virtualisation/docker.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.docker.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.docker.enable {
virtualisation.docker.enable = true;
};
}

24
components/virtualisation/podman.nix Normal file
View file

@ -0,0 +1,24 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.podman.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.podman.enable {
virtualisation.podman.enable = true;
# make sure /var/lib/containers/storage is a zfs dataset
virtualisation.podman.extraPackages = [ pkgs.zfs ];
};
}

32
components/virtualisation/qemu.nix Normal file
View file

@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.qemu.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.qemu.enable {
virtualisation.libvirtd.enable = true;
#virtualisation.libvirtd.allowedBridges = ["virbr0"];
virtualisation.libvirtd.onShutdown = "shutdown";
environment.systemPackages = [
pkgs.qemu_kvm
#(pkgs.quickemu.override { qemu_full = pkgs.qemu_kvm; })
pkgs.quickemu
pkgs.virt-manager
];
users.users.mainUser.extraGroups = [ "libvirtd" ];
};
}

26
components/virtualisation/virtualbox.nix Normal file
View file

@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.virtualisation.virtualbox.enable = lib.mkOption {
type = lib.types.bool;
default = config.components.virtualisation.enable;
};
config = mkIf config.components.virtualisation.virtualbox.enable {
virtualisation.virtualbox = {
host.enable = true;
guest.enable = true;
};
users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ];
};
}

12
components/yubikey.nix
View file

@ -1,7 +1,12 @@
# References:
# * https://github.com/drduh/YubiKey-Guide
# * https://nixos.wiki/wiki/Yubikey
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
{
@ -18,6 +23,11 @@ with lib;
environment.systemPackages = [
pkgs.yubikey-personalization
pkgs.yubikey-personalization-gui
pkgs.yubikey-manager
pkgs.yubikey-manager-qt
# for `gpg --export $keyid | hokey lint` to check keys
#pkgs.haskellPackages.hopenpgp-tools

6
features/boot/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./ssh.nix
./tor.nix
];
}

50
features/boot/ssh.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
{
options.features.boot.ssh = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
kernelModules = mkOption {
type = listOf str;
default = [ ];
description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
};
};
config = mkIf (config.features.boot.ssh.enable) {
# ssh host key
clan.core.facts.services."boot.ssh" = factsGenerator.ssh { name = "boot"; };
# todo: maybe put this in a component
# boot
boot.initrd.systemd.enable = true;
boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
# network
boot.initrd.systemd.network.enable = true;
boot.initrd.availableKernelModules = config.features.boot.ssh.kernelModules;
# ssh
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222;
hostKeys = [ config.clan.core.facts.services."boot.ssh".secret."ssh.boot.id_ed25519".path ];
};
};
}

76
features/boot/tor.nix Normal file
View file

@ -0,0 +1,76 @@
{
config,
lib,
pkgs,
factsGenerator,
clanLib,
...
}:
with lib;
with types;
{
options.features.boot.tor = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
config = mkIf (config.features.boot.tor.enable) {
# tor secrets
clan.core.facts.services."initrd.tor" = factsGenerator.tor {
name = "initrd";
addressPrefix = "init";
};
boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
genAttrs [
"hostname"
"hs_ed25519_public_key"
"hs_ed25519_secret_key"
] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
);
boot.initrd.systemd.storePaths = [
pkgs.tor
pkgs.iproute2
pkgs.coreutils
];
boot.initrd.systemd.contents = {
"/etc/tor/tor.rc".text = ''
DataDirectory /etc/tor
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
SOCKSPort 127.0.0.1:9063
HiddenServiceDir /etc/tor/onion/bootup
HiddenServicePort 2222 127.0.0.1:2222
'';
};
boot.initrd.systemd.services.tor = {
description = "tor during init";
wantedBy = [ "initrd.target" ];
after = [
"network.target"
"initrd-nixos-copy-secrets.service"
];
before = [ "shutdown.target" ];
conflicts = [ "shutdown.target" ];
unitConfig.DefaultDependencies = false;
path = [
pkgs.tor
pkgs.iproute2
pkgs.coreutils
];
script = ''
echo "tor: preparing onion folder"
# have to do this otherwise tor does not want to start
chmod -R 700 /etc/tor
echo "tor: starting tor"
tor -f /etc/tor/tor.rc --verify-config
tor -f /etc/tor/tor.rc
'';
};
};
}

6
features/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./boot
./network
];
}

6
features/network/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
./fail2ban.nix
./sshguard.nix
];
}

17
components/network/fail2ban.nix → features/network/fail2ban.nix
View file

@ -1,14 +1,19 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
{
options.components.network.fail2ban.enable = mkOption {
options.features.network.fail2ban.enable = mkOption {
type = lib.types.bool;
default = false;
};
config = mkMerge [
(mkIf config.components.network.fail2ban.enable {
environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
(mkIf config.features.network.fail2ban.enable {
environment.systemPackages = [ pkgs.fail2ban ];
services.fail2ban = {
enable = true;
#package = pkgs.legacy_2311.fail2ban;
@ -19,7 +24,7 @@ with lib;
# custom defined jails
# --------------------
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
(mkIf config.components.network.fail2ban.enable {
(mkIf config.features.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-not-found.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";
@ -33,7 +38,7 @@ with lib;
'';
};
})
(mkIf config.components.network.fail2ban.enable {
(mkIf config.features.network.fail2ban.enable {
services.fail2ban.jails.nginx-git-bad-request.settings = {
port = "http,https";
logpath = "%(nginx_error_log)s";

24
features/network/sshguard.nix Normal file
View file

@ -0,0 +1,24 @@
{
pkgs,
config,
lib,
assets,
...
}:
with lib;
with types;
{
options.features.network.sshguard = {
enable = mkOption {
type = bool;
default = false;
};
};
config = mkIf config.features.network.sshguard.enable {
environment.systemPackages = [ pkgs.ipset ];
services.sshguard.enable = true;
};
}

551
flake.lock
View file

@ -120,19 +120,21 @@
"flake-parts": [
"flake-parts"
],
"nixos-facter-modules": "nixos-facter-modules",
"nixos-images": "nixos-images",
"nixpkgs": [
"nixpkgs"
],
"sops-nix": "sops-nix",
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1722268611,
"narHash": "sha256-D3rKirDy5SaLPVs0hpYA0J59TBb0+nkfUMlk48YpciI=",
"lastModified": 1726339325,
"narHash": "sha256-bJhxZywuBdQ4vk/t12U1Y9pKKM5VbchKvvM95838+bQ=",
"ref": "refs/heads/main",
"rev": "99a87a6120291deef7a2320a94e1fbdbf5674ab6",
"revCount": 3595,
"rev": "17da259ff99e2d4079f686ba837eb55a2ac9e79b",
"revCount": 4100,
"type": "git",
"url": "https://git.clan.lol/clan/clan-core"
},
@ -150,11 +152,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1721508205,
"narHash": "sha256-X4xVtKAkA/gVqIaCw0L5Rk9062VqlHiH0VK5En5Oi5s=",
"lastModified": 1723143645,
"narHash": "sha256-/71L2ZBM9AmUpEQC19Rf7AxA+BhIquObB8aZDkfVRz8=",
"owner": "mrvandalo",
"repo": "clan-fact-generators",
"rev": "b3fb36c18871861f510330c272b455eb718cd3e4",
"rev": "620c5d3185594b3e2d91e29a7590f44abae4319c",
"type": "github"
},
"original": {
@ -163,6 +165,28 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -171,11 +195,11 @@
]
},
"locked": {
"lastModified": 1721417620,
"narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=",
"lastModified": 1725377834,
"narHash": "sha256-tqoAO8oT6zEUDXte98cvA1saU9+1dLJQe3pMKLXv8ps=",
"owner": "nix-community",
"repo": "disko",
"rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42",
"rev": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
"type": "github"
},
"original": {
@ -207,6 +231,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -247,11 +287,11 @@
]
},
"locked": {
"lastModified": 1719994518,
"narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"lastModified": 1726153070,
"narHash": "sha256-HO4zgY0ekfwO5bX0QH/3kJ/h4KvUDFZg8YpkNwIbg1U=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"rev": "bcef6817a8b2aa20a5a6dbb19b43e63c5bf8619a",
"type": "github"
},
"original": {
@ -281,6 +321,24 @@
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1644229661,
@ -298,14 +356,14 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -315,6 +373,24 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1631561581,
"narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=",
@ -329,9 +405,30 @@
"type": "github"
}
},
"flake-utils_4": {
"flake-utils_5": {
"inputs": {
"systems": "systems_2"
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_6": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1694529238,
@ -363,6 +460,28 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-topology",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
@ -382,14 +501,16 @@
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs_2"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1722936497,
"narHash": "sha256-UBst8PkhY0kqTgdKiR8MtTBt4c1XmjJoOV11efjsC/o=",
"lastModified": 1726357542,
"narHash": "sha256-p4OrJL2weh0TRtaeu1fmNYP6+TOp/W2qdaIJxxQay4c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a6c743980e23f4cef6c2a377f9ffab506568413a",
"rev": "e524c57b1fa55d6ca9d8354c6ce1e538d2a1f47f",
"type": "github"
},
"original": {
@ -426,11 +547,11 @@
},
"locked": {
"dir": "nix",
"lastModified": 1721551388,
"narHash": "sha256-JR9/TqQi4a14kmH+iypGZKa7H2VZhr2jL9QgHLx3LUw=",
"lastModified": 1726080562,
"narHash": "sha256-Inh/OXdaw5tG/GrVjjhVELtSTZFPGLG3UcN/J5oFWy8=",
"owner": "kmonad",
"repo": "kmonad",
"rev": "31c591b647d277fe34cb06fc70b0d053dd15f867",
"rev": "4e17fc4432dad3664d39274e4e698c7a5497216d",
"type": "github"
},
"original": {
@ -443,7 +564,7 @@
"landingpage": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1709213960,
@ -459,21 +580,44 @@
"type": "github"
}
},
"nix-topology": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1725483443,
"narHash": "sha256-WzOlGMKV/51Fccn/OMHcm5yrqgbOJZrJIy1ya4pW0u8=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "8738d94670265beb166954c4e3a26e432f79f68c",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixos-anywhere": {
"inputs": {
"disko": "disko_2",
"flake-parts": "flake-parts_3",
"nixos-images": "nixos-images_2",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1722000256,
"narHash": "sha256-urCCUTXgkHPh9eN3JAKAa8f09nltFxtAQaLyHbOOKxw=",
"lastModified": 1726219387,
"narHash": "sha256-fACBWdZsLcFrrLsP7M//qIyIgecWEn3W8btu3WiGShE=",
"owner": "nix-community",
"repo": "nixos-anywhere",
"rev": "1933f2e7e2395ee88b15d3a411a363775e83274d",
"rev": "00a41d52a37f3d3e15d45715a1f5fded0e966e6b",
"type": "github"
},
"original": {
@ -482,13 +626,29 @@
"type": "github"
}
},
"nixos-facter-modules": {
"flake": false,
"locked": {
"lastModified": 1725379040,
"narHash": "sha256-yJIy595vpcdAYznxamszZhteQCIZM3OJUOIKeU4cIq4=",
"owner": "numtide",
"repo": "nixos-facter-modules",
"rev": "a389bf16ed7db1f7e6a5e9dc4b5547e927498803",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "nixos-facter-modules",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1722278305,
"narHash": "sha256-xLBAegsn9wbj+pQfbX07kykd5VBV3Ywk3IbObVAAlWA=",
"lastModified": 1725885300,
"narHash": "sha256-5RLEnou1/GJQl+Wd+Bxaj7QY7FFQ9wjnFq1VNEaxTmc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "eab049fe178c11395d65a858ba1b56461ba9652d",
"rev": "166dee4f88a7e3ba1b7a243edb1aca822f00680e",
"type": "github"
},
"original": {
@ -508,11 +668,11 @@
]
},
"locked": {
"lastModified": 1721571445,
"narHash": "sha256-2MnlPVcNJZ9Nbu90kFyo7+lng366gswErP4FExfrUbc=",
"lastModified": 1725726968,
"narHash": "sha256-sqkJZDj4NjPFhWCDoSyXJoBRfRfXIyvhfssGqLvzgW8=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "accee005735844d57b411d9969c5d0aabc6a55f6",
"rev": "51c98a9f328e7aad81d8aa048f38e4e5c86d3389",
"type": "github"
},
"original": {
@ -612,11 +772,11 @@
},
"nixpkgs-legacy_2405": {
"locked": {
"lastModified": 1722087241,
"narHash": "sha256-2ShmEaFi0kJVOEEu5gmlykN5dwjWYWYUJmlRTvZQRpU=",
"lastModified": 1726320982,
"narHash": "sha256-RuVXUwcYwaUeks6h3OLrEmg14z9aFXdWppTWPMTwdQw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8c50662509100d53229d4be607f1a3a31157fa12",
"rev": "8f7492cce28977fbf8bd12c72af08b1f6c7c3e49",
"type": "github"
},
"original": {
@ -638,13 +798,41 @@
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1722979953,
"narHash": "sha256-aFtHVx8WBrf6i3Rf+gYcilRuoimfmlzB9btc+br89R4=",
"lastModified": 1726346340,
"narHash": "sha256-S15Ylznn8MBWIooDT65Z7E3h9N7XpB5VMx7ZdHZ/JGA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9d938b4e45c9a6d04efc45405b3187fbfcff2f85",
"rev": "c60562f3643f6c1604cba0c7177834266bd35af9",
"type": "github"
},
"original": {
@ -655,22 +843,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722185531,
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1645527175,
"narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
@ -685,7 +857,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1717926692,
"narHash": "sha256-THcv8qDqobZefHHluPjx/8n+MtVVb8ag/oJbKMqKNRo=",
@ -701,13 +873,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1722813957,
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"lastModified": 1726062873,
"narHash": "sha256-IiA3jfbR7K/B5+9byVi9BZGWTD4VSbWe8VLpp9B/iYk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"rev": "4f807e8940284ad7925ebd0a0993d2a1791acb2f",
"type": "github"
},
"original": {
@ -717,23 +889,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1701263465,
"narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "50aa30a13c4ab5e7ba282da460a3e3d44e9d0eb3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_5": {
"locked": {
"lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -747,13 +903,13 @@
"type": "indirect"
}
},
"nixpkgs_8": {
"nixpkgs_6": {
"locked": {
"lastModified": 1722179153,
"narHash": "sha256-ZJ75T0GWpLI4hoaL+YxueHD2pXG+VYpYtPJdwbkERVs=",
"lastModified": 1726033636,
"narHash": "sha256-U5BSY461QUg9x0fatmPSczjVpszOJTdJWQVmFTxt9LU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dcfb2878c687e5eb5fcbc5116969c45c85be34e2",
"rev": "62f0186c41a3f1398e3e025f7dc0ccc603482d5a",
"type": "github"
},
"original": {
@ -763,43 +919,6 @@
"type": "github"
}
},
"overviewer": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_6",
"pandoc_template": "pandoc_template"
},
"locked": {
"lastModified": 1701775518,
"narHash": "sha256-qJ+lyo5/FY35bddRd26y/bpKzRd99lvUeX88iY2VctQ=",
"ref": "main",
"rev": "13176fcd5b4689d1b15f1f9d19e946fff45dc3c3",
"revCount": 28,
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git"
}
},
"pandoc_template": {
"flake": false,
"locked": {
"lastModified": 1597233765,
"narHash": "sha256-ixEY21akLEjvSmOaH3z+K73jHqOMtijaOxesw1DKseA=",
"owner": "tajmone",
"repo": "pandoc-goodies",
"rev": "c7963da8590c2815d733ddf194d82d950ba94648",
"type": "github"
},
"original": {
"owner": "tajmone",
"repo": "pandoc-goodies",
"type": "github"
}
},
"permown": {
"inputs": {
"nixpkgs": [
@ -822,8 +941,8 @@
},
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_7"
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1688766095,
@ -839,29 +958,64 @@
"url": "https://git.ingolf-wagner.de/palo/polygon-art.git"
}
},
"private_assets": {
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"nix-topology",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"nix-topology",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1722954537,
"narHash": "sha256-Ed0weP9KpP2g9hdTzCSk89yV2oD2c4poA21z4fLcBgk=",
"lastModified": 1714478972,
"narHash": "sha256-q//cgb52vv81uOuwz1LaXElp3XAe1TqrABXODAEF6Sk=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "2849da033884f54822af194400f8dff435ada242",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"private-parts": {
"inputs": {
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix_3"
},
"locked": {
"lastModified": 1726350656,
"narHash": "sha256-mdjvgRc1kfbQ1Z7Nscf6bOBK7LvIMI7sWGx78uqmuNs=",
"ref": "main",
"rev": "0c236ccc4382ecaad64595756d242b206fd49aec",
"revCount": 58,
"rev": "5f550dbeaca257ab021315bba36cabd29120d20f",
"revCount": 78,
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-parts.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-parts.git"
}
},
"retiolum": {
"locked": {
"lastModified": 1719907580,
"narHash": "sha256-arE8H5HXoPwcjQXnUH1pmnh2pi37+5hXjo4UPpYJ7FY=",
"lastModified": 1725753611,
"narHash": "sha256-sxA8nkZBT0MfbneBEuIfdDCFVNig9b5Nu3cTM0Bo59k=",
"owner": "Mic92",
"repo": "retiolum",
"rev": "7e5194b7aba337bc06b5a33738284ef98eef6cbf",
"rev": "4a766277e2bedb94df583f3236147f51edf84e65",
"type": "github"
},
"original": {
@ -879,21 +1033,22 @@
"home-manager-utils": "home-manager-utils",
"kmonad": "kmonad",
"landingpage": "landingpage",
"nix-topology": "nix-topology",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_4",
"nixpkgs-legacy_2211": "nixpkgs-legacy_2211",
"nixpkgs-legacy_2311": "nixpkgs-legacy_2311",
"nixpkgs-legacy_2405": "nixpkgs-legacy_2405",
"nixpkgs-unstable-small": "nixpkgs-unstable-small",
"overviewer": "overviewer",
"permown": "permown",
"polygon-art": "polygon-art",
"private_assets": "private_assets",
"private-parts": "private-parts",
"retiolum": "retiolum",
"srvos": "srvos",
"stylix": "stylix",
"taskshell": "taskshell"
"taskshell": "taskshell",
"treefmt-nix": "treefmt-nix_4"
}
},
"sops-nix": {
@ -907,11 +1062,11 @@
]
},
"locked": {
"lastModified": 1721531171,
"narHash": "sha256-AsvPw7T0tBLb53xZGcUC3YPqlIpdxoSx56u8vPCr6gU=",
"lastModified": 1725765163,
"narHash": "sha256-rfd2c47iVSFI6bRYy5l8wRijRBaYDeU7dM8XCDUGqlA=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "909e8cfb60d83321d85c8d17209d733658a21c95",
"rev": "b68757cd2c3fa66d6ccaa0d046ce42a9324e0070",
"type": "github"
},
"original": {
@ -922,14 +1077,14 @@
},
"srvos": {
"inputs": {
"nixpkgs": "nixpkgs_8"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1722263926,
"narHash": "sha256-xhuXR7hKOM4dQwDvHyZYn+aHbUDHnpi4+yPhsyP+mwU=",
"lastModified": 1726102228,
"narHash": "sha256-9WRTBxEq2P1lqFGXcVAlXx5Eh95rmvHM6/x13fVcUAY=",
"owner": "nix-community",
"repo": "srvos",
"rev": "1f867a5658bfc4318ea6f83304b2a1bc4a0b28ee",
"rev": "b9fae7b4351851d050333df6cef1b02b01b2ca2d",
"type": "github"
},
"original": {
@ -947,21 +1102,23 @@
"base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_5",
"gnome-shell": "gnome-shell",
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
],
"systems": "systems_4"
},
"locked": {
"lastModified": 1722946882,
"narHash": "sha256-mxtnMye8gs82tdQbVC+g6v3aPOZlH150f9WyntHIkTg=",
"lastModified": 1726170940,
"narHash": "sha256-sobkRkGBaMX9pD0bwU1iVPWi0WtQvZqlHyl1YtvNDio=",
"owner": "danth",
"repo": "stylix",
"rev": "5853f1a8bd072f2ebabfc3de3973084353cf6f1e",
"rev": "35233f929629c8eb64e939e35260fc8347f94df9",
"type": "github"
},
"original": {
@ -1000,9 +1157,54 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"taskshell": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_6",
"nixpkgs": [
"nixpkgs"
]
@ -1029,11 +1231,11 @@
]
},
"locked": {
"lastModified": 1721458737,
"narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=",
"lastModified": 1725271838,
"narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97",
"rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd",
"type": "github"
},
"original": {
@ -1062,6 +1264,47 @@
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_3": {
"inputs": {
"nixpkgs": [
"private-parts",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724833132,
"narHash": "sha256-F4djBvyNRAXGusJiNYInqR6zIMI3rvlp6WiKwsRISos=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "3ffd842a5f50f435d3e603312eefa4790db46af5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_4": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1725271838,
"narHash": "sha256-VcqxWT0O/gMaeWTTjf1r4MOyG49NaNxW4GHTO3xuThE=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "9fb342d14b69aefdf46187f6bb80a4a0d97007cd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

827
flake.nix
View file

@ -1,80 +1,46 @@
{
# "git+file:///<full-path>" for fixing an input
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
clan-core.inputs.flake-parts.follows = "flake-parts";
clan-core.inputs.nixpkgs.follows = "nixpkgs";
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
clan-fact-generators.inputs.clan-core.follows = "clan-core";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
clan-fact-generators = {
url = "github:mrvandalo/clan-fact-generators";
inputs.clan-core.follows = "clan-core";
};
clan-core = {
url = "git+https://git.clan.lol/clan/clan-core";
#url = "git+file:///home/palo/dev/clan-core";
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
inputs.flake-parts.follows = "flake-parts";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
flake-parts.url = "github:hercules-ci/flake-parts";
home-manager-utils.inputs.home-manager.follows = "home-manager";
home-manager-utils.url = "github:mrvandalo/home-manager-utils";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager";
kmonad.inputs.nixpkgs.follows = "nixpkgs"; # fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
kmonad.url = "github:kmonad/kmonad?dir=nix"; # todo: mabye use https://github.com/jtroo/kanata instead
landingpage.url = "github:mrVanDalo/landingpage";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
home-manager = {
#url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager";
#inputs.nixpkgs.follows = "nixpkgs";
};
polygon-art = {
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
};
home-manager-utils = {
url = "github:mrvandalo/home-manager-utils";
inputs.home-manager.follows = "home-manager";
};
permown = {
url = "github:mrVanDalo/module.permown";
#url = "git+file:///home/palo/dev/nixos/permown";
inputs.nixpkgs.follows = "nixpkgs";
};
private_assets = {
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
flake = true;
};
retiolum = {
url = "github:Mic92/retiolum";
#url = "git+file:///home/palo/dev/nixos/retiolum";
};
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
permown.inputs.nixpkgs.follows = "nixpkgs";
permown.url = "github:mrVanDalo/module.permown";
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-parts.git?ref=main";
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
retiolum.url = "github:Mic92/retiolum";
srvos.url = "github:nix-community/srvos";
landingpage = {
#url = "git+file:///home/palo/dev/landingpage";
url = "github:mrVanDalo/landingpage";
};
# todo: mabye use https://github.com/jtroo/kanata instead
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
kmonad = {
url = "github:kmonad/kmonad?dir=nix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
stylix.inputs.home-manager.follows = "home-manager";
stylix.inputs.nixpkgs.follows = "nixpkgs";
stylix.url = "github:danth/stylix";
taskshell.inputs.nixpkgs.follows = "nixpkgs";
taskshell.url = "github:mrvandalo/taskshell";
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
treefmt-nix.url = "github:numtide/treefmt-nix";
# smoke test framwork to trigger tests (enable if I want to use it for real)
#smoke = {
@ -82,151 +48,172 @@
# inputs.nixpkgs.follows = "nixpkgs";
#};
# had to override it to remove colors
taskshell = {
url = "github:mrvandalo/taskshell";
inputs.nixpkgs.follows = "nixpkgs";
};
# my own tool
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
};
outputs =
inputs@{ self
, clan-core
, clan-fact-generators
, flake-parts
, home-manager
, home-manager-utils
, kmonad
, landingpage
, nixos-anywhere
, nixos-hardware
, nixpkgs
, nixpkgs-legacy_2211
, nixpkgs-legacy_2311
, nixpkgs-legacy_2405
, nixpkgs-unstable-small
, overviewer
, permown
, polygon-art
, private_assets
, retiolum
, srvos
, stylix
, taskshell
inputs@{
self,
clan-core,
clan-fact-generators,
flake-parts,
home-manager,
home-manager-utils,
kmonad,
landingpage,
nixos-anywhere,
nixos-hardware,
nixpkgs,
nixpkgs-legacy_2211,
nixpkgs-legacy_2311,
nixpkgs-legacy_2405,
nixpkgs-unstable-small,
permown,
polygon-art,
private-parts,
retiolum,
srvos,
stylix,
taskshell,
treefmt-nix,
nix-topology,
}:
let
#system = "x86_64-linux";
#pkgs = nixpkgs.legacyPackages.${system};
inherit (nixpkgs) lib;
meta = rec {
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
config.allowUnfree = true;
config.permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
];
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config.allowUnfree = true;
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config.allowUnfree = true;
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config.allowUnfree = true;
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config.allowUnfree = true;
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
kmonad = kmonad.packages.${system}.kmonad;
tasksh = taskshell.packages.${system}.tasksh;
overviewer = overviewer.packages.${system}.overviewer;
pkl = self.packages.${system}.pkl;
})
(import ./pkgs)
];
};
pkgs =
let
allowUnfree = true;
permittedInsecurePackages = [
"electron-24.8.6" # for bitwarden
"python-2.7.18.6"
"python-2.7.18.7"
"python-2.7.18.8"
"electron-27.3.11" # for logseq
"electron-28.3.3" # for logseq
];
in
import nixpkgs {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
overlays = [
(_self: _super: {
unstable-small = import nixpkgs-unstable-small {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2211 = import nixpkgs-legacy_2211 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2311 = import nixpkgs-legacy_2311 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
legacy_2405 = import nixpkgs-legacy_2405 {
inherit system;
config = {
inherit allowUnfree permittedInsecurePackages;
};
};
polygon-art = polygon-art.packages.${system};
landingpage = landingpage.packages.${system}.plain;
kmonad = kmonad.packages.${system}.kmonad;
tasksh = taskshell.packages.${system}.tasksh;
inherit (self.packages.${system})
otpmenu
taskwarrior-hooks
nsxiv
bugwarrior
;
})
];
};
specialArgs = {
inherit private_assets inputs;
inherit inputs;
assets = ./assets;
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
zerotierDeviceName = "ztbn67ogn2";
clanLib = import ./lib/clanlib.nix {
inherit (pkgs) lib;
machineDir = ./machines;
};
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
zerotierInterface = "ztbn67ogn2";
components = ./components;
features = ./features;
};
};
clanSetup =
{ name
, host
, modules
}: {
{
name,
host,
modules,
}:
{
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
nixpkgs.pkgs = meta.pkgs;
nixpkgs.hostPlatform = meta.system;
clan.core.facts.secretStore = "password-store";
imports = modules ++ defaultModules ++ [
./machines/${name}/configuration.nix
imports =
modules
++ defaultModules
++ [
./machines/${name}/configuration.nix
nix-topology.nixosModules.default
self.nixosModules.verify
];
};
zerotierControllerModule = {
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
};
};
zerotierModules =
{ pkgs, ... }:
{
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
}
];
};
zerotierControllerModule =
{
clan.core.networking.zerotier.controller = {
enable = true;
public = false;
};
};
zerotierModules = { pkgs, ... }: {
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
# will automatic look into `/machines/<name>/facts/zerotier-ip
inputs.clan-core.clanModules.zerotier-static-peers
# Statically configure the host names of machines based on their respective zerotier-ip.
inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
# manual configs
{
clan.static-hosts.topLevelDomain = "bear";
components.network.zerotier.enable = true;
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
(pkgs.writers.writeBashBin "zerotier-script-nodeid" ''
sudo ${pkgs.zerotierone}/bin/zerotier-cli info | cut -d " " -f 3
'')
];
}
];
};
defaultModules = [
# make flake inputs accessiable in NixOS
{
@ -234,25 +221,42 @@
_module.args.inputs = self.inputs;
}
# ssh keys
({ config, ... }: {
users.users.root.openssh.authorizedKeys.keyFiles = [
# master key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
];
})
# configure nix
({ pkgs, lib, clanLib, ... }:
(
{ config, ... }:
{
nix.settings.substituters = [
"http://cache.orbi.wg0"
users.users.root.openssh.authorizedKeys.keyFiles = [
# master key
./assets/mrvandalo_rsa.pub
# backup key
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
];
nix.settings.trusted-public-keys = [
(clanLib.readFact "nix-serve.pub" "orbi")
}
)
{
# disable emergency mode everywhere, although it might be needed on laptops
boot.initrd.systemd.emergencyAccess = false;
boot.initrd.systemd.suppressedUnits = [
"emergency.service"
"emergency.target"
];
systemd.enableEmergencyMode = false;
}
# configure nix
(
{
pkgs,
lib,
clanLib,
...
}:
{
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.max-jobs = 1;
# no channesl needed this way
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
@ -264,7 +268,12 @@
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
documentation.nixos.extraModules = [
./components
./features
#./modules
inputs.clan-core.nixosModules.clanCore
{
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
}
# inputs.stylix.nixosModules.stylix # fixme: not working
permown.nixosModules.permown
kmonad.nixosModules.default
@ -275,230 +284,240 @@
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
boot.loader.grub.configurationLimit = lib.mkDefault 10;
})
}
)
# My Structure
./components
./features
./modules # todo : spread this across features and components
#./system/all # todo : spread this across features and components
# some modules I always use
permown.nixosModules.permown
kmonad.nixosModules.default
# some default things I always want
({ pkgs, ... }: {
boot.tmp.useTmpfs = lib.mkDefault true;
environment.systemPackages = [
pkgs.nixpkgs-fmt
];
})
(
{ pkgs, ... }:
{
boot.tmp.useTmpfs = lib.mkDefault true;
}
)
];
stylixModules = { pkgs, config, ... }: {
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
stylix.fonts = {
serif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
sansSerif = {
package = pkgs.ubuntu_font_family;
name = "Ubuntu";
};
monospace = {
package = pkgs.jetbrains-mono;
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes.popups = 15;
};
# todo: remove this if not needed anymore
#home-manager.sharedModules = [
# { stylix.targets.bemenu.enable = false; }
#];
stylixModules =
{
pkgs,
config,
lib,
...
}:
{
imports = [ stylix.nixosModules.stylix ];
stylix.enable = true;
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
stylix.image = ./assets/wallpaper.png;
};
homeManagerModules = { pkgs, config, ... }: {
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
inherit private_assets;
assets = ./assets;
home-manager.sharedModules = [
{
# no need for hyperland
# https://github.com/danth/stylix/issues/543
stylix.targets.hyprpaper.enable = lib.mkForce false;
stylix.targets.hyprland.enable = lib.mkForce false;
}
];
stylix.fonts = {
serif = {
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
name = "Ubuntu";
};
sansSerif = {
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
name = "Ubuntu";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
name = "JetBrains Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
sizes.popups = 15;
};
};
homeManagerModules =
{ pkgs, config, ... }:
{
imports = [
home-manager.nixosModules.home-manager
];
home-manager.extraSpecialArgs = {
assets = ./assets;
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
];
};
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.backupFileExtension = "backup";
home-manager.sharedModules = [
home-manager-utils.hmModule
];
};
in
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
# We define our own systems below. you can still use this to add system specific outputs to your flake.
# See: https://flake.parts/getting-started
systems = [ "x86_64-linux" ];
flake-parts.lib.mkFlake { inherit inputs; } (
{
self,
self',
pkgs,
...
}:
{
systems = [ "x86_64-linux" ];
imports = [
clan-core.flakeModules.default
./nix/formatter.nix
./nix/packages
./nix/verify
./nix/topology
];
# import clan-core modules
imports = [
clan-core.flakeModules.default
];
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
perSystem = { pkgs, ... }: {
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
};
machines = {
# Define your clan
clan = {
# Clan wide settings.
meta.name = "gummybears"; # Ensure to choose a unique name.
specialArgs = meta.specialArgs;
cream = clanSetup {
name = "cream";
host = "cream.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum
private-parts.nixosModules.cream
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
machines = {
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private-parts.nixosModules.cherry
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
sternchen = clanSetup {
name = "sternchen";
host = "sternchen.bear";
#host = "192.168.178.25";
modules = [
nixos-hardware.nixosModules.lenovo-thinkpad-x220
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/tina;
home-manager.users.root = import ./homes/root;
}
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
({ lib, ... }: {
home-manager.sharedModules = [
{
programs.atuin.enable = lib.mkForce false;
}
];
})
{
clan.core.machineDescription = "LaLaptop";
}
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private-parts.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
];
};
cream = clanSetup {
name = "cream";
host = "cream.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.cream
private_assets.nixosModules.yubikey
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
homeManagerModules
stylixModules
zerotierModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
cherry = clanSetup {
name = "cherry";
host = "cherry.bear";
modules = [
zerotierModules
nixos-hardware.nixosModules.framework-13th-gen-intel
retiolum.nixosModules.retiolum
private_assets.nixosModules.yubikey
homeManagerModules
stylixModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Laptop";
}
];
};
probe = clanSetup {
name = "probe";
#host = "167.235.205.150";
host = "95.217.18.54";
modules = [
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
#inputs.clan-core.clanModules.sshd
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
chungus = clanSetup {
name = "chungus";
host = "chungus.bear";
modules = [
zerotierModules
zerotierControllerModule
homeManagerModules
stylixModules
retiolum.nixosModules.retiolum
private_assets.nixosModules.chungus
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Home Server";
}
];
};
usbstick = clanSetup {
name = "usbstick";
#host = "usbstick.bear";
host = "10.100.0.100";
modules = [
homeManagerModules
stylixModules
zerotierModules
{ home-manager.users.mainUser.gui.enable = true; }
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "USB-Stick for Backup";
}
];
};
orbi = clanSetup {
name = "orbi";
host = "orbi.bear";
#host = "95.216.66.212";
modules = [
zerotierModules
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-online-intel
#srvos.nixosModules.server
#srvos.nixosModules.mixins-terminfo
{
# not needed for servers in general
boot.initrd.systemd.emergencyAccess = false;
systemd.enableEmergencyMode = false;
}
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Internet Server";
}
];
};
probe = clanSetup {
name = "probe";
host = "probe.bear";
modules = [
homeManagerModules
stylixModules
srvos.nixosModules.hardware-hetzner-cloud
srvos.nixosModules.server
srvos.nixosModules.mixins-terminfo
{
home-manager.users.mainUser = import ./homes/palo;
home-manager.users.root = import ./homes/root;
}
{
clan.core.machineDescription = "Dummy Internet Server";
}
];
};
};
};
});
}
);
}

3
homes/common/default.nix
View file

@ -1,6 +1,9 @@
{ lib, ... }:
{
imports = [
./editor.nix
./network.nix
./oh-my-posh
./packages.nix
./terminal.nix
./zfs.nix

5
homes/palo/editor.nix → homes/common/editor.nix
View file

@ -1,11 +1,10 @@
{ lib, ... }:
{
programs.vim = {
enable = true;
defaultEditor = true;
defaultEditor = lib.mkDefault true;
};
programs.helix = {
enable = true;
# defaultEditor = true;
};
}

34
homes/common/network.nix Normal file
View file

@ -0,0 +1,34 @@
{
config,
pkgs,
lib,
...
}:
with lib;
{
config = mkMerge [
{
home.packages = [
# firewall analysis
pkgs.nftables
pkgs.nixos-firewall-tool
# analyser
pkgs.dnsutils
pkgs.tcpdump
pkgs.nmap
pkgs.rustscan
# helper
pkgs.ipcalc
];
}
(mkIf config.gui.enable {
home.packages = [
pkgs.wireshark
];
})
];
}

15
homes/common/oh-my-posh/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
pkgs,
config,
lib,
...
}:
with lib;
{
programs.oh-my-posh = {
enable = true;
# https://ohmyposh.dev/docs/themes
#useTheme = "gmay"; # ganz nice, aber farben sind ein bisl schrill
settings = builtins.fromJSON (builtins.readFile ./gmay.json);
};
}

121
homes/common/oh-my-posh/gmay.json Normal file
View file

@ -0,0 +1,121 @@
{
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
"blocks": [
{
"alignment": "left",
"segments": [
{
"background": "#076678",
"foreground": "#EBDBB2",
"leading_diamond": "\ue0b6",
"style": "diamond",
"template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
"type": "os"
},
{
"background": "#AF3A03",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " \uf0e7 ",
"type": "root"
},
{
"background": "#076678",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ",
"type": "session"
},
{
"background": "#B57614",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"style": "full"
},
"style": "powerline",
"template": " \ue5ff {{ .Path }} ",
"type": "path"
},
{
"background": "#79740E",
"foreground": "#EBDBB2",
"powerline_symbol": "\ue0b0",
"properties": {
"time_format": "2006-01-02 15:04:05"
},
"style": "powerline",
"template": " {{ .CurrentDate | date .Format }} ",
"type": "time"
},
{
"type": "project",
"style": "powerline",
"powerline_symbol": "",
"foreground": "#193549",
"background": "#ffeb3b",
"template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
},
{
"type": "git",
"style": "powerline",
"powerline_symbol": "",
"background": "#427b58",
"foreground": "#EBDBB2",
"background_templates": [
"{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}",
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}",
"{{ if gt .Ahead 0 }}#076678{{ end }}",
"{{ if gt .Behind 0 }}#076678{{ end }}"
],
"template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }}  {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }}  {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }}  {{ .StashCount }}{{ end }}",
"properties": {
"fetch_status": true,
"fetch_upstream_icon": true,
"untracked_modes": {
"/Users/user/Projects/oh-my-posh/": "no"
},
"source": "cli",
"mapped_branches": {
"feat/*": "🚀 ",
"bug/*": "🐛 "
}
}
},
{
"background": "#427B58",
"background_templates": [
"{{ if gt .Code 0 }}#9D0006{{ end }}"
],
"foreground": "#EBDBB2",
"leading_diamond": "<transparent,background>\ue0b0</>",
"properties": {
"always_enabled": true
},
"style": "diamond",
"template": " \ueb05 ",
"trailing_diamond": "\ue0b4",
"type": "status"
}
],
"type": "prompt"
},
{
"alignment": "left",
"newline": true,
"segments": [
{
"foreground": "#076678",
"style": "plain",
"template": "\uf0a9 ",
"type": "text"
}
],
"type": "prompt"
}
],
"final_space": true,
"version": 2
}

8
components/terminal/oh-my-posh/gruvbox.json → homes/common/oh-my-posh/gruvbox.json
View file

@ -13,9 +13,13 @@
},
{
"background": "#fbf1c7",
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
"background_templates": [
"{{ if .Root }}#af3a03{{ end }}"
],
"foreground": "#282828",
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
"foreground_templates": [
"{{ if .Root }}#fbf1c7{{ end }}"
],
"powerline_symbol": "\ue0b0",
"style": "powerline",
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",

15
homes/common/packages.nix
View file

@ -1,14 +1,16 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with pkgs;
with lib;
{
config = mkMerge [
{
home.packages = [
bind.dnsutils
nmap
hexyl
ipcalc
units
difftastic
@ -23,7 +25,7 @@ with lib;
tldr
bandwhich
bandwhich # todo : put this to common/networking.nix
unzip
genpass
@ -41,7 +43,6 @@ with lib;
}
(mkIf config.gui.enable {
home.packages = [
libreoffice
@ -54,7 +55,7 @@ with lib;
aspellDicts.es
evince
sxiv
nsxiv
gimp
inkscape

7
homes/common/terminal.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, assets, ... }:
{
lib,
pkgs,
assets,
...
}:
{
programs.zsh = {

7
homes/common/zfs.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with pkgs;
with lib;
{

5
homes/palo/default.nix
View file

@ -1,12 +1,11 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
imports = [
../common
./editor.nix
./git.nix
./gpg.nix
./gui
#./hyperland.nix
./i3.nix
./packages
./ssh.nix

35
homes/palo/doom-emacs.nix
View file

@ -1,35 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
{
config = mkMerge [
{
home.packages = [ pkgs.ripgrep ];
}
(mkIf config.gui.enable {
programs.doom-emacs = {
enable = lib.mkDefault true;
doomPrivateDir = ./doom.d;
extraConfig = ''
;; "monospace" means use the system default. However, the default is usually two
;; points larger than I'd like, so I specify size 12 here.
(setq doom-font
(font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
;;(setq doom-font
;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
'';
#emacsPackagesOverlay = self: super: {
# # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
# gitignore-mode = pkgs.emacsPackages.git-modes;
# gitconfig-mode = pkgs.emacsPackages.git-modes;
#};
};
})
(mkIf (!config.gui.enable) {
programs.doom-emacs = {
enable = lib.mkDefault true;
doomPrivateDir = ./doom.d;
package = pkgs.emacs-nox;
};
})
];
}

4
homes/palo/doom.d/config.el
View file

@ -1,4 +0,0 @@
;; configure theme
(setq doom-theme 'doom-solarized-light)

187
homes/palo/doom.d/init.el
View file

@ -1,187 +0,0 @@
;;; init.el -*- lexical-binding: t; -*-
;; This file controls what Doom modules are enabled and what order they load
;; in. Remember to run 'doom sync' after modifying it!
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
;; documentation. There you'll find a "Module Index" link where you'll find
;; a comprehensive list of Doom's modules and what flags they support.
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
;; 'C-c c k' for non-vim users) to view its documentation. This works on
;; flags as well (those symbols that start with a plus).
;;
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
;; directory (for easy access to its source code).
(doom! :input
;;chinese
;;japanese
;;layout ; auie,ctsrnm is the superior home row
:completion
company ; the ultimate code completion backend
;;helm ; the *other* search engine for love and life
;;ido ; the other *other* search engine...
ivy ; a search engine for love and life
:ui
;;deft ; notational velocity for Emacs
doom ; what makes DOOM look the way it does
doom-dashboard ; a nifty splash screen for Emacs
doom-quit ; DOOM quit-message prompts when you quit Emacs
;;(emoji +unicode) ; 🙂
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
;;hydra
;;indent-guides ; highlighted indent columns
;;ligatures ; ligatures and symbols to make your code pretty again
;;minimap ; show a map of the code on the side
modeline ; snazzy, Atom-inspired modeline, plus API
;;nav-flash ; blink cursor line after big motions
;;neotree ; a project drawer, like NERDTree for vim
ophints ; highlight the region an operation acts on
(popup +defaults) ; tame sudden yet inevitable temporary windows
;;tabs ; a tab bar for Emacs
;;treemacs ; a project drawer, like neotree but cooler
;;unicode ; extended unicode support for various languages
vc-gutter ; vcs diff in the fringe
vi-tilde-fringe ; fringe tildes to mark beyond EOB
;;window-select ; visually switch windows
workspaces ; tab emulation, persistence & separate workspaces
;;zen ; distraction-free coding or writing
:editor
(evil +everywhere); come to the dark side, we have cookies
file-templates ; auto-snippets for empty files
fold ; (nigh) universal code folding
;;(format +onsave) ; automated prettiness
;;god ; run Emacs commands without modifier keys
;;lispy ; vim for lisp, for people who don't like vim
;;multiple-cursors ; editing in many places at once
;;objed ; text object editing for the innocent
;;parinfer ; turn lisp into python, sort of
;;rotate-text ; cycle region at point between text candidates
snippets ; my elves. They type so I don't have to
;;word-wrap ; soft wrapping with language-aware indent
:emacs
dired ; making dired pretty [functional]
electric ; smarter, keyword-based electric-indent
;;ibuffer ; interactive buffer management
undo ; persistent, smarter undo for your inevitable mistakes
vc ; version-control and Emacs, sitting in a tree
:term
;;eshell ; the elisp shell that works everywhere
;;shell ; simple shell REPL for Emacs
;;term ; basic terminal emulator for Emacs
;;vterm ; the best terminal emulation in Emacs
:checkers
syntax ; tasing you for every semicolon you forget
;;(spell +flyspell) ; tasing you for misspelling mispelling
;;grammar ; tasing grammar mistake every you make
:tools
;;ansible
;;debugger ; FIXME stepping through code, to help you add bugs
;;direnv
;;docker
;;editorconfig ; let someone else argue about tabs vs spaces
;;ein ; tame Jupyter notebooks with emacs
(eval +overlay) ; run code, run (also, repls)
;;gist ; interacting with github gists
lookup ; navigate your code and its documentation
;;lsp ; M-x vscode
magit ; a git porcelain for Emacs
;;make ; run make tasks from Emacs
;;pass ; password manager for nerds
;;pdf ; pdf enhancements
;;prodigy ; FIXME managing external services & code builders
;;rgb ; creating color strings
;;taskrunner ; taskrunner for all your projects
;;terraform ; infrastructure as code
;;tmux ; an API for interacting with tmux
;;upload ; map local to remote projects via ssh/ftp
:os
(:if IS-MAC macos) ; improve compatibility with macOS
;;tty ; improve the terminal Emacs experience
:lang
;;agda ; types of types of types of types...
;;beancount ; mind the GAAP
;;cc ; C > C++ == 1
;;clojure ; java with a lisp
;;common-lisp ; if you've seen one lisp, you've seen them all
;;coq ; proofs-as-programs
;;crystal ; ruby at the speed of c
;;csharp ; unity, .NET, and mono shenanigans
;;data ; config/data formats
;;(dart +flutter) ; paint ui and not much else
;;elixir ; erlang done right
;;elm ; care for a cup of TEA?
emacs-lisp ; drown in parentheses
;;erlang ; an elegant language for a more civilized age
;;ess ; emacs speaks statistics
;;factor
;;faust ; dsp, but you get to keep your soul
;;fsharp ; ML stands for Microsoft's Language
;;fstar ; (dependent) types and (monadic) effects and Z3
;;gdscript ; the language you waited for
;;(go +lsp) ; the hipster dialect
;;(haskell +dante) ; a language that's lazier than I am
;;hy ; readability of scheme w/ speed of python
;;idris ; a language you can depend on
;;json ; At least it ain't XML
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
;;javascript ; all(hope(abandon(ye(who(enter(here))))))
;;julia ; a better, faster MATLAB
;;kotlin ; a better, slicker Java(Script)
;;latex ; writing papers in Emacs has never been so fun
;;lean ; for folks with too much to prove
;;ledger ; be audit you can be
;;lua ; one-based indices? one-based indices
markdown ; writing docs for people to ignore
;;nim ; python + lisp at the speed of c
nix ; I hereby declare "nix geht mehr!"
;;ocaml ; an objective camel
(org +roam2) ; organize your plain life in plain text
;;php ; perl's insecure younger brother
;;plantuml ; diagrams for confusing people more
;;purescript ; javascript, but functional
;;python ; beautiful is better than ugly
;;qt ; the 'cutest' gui framework ever
;;racket ; a DSL for DSLs
;;raku ; the artist formerly known as perl6
;;rest ; Emacs as a REST client
;;rst ; ReST in peace
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
;;scala ; java, but good
;;(scheme +guile) ; a fully conniving family of lisps
sh ; she sells {ba,z,fi}sh shells on the C xor
;;sml
;;solidity ; do you need a blockchain? No.
;;swift ; who asked for emoji variables?
;;terra ; Earth and Moon in alignment for performance.
;;web ; the tubes
;;yaml ; JSON, but readable
;;zig ; C, but simpler
:email
;;(mu4e +gmail)
;;notmuch
;;(wanderlust +gmail)
:app
;;calendar
;;emms
;;everywhere ; *leave* Emacs!? You must be joking
;;irc ; how neckbeards socialize
;;(rss +org) ; emacs as an RSS reader
;;twitter ; twitter client https://twitter.com/vnought
:config
;;literate
(default +bindings +smartparens))

0
homes/palo/doom.d/packages.el
View file

12
homes/palo/git.nix
View file

@ -10,16 +10,24 @@ with pkgs;
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
signByDefault = true;
};
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
ignores = [
"*.swp"
"*~"
".idea"
".*penis.*"
"result"
".envrc"
".direnv"
];
extraConfig = {
init.defaultBranch = "main";
pull.ff = "only";
push.autoSetupRemote = true;
};
#diff-so-fancy.enable = true;
difftastic.enable = true;
};
home.packages = [
pre-commit
gita

3
homes/palo/gpg.nix
View file

@ -12,8 +12,7 @@
keyserver = "keyserver.ubuntu.com";
personal-digest-preferences = "SHA512";
cert-digest-algo = "SHA512";
default-preference-list =
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
};
};

7
homes/palo/gui/alacritty.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with lib;
{

8
homes/palo/gui/kitty.nix
View file

@ -1,4 +1,9 @@
{ lib, pkgs, config, ... }:
{
lib,
pkgs,
config,
...
}:
with lib;
{
@ -31,6 +36,5 @@ with lib;
};
};
};
}

161
homes/palo/hyperland.nix
View file

@ -1,161 +0,0 @@
{ pkgs, ... }:
{
home.file.".config/hypr/hyperland.conf".text = ''
autogenerated = 1 # remove this line to remove the warning
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=,preferred,auto,auto
# Some default env vars.
env = XCURSOR_SIZE,24
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = no
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
gaps_in = 5
gaps_out = 20
border_size = 2
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
layout = dwindle
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
}
decoration {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
rounding = 10
blur {
enabled = true
size = 3
passes = 1
}
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = true
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
misc {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
device:epic-mouse-v1 {
sensitivity = -0.5
}
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
$mainMod = SUPER
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, enter, exec, alacritty
bind = $mainMod, C, killactive,
bind = $mainMod, Q, exit,
bind = $mainMod, E, exec, dolphin
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, wofi --show drun
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
'';
}

77
homes/palo/i3.nix
View file

@ -1,8 +1,20 @@
{ config, lib, pkgs, osConfig, ... }:
{
config,
lib,
pkgs,
osConfig,
...
}:
with lib;
let
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
rofi = pkgs.rofi.override {
plugins = [
pkgs.rofi-emoji
pkgs.rofi-calc
pkgs.xdotool
];
};
backgroundCommand = pkgs.writers.writeDash "background" ''
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
@ -43,14 +55,15 @@ in
pkgs.autorandr
pkgs.polygon-art.polygon-art
pkgs.xdotool # needed for rofi-emoji
pkgs.xclicker # makes stuff much easier
];
programs.i3status-rust = {
enable = true;
bars = {
my = {
icons = "awesome5";
theme = "gruvbox-light";
icons = "material-nf"; # nerd fonts (influenced by stylix.font settings)
theme = "gruvbox-light"; # not configured by stylix yet.
# https://github.com/greshake/i3status-rust/blob/v0.22.0/doc/blocks.md
blocks = [
{
@ -140,21 +153,25 @@ in
focus = {
followMouse = true;
};
colors.focused =
with config.lib.stylix.colors.withHashtag;
colors.focused = with config.lib.stylix.colors.withHashtag; {
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup = [
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; }
{
# stylix color overrides
border = lib.mkForce base08;
background = lib.mkForce base0A;
text = lib.mkForce base00;
};
startup =
[
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
{ command = toString backgroundCommand; always = true; }
{
command = toString (pkgs.writers.writeDash "xsettings" ''
command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
always = true;
}
{
command = toString backgroundCommand;
always = true;
}
{
command = toString (
pkgs.writers.writeDash "xsettings" ''
# to allow sudo commands to access X
${pkgs.xorg.xhost}/bin/xhost +
# no shitty pcspkr crap
@ -162,13 +179,15 @@ in
# no sleeping monitor
${pkgs.xorg.xset}/bin/xset -dpms
${pkgs.xorg.xset}/bin/xset s off
'');
always = true;
}
];
''
);
always = true;
}
];
bars = [
(config.lib.stylix.i3.bar //
{
(
config.lib.stylix.i3.bar
// {
#mode = "hide";
hiddenState = "hide";
position = "top";
@ -188,6 +207,16 @@ in
in
{
"Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
# --- Brightness controls --- #
"XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
# --- Pulse/Pipewire Audio controls --- #
"XF86AudioRaiseVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
"${modifier}+Return" = "exec ${cfg.config.terminal}";
"${modifier}+Shift+q" = "exit";
"${modifier}+q" = "kill";

57
homes/palo/packages/development.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
with pkgs;
with lib;
{
@ -29,15 +34,18 @@ with lib;
jetbrains.pycharm-professional
# planing
((ganttproject-bin.override {
jre = pkgs.openjdk11;
}).overrideAttrs (old: {
version = "3.1.3100";
src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
}))
(
(ganttproject-bin.override {
jre = pkgs.openjdk11;
}).overrideAttrs
(old: {
version = "3.1.3100";
src = pkgs.fetchzip {
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
};
})
)
# Pkl
# ---
@ -79,7 +87,7 @@ with lib;
termtosvg
#surrealist
surrealdb
#surrealdb # fixme: not working because of rust update or something
boxes
@ -101,7 +109,8 @@ with lib;
{
home.packages =
let
pandocScript = { inputFormat, outputFormat }:
pandocScript =
{ inputFormat, outputFormat }:
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
${pkgs.pandoc}/bin/pandoc \
--from ${inputFormat} \
@ -135,10 +144,26 @@ with lib;
${pkgs.less}/bin/less
'')
] ++ (map pandocScript (lib.cartesianProduct {
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
}));
]
++ (map pandocScript (
lib.cartesianProduct {
inputFormat = [
"man"
"markdown"
"mediawiki"
"asciidoc"
];
outputFormat = [
"mediawiki"
"docbook5"
"html5"
"man"
"jira"
"markdown"
"asciidoc"
];
}
));
}
];

11
homes/palo/packages/graphics.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
@ -11,7 +16,6 @@ with lib;
gimp
inkscape
imagemagick
nsxiv
blender
lightburn
colorpicker
@ -23,6 +27,9 @@ with lib;
qrencode
xclicker
xdotool
];
};

7
homes/palo/packages/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{

28
homes/palo/packages/media.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }:
with pkgs;
{
pkgs,
lib,
config,
...
}:
with lib;
{
@ -7,25 +11,21 @@ with lib;
(mkIf config.gui.enable {
home.packages = [
freetube
vlc
pkgs.freetube
pkgs.vlc
# music editors
# =============
picard # musicbrainz editor
#kid3-qt # id3 tag editor
easytag
dconf
pkgs.picard # musicbrainz editor
pkgs.easytag
pkgs.dconf
pkgs.jellyfin-mpv-shim
];
})
{
home.packages = [
# music editors
# =============
kid3-cli
];
home.packages = [ ];
}
];
}

33
homes/palo/packages/nextcloud.nix
View file

@ -1,10 +1,16 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
let
nextcloud-client = pkgs.legacy_2311.nextcloud-client;
nextcloudSync = folder:
nextcloudSync =
folder:
let
password = "$( ${pkgs.pass}/bin/pass show home/nextcloud/palo/nextcloudcmd-token )";
user = "palo";
@ -16,19 +22,18 @@ let
"https://${user}:${password}@nextcloud.ingolf-wagner.de"
'';
borrow = pkgs.writers.writeDashBin "borrow"
''
${getExe hledger-ui} \
--all \
--theme=terminal \
--file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
borrow = pkgs.writers.writeDashBin "borrow" ''
${getExe hledger-ui} \
--all \
--theme=terminal \
--file ~/Nextcloud/Unterlagen/.hledger-borrow "$@"
${getExe gum} confirm \
--affirmative="update" \
--negative="skip" \
--default=false \
"Syncronize with Nextcloud?" && ${getExe(nextcloudSync "Unterlagen")}
'';
${getExe gum} confirm \
--affirmative="update" \
--negative="skip" \
--default=false \
"Syncronize with Nextcloud?" && ${getExe (nextcloudSync "Unterlagen")}
'';
in
{

8
homes/palo/packages/packages.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
@ -8,7 +13,6 @@ with lib;
# ¯\_(ツ)_/¯
home.packages = [
nixos-shell
# bluetooth gui

7
homes/palo/packages/social.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{

7
homes/palo/ssh.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
{
home.packages = [ pkgs.sshuttle ];

154
homes/palo/taskwarrior.nix
View file

@ -1,99 +1,131 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
with lib;
with types;
let
mkMagicMergeOption = { description ? "", example ? { }, default ? { }, apply ? id, ... }:
mkMagicMergeOption =
{
description ? "",
example ? { },
default ? { },
apply ? id,
...
}:
mkOption {
inherit example description default apply;
type = with lib.types;
inherit
example
description
default
apply
;
type =
with lib.types;
let
valueType = nullOr
(oneOf [
valueType =
nullOr (oneOf [
bool
int
float
str
(attrsOf valueType)
(listOf valueType)
]) // {
description = "bool, int, float or str";
emptyValue.value = { };
};
])
// {
description = "bool, int, float or str";
emptyValue.value = { };
};
in
valueType;
};
#taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
taskwarrior-tui = pkgs.taskwarrior-tui;
taskwarrior-tui = pkgs.legacy_2311.taskwarrior-tui;
taskwarrior = pkgs.taskwarrior3;
in
{
# bugwarrior (a bit fiddly)
imports = [{
imports = [
{
options.bugwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
options.bugwarrior.config = mkMagicMergeOption {
type = attrs;
default = { };
};
config = {
home.file.".config/bugwarrior/bugwarrior.toml".source = (pkgs.formats.toml { }).generate "bugwarriorrc.toml" config.bugwarrior.config;
# todo : before deleting this, put it in logseq
config = mkIf config.gui.enable {
home.file.".config/bugwarrior/bugwarrior.toml".source =
(pkgs.formats.toml { }).generate "bugwarriorrc.toml"
(
{
general.taskrc = pkgs.writeText "taskrc" "data.location=$HOME/.bugwarrior";
}
// config.bugwarrior.config
);
home.packages = [
pkgs.bugwarrior
#export TASKRC=$HOME/.bugwarrior/${pkgs.writeText "bugwarrior.taskrc" "data.location=$HOME/.bugwarrior"}
(pkgs.writers.writeBashBin "bugwarrior-sync" ''
set -eo pipefail
home.packages = [
(pkgs.legacy_2311.python3Packages.bugwarrior.overrideAttrs (old: {
version = "develop";
src = pkgs.fetchFromGitHub {
owner = "ralphbean";
repo = "bugwarrior";
rev = "6554e70c199cc766a2b5e4e4fe22e4e46d64bba1";
sha256 = "sha256-cKhL8FBH7wxCxXrybVRLfCHQTCxursFqtBDl3e1UUXs=";
};
propagatedBuildInputs = old.propagatedBuildInputs ++ [
pkgs.legacy_2311.python3Packages.pydantic
pkgs.legacy_2311.python3Packages.tomli
pkgs.legacy_2311.python3Packages.email-validator
pkgs.legacy_2311.python3Packages.packaging
];
}))
];
};
mkdir -p $HOME/.bugwarrior
touch $HOME/.bugwarrior/taskrc
}];
export TASKRC=$HOME/.bugwarrior/taskrc
export TASKDATA=$HOME/.bugwarrior
echo "bugwarrior pull" | ${pkgs.boxes}/bin/boxes -d ansi
${pkgs.bugwarrior}/bin/bugwarrior pull "$@"
echo "task export" | ${pkgs.boxes}/bin/boxes -d ansi
${pkgs.taskwarrior}/bin/task export > $HOME/.bugwarrior/bugwarrior.json
unset TASKRC
unset TASKDATA
echo "task import" | ${pkgs.boxes}/bin/boxes -d ansi
${taskwarrior}/bin/task import rc.hooks=0 $HOME/.bugwarrior/bugwarrior.json
'')
];
};
}
];
config = mkIf config.gui.enable {
home.packages = with pkgs;
[
home.packages = [
taskwarrior
taskwarrior-tui
pkgs.timewarrior
timewarrior
tasksh
taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${pkgs.taskwarrior}/bin/task "$@"'')
taskwarrior
pkgs.tasksh
pkgs.taskwarrior-hooks
(pkgs.writeShellScriptBin "tsak" ''${taskwarrior}/bin/task "$@"'')
vit
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
pkgs.vit
taskwarrior-tui
(pkgs.writers.writeBashBin "active" "${taskwarrior-tui}/bin/taskwarrior-tui -r active")
(pkgs.writers.writeBashBin "todo" "${taskwarrior-tui}/bin/taskwarrior-tui -r todo")
(pkgs.writers.writeBashBin "calendar" ''
${pkgs.taskwarrior}/bin/task calendar
${pkgs.taskwarrior}/bin/task calendar_report
'')
(pkgs.writers.writeBashBin "calendar" ''
${taskwarrior}/bin/task calendar
${taskwarrior}/bin/task calendar_report
'')
# todo : belongs to calendar.nix
vdirsyncer
khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
# todo : belongs to calendar.nix
pkgs.vdirsyncer
pkgs.khal
(pkgs.writers.writeBashBin "kalendar" ''
${pkgs.vdirsyncer}/bin/vdirsyncer sync
${pkgs.khal}/bin/ikhal
'')
];
];
};

1
homes/root/default.nix
View file

@ -2,6 +2,7 @@
imports = [
../common
];
gui.enable = false;
home.stateVersion = "22.11";

23
homes/tina/logseq.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with pkgs;
with lib;
{
@ -6,13 +11,17 @@ with lib;
home.packages = [
logseq
];
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
{
spellcheck = {
dictionaries = [ "en-US" "de-DE" ];
dictionary = "";
home.file.".config/Logseq/Preferences".source =
(pkgs.formats.json { }).generate "LogseqPreferences.json"
{
spellcheck = {
dictionaries = [
"en-US"
"de-DE"
];
dictionary = "";
};
};
};
};
}

Some files were not shown because too many files have changed in this diff Show more