Compare commits
226 commits
refactor/c
...
main
Author | SHA1 | Date | |
---|---|---|---|
|
4f3efeaa4c | ||
|
4ac6d12b0c | ||
|
197e516ec1 | ||
|
03a5b33bbf | ||
|
e84fee5a36 | ||
|
266d9246c1 | ||
|
f3e223e3a4 | ||
|
428482c99e | ||
|
f0cb1d0b43 | ||
|
f6427e5237 | ||
|
d85780c563 | ||
|
06af1cef58 | ||
|
e5889daf0a | ||
|
3afd6e851e | ||
|
7ac796d908 | ||
|
b372a34a59 | ||
|
5a96339104 | ||
|
14d9b4bdf5 | ||
|
362cbaea9b | ||
|
f911177ab7 | ||
|
64b3e78f43 | ||
|
117d55b27c | ||
|
1473a90df9 | ||
|
847bb88330 | ||
|
286e6d7578 | ||
|
b201ee77c0 | ||
|
733985c773 | ||
|
74f7208936 | ||
|
79db8373c2 | ||
|
0e3e67554a | ||
|
9efa7f7ca6 | ||
|
11fd6a6071 | ||
|
e68eed4216 | ||
|
e612510267 | ||
|
70b76d149a | ||
|
4b12e04e15 | ||
|
8deb5b98ed | ||
|
180bd7ca44 | ||
|
6668aa4a42 | ||
|
0662795882 | ||
|
e7bc5e3c90 | ||
|
a1502974f2 | ||
|
403e3165b1 | ||
|
f97ab14238 | ||
|
b20dff2899 | ||
|
94759e4a67 | ||
|
dc890c2d5d | ||
|
f026fa1fdc | ||
|
05fbad21e1 | ||
|
bc7375024d | ||
|
5aef72baf9 | ||
|
913aa0dae9 | ||
|
a46240a9e5 | ||
|
ad8333ccde | ||
|
12bea7955e | ||
|
c73e0f43f4 | ||
|
171e7400ba | ||
|
f5da6bc863 | ||
|
a18428a120 | ||
|
40911d4aa0 | ||
|
e34dc222db | ||
|
6d5dbcbafc | ||
|
743b196ec9 | ||
|
9a8717f9aa | ||
|
90f61ebec4 | ||
|
07a2b5f2d1 | ||
|
253b146406 | ||
|
09d89ad596 | ||
|
6d7056c9fb | ||
|
ee4274110c | ||
|
4a10bae866 | ||
|
177f77faab | ||
|
225401e4c2 | ||
|
5cccd77dad | ||
|
310f5fcf54 | ||
|
6d01aa2529 | ||
|
fff6089b96 | ||
|
9ec11a8a24 | ||
|
226687604b | ||
|
1d7f67471e | ||
|
99e65576a1 | ||
|
d963855d75 | ||
|
d4f826e32b | ||
|
96a2e00a96 | ||
|
a0d942dc6b | ||
|
53bc9b3176 | ||
|
39c29f7e60 | ||
|
2bb52175d1 | ||
|
1a9c1f4913 | ||
|
361497a6e6 | ||
|
4bd2f7f3f2 | ||
|
d70e39d6fa | ||
|
e25dd3c59a | ||
|
61eaadba3d | ||
|
9ae95ddb11 | ||
|
e4bfd58901 | ||
|
2f769675fd | ||
|
a5a36ce5c8 | ||
|
eea3ddf0cf | ||
|
62315ee2c2 | ||
|
e43f4514bc | ||
|
c584bb39ce | ||
|
e62d841524 | ||
|
d0a34454d4 | ||
|
743a9fc885 | ||
|
a52e1b39a0 | ||
|
614a1d8e37 | ||
|
7e8c3d41c9 | ||
|
c264db7f13 | ||
|
577003f607 | ||
|
267b8d73a0 | ||
|
e5f1729bdc | ||
|
c53b563565 | ||
|
8279af8370 | ||
|
70aba78c06 | ||
|
c42e7e669a | ||
|
9afb53585b | ||
|
31d674132b | ||
|
4c1a3ef72f | ||
|
f49730a0a9 | ||
|
7ef34db19b | ||
|
e795a3bed9 | ||
|
a6284e6509 | ||
|
1d044521e8 | ||
|
84a6dd2c8f | ||
|
abe153cdce | ||
|
488a63db26 | ||
|
3a72b901b3 | ||
|
347acf7e6e | ||
|
903e963d05 | ||
|
9aa5e1ef09 | ||
|
7402e5ad5e | ||
|
f670c2af5f | ||
|
5655847c08 | ||
|
7f27ccd07c | ||
|
0e5387dfc0 | ||
|
51e3d8df22 | ||
|
ae3a14f5fa | ||
|
394790bf0e | ||
|
e619cc2dab | ||
|
c03727fd80 | ||
|
485cdfe116 | ||
|
ad35b322c5 | ||
|
96c388bbac | ||
|
229eff0d63 | ||
|
8da0bbc3ef | ||
|
3833b870dd | ||
|
1564bd8d72 | ||
|
55c2e14337 | ||
|
ee13d7fa82 | ||
|
2f3a6ba574 | ||
|
f7ac29e2fa | ||
|
71f9225dc6 | ||
|
aed3dbd602 | ||
|
d1c9241245 | ||
|
db2187a2e7 | ||
|
09d8f33a01 | ||
|
0f42a99288 | ||
|
32e0eacffa | ||
|
7a6510a4e6 | ||
|
200063fcb1 | ||
|
2bc86a4912 | ||
|
4c647291bc | ||
|
2758c873bb | ||
|
a48aa680a4 | ||
|
581d41238c | ||
|
4489b24659 | ||
|
167875c1fc | ||
|
c4bd159888 | ||
|
0430d97d24 | ||
|
ffc8bcafa7 | ||
|
0209b7ca42 | ||
|
644705cdb2 | ||
|
ec2a51c514 | ||
|
2e9bf75dab | ||
|
47f717392a | ||
|
d0ff322489 | ||
|
8879a739b6 | ||
|
a2a7763b47 | ||
|
bc595a1198 | ||
|
b04dd0738b | ||
|
1cdd13956b | ||
|
e50d61faf4 | ||
|
11871fc506 | ||
|
8f6fa5939b | ||
|
ee4d9bcc4f | ||
|
ac30776e4c | ||
|
22a49f5599 | ||
|
8cdd63bdcc | ||
|
33d716ea6b | ||
|
aed8c552ba | ||
|
96ee5a488e | ||
|
eec51b58b3 | ||
|
161486b887 | ||
|
29e3213e4b | ||
|
7e1e13e897 | ||
|
53187fb603 | ||
|
800045c1c5 | ||
|
77459df69c | ||
|
7e2c61ad88 | ||
|
50688f4500 | ||
|
4f6924d5d7 | ||
|
b24094155a | ||
|
1447d96b43 | ||
|
848eccb959 | ||
|
569d891a7e | ||
|
7a4f203752 | ||
|
efd451e180 | ||
|
3fa5c09a62 | ||
|
9cdfeba305 | ||
|
0780abb35d | ||
|
1b9105f158 | ||
|
26aaec9101 | ||
|
cc5d655ef7 | ||
|
e471c24d93 | ||
|
509f283924 | ||
|
40e5456517 | ||
|
060261dc90 | ||
|
69bbf19f91 | ||
|
8327f1860d | ||
|
f411567ad6 | ||
|
ca0e7382a3 | ||
|
9b7ff29143 | ||
|
4f6ed530db | ||
|
2b9062e1f1 | ||
|
d5f1ef4af6 |
290 changed files with 5939 additions and 5533 deletions
|
@ -1,18 +1,17 @@
|
||||||
name: Build all NixOS Configurations
|
name: Build all NixOS Configurations
|
||||||
|
|
||||||
on:
|
on:
|
||||||
push:
|
push:
|
||||||
branches:
|
branches:
|
||||||
- "**"
|
- "**"
|
||||||
schedule:
|
schedule:
|
||||||
- cron: "30 2 * * *" # not to frequent, GitHub only allows a few pulls per hour
|
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
nix build:
|
nix build:
|
||||||
runs-on: native
|
runs-on: native
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
clean: true
|
||||||
- name: update nix flakes
|
- name: update nix flakes
|
||||||
if: ${{ github.event_name == 'schedule' }}
|
if: ${{ github.event_name == 'schedule' }}
|
||||||
# we need to use our ssh key here because we need access to private flakes
|
# we need to use our ssh key here because we need access to private flakes
|
||||||
|
@ -30,7 +29,6 @@ jobs:
|
||||||
echo $SSH_AGENT_PID
|
echo $SSH_AGENT_PID
|
||||||
kill $SSH_AGENT_PID
|
kill $SSH_AGENT_PID
|
||||||
rm .ssh_key
|
rm .ssh_key
|
||||||
|
|
||||||
- name: nix flake archive/check
|
- name: nix flake archive/check
|
||||||
# we need to use our ssh key here because we need access to private flakes
|
# we need to use our ssh key here because we need access to private flakes
|
||||||
run: |
|
run: |
|
||||||
|
@ -48,22 +46,16 @@ jobs:
|
||||||
echo $SSH_AGENT_PID
|
echo $SSH_AGENT_PID
|
||||||
kill $SSH_AGENT_PID
|
kill $SSH_AGENT_PID
|
||||||
rm .ssh_key
|
rm .ssh_key
|
||||||
|
|
||||||
- name: nix build orbi
|
- name: nix build orbi
|
||||||
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
|
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
|
||||||
|
# - name: nix build cream
|
||||||
- name: nix build cream
|
# run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
|
||||||
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
|
|
||||||
|
|
||||||
- name: nix build cherry
|
- name: nix build cherry
|
||||||
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
|
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
|
||||||
|
|
||||||
- name: nix build chungus
|
- name: nix build chungus
|
||||||
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
|
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
|
||||||
|
- name: nix build usbstick
|
||||||
- name: nix build sternchen
|
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
|
||||||
run: nix build .#nixosConfigurations.sternchen.config.system.build.toplevel
|
|
||||||
|
|
||||||
- name: commit & push
|
- name: commit & push
|
||||||
if: ${{ github.event_name == 'schedule' }}
|
if: ${{ github.event_name == 'schedule' }}
|
||||||
# only if all nix builds are fine we update our branch
|
# only if all nix builds are fine we update our branch
|
||||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 696 KiB |
|
@ -1,6 +1,8 @@
|
||||||
# components concept
|
# components concept
|
||||||
|
|
||||||
- components are kinda opinionated.
|
- components are kinda opinionated.
|
||||||
- should be project agnostic (e.g.: configure bugwarrior via options but leave specifics out).
|
- should be project agnostic (e.g.: configure bugwarrior via options but leave
|
||||||
- `component.<toplevel>.enabled` should usually be the default for all it subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
|
specifics out).
|
||||||
|
- `component.<toplevel>.enabled` should usually be the default for all it
|
||||||
|
subcomponents (`comonent.<topleve>.<subcomponent>.enabled`).
|
||||||
- But default should make sense here!
|
- But default should make sense here!
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
@ -5,13 +5,12 @@
|
||||||
./gui
|
./gui
|
||||||
./mainUser.nix
|
./mainUser.nix
|
||||||
./media
|
./media
|
||||||
./monitor
|
|
||||||
./network
|
./network
|
||||||
./nixos
|
./nixos
|
||||||
./terminal
|
./terminal
|
||||||
./timezone.nix
|
./timezone.nix
|
||||||
|
./virtualisation
|
||||||
./yubikey.nix
|
./yubikey.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# TODO test `alsactl init` after suspend to reinit mic
|
# TODO test `alsactl init` after suspend to reinit mic
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui.audio.enable = mkOption {
|
options.components.gui.audio.enable = mkOption {
|
||||||
|
@ -20,7 +25,6 @@ with lib;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
alsa-utils
|
alsa-utils
|
||||||
alsaUtils
|
|
||||||
|
|
||||||
# PulseAudio control
|
# PulseAudio control
|
||||||
# ------------------
|
# ------------------
|
||||||
|
|
|
@ -8,11 +8,13 @@ in
|
||||||
|
|
||||||
programs.chromium.extensions = [
|
programs.chromium.extensions = [
|
||||||
"nngceckbapebfimnlniiiahkandclblb" # bitwarden
|
"nngceckbapebfimnlniiiahkandclblb" # bitwarden
|
||||||
"edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
|
# "edibdbjcniadpccecjdfdjjppcpchdlm" # I still don't care about cookies
|
||||||
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
|
"gcbommkclmclpchllfjekcdonpmejbdp" # https everywhere
|
||||||
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
"cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
|
||||||
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
|
"dbepggeogbaibhgnhhndojpepiihcmeb" # vimium
|
||||||
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
|
"jinjaccalgkegednnccohejagnlnfdag" # Violentmonkey
|
||||||
|
"dpplabbmogkhghncfbfdeeokoefdjegm" # Proxy SwitchySharp
|
||||||
|
"mooikfkahbdckldjjndioackbalphokd" # Selenium IDE
|
||||||
];
|
];
|
||||||
|
|
||||||
# overwrite use zram on small RAM systems
|
# overwrite use zram on small RAM systems
|
||||||
|
@ -34,50 +36,59 @@ in
|
||||||
home = "${homeFolder}/development-browser";
|
home = "${homeFolder}/development-browser";
|
||||||
homeBackup = "${backupFolder}/development-browser";
|
homeBackup = "${backupFolder}/development-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
google = {
|
google = {
|
||||||
home = "${homeFolder}/google-browser";
|
home = "${homeFolder}/google-browser";
|
||||||
homeBackup = "${backupFolder}/google-browser";
|
homeBackup = "${backupFolder}/google-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
finance = {
|
finance = {
|
||||||
home = "${homeFolder}/finance-browser";
|
home = "${homeFolder}/finance-browser";
|
||||||
homeBackup = "${backupFolder}/finance-browser";
|
homeBackup = "${backupFolder}/finance-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
facebook = {
|
facebook = {
|
||||||
home = "${homeFolder}/facebook-browser";
|
home = "${homeFolder}/facebook-browser";
|
||||||
homeBackup = "${backupFolder}/facebook-browser";
|
homeBackup = "${backupFolder}/facebook-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
shopping = {
|
shopping = {
|
||||||
home = "${homeFolder}/shopping-browser";
|
home = "${homeFolder}/shopping-browser";
|
||||||
homeBackup = "${backupFolder}/shopping-browser";
|
homeBackup = "${backupFolder}/shopping-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
jobrad = {
|
jobrad = {
|
||||||
browserType = "chrome";
|
browserType = "chrome";
|
||||||
home = "${homeFolder}/jobrad-chrome";
|
home = "${homeFolder}/jobrad-chrome";
|
||||||
homeBackup = "${backupFolder}/jobrad-chrome";
|
homeBackup = "${backupFolder}/jobrad-chrome";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
firefox-tmp = {
|
firefox-tmp = {
|
||||||
browserType = "firefox";
|
browserType = "firefox";
|
||||||
home = "${homeFolder}/firefox-tmp";
|
home = "${homeFolder}/firefox-tmp";
|
||||||
homeBackup = "${backupFolder}/firefox-tmp-browser";
|
homeBackup = "${backupFolder}/firefox-tmp-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
chromium-tmp = {
|
chromium-tmp = {
|
||||||
browserType = "chrome";
|
browserType = "chrome";
|
||||||
home = "${homeFolder}/chromium-tmp";
|
home = "${homeFolder}/chromium-tmp";
|
||||||
homeBackup = "${backupFolder}/chrome-tmp-browser";
|
homeBackup = "${backupFolder}/chrome-tmp-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
google-tmp = {
|
google-tmp = {
|
||||||
browserType = "google";
|
browserType = "google";
|
||||||
home = "${homeFolder}/google-tmp";
|
home = "${homeFolder}/google-tmp";
|
||||||
homeBackup = "${backupFolder}google-tmp-browser";
|
homeBackup = "${backupFolder}google-tmp-browser";
|
||||||
gpu = false;
|
gpu = false;
|
||||||
|
sudoUsers = [ config.users.users.mainUser.name ];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui = {
|
options.components.gui = {
|
||||||
|
@ -10,7 +15,6 @@ with lib;
|
||||||
./audio.nix
|
./audio.nix
|
||||||
./browser.nix
|
./browser.nix
|
||||||
./cups.nix
|
./cups.nix
|
||||||
./fonts.nix
|
|
||||||
./home-manager
|
./home-manager
|
||||||
./kmonad.nix
|
./kmonad.nix
|
||||||
#./noti.nix # todo: make this different (use password store and such)
|
#./noti.nix # todo: make this different (use password store and such)
|
||||||
|
|
|
@ -1,36 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
options.components.gui.style.enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.gui.enable;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf (config.components.gui.style.enable) {
|
|
||||||
|
|
||||||
fonts.packages = with pkgs; [
|
|
||||||
|
|
||||||
corefonts
|
|
||||||
hasklig
|
|
||||||
inconsolata
|
|
||||||
source-code-pro
|
|
||||||
symbola
|
|
||||||
ubuntu_font_family
|
|
||||||
|
|
||||||
# symbol fonts
|
|
||||||
# ------------
|
|
||||||
nerdfonts
|
|
||||||
powerline-fonts
|
|
||||||
font-awesome
|
|
||||||
fira-code-symbols
|
|
||||||
jetbrains-mono
|
|
||||||
|
|
||||||
# shell font
|
|
||||||
# ----------
|
|
||||||
terminus_font
|
|
||||||
gohufont
|
|
||||||
|
|
||||||
];
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
|
|
||||||
options.components.gui.kmonad.enable = lib.mkOption {
|
options.components.gui.kmonad.enable = lib.mkOption {
|
||||||
|
@ -79,9 +84,21 @@
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
|
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
|
||||||
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
|
"lctl"
|
||||||
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
|
"lmet"
|
||||||
|
"lalt"
|
||||||
|
];
|
||||||
|
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
|
||||||
|
"lctl"
|
||||||
|
"lmet"
|
||||||
|
"lalt"
|
||||||
|
];
|
||||||
|
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
|
||||||
|
"lctl"
|
||||||
|
"lmet"
|
||||||
|
"lalt"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,6 +1,11 @@
|
||||||
# notify me when a command is finished
|
# notify me when a command is finished
|
||||||
# todo : secret managment is shit
|
# todo : secret managment is shit
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui.noti.enable = mkOption {
|
options.components.gui.noti.enable = mkOption {
|
||||||
|
|
|
@ -1,11 +1,17 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
# desktop file
|
# desktop file
|
||||||
# ------------
|
# ------------
|
||||||
# makes it possible to be used by other programs
|
# makes it possible to be used by other programs
|
||||||
desktopFile = name: bin:
|
desktopFile =
|
||||||
|
name: bin:
|
||||||
pkgs.writeTextFile {
|
pkgs.writeTextFile {
|
||||||
name = "${name}.desktop";
|
name = "${name}.desktop";
|
||||||
destination = "/share/applications/${name}.desktop";
|
destination = "/share/applications/${name}.desktop";
|
||||||
|
@ -34,7 +40,9 @@ in
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
|
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
|
||||||
# todo : use upstream desktop file creator
|
# todo : use upstream desktop file creator
|
||||||
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
|
(desktopFile "passmenu" "${
|
||||||
|
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
|
||||||
|
}/bin/passmenu --type -l 10")
|
||||||
|
|
||||||
pkgs.otpmenu
|
pkgs.otpmenu
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui.steam.enable = mkOption {
|
options.components.gui.steam.enable = mkOption {
|
||||||
|
@ -22,7 +27,12 @@ with lib;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
home = "/home/steam";
|
home = "/home/steam";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
extraGroups = [ "audio" "input" "video" "pipewire" ];
|
extraGroups = [
|
||||||
|
"audio"
|
||||||
|
"input"
|
||||||
|
"video"
|
||||||
|
"pipewire"
|
||||||
|
];
|
||||||
group = "steam";
|
group = "steam";
|
||||||
shell = pkgs.bashInteractive;
|
shell = pkgs.bashInteractive;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui.suspend.enable = mkOption {
|
options.components.gui.suspend.enable = mkOption {
|
||||||
|
@ -13,13 +18,11 @@ with lib;
|
||||||
requiredBy = [ "sleep.target" ];
|
requiredBy = [ "sleep.target" ];
|
||||||
environment =
|
environment =
|
||||||
let
|
let
|
||||||
display =
|
display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
|
||||||
if (config.services.xserver.display != null) then
|
|
||||||
config.services.xserver.display
|
|
||||||
else
|
|
||||||
0;
|
|
||||||
in
|
in
|
||||||
{ DISPLAY = ":${toString display}"; };
|
{
|
||||||
|
DISPLAY = ":${toString display}";
|
||||||
|
};
|
||||||
script = ''
|
script = ''
|
||||||
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
|
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
|
||||||
sleep 1
|
sleep 1
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui.vscode.enable = mkOption {
|
options.components.gui.vscode.enable = mkOption {
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -78,4 +83,3 @@ with lib;
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ lib, pkgs, config, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
|
|
|
@ -1,18 +1,20 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
with types;
|
with types;
|
||||||
let
|
let
|
||||||
|
|
||||||
cfg = config.components.mainUser;
|
cfg = config.components.mainUser;
|
||||||
|
|
||||||
dockerGroup =
|
# todo : use optionalList
|
||||||
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
|
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
|
||||||
|
|
||||||
vboxGroup =
|
# todo : use optionalList
|
||||||
if (config.virtualisation.virtualbox.host.enable) then
|
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
|
||||||
[ "vboxusers" ]
|
|
||||||
else
|
|
||||||
[ ];
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -71,8 +73,16 @@ in
|
||||||
uid = cfg.uid;
|
uid = cfg.uid;
|
||||||
home = "/home/${cfg.userName}";
|
home = "/home/${cfg.userName}";
|
||||||
initialPassword = cfg.userName;
|
initialPassword = cfg.userName;
|
||||||
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
|
extraGroups = [
|
||||||
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
|
"wheel"
|
||||||
|
"networkmanager"
|
||||||
|
"transmission"
|
||||||
|
"wireshark"
|
||||||
|
"audio"
|
||||||
|
"pipewire"
|
||||||
|
"input"
|
||||||
|
"dialout"
|
||||||
|
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
|
||||||
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
|
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
|
||||||
group = config.users.groups.mainUser.name;
|
group = config.users.groups.mainUser.name;
|
||||||
};
|
};
|
||||||
|
|
|
@ -4,7 +4,12 @@
|
||||||
# * connect via mixxx to it.
|
# * connect via mixxx to it.
|
||||||
# * add the podcast to mpd in the same network
|
# * add the podcast to mpd in the same network
|
||||||
# --------------------------------------------------
|
# --------------------------------------------------
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
obs-cmd = pkgs.rustPlatform.buildRustPackage
|
obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
|
||||||
rec {
|
|
||||||
pname = "obs-cmd";
|
pname = "obs-cmd";
|
||||||
version = "v0.15.2";
|
version = "v0.15.2";
|
||||||
src = pkgs.fetchFromGitHub {
|
src = pkgs.fetchFromGitHub {
|
||||||
|
@ -53,7 +57,12 @@ let
|
||||||
name = "screen-keys";
|
name = "screen-keys";
|
||||||
paths =
|
paths =
|
||||||
let
|
let
|
||||||
screenKeyScript = { position ? "bottom", size ? "small", ... }:
|
screenKeyScript =
|
||||||
|
{
|
||||||
|
position ? "bottom",
|
||||||
|
size ? "small",
|
||||||
|
...
|
||||||
|
}:
|
||||||
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
|
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
|
||||||
''
|
''
|
||||||
${pkgs.screenkey}/bin/screenkey \
|
${pkgs.screenkey}/bin/screenkey \
|
||||||
|
@ -65,15 +74,29 @@ let
|
||||||
"$@"
|
"$@"
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
|
lib.flatten (
|
||||||
lib.flip map [ "top" "center" "bottom" ]
|
lib.flip map
|
||||||
(position: screenKeyScript { inherit size position; })));
|
[
|
||||||
|
"large"
|
||||||
|
"small"
|
||||||
|
"medium"
|
||||||
|
]
|
||||||
|
(
|
||||||
|
size:
|
||||||
|
lib.flip map [
|
||||||
|
"top"
|
||||||
|
"center"
|
||||||
|
"bottom"
|
||||||
|
] (position: screenKeyScript { inherit size position; })
|
||||||
|
)
|
||||||
|
);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
mpvReview =
|
mpvReview =
|
||||||
let
|
let
|
||||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
moveToDir =
|
||||||
|
key: dir:
|
||||||
|
pkgs.writeText "move-with-${key}.lua" ''
|
||||||
tmp_dir = "${dir}"
|
tmp_dir = "${dir}"
|
||||||
|
|
||||||
function move_current_track_${key}()
|
function move_current_track_${key}()
|
||||||
|
@ -110,7 +133,6 @@ in
|
||||||
|
|
||||||
config = mkIf (config.components.media.video.enable) {
|
config = mkIf (config.components.media.video.enable) {
|
||||||
|
|
||||||
|
|
||||||
home-manager.sharedModules = [
|
home-manager.sharedModules = [
|
||||||
{
|
{
|
||||||
programs.obs-studio = {
|
programs.obs-studio = {
|
||||||
|
@ -123,7 +145,6 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
boot.kernelModules = [ "v4l2loopback" ];
|
boot.kernelModules = [ "v4l2loopback" ];
|
||||||
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
|
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
|
||||||
|
|
||||||
|
@ -137,7 +158,6 @@ in
|
||||||
alphaSafe
|
alphaSafe
|
||||||
sanitizeFolder
|
sanitizeFolder
|
||||||
|
|
||||||
|
|
||||||
# obs studio stuff
|
# obs studio stuff
|
||||||
obs-cli
|
obs-cli
|
||||||
v4l-utils
|
v4l-utils
|
||||||
|
@ -154,8 +174,6 @@ in
|
||||||
handbrake
|
handbrake
|
||||||
ffmpeg-full
|
ffmpeg-full
|
||||||
|
|
||||||
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,20 @@
|
||||||
{ lib, config, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
with types;
|
with types;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./default.nix
|
|
||||||
../timezone.nix
|
../timezone.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
components.monitor.enable = mkDefault true;
|
telemetry.enable = mkDefault true;
|
||||||
components.monitor.metrics.enable = mkDefault false;
|
telemetry.metrics.enable = mkDefault false;
|
||||||
components.monitor.opentelemetry.enable = false;
|
telemetry.opentelemetry.enable = false;
|
||||||
|
|
||||||
services.journald.extraConfig = "SystemMaxUse=1G";
|
services.journald.extraConfig = "SystemMaxUse=1G";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
{
|
|
||||||
|
|
||||||
options.components.monitor = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = bool;
|
|
||||||
default = true;
|
|
||||||
};
|
|
||||||
metrics.enable = mkOption {
|
|
||||||
type = bool;
|
|
||||||
default = config.components.monitor.enable;
|
|
||||||
};
|
|
||||||
logs.enable = mkOption {
|
|
||||||
type = bool;
|
|
||||||
default = config.components.monitor.enable;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./logs-promtail.nix
|
|
||||||
./metrics-export-zfs.nix
|
|
||||||
./metrics-netdata.nix
|
|
||||||
./metrics-prometheus.nix
|
|
||||||
./metrics-telegraf.nix
|
|
||||||
./opentelemetry.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
config = mkIf config.components.monitor.enable { };
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,178 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
let
|
|
||||||
cfg = config.components.monitor.promtail;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.components.monitor.promtail = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.monitor.logs.enable;
|
|
||||||
};
|
|
||||||
port = mkOption {
|
|
||||||
type = int;
|
|
||||||
default = 3500;
|
|
||||||
description = "port to provide promtail export";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkMerge [
|
|
||||||
|
|
||||||
(mkIf config.components.monitor.opentelemetry.enable {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
receivers.loki = {
|
|
||||||
protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
|
|
||||||
use_incoming_timestamp = true;
|
|
||||||
};
|
|
||||||
service.pipelines.logs.receivers = [ "loki" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
(mkIf config.components.monitor.promtail.enable {
|
|
||||||
services.promtail = {
|
|
||||||
enable = true;
|
|
||||||
configuration = {
|
|
||||||
server. disable = true;
|
|
||||||
positions.filename = "/var/cache/promtail/positions.yaml";
|
|
||||||
|
|
||||||
clients = [
|
|
||||||
{ url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
|
|
||||||
];
|
|
||||||
|
|
||||||
scrape_configs =
|
|
||||||
|
|
||||||
let
|
|
||||||
_replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
|
|
||||||
_elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
|
|
||||||
_if = index: ''{{ if eq .Value "${toString index}" }}'';
|
|
||||||
_end = ''{{ end }}'';
|
|
||||||
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
|
|
||||||
ifblock = index: replacement: "${_if index}${_replace index replacement}";
|
|
||||||
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
|
|
||||||
in
|
|
||||||
[
|
|
||||||
{
|
|
||||||
job_name = "journal";
|
|
||||||
journal = {
|
|
||||||
json = true;
|
|
||||||
max_age = "12h";
|
|
||||||
labels.job = "systemd-journal";
|
|
||||||
};
|
|
||||||
pipeline_stages = [
|
|
||||||
{
|
|
||||||
# Set of key/value pairs of JMESPath expressions. The key will be
|
|
||||||
# the key in the extracted data while the expression will be the value,
|
|
||||||
# evaluated as a JMESPath from the source data.
|
|
||||||
json.expressions = {
|
|
||||||
# journalctl -o json | jq and you'll see these
|
|
||||||
boot_id = "_BOOT_ID";
|
|
||||||
facility = "SYSLOG_FACILITY";
|
|
||||||
facility_label = "SYSLOG_FACILITY";
|
|
||||||
instance = "_HOSTNAME";
|
|
||||||
msg = "MESSAGE";
|
|
||||||
priority = "PRIORITY";
|
|
||||||
priority_label = "PRIORITY";
|
|
||||||
transport = "_TRANSPORT";
|
|
||||||
unit = "_SYSTEMD_UNIT";
|
|
||||||
# coredump
|
|
||||||
#coredump_cgroup = "COREDUMP_CGROUP";
|
|
||||||
#coredump_exe = "COREDUMP_EXE";
|
|
||||||
#coredump_cmdline = "COREDUMP_CMDLINE";
|
|
||||||
#coredump_uid = "COREDUMP_UID";
|
|
||||||
#coredump_gid = "COREDUMP_GID";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Set the unit (defaulting to the transport like audit and kernel)
|
|
||||||
template = {
|
|
||||||
source = "unit";
|
|
||||||
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
|
|
||||||
replace = {
|
|
||||||
source = "unit";
|
|
||||||
expression = "^(session-\\d+.scope)$";
|
|
||||||
replace = "session.scope";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Map priority to human readable
|
|
||||||
template = {
|
|
||||||
source = "priority_label";
|
|
||||||
#template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
|
|
||||||
template = createTemplateLine [
|
|
||||||
"emergency"
|
|
||||||
"alert"
|
|
||||||
"critical"
|
|
||||||
"error"
|
|
||||||
"warning"
|
|
||||||
"notice"
|
|
||||||
"info"
|
|
||||||
"debug"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Map facility to human readable
|
|
||||||
template =
|
|
||||||
{
|
|
||||||
source = "facility_label";
|
|
||||||
template = createTemplateLine [
|
|
||||||
"kern" # Kernel messages
|
|
||||||
"user" # User-level messages
|
|
||||||
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
|
|
||||||
"daemon" # System daemons All daemons, including systemd and its subsystems
|
|
||||||
"auth" # Security/authorization messages Also watch for different facility 10
|
|
||||||
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
|
|
||||||
"lpr" # Line printer subsystem (archaic subsystem)
|
|
||||||
"news" # Network news subsystem (archaic subsystem)
|
|
||||||
"uucp" # UUCP subsystem (archaic subsystem)
|
|
||||||
"clock" # Clock daemon systemd-timesyncd
|
|
||||||
"authpriv" # Security/authorization messages Also watch for different facility 4
|
|
||||||
"ftp" # FTP daemon
|
|
||||||
"-" # NTP subsystem
|
|
||||||
"-" # Log audit
|
|
||||||
"-" # Log alert
|
|
||||||
"cron" # Scheduling daemon
|
|
||||||
"local0" # Local use 0 (local0)
|
|
||||||
"local1" # Local use 1 (local1)
|
|
||||||
"local2" # Local use 2 (local2)
|
|
||||||
"local3" # Local use 3 (local3)
|
|
||||||
"local4" # Local use 4 (local4)
|
|
||||||
"local5" # Local use 5 (local5)
|
|
||||||
"local6" # Local use 6 (local6)
|
|
||||||
"local7" # Local use 7 (local7)
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Key is REQUIRED and the name for the label that will be created.
|
|
||||||
# Value is optional and will be the name from extracted data whose value
|
|
||||||
# will be used for the value of the label. If empty, the value will be
|
|
||||||
# inferred to be the same as the key.
|
|
||||||
labels = {
|
|
||||||
boot_id = "";
|
|
||||||
facility = "";
|
|
||||||
facility_label = "";
|
|
||||||
instance = "";
|
|
||||||
priority = "";
|
|
||||||
priority_label = "";
|
|
||||||
transport = "";
|
|
||||||
unit = "";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Write the proper message instead of JSON
|
|
||||||
output.source = "msg";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,32 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
{
|
|
||||||
options.components.monitor.exporters.zfs.enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.monitor.metrics.enable;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkMerge [
|
|
||||||
(mkIf config.components.monitor.exporters.zfs.enable {
|
|
||||||
|
|
||||||
services.telegraf.extraConfig.inputs.zfs = { };
|
|
||||||
|
|
||||||
services.prometheus.exporters.zfs.enable = true;
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
receivers.prometheus.config.scrape_configs = [
|
|
||||||
{
|
|
||||||
job_name = "zfs";
|
|
||||||
scrape_interval = "10s";
|
|
||||||
static_configs = [{
|
|
||||||
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
|
|
||||||
}];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
service.pipelines.metrics.receivers = [ "prometheus" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{ lib, pkgs, config, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
{
|
|
||||||
options.components.monitor.netdata = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = bool;
|
|
||||||
default = config.components.monitor.metrics.enable;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf config.components.monitor.netdata.enable {
|
|
||||||
|
|
||||||
# netdata sink
|
|
||||||
services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
|
|
||||||
{
|
|
||||||
job_name = "netdata";
|
|
||||||
scrape_interval = "10s";
|
|
||||||
metrics_path = "/api/v1/allmetrics";
|
|
||||||
params.format = [ "prometheus" ];
|
|
||||||
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
# https://docs.netdata.cloud/daemon/config/
|
|
||||||
services.netdata = {
|
|
||||||
enable = lib.mkDefault true;
|
|
||||||
config = {
|
|
||||||
global = {
|
|
||||||
"memory mode" = "ram";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,45 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
let
|
|
||||||
cfg = config.components.monitor.prometheus;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.components.monitor.prometheus = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.monitor.metrics.enable;
|
|
||||||
};
|
|
||||||
port = mkOption {
|
|
||||||
type = int;
|
|
||||||
default = 8090;
|
|
||||||
description = "port to provide Prometheus export";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkMerge [
|
|
||||||
|
|
||||||
(mkIf config.components.monitor.prometheus.enable {
|
|
||||||
services.prometheus = {
|
|
||||||
checkConfig = "syntax-only";
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
(mkIf config.components.monitor.prometheus.enable {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
|
|
||||||
service.pipelines.metrics.exporters = [ "prometheus" ];
|
|
||||||
};
|
|
||||||
services.prometheus.scrapeConfigs = [
|
|
||||||
{
|
|
||||||
job_name = "opentelemetry";
|
|
||||||
metrics_path = "/metrics";
|
|
||||||
scrape_interval = "10s";
|
|
||||||
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
})
|
|
||||||
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,50 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
let
|
|
||||||
cfg = config.components.monitor.telegraf;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.components.monitor.telegraf = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.monitor.metrics.enable;
|
|
||||||
};
|
|
||||||
influxDBPort = mkOption {
|
|
||||||
type = int;
|
|
||||||
default = 8088;
|
|
||||||
description = "Port to listen on influxDB input";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkMerge [
|
|
||||||
(mkIf config.components.monitor.telegraf.enable {
|
|
||||||
# opentelemetry wireing
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
|
|
||||||
service.pipelines.metrics.receivers = [ "influxdb" ];
|
|
||||||
};
|
|
||||||
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
|
|
||||||
})
|
|
||||||
|
|
||||||
(mkIf config.components.monitor.telegraf.enable {
|
|
||||||
|
|
||||||
systemd.services.telegraf.path = [ pkgs.inetutils ];
|
|
||||||
|
|
||||||
services.telegraf = {
|
|
||||||
enable = true;
|
|
||||||
extraConfig = {
|
|
||||||
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
|
|
||||||
inputs = {
|
|
||||||
cpu = { };
|
|
||||||
diskio = { };
|
|
||||||
processes = { };
|
|
||||||
system = { };
|
|
||||||
systemd_units = { };
|
|
||||||
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,205 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
let
|
|
||||||
cfg = config.components.monitor.opentelemetry;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.components.monitor.opentelemetry = {
|
|
||||||
enable = mkOption {
|
|
||||||
type = bool;
|
|
||||||
default = config.components.monitor.enable;
|
|
||||||
description = "weather or not to use opentelemetry";
|
|
||||||
};
|
|
||||||
receiver.endpoint = mkOption {
|
|
||||||
type = nullOr str;
|
|
||||||
default = null;
|
|
||||||
description = "endpoint to receive the opentelementry data from other collectors";
|
|
||||||
};
|
|
||||||
exporter.endpoint = mkOption {
|
|
||||||
type = nullOr str;
|
|
||||||
default = null;
|
|
||||||
description = "endpoint to ship opentelementry data too";
|
|
||||||
};
|
|
||||||
exporter.debug = mkOption {
|
|
||||||
type = nullOr (enum [ "logs" "metrics" ]);
|
|
||||||
default = null;
|
|
||||||
description = "enable debug exporter.";
|
|
||||||
};
|
|
||||||
metrics.endpoint = mkOption {
|
|
||||||
type = str;
|
|
||||||
default = "127.0.0.1:8100";
|
|
||||||
description = "endpoint on where to provide opentelementry metrics";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkMerge [
|
|
||||||
|
|
||||||
(mkIf config.components.monitor.opentelemetry.enable {
|
|
||||||
services.opentelemetry-collector = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.opentelemetry-collector-contrib;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
# add default tags to metrics
|
|
||||||
# todo : make sure we filter out metrics from otlp receivers
|
|
||||||
(mkIf config.components.monitor.enable {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
|
|
||||||
processors = {
|
|
||||||
|
|
||||||
# https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
|
|
||||||
"resourcedetection/system" = {
|
|
||||||
detectors = [ "system" ];
|
|
||||||
override = false;
|
|
||||||
system.hostname_sources = [ "os" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
metricstransform.transforms = [
|
|
||||||
{
|
|
||||||
include = ".*";
|
|
||||||
match_type = "regexp";
|
|
||||||
action = "update";
|
|
||||||
operations = [{
|
|
||||||
action = "add_label";
|
|
||||||
new_label = "machine";
|
|
||||||
new_value = config.networking.hostName;
|
|
||||||
}];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf config.components.monitor.metrics.enable {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.pipelines.metrics.processors = [
|
|
||||||
"metricstransform"
|
|
||||||
"resourcedetection/system"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf config.components.monitor.logs.enable {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.pipelines.logs.processors = [ "resourcedetection/system" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
|
|
||||||
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
exporters.debug = {
|
|
||||||
verbosity = "detailed";
|
|
||||||
sampling_initial = 5;
|
|
||||||
sampling_thereafter = 200;
|
|
||||||
};
|
|
||||||
service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
|
|
||||||
exporters = [ "debug" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
# ship to next instance
|
|
||||||
(mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
exporters.otlp = {
|
|
||||||
endpoint = cfg.exporter.endpoint;
|
|
||||||
tls.insecure = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf
|
|
||||||
(
|
|
||||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
|
||||||
config.components.monitor.logs.enable
|
|
||||||
)
|
|
||||||
{
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.pipelines.logs.exporters = [ "otlp" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf
|
|
||||||
(
|
|
||||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
|
||||||
config.components.monitor.metrics.enable
|
|
||||||
)
|
|
||||||
{
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.pipelines.metrics.exporters = [ "otlp" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
# ship from other instance
|
|
||||||
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf
|
|
||||||
(
|
|
||||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
|
||||||
config.components.monitor.logs.enable
|
|
||||||
)
|
|
||||||
{
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.pipelines.logs.receivers = [ "otlp" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf
|
|
||||||
(
|
|
||||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
|
||||||
config.components.monitor.metrics.enable
|
|
||||||
)
|
|
||||||
{
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.pipelines.metrics.receivers = [ "otlp" ];
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# scrape opentelemetry-colectors metrics
|
|
||||||
# todo: this should be collected another way (opentelemetry internal?)
|
|
||||||
# todo : enable me only when metrics.endpoint is set.
|
|
||||||
(mkIf config.components.monitor.metrics.enable {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
receivers = {
|
|
||||||
prometheus.config.scrape_configs = [
|
|
||||||
{
|
|
||||||
job_name = "otelcol";
|
|
||||||
scrape_interval = "10s";
|
|
||||||
static_configs = [{
|
|
||||||
targets = [ cfg.metrics.endpoint ];
|
|
||||||
}];
|
|
||||||
metric_relabel_configs = [
|
|
||||||
{
|
|
||||||
source_labels = [ "__name__" ];
|
|
||||||
regex = ".*grpc_io.*";
|
|
||||||
action = "drop";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
service = {
|
|
||||||
pipelines.metrics = {
|
|
||||||
receivers = [ "prometheus" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# todo : this should be automatically be collected
|
|
||||||
# open telemetries own metrics?
|
|
||||||
telemetry.metrics.address = cfg.metrics.endpoint;
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf (! config.components.monitor.metrics.enable) {
|
|
||||||
services.opentelemetry-collector.settings = {
|
|
||||||
service.telemetry.metrics.level = "none";
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
}
|
|
|
@ -11,7 +11,6 @@ with types;
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
#./avahi.nix
|
#./avahi.nix
|
||||||
./fail2ban.nix
|
|
||||||
./hosts.nix
|
./hosts.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./sshd
|
./sshd
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
|
{ clanLib, ... }:
|
||||||
{
|
{
|
||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
95.216.66.212 orbi.public
|
95.216.66.212 orbi.public
|
||||||
'';
|
'';
|
||||||
|
services.openssh.knownHosts = {
|
||||||
|
"orbi.public".publicKey = clanLib.readFact "ssh.id_ed25519.pub" "orbi";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{ config, lib, pkgs, assets, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
assets,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.network.nginx.enable = mkOption {
|
options.components.network.nginx.enable = mkOption {
|
||||||
|
@ -16,8 +22,13 @@ with lib;
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
pkgs.nginx-config-formatter
|
pkgs.nginx-config-formatter
|
||||||
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
|
(pkgs.writers.writePython3Bin "nginx-show-config" {
|
||||||
(lib.fileContents "${assets}/nginx-show-config.py"))
|
flakeIgnore = [
|
||||||
|
"E265"
|
||||||
|
"E225"
|
||||||
|
"W292"
|
||||||
|
];
|
||||||
|
} (lib.fileContents "${assets}/nginx-show-config.py"))
|
||||||
];
|
];
|
||||||
|
|
||||||
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
||||||
|
@ -85,7 +96,11 @@ with lib;
|
||||||
root = pkgs.landingpage.override {
|
root = pkgs.landingpage.override {
|
||||||
jsonConfig =
|
jsonConfig =
|
||||||
let
|
let
|
||||||
entry = { machine, items ? [ ] }:
|
entry =
|
||||||
|
{
|
||||||
|
machine,
|
||||||
|
items ? [ ],
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
text = machine;
|
text = machine;
|
||||||
items = [
|
items = [
|
||||||
|
@ -160,7 +175,7 @@ with lib;
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
(entry { machine = "cherry"; })
|
(entry { machine = "cherry"; })
|
||||||
(entry { machine = "cream"; })
|
#(entry { machine = "cream"; })
|
||||||
(entry { machine = "mobi"; })
|
(entry { machine = "mobi"; })
|
||||||
(entry { machine = "bobi"; })
|
(entry { machine = "bobi"; })
|
||||||
{
|
{
|
||||||
|
@ -174,14 +189,12 @@ with lib;
|
||||||
{
|
{
|
||||||
label = "Hetzner Cloud";
|
label = "Hetzner Cloud";
|
||||||
href = "https://console.hetzner.cloud/projects";
|
href = "https://console.hetzner.cloud/projects";
|
||||||
image =
|
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
|
||||||
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "Cups";
|
label = "Cups";
|
||||||
href = "http://localhost:631/";
|
href = "http://localhost:631/";
|
||||||
image =
|
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
|
||||||
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
@ -191,52 +204,42 @@ with lib;
|
||||||
{
|
{
|
||||||
label = "NixOS Manual";
|
label = "NixOS Manual";
|
||||||
href = "https://nixos.org/nixos/manual/";
|
href = "https://nixos.org/nixos/manual/";
|
||||||
image =
|
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||||
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "Nixpkgs Manual";
|
label = "Nixpkgs Manual";
|
||||||
href = "https://nixos.org/nixpkgs/manual/";
|
href = "https://nixos.org/nixpkgs/manual/";
|
||||||
image =
|
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||||
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "NixOS Reference";
|
label = "NixOS Reference";
|
||||||
href =
|
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
|
||||||
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
|
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||||
image =
|
|
||||||
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "Nix Packages";
|
label = "Nix Packages";
|
||||||
href = "https://nixos.org/nixos/packages.html";
|
href = "https://nixos.org/nixos/packages.html";
|
||||||
image =
|
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
|
||||||
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "NixOS Language specific helpers";
|
label = "NixOS Language specific helpers";
|
||||||
href =
|
href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
|
||||||
"https://nixos.wiki/wiki/Language-specific_package_helpers";
|
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||||
image =
|
|
||||||
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "NixOS Weekly";
|
label = "NixOS Weekly";
|
||||||
href = "https://weekly.nixos.org/";
|
href = "https://weekly.nixos.org/";
|
||||||
image =
|
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
|
||||||
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "NixOS Security";
|
label = "NixOS Security";
|
||||||
href = "https://broken.sh/";
|
href = "https://broken.sh/";
|
||||||
image =
|
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
|
||||||
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
label = "NixOS RFCs";
|
label = "NixOS RFCs";
|
||||||
href = "https://github.com/NixOS/rfcs/";
|
href = "https://github.com/NixOS/rfcs/";
|
||||||
image =
|
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
|
||||||
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +1,20 @@
|
||||||
{ pkgs, config, lib, assets, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
assets,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
with types;
|
with types;
|
||||||
let
|
let
|
||||||
defaultRootKeyFiles = [ "${assets}/mrvandalo_rsa.pub" ];
|
|
||||||
cfg = config.components.network.sshd;
|
cfg = config.components.network.sshd;
|
||||||
|
|
||||||
# maybe ascii-image-converter is also nice here
|
# maybe ascii-image-converter is also nice here
|
||||||
sshBanner = pkgs.runCommand "ssh-banner"
|
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
|
||||||
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
|
|
||||||
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
|
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -26,15 +29,6 @@ in
|
||||||
type = bool;
|
type = bool;
|
||||||
default = true;
|
default = true;
|
||||||
};
|
};
|
||||||
rootKeyFiles = mkOption {
|
|
||||||
type = with types; listOf path;
|
|
||||||
default = [ ];
|
|
||||||
description = "keys to root login";
|
|
||||||
};
|
|
||||||
sshguard.enable = mkOption {
|
|
||||||
type = bool;
|
|
||||||
default = config.components.network.sshd.enable;
|
|
||||||
};
|
|
||||||
onlyTincAccess = mkOption {
|
onlyTincAccess = mkOption {
|
||||||
type = bool;
|
type = bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -64,20 +58,13 @@ in
|
||||||
# settings.LoginGraceTime = 0;
|
# settings.LoginGraceTime = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keyFiles = cfg.rootKeyFiles ++ defaultRootKeyFiles;
|
|
||||||
|
|
||||||
# todo enable again when I can it's possible to set the `-q` ssh option in clan
|
# todo enable again when I can it's possible to set the `-q` ssh option in clan
|
||||||
#services.openssh.banner = builtins.readFile sshBanner;
|
#services.openssh.banner = builtins.readFile sshBanner;
|
||||||
|
|
||||||
})
|
})
|
||||||
|
|
||||||
(mkIf cfg.sshguard.enable {
|
|
||||||
environment.systemPackages = [ pkgs.ipset ];
|
|
||||||
services.sshguard.enable = lib.mkDefault true;
|
|
||||||
#boot.kernelModules = ["xt_set"];
|
|
||||||
})
|
|
||||||
|
|
||||||
(mkIf (cfg.onlyTincAccess && cfg.enable) {
|
(mkIf (cfg.onlyTincAccess && cfg.enable) {
|
||||||
|
# fixme: this is not working
|
||||||
networking.firewall.extraCommands = ''
|
networking.firewall.extraCommands = ''
|
||||||
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
|
iptables --table nat --append PREROUTING ! --in-interface tinc.+ --protocol tcp --match tcp --dport 22 --jump REDIRECT --to-ports 0
|
||||||
'';
|
'';
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{ pkgs, config, lib, clanLib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
clanLib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
|
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
|
||||||
|
@ -9,11 +15,18 @@ in
|
||||||
services.openssh.knownHosts = {
|
services.openssh.knownHosts = {
|
||||||
orbi = {
|
orbi = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"git.ingolf-wagner.de"
|
|
||||||
"95.216.66.212"
|
"95.216.66.212"
|
||||||
];
|
];
|
||||||
publicKey = publicKey "orbi";
|
publicKey = publicKey "orbi";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
forgejo = {
|
||||||
|
hostNames = [
|
||||||
|
"[git.ingolf-wagner.de]:2222"
|
||||||
|
];
|
||||||
|
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDQVomwXedtY4ZAKA1Bcsz6Ud2Ys3mjjGJXLcWQLceXKmmAQfOWqqLrTddhrLjmZImS3HTexGK7iNmYYCd/lG+7j1rMebmk3cddH6qr/4WB5SSexbLV4/vlk18kia6O+52ybrMzejwcfr9qNEg+bkrmc4btsWcT/w21vRyOzsmRRnk+S54prLGtiCypFqwGYnyr6HPXO3lqCLHIR/XurcFvh/aM/RGusWh889TXA39FezDcV6OZisZTTC4BBoUAS8r6XJnrIahZJmfEHp/FbKJV0pShCCQXtpkUBu7g6B2T+8u91fY4kc8O293XhaxjTBfkZH2lGodppGG12vAQSeznppbzlT82uTx80jyt7Hw/IAjn9j8D+iKC7fA9qawVz+p1UtqHQd43+8gOSiHILOUMhVxp7ZrfhYmaiOKrkR4+Juc9P2UsqrAvxS1WaYT4KaEZfze7/DCdK0h2SSY2jgCU9sNeJG6M4s/pPj+iI/O+AagHfBZ+bF2y+OKEZOW4J+OpqnEY3lANdxsMsD9PwBpAVAn9FAJzAy+gfXINu0wqGhtA3qWM0QVjcSXsfQJQ2XrbMPd9+pvOl1Ej5SSbjXYcPt9dXWl+L69dbU5qb8WRGl2ZxloUaRcOrOkmhybwI/61LfaGzLslnNn8ARjJgzu9xSipT5D4cZ1FgB9ezqC73Q==";
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
config = mkIf (config.components.network.sshd.enable) {
|
config = mkIf (config.components.network.sshd.enable) {
|
||||||
|
@ -28,65 +33,66 @@ with lib;
|
||||||
};
|
};
|
||||||
gitlab = {
|
gitlab = {
|
||||||
hostNames = [ "gitlab.com" ];
|
hostNames = [ "gitlab.com" ];
|
||||||
publicKey =
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
|
|
||||||
};
|
};
|
||||||
gitlab-bk = {
|
gitlab-bk = {
|
||||||
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
|
hostNames = [
|
||||||
publicKey =
|
"gitlab.bk-bund-berlin.de"
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
|
"116.203.133.59"
|
||||||
|
];
|
||||||
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
|
||||||
};
|
};
|
||||||
# space-left
|
# space-left
|
||||||
gitlabSpaceLeft = {
|
gitlabSpaceLeft = {
|
||||||
hostNames = [ "git.space-left.org" ];
|
hostNames = [ "git.space-left.org" ];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
|
|
||||||
};
|
};
|
||||||
# c-base
|
# c-base
|
||||||
"bnd-cbase" = {
|
"bnd-cbase" = {
|
||||||
hostNames = [ "bnd.cbrp3.c-base.org" ];
|
hostNames = [ "bnd.cbrp3.c-base.org" ];
|
||||||
publicKey =
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
|
|
||||||
};
|
};
|
||||||
"shell.cbase" = {
|
"shell.cbase" = {
|
||||||
hostNames = [ "shell.c-base.org" ];
|
hostNames = [ "shell.c-base.org" ];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
|
|
||||||
};
|
};
|
||||||
"kgb.cbase" = {
|
"kgb.cbase" = {
|
||||||
hostNames = [ "kgb.cbrp3.c-base.org" ];
|
hostNames = [ "kgb.cbrp3.c-base.org" ];
|
||||||
publicKey =
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
|
|
||||||
};
|
};
|
||||||
"cns.cbase" = {
|
"cns.cbase" = {
|
||||||
hostNames = [ "cns.c-base.org" ];
|
hostNames = [ "cns.c-base.org" ];
|
||||||
publicKey =
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOtlyLA2nMK9Uqpv4EbWS+rZ9Mx4bAjURmH+zrXkuRGBcU1cKm+TZfWe9/rPX57KaMPBDyIygOJIsM2T5SqX90A=";
|
|
||||||
};
|
};
|
||||||
"lassulus" = {
|
"lassulus" = {
|
||||||
hostNames = [ "[lassul.us]:45621" ];
|
hostNames = [ "[lassul.us]:45621" ];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsANFdMi825qWQXQbWLYuNZ6/fARt3lnh1KStQHQQMD";
|
|
||||||
};
|
};
|
||||||
renoise = {
|
renoise = {
|
||||||
hostNames = [ "*.renoise.com" "renoise.com" "94.130.128.97" ];
|
hostNames = [
|
||||||
publicKey =
|
"*.renoise.com"
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
|
"renoise.com"
|
||||||
|
"94.130.128.97"
|
||||||
|
];
|
||||||
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLXxhBlYQJxgcLqKywpl1tI1N/+B5bkptAnR2a3tsRybq0IHZnIkSRGUYcu5zPwJT+bitVw8BvIaGzxI+Zm2ivE=";
|
||||||
};
|
};
|
||||||
git-renoise = {
|
git-renoise = {
|
||||||
hostNames = [ "[git.renoise.com]:2229" "[94.130.128.97]:2229" ];
|
hostNames = [
|
||||||
publicKey =
|
"[git.renoise.com]:2229"
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
|
"[94.130.128.97]:2229"
|
||||||
|
];
|
||||||
|
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmIOTjQsD1TaD9MiECcRqwfAXfRdbI+2pkuF+zhBUkrX41NA4LzifPY4Iw3PlklE0YGIOzYyNitzkdgxIWkeqa0Y9iL3gGZBuLFORj5YXWlDKB2RrPAsZRL8y69y4H6RWPpL6DHHsf9eT+HgRzWzzn5nUFLfkCsuM96BqjIKN1pinIBcE6gst1UUSwSTjK8XZA5d4BiSrLF4HiNXnDm+qniYGbGkzZcjn1ua+l0GdGbfg9TotFnSK/QXgN3MeHHDZKnIjOIkOXCY+L5URe0RHo6pBFdj+BLr211AJhB52MrDNudQcY6eSQiJ08LeE6SkcrsQO/VZ/JnOkHxHd2mOyH";
|
||||||
};
|
};
|
||||||
"siteground" = {
|
"siteground" = {
|
||||||
hostNames = [ "[es5.siteground.eu]:18765" "[37.60.224.6]:18765" ];
|
hostNames = [
|
||||||
publicKey =
|
"[es5.siteground.eu]:18765"
|
||||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
|
"[37.60.224.6]:18765"
|
||||||
|
];
|
||||||
|
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHZuvHooyHa69rU+SfOghM6yfc7bce5cMi9sh5JkoLPi+m8QEkX3oiG9rRpAhp0GYnB74M4l1+0XlxmG7/HVmq0=";
|
||||||
};
|
};
|
||||||
"cracksucht.de" = {
|
"cracksucht.de" = {
|
||||||
hostNames = [ "cracksucht.de" ];
|
hostNames = [ "cracksucht.de" ];
|
||||||
publicKey =
|
publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVqpWzX+C7veO/1MDSdh5ukFhpI4cfXevbl6DVb9gVt1wdYB0JsiMiWfl13MZJy9iEP/KfwRLYmu8i36tDR9uJfHQyLK8G7q2DhrleIPgM3dFCdDU1QtulE8hEq/ZsqzMn/QIHYIipIqzNfmC/xnpX2gIo09T7EY+n863ALlj+GqxMb4nr2XDLY+Lllo2yMzylJIz9q8U5hOmzrlCnBpf2MPMwanHXnZXj2CmO80VyBHnAMJ/h72AN1qzDaHFlhxh0Li/POc1bpDjiVjiUPgimHZWpi3VObxWLLn2zf+RH2lx0yXMccSEnkWvHp+Ll5apIUUS+vTlDo3niWpEfGZLl root@debian";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,27 +1,38 @@
|
||||||
{ lib, config, clanLib, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
clanLib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
with types;
|
with types;
|
||||||
let
|
let
|
||||||
machines = clanLib.allMachineNames;
|
machines = clanLib.allMachineNames;
|
||||||
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
|
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
|
||||||
tld = config.clan.static-hosts.topLevelDomain;
|
tld = config.clan.static-hosts.topLevelDomain;
|
||||||
knownHosts = lib.genAttrs machines
|
knownHosts = lib.genAttrs machines (machine: {
|
||||||
(machine:
|
|
||||||
{
|
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"[${machine}]:2222"
|
|
||||||
"[${machine}.${tld}]:2222"
|
|
||||||
"[${machine}.private]:2222"
|
|
||||||
"${machine}"
|
"${machine}"
|
||||||
"${machine}.${tld}"
|
"${machine}.${tld}"
|
||||||
"${machine}.private"
|
"${machine}.private"
|
||||||
];
|
];
|
||||||
publicKey = publicKey machine;
|
publicKey = publicKey machine;
|
||||||
|
});
|
||||||
|
bootMachines = clanLib.readFactFromAllMachines "ssh.boot.id_ed25519.pub";
|
||||||
|
knownBootHosts = lib.mapAttrs' (
|
||||||
|
machine: publicKey:
|
||||||
|
nameValuePair "boot_${machine}" {
|
||||||
|
inherit publicKey;
|
||||||
|
hostNames = [
|
||||||
|
"[${machine}]:2222"
|
||||||
|
"[${machine}.public]:2222"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
);
|
) bootMachines;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
|
# todo : move this to the proper place
|
||||||
options.components.network.zerotier = {
|
options.components.network.zerotier = {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = bool;
|
type = bool;
|
||||||
|
@ -30,6 +41,6 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf config.components.network.zerotier.enable {
|
config = mkIf config.components.network.zerotier.enable {
|
||||||
services.openssh.knownHosts = knownHosts;
|
services.openssh.knownHosts = knownHosts // knownBootHosts;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,13 @@
|
||||||
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
|
{
|
||||||
let
|
config,
|
||||||
clanMachines =
|
lib,
|
||||||
lib.mapAttrs
|
pkgs,
|
||||||
(machine: facts: {
|
factsGenerator,
|
||||||
name = machine;
|
clanLib,
|
||||||
id = facts."syncthing.pub";
|
...
|
||||||
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
|
}:
|
||||||
})
|
with lib;
|
||||||
(clanLib.readFactsFromAllMachines [ "syncthing.pub" "zerotier-ip" ]);
|
{
|
||||||
in
|
|
||||||
with lib; {
|
|
||||||
|
|
||||||
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
|
# networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
|
||||||
|
|
||||||
|
@ -22,6 +20,19 @@ with lib; {
|
||||||
cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
|
cert = config.clan.core.facts.services.syncthing.secret."syncthing.cert".path;
|
||||||
settings.devices =
|
settings.devices =
|
||||||
let
|
let
|
||||||
|
clanMachines =
|
||||||
|
lib.mapAttrs
|
||||||
|
(machine: facts: {
|
||||||
|
name = machine;
|
||||||
|
id = facts."syncthing.pub";
|
||||||
|
addresses = [ "tcp://[${facts."zerotier-ip"}]:22000" ];
|
||||||
|
})
|
||||||
|
(
|
||||||
|
clanLib.readFactsFromAllMachines [
|
||||||
|
"syncthing.pub"
|
||||||
|
"zerotier-ip"
|
||||||
|
]
|
||||||
|
);
|
||||||
device = machine: id: {
|
device = machine: id: {
|
||||||
"${machine}" = {
|
"${machine}" = {
|
||||||
name = machine;
|
name = machine;
|
||||||
|
@ -32,22 +43,27 @@ with lib; {
|
||||||
in
|
in
|
||||||
clanMachines
|
clanMachines
|
||||||
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
|
// (device "iPhone" "RPQBSRB-DYEUUWQ-EAPMBA2-PL4MJ73-Y4F4ZTH-TAD7DUE-GEK56BG-HYW6YAF")
|
||||||
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ")
|
// (device "iPad" "NEGOJYU-EEDRM4E-XVZUKFO-63LAIOO-WHFFS2V-3SH3KR2-VYEFQLW-4QOFBQU")
|
||||||
;
|
// (device "bumba" "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ");
|
||||||
|
|
||||||
settings.folders = {
|
settings.folders = {
|
||||||
|
|
||||||
# needs to be on encrypted drives
|
|
||||||
# -------------------------------
|
|
||||||
audiobooks = {
|
audiobooks = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/audiobooks";
|
path = lib.mkDefault "/tmp/audiobooks";
|
||||||
devices = [ "chungus" "orbi" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
"orbi"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
books = {
|
books = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/books";
|
path = lib.mkDefault "/tmp/books";
|
||||||
devices = [ "chungus" "cream" "cherry" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
# "cream"
|
||||||
|
"cherry"
|
||||||
|
];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
params.keep = "2";
|
params.keep = "2";
|
||||||
|
@ -56,12 +72,20 @@ with lib; {
|
||||||
desktop = {
|
desktop = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/desktop";
|
path = lib.mkDefault "/tmp/desktop";
|
||||||
devices = [ "chungus" "cream" "cherry" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
# "cream"
|
||||||
|
"cherry"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
finance = {
|
finance = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/finance";
|
path = lib.mkDefault "/tmp/finance";
|
||||||
devices = [ "chungus" "cream" "cherry" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
# "cream"
|
||||||
|
"cherry"
|
||||||
|
];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
params.keep = "10";
|
params.keep = "10";
|
||||||
|
@ -70,27 +94,46 @@ with lib; {
|
||||||
flix = {
|
flix = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/flix";
|
path = lib.mkDefault "/tmp/flix";
|
||||||
devices = [ "chungus" "orbi" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
"orbi"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
logseq = {
|
logseq = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/logseq";
|
path = lib.mkDefault "/tmp/logseq";
|
||||||
devices = [ "chungus" "cream" "cherry" "iPhone" ];
|
devices = [
|
||||||
|
"cherry"
|
||||||
|
"chungus"
|
||||||
|
"iPad"
|
||||||
|
"iPhone"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
lectures = {
|
lectures = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/lectures";
|
path = lib.mkDefault "/tmp/lectures";
|
||||||
devices = [ "chungus" "orbi" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
"orbi"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
oscar_cpap = {
|
oscar_cpap = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/oscar_cpap";
|
path = lib.mkDefault "/tmp/oscar_cpap";
|
||||||
devices = [ "chungus" "cream" "cherry" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
# "cream"
|
||||||
|
"cherry"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
password-store = {
|
password-store = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/password-store";
|
path = lib.mkDefault "/tmp/password-store";
|
||||||
devices = [ "chungus" "cream" "cherry" ];
|
devices = [
|
||||||
|
"chungus"
|
||||||
|
# "cream"
|
||||||
|
"cherry"
|
||||||
|
];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
params.keep = "10";
|
params.keep = "10";
|
||||||
|
@ -100,18 +143,12 @@ with lib; {
|
||||||
share = {
|
share = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
path = lib.mkDefault "/tmp/password-store";
|
path = lib.mkDefault "/tmp/password-store";
|
||||||
devices = [ "cream" "cherry" "orbi" ];
|
devices = [
|
||||||
|
# "cream"
|
||||||
|
"cherry"
|
||||||
|
"orbi"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
# todo remove if zfs is is used
|
|
||||||
#nextcloud_backup = {
|
|
||||||
# enable = lib.mkDefault false;
|
|
||||||
# path = lib.mkDefault "/tmp/lost-fotos";
|
|
||||||
# devices = [ "chungus" ];
|
|
||||||
# versioning = {
|
|
||||||
# type = "simple";
|
|
||||||
# params.keep = "2";
|
|
||||||
# };
|
|
||||||
#};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,10 @@
|
||||||
{ lib, config, factsGenerator, clanLib, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
factsGenerator,
|
||||||
|
clanLib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -20,18 +26,21 @@ with lib;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf config.tinc.private.enable (import ./private.nix {
|
(mkIf config.tinc.private.enable (
|
||||||
|
import ./private.nix {
|
||||||
ipv4 = config.tinc.private.ipv4;
|
ipv4 = config.tinc.private.ipv4;
|
||||||
ipv6 = null;
|
ipv6 = null;
|
||||||
inherit (lib) optionalString concatStringsSep mapAttrsToList;
|
inherit (lib) optionalString concatStringsSep mapAttrsToList;
|
||||||
inherit config factsGenerator clanLib;
|
inherit config factsGenerator clanLib;
|
||||||
}))
|
}
|
||||||
(mkIf config.tinc.secret.enable (import ./secret.nix {
|
))
|
||||||
|
(mkIf config.tinc.secret.enable (
|
||||||
|
import ./secret.nix {
|
||||||
ipv4 = config.tinc.secret.ipv4;
|
ipv4 = config.tinc.secret.ipv4;
|
||||||
ipv6 = null;
|
ipv6 = null;
|
||||||
inherit (lib) optionalString concatStringsSep mapAttrsToList;
|
inherit (lib) optionalString concatStringsSep mapAttrsToList;
|
||||||
inherit config factsGenerator clanLib;
|
inherit config factsGenerator clanLib;
|
||||||
}))
|
}
|
||||||
|
))
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,19 +1,20 @@
|
||||||
{ ipv4
|
{
|
||||||
, ipv6
|
ipv4,
|
||||||
, config
|
ipv6,
|
||||||
, optionalString
|
config,
|
||||||
, concatStringsSep
|
optionalString,
|
||||||
, factsGenerator
|
concatStringsSep,
|
||||||
, mapAttrsToList
|
factsGenerator,
|
||||||
, clanLib
|
mapAttrsToList,
|
||||||
, ...
|
clanLib,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
hosts = {
|
hosts = {
|
||||||
bobi = "10.23.42.25";
|
bobi = "10.23.42.25";
|
||||||
cherry = "10.23.42.29";
|
cherry = "10.23.42.29";
|
||||||
chungus = "10.23.42.28";
|
chungus = "10.23.42.28";
|
||||||
cream = "10.23.42.27";
|
# cream = "10.23.42.27";
|
||||||
mobi = "10.23.42.23";
|
mobi = "10.23.42.23";
|
||||||
orbi = "10.23.42.100";
|
orbi = "10.23.42.100";
|
||||||
};
|
};
|
||||||
|
@ -26,6 +27,8 @@ let
|
||||||
"prowlarr.orbi" = hosts.orbi;
|
"prowlarr.orbi" = hosts.orbi;
|
||||||
"photoprism.orbi" = hosts.orbi;
|
"photoprism.orbi" = hosts.orbi;
|
||||||
# chungus
|
# chungus
|
||||||
|
"video.chungus" = hosts.chungus;
|
||||||
|
"music.chungus" = hosts.chungus;
|
||||||
"de.tts.chungus" = hosts.chungus;
|
"de.tts.chungus" = hosts.chungus;
|
||||||
"en.tts.chungus" = hosts.chungus;
|
"en.tts.chungus" = hosts.chungus;
|
||||||
"flix.chungus" = hosts.chungus;
|
"flix.chungus" = hosts.chungus;
|
||||||
|
@ -50,35 +53,36 @@ in
|
||||||
|
|
||||||
services.tinc.networks = {
|
services.tinc.networks = {
|
||||||
${network} = {
|
${network} = {
|
||||||
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
|
ed25519PrivateKeyFile =
|
||||||
|
config.clan.core.facts.services.tinc_private.secret."tinc.private.ed25519_key.priv".path;
|
||||||
interfaceType = "tap";
|
interfaceType = "tap";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
LocalDiscovery = yes
|
LocalDiscovery = yes
|
||||||
'';
|
'';
|
||||||
hostSettings = {
|
hostSettings = {
|
||||||
mobi = {
|
mobi = {
|
||||||
subnets = [{ address = hosts.mobi; }];
|
subnets = [ { address = hosts.mobi; } ];
|
||||||
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
|
settings.Ed25519PublicKey = "X5sp3YYevVNUrzYvi+HZ2iW5WbO0bIb58jR4jZFH6MB";
|
||||||
};
|
};
|
||||||
bobi = {
|
bobi = {
|
||||||
subnets = [{ address = hosts.bobi; }];
|
subnets = [ { address = hosts.bobi; } ];
|
||||||
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
|
settings.Ed25519PublicKey = "jwvNd4oAgz2cWEI74VTVYU1qgPWq823/a0iEDqJ8KMD";
|
||||||
};
|
};
|
||||||
cream = {
|
# cream = {
|
||||||
subnets = [{ address = hosts.cream; }];
|
# subnets = [ { address = hosts.cream; } ];
|
||||||
settings.Ed25519PublicKey = Ed25519PublicKey "cream";
|
# settings.Ed25519PublicKey = Ed25519PublicKey "cream";
|
||||||
};
|
# };
|
||||||
cherry = {
|
cherry = {
|
||||||
subnets = [{ address = hosts.cherry; }];
|
subnets = [ { address = hosts.cherry; } ];
|
||||||
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
|
settings.Ed25519PublicKey = Ed25519PublicKey "cherry";
|
||||||
};
|
};
|
||||||
chungus = {
|
chungus = {
|
||||||
subnets = [{ address = hosts.chungus; }];
|
subnets = [ { address = hosts.chungus; } ];
|
||||||
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
|
settings.Ed25519PublicKey = Ed25519PublicKey "chungus";
|
||||||
};
|
};
|
||||||
orbi = {
|
orbi = {
|
||||||
addresses = [{ address = "95.216.66.212"; }];
|
addresses = [ { address = "95.216.66.212"; } ];
|
||||||
subnets = [{ address = hosts.orbi; }];
|
subnets = [ { address = hosts.orbi; } ];
|
||||||
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
|
settings.Ed25519PublicKey = Ed25519PublicKey "orbi";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -99,6 +103,8 @@ in
|
||||||
LinkLocalAddressing = no
|
LinkLocalAddressing = no
|
||||||
'';
|
'';
|
||||||
|
|
||||||
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains));
|
networking.extraHosts = concatStringsSep "\n" (
|
||||||
|
mapAttrsToList (name: ip: "${ip} ${name}.${network}") (hosts // subDomains)
|
||||||
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,17 +1,18 @@
|
||||||
{ ipv4
|
{
|
||||||
, ipv6
|
ipv4,
|
||||||
, config
|
ipv6,
|
||||||
, optionalString
|
config,
|
||||||
, concatStringsSep
|
optionalString,
|
||||||
, mapAttrsToList
|
concatStringsSep,
|
||||||
, factsGenerator
|
mapAttrsToList,
|
||||||
, ...
|
factsGenerator,
|
||||||
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
port = 721;
|
port = 721;
|
||||||
hosts = {
|
hosts = {
|
||||||
cherry = "10.123.42.29";
|
cherry = "10.123.42.29";
|
||||||
cream = "10.123.42.27";
|
# cream = "10.123.42.27";
|
||||||
robi = "10.123.42.123";
|
robi = "10.123.42.123";
|
||||||
sternchen = "10.123.42.25";
|
sternchen = "10.123.42.25";
|
||||||
sterni = "10.123.42.24";
|
sterni = "10.123.42.24";
|
||||||
|
@ -23,31 +24,37 @@ in
|
||||||
|
|
||||||
services.tinc.networks = {
|
services.tinc.networks = {
|
||||||
${network} = {
|
${network} = {
|
||||||
ed25519PrivateKeyFile = config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
|
ed25519PrivateKeyFile =
|
||||||
|
config.clan.core.facts.services.tinc_secret.secret."tinc.secret.ed25519_key.priv".path;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
LocalDiscovery = yes
|
LocalDiscovery = yes
|
||||||
Port = ${toString port}
|
Port = ${toString port}
|
||||||
'';
|
'';
|
||||||
hostSettings = {
|
hostSettings = {
|
||||||
sternchen = {
|
sternchen = {
|
||||||
subnets = [{ address = hosts.sternchen; }];
|
subnets = [ { address = hosts.sternchen; } ];
|
||||||
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
|
settings.Ed25519PublicKey = "Z567IKl00Kw5JFBNwMvjL33QYe2hRoNtQcNIDFRPReB";
|
||||||
};
|
};
|
||||||
cream = {
|
# cream = {
|
||||||
subnets = [{ address = hosts.cream; }];
|
# subnets = [ { address = hosts.cream; } ];
|
||||||
settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
|
# settings.Ed25519PublicKey = "Y/YRA90mAlNEmdhUWlUTHjjsco6d6hlvW11sPtarIdL";
|
||||||
};
|
# };
|
||||||
cherry = {
|
cherry = {
|
||||||
subnets = [{ address = hosts.cherry; }];
|
subnets = [ { address = hosts.cherry; } ];
|
||||||
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
|
settings.Ed25519PublicKey = "BsPIrZjbzn0aryC0HO3OXSb4oFCMmzNDmMDQmxUXUuC";
|
||||||
};
|
};
|
||||||
sterni = {
|
sterni = {
|
||||||
subnets = [{ address = hosts.sterni; }];
|
subnets = [ { address = hosts.sterni; } ];
|
||||||
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
|
settings.Ed25519PublicKey = "r6mRDc814z2YtyG9ev/XXV2SgquqWR8n53V13xNXb7O";
|
||||||
};
|
};
|
||||||
robi = {
|
robi = {
|
||||||
addresses = [{ address = "144.76.13.147"; port = port; }];
|
addresses = [
|
||||||
subnets = [{ address = hosts.robi; }];
|
{
|
||||||
|
address = "144.76.13.147";
|
||||||
|
port = port;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
subnets = [ { address = hosts.robi; } ];
|
||||||
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
|
settings.Ed25519PublicKey = "bZUbSdME4fwudNVbUoNO7PpoOS2xALsyTs81F260KbL";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -68,23 +75,37 @@ in
|
||||||
LinkLocalAddressing = no
|
LinkLocalAddressing = no
|
||||||
'';
|
'';
|
||||||
|
|
||||||
networking.extraHosts = concatStringsSep "\n" (mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts);
|
networking.extraHosts = concatStringsSep "\n" (
|
||||||
|
mapAttrsToList (name: ip: "${ip} ${name}.${network}") hosts
|
||||||
|
);
|
||||||
|
|
||||||
services.openssh.knownHosts = {
|
services.openssh.knownHosts = {
|
||||||
"cream.${network}" = {
|
# "cream.${network}" = {
|
||||||
hostNames = [ "cream.${network}" hosts.cream ];
|
# hostNames = [
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
|
# "cream.${network}"
|
||||||
};
|
# hosts.cream
|
||||||
|
# ];
|
||||||
|
# publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIConHiCL7INgAhuN6Z9TqP0zP+xNpdV7+OHwUca4IRDD";
|
||||||
|
# };
|
||||||
"sternchen.${network}" = {
|
"sternchen.${network}" = {
|
||||||
hostNames = [ "sterni.${network}" hosts.sterni ];
|
hostNames = [
|
||||||
|
"sterni.${network}"
|
||||||
|
hosts.sterni
|
||||||
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILriD/0+65L1mkbjKENwpvB3wUMXz/rEf9J8wuJjJa0q";
|
||||||
};
|
};
|
||||||
"sterni.${network}" = {
|
"sterni.${network}" = {
|
||||||
hostNames = [ "sterni.${network}" hosts.sterni ];
|
hostNames = [
|
||||||
|
"sterni.${network}"
|
||||||
|
hosts.sterni
|
||||||
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEQRH4gzT4vWSx3KN80ePPYhSPZRUae/qSyEym6pJTht";
|
||||||
};
|
};
|
||||||
"robi" = {
|
"robi" = {
|
||||||
hostNames = [ "robi.${network}" hosts.robi ];
|
hostNames = [
|
||||||
|
"robi.${network}"
|
||||||
|
hosts.robi
|
||||||
|
];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2PGX6cZuBUGX4VweMzi0aRh4uQ61yngCzZGcK3w5XV";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
with types;
|
with types;
|
||||||
{
|
{
|
||||||
|
@ -22,7 +27,6 @@ with types;
|
||||||
# Setting this value to 1 means to try activation once, without retry.
|
# Setting this value to 1 means to try activation once, without retry.
|
||||||
networking.networkmanager.settings.main.autoconnect-retries-default = 999;
|
networking.networkmanager.settings.main.autoconnect-retries-default = 999;
|
||||||
|
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
|
||||||
# because Networkd-wait-online is just failing.
|
# because Networkd-wait-online is just failing.
|
||||||
|
@ -47,4 +51,3 @@ with types;
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -25,9 +25,9 @@ with lib;
|
||||||
config = {
|
config = {
|
||||||
networking.extraHosts = ''
|
networking.extraHosts = ''
|
||||||
10.100.0.1 cache.orbi.wg0
|
10.100.0.1 cache.orbi.wg0
|
||||||
|
10.100.0.1 orbi.wg0
|
||||||
|
10.100.0.2 chungus.wg0
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./ssh.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
options.components.nixos.boot.enable = lib.mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf (config.components.nixos.boot.enable) { };
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,100 +0,0 @@
|
||||||
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
|
|
||||||
with lib;
|
|
||||||
with types;
|
|
||||||
|
|
||||||
{
|
|
||||||
options.components.nixos.boot = {
|
|
||||||
|
|
||||||
enable = lib.mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
tor.enable = lib.mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.nixos.boot.ssh.enable;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkMerge [
|
|
||||||
|
|
||||||
# todo : not working at the moment, because onion hostnames are secrets
|
|
||||||
(
|
|
||||||
let
|
|
||||||
onionIds = clanLib.readFactFromAllMachines "tor.initrd.hostname";
|
|
||||||
generateOnionUnlockScript = machine: onionId: pkgs.writers.writeDashBin "unlock-boot-${machine}-via-tor" ''
|
|
||||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
|
||||||
# add known hosts
|
|
||||||
services.openssh.knownHosts =
|
|
||||||
mapAttrs
|
|
||||||
(_machine: onionId: {
|
|
||||||
hostNames = [ "[${onionId}]:2222" ];
|
|
||||||
})
|
|
||||||
onionIds;
|
|
||||||
|
|
||||||
# create unlook tor boot script
|
|
||||||
environment.systemPackages =
|
|
||||||
mapAttrsToList generateOnionUnlockScript onionIds;
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
||||||
# tor part
|
|
||||||
# --------
|
|
||||||
(mkIf (config.components.nixos.boot.tor.enable) {
|
|
||||||
|
|
||||||
#services.tor = {
|
|
||||||
# enable = true;
|
|
||||||
# client.enable = true;
|
|
||||||
# relay.onionServices.bootup.map = [{ port = 2222; }];
|
|
||||||
#};
|
|
||||||
|
|
||||||
# tor setup
|
|
||||||
clan.core.facts.services.initrd_tor = factsGenerator.tor { name = ""; };
|
|
||||||
|
|
||||||
boot.initrd.secrets = {
|
|
||||||
"/etc/tor/onion/bootup/tor.priv" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.priv".path;
|
|
||||||
"/etc/tor/onion/bootup/hostname" = config.clan.core.facts.services.initrd_tor.secret."tor.initrd.hostname".path;
|
|
||||||
};
|
|
||||||
|
|
||||||
#boot.initrd.extraUtilsCommands = ''
|
|
||||||
# copy_bin_and_libs ${pkgs.tor}/bin/tor
|
|
||||||
#'';
|
|
||||||
|
|
||||||
# fixme: this thing is not working for some reason.
|
|
||||||
boot.initrd.systemd.packages = [ pkgs.tor pkgs.iproute2 pkgs.coreutils ];
|
|
||||||
boot.initrd.systemd.services.tor = {
|
|
||||||
path = [ pkgs.tor pkgs.iproute2 pkgs.coreutils ];
|
|
||||||
# todo: set wanted by
|
|
||||||
script =
|
|
||||||
let
|
|
||||||
torRc = pkgs.writeText "tor.rc" ''
|
|
||||||
DataDirectory /etc/tor
|
|
||||||
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
|
|
||||||
SOCKSPort 127.0.0.1:9063
|
|
||||||
HiddenServiceDir /etc/tor/onion/bootup
|
|
||||||
HiddenServicePort 2222 127.0.0.1:2222
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
''
|
|
||||||
echo "tor: preparing onion folder"
|
|
||||||
# have to do this otherwise tor does not want to start
|
|
||||||
chmod -R 700 /etc/tor
|
|
||||||
|
|
||||||
echo "make sure localhost is up"
|
|
||||||
ip a a 127.0.0.1/8 dev lo
|
|
||||||
ip link set lo up
|
|
||||||
|
|
||||||
echo "tor: starting tor"
|
|
||||||
tor -f ${torRc} --verify-config
|
|
||||||
tor -f ${torRc}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
})
|
|
||||||
|
|
||||||
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./upgrade-diff.nix
|
./upgrade-diff.nix
|
||||||
./boot
|
|
||||||
];
|
];
|
||||||
|
|
||||||
options.components.nixos.enable = lib.mkOption {
|
options.components.nixos.enable = lib.mkOption {
|
||||||
|
|
|
@ -1,5 +1,10 @@
|
||||||
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
|
# MIT Jörg Thalheim - https://github.com/Mic92/dotfiles/blob/c6cad4e57016945c4816c8ec6f0a94daaa0c3203/nixos/modules/upgrade-diff.nix
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
|
|
||||||
options.components.nixos.update-diff.enable = lib.mkOption {
|
options.components.nixos.update-diff.enable = lib.mkOption {
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal.bash.enable = mkOption {
|
options.components.terminal.bash.enable = mkOption {
|
||||||
|
@ -16,7 +21,6 @@ with lib;
|
||||||
|
|
||||||
interactiveShellInit = "set -o vi";
|
interactiveShellInit = "set -o vi";
|
||||||
|
|
||||||
|
|
||||||
shellAliases = {
|
shellAliases = {
|
||||||
ls = "ls --color=tty";
|
ls = "ls --color=tty";
|
||||||
l = "ls -CFh";
|
l = "ls -CFh";
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal = {
|
options.components.terminal = {
|
||||||
|
@ -12,8 +17,6 @@ with lib;
|
||||||
./direnv.nix
|
./direnv.nix
|
||||||
./git.nix
|
./git.nix
|
||||||
./heygpt.nix
|
./heygpt.nix
|
||||||
./hoard.nix
|
|
||||||
./oh-my-posh
|
|
||||||
./remote-install.nix
|
./remote-install.nix
|
||||||
./wtf.nix
|
./wtf.nix
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal.direnv.enable = mkOption {
|
options.components.terminal.direnv.enable = mkOption {
|
||||||
|
@ -12,7 +17,10 @@ with lib;
|
||||||
home-manager.sharedModules = [
|
home-manager.sharedModules = [
|
||||||
{
|
{
|
||||||
programs.direnv.enable = true;
|
programs.direnv.enable = true;
|
||||||
programs.git.ignores = [ ".envrc" ".direnv" ];
|
programs.git.ignores = [
|
||||||
|
".envrc"
|
||||||
|
".direnv"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal.git.enable = mkOption {
|
options.components.terminal.git.enable = mkOption {
|
||||||
|
@ -8,7 +13,6 @@ with lib;
|
||||||
|
|
||||||
config = mkIf (config.components.terminal.git.enable) {
|
config = mkIf (config.components.terminal.git.enable) {
|
||||||
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
git
|
git
|
||||||
gita
|
gita
|
||||||
|
@ -29,4 +33,3 @@ with lib;
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal.heygpt.enable = mkOption {
|
options.components.terminal.heygpt.enable = mkOption {
|
||||||
|
|
|
@ -1,62 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
let
|
|
||||||
hoardSrc = pkgs.fetchFromGitHub {
|
|
||||||
owner = "Hyde46";
|
|
||||||
repo = "hoard";
|
|
||||||
rev = "v1.3.1";
|
|
||||||
sha256 = "sha256-Gm3X6/g5JQJEl7wRvWcO4j5XpROhtfRJ72LNaUeZRGc=";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.components.terminal.hoard.enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.terminal.enable;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf (config.components.terminal.hoard.enable) {
|
|
||||||
|
|
||||||
# todo : sync via syncthing
|
|
||||||
#backup.dirs = [
|
|
||||||
# "/root/.config/hoard"
|
|
||||||
# "/home/palo/.config/hoard"
|
|
||||||
#];
|
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.legacy_2211.hoard ];
|
|
||||||
|
|
||||||
home-manager.users.mainUser = {
|
|
||||||
xdg.configFile."hoard/config.yml".text = builtins.toJSON {
|
|
||||||
version = "1.0.1";
|
|
||||||
default_namespace = "default";
|
|
||||||
config_home_path = "/home/palo/.config/hoard";
|
|
||||||
trove_path = "/home/palo/.config/hoard/trove.yml";
|
|
||||||
query_prefix = " >";
|
|
||||||
primary_color = [ 87 142 87 ];
|
|
||||||
secondary_color = [ 203 184 144 ];
|
|
||||||
tertiary_color = [ 30 30 30 ];
|
|
||||||
command_color = [ 30 30 30 ];
|
|
||||||
parameter_token = "#";
|
|
||||||
read_from_current_directory = true;
|
|
||||||
};
|
|
||||||
programs.zsh.initExtra = ''
|
|
||||||
export HOARD_NOBIND=1
|
|
||||||
source ${hoardSrc}/src/shell/hoard.zsh
|
|
||||||
bindkey '^x' _hoard_list_widget
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
# use showkey -a
|
|
||||||
# Ctrl-h is equivalent to Ctrl-Backspace (for some reason)
|
|
||||||
programs.zsh.interactiveShellInit = ''
|
|
||||||
export HOARD_NOBIND=1
|
|
||||||
source ${hoardSrc}/src/shell/hoard.zsh
|
|
||||||
bindkey '^x' _hoard_list_widget
|
|
||||||
'';
|
|
||||||
programs.bash.interactiveShellInit = ''
|
|
||||||
export HOARD_NOBIND=1
|
|
||||||
source ${hoardSrc}/src/shell/hoard.bash
|
|
||||||
bind -x '"\C-x": __hoard_list'
|
|
||||||
'';
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,26 +0,0 @@
|
||||||
{ pkgs, config, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
options.components.terminal.oh-my-posh.enable = mkOption {
|
|
||||||
type = lib.types.bool;
|
|
||||||
default = config.components.terminal.enable;
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf (config.components.terminal.oh-my-posh.enable) {
|
|
||||||
|
|
||||||
home-manager.users =
|
|
||||||
let
|
|
||||||
poshConfig = {
|
|
||||||
programs.oh-my-posh = {
|
|
||||||
enable = true;
|
|
||||||
# useTheme = "gruvbox";
|
|
||||||
settings = builtins.fromJSON (builtins.readFile ./gruvbox.json);
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
mainUser = poshConfig;
|
|
||||||
root = poshConfig;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal.remote-install.enable = mkOption {
|
options.components.terminal.remote-install.enable = mkOption {
|
||||||
|
@ -10,7 +15,7 @@ with lib;
|
||||||
services.tor = {
|
services.tor = {
|
||||||
enable = true;
|
enable = true;
|
||||||
client.enable = true;
|
client.enable = true;
|
||||||
relay.onionServices.liveos.map = [{ port = 1337; }];
|
relay.onionServices.liveos.map = [ { port = 1337; } ];
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
|
@ -18,7 +23,7 @@ let
|
||||||
${pkgs.iw}/bin/iw dev \
|
${pkgs.iw}/bin/iw dev \
|
||||||
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
|
| ${pkgs.gnused}/bin/sed -n 's/^\s*Interface\s\+\([0-9a-z]\+\)$/\1/p'
|
||||||
); do
|
); do
|
||||||
inet=$(${pkgs.iproute}/bin/ip addr show $dev \
|
inet=$(${pkgs.iproute2}/bin/ip addr show $dev \
|
||||||
| ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \
|
| ${pkgs.gnused}/bin/sed -n 's/.*inet \([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*/\1/p') \
|
||||||
|| unset inet
|
|| unset inet
|
||||||
ssid=$(${pkgs.iw}/bin/iw dev $dev link \
|
ssid=$(${pkgs.iw}/bin/iw dev $dev link \
|
||||||
|
@ -54,8 +59,8 @@ let
|
||||||
echo
|
echo
|
||||||
'';
|
'';
|
||||||
|
|
||||||
userHighlight = map ({ user, ... }: user)
|
userHighlight =
|
||||||
(builtins.attrValues config.services.browser.configList)
|
map ({ user, ... }: user) (builtins.attrValues config.services.browser.configList)
|
||||||
++ [ "steam" ];
|
++ [ "steam" ];
|
||||||
|
|
||||||
activeUsers = pkgs.writers.writeBash "active-users" ''
|
activeUsers = pkgs.writers.writeBash "active-users" ''
|
||||||
|
@ -63,14 +68,20 @@ let
|
||||||
| ${pkgs.gnused}/bin/sed '1 d' \
|
| ${pkgs.gnused}/bin/sed '1 d' \
|
||||||
| ${pkgs.coreutils}/bin/sort \
|
| ${pkgs.coreutils}/bin/sort \
|
||||||
| ${pkgs.coreutils}/bin/uniq \
|
| ${pkgs.coreutils}/bin/uniq \
|
||||||
| ${pkgs.gnugrep}/bin/egrep --color=always '(${
|
| ${pkgs.gnugrep}/bin/egrep --color=always '(${pkgs.lib.concatStringsSep "|" userHighlight})|$'
|
||||||
pkgs.lib.concatStringsSep "|" userHighlight
|
|
||||||
})|$'
|
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# default settings
|
# default settings
|
||||||
wtfModule =
|
wtfModule =
|
||||||
args@{ height ? 1, width ? 1, top, left, enabled ? true, type, ... }:
|
args@{
|
||||||
|
height ? 1,
|
||||||
|
width ? 1,
|
||||||
|
top,
|
||||||
|
left,
|
||||||
|
enabled ? true,
|
||||||
|
type,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
enabled = enabled;
|
enabled = enabled;
|
||||||
focusable = false;
|
focusable = false;
|
||||||
|
@ -78,33 +89,50 @@ let
|
||||||
position.left = left;
|
position.left = left;
|
||||||
position.height = height;
|
position.height = height;
|
||||||
position.width = width;
|
position.width = width;
|
||||||
} // (lib.filterAttrs
|
}
|
||||||
(key: _: lib.all (x: x != key) [ "height" "width" "top" "left" ])
|
// (lib.filterAttrs (
|
||||||
args);
|
key: _:
|
||||||
|
lib.all (x: x != key) [
|
||||||
|
"height"
|
||||||
|
"width"
|
||||||
|
"top"
|
||||||
|
"left"
|
||||||
|
]
|
||||||
|
) args);
|
||||||
|
|
||||||
# command runner module
|
# command runner module
|
||||||
cmdRunner = args@{ cmd, ... }:
|
cmdRunner =
|
||||||
wtfModule ({
|
args@{ cmd, ... }:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "cmdrunner";
|
type = "cmdrunner";
|
||||||
focusable = false;
|
focusable = false;
|
||||||
refreshInterval = 300;
|
refreshInterval = 300;
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
modules = {
|
modules = {
|
||||||
inherit cmdRunner;
|
inherit cmdRunner;
|
||||||
|
|
||||||
digitalclock = args@{ top, left, ... }:
|
digitalclock =
|
||||||
cmdRunner ({
|
args@{ top, left, ... }:
|
||||||
|
cmdRunner (
|
||||||
|
{
|
||||||
cmd = pkgs.writers.writeDash "clock" ''
|
cmd = pkgs.writers.writeDash "clock" ''
|
||||||
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
|
${pkgs.toilet}/bin/toilet --font future `${pkgs.coreutils}/bin/date +"%a %H:%M"`
|
||||||
${pkgs.coreutils}/bin/date +"%B %d %Y"
|
${pkgs.coreutils}/bin/date +"%B %d %Y"
|
||||||
'';
|
'';
|
||||||
title = "";
|
title = "";
|
||||||
refreshInterval = 30;
|
refreshInterval = 30;
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
clocks = args@{ top, left, ... }:
|
clocks =
|
||||||
wtfModule ({
|
args@{ top, left, ... }:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "clocks";
|
type = "clocks";
|
||||||
title = "";
|
title = "";
|
||||||
border = false;
|
border = false;
|
||||||
|
@ -115,30 +143,43 @@ let
|
||||||
locations = {
|
locations = {
|
||||||
UTC = "Etc/UTC";
|
UTC = "Etc/UTC";
|
||||||
Berlin = "Europe/Berlin";
|
Berlin = "Europe/Berlin";
|
||||||
Cuba = "America/Havana";
|
Thailand = "Asia/Bangkok";
|
||||||
Wellington = "Pacific/Auckland";
|
#Cuba = "America/Havana";
|
||||||
|
#Wellington = "Pacific/Auckland";
|
||||||
};
|
};
|
||||||
sort = "alphabetical";
|
sort = "alphabetical";
|
||||||
refreshInterval = 60;
|
refreshInterval = 60;
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
resourceusage = args@{ top, left, ... }:
|
resourceusage =
|
||||||
wtfModule ({
|
args@{ top, left, ... }:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "resourceusage";
|
type = "resourceusage";
|
||||||
title = "";
|
title = "";
|
||||||
cpuCombined = false;
|
cpuCombined = false;
|
||||||
refreshInterval = 5;
|
refreshInterval = 5;
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
power = args@{ top, left, ... }:
|
power =
|
||||||
wtfModule ({
|
args@{ top, left, ... }:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "power";
|
type = "power";
|
||||||
title = "";
|
title = "";
|
||||||
refreshInterval = 100;
|
refreshInterval = 100;
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
prettyweather = args@{ top, left, ... }:
|
prettyweather =
|
||||||
wtfModule ({
|
args@{ top, left, ... }:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "prettyweather";
|
type = "prettyweather";
|
||||||
title = "";
|
title = "";
|
||||||
city = "Essen";
|
city = "Essen";
|
||||||
|
@ -146,10 +187,19 @@ let
|
||||||
view = 0;
|
view = 0;
|
||||||
language = "en";
|
language = "en";
|
||||||
refreshInterval = 3600;
|
refreshInterval = 3600;
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
feedreader = args@{ top, left, feeds, ... }:
|
feedreader =
|
||||||
wtfModule ({
|
args@{
|
||||||
|
top,
|
||||||
|
left,
|
||||||
|
feeds,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "feedreader";
|
type = "feedreader";
|
||||||
title = "";
|
title = "";
|
||||||
refreshInterval = 3600;
|
refreshInterval = 3600;
|
||||||
|
@ -159,10 +209,20 @@ let
|
||||||
even = "white";
|
even = "white";
|
||||||
odd = "white";
|
odd = "white";
|
||||||
};
|
};
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
github = args@{ top, left, username, apiKey, ... }:
|
github =
|
||||||
wtfModule ({
|
args@{
|
||||||
|
top,
|
||||||
|
left,
|
||||||
|
username,
|
||||||
|
apiKey,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
wtfModule (
|
||||||
|
{
|
||||||
type = "github";
|
type = "github";
|
||||||
title = "";
|
title = "";
|
||||||
refreshInterval = 3600;
|
refreshInterval = 3600;
|
||||||
|
@ -177,7 +237,9 @@ let
|
||||||
# - "wtfutil/wtf"
|
# - "wtfutil/wtf"
|
||||||
# - "wtfutil/docs"
|
# - "wtfutil/docs"
|
||||||
# - "umbrella-corp/wesker-api"
|
# - "umbrella-corp/wesker-api"
|
||||||
} // args);
|
}
|
||||||
|
// args
|
||||||
|
);
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -190,8 +252,20 @@ let
|
||||||
normal = "green";
|
normal = "green";
|
||||||
};
|
};
|
||||||
grid = {
|
grid = {
|
||||||
columns = [ 28 0 0 ];
|
columns = [
|
||||||
rows = [ 9 9 9 9 9 9 0 ];
|
28
|
||||||
|
0
|
||||||
|
0
|
||||||
|
];
|
||||||
|
rows = [
|
||||||
|
9
|
||||||
|
9
|
||||||
|
9
|
||||||
|
9
|
||||||
|
9
|
||||||
|
9
|
||||||
|
0
|
||||||
|
];
|
||||||
};
|
};
|
||||||
refreshInterval = 1;
|
refreshInterval = 1;
|
||||||
mods = with modules; {
|
mods = with modules; {
|
||||||
|
@ -226,8 +300,7 @@ let
|
||||||
top = 4;
|
top = 4;
|
||||||
left = 1;
|
left = 1;
|
||||||
height = 1;
|
height = 1;
|
||||||
feeds =
|
feeds = [ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
|
||||||
[ "https://latesthackingnews.com/category/hacking-tools/feed/" ];
|
|
||||||
};
|
};
|
||||||
nixos = feedreader {
|
nixos = feedreader {
|
||||||
title = "NixOS Weekly";
|
title = "NixOS Weekly";
|
||||||
|
@ -264,8 +337,20 @@ let
|
||||||
normal = "green";
|
normal = "green";
|
||||||
};
|
};
|
||||||
grid = {
|
grid = {
|
||||||
columns = [ 33 12 28 36 0 ];
|
columns = [
|
||||||
rows = [ 9 4 6 6 0 ];
|
33
|
||||||
|
12
|
||||||
|
28
|
||||||
|
36
|
||||||
|
0
|
||||||
|
];
|
||||||
|
rows = [
|
||||||
|
9
|
||||||
|
4
|
||||||
|
6
|
||||||
|
6
|
||||||
|
0
|
||||||
|
];
|
||||||
};
|
};
|
||||||
refreshInterval = 1;
|
refreshInterval = 1;
|
||||||
mods = with modules; {
|
mods = with modules; {
|
||||||
|
@ -291,12 +376,16 @@ let
|
||||||
left = 0;
|
left = 0;
|
||||||
};
|
};
|
||||||
|
|
||||||
rates = wtfModule {
|
yfinance = wtfModule {
|
||||||
type = "yfinance";
|
type = "yfinance";
|
||||||
top = 3;
|
top = 3;
|
||||||
left = 0;
|
left = 0;
|
||||||
title = "rates";
|
title = "rates";
|
||||||
symbols = [ "EURUSD=X" "EURNZD=X" ];
|
symbols = [
|
||||||
|
"EURUSD=X"
|
||||||
|
"EURNZD=X"
|
||||||
|
"EURTHB=X"
|
||||||
|
];
|
||||||
refreshInterval = 60;
|
refreshInterval = 60;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -307,7 +396,12 @@ let
|
||||||
|
|
||||||
calendar = cmdRunner {
|
calendar = cmdRunner {
|
||||||
title = "";
|
title = "";
|
||||||
args = [ "-3" "--monday" "--color=never" "-w" ];
|
args = [
|
||||||
|
"-3"
|
||||||
|
"--monday"
|
||||||
|
"--color=never"
|
||||||
|
"-w"
|
||||||
|
];
|
||||||
cmd = "cal";
|
cmd = "cal";
|
||||||
top = 1;
|
top = 1;
|
||||||
left = 1;
|
left = 1;
|
||||||
|
@ -369,9 +463,12 @@ let
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
createDashboard = { json, name }:
|
createDashboard =
|
||||||
let configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
|
{ json, name }:
|
||||||
in pkgs.writers.writeBashBin name ''
|
let
|
||||||
|
configuration = pkgs.writeText "config.yml" (builtins.toJSON json);
|
||||||
|
in
|
||||||
|
pkgs.writers.writeBashBin name ''
|
||||||
${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
|
${pkgs.wtf}/bin/wtfutil --config=${toString configuration}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.terminal.zsh.enable = mkOption {
|
options.components.terminal.zsh.enable = mkOption {
|
||||||
|
|
|
@ -1,8 +1,9 @@
|
||||||
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
# some system stuff
|
# some system stuff
|
||||||
# -----------------
|
# -----------------
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
#time.timeZone = lib.mkDefault "Pacific/Auckland";
|
#time.timeZone = "Pacific/Auckland";
|
||||||
#time.timeZone = lib.mkDefault "Asia/Singapore";
|
#time.timeZone = "Asia/Singapore";
|
||||||
#time.timeZone = lib.mkDefault "Asia/Makassar";
|
#time.timeZone = "Asia/Makassar";
|
||||||
}
|
}
|
||||||
|
|
15
components/virtualisation/default.nix
Normal file
15
components/virtualisation/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./docker.nix
|
||||||
|
./podman.nix
|
||||||
|
./virtualbox.nix
|
||||||
|
./qemu.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
options.components.virtualisation.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
21
components/virtualisation/docker.nix
Normal file
21
components/virtualisation/docker.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
|
||||||
|
options.components.virtualisation.docker.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = config.components.virtualisation.enable;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf config.components.virtualisation.docker.enable {
|
||||||
|
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
24
components/virtualisation/podman.nix
Normal file
24
components/virtualisation/podman.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
|
||||||
|
options.components.virtualisation.podman.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = config.components.virtualisation.enable;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf config.components.virtualisation.podman.enable {
|
||||||
|
|
||||||
|
virtualisation.podman.enable = true;
|
||||||
|
|
||||||
|
# make sure /var/lib/containers/storage is a zfs dataset
|
||||||
|
virtualisation.podman.extraPackages = [ pkgs.zfs ];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
32
components/virtualisation/qemu.nix
Normal file
32
components/virtualisation/qemu.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
|
||||||
|
options.components.virtualisation.qemu.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = config.components.virtualisation.enable;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf config.components.virtualisation.qemu.enable {
|
||||||
|
|
||||||
|
virtualisation.libvirtd.enable = true;
|
||||||
|
#virtualisation.libvirtd.allowedBridges = ["virbr0"];
|
||||||
|
virtualisation.libvirtd.onShutdown = "shutdown";
|
||||||
|
|
||||||
|
environment.systemPackages = [
|
||||||
|
pkgs.qemu_kvm
|
||||||
|
#(pkgs.quickemu.override { qemu_full = pkgs.qemu_kvm; })
|
||||||
|
pkgs.quickemu
|
||||||
|
pkgs.virt-manager
|
||||||
|
];
|
||||||
|
|
||||||
|
users.users.mainUser.extraGroups = [ "libvirtd" ];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
26
components/virtualisation/virtualbox.nix
Normal file
26
components/virtualisation/virtualbox.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
|
||||||
|
options.components.virtualisation.virtualbox.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = config.components.virtualisation.enable;
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf config.components.virtualisation.virtualbox.enable {
|
||||||
|
|
||||||
|
virtualisation.virtualbox = {
|
||||||
|
host.enable = true;
|
||||||
|
guest.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraGroups.vboxusers.members = [ config.users.users.mainUser.name ];
|
||||||
|
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -1,7 +1,12 @@
|
||||||
# References:
|
# References:
|
||||||
# * https://github.com/drduh/YubiKey-Guide
|
# * https://github.com/drduh/YubiKey-Guide
|
||||||
# * https://nixos.wiki/wiki/Yubikey
|
# * https://nixos.wiki/wiki/Yubikey
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -18,6 +23,11 @@ with lib;
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages = [
|
||||||
|
|
||||||
|
pkgs.yubikey-personalization
|
||||||
|
pkgs.yubikey-personalization-gui
|
||||||
|
pkgs.yubikey-manager
|
||||||
|
pkgs.yubikey-manager-qt
|
||||||
|
|
||||||
# for `gpg --export $keyid | hokey lint` to check keys
|
# for `gpg --export $keyid | hokey lint` to check keys
|
||||||
#pkgs.haskellPackages.hopenpgp-tools
|
#pkgs.haskellPackages.hopenpgp-tools
|
||||||
|
|
||||||
|
|
6
features/boot/default.nix
Normal file
6
features/boot/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./ssh.nix
|
||||||
|
./tor.nix
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,38 +1,40 @@
|
||||||
{ config, lib, pkgs, factsGenerator, clanLib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
factsGenerator,
|
||||||
|
clanLib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
with types;
|
with types;
|
||||||
|
|
||||||
{
|
{
|
||||||
options.components.nixos.boot.ssh = {
|
options.features.boot.ssh = {
|
||||||
enable = lib.mkOption {
|
enable = lib.mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = config.components.nixos.boot.enable;
|
default = false;
|
||||||
};
|
};
|
||||||
kernelModules = mkOption {
|
kernelModules = mkOption {
|
||||||
type = listOf str;
|
type = listOf str;
|
||||||
default = [ ];
|
default = [ ];
|
||||||
description =
|
description = "nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
|
||||||
"nix-shell -p pciutils --run 'lspci -v' will tell you which kernel module is used for the ethernet interface";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf (config.components.nixos.boot.ssh.enable) {
|
config = mkIf (config.features.boot.ssh.enable) {
|
||||||
|
|
||||||
# root password
|
|
||||||
#clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
|
|
||||||
#users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; # fixme not working for some reason
|
|
||||||
#users.users.root.initalPassword = "admin";
|
|
||||||
|
|
||||||
# ssh host key
|
# ssh host key
|
||||||
clan.core.facts.services."boot.ssh" = factsGenerator.ssh { name = "boot"; };
|
clan.core.facts.services."boot.ssh" = factsGenerator.ssh { name = "boot"; };
|
||||||
|
|
||||||
|
# todo: maybe put this in a component
|
||||||
# boot
|
# boot
|
||||||
boot.initrd.systemd.enable = true;
|
boot.initrd.systemd.enable = true;
|
||||||
boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
|
boot.initrd.systemd.contents."/etc/hostname".text = "unlock.${config.networking.hostName}";
|
||||||
|
|
||||||
# network
|
# network
|
||||||
boot.initrd.systemd.network.enable = true;
|
boot.initrd.systemd.network.enable = true;
|
||||||
boot.initrd.availableKernelModules = config.components.nixos.boot.ssh.kernelModules;
|
boot.initrd.availableKernelModules = config.features.boot.ssh.kernelModules;
|
||||||
|
|
||||||
# ssh
|
# ssh
|
||||||
boot.initrd.network.enable = true;
|
boot.initrd.network.enable = true;
|
||||||
|
@ -46,4 +48,3 @@ with types;
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
76
features/boot/tor.nix
Normal file
76
features/boot/tor.nix
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
factsGenerator,
|
||||||
|
clanLib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
with types;
|
||||||
|
{
|
||||||
|
options.features.boot.tor = {
|
||||||
|
enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf (config.features.boot.tor.enable) {
|
||||||
|
|
||||||
|
# tor secrets
|
||||||
|
clan.core.facts.services."initrd.tor" = factsGenerator.tor {
|
||||||
|
name = "initrd";
|
||||||
|
addressPrefix = "init";
|
||||||
|
};
|
||||||
|
boot.initrd.secrets = mapAttrs' (name: file: nameValuePair "/etc/tor/onion/bootup/${name}" file) (
|
||||||
|
genAttrs [
|
||||||
|
"hostname"
|
||||||
|
"hs_ed25519_public_key"
|
||||||
|
"hs_ed25519_secret_key"
|
||||||
|
] (secret: config.clan.core.facts.services."initrd.tor".secret."tor.initrd.${secret}".path)
|
||||||
|
);
|
||||||
|
|
||||||
|
boot.initrd.systemd.storePaths = [
|
||||||
|
pkgs.tor
|
||||||
|
pkgs.iproute2
|
||||||
|
pkgs.coreutils
|
||||||
|
];
|
||||||
|
boot.initrd.systemd.contents = {
|
||||||
|
"/etc/tor/tor.rc".text = ''
|
||||||
|
DataDirectory /etc/tor
|
||||||
|
SOCKSPort 127.0.0.1:9050 IsolateDestAddr
|
||||||
|
SOCKSPort 127.0.0.1:9063
|
||||||
|
HiddenServiceDir /etc/tor/onion/bootup
|
||||||
|
HiddenServicePort 2222 127.0.0.1:2222
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.systemd.services.tor = {
|
||||||
|
description = "tor during init";
|
||||||
|
wantedBy = [ "initrd.target" ];
|
||||||
|
after = [
|
||||||
|
"network.target"
|
||||||
|
"initrd-nixos-copy-secrets.service"
|
||||||
|
];
|
||||||
|
before = [ "shutdown.target" ];
|
||||||
|
conflicts = [ "shutdown.target" ];
|
||||||
|
|
||||||
|
unitConfig.DefaultDependencies = false;
|
||||||
|
path = [
|
||||||
|
pkgs.tor
|
||||||
|
pkgs.iproute2
|
||||||
|
pkgs.coreutils
|
||||||
|
];
|
||||||
|
script = ''
|
||||||
|
echo "tor: preparing onion folder"
|
||||||
|
# have to do this otherwise tor does not want to start
|
||||||
|
chmod -R 700 /etc/tor
|
||||||
|
|
||||||
|
echo "tor: starting tor"
|
||||||
|
tor -f /etc/tor/tor.rc --verify-config
|
||||||
|
tor -f /etc/tor/tor.rc
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
6
features/default.nix
Normal file
6
features/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./boot
|
||||||
|
./network
|
||||||
|
];
|
||||||
|
}
|
6
features/network/default.nix
Normal file
6
features/network/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./fail2ban.nix
|
||||||
|
./sshguard.nix
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,14 +1,19 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.network.fail2ban.enable = mkOption {
|
options.features.network.fail2ban.enable = mkOption {
|
||||||
type = lib.types.bool;
|
type = lib.types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf config.components.network.fail2ban.enable {
|
(mkIf config.features.network.fail2ban.enable {
|
||||||
environment.systemPackages = [ pkgs.fail2ban pkgs.ipset ];
|
environment.systemPackages = [ pkgs.fail2ban ];
|
||||||
services.fail2ban = {
|
services.fail2ban = {
|
||||||
enable = true;
|
enable = true;
|
||||||
#package = pkgs.legacy_2311.fail2ban;
|
#package = pkgs.legacy_2311.fail2ban;
|
||||||
|
@ -19,7 +24,7 @@ with lib;
|
||||||
# custom defined jails
|
# custom defined jails
|
||||||
# --------------------
|
# --------------------
|
||||||
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
# https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
|
||||||
(mkIf config.components.network.fail2ban.enable {
|
(mkIf config.features.network.fail2ban.enable {
|
||||||
services.fail2ban.jails.nginx-git-not-found.settings = {
|
services.fail2ban.jails.nginx-git-not-found.settings = {
|
||||||
port = "http,https";
|
port = "http,https";
|
||||||
logpath = "%(nginx_error_log)s";
|
logpath = "%(nginx_error_log)s";
|
||||||
|
@ -33,7 +38,7 @@ with lib;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
(mkIf config.components.network.fail2ban.enable {
|
(mkIf config.features.network.fail2ban.enable {
|
||||||
services.fail2ban.jails.nginx-git-bad-request.settings = {
|
services.fail2ban.jails.nginx-git-bad-request.settings = {
|
||||||
port = "http,https";
|
port = "http,https";
|
||||||
logpath = "%(nginx_error_log)s";
|
logpath = "%(nginx_error_log)s";
|
24
features/network/sshguard.nix
Normal file
24
features/network/sshguard.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
assets,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
with types;
|
||||||
|
{
|
||||||
|
|
||||||
|
options.features.network.sshguard = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf config.features.network.sshguard.enable {
|
||||||
|
environment.systemPackages = [ pkgs.ipset ];
|
||||||
|
services.sshguard.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
915
flake.lock
915
flake.lock
File diff suppressed because it is too large
Load diff
501
flake.nix
501
flake.nix
|
@ -1,80 +1,51 @@
|
||||||
{
|
{
|
||||||
|
|
||||||
|
# "git+file:///<full-path>" for fixing an input
|
||||||
inputs = {
|
inputs = {
|
||||||
|
|
||||||
flake-parts.url = "github:hercules-ci/flake-parts";
|
clan-core.inputs.flake-parts.follows = "flake-parts";
|
||||||
|
clan-core.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
|
||||||
|
clan-fact-generators.inputs.clan-core.follows = "clan-core";
|
||||||
|
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
|
||||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||||
|
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||||
clan-fact-generators = {
|
healthchecks.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
url = "github:mrvandalo/clan-fact-generators";
|
healthchecks.url = "github:mrvandalo/nixos-healthchecks";
|
||||||
inputs.clan-core.follows = "clan-core";
|
#healthchecks.url = "git+file:///home/palo/dev/nixos/healthcheck";
|
||||||
};
|
home-manager-utils.inputs.home-manager.follows = "home-manager";
|
||||||
|
home-manager-utils.url = "github:mrvandalo/home-manager-utils";
|
||||||
clan-core = {
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
url = "git+https://git.clan.lol/clan/clan-core";
|
home-manager.url = "github:nix-community/home-manager";
|
||||||
#url = "git+file:///home/palo/dev/clan-core";
|
landingpage.url = "github:mrVanDalo/landingpage";
|
||||||
inputs.nixpkgs.follows = "nixpkgs"; # Needed if your configuration uses nixpkgs unstable.
|
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.flake-parts.follows = "flake-parts";
|
nix-topology.url = "github:oddlama/nix-topology";
|
||||||
};
|
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
||||||
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
||||||
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
|
||||||
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
nixpkgs-legacy_2211.url = "github:nixos/nixpkgs/nixos-22.11";
|
||||||
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
|
nixpkgs-legacy_2311.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||||
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
|
nixpkgs-legacy_2405.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
|
||||||
nixos-anywhere.url = "github:nix-community/nixos-anywhere";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
permown.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
home-manager = {
|
permown.url = "github:mrVanDalo/module.permown";
|
||||||
#url = "github:nix-community/home-manager/release-23.11";
|
polygon-art.url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
||||||
url = "github:nix-community/home-manager";
|
private-parts.inputs.nixpkgs.follows = "nixpkgs"; # only private input
|
||||||
#inputs.nixpkgs.follows = "nixpkgs";
|
private-parts.url = "git+ssh://forgejo@git.ingolf-wagner.de:2222/palo/nixos-private-parts.git?ref=main";
|
||||||
};
|
#private-parts.url = "git+file:///home/palo/dev/nixos/nixos-private-parts";
|
||||||
|
retiolum.url = "github:Mic92/retiolum";
|
||||||
polygon-art = {
|
|
||||||
url = "git+https://git.ingolf-wagner.de/palo/polygon-art.git";
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager-utils = {
|
|
||||||
url = "github:mrvandalo/home-manager-utils";
|
|
||||||
inputs.home-manager.follows = "home-manager";
|
|
||||||
};
|
|
||||||
|
|
||||||
permown = {
|
|
||||||
url = "github:mrVanDalo/module.permown";
|
|
||||||
#url = "git+file:///home/palo/dev/nixos/permown";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
private_assets = {
|
|
||||||
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
|
|
||||||
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
|
||||||
flake = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
retiolum = {
|
|
||||||
url = "github:Mic92/retiolum";
|
|
||||||
#url = "git+file:///home/palo/dev/nixos/retiolum";
|
|
||||||
};
|
|
||||||
|
|
||||||
srvos.url = "github:nix-community/srvos";
|
srvos.url = "github:nix-community/srvos";
|
||||||
|
stylix.inputs.home-manager.follows = "home-manager";
|
||||||
landingpage = {
|
stylix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
#url = "git+file:///home/palo/dev/landingpage";
|
stylix.url = "github:danth/stylix";
|
||||||
url = "github:mrVanDalo/landingpage";
|
taskwarrior.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
taskwarrior.url = "github:mrvandalo/taskwarrior-flake";
|
||||||
|
#taskwarrior.url = "git+file:///home/palo/dev/nixos/taskwarrior-flake";
|
||||||
# todo: mabye use https://github.com/jtroo/kanata instead
|
telemetry.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
# fixme: kmonad crashes every now and than and the keyboard is not usable anymore.
|
telemetry.url = "github:mrvandalo/nixos-telemetry";
|
||||||
kmonad = {
|
#telemetry.url = "git+file:///home/palo/dev/nixos/nixos-telemetry";
|
||||||
url = "github:kmonad/kmonad?dir=nix";
|
treefmt-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
treefmt-nix.url = "github:numtide/treefmt-nix";
|
||||||
};
|
|
||||||
|
|
||||||
stylix = {
|
|
||||||
url = "github:danth/stylix";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
inputs.home-manager.follows = "home-manager";
|
|
||||||
};
|
|
||||||
|
|
||||||
# smoke test framwork to trigger tests (enable if I want to use it for real)
|
# smoke test framwork to trigger tests (enable if I want to use it for real)
|
||||||
#smoke = {
|
#smoke = {
|
||||||
|
@ -82,54 +53,46 @@
|
||||||
# inputs.nixpkgs.follows = "nixpkgs";
|
# inputs.nixpkgs.follows = "nixpkgs";
|
||||||
#};
|
#};
|
||||||
|
|
||||||
# had to override it to remove colors
|
|
||||||
taskshell = {
|
|
||||||
url = "github:mrvandalo/taskshell";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# my own tool
|
|
||||||
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs =
|
outputs =
|
||||||
inputs@{ self
|
inputs@{
|
||||||
, clan-core
|
clan-core,
|
||||||
, clan-fact-generators
|
clan-fact-generators,
|
||||||
, flake-parts
|
flake-parts,
|
||||||
, home-manager
|
healthchecks,
|
||||||
, home-manager-utils
|
home-manager,
|
||||||
, kmonad
|
home-manager-utils,
|
||||||
, landingpage
|
landingpage,
|
||||||
, nixos-anywhere
|
nix-topology,
|
||||||
, nixos-hardware
|
nixos-anywhere,
|
||||||
, nixpkgs
|
nixos-hardware,
|
||||||
, nixpkgs-legacy_2211
|
nixpkgs,
|
||||||
, nixpkgs-legacy_2311
|
nixpkgs-legacy_2211,
|
||||||
, nixpkgs-legacy_2405
|
nixpkgs-legacy_2311,
|
||||||
, nixpkgs-unstable-small
|
nixpkgs-legacy_2405,
|
||||||
, overviewer
|
nixpkgs-unstable-small,
|
||||||
, permown
|
permown,
|
||||||
, polygon-art
|
polygon-art,
|
||||||
, private_assets
|
private-parts,
|
||||||
, retiolum
|
retiolum,
|
||||||
, srvos
|
self,
|
||||||
, stylix
|
srvos,
|
||||||
, taskshell
|
stylix,
|
||||||
|
taskwarrior,
|
||||||
|
telemetry,
|
||||||
|
treefmt-nix,
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
#system = "x86_64-linux";
|
|
||||||
|
|
||||||
#pkgs = nixpkgs.legacyPackages.${system};
|
|
||||||
inherit (nixpkgs) lib;
|
inherit (nixpkgs) lib;
|
||||||
|
|
||||||
meta = rec {
|
meta = rec {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
pkgs = import nixpkgs {
|
pkgs =
|
||||||
inherit system;
|
let
|
||||||
config.allowUnfree = true;
|
allowUnfree = true;
|
||||||
config.permittedInsecurePackages = [
|
permittedInsecurePackages = [
|
||||||
"electron-24.8.6" # for bitwarden
|
"electron-24.8.6" # for bitwarden
|
||||||
"python-2.7.18.6"
|
"python-2.7.18.6"
|
||||||
"python-2.7.18.7"
|
"python-2.7.18.7"
|
||||||
|
@ -137,69 +100,99 @@
|
||||||
"electron-27.3.11" # for logseq
|
"electron-27.3.11" # for logseq
|
||||||
"electron-28.3.3" # for logseq
|
"electron-28.3.3" # for logseq
|
||||||
];
|
];
|
||||||
|
in
|
||||||
|
import nixpkgs {
|
||||||
|
inherit system;
|
||||||
|
config = {
|
||||||
|
inherit allowUnfree permittedInsecurePackages;
|
||||||
|
};
|
||||||
overlays = [
|
overlays = [
|
||||||
(_self: _super: {
|
(_self: _super: {
|
||||||
unstable-small = import nixpkgs-unstable-small {
|
unstable-small = import nixpkgs-unstable-small {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = true;
|
config = {
|
||||||
|
inherit allowUnfree permittedInsecurePackages;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
legacy_2211 = import nixpkgs-legacy_2211 {
|
legacy_2211 = import nixpkgs-legacy_2211 {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = true;
|
config = {
|
||||||
|
inherit allowUnfree permittedInsecurePackages;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
legacy_2311 = import nixpkgs-legacy_2311 {
|
legacy_2311 = import nixpkgs-legacy_2311 {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = true;
|
config = {
|
||||||
|
inherit allowUnfree permittedInsecurePackages;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
legacy_2405 = import nixpkgs-legacy_2405 {
|
legacy_2405 = import nixpkgs-legacy_2405 {
|
||||||
inherit system;
|
inherit system;
|
||||||
config.allowUnfree = true;
|
config = {
|
||||||
|
inherit allowUnfree permittedInsecurePackages;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
polygon-art = polygon-art.packages.${system};
|
polygon-art = polygon-art.packages.${system};
|
||||||
landingpage = landingpage.packages.${system}.plain;
|
landingpage = landingpage.packages.${system}.plain;
|
||||||
kmonad = kmonad.packages.${system}.kmonad;
|
inherit (taskwarrior.packages.${system})
|
||||||
tasksh = taskshell.packages.${system}.tasksh;
|
bugwarrior
|
||||||
overviewer = overviewer.packages.${system}.overviewer;
|
tasksh
|
||||||
pkl = self.packages.${system}.pkl;
|
taskwarrior-hooks
|
||||||
|
;
|
||||||
|
inherit (self.packages.${system})
|
||||||
|
otpmenu
|
||||||
|
nsxiv
|
||||||
|
;
|
||||||
})
|
})
|
||||||
(import ./pkgs)
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit private_assets inputs;
|
inherit inputs;
|
||||||
assets = ./assets;
|
assets = ./assets;
|
||||||
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
|
factsGenerator = clan-fact-generators.lib { inherit pkgs; };
|
||||||
clanLib = import ./lib/clanlib.nix { inherit (pkgs) lib; machineDir = ./machines; };
|
clanLib = import ./lib/clanlib.nix {
|
||||||
zerotierDeviceName = "ztbn67ogn2";
|
inherit (pkgs) lib;
|
||||||
|
machineDir = ./machines;
|
||||||
|
};
|
||||||
|
# https://git.clan.lol/clan/clan-core/issues/1575 < here is how I could do this generic
|
||||||
|
zerotierInterface = "ztbn67ogn2";
|
||||||
components = ./components;
|
components = ./components;
|
||||||
|
features = ./features;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
clanSetup =
|
clanSetup =
|
||||||
{ name
|
{
|
||||||
, host
|
name,
|
||||||
, modules
|
host,
|
||||||
}: {
|
modules,
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
|
||||||
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
|
clan.core.networking.targetHost = lib.mkDefault "root@${host}";
|
||||||
nixpkgs.pkgs = meta.pkgs;
|
nixpkgs.pkgs = meta.pkgs;
|
||||||
nixpkgs.hostPlatform = meta.system;
|
nixpkgs.hostPlatform = meta.system;
|
||||||
clan.core.facts.secretStore = "password-store";
|
clan.core.facts.secretStore = "password-store";
|
||||||
|
|
||||||
imports = modules ++ defaultModules ++ [
|
imports =
|
||||||
|
modules
|
||||||
|
++ defaultModules
|
||||||
|
++ [
|
||||||
./machines/${name}/configuration.nix
|
./machines/${name}/configuration.nix
|
||||||
|
nix-topology.nixosModules.default
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
zerotierControllerModule =
|
zerotierControllerModule = {
|
||||||
{
|
|
||||||
clan.core.networking.zerotier.controller = {
|
clan.core.networking.zerotier.controller = {
|
||||||
enable = true;
|
enable = true;
|
||||||
public = false;
|
public = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
zerotierModules = { pkgs, ... }: {
|
zerotierModules =
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
|
||||||
# this magically adds all my machines in the zero tier network
|
# this magically adds all my machines in the zero tier network
|
||||||
|
@ -227,28 +220,50 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
defaultAuthorizedKeys =
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
||||||
|
# yubikey key
|
||||||
|
./assets/mrvandalo_rsa.pub
|
||||||
|
# backup key
|
||||||
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
|
||||||
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
|
||||||
|
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.paperless-ngx.id_ed25519.pub"
|
||||||
|
];
|
||||||
|
environment.systemPackages = [ pkgs.borgbackup ];
|
||||||
|
};
|
||||||
|
|
||||||
defaultModules = [
|
defaultModules = [
|
||||||
# make flake inputs accessiable in NixOS
|
# make flake inputs accessiable in NixOS
|
||||||
{
|
{
|
||||||
_module.args.self = self;
|
_module.args.self = self;
|
||||||
_module.args.inputs = self.inputs;
|
_module.args.inputs = self.inputs;
|
||||||
}
|
}
|
||||||
# ssh keys
|
|
||||||
({ config, ... }: {
|
|
||||||
users.users.root.openssh.authorizedKeys.keyFiles = [
|
|
||||||
# master key
|
|
||||||
./assets/mrvandalo_rsa.pub
|
|
||||||
# backup key
|
|
||||||
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.syncoid.id_ed25519.pub"
|
|
||||||
"${config.clan.core.clanDir}/machines/chungus/facts/ssh.rbackup.id_ed25519.pub"
|
|
||||||
];
|
|
||||||
})
|
|
||||||
# configure nix
|
|
||||||
({ pkgs, lib, clanLib, ... }:
|
|
||||||
{
|
{
|
||||||
#nix.settings.substituters = [ "http://cache.orbi.wg0" ];
|
# disable emergency mode everywhere, although it might be needed on laptops
|
||||||
#nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
|
boot.initrd.systemd.emergencyAccess = false;
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
boot.initrd.systemd.suppressedUnits = [
|
||||||
|
"emergency.service"
|
||||||
|
"emergency.target"
|
||||||
|
];
|
||||||
|
systemd.enableEmergencyMode = false;
|
||||||
|
}
|
||||||
|
# configure nix
|
||||||
|
(
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
clanLib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
|
nix.settings.substituters = [ "http://cache.orbi.wg0" ];
|
||||||
|
nix.settings.trusted-public-keys = [ (clanLib.readFact "nix-serve.pub" "orbi") ];
|
||||||
|
nix.settings.experimental-features = [
|
||||||
|
"nix-command"
|
||||||
|
"flakes"
|
||||||
|
];
|
||||||
nix.settings.max-jobs = 1;
|
nix.settings.max-jobs = 1;
|
||||||
# no channesl needed this way
|
# no channesl needed this way
|
||||||
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
nix.nixPath = [ "nixpkgs=${pkgs.path}" ];
|
||||||
|
@ -260,10 +275,15 @@
|
||||||
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
|
documentation.nixos.options.warningsAreErrors = false; # todo make this true again
|
||||||
documentation.nixos.extraModules = [
|
documentation.nixos.extraModules = [
|
||||||
./components
|
./components
|
||||||
inputs.clan-core.nixosModules.clanCore
|
./features
|
||||||
|
#./modules
|
||||||
|
clan-core.nixosModules.clanCore
|
||||||
|
telemetry.nixosModules.telemetry
|
||||||
|
{
|
||||||
|
clan.core.clanDir = ./.; # fixes issues with clanCore https://git.clan.lol/clan/clan-core/issues/1979
|
||||||
|
}
|
||||||
# inputs.stylix.nixosModules.stylix # fixme: not working
|
# inputs.stylix.nixosModules.stylix # fixme: not working
|
||||||
permown.nixosModules.permown
|
permown.nixosModules.permown
|
||||||
kmonad.nixosModules.default
|
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
# retiolum.nixosModules.retiolum # fixme: not working
|
# retiolum.nixosModules.retiolum # fixme: not working
|
||||||
];
|
];
|
||||||
|
@ -271,56 +291,76 @@
|
||||||
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 10;
|
||||||
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
|
boot.loader.generic-extlinux-compatible.configurationLimit = lib.mkDefault 10;
|
||||||
boot.loader.grub.configurationLimit = lib.mkDefault 10;
|
boot.loader.grub.configurationLimit = lib.mkDefault 10;
|
||||||
})
|
}
|
||||||
|
)
|
||||||
|
# My Structure
|
||||||
|
./components
|
||||||
|
./features
|
||||||
|
./modules # todo : spread this across features and components
|
||||||
|
#./system/all # todo : spread this across features and components
|
||||||
|
|
||||||
# some modules I always use
|
# some modules I always use
|
||||||
|
telemetry.nixosModules.telemetry
|
||||||
permown.nixosModules.permown
|
permown.nixosModules.permown
|
||||||
kmonad.nixosModules.default
|
|
||||||
# some default things I always want
|
# some default things I always want
|
||||||
({ pkgs, ... }: {
|
(
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
boot.tmp.useTmpfs = lib.mkDefault true;
|
boot.tmp.useTmpfs = lib.mkDefault true;
|
||||||
environment.systemPackages = [
|
}
|
||||||
pkgs.nixpkgs-fmt
|
)
|
||||||
];
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
|
|
||||||
stylixModules = { pkgs, config, ... }: {
|
stylixModules =
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
imports = [ stylix.nixosModules.stylix ];
|
imports = [ stylix.nixosModules.stylix ];
|
||||||
stylix.enable = true;
|
stylix.enable = true;
|
||||||
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
|
stylix.base16Scheme = "${pkgs.base16-schemes}/share/themes/gruvbox-light-medium.yaml";
|
||||||
stylix.image = ./assets/wallpaper.png;
|
stylix.image = ./assets/wallpaper.png;
|
||||||
|
|
||||||
|
home-manager.sharedModules = [
|
||||||
|
{
|
||||||
|
# no need for hyperland
|
||||||
|
# https://github.com/danth/stylix/issues/543
|
||||||
|
stylix.targets.hyprpaper.enable = lib.mkForce false;
|
||||||
|
stylix.targets.hyprland.enable = lib.mkForce false;
|
||||||
|
}
|
||||||
|
];
|
||||||
stylix.fonts = {
|
stylix.fonts = {
|
||||||
serif = {
|
serif = {
|
||||||
package = pkgs.ubuntu_font_family;
|
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
|
||||||
name = "Ubuntu";
|
name = "Ubuntu";
|
||||||
};
|
};
|
||||||
sansSerif = {
|
sansSerif = {
|
||||||
package = pkgs.ubuntu_font_family;
|
package = pkgs.nerdfonts.override { fonts = [ "Ubuntu" ]; };
|
||||||
name = "Ubuntu";
|
name = "Ubuntu";
|
||||||
};
|
};
|
||||||
monospace = {
|
monospace = {
|
||||||
package = pkgs.jetbrains-mono;
|
package = pkgs.nerdfonts.override { fonts = [ "JetBrainsMono" ]; };
|
||||||
name = "JetBrains Mono";
|
name = "JetBrains Mono";
|
||||||
};
|
};
|
||||||
emoji = {
|
emoji = config.stylix.fonts.monospace;
|
||||||
package = pkgs.noto-fonts-emoji;
|
# emoji = {
|
||||||
name = "Noto Color Emoji";
|
# package = pkgs.noto-fonts-emoji;
|
||||||
};
|
# name = "Noto Color Emoji";
|
||||||
|
# };
|
||||||
sizes.popups = 15;
|
sizes.popups = 15;
|
||||||
};
|
};
|
||||||
# todo: remove this if not needed anymore
|
|
||||||
#home-manager.sharedModules = [
|
|
||||||
# { stylix.targets.bemenu.enable = false; }
|
|
||||||
#];
|
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
homeManagerModules = { pkgs, config, ... }: {
|
homeManagerModules =
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
];
|
];
|
||||||
home-manager.extraSpecialArgs = {
|
home-manager.extraSpecialArgs = {
|
||||||
inherit private_assets;
|
|
||||||
assets = ./assets;
|
assets = ./assets;
|
||||||
};
|
};
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
|
@ -328,25 +368,29 @@
|
||||||
home-manager.backupFileExtension = "backup";
|
home-manager.backupFileExtension = "backup";
|
||||||
home-manager.sharedModules = [
|
home-manager.sharedModules = [
|
||||||
home-manager-utils.hmModule
|
home-manager-utils.hmModule
|
||||||
|
taskwarrior.hmModules.bugwarrior
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
|
|
||||||
flake-parts.lib.mkFlake { inherit inputs; } ({ self, pkgs, ... }: {
|
flake-parts.lib.mkFlake { inherit inputs; } (
|
||||||
# We define our own systems below. you can still use this to add system specific outputs to your flake.
|
{
|
||||||
# See: https://flake.parts/getting-started
|
self,
|
||||||
|
self',
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
{
|
||||||
systems = [ "x86_64-linux" ];
|
systems = [ "x86_64-linux" ];
|
||||||
|
|
||||||
# import clan-core modules
|
|
||||||
imports = [
|
imports = [
|
||||||
clan-core.flakeModules.default
|
clan-core.flakeModules.default
|
||||||
|
healthchecks.flakeModule
|
||||||
|
./nix/formatter.nix
|
||||||
|
./nix/packages
|
||||||
|
./nix/topology
|
||||||
];
|
];
|
||||||
|
|
||||||
perSystem = { pkgs, ... }: {
|
|
||||||
packages.pkl = pkgs.callPackage ./pkgs/pkl { };
|
|
||||||
};
|
|
||||||
|
|
||||||
# Define your clan
|
# Define your clan
|
||||||
clan = {
|
clan = {
|
||||||
# Clan wide settings.
|
# Clan wide settings.
|
||||||
|
@ -355,63 +399,15 @@
|
||||||
|
|
||||||
machines = {
|
machines = {
|
||||||
|
|
||||||
sternchen = clanSetup {
|
|
||||||
name = "sternchen";
|
|
||||||
host = "sternchen.bear";
|
|
||||||
#host = "192.168.178.25";
|
|
||||||
modules = [
|
|
||||||
nixos-hardware.nixosModules.lenovo-thinkpad-x220
|
|
||||||
homeManagerModules
|
|
||||||
stylixModules
|
|
||||||
{ home-manager.users.mainUser.gui.enable = true; }
|
|
||||||
{
|
|
||||||
home-manager.users.mainUser = import ./homes/tina;
|
|
||||||
home-manager.users.root = import ./homes/root;
|
|
||||||
}
|
|
||||||
# todo : strange overrides, this should be an option kinda an be changed on another level (the homes/<name> folders or something)
|
|
||||||
({ lib, ... }: {
|
|
||||||
home-manager.sharedModules = [
|
|
||||||
{
|
|
||||||
programs.atuin.enable = lib.mkForce false;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
})
|
|
||||||
{
|
|
||||||
clan.core.machineDescription = "LaLaptop";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
cream = clanSetup {
|
|
||||||
name = "cream";
|
|
||||||
host = "cream.bear";
|
|
||||||
modules = [
|
|
||||||
zerotierModules
|
|
||||||
nixos-hardware.nixosModules.framework-12th-gen-intel
|
|
||||||
retiolum.nixosModules.retiolum
|
|
||||||
private_assets.nixosModules.cream
|
|
||||||
private_assets.nixosModules.yubikey
|
|
||||||
homeManagerModules
|
|
||||||
stylixModules
|
|
||||||
{ home-manager.users.mainUser.gui.enable = true; }
|
|
||||||
{
|
|
||||||
home-manager.users.mainUser = import ./homes/palo;
|
|
||||||
home-manager.users.root = import ./homes/root;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
clan.core.machineDescription = "Laptop";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
cherry = clanSetup {
|
cherry = clanSetup {
|
||||||
name = "cherry";
|
name = "cherry";
|
||||||
host = "cherry.bear";
|
host = "cherry.bear";
|
||||||
modules = [
|
modules = [
|
||||||
|
healthchecks.nixosModules.default
|
||||||
zerotierModules
|
zerotierModules
|
||||||
nixos-hardware.nixosModules.framework-13th-gen-intel
|
nixos-hardware.nixosModules.framework-13th-gen-intel
|
||||||
retiolum.nixosModules.retiolum
|
retiolum.nixosModules.retiolum
|
||||||
private_assets.nixosModules.yubikey
|
private-parts.nixosModules.cherry
|
||||||
homeManagerModules
|
homeManagerModules
|
||||||
stylixModules
|
stylixModules
|
||||||
{ home-manager.users.mainUser.gui.enable = true; }
|
{ home-manager.users.mainUser.gui.enable = true; }
|
||||||
|
@ -422,6 +418,15 @@
|
||||||
{
|
{
|
||||||
clan.core.machineDescription = "Laptop";
|
clan.core.machineDescription = "Laptop";
|
||||||
}
|
}
|
||||||
|
(
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
# keys only to access cherry
|
||||||
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
||||||
|
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.cherry.id_ed25519.pub"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -429,12 +434,13 @@
|
||||||
name = "chungus";
|
name = "chungus";
|
||||||
host = "chungus.bear";
|
host = "chungus.bear";
|
||||||
modules = [
|
modules = [
|
||||||
|
healthchecks.nixosModules.default
|
||||||
zerotierModules
|
zerotierModules
|
||||||
zerotierControllerModule
|
zerotierControllerModule
|
||||||
homeManagerModules
|
homeManagerModules
|
||||||
stylixModules
|
stylixModules
|
||||||
retiolum.nixosModules.retiolum
|
retiolum.nixosModules.retiolum
|
||||||
private_assets.nixosModules.chungus
|
private-parts.nixosModules.chungus
|
||||||
{
|
{
|
||||||
home-manager.users.mainUser = import ./homes/palo;
|
home-manager.users.mainUser = import ./homes/palo;
|
||||||
home-manager.users.root = import ./homes/root;
|
home-manager.users.root = import ./homes/root;
|
||||||
|
@ -442,6 +448,15 @@
|
||||||
{
|
{
|
||||||
clan.core.machineDescription = "Home Server";
|
clan.core.machineDescription = "Home Server";
|
||||||
}
|
}
|
||||||
|
(
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
# keys only to access chungus
|
||||||
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
||||||
|
"${config.clan.core.clanDir}/machines/cherry/facts/ssh.root.chungus.id_ed25519.pub"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
)
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -450,17 +465,14 @@
|
||||||
host = "orbi.bear";
|
host = "orbi.bear";
|
||||||
#host = "95.216.66.212";
|
#host = "95.216.66.212";
|
||||||
modules = [
|
modules = [
|
||||||
zerotierModules
|
defaultAuthorizedKeys
|
||||||
|
healthchecks.nixosModules.default
|
||||||
homeManagerModules
|
homeManagerModules
|
||||||
stylixModules
|
stylixModules
|
||||||
|
zerotierModules
|
||||||
srvos.nixosModules.hardware-hetzner-online-intel
|
srvos.nixosModules.hardware-hetzner-online-intel
|
||||||
#srvos.nixosModules.server
|
#srvos.nixosModules.server
|
||||||
#srvos.nixosModules.mixins-terminfo
|
#srvos.nixosModules.mixins-terminfo
|
||||||
{
|
|
||||||
# not needed for servers in general
|
|
||||||
boot.initrd.systemd.emergencyAccess = false;
|
|
||||||
systemd.enableEmergencyMode = false;
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
home-manager.users.mainUser = import ./homes/palo;
|
home-manager.users.mainUser = import ./homes/palo;
|
||||||
home-manager.users.root = import ./homes/root;
|
home-manager.users.root = import ./homes/root;
|
||||||
|
@ -476,6 +488,7 @@
|
||||||
#host = "167.235.205.150";
|
#host = "167.235.205.150";
|
||||||
host = "95.217.18.54";
|
host = "95.217.18.54";
|
||||||
modules = [
|
modules = [
|
||||||
|
defaultAuthorizedKeys
|
||||||
homeManagerModules
|
homeManagerModules
|
||||||
stylixModules
|
stylixModules
|
||||||
srvos.nixosModules.hardware-hetzner-cloud
|
srvos.nixosModules.hardware-hetzner-cloud
|
||||||
|
@ -492,11 +505,31 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
usbstick = clanSetup {
|
||||||
|
name = "usbstick";
|
||||||
|
#host = "usbstick.bear";
|
||||||
|
host = "10.100.0.100";
|
||||||
|
modules = [
|
||||||
|
defaultAuthorizedKeys
|
||||||
|
homeManagerModules
|
||||||
|
stylixModules
|
||||||
|
zerotierModules
|
||||||
|
{ home-manager.users.mainUser.gui.enable = true; }
|
||||||
|
{
|
||||||
|
home-manager.users.mainUser = import ./homes/palo;
|
||||||
|
home-manager.users.root = import ./homes/root;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
clan.core.machineDescription = "USB-Stick for Backup";
|
||||||
|
}
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
});
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,10 @@
|
||||||
{ lib, ... }:
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./editor.nix
|
||||||
|
./network.nix
|
||||||
|
#./oh-my-posh
|
||||||
|
./starship-rs
|
||||||
./packages.nix
|
./packages.nix
|
||||||
./terminal.nix
|
./terminal.nix
|
||||||
./zfs.nix
|
./zfs.nix
|
||||||
|
|
|
@ -1,11 +1,10 @@
|
||||||
|
{ lib, ... }:
|
||||||
{
|
{
|
||||||
programs.vim = {
|
programs.vim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
defaultEditor = true;
|
defaultEditor = lib.mkDefault true;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.helix = {
|
programs.helix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# defaultEditor = true;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
34
homes/common/network.nix
Normal file
34
homes/common/network.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
config = mkMerge [
|
||||||
|
{
|
||||||
|
home.packages = [
|
||||||
|
# firewall analysis
|
||||||
|
pkgs.nftables
|
||||||
|
pkgs.nixos-firewall-tool
|
||||||
|
|
||||||
|
# analyser
|
||||||
|
pkgs.dnsutils
|
||||||
|
pkgs.tcpdump
|
||||||
|
pkgs.nmap
|
||||||
|
pkgs.rustscan
|
||||||
|
|
||||||
|
# helper
|
||||||
|
pkgs.ipcalc
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
(mkIf config.gui.enable {
|
||||||
|
home.packages = [
|
||||||
|
pkgs.wireshark
|
||||||
|
];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}
|
15
homes/common/oh-my-posh/default.nix
Normal file
15
homes/common/oh-my-posh/default.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
{
|
||||||
|
programs.oh-my-posh = {
|
||||||
|
enable = true;
|
||||||
|
# https://ohmyposh.dev/docs/themes
|
||||||
|
#useTheme = "gmay"; # ganz nice, aber farben sind ein bisl schrill
|
||||||
|
settings = builtins.fromJSON (builtins.readFile ./gmay.json);
|
||||||
|
};
|
||||||
|
}
|
121
homes/common/oh-my-posh/gmay.json
Normal file
121
homes/common/oh-my-posh/gmay.json
Normal file
|
@ -0,0 +1,121 @@
|
||||||
|
{
|
||||||
|
"$schema": "https://raw.githubusercontent.com/JanDeDobbeleer/oh-my-posh/main/themes/schema.json",
|
||||||
|
"blocks": [
|
||||||
|
{
|
||||||
|
"alignment": "left",
|
||||||
|
"segments": [
|
||||||
|
{
|
||||||
|
"background": "#076678",
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"leading_diamond": "\ue0b6",
|
||||||
|
"style": "diamond",
|
||||||
|
"template": " {{ if .WSL }}WSL at {{ end }}{{.Icon}} ",
|
||||||
|
"type": "os"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"background": "#AF3A03",
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"powerline_symbol": "\ue0b0",
|
||||||
|
"style": "powerline",
|
||||||
|
"template": " \uf0e7 ",
|
||||||
|
"type": "root"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"background": "#076678",
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"powerline_symbol": "\ue0b0",
|
||||||
|
"style": "powerline",
|
||||||
|
"template": " {{ if .SSHSession }}\ueba9 {{ end }}{{ .UserName }}@{{ .HostName }} ",
|
||||||
|
"type": "session"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"background": "#B57614",
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"powerline_symbol": "\ue0b0",
|
||||||
|
"properties": {
|
||||||
|
"style": "full"
|
||||||
|
},
|
||||||
|
"style": "powerline",
|
||||||
|
"template": " \ue5ff {{ .Path }} ",
|
||||||
|
"type": "path"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"background": "#79740E",
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"powerline_symbol": "\ue0b0",
|
||||||
|
"properties": {
|
||||||
|
"time_format": "2006-01-02 15:04:05"
|
||||||
|
},
|
||||||
|
"style": "powerline",
|
||||||
|
"template": " {{ .CurrentDate | date .Format }} ",
|
||||||
|
"type": "time"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "project",
|
||||||
|
"style": "powerline",
|
||||||
|
"powerline_symbol": "",
|
||||||
|
"foreground": "#193549",
|
||||||
|
"background": "#ffeb3b",
|
||||||
|
"template": " {{ if .Error }}{{ .Error }}{{ else }}{{ if .Version }} {{.Version}}{{ end }} {{ if .Name }}{{ .Name }}{{ end }}{{ end }} "
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"type": "git",
|
||||||
|
"style": "powerline",
|
||||||
|
"powerline_symbol": "",
|
||||||
|
"background": "#427b58",
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"background_templates": [
|
||||||
|
"{{ if or (.Working.Changed) (.Staging.Changed) }}#8f3f71{{ end }}",
|
||||||
|
"{{ if and (gt .Ahead 0) (gt .Behind 0) }}#076678{{ end }}",
|
||||||
|
"{{ if gt .Ahead 0 }}#076678{{ end }}",
|
||||||
|
"{{ if gt .Behind 0 }}#076678{{ end }}"
|
||||||
|
],
|
||||||
|
"template": "{{ .UpstreamIcon }}{{ .HEAD }}{{if .BranchStatus }} {{ .BranchStatus }}{{ end }}{{ if .Working.Changed }} {{ .Working.String }}{{ end }}{{ if and (.Working.Changed) (.Staging.Changed) }} |{{ end }}{{ if .Staging.Changed }} {{ .Staging.String }}{{ end }}{{ if gt .StashCount 0 }} {{ .StashCount }}{{ end }}",
|
||||||
|
"properties": {
|
||||||
|
"fetch_status": true,
|
||||||
|
"fetch_upstream_icon": true,
|
||||||
|
"untracked_modes": {
|
||||||
|
"/Users/user/Projects/oh-my-posh/": "no"
|
||||||
|
},
|
||||||
|
"source": "cli",
|
||||||
|
"mapped_branches": {
|
||||||
|
"feat/*": "🚀 ",
|
||||||
|
"bug/*": "🐛 "
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"background": "#427B58",
|
||||||
|
"background_templates": [
|
||||||
|
"{{ if gt .Code 0 }}#9D0006{{ end }}"
|
||||||
|
],
|
||||||
|
"foreground": "#EBDBB2",
|
||||||
|
"leading_diamond": "<transparent,background>\ue0b0</>",
|
||||||
|
"properties": {
|
||||||
|
"always_enabled": true
|
||||||
|
},
|
||||||
|
"style": "diamond",
|
||||||
|
"template": " \ueb05 ",
|
||||||
|
"trailing_diamond": "\ue0b4",
|
||||||
|
"type": "status"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"type": "prompt"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"alignment": "left",
|
||||||
|
"newline": true,
|
||||||
|
"segments": [
|
||||||
|
{
|
||||||
|
"foreground": "#076678",
|
||||||
|
"style": "plain",
|
||||||
|
"template": "\uf0a9 ",
|
||||||
|
"type": "text"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"type": "prompt"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"final_space": true,
|
||||||
|
"version": 2
|
||||||
|
}
|
|
@ -13,9 +13,13 @@
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"background": "#fbf1c7",
|
"background": "#fbf1c7",
|
||||||
"background_templates": ["{{ if .Root }}#af3a03{{ end }}"],
|
"background_templates": [
|
||||||
|
"{{ if .Root }}#af3a03{{ end }}"
|
||||||
|
],
|
||||||
"foreground": "#282828",
|
"foreground": "#282828",
|
||||||
"foreground_templates": ["{{ if .Root }}#fbf1c7{{ end }}"],
|
"foreground_templates": [
|
||||||
|
"{{ if .Root }}#fbf1c7{{ end }}"
|
||||||
|
],
|
||||||
"powerline_symbol": "\ue0b0",
|
"powerline_symbol": "\ue0b0",
|
||||||
"style": "powerline",
|
"style": "powerline",
|
||||||
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
|
"template": " {{ if .SSHSession }} {{ end }}{{ .HostName }} ",
|
|
@ -1,14 +1,16 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
{
|
{
|
||||||
home.packages = [
|
home.packages = [
|
||||||
bind.dnsutils
|
|
||||||
nmap
|
|
||||||
hexyl
|
hexyl
|
||||||
ipcalc
|
|
||||||
|
|
||||||
units
|
units
|
||||||
difftastic
|
difftastic
|
||||||
|
@ -21,9 +23,11 @@ with lib;
|
||||||
|
|
||||||
gimoji
|
gimoji
|
||||||
|
|
||||||
tldr
|
#tldr
|
||||||
|
tealdeer
|
||||||
|
navi # cheatsheet manager
|
||||||
|
|
||||||
bandwhich
|
bandwhich # todo : put this to common/networking.nix
|
||||||
|
|
||||||
unzip
|
unzip
|
||||||
genpass
|
genpass
|
||||||
|
@ -35,13 +39,16 @@ with lib;
|
||||||
(writers.writeBashBin "vulnix-system" ''
|
(writers.writeBashBin "vulnix-system" ''
|
||||||
${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
|
${vulnix}/bin/vulnix --profile /nix/var/nix/profiles/system
|
||||||
'')
|
'')
|
||||||
|
|
||||||
|
# cpu load monitor
|
||||||
|
glances
|
||||||
];
|
];
|
||||||
|
|
||||||
|
# cpu load monitor
|
||||||
programs.btop.enable = true;
|
programs.btop.enable = true;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
(mkIf config.gui.enable {
|
(mkIf config.gui.enable {
|
||||||
home.packages = [
|
home.packages = [
|
||||||
libreoffice
|
libreoffice
|
||||||
|
@ -54,7 +61,7 @@ with lib;
|
||||||
aspellDicts.es
|
aspellDicts.es
|
||||||
|
|
||||||
evince
|
evince
|
||||||
sxiv
|
nsxiv
|
||||||
gimp
|
gimp
|
||||||
inkscape
|
inkscape
|
||||||
|
|
||||||
|
|
33
homes/common/starship-rs/default.nix
Normal file
33
homes/common/starship-rs/default.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib;
|
||||||
|
with config.lib.stylix.colors.withHashtag;
|
||||||
|
|
||||||
|
{
|
||||||
|
programs.starship = {
|
||||||
|
enable = true;
|
||||||
|
# download presets from : https://starship.rs/presets/
|
||||||
|
settings = builtins.fromTOML ((builtins.readFile ./gruvbox-rainbow.toml)) // {
|
||||||
|
palettes.stylix = {
|
||||||
|
color_fg0 = base01;
|
||||||
|
color_terminal_fg = base05;
|
||||||
|
color_terminal_bg = base00;
|
||||||
|
color_bg1 = base04;
|
||||||
|
color_bg2 = base02;
|
||||||
|
color_bg3 = base03;
|
||||||
|
color_blue = base0D;
|
||||||
|
color_aqua = base0C;
|
||||||
|
color_green = base0B;
|
||||||
|
color_orange = base0F;
|
||||||
|
color_purple = base0E;
|
||||||
|
color_red = base08;
|
||||||
|
color_yellow = base0A;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
184
homes/common/starship-rs/gruvbox-rainbow.toml
Normal file
184
homes/common/starship-rs/gruvbox-rainbow.toml
Normal file
|
@ -0,0 +1,184 @@
|
||||||
|
"$schema" = 'https://starship.rs/config-schema.json'
|
||||||
|
|
||||||
|
format = """
|
||||||
|
$os\
|
||||||
|
$username\
|
||||||
|
$hostname \
|
||||||
|
[](bg:color_yellow fg:color_terminal_bg)\
|
||||||
|
$directory\
|
||||||
|
[](fg:color_yellow bg:color_aqua)\
|
||||||
|
$git_branch\
|
||||||
|
$git_status\
|
||||||
|
[](fg:color_aqua bg:color_blue)\
|
||||||
|
$c\
|
||||||
|
$rust\
|
||||||
|
$golang\
|
||||||
|
$nodejs\
|
||||||
|
$php\
|
||||||
|
$java\
|
||||||
|
$kotlin\
|
||||||
|
$haskell\
|
||||||
|
$python\
|
||||||
|
[](fg:color_blue bg:color_bg3)\
|
||||||
|
$docker_context\
|
||||||
|
$conda\
|
||||||
|
[](fg:color_bg3 bg:color_bg1)\
|
||||||
|
$time\
|
||||||
|
[ ](fg:color_bg1)\
|
||||||
|
$character"""
|
||||||
|
|
||||||
|
palette = 'stylix' # we use stylix instead of gruvbox_dark
|
||||||
|
|
||||||
|
# todo : use stylix/base16 scheme
|
||||||
|
[palettes.gruvbox_dark]
|
||||||
|
color_fg0 = '#fbf1c7'
|
||||||
|
color_terminal_bg = '#fbf1c7' # original background
|
||||||
|
color_terminal_fg = '#3c3836' # original foreground
|
||||||
|
color_bg1 = '#3c3836'
|
||||||
|
color_bg2 = '#665c54'
|
||||||
|
color_bg3 = '#665c54'
|
||||||
|
color_blue = '#458588'
|
||||||
|
color_aqua = '#689d6a'
|
||||||
|
color_green = '#98971a'
|
||||||
|
color_orange = '#d65d0e'
|
||||||
|
color_purple = '#b16286'
|
||||||
|
color_red = '#cc241d'
|
||||||
|
color_yellow = '#d79921'
|
||||||
|
|
||||||
|
[os]
|
||||||
|
disabled = false
|
||||||
|
style = "bold bg:color_blue fg:color_terminal_bg"
|
||||||
|
#format = "[$symbol ]($style)"
|
||||||
|
format = "[](color_blue)[$symbol ]($style)[ ](fg:color_blue bg:color_terminal_bg)"
|
||||||
|
|
||||||
|
|
||||||
|
[os.symbols]
|
||||||
|
Alpine = ""
|
||||||
|
Amazon = ""
|
||||||
|
Android = ""
|
||||||
|
Arch = ""
|
||||||
|
Artix = ""
|
||||||
|
CentOS = ""
|
||||||
|
Debian = ""
|
||||||
|
EndeavourOS = ""
|
||||||
|
Fedora = ""
|
||||||
|
Gentoo = ""
|
||||||
|
Linux = ""
|
||||||
|
Macos = ""
|
||||||
|
Manjaro = ""
|
||||||
|
Mint = ""
|
||||||
|
NixOS = ""
|
||||||
|
Pop = ""
|
||||||
|
Raspbian = ""
|
||||||
|
RedHatEnterprise = ""
|
||||||
|
Redhat = ""
|
||||||
|
SUSE = ""
|
||||||
|
Ubuntu = ""
|
||||||
|
Windows = ""
|
||||||
|
|
||||||
|
[username]
|
||||||
|
show_always = true
|
||||||
|
style_user = "bg:color_terminal_bg fg:color_terminal_fg"
|
||||||
|
style_root = "bg:color_terminal_bg fg:color_red bold"
|
||||||
|
format = '[$user]($style)'
|
||||||
|
|
||||||
|
[hostname]
|
||||||
|
ssh_only = true
|
||||||
|
style = "bg:color_terminal_bg fg:color_terminal_fg"
|
||||||
|
ssh_symbol = "@"
|
||||||
|
format = "[$ssh_symbol$hostname]($style)"
|
||||||
|
|
||||||
|
[directory]
|
||||||
|
style = "fg:color_fg0 bg:color_yellow"
|
||||||
|
format = "[ $path ]($style)"
|
||||||
|
truncation_length = 3
|
||||||
|
truncation_symbol = "…/"
|
||||||
|
|
||||||
|
[directory.substitutions]
|
||||||
|
"Documents" = " "
|
||||||
|
"Downloads" = " "
|
||||||
|
"Music" = " "
|
||||||
|
"Pictures" = " "
|
||||||
|
"Developer" = " "
|
||||||
|
"dev" = " "
|
||||||
|
|
||||||
|
[git_branch]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_aqua"
|
||||||
|
format = '[[ $symbol $branch ](fg:color_fg0 bg:color_aqua)]($style)'
|
||||||
|
|
||||||
|
[git_status]
|
||||||
|
style = "bg:color_aqua"
|
||||||
|
format = '[[($all_status$ahead_behind )](fg:color_fg0 bg:color_aqua)]($style)'
|
||||||
|
|
||||||
|
[nodejs]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[c]
|
||||||
|
symbol = " "
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[rust]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[golang]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[php]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[java]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[kotlin]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[haskell]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[python]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_blue"
|
||||||
|
format = '[[ $symbol( $version) ](fg:color_fg0 bg:color_blue)]($style)'
|
||||||
|
|
||||||
|
[docker_context]
|
||||||
|
symbol = ""
|
||||||
|
style = "bg:color_bg3"
|
||||||
|
format = '[[ $symbol( $context) ](fg:color_fg0 bg:color_bg3)]($style)'
|
||||||
|
|
||||||
|
[conda]
|
||||||
|
style = "bg:color_bg3"
|
||||||
|
format = '[[ $symbol( $environment) ](fg:color_fg0 bg:color_bg3)]($style)'
|
||||||
|
|
||||||
|
[time]
|
||||||
|
disabled = false
|
||||||
|
time_format = "%R"
|
||||||
|
style = "bg:color_bg1"
|
||||||
|
format = '[[ $time ](fg:color_fg0 bg:color_bg1)]($style)'
|
||||||
|
|
||||||
|
[line_break]
|
||||||
|
disabled = false
|
||||||
|
|
||||||
|
[character]
|
||||||
|
disabled = false
|
||||||
|
success_symbol = "[](fg:color_bg2)[ ](bold fg:color_terminal_fg bg:color_bg2)[](fg:color_bg2)"
|
||||||
|
error_symbol = "[](fg:color_bg2)[ ](bold fg:color_red bg:color_bg2)[](fg:color_bg2)"
|
||||||
|
vimcmd_symbol = '[](bold fg:color_green)'
|
||||||
|
vimcmd_replace_one_symbol = '[](bold fg:color_purple)'
|
||||||
|
vimcmd_replace_symbol = '[](bold fg:color_purple)'
|
||||||
|
vimcmd_visual_symbol = '[](bold fg:color_yellow)'
|
|
@ -1,4 +1,9 @@
|
||||||
{ lib, pkgs, assets, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
assets,
|
||||||
|
...
|
||||||
|
}:
|
||||||
{
|
{
|
||||||
|
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,12 +1,11 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
../common
|
../common
|
||||||
./editor.nix
|
|
||||||
./git.nix
|
./git.nix
|
||||||
./gpg.nix
|
./gpg.nix
|
||||||
./gui
|
./gui
|
||||||
#./hyperland.nix
|
|
||||||
./i3.nix
|
./i3.nix
|
||||||
./packages
|
./packages
|
||||||
./ssh.nix
|
./ssh.nix
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
with lib;
|
|
||||||
{
|
|
||||||
config = mkMerge [
|
|
||||||
{
|
|
||||||
home.packages = [ pkgs.ripgrep ];
|
|
||||||
}
|
|
||||||
(mkIf config.gui.enable {
|
|
||||||
programs.doom-emacs = {
|
|
||||||
enable = lib.mkDefault true;
|
|
||||||
doomPrivateDir = ./doom.d;
|
|
||||||
extraConfig = ''
|
|
||||||
;; "monospace" means use the system default. However, the default is usually two
|
|
||||||
;; points larger than I'd like, so I specify size 12 here.
|
|
||||||
(setq doom-font
|
|
||||||
(font-spec :family "Jetbrains Mono" :size ${toString 12} :weight 'light))
|
|
||||||
;;(setq doom-font
|
|
||||||
;; (font-spec :family "Terminus" :size ${toString 12} :weight 'light))
|
|
||||||
'';
|
|
||||||
#emacsPackagesOverlay = self: super: {
|
|
||||||
# # fixes https://github.com/vlaci/nix-doom-emacs/issues/394
|
|
||||||
# gitignore-mode = pkgs.emacsPackages.git-modes;
|
|
||||||
# gitconfig-mode = pkgs.emacsPackages.git-modes;
|
|
||||||
#};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
(mkIf (!config.gui.enable) {
|
|
||||||
programs.doom-emacs = {
|
|
||||||
enable = lib.mkDefault true;
|
|
||||||
doomPrivateDir = ./doom.d;
|
|
||||||
package = pkgs.emacs-nox;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
;; configure theme
|
|
||||||
(setq doom-theme 'doom-solarized-light)
|
|
||||||
|
|
||||||
|
|
|
@ -1,187 +0,0 @@
|
||||||
;;; init.el -*- lexical-binding: t; -*-
|
|
||||||
|
|
||||||
;; This file controls what Doom modules are enabled and what order they load
|
|
||||||
;; in. Remember to run 'doom sync' after modifying it!
|
|
||||||
|
|
||||||
;; NOTE Press 'SPC h d h' (or 'C-h d h' for non-vim users) to access Doom's
|
|
||||||
;; documentation. There you'll find a "Module Index" link where you'll find
|
|
||||||
;; a comprehensive list of Doom's modules and what flags they support.
|
|
||||||
|
|
||||||
;; NOTE Move your cursor over a module's name (or its flags) and press 'K' (or
|
|
||||||
;; 'C-c c k' for non-vim users) to view its documentation. This works on
|
|
||||||
;; flags as well (those symbols that start with a plus).
|
|
||||||
;;
|
|
||||||
;; Alternatively, press 'gd' (or 'C-c c d') on a module to browse its
|
|
||||||
;; directory (for easy access to its source code).
|
|
||||||
|
|
||||||
(doom! :input
|
|
||||||
;;chinese
|
|
||||||
;;japanese
|
|
||||||
;;layout ; auie,ctsrnm is the superior home row
|
|
||||||
|
|
||||||
:completion
|
|
||||||
company ; the ultimate code completion backend
|
|
||||||
;;helm ; the *other* search engine for love and life
|
|
||||||
;;ido ; the other *other* search engine...
|
|
||||||
ivy ; a search engine for love and life
|
|
||||||
|
|
||||||
:ui
|
|
||||||
;;deft ; notational velocity for Emacs
|
|
||||||
doom ; what makes DOOM look the way it does
|
|
||||||
doom-dashboard ; a nifty splash screen for Emacs
|
|
||||||
doom-quit ; DOOM quit-message prompts when you quit Emacs
|
|
||||||
;;(emoji +unicode) ; 🙂
|
|
||||||
hl-todo ; highlight TODO/FIXME/NOTE/DEPRECATED/HACK/REVIEW
|
|
||||||
;;hydra
|
|
||||||
;;indent-guides ; highlighted indent columns
|
|
||||||
;;ligatures ; ligatures and symbols to make your code pretty again
|
|
||||||
;;minimap ; show a map of the code on the side
|
|
||||||
modeline ; snazzy, Atom-inspired modeline, plus API
|
|
||||||
;;nav-flash ; blink cursor line after big motions
|
|
||||||
;;neotree ; a project drawer, like NERDTree for vim
|
|
||||||
ophints ; highlight the region an operation acts on
|
|
||||||
(popup +defaults) ; tame sudden yet inevitable temporary windows
|
|
||||||
;;tabs ; a tab bar for Emacs
|
|
||||||
;;treemacs ; a project drawer, like neotree but cooler
|
|
||||||
;;unicode ; extended unicode support for various languages
|
|
||||||
vc-gutter ; vcs diff in the fringe
|
|
||||||
vi-tilde-fringe ; fringe tildes to mark beyond EOB
|
|
||||||
;;window-select ; visually switch windows
|
|
||||||
workspaces ; tab emulation, persistence & separate workspaces
|
|
||||||
;;zen ; distraction-free coding or writing
|
|
||||||
|
|
||||||
:editor
|
|
||||||
(evil +everywhere); come to the dark side, we have cookies
|
|
||||||
file-templates ; auto-snippets for empty files
|
|
||||||
fold ; (nigh) universal code folding
|
|
||||||
;;(format +onsave) ; automated prettiness
|
|
||||||
;;god ; run Emacs commands without modifier keys
|
|
||||||
;;lispy ; vim for lisp, for people who don't like vim
|
|
||||||
;;multiple-cursors ; editing in many places at once
|
|
||||||
;;objed ; text object editing for the innocent
|
|
||||||
;;parinfer ; turn lisp into python, sort of
|
|
||||||
;;rotate-text ; cycle region at point between text candidates
|
|
||||||
snippets ; my elves. They type so I don't have to
|
|
||||||
;;word-wrap ; soft wrapping with language-aware indent
|
|
||||||
|
|
||||||
:emacs
|
|
||||||
dired ; making dired pretty [functional]
|
|
||||||
electric ; smarter, keyword-based electric-indent
|
|
||||||
;;ibuffer ; interactive buffer management
|
|
||||||
undo ; persistent, smarter undo for your inevitable mistakes
|
|
||||||
vc ; version-control and Emacs, sitting in a tree
|
|
||||||
|
|
||||||
:term
|
|
||||||
;;eshell ; the elisp shell that works everywhere
|
|
||||||
;;shell ; simple shell REPL for Emacs
|
|
||||||
;;term ; basic terminal emulator for Emacs
|
|
||||||
;;vterm ; the best terminal emulation in Emacs
|
|
||||||
|
|
||||||
:checkers
|
|
||||||
syntax ; tasing you for every semicolon you forget
|
|
||||||
;;(spell +flyspell) ; tasing you for misspelling mispelling
|
|
||||||
;;grammar ; tasing grammar mistake every you make
|
|
||||||
|
|
||||||
:tools
|
|
||||||
;;ansible
|
|
||||||
;;debugger ; FIXME stepping through code, to help you add bugs
|
|
||||||
;;direnv
|
|
||||||
;;docker
|
|
||||||
;;editorconfig ; let someone else argue about tabs vs spaces
|
|
||||||
;;ein ; tame Jupyter notebooks with emacs
|
|
||||||
(eval +overlay) ; run code, run (also, repls)
|
|
||||||
;;gist ; interacting with github gists
|
|
||||||
lookup ; navigate your code and its documentation
|
|
||||||
;;lsp ; M-x vscode
|
|
||||||
magit ; a git porcelain for Emacs
|
|
||||||
;;make ; run make tasks from Emacs
|
|
||||||
;;pass ; password manager for nerds
|
|
||||||
;;pdf ; pdf enhancements
|
|
||||||
;;prodigy ; FIXME managing external services & code builders
|
|
||||||
;;rgb ; creating color strings
|
|
||||||
;;taskrunner ; taskrunner for all your projects
|
|
||||||
;;terraform ; infrastructure as code
|
|
||||||
;;tmux ; an API for interacting with tmux
|
|
||||||
;;upload ; map local to remote projects via ssh/ftp
|
|
||||||
|
|
||||||
:os
|
|
||||||
(:if IS-MAC macos) ; improve compatibility with macOS
|
|
||||||
;;tty ; improve the terminal Emacs experience
|
|
||||||
|
|
||||||
:lang
|
|
||||||
;;agda ; types of types of types of types...
|
|
||||||
;;beancount ; mind the GAAP
|
|
||||||
;;cc ; C > C++ == 1
|
|
||||||
;;clojure ; java with a lisp
|
|
||||||
;;common-lisp ; if you've seen one lisp, you've seen them all
|
|
||||||
;;coq ; proofs-as-programs
|
|
||||||
;;crystal ; ruby at the speed of c
|
|
||||||
;;csharp ; unity, .NET, and mono shenanigans
|
|
||||||
;;data ; config/data formats
|
|
||||||
;;(dart +flutter) ; paint ui and not much else
|
|
||||||
;;elixir ; erlang done right
|
|
||||||
;;elm ; care for a cup of TEA?
|
|
||||||
emacs-lisp ; drown in parentheses
|
|
||||||
;;erlang ; an elegant language for a more civilized age
|
|
||||||
;;ess ; emacs speaks statistics
|
|
||||||
;;factor
|
|
||||||
;;faust ; dsp, but you get to keep your soul
|
|
||||||
;;fsharp ; ML stands for Microsoft's Language
|
|
||||||
;;fstar ; (dependent) types and (monadic) effects and Z3
|
|
||||||
;;gdscript ; the language you waited for
|
|
||||||
;;(go +lsp) ; the hipster dialect
|
|
||||||
;;(haskell +dante) ; a language that's lazier than I am
|
|
||||||
;;hy ; readability of scheme w/ speed of python
|
|
||||||
;;idris ; a language you can depend on
|
|
||||||
;;json ; At least it ain't XML
|
|
||||||
;;(java +meghanada) ; the poster child for carpal tunnel syndrome
|
|
||||||
;;javascript ; all(hope(abandon(ye(who(enter(here))))))
|
|
||||||
;;julia ; a better, faster MATLAB
|
|
||||||
;;kotlin ; a better, slicker Java(Script)
|
|
||||||
;;latex ; writing papers in Emacs has never been so fun
|
|
||||||
;;lean ; for folks with too much to prove
|
|
||||||
;;ledger ; be audit you can be
|
|
||||||
;;lua ; one-based indices? one-based indices
|
|
||||||
markdown ; writing docs for people to ignore
|
|
||||||
;;nim ; python + lisp at the speed of c
|
|
||||||
nix ; I hereby declare "nix geht mehr!"
|
|
||||||
;;ocaml ; an objective camel
|
|
||||||
(org +roam2) ; organize your plain life in plain text
|
|
||||||
;;php ; perl's insecure younger brother
|
|
||||||
;;plantuml ; diagrams for confusing people more
|
|
||||||
;;purescript ; javascript, but functional
|
|
||||||
;;python ; beautiful is better than ugly
|
|
||||||
;;qt ; the 'cutest' gui framework ever
|
|
||||||
;;racket ; a DSL for DSLs
|
|
||||||
;;raku ; the artist formerly known as perl6
|
|
||||||
;;rest ; Emacs as a REST client
|
|
||||||
;;rst ; ReST in peace
|
|
||||||
;;(ruby +rails) ; 1.step {|i| p "Ruby is #{i.even? ? 'love' : 'life'}"}
|
|
||||||
;;rust ; Fe2O3.unwrap().unwrap().unwrap().unwrap()
|
|
||||||
;;scala ; java, but good
|
|
||||||
;;(scheme +guile) ; a fully conniving family of lisps
|
|
||||||
sh ; she sells {ba,z,fi}sh shells on the C xor
|
|
||||||
;;sml
|
|
||||||
;;solidity ; do you need a blockchain? No.
|
|
||||||
;;swift ; who asked for emoji variables?
|
|
||||||
;;terra ; Earth and Moon in alignment for performance.
|
|
||||||
;;web ; the tubes
|
|
||||||
;;yaml ; JSON, but readable
|
|
||||||
;;zig ; C, but simpler
|
|
||||||
|
|
||||||
:email
|
|
||||||
;;(mu4e +gmail)
|
|
||||||
;;notmuch
|
|
||||||
;;(wanderlust +gmail)
|
|
||||||
|
|
||||||
:app
|
|
||||||
;;calendar
|
|
||||||
;;emms
|
|
||||||
;;everywhere ; *leave* Emacs!? You must be joking
|
|
||||||
;;irc ; how neckbeards socialize
|
|
||||||
;;(rss +org) ; emacs as an RSS reader
|
|
||||||
;;twitter ; twitter client https://twitter.com/vnought
|
|
||||||
|
|
||||||
:config
|
|
||||||
;;literate
|
|
||||||
(default +bindings +smartparens))
|
|
|
@ -10,16 +10,24 @@ with pkgs;
|
||||||
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
|
key = "42AC51C9482D0834CF488AF1389EC2D64AC71EAC";
|
||||||
signByDefault = true;
|
signByDefault = true;
|
||||||
};
|
};
|
||||||
ignores = [ "*.swp" "*~" ".idea" ".*penis.*" "result" ".envrc" ".direnv" ];
|
ignores = [
|
||||||
|
"*.swp"
|
||||||
|
"*~"
|
||||||
|
".idea"
|
||||||
|
".*penis.*"
|
||||||
|
"result"
|
||||||
|
".envrc"
|
||||||
|
".direnv"
|
||||||
|
];
|
||||||
extraConfig = {
|
extraConfig = {
|
||||||
init.defaultBranch = "main";
|
init.defaultBranch = "main";
|
||||||
pull.ff = "only";
|
pull.ff = "only";
|
||||||
|
push.autoSetupRemote = true;
|
||||||
};
|
};
|
||||||
#diff-so-fancy.enable = true;
|
#diff-so-fancy.enable = true;
|
||||||
difftastic.enable = true;
|
difftastic.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
home.packages = [
|
home.packages = [
|
||||||
pre-commit
|
pre-commit
|
||||||
gita
|
gita
|
||||||
|
|
|
@ -12,8 +12,7 @@
|
||||||
keyserver = "keyserver.ubuntu.com";
|
keyserver = "keyserver.ubuntu.com";
|
||||||
personal-digest-preferences = "SHA512";
|
personal-digest-preferences = "SHA512";
|
||||||
cert-digest-algo = "SHA512";
|
cert-digest-algo = "SHA512";
|
||||||
default-preference-list =
|
default-preference-list = "SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
|
||||||
"SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ lib, pkgs, config, ... }:
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -31,6 +36,5 @@ with lib;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,161 +0,0 @@
|
||||||
{ pkgs, ... }:
|
|
||||||
{
|
|
||||||
|
|
||||||
home.file.".config/hypr/hyperland.conf".text = ''
|
|
||||||
autogenerated = 1 # remove this line to remove the warning
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Monitors/
|
|
||||||
monitor=,preferred,auto,auto
|
|
||||||
|
|
||||||
# Some default env vars.
|
|
||||||
env = XCURSOR_SIZE,24
|
|
||||||
|
|
||||||
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
|
||||||
input {
|
|
||||||
kb_layout = us
|
|
||||||
kb_variant =
|
|
||||||
kb_model =
|
|
||||||
kb_options =
|
|
||||||
kb_rules =
|
|
||||||
|
|
||||||
follow_mouse = 1
|
|
||||||
|
|
||||||
touchpad {
|
|
||||||
natural_scroll = no
|
|
||||||
}
|
|
||||||
|
|
||||||
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
|
||||||
}
|
|
||||||
|
|
||||||
general {
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
|
||||||
|
|
||||||
gaps_in = 5
|
|
||||||
gaps_out = 20
|
|
||||||
border_size = 2
|
|
||||||
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
|
|
||||||
col.inactive_border = rgba(595959aa)
|
|
||||||
|
|
||||||
layout = dwindle
|
|
||||||
|
|
||||||
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
|
||||||
allow_tearing = false
|
|
||||||
}
|
|
||||||
|
|
||||||
decoration {
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
|
||||||
|
|
||||||
rounding = 10
|
|
||||||
|
|
||||||
blur {
|
|
||||||
enabled = true
|
|
||||||
size = 3
|
|
||||||
passes = 1
|
|
||||||
}
|
|
||||||
|
|
||||||
drop_shadow = yes
|
|
||||||
shadow_range = 4
|
|
||||||
shadow_render_power = 3
|
|
||||||
col.shadow = rgba(1a1a1aee)
|
|
||||||
}
|
|
||||||
|
|
||||||
animations {
|
|
||||||
enabled = yes
|
|
||||||
|
|
||||||
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
|
||||||
|
|
||||||
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
|
|
||||||
|
|
||||||
animation = windows, 1, 7, myBezier
|
|
||||||
animation = windowsOut, 1, 7, default, popin 80%
|
|
||||||
animation = border, 1, 10, default
|
|
||||||
animation = borderangle, 1, 8, default
|
|
||||||
animation = fade, 1, 7, default
|
|
||||||
animation = workspaces, 1, 6, default
|
|
||||||
}
|
|
||||||
|
|
||||||
dwindle {
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
|
||||||
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
|
||||||
preserve_split = yes # you probably want this
|
|
||||||
}
|
|
||||||
|
|
||||||
master {
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
|
||||||
new_is_master = true
|
|
||||||
}
|
|
||||||
|
|
||||||
gestures {
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
|
||||||
workspace_swipe = off
|
|
||||||
}
|
|
||||||
|
|
||||||
misc {
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
|
||||||
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
|
|
||||||
}
|
|
||||||
|
|
||||||
# Example per-device config
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
|
|
||||||
device:epic-mouse-v1 {
|
|
||||||
sensitivity = -0.5
|
|
||||||
}
|
|
||||||
|
|
||||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
|
||||||
$mainMod = SUPER
|
|
||||||
|
|
||||||
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
|
|
||||||
bind = $mainMod, enter, exec, alacritty
|
|
||||||
bind = $mainMod, C, killactive,
|
|
||||||
bind = $mainMod, Q, exit,
|
|
||||||
bind = $mainMod, E, exec, dolphin
|
|
||||||
bind = $mainMod, V, togglefloating,
|
|
||||||
bind = $mainMod, R, exec, wofi --show drun
|
|
||||||
bind = $mainMod, P, pseudo, # dwindle
|
|
||||||
bind = $mainMod, J, togglesplit, # dwindle
|
|
||||||
|
|
||||||
# Move focus with mainMod + arrow keys
|
|
||||||
bind = $mainMod, left, movefocus, l
|
|
||||||
bind = $mainMod, right, movefocus, r
|
|
||||||
bind = $mainMod, up, movefocus, u
|
|
||||||
bind = $mainMod, down, movefocus, d
|
|
||||||
|
|
||||||
# Switch workspaces with mainMod + [0-9]
|
|
||||||
bind = $mainMod, 1, workspace, 1
|
|
||||||
bind = $mainMod, 2, workspace, 2
|
|
||||||
bind = $mainMod, 3, workspace, 3
|
|
||||||
bind = $mainMod, 4, workspace, 4
|
|
||||||
bind = $mainMod, 5, workspace, 5
|
|
||||||
bind = $mainMod, 6, workspace, 6
|
|
||||||
bind = $mainMod, 7, workspace, 7
|
|
||||||
bind = $mainMod, 8, workspace, 8
|
|
||||||
bind = $mainMod, 9, workspace, 9
|
|
||||||
bind = $mainMod, 0, workspace, 10
|
|
||||||
|
|
||||||
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
|
||||||
bind = $mainMod SHIFT, 1, movetoworkspace, 1
|
|
||||||
bind = $mainMod SHIFT, 2, movetoworkspace, 2
|
|
||||||
bind = $mainMod SHIFT, 3, movetoworkspace, 3
|
|
||||||
bind = $mainMod SHIFT, 4, movetoworkspace, 4
|
|
||||||
bind = $mainMod SHIFT, 5, movetoworkspace, 5
|
|
||||||
bind = $mainMod SHIFT, 6, movetoworkspace, 6
|
|
||||||
bind = $mainMod SHIFT, 7, movetoworkspace, 7
|
|
||||||
bind = $mainMod SHIFT, 8, movetoworkspace, 8
|
|
||||||
bind = $mainMod SHIFT, 9, movetoworkspace, 9
|
|
||||||
bind = $mainMod SHIFT, 0, movetoworkspace, 10
|
|
||||||
|
|
||||||
# Example special workspace (scratchpad)
|
|
||||||
bind = $mainMod, S, togglespecialworkspace, magic
|
|
||||||
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
|
|
||||||
|
|
||||||
# Scroll through existing workspaces with mainMod + scroll
|
|
||||||
bind = $mainMod, mouse_down, workspace, e+1
|
|
||||||
bind = $mainMod, mouse_up, workspace, e-1
|
|
||||||
|
|
||||||
# Move/resize windows with mainMod + LMB/RMB and dragging
|
|
||||||
bindm = $mainMod, mouse:272, movewindow
|
|
||||||
bindm = $mainMod, mouse:273, resizewindow
|
|
||||||
|
|
||||||
'';
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,8 +1,20 @@
|
||||||
{ config, lib, pkgs, osConfig, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
osConfig,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
|
rofi = pkgs.rofi.override {
|
||||||
|
plugins = [
|
||||||
|
pkgs.rofi-emoji
|
||||||
|
pkgs.rofi-calc
|
||||||
|
pkgs.xdotool
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
backgroundCommand = pkgs.writers.writeDash "background" ''
|
backgroundCommand = pkgs.writers.writeDash "background" ''
|
||||||
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
|
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
|
||||||
|
@ -43,14 +55,15 @@ in
|
||||||
pkgs.autorandr
|
pkgs.autorandr
|
||||||
pkgs.polygon-art.polygon-art
|
pkgs.polygon-art.polygon-art
|
||||||
pkgs.xdotool # needed for rofi-emoji
|
pkgs.xdotool # needed for rofi-emoji
|
||||||
|
pkgs.xclicker # makes stuff much easier
|
||||||
];
|
];
|
||||||
|
|
||||||
programs.i3status-rust = {
|
programs.i3status-rust = {
|
||||||
enable = true;
|
enable = true;
|
||||||
bars = {
|
bars = {
|
||||||
my = {
|
my = {
|
||||||
icons = "awesome5";
|
icons = "material-nf"; # nerd fonts (influenced by stylix.font settings)
|
||||||
theme = "gruvbox-light";
|
theme = "gruvbox-light"; # not configured by stylix yet.
|
||||||
# https://github.com/greshake/i3status-rust/blob/v0.22.0/doc/blocks.md
|
# https://github.com/greshake/i3status-rust/blob/v0.22.0/doc/blocks.md
|
||||||
blocks = [
|
blocks = [
|
||||||
{
|
{
|
||||||
|
@ -140,21 +153,25 @@ in
|
||||||
focus = {
|
focus = {
|
||||||
followMouse = true;
|
followMouse = true;
|
||||||
};
|
};
|
||||||
colors.focused =
|
colors.focused = with config.lib.stylix.colors.withHashtag; {
|
||||||
with config.lib.stylix.colors.withHashtag;
|
|
||||||
{
|
|
||||||
# stylix color overrides
|
# stylix color overrides
|
||||||
border = lib.mkForce base08;
|
border = lib.mkForce base08;
|
||||||
background = lib.mkForce base0A;
|
background = lib.mkForce base0A;
|
||||||
text = lib.mkForce base00;
|
text = lib.mkForce base00;
|
||||||
};
|
};
|
||||||
startup =
|
startup = [
|
||||||
[
|
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = true; }
|
||||||
#{ command = "${pkgs.jellyfin-mpv-shim}/bin/jellyfin-mpv-shim"; always = false; }
|
|
||||||
{ command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; always = true; }
|
|
||||||
{ command = toString backgroundCommand; always = true; }
|
|
||||||
{
|
{
|
||||||
command = toString (pkgs.writers.writeDash "xsettings" ''
|
command = "${pkgs.networkmanagerapplet}/bin/nm-applet --indicator";
|
||||||
|
always = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
command = toString backgroundCommand;
|
||||||
|
always = true;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
command = toString (
|
||||||
|
pkgs.writers.writeDash "xsettings" ''
|
||||||
# to allow sudo commands to access X
|
# to allow sudo commands to access X
|
||||||
${pkgs.xorg.xhost}/bin/xhost +
|
${pkgs.xorg.xhost}/bin/xhost +
|
||||||
# no shitty pcspkr crap
|
# no shitty pcspkr crap
|
||||||
|
@ -162,13 +179,15 @@ in
|
||||||
# no sleeping monitor
|
# no sleeping monitor
|
||||||
${pkgs.xorg.xset}/bin/xset -dpms
|
${pkgs.xorg.xset}/bin/xset -dpms
|
||||||
${pkgs.xorg.xset}/bin/xset s off
|
${pkgs.xorg.xset}/bin/xset s off
|
||||||
'');
|
''
|
||||||
|
);
|
||||||
always = true;
|
always = true;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
bars = [
|
bars = [
|
||||||
(config.lib.stylix.i3.bar //
|
(
|
||||||
{
|
config.lib.stylix.i3.bar
|
||||||
|
// {
|
||||||
#mode = "hide";
|
#mode = "hide";
|
||||||
hiddenState = "hide";
|
hiddenState = "hide";
|
||||||
position = "top";
|
position = "top";
|
||||||
|
@ -188,6 +207,16 @@ in
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
"Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
|
"Print" = "exec ${pkgs.flameshot}/bin/flameshot gui -c -p /share/";
|
||||||
|
|
||||||
|
# --- Brightness controls --- #
|
||||||
|
"XF86MonBrightnessUp" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set +5%";
|
||||||
|
"XF86MonBrightnessDown" = "exec --no-startup-id ${pkgs.brightnessctl}/bin/brightnessctl set 5%-";
|
||||||
|
|
||||||
|
# --- Pulse/Pipewire Audio controls --- #
|
||||||
|
"XF86AudioRaiseVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ +5%";
|
||||||
|
"XF86AudioLowerVolume" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-volume @DEFAULT_SINK@ -5%";
|
||||||
|
"XF86AudioMute" = "exec --no-startup-id ${pkgs.pulseaudio}/bin/pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||||
|
|
||||||
"${modifier}+Return" = "exec ${cfg.config.terminal}";
|
"${modifier}+Return" = "exec ${cfg.config.terminal}";
|
||||||
"${modifier}+Shift+q" = "exit";
|
"${modifier}+Shift+q" = "exit";
|
||||||
"${modifier}+q" = "kill";
|
"${modifier}+q" = "kill";
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
@ -15,55 +20,47 @@ with lib;
|
||||||
|
|
||||||
zed-editor
|
zed-editor
|
||||||
|
|
||||||
|
minicom # for flipper zero
|
||||||
|
|
||||||
#jetbrains.mps
|
#jetbrains.mps
|
||||||
jetbrains.datagrip
|
#jetbrains.datagrip
|
||||||
|
|
||||||
# Rust
|
# Rust
|
||||||
# ----
|
# ----
|
||||||
jetbrains.rust-rover
|
#jetbrains.rust-rover
|
||||||
gcc
|
#gcc
|
||||||
rustup
|
#rustup
|
||||||
|
|
||||||
# Python
|
# Python
|
||||||
# ------
|
# ------
|
||||||
jetbrains.pycharm-professional
|
jetbrains.pycharm-professional
|
||||||
|
|
||||||
# planing
|
|
||||||
((ganttproject-bin.override {
|
|
||||||
jre = pkgs.openjdk11;
|
|
||||||
}).overrideAttrs (old: {
|
|
||||||
version = "3.1.3100";
|
|
||||||
src = pkgs.fetchzip {
|
|
||||||
url = "https://dl.ganttproject.biz/ganttproject-3.1.3100/ganttproject-3.1.3100.zip";
|
|
||||||
sha256 = "sha256-hw2paak0P670/kemiuqYHIaN0uUtkVKy+AX2X7OdnJ4=";
|
|
||||||
};
|
|
||||||
}))
|
|
||||||
|
|
||||||
# Pkl
|
# Pkl
|
||||||
# ---
|
# ---
|
||||||
# pkl (not working yet)
|
# pkl (not working yet)
|
||||||
|
|
||||||
# terminal code to image/movie renderer
|
# terminal code to image/movie renderer
|
||||||
vhs
|
|
||||||
carbon-now-cli
|
|
||||||
asciinema
|
asciinema
|
||||||
|
asciinema-agg
|
||||||
asciinema-scenario
|
asciinema-scenario
|
||||||
asciinema
|
carbon-now-cli
|
||||||
|
termtosvg
|
||||||
|
vhs
|
||||||
|
|
||||||
legacy_2311.blockdiag
|
#legacy_2311.blockdiag
|
||||||
|
|
||||||
# nomad
|
# nomad
|
||||||
nomad
|
#nomad
|
||||||
vault
|
#vault
|
||||||
consul
|
#consul
|
||||||
wander
|
#wander
|
||||||
|
|
||||||
# terraform
|
# terraform
|
||||||
terragrunt
|
terragrunt
|
||||||
terraform
|
terraform
|
||||||
terraform-docs
|
terraform-docs
|
||||||
awscli2
|
awscli2
|
||||||
packer
|
#packer
|
||||||
|
|
||||||
# documentation renderers
|
# documentation renderers
|
||||||
mdbook
|
mdbook
|
||||||
|
@ -72,23 +69,17 @@ with lib;
|
||||||
|
|
||||||
marp-cli # markdown to presentation framework
|
marp-cli # markdown to presentation framework
|
||||||
|
|
||||||
# terminal recorder
|
|
||||||
asciinema
|
|
||||||
asciinema-agg
|
|
||||||
asciinema-scenario
|
|
||||||
termtosvg
|
|
||||||
|
|
||||||
#surrealist
|
#surrealist
|
||||||
surrealdb
|
#surrealdb # fixme: not working because of rust update or something
|
||||||
|
|
||||||
boxes
|
boxes
|
||||||
|
|
||||||
nodePackages.prettier
|
#nodePackages.prettier
|
||||||
shfmt
|
#shfmt
|
||||||
black
|
#black
|
||||||
pre-commit
|
#pre-commit
|
||||||
nixpkgs-fmt
|
#nixpkgs-fmt
|
||||||
treefmt
|
#treefmt
|
||||||
|
|
||||||
# python
|
# python
|
||||||
python3Full
|
python3Full
|
||||||
|
@ -101,7 +92,8 @@ with lib;
|
||||||
{
|
{
|
||||||
home.packages =
|
home.packages =
|
||||||
let
|
let
|
||||||
pandocScript = { inputFormat, outputFormat }:
|
pandocScript =
|
||||||
|
{ inputFormat, outputFormat }:
|
||||||
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
|
pkgs.writers.writeDashBin "pandoc-from-${inputFormat}-to-${outputFormat}" ''
|
||||||
${pkgs.pandoc}/bin/pandoc \
|
${pkgs.pandoc}/bin/pandoc \
|
||||||
--from ${inputFormat} \
|
--from ${inputFormat} \
|
||||||
|
@ -135,10 +127,26 @@ with lib;
|
||||||
${pkgs.less}/bin/less
|
${pkgs.less}/bin/less
|
||||||
'')
|
'')
|
||||||
|
|
||||||
] ++ (map pandocScript (lib.cartesianProduct {
|
]
|
||||||
inputFormat = [ "man" "markdown" "mediawiki" "asciidoc" ];
|
++ (map pandocScript (
|
||||||
outputFormat = [ "mediawiki" "docbook5" "html5" "man" "jira" "markdown" "asciidoc" ];
|
lib.cartesianProduct {
|
||||||
}));
|
inputFormat = [
|
||||||
|
"man"
|
||||||
|
"markdown"
|
||||||
|
"mediawiki"
|
||||||
|
"asciidoc"
|
||||||
|
];
|
||||||
|
outputFormat = [
|
||||||
|
"mediawiki"
|
||||||
|
"docbook5"
|
||||||
|
"html5"
|
||||||
|
"man"
|
||||||
|
"jira"
|
||||||
|
"markdown"
|
||||||
|
"asciidoc"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
));
|
||||||
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
@ -6,15 +11,17 @@ with lib;
|
||||||
|
|
||||||
home.packages = [
|
home.packages = [
|
||||||
|
|
||||||
pureref
|
#pureref
|
||||||
valentina
|
|
||||||
gimp
|
gimp
|
||||||
inkscape
|
inkscape
|
||||||
imagemagick
|
imagemagick
|
||||||
nsxiv
|
|
||||||
blender
|
blender
|
||||||
lightburn
|
lightburn
|
||||||
colorpicker
|
|
||||||
|
# to convert HEIC -> JPG
|
||||||
|
# heif-dec -q 92 <name>.HEIC
|
||||||
|
libheif
|
||||||
|
darktable
|
||||||
|
|
||||||
# CAD & 3D Plotting
|
# CAD & 3D Plotting
|
||||||
openscad
|
openscad
|
||||||
|
@ -23,6 +30,9 @@ with lib;
|
||||||
|
|
||||||
qrencode
|
qrencode
|
||||||
|
|
||||||
|
xclicker
|
||||||
|
xdotool
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with pkgs;
|
with pkgs;
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
{ pkgs, lib, config, ... }:
|
{
|
||||||
with pkgs;
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
|
|
||||||
|
@ -7,25 +11,21 @@ with lib;
|
||||||
|
|
||||||
(mkIf config.gui.enable {
|
(mkIf config.gui.enable {
|
||||||
home.packages = [
|
home.packages = [
|
||||||
freetube
|
pkgs.freetube
|
||||||
vlc
|
pkgs.vlc
|
||||||
|
|
||||||
# music editors
|
# music editors
|
||||||
# =============
|
# =============
|
||||||
picard # musicbrainz editor
|
pkgs.picard # musicbrainz editor
|
||||||
#kid3-qt # id3 tag editor
|
pkgs.easytag
|
||||||
easytag
|
pkgs.dconf
|
||||||
dconf
|
|
||||||
|
pkgs.jellyfin-mpv-shim
|
||||||
|
|
||||||
];
|
];
|
||||||
})
|
})
|
||||||
{
|
{
|
||||||
home.packages = [
|
home.packages = [ ];
|
||||||
|
|
||||||
# music editors
|
|
||||||
# =============
|
|
||||||
kid3-cli
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue