diff --git a/.envrc b/.envrc deleted file mode 100644 index 6a37c4f..0000000 --- a/.envrc +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -watch_file devshell.nix - -use flake diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 512e01e..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,7 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - assignees: ["dadada"] diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml deleted file mode 100644 index 28b1d3c..0000000 --- a/.github/workflows/nix-flake-check.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: Continuous Integration -on: - pull_request: - push: - branches: [main] -jobs: - checks: - name: "Checks" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: cachix/install-nix-action@v26 - with: - nix_path: nixpkgs=channel:nixos-stable - extra_nix_config: | - experimental-features = nix-command flakes - access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} - system-features = nixos-test benchmark big-parallel kvm - - uses: cachix/cachix-action@v14 - with: - name: dadada - signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' - authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' - - run: nix flake check diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml deleted file mode 100644 index 33843d1..0000000 --- a/.github/workflows/nix-flake-update.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: update-flake-lock -on: - workflow_dispatch: # allows manual triggering - schedule: - - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 -jobs: - lockfile: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Install Nix - uses: DeterminateSystems/nix-installer-action@v10 - - name: Update flake.lock - uses: DeterminateSystems/update-flake-lock@v21 - with: - pr-title: "Update flake.lock" # Title of PR to be created - pr-labels: | # Labels to be set on the PR - dependencies - automated diff --git a/.gitignore b/.gitignore index 01c6686..03f357d 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,3 @@ result *.zip *.qcow2 work.nix -.direnv/ diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..64b9dbd --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "nur-packages"] + path = nur-packages + url = git@github.com:dadada/nur-packages.git diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 8f60ca3..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -MIT License - -Copyright (c) 2021 Tim Schubert - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md index c5dc70a..2e95a5b 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,29 @@ # nix configuration -Use at your own risk. +```nix +{ + imports = [ + ./modules/profiles/gorgon.nix + ./private/metis + ]; +} +``` + +```nix +{ config, pkgs, lib, ... }: +let + dadada = import (builtins.fetchGit { + url = "https://github.com/dadada/nix-config.git"; + sha256 = "1a661h3ssy35yha66xnhldlwlr9safzw4h83z5mg82assgbbh9fz"; + }) {}; +in { + imports = [ + ./secrets.nix + ./hardware-configuration.nix + dadada.hosts.ifrit + ]; + + system.stateVersion = "20.03"; +} + +``` diff --git a/admins.nix b/admins.nix deleted file mode 100644 index e5e29ba..0000000 --- a/admins.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - dadada = { - shell = "zsh"; - keys = [ - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada " - ]; - }; -} diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..8c06d4a --- /dev/null +++ b/default.nix @@ -0,0 +1,18 @@ +{ pkgs }: + +with pkgs; +rec { + lib = import ./lib { inherit pkgs; }; + modules = import ./modules; + hmModules = import ./modules/home; + overlays = import ./overlays; + + profiles = import ./modules/profiles; + hmProfiles = import ./modules/home/profiles; + + hosts = import ./hosts; + + tubslatex = callPackage ./pkgs/tubslatex {}; + keys = callPackage ./pkgs/keys {}; + homePage = callPackage ./pkgs/homePage {}; +} diff --git a/deploy b/deploy new file mode 100755 index 0000000..c783cfa --- /dev/null +++ b/deploy @@ -0,0 +1,39 @@ +#!/usr/bin/env bash + +set -e +set -o pipefail + +if [ -z "$1" ] +then + echo "usage: deploy " + exit 1 +fi + +git push + +function hash { + archive="$(mktemp /tmp/nix-config.XXX.tar.gz)" + git archive "$1" | gzip > "$archive" + nix-prefetch-url --unpack --type sha256 "file:$archive" 2>/dev/null + rm "$archive" +} + +host="${1}" +rev="$(git rev-parse HEAD)" +url="https://github.com/dadada/nix-config/archive/${rev}.tar.gz" +sha256=$(hash "$rev") + +cat < /etc/nixos/deploy.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""' +{ config, pkgs, lib, ... }: +let + dadada = import (builtins.fetchTarball { + url = ${url}; + sha256 = "${sha256}"; + }) { inherit pkgs; }; +in { + imports = [ + ./hardware-configuration.nix + dadada.hosts."${host}" + ]; +} +EOF diff --git a/devshell.nix b/devshell.nix deleted file mode 100644 index 3931494..0000000 --- a/devshell.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ pkgs, extraModules, ... }: -(pkgs.devshell.mkShell { - imports = extraModules; - - name = "dadada/nix-config"; - - packages = with pkgs; [ - agenix - nixos-rebuild - ]; - - commands = [ - { - name = "switch"; - help = "Switch the configuration on the current system."; - command = '' - flake=$(nix flake metadata --json ${./.} | jq -r .url) - ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake ".#" --use-remote-sudo - ''; - category = "deploy"; - } - { - name = "format"; - help = "Format the project"; - command = '' - treefmt . - ''; - category = "dev"; - } - { - name = "update"; - help = "Update the project"; - command = '' - nix flake update --commit-lock-file - ''; - category = "dev"; - } - { - name = "check"; - help = "Run checks"; - category = "dev"; - command = "nix flake check"; - } - ]; - - git.hooks = { - pre-commit.text = "nix flake check"; - }; -}) diff --git a/flake.lock b/flake.lock deleted file mode 100644 index 3d0d3f2..0000000 --- a/flake.lock +++ /dev/null @@ -1,462 +0,0 @@ -{ - "nodes": { - "agenix": { - "inputs": { - "darwin": "darwin", - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ], - "systems": "systems" - }, - "locked": { - "lastModified": 1750173260, - "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", - "owner": "ryantm", - "repo": "agenix", - "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", - "type": "github" - }, - "original": { - "owner": "ryantm", - "repo": "agenix", - "type": "github" - } - }, - "crane": { - "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", - "owner": "ipetkov", - "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, - "darwin": { - "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", - "type": "github" - }, - "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", - "type": "github" - } - }, - "devshell": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1741473158, - "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", - "owner": "numtide", - "repo": "devshell", - "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "disko": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753140376, - "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", - "owner": "nix-community", - "repo": "disko", - "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "disko", - "type": "github" - } - }, - "flake-compat": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-parts": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-registry": { - "flake": false, - "locked": { - "lastModified": 1744623129, - "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=", - "owner": "NixOS", - "repo": "flake-registry", - "rev": "1322f33d5836ae757d2e6190239252cf8402acf6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "flake-registry", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": [ - "systems" - ] - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "pre-commit-hooks-nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, - "home-manager": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753470191, - "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "homepage": { - "flake": false, - "locked": { - "lastModified": 1727338449, - "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=", - "rev": "60398d3d728a0057b4cad49879ef637c06b28371", - "type": "tarball", - "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371" - }, - "original": { - "type": "tarball", - "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" - } - }, - "lanzaboote": { - "inputs": { - "crane": "crane", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts", - "nixpkgs": [ - "nixpkgs" - ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay" - }, - "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", - "owner": "nix-community", - "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "v0.4.2", - "repo": "lanzaboote", - "type": "github" - } - }, - "nixlib": { - "locked": { - "lastModified": 1736643958, - "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1751903740, - "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "032decf9db65efed428afd2fa39d80f7089085eb", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, - "nixos-hardware": { - "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "master", - "repo": "nixos-hardware", - "type": "github" - } - }, - "nixpkgs": { - "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, - "root": { - "inputs": { - "agenix": "agenix", - "devshell": "devshell", - "disko": "disko", - "flake-registry": "flake-registry", - "flake-utils": "flake-utils", - "home-manager": "home-manager", - "homepage": "homepage", - "lanzaboote": "lanzaboote", - "nixos-generators": "nixos-generators", - "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs", - "systems": "systems_2", - "treefmt-nix": "treefmt-nix" - } - }, - "rust-overlay": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "systems": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1753439394, - "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - } - }, - "root": "root", - "version": 7 -} diff --git a/flake.nix b/flake.nix deleted file mode 100644 index 151f1b5..0000000 --- a/flake.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - description = "dadada's nix flake"; - - inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - disko = { - url = "github:nix-community/disko"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - flake-utils = { - url = "github:numtide/flake-utils"; - inputs.systems.follows = "systems"; - }; - home-manager = { - url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.2"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nixos-hardware.url = "github:NixOS/nixos-hardware/master"; - homepage = { - url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; - flake = false; - }; - agenix = { - url = "github:ryantm/agenix"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; - }; - devshell = { - url = "github:numtide/devshell"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - nixos-generators = { - url = "github:nix-community/nixos-generators"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - flake-registry = { - url = "github:NixOS/flake-registry"; - flake = false; - }; - systems.url = "github:nix-systems/default"; - treefmt-nix = { - url = "github:numtide/treefmt-nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - }; - - outputs = { ... }@args: import ./outputs.nix args; -} diff --git a/home/dconf.nix b/home/dconf.nix deleted file mode 100644 index 5238c97..0000000 --- a/home/dconf.nix +++ /dev/null @@ -1,209 +0,0 @@ -{ lib, pkgs, ... }: -with lib.hm.gvariant; -{ - home.packages = [ - pkgs.adwaita-icon-theme - pkgs.adwaita-qt - ]; - - dconf.settings = with lib.hm.gvariant; { - "org/gnome/shell" = { - favorite-apps = [ - "alacritty.desktop" - "element.desktop" - "evolution.desktop" - "firefox.desktop" - "spotify.desktop" - ]; - }; - - "org/gnome/shell" = { - disable-user-extensions = false; - enabled-extensions = [ - "system-monitor@gnome-shell-extensions.gcampax.github.com" - "switcher@landau.fi" - ]; - }; - - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - - "org/gnome/desktop/input-sources" = { - current = mkUint32 0; - per-window = false; - show-all-sources = true; - sources = [ - (mkTuple [ - "xkb" - "eu" - ]) - (mkTuple [ - "xkb" - "de" - ]) - ]; - xkb-options = [ - "lv3:ralt_switch" - "caps:escape" - ]; - }; - - "org/gnome/desktop/interface" = { - clock-show-date = true; - clock-show-seconds = false; - clock-show-weekday = true; - cursor-theme = "Adwaita"; - enable-animations = true; - enable-hot-corners = false; - font-antialiasing = "grayscale"; - font-hinting = "slight"; - font-name = "Cantarell 10"; - gtk-enable-primary-paste = false; - gtk-key-theme = "Emacs"; - gtk-theme = "Adwaita"; - color-scheme = "prefer-light"; - icon-theme = "Adwaita"; - locate-pointer = false; - monospace-font-name = "JetBrains Mono 10"; - show-battery-percentage = false; - #text-scaling-factor = 1.0; - toolkit-accessibility = false; - }; - - "org/gnome/desktop/peripherals/keyboard" = { - numlock-state = false; - }; - - "org/gnome/desktop/peripherals/mouse" = { - accel-profile = "default"; - natural-scroll = true; - }; - - "org/gnome/desktop/peripherals/touchpad" = { - send-events = "enabled"; - tap-to-click = true; - two-finger-scrolling-enabled = true; - }; - - "org/gnome/desktop/privacy" = { - disable-microphone = false; - old-files-age = mkUint32 30; - recent-files-max-age = -1; - report-technical-problems = false; - }; - - "org/gnome/desktop/screensaver" = { - color-shading-type = "solid"; - lock-delay = mkUint32 30; - lock-enabled = true; - }; - - "org/gnome/desktop/session" = { - idle-delay = mkUint32 0; - }; - - "org/gnome/desktop/sound" = { - event-sounds = false; - theme-name = "__custom"; - }; - - "org/gnome/evince/default" = { - continuous = true; - dual-page = false; - dual-page-odd-left = false; - enable-spellchecking = true; - fullscreen = false; - inverted-colors = false; - show-sidebar = false; - sidebar-page = "links"; - sidebar-size = 132; - sizing-mode = "free"; - }; - - "org/gnome/evolution/calendar" = { - editor-show-timezone = true; - use-24hour-format = true; - week-start-day-name = "monday"; - work-day-friday = true; - work-day-monday = true; - work-day-saturday = false; - work-day-sunday = false; - work-day-thursday = true; - work-day-tuesday = true; - work-day-wednesday = true; - }; - - "org/gnome/evolution/mail" = { - browser-close-on-reply-policy = "always"; - composer-attribution-language = "de_DE"; - composer-reply-start-bottom = false; - composer-signature-in-new-only = true; - composer-spell-languages = [ - "de" - "en_US" - ]; - composer-top-signature = false; - composer-unicode-smileys = false; - composer-visually-wrap-long-lines = true; - composer-wrap-quoted-text-in-replies = false; - forward-style = 0; - forward-style-name = "attached"; - headers-collapsed = false; - image-loading-policy = "never"; - junk-check-custom-header = true; - junk-check-incoming = true; - junk-empty-on-exit-days = 0; - junk-lookup-addressbook = false; - notify-remote-content = true; - prompt-check-if-default-mailer = false; - prompt-on-composer-mode-switch = true; - prompt-on-empty-subject = true; - prompt-on-expunge = true; - prompt-on-mark-all-read = false; - prompt-on-mark-as-junk = true; - prompt-on-reply-close-browser = "always"; - prompt-on-unwanted-html = true; - reply-style = 0; - reply-style-name = "quoted"; - search-gravatar-for-photo = false; - }; - - "org/gnome/evolution/plugin/prefer-plain" = { - mode = "only_plain"; - show-suppressed = true; - }; - - "org/gnome/gnome-screenshot" = { - border-effect = "none"; - delay = 0; - include-border = true; - include-pointer = false; - last-save-directory = "file:///home/dadada/lib/pictures/Screenshots"; - }; - - "org/gnome/mutter" = { - attach-modal-dialogs = true; - center-new-windows = true; - dynamic-workspaces = true; - edge-tiling = true; - experimental-features = [ ]; - focus-change-on-pointer-rest = true; - overlay-key = "Super_L"; - workspaces-only-on-primary = true; - }; - - "org/gnome/settings-daemon/plugins/power" = { - idle-dim = true; - power-button-action = "interactive"; - power-saver-profile-on-low-battery = true; - sleep-inactive-ac-type = "blank"; - sleep-inactive-battery-timeout = 600; - sleep-inactive-battery-type = "suspend"; - }; - - "org/gnome/system/location" = { - enabled = false; - }; - }; -} diff --git a/home/default.nix b/home/default.nix deleted file mode 100644 index a21362c..0000000 --- a/home/default.nix +++ /dev/null @@ -1,441 +0,0 @@ -{ - pkgs, - lib, - ... -}: -let - useFeatures = [ - "alacritty" - #"emacs" - "direnv" - "git" - "gpg" - #"gtk" - #"keyring" - "syncthing" - "tmux" - "xdg" - "zsh" - "helix" - ]; - colors = { - background = "fdf6e3"; - foreground = "657b83"; - regular0 = "eee8d5"; # background darker - regular1 = "dc322f"; # red - regular2 = "859900"; # green - regular3 = "b58900"; # dark orange - regular4 = "268bd2"; # azure blue - regular5 = "d33682"; # hot pink - regular6 = "2aa198"; # petrol - regular7 = "073642"; # navy - bright0 = "cb4b16"; # orange - bright1 = "fdf6e3"; # foreground - bright2 = "93a1a1"; # grey - bright3 = "839496"; # slightly darker grey - bright4 = "657b83"; # even slightly darker grey - bright5 = "6c71c4"; # purple - bright6 = "586e75"; # pretty dark grey - bright7 = "002b36"; # dark navy blue - }; -in -{ - imports = [ - ./dconf.nix - ]; - - home.stateVersion = "20.09"; - - programs.gpg.settings.default-key = "99658A3EB5CD7C13"; - - dadada.home = - lib.attrsets.genAttrs useFeatures (useFeatures: { - enable = true; - }) - // { - session = { - enable = true; - sessionVars = { - EDITOR = "hx"; - PAGER = "less"; - MAILDIR = "\$HOME/.var/mail"; - MBLAZE = "\$HOME/.config/mblaze"; - NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; - }; - }; - }; - - # Languagetool server for web extension - systemd.user.services."languagetool-http-server" = { - Unit = { - Description = "Languagetool HTTP server"; - PartOf = [ "graphical-session-pre.target" ]; - After = [ "graphical-session.target" ]; - }; - - Service = { - Type = "simple"; - ExecStart = "${pkgs.languagetool}/bin/languagetool-http-server org.languagetool.server.HTTPServer --allow-origin '*'"; - Restart = "always"; - }; - - Install = { - WantedBy = [ "graphical-session.target" ]; - }; - }; - - programs.offlineimap.enable = false; - xdg.configFile."offlineimap/config".text = '' - [general] - accounts = tu-bs,mailbox - - [Account tu-bs] - localrepository = tu-bs-local - remoterepository = tu-bs-remote - - [Repository tu-bs-local] - type = Maildir - localfolders = ~/lib/backup/y0067212@tu-bs.de - - [Repository tu-bs-remote] - type = IMAP - remotehost = mail.tu-braunschweig.de - remoteuser = y0067212 - sslcacertfile = /etc/ssl/certs/ca-certificates.crt - - [Account mailbox] - localrepository = mailbox-local - remoterepository = mailbox-remote - - [Repository mailbox-local] - type = Maildir - localfolders = ~/lib/backup/mailbox.org - - [Repository mailbox-remote] - type = IMAP - remotehost = imap.mailbox.org - remoteuser = dadada@dadada.li - sslcacertfile = /etc/ssl/certs/ca-certificates.crt - ''; - - home.file.".jjconfig.toml".source = ./jjconfig.toml; - - systemd.user.timers."backup-keepassxc" = { - Unit.Description = "Backup password DB"; - Timer = { - OnBootSec = "15min"; - OnUnitActiveSec = "1d"; - }; - Install.WantedBy = [ "timers.target" ]; - }; - - systemd.user.services."backup-keepassxc" = { - Unit.Description = "Backup password DB"; - Unit.Type = "oneshot"; - Service.ExecStart = "${pkgs.openssh}/bin/scp -P 23 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx u355513-sub4@u355513-sub4.your-storagebox.de:Personal.kdbx"; - Install.WantedBy = [ "multi-user.target" ]; - }; - - systemd.user.timers."backup-keepassxc-ninurta" = { - Unit.Description = "Backup password DB to ninurta"; - Timer = { - OnBootSec = "15min"; - OnUnitActiveSec = "1d"; - }; - Install.WantedBy = [ "timers.target" ]; - }; - - systemd.user.services."backup-keepassxc-ninurta" = { - Unit.Description = "Backup password DB to ninurta"; - Unit.Type = "oneshot"; - Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/storage/backups/backup-keepassxc/Personal.kdbx"; - Install.WantedBy = [ "multi-user.target" ]; - }; - - programs.foot = { - enable = true; - server.enable = false; - settings = { - inherit colors; - main = { - shell = "tmux"; - font = "Jetbrains Mono:size=8"; - dpi-aware = false; - }; - mouse.hide-when-typing = true; - csd.preferred = "none"; - cursor.color = "fdf6e3 586e75"; - bell = { - urgent = true; - visual = false; - }; - }; - }; - - home.file.".config/sway/config".text = with colors; '' - # Read `man 5 sway` for a complete reference. - - ### Variables - # - # Logo key. Use Mod1 for Alt. - set $mod Mod4 - # Home row direction keys, like vim - set $left h - set $down j - set $up k - set $right l - # Your preferred terminal emulator - set $term foot - # Your preferred application launcher - # Note: pass the final command to swaymsg so that the resulting window can be opened - # on the original workspace that the command was run on. - set $menu fuzzel - set $wallpaper "~/lib/pictures/wallpaper.jpg" - - ### Idle configuration - # - # Example configuration: - # - exec swayidle -w \ - timeout 300 'swaylock -f -i $wallpaper -s fill' \ - timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ - before-sleep 'swaylock -f -i $wallpaper -s fill' - # - # This will lock your screen after 300 seconds of inactivity, then turn off - # your displays after another 300 seconds, and turn your screens back on when - # resumed. It will also lock your screen before your computer goes to sleep. - - input * { - xkb_layout eu - xkb_model pc105+inet - xkb_options caps:escape - drag_lock enabled - drag enabled - dwt enabled - tap enabled - tap_button_map lrm - natural_scroll enabled - } - - ### Key bindings - # - # Basics: - # - # Start a terminal - bindsym $mod+Return exec $term - - # Kill focused window - bindsym $mod+Shift+q kill - - # Start your launcher - bindsym $mod+d exec $menu - - # Drag floating windows by holding down $mod and left mouse button. - # Resize them with right mouse button + $mod. - # Despite the name, also works for non-floating windows. - # Change normal to inverse to use left mouse button for resizing and right - # mouse button for dragging. - floating_modifier $mod normal - - # Lock the screen - bindsym XF86Sleep exec 'swaylock -f -c ${background}' - bindsym $mod+End exec 'swaylock -f -c ${background}' - - # Reload the configuration file - bindsym $mod+Shift+c reload - - # Exit sway (logs you out of your Wayland session) - bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' - - # Brightness - bindsym --locked XF86MonBrightnessDown exec light -U 10 - bindsym --locked XF86MonBrightnessUp exec light -A 10 - - # Volume - bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' - bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' - bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' - - # - # Moving around: - # - # Move your focus around - bindsym $mod+$left focus left - bindsym $mod+$down focus down - bindsym $mod+$up focus up - bindsym $mod+$right focus right - # Or use $mod+[up|down|left|right] - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # Move the focused window with the same, but add Shift - bindsym $mod+Shift+$left move left - bindsym $mod+Shift+$down move down - bindsym $mod+Shift+$up move up - bindsym $mod+Shift+$right move right - # Ditto, with arrow keys - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right - - # - # Workspaces: - # - # Switch to workspace - bindsym $mod+1 workspace number 1 - bindsym $mod+2 workspace number 2 - bindsym $mod+3 workspace number 3 - bindsym $mod+4 workspace number 4 - bindsym $mod+5 workspace number 5 - bindsym $mod+6 workspace number 6 - bindsym $mod+7 workspace number 7 - bindsym $mod+8 workspace number 8 - bindsym $mod+9 workspace number 9 - bindsym $mod+0 workspace number 10 - # Move focused container to workspace - bindsym $mod+Shift+1 move container to workspace number 1 - bindsym $mod+Shift+2 move container to workspace number 2 - bindsym $mod+Shift+3 move container to workspace number 3 - bindsym $mod+Shift+4 move container to workspace number 4 - bindsym $mod+Shift+5 move container to workspace number 5 - bindsym $mod+Shift+6 move container to workspace number 6 - bindsym $mod+Shift+7 move container to workspace number 7 - bindsym $mod+Shift+8 move container to workspace number 8 - bindsym $mod+Shift+9 move container to workspace number 9 - bindsym $mod+Shift+0 move container to workspace number 10 - # Note: workspaces can have any name you want, not just numbers. - # We just use 1-10 as the default. - - # - # Layout stuff: - # - # You can "split" the current object of your focus with - # $mod+b or $mod+v, for horizontal and vertical splits - # respectively. - bindsym $mod+b splith - bindsym $mod+v splitv - - # Switch the current container between different layout styles - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # Make the current focus fullscreen - bindsym $mod+f fullscreen - - # Toggle the current focus between tiling and floating mode - bindsym $mod+Shift+space floating toggle - - # Swap focus between the tiling area and the floating area - bindsym $mod+space focus mode_toggle - - # Move focus to the parent container - bindsym $mod+a focus parent - - # - # Font - # - font "pango:Jetbrains Mono 8" - - # - # Scratchpad: - # - # Sway has a "scratchpad", which is a bag of holding for windows. - # You can send windows there and get them back later. - - # Move the currently focused window to the scratchpad - bindsym $mod+Shift+minus move scratchpad - - # Show the next scratchpad window or hide the focused scratchpad window. - # If there are multiple scratchpad windows, this command cycles through them. - bindsym $mod+minus scratchpad show - - # - # Resizing containers: - # - mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - - # Ditto, with arrow keys - bindsym Left resize shrink width 10px - bindsym Down resize grow height 10px - bindsym Up resize shrink height 10px - bindsym Right resize grow width 10px - - # Return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" - } - bindsym $mod+r mode "resize" - - # - # Status Bar: - # - # Read `man 5 sway-bar` for more information about this section. - bar { - position bottom - - # When the status_command prints a new line to stdout, swaybar updates. - # The default just shows the current date and time. - status_command ~/.config/sway/status - - colors { - statusline ${foreground} - background ${background} - inactive_workspace ${background}ee ${background}ee ${foreground}ee - } - } - - # Gaps between multiple tiling windows - gaps inner 10 - smart_gaps on - - bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 - - # class border backgr. text indicator child_border - client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} - client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} - client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} - client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} - client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} - - client.background #${foreground} - - include /etc/sway/config.d/* - - exec sleep 5; systemctl --user restart kanshi.service - exec sleep 5; swaymsg output '*' bg $wallpaper fill - ''; - home.file.".config/sway/status".source = ./status; - home.file.".config/kanshi/config".text = '' - profile Laptop { - output eDP-1 enable - } - - profile Docked { - output eDP-1 disable - output "LG Electronics LG HDR 4K 0x000354D1" { - enable - scale 1.4 - position 0,0 - } - } - ''; - - #services.poweralertd.enable = true; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - home.packages = import ./pkgs.nix { pkgs = pkgs; }; -} diff --git a/home/jjconfig.toml b/home/jjconfig.toml deleted file mode 100644 index 43fbcbd..0000000 --- a/home/jjconfig.toml +++ /dev/null @@ -1,8 +0,0 @@ -[user] -name = "Tim Schubert" -email = "dadada@dadada.li" - -[ui] -diff-editor = ["scm-diff-editor", "--dir-diff", "$left", "$right"] -diff-instructions = false -merge-editor = ["meld"] diff --git a/home/modules.nix b/home/modules.nix deleted file mode 100644 index 0a6c961..0000000 --- a/home/modules.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ lib, ... }: -with lib; -let - modules' = - dir: - filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir); - modules = - dir: - mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( - modules' dir - ); -in -(modules ./modules) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml deleted file mode 100644 index 3f7eb25..0000000 --- a/home/modules/alacritty/colors.toml +++ /dev/null @@ -1,28 +0,0 @@ -# Colors (Solarized Light) - -# Default colors -[colors.primary] -background = '#fdf6e3' -foreground = '#586e75' - -# Normal colors -[colors.normal] -black = '#073642' -red = '#dc322f' -green = '#859900' -yellow = '#b58900' -blue = '#268bd2' -magenta = '#d33682' -cyan = '#2aa198' -white = '#eee8d5' - -# Bright colors -[colors.bright] -black = '#002b36' -red = '#cb4b16' -green = '#586e75' -yellow = '#657b83' -blue = '#839496' -magenta = '#6c71c4' -cyan = '#93a1a1' -white = '#fdf6e3' diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix deleted file mode 100644 index da9f503..0000000 --- a/home/modules/alacritty/default.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - pkgs, - lib, - config, - ... -}: -with lib; -let - cfg = config.dadada.home.alacritty; -in -{ - options.dadada.home.alacritty = { - enable = mkEnableOption "Enable alacritty config"; - }; - config = mkIf cfg.enable { - home.packages = [ - pkgs.jetbrains-mono - ]; - programs.alacritty = { - enable = true; - settings = { - env.TERM = "xterm-256color"; - scrolling.history = 0; - font = { - size = 9; - normal = { - family = "Jetbrains Mono"; - style = "Regular"; - }; - bold = { - family = "Jetbrains Mono"; - style = "Bold"; - }; - italic = { - family = "Jetbrains Mono"; - style = "Italic"; - }; - bold_italic = { - family = "Jetbrains Mono"; - style = "Bold Italic"; - }; - }; - shell.program = "tmux"; - window.decorations = "none"; - colors = (lib.trivial.importTOML ./colors.toml).colors; - }; - }; - }; -} diff --git a/home/modules/git.nix b/home/modules/git.nix deleted file mode 100644 index 92c4c12..0000000 --- a/home/modules/git.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.dadada.home.git; - allowedSigners = pkgs.writeTextFile { - name = "allowed-signers"; - text = '' - dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada - dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon - ''; - }; -in -{ - options.dadada.home.git = { - enable = mkEnableOption "Enable git config"; - }; - config = mkIf cfg.enable { - programs.git = { - enable = true; - extraConfig = { - commit = { - gpgSign = true; - verbose = true; - }; - gpg = { - format = "ssh"; - ssh.allowedSignersFile = "${allowedSigners}"; - ssh.program = "ssh-keygen"; - }; - tag.gpgSign = true; - user = { - email = "dadada@dadada.li"; - name = "Tim Schubert"; - signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon"; - }; - core = { - whitespace = { - tab-in-indent = true; - tabwidth = 4; - }; - alias = { }; - pager = "delta"; - }; - column.ui = "never"; - checkout.defaultRemote = "origin"; - delta = { - navigate = true; # use n and N to move between diff sections - side-by-side = false; - line-numbers = true; - light = true; - }; - diff = { - renames = "copies"; - algorithm = "histogram"; - colorMoved = "default"; - }; - interactive.diffFilter = "delta --color-only"; - merge = { - conflictstyle = "zdiff3"; - keepbackup = false; - tool = "meld"; - }; - status = { - short = true; - branch = true; - showUntrackedFiled = "all"; - }; - log.date = "iso8601-local"; - fetch.prune = true; - pull = { - prune = true; - ff = "only"; - rebase = "interactive"; - }; - push = { - default = "current"; - autoSetupRemote = true; - }; - rebase = { - abbreviateCommands = true; - # Automatically force-update any branches that point to commits that are being rebased. - updateRefs = true; - }; - rerere.enabled = true; - transfer.fsckobjects = true; - fetch.fsckobjects = true; - receive.fsckObjects = true; - branch.sort = "-committerdate"; - }; - }; - - home.packages = with pkgs; [ - delta - git-branchless - git-lfs - gitAndTools.hub - gitAndTools.lab - gitAndTools.git-absorb - meld - ]; - }; -} diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix deleted file mode 100644 index 5dcd2e6..0000000 --- a/home/modules/gtk.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; -let - cfg = config.dadada.home.gtk; -in -{ - options.dadada.home.gtk = { - enable = mkEnableOption "Enable GTK config"; - }; - config = mkIf cfg.enable { - gtk = { - enable = true; - }; - }; -} diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml deleted file mode 100644 index 41cf786..0000000 --- a/home/modules/helix/config/config.toml +++ /dev/null @@ -1,12 +0,0 @@ -theme = "solarized_light" - -[editor] -line-number = "relative" -mouse = true -auto-completion = true - -[editor.soft-wrap] -enable = true - -[keys.normal] -C-q = [ ":reflow 80" ] diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml deleted file mode 100644 index 070bf61..0000000 --- a/home/modules/helix/config/languages.toml +++ /dev/null @@ -1,35 +0,0 @@ -[language-server.rust-analyzer] -config = { rust-analyzer = { checkOnSave = { command = "clippy" }, procMacro.enable = true } } - -[language-server.nixd] -command = "nixd" - -[language-server.ltex-ls] -command = "ltex-ls" - -[language-server.zk] -command = "zk" -args = ["lsp"] - -[[language]] -name = "rust" -language-servers = [ {name="rust-analyzer"} ] - -[[language]] -name = "latex" -language-servers = [{ name = "ltex-ls" }] -file-types = ["tex"] -scope = "source.latex" -roots = [] - -[[language]] -name = "nix" -file-types = ["nix"] -language-servers = [{ name = "nixd" }] - -[[language]] -name = "markdown" -scope = "source.md" -injection-regex = "md|markdown" -file-types = ["md", "markdown"] -roots = [".zk"] diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix deleted file mode 100644 index 7717423..0000000 --- a/home/modules/helix/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - cfg = config.dadada.home.helix; -in -{ - options.dadada.home.helix = { - enable = lib.mkEnableOption "Enable helix editor"; - package = lib.mkOption { - type = lib.types.package; - description = "Helix editor package to use"; - default = pkgs.helix; - }; - }; - - config = lib.mkIf cfg.enable { - home.file.".config/helix".source = ./config; - home.packages = [ - cfg.package - #pkgs.nixd - ]; - }; -} diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix deleted file mode 100644 index 063b8f2..0000000 --- a/home/modules/tmux.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; -let - cfg = config.dadada.home.tmux; -in -{ - options.dadada.home.tmux = { - enable = mkEnableOption "Enable tmux config"; - }; - config = mkIf cfg.enable { - programs.tmux = { - enable = true; - terminal = "tmux-256color"; - extraConfig = '' - setw -g mode-keys vi - set -g mouse on - set -g set-clipboard external - set -g set-titles on - set -g status on - set -ga terminal-overrides ',*256col*:Tc' - set-option -g status-interval 5 - set-option -g automatic-rename on - set-option -g automatic-rename-format '#{b:pane_current_path}' - bind '"' split-window -c "#{pane_current_path}" - bind % split-window -h -c "#{pane_current_path}" - bind c new-window -c "#{pane_current_path}" - ''; - }; - }; -} diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix deleted file mode 100644 index 7a0cd6c..0000000 --- a/home/modules/zsh.nix +++ /dev/null @@ -1,83 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.dadada.home.zsh; -in -{ - options.dadada.home.zsh = { - enable = mkEnableOption "Enable ZSH config"; - }; - config = mkIf cfg.enable { - programs.fzf.enableZshIntegration = true; - programs.zsh = { - enable = true; - enableCompletion = true; - enableVteIntegration = true; - autosuggestion.enable = true; - autocd = true; - sessionVariables = { - EDITOR = "hx"; - }; - history = { - extended = true; - ignoreDups = true; - ignoreSpace = true; - save = 100000; - # FIXME https://github.com/junegunn/fzf/issues/4061 - #share = true; - share = false; - }; - plugins = [ - ]; - initContent = '' - source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh - source ${pkgs.fzf}/share/fzf/key-bindings.zsh - source ${pkgs.fzf}/share/fzf/completion.zsh - eval "$(${pkgs.h}/bin/h --setup ~/src)" - - bindkey -e '^n' autosuggest-accept - - preexec() { echo -n -e "\033]0;$1\007" } - - PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " - RPROMPT='$(git_super_status)' - ''; - profileExtra = ''''; - shellAliases = { - ga = "git add"; - gc = "git commit"; - gd = "git diff"; - gdw = "git diff --color-words"; - gf = "git fetch"; - gl = "git log"; - gpu = "git push"; - gpul = "git pull"; - grb = "git rebase"; - gre = "git reflog"; - gs = "git status"; - gsh = "git show"; - gst = "git status"; - gsta = "git stash"; - gstap = "git stash apply"; - exa = "eza"; - ls = "exa"; - la = "exa -a"; - ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\""; - mv = "mv -i"; - cp = "cp -i"; - }; - }; - - home.packages = with pkgs; [ - fzf - eza - zsh-git-prompt - tmux - ]; - }; -} diff --git a/home/pkgs.nix b/home/pkgs.nix deleted file mode 100644 index e980614..0000000 --- a/home/pkgs.nix +++ /dev/null @@ -1,151 +0,0 @@ -{ pkgs }: -with pkgs; -[ - anki - aqbanking - aria2 - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - bash - bat # cat with syntax highlighting and git integration - binutils - bluez-tools - btop # htop - choose # alternative to cut and awk with more readable syntax - chromium - colordiff - darcs - delta # feature-rich diff viewer - dig - direnv - duf # disk usage - dune3d - dyff # diff tool for YAML - element-desktop - evince - evolution - ffmpeg - file - fuzzel - fx # themable json viewer - fzf - fzf - gdb - gh - ghidra-bin - gimp - glow - glow # render markdown - gnumake - gnupg - gping # ping with graphs - graphviz - grim - gron # make json grepable - h # Manage git repos - hexyl # hex viewer - htop - httpie - hub - hyperfine # A command-line benchmarking tool. - icdiff - imagemagick - inkscape - inotify-tools - ioping # ping but for block devices - iproute2 - iputils # tracepath - irssi - jameica - jc # convert output to json - josm - jq - kanshi - keepassxc - kubetail - krita - ldns - liboping # oping, ping multiple hosts at once - libreoffice - libvirt - lsof - lynis - man-pages - mblaze - mkpasswd - mpv - mtr - mumble - nix-output-monitor - ncurses - newsflash - nixd - nixfmt-rfc-style - nfs-utils - niv - nix-index - nmap - nmon - nodePackages.prettier - map-cmd - obs-studio - offlineimap - openscad - openssl - p7zip - pandoc # document converter and templater - pass - pavucontrol - picocom - playerctl - procs # ps in rust - prusa-slicer - pv - pwgen - (python3.withPackages (pkgs: [ - pkgs.pandas - pkgs.requests - ])) - ranger - reptyr - ripgrep - ripgrep - saleae-logic-2 - sd # search and displace like sed but with better syntax - sieveshell - signal-desktop - silver-searcher - skim # fzf in Rust - slurp - socat - solvespace - spotify - sqlite - sshfs-fuse - taplo - tcpdump - tdesktop - thunderbird - tmux - ttyd - unzip - usbutils - vegur - virt-manager - viu # view images from the terminal - vscodium - whois - wireshark - xdg-utils - xmlstarlet - unixtools.xxd - xxh # portable shells - yt-dlp - # zotero Marked as insecure - zeal - zk - zsh -] diff --git a/home/status b/home/status deleted file mode 100755 index e24816b..0000000 --- a/home/status +++ /dev/null @@ -1,138 +0,0 @@ -#!/usr/bin/env python3 - -import json -import sys -import time -import requests -import logging -import subprocess - -from datetime import datetime - -logger = logging.getLogger(__name__) - - -class Status: - def status(self): - return None - - -class Cat(Status): - index = 0 - - def status(self): - cat_width = 200 - index = self.index - catwalk = "🐈🏳️‍🌈" + " " * index - self.index = (index + 1) % cat_width - - return {"full_text": catwalk} - - -class Space(Status): - backoff = 0 - c_status = None - - def status(self): - backoff = self.backoff - if self.backoff == 0: - self.update() - - return {"full_text": self.c_status} - - def update(self): - spacestatus_url = "https://status.stratum0.org/status.json" - resp = requests.get(url=spacestatus_url) - self.backoff = (self.backoff + 1) % 120 - data = resp.json() - if data["isOpen"]: - since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M") - spacestatus = f"Space is open since {since}" - else: - spacestatus = "Space is closed" - self.c_status = spacestatus - - -class Battery(Status): - capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r') - status_file = open('/sys/class/power_supply/BAT0/status', 'r') - - def status(self): - self.status_file.seek(0) - status = self.status_file.read().rstrip() - - self.capacity_file.seek(0) - capacity = self.capacity_file.read().rstrip() - - battery = f"{status} {capacity}%" - - return {"full_text": battery} - - -class Time(Status): - def status(self): - now = datetime.now() - match now.isocalendar().week % 10: - case 1: - th = "st" - case 2: - th = "nd" - case 3: - th = "rd" - case _: - th = "th" - return {"full_text": now.strftime(f"%V{th} %A %H:%M") } - - -class FailedUnits(Status): - def status(self): - proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True) - stdout = proc.stdout.decode('utf-8') - failed = 0 - for line in stdout: - if 'failed' in line: - failed += 1 - if failed == 0: - return {"full_text": f"No failed units"} - else: - return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} - - -def print_header(): - header = { - "version": 1, - "click_events": False, - } - print(json.dumps(header)) - print("[") - - -def run(interval, widgets): - print_header() - - while True: - body = [] - - for widget in widgets: - try: - status = widget.status() - except Exception as e: - logger.error(e) - if status: - body += status, - - print(json.dumps(body), ",", flush=True) - - ts = interval - (time.time() % interval) - time.sleep(ts) - - -if __name__ == "__main__": - logging.basicConfig(level=logging.INFO) - - # Interval in seconds - interval = 1.0 - - widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()] - - run(interval, widgets) diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 0000000..ade7342 --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,5 @@ +{ + ifrit = ./ifrit; + gorgon = ./gorgon; + surgat = ./surgat; +} diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix new file mode 100644 index 0000000..8cbb199 --- /dev/null +++ b/hosts/gorgon/default.nix @@ -0,0 +1,124 @@ +{ config, pkgs, lib, ... }: +let + this = import ../.. { inherit pkgs; }; + nixos-hardware = buildins.fetchTarball { + url = "https://github.com/NixOS/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz"; + sha256 = "1z4cr5gsyfdpcy31vqg4ikalbxmnnac6jjk1nl8mxj0h0ix7pp36"; + }; +in +{ + imports = (lib.attrValues this.modules) ++ [ + ../../modules/profiles/laptop + "${nixos-hardware}/lenovo/thinkpad/t14s" + ]; + + boot.kernelModules = [ "kvm-amd" ]; + + virtualisation = { + libvirtd.enable = true; + docker.enable = false; + }; + + networking.hostName = "gorgon"; + + dadada = { + admin.enable = false; + steam.enable = true; + fido2 = { + credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; + enablePam = true; + }; + luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; + networking = { + wanInterfaces = [ "enp2s0f0" "wlp3s0" ]; + enableBsShare = true; + vpnExtension = "3"; + }; + }; + + boot.kernel.sysctl = { + "vm.swappiness" = 90; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + programs.adb.enable = true; + + services.fstrim.enable = true; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + browsing = true; + drivers = with pkgs; [ + hplip + brlaser + brgenml1lpr + brgenml1cupswrapper + ]; + }; + + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraConfig = '' + set-source-volume 1 10000 + ''; + package = pkgs.pulseaudioFull; + }; + }; + + services.avahi.enable = true; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22000 # Syncthing + ]; + allowedUDPPorts = [ + 21027 # Syncthing + ]; + }; + + services.xserver.enable = true; + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome3.enable = true; + + xdg.mime.enable = true; + + users.users = { + dadada = { + isNormalUser = true; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; + shell = "/run/current-system/sw/bin/zsh"; + initialHashedPassword = "nopass"; + }; + + "tim.schubert" = { + isNormalUser = true; + extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; + shell = "/run/current-system/sw/bin/zsh"; + initialHashedPassword = "nopass"; + }; + }; + + networking.hosts = { + "fd42:dead:beef:0:5054:ff:fefb:7361" = [ + "media.dadada.li" + "ifrit.dadada.li" + ]; + "192.168.42.103" = [ + "media.dadada.li" + "ifrit.dadada.li" + ]; + "fd42:dead:beef::5054:ff:fe8b:58df" = [ "iot.dadada.li" ]; + "fd42:dead:beef::20d:b9ff:fe4c:c9ac" = [ "agares.dadada.li" ]; + "192.168.42.15" = [ "agares.dadada.li" "agares" ]; + "192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ]; + "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; + }; +} diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix new file mode 100644 index 0000000..2a55e72 --- /dev/null +++ b/hosts/gorgon/home/default.nix @@ -0,0 +1,43 @@ +{ config, pkgs, lib, ... }: +let + this = import ../../.. { inherit pkgs; }; +in +{ + nixpkgs.overlays = [ + this.overlays.tubslatex + ]; + + imports = lib.attrValues this.hmModules; + + dadada.home = { + vim.enable = true; + direnv.enable = true; + git.enable = true; + gpg.enable = true; + gtk.enable = true; + keyring.enable = true; + kitty.enable = true; + ssh.enable = true; + syncthing.enable = true; + tmux.enable = true; + xdg.enable = true; + zsh.enable = true; + + session = { + enable = true; + sessionVars = { + EDITOR = "vim"; + PAGER = "less"; + MAILDIR = "\$HOME/.var/mail"; + MBLAZE = "\$HOME/.config/mblaze"; + NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; + MOZ_ENABLE_WAYLAND= "1"; + }; + }; + }; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + home.packages = import ./pkgs.nix { pkgs = pkgs; }; +} diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix new file mode 100644 index 0000000..953364c --- /dev/null +++ b/hosts/gorgon/home/pkgs.nix @@ -0,0 +1,85 @@ +{ pkgs }: +with pkgs; [ + android-studio + anki + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + aqbanking + bluez-tools + chromium + clang + clang-tools + darcs + direnv + element-desktop + evince + ffmpeg + file + firefox-bin + fractal + fzf + gimp + git-lfs + gitAndTools.hub + gnome3.gnome-tweak-tool + gnome3.nautilus + gnome3.vinagre + gnucash + gnumake + gnupg + graphviz + grim + imagemagick + inkscape + inotify-tools + irssi + jameica + jq + kcachegrind + keepassxc + #keys + kitty + ldns + libreoffice + libvirt + lsof + mblaze + mkpasswd + mpv + mumble + ncurses + nfs-utils + niv + nmap + openssl + p7zip + pass + pavucontrol + pinentry-gnome + playerctl + pwgen + python27Packages.dbus-python + python3 + python38Packages.dateutil + python38Packages.managesieve + python38Packages.solo-python + signal-desktop + slurp + sqlite + sshfs-fuse + steam + tcpdump + tdesktop + tubslatex + thunderbird-bin + unzip + usbutils + virtmanager + whois + wireshark + xdg_utils + youtube-dl +] diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix new file mode 100644 index 0000000..d31c86d --- /dev/null +++ b/hosts/ifrit/default.nix @@ -0,0 +1,148 @@ +{ config, pkgs, lib, ... }: +let + hostAliases = [ + "ifrit.dadada.li" + "bs.vpn.dadada.li" + "media.dadada.li" + "media.local" + ]; + backups = "/mnt/storage/backup"; +in { + imports = [ + ../../modules/profiles/base + ]; + + dadada = { + admin.enable = true; + fileShare.enable = true; + + vpnServer.enable = true; + vpnServer.peers = { + "metis" = { + id = "1"; + key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns="; + }; + "morax" = { + id = "2"; + key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; + }; + "gorgon" = { + id = "3"; + key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + }; + "surgat" = { + id = "4"; + key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE="; + }; + }; + }; + + services.borgbackup.repos = { + "metis" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/metis"; + quota = "1T"; + }; + "gorgon" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/gorgon"; + quota = "1T"; + }; + "surgat" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/surgat"; + quota = "100G"; + }; + "wohnzimmerpi" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; + authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; + path = "${backups}/wohnzimmerpi"; + quota = "50G"; + }; + }; + + networking.hostName = "ifrit"; + networking.domain = "dadada.li"; + + networking.hosts = { + "127.0.0.1" = hostAliases; + "::1" = hostAliases; + }; + + networking.nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; + mountPoint = "/mnt/storage"; + neededForBoot = false; + options = [ "nofail" ]; + }; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 443 # HTTP(S) + 111 2049 # NFS + 137 138 139 445 # SMB + ]; + allowedUDPPorts = [ + 137 138 139 445 # SMB + 111 2049 # NFS + 51234 # Wireguard + ]; + }; + + security.acme = { + email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + # certs."webchat.dadada.li" = { + # credentialsFile = "/var/lib/lego/acme-joker.env"; + # dnsProvider = "joker"; + # postRun = "systemctl reload nginx.service"; + # }; + # certs."weechat.dadada.li" = { + # credentialsFile = "/var/lib/lego/acme-joker.env"; + # dnsProvider = "joker"; + # postRun = "systemctl reload nginx.service"; + # }; + }; + + users.users."mist" = { + isNormalUser = true; + }; + + services.avahi = { + enable = false; + publish = { + enable = true; + addresses = true; + workstation = false; + }; + }; +} diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix new file mode 100644 index 0000000..b90d3aa --- /dev/null +++ b/hosts/surgat/default.nix @@ -0,0 +1,86 @@ +{ config, pkgs, lib, ... }: +let + hostName = "surgat"; + this = import ../.. { inherit pkgs; }; +in { + imports = [ this.profiles.base ]; + + networking.hostName = hostName; + + services.nginx = { + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + logError = "/dev/null"; + appendHttpConfig = '' + access_log off; + ''; + }; + + dadada.admin = { + enable = true; + users = { + "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; + }; + }; + + dadada.element.enable = true; + dadada.networking.vpnExtension = "4"; + dadada.weechat.enable = true; + dadada.homePage.enable = true; + dadada.share.enable = true; + dadada.backupClient = { + enable = true; + bs = true; + }; + + networking.useDHCP = false; + networking.interfaces.ens3.useDHCP = true; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 443 # HTTPS + ]; + allowedUDPPorts = [ + 51234 # Wireguard + ]; + }; + + security.acme = { + email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; + + networking.interfaces."ens3".ipv6.addresses = [ { + address = "2a01:4f8:c17:1d70::"; + prefixLength = 64; + } ]; + + networking.defaultGateway6 = { + address = "fe80::1"; + interface = "ens3"; + }; + + #boot.initrd.network.ssh = { + # enable = true; + # port = 22; + # authorizedKeys = "${keys}/dadada.pub"; + # hostKeys = [ + # ]; + #}; + + swapDevices = [ + { + device = "/var/swapfile"; + size = 4096; + } + ]; +} diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..878d2c0 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,5 @@ +{ pkgs }: + +with pkgs.lib; { + # TODO +} diff --git a/modules/admin.nix b/modules/admin.nix new file mode 100644 index 0000000..c826325 --- /dev/null +++ b/modules/admin.nix @@ -0,0 +1,57 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + cfg = config.dadada.admin; +in { + options.dadada.admin = { + enable = mkEnableOption "Enable admin access"; + + users = mkOption { + type = with types; attrsOf (listOf path); + default = []; + description = '' + List of admin users with root access to all the machine. + ''; + example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; + }; + + rat = mkOption { + type = types.bool; + default = false; + description = '' + Enable NAT and firewall traversal for SSH via tor hidden service + ''; + }; + }; + + config = mkIf cfg.enable { + services.sshd.enable = true; + services.openssh.passwordAuthentication = false; + security.sudo.wheelNeedsPassword = false; + + users.mutableUsers = false; + + users.users = mapAttrs (user: keys: ( + { + extraGroups = [ "wheel" ]; + isNormalUser = true; + openssh.authorizedKeys.keyFiles = keys; + })) cfg.users; + + networking.firewall.allowedTCPPorts = [ 22 ]; + + environment.systemPackages = with pkgs; [ + vim + tmux + ]; + + services.tor.hiddenServices = { + "rat" = mkIf cfg.rat.enable { + name = "rat"; + map = [ { port = 22; } ]; + }; + }; + }; +} + diff --git a/modules/backup.nix b/modules/backup.nix new file mode 100644 index 0000000..aa7ad70 --- /dev/null +++ b/modules/backup.nix @@ -0,0 +1,82 @@ +{ config, pkgs, lib, ...}: +with lib; +let + backupExcludes = [ + "/backup" + "/dev" + "/efi" + "/home/*/.cache" + "/home/*/.config/Riot/Cache" + "/home/iserv" + "/lost+found" + "/mnt" + "/nix" + "/proc" + "/run" + "/sys" + "/tmp" + "/var/cache" + "/var/log" + "/var/tmp" + ]; + cfg = config.dadada.backupClient; +in { + options.dadada.backupClient = { + enable = mkEnableOption "Enable backup client"; + gs = mkEnableOption "Enable backup to GS location"; + bs = mkEnableOption "Enable backup to BS location"; + }; + + config = mkIf cfg.enable { + + fileSystems = mkIf cfg.gs { + "/backup" = { + device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; + fsType = "ext4"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + }; + + services.borgbackup.jobs.gs = mkIf cfg.gs { + paths = "/"; + exclude = backupExcludes; + repo = "/backup/${config.networking.hostName}"; + doInit = false; + encryption = { + mode = "repokey"; + passCommand = "cat /var/lib/borgbackup/gs/passphrase"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "monthly"; + }; + + networking.hosts = mkIf cfg.bs { + "fd42:dead:beef:0:5054:ff:fefb:7361" = [ + "media.dadada.li" + ]; + }; + + services.borgbackup.jobs.bs = mkIf cfg.bs{ + paths = "/"; + exclude = backupExcludes; + repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + doInit = true; + environment = { + BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat /var/lib/borgbackup/bs/passphrase"; + }; + compression = "auto,lz4"; + startAt = "daily"; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..f06bdf1 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,14 @@ +{ + admin = ./admin.nix; + backup = ./backup.nix; + homePage = ./homepage.nix; + element = ./element.nix; + fido2 = ./fido2.nix; + fileShare = ./fileShare.nix; + networking = ./networking.nix; + share = ./share.nix; + steam = ./steam.nix; + update = ./update.nix; + vpnServer = ./vpnServer.nix; + weechat = ./weechat.nix; +} diff --git a/nixos/modules/element.nix b/modules/element.nix similarity index 95% rename from nixos/modules/element.nix rename to modules/element.nix index 2fcefec..45e9a48 100644 --- a/nixos/modules/element.nix +++ b/modules/element.nix @@ -1,13 +1,7 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: let cfg = config.dadada.element; -in -{ +in { options.dadada.element = { enable = lib.mkEnableOption "Enable element webapp"; }; @@ -38,4 +32,4 @@ in }; }; }; -} +} diff --git a/modules/fido2.nix b/modules/fido2.nix new file mode 100644 index 0000000..3948bdb --- /dev/null +++ b/modules/fido2.nix @@ -0,0 +1,56 @@ +{ config, pkgs, lib, ... }: +with lib; +let + luks = config.dadada.luks; + fido2 = config.dadada.fido2; +in { + + options = { + dadada.luks = { + uuid = mkOption { + type = with types; nullOr str; + description = "Device UUID"; + default = null; + }; + }; + + dadada.fido2 = { + enablePam = mkEnableOption "Enable PAM U2F"; + credential = mkOption { + type = with types; nullOr str; + description = "FIDO2 credential string"; + default = null; + }; + }; + }; + + config = { + boot.initrd.luks.devices = mkIf (luks.uuid != null) { + root = { + device = "/dev/disk/by-uuid/${luks.uuid}"; + preLVM = true; + allowDiscards = true; + fido2 = mkIf (fido2.credential != null) { + credential = fido2.credential; + passwordLess = true; + }; + }; + }; + + boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true; + + environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [ + linuxPackages.acpi_call + fido2luks + python27Packages.dbus-python + python38Packages.solo-python + ]); + + security.pam.u2f = mkIf fido2.enablePam { + enable = true; + control = "sufficient"; + cue = true; + }; + }; + +} diff --git a/nixos/modules/fileShare.nix b/modules/fileShare.nix similarity index 69% rename from nixos/modules/fileShare.nix rename to modules/fileShare.nix index a3a72ba..0abb065 100644 --- a/nixos/modules/fileShare.nix +++ b/modules/fileShare.nix @@ -1,16 +1,12 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: with lib; let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; -in -{ + allow = "192.168.42.0 fd42:dead:beef::"; +in { options.dadada.fileShare = { enable = mkEnableOption "Enable file share server"; }; @@ -22,7 +18,11 @@ in workgroup = WORKGROUP server string = media netbios name = media - security = user + security = user + #use sendfile = yes + #max protocol = smb2 + hosts allow = ${allow} localhost + hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; @@ -30,13 +30,12 @@ in public = { path = sharePath; browseable = "yes"; - "read only" = "yes"; + "read only" = "no"; "guest ok" = "yes"; - "guest only" = "yes"; - "create mask" = "0660"; - "directory mask" = "2770"; - "force user" = "nobody"; - "force group" = "nobody"; + "create mask" = "0644"; + "directory mask" = "0755"; + "force user" = "username"; + "force group" = "groupname"; }; }; }; @@ -48,3 +47,4 @@ in }; }; } + diff --git a/home/modules/colors.nix b/modules/home/colors.nix similarity index 69% rename from home/modules/colors.nix rename to modules/home/colors.nix index a4dc5c7..89af392 100644 --- a/home/modules/colors.nix +++ b/modules/home/colors.nix @@ -1,8 +1,4 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: with lib; { options.dadada.home.colors = mkOption { @@ -17,21 +13,21 @@ with lib; cursor = "#e8e8e8"; cursorForeground = "#1f2022"; background = "#292b2e"; - color0 = "#1f2022"; - color8 = "#585858"; - color7 = "#a3a3a3"; + color0 = "#1f2022"; + color8 = "#585858"; + color7 = "#a3a3a3"; color15 = "#f8f8f8"; - color1 = "#f2241f"; - color9 = "#f2241f"; - color2 = "#67b11d"; + color1 = "#f2241f"; + color9 = "#f2241f"; + color2 = "#67b11d"; color10 = "#67b11d"; - color3 = "#b1951d"; + color3 = "#b1951d"; color11 = "#b1951d"; - color4 = "#4f97d7"; + color4 = "#4f97d7"; color12 = "#4f97d7"; - color5 = "#a31db1"; + color5 = "#a31db1"; color13 = "#a31db1"; - color6 = "#2d9574"; + color6 = "#2d9574"; color14 = "#2d9574"; color16 = "#ffa500"; color17 = "#b03060"; diff --git a/modules/home/default.nix b/modules/home/default.nix new file mode 100644 index 0000000..cb610f8 --- /dev/null +++ b/modules/home/default.nix @@ -0,0 +1,20 @@ +{ + colors = ./colors.nix; + direnv = ./direnv.nix; + fish = ./fish.nix; + git = ./git.nix; + gpg = ./gpg.nix; + gtk = ./gtk.nix; + keyring = ./keyring.nix; + kitty = ./kitty; + mako = ./mako.nix; + session = ./session.nix; + ssh = ./ssh.nix; + sway = ./sway; + syncthing = ./syncthing.nix; + termite = ./termite.nix; + tmux = ./tmux.nix; + vim = ./vim; + xdg = ./xdg.nix; + zsh = ./zsh.nix; +} diff --git a/home/modules/direnv.nix b/modules/home/direnv.nix similarity index 79% rename from home/modules/direnv.nix rename to modules/home/direnv.nix index 27a0907..12abf88 100644 --- a/home/modules/direnv.nix +++ b/modules/home/direnv.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.dadada.home.direnv; @@ -16,7 +11,7 @@ in programs.direnv = { enable = true; enableZshIntegration = true; - nix-direnv.enable = true; + enableNixDirenvIntegration = true; }; }; } diff --git a/modules/home/fish.nix b/modules/home/fish.nix new file mode 100644 index 0000000..e22b779 --- /dev/null +++ b/modules/home/fish.nix @@ -0,0 +1,79 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.home.fish; +in { + options.dadada.home.fish = { + enable = mkEnableOption "Enable fish config"; + }; + + config = mkIf cfg.enable { + programs.fish = { + enable = true; + plugins = with pkgs; [{ + name = "fzf"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "fzf"; + rev = "c3defd4a922e97120503b45e26efa775bc672b50"; + sha256 = "1k5b0nva0mbqc9830qhbcwxsi8d9b2p4ws1fq0bw9nkf2ripyp4p"; + }; + }]; + interactiveShellInit = '' + # fish git prompt + set __fish_git_prompt_show_informative_status 'yes' + set __fish_git_prompt_showdirtystate 'yes' + set __fish_git_prompt_showstashstate 'yes' + set __fish_git_prompt_showuntrackedfiles 'yes' + set __fish_git_prompt_showupstream 'yes' + set __fish_git_prompt_showcolorhints 'yes' + + set fish_greeting + + # disable path shortening + set fish_prompt_pwd_dir_length 0 + + set -U FZF_LEGACY_KEYBINDINGS 0 + set -x TERM xterm-256color + set -U fish_user_paths ~/bin $fish_user_paths + + #if status is-interactive + #and not status is-login + #and not set -q TMUX + #and string match -qr "^xterm-.*" "$TERM" + # exec tmux + #end + ''; + promptInit = '' + function fish_prompt + set last_status $status + printf '%s %s:%s ' \ + (set_color red + echo $last_status) \ + (set_color green + hostname) \ + (set_color blue + prompt_pwd) + set_color normal + end + + function fish_right_prompt + printf '%s' (__fish_git_prompt) + end + ''; + shellAliases = { + gst = "git status"; + gco = "git commit"; + glo = "git log"; + gad = "git add"; + ls = "exa"; + ll = "exa -l"; + la = "exa -la"; + mv = "mv -i"; + cp = "cp -i"; + }; + }; + + home.packages = [ pkgs.exa ]; + }; +} diff --git a/modules/home/git.nix b/modules/home/git.nix new file mode 100644 index 0000000..43047eb --- /dev/null +++ b/modules/home/git.nix @@ -0,0 +1,13 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.dadada.home.git; +in +{ + options.dadada.home.git = { + enable = mkEnableOption "Enable git config"; + }; + config = mkIf cfg.enable { + programs.git.enable = true; + }; +} diff --git a/home/modules/gpg.nix b/modules/home/gpg.nix similarity index 82% rename from home/modules/gpg.nix rename to modules/home/gpg.nix index baa17dd..2129255 100644 --- a/home/modules/gpg.nix +++ b/modules/home/gpg.nix @@ -1,13 +1,8 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: with lib; let cfg = config.dadada.home.gpg; -in -{ +in { options.dadada.home.gpg = { enable = mkEnableOption "Enable GnuPG config"; }; @@ -29,6 +24,11 @@ in enable = true; defaultCacheTtl = 1800; enableSshSupport = false; + pinentryFlavor = "gnome3"; + }; + + programs.git.extraConfig = { + commit = { gpgSign = true; }; }; }; } diff --git a/modules/home/gtk.nix b/modules/home/gtk.nix new file mode 100644 index 0000000..8c47571 --- /dev/null +++ b/modules/home/gtk.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +with lib; +let + cfg = config.dadada.home.gtk; +in +{ + options.dadada.home.gtk = { + enable = mkEnableOption "Enable GTK config"; + }; + config = mkIf cfg.enable { + gtk = { + enable = true; + theme.package = pkgs.gnome3.gnome-themes-extra; + theme.name = "Adwaita-dark"; + iconTheme.package = pkgs.gnome3.adwaita-icon-theme; + iconTheme.name = "Adwaita"; + font.package = pkgs.cantarell-fonts; + font.name = "Cantarell"; + }; + qt = { + enable = true; + platformTheme = "gtk"; + }; + }; +} diff --git a/home/modules/keyring.nix b/modules/home/keyring.nix similarity index 77% rename from home/modules/keyring.nix rename to modules/home/keyring.nix index 48b8b54..098ee0e 100644 --- a/home/modules/keyring.nix +++ b/modules/home/keyring.nix @@ -1,20 +1,15 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: with lib; let cfg = config.dadada.home.keyring; -in -{ +in { options.dadada.home.keyring = { enable = mkEnableOption "Enable keyring config"; }; config = mkIf cfg.enable { services.gnome-keyring = { enable = false; - components = [ "secrets" ]; + components = [ "pkcs11" "secrets" ]; }; }; } diff --git a/modules/home/kitty/config b/modules/home/kitty/config new file mode 100644 index 0000000..54f0cfc --- /dev/null +++ b/modules/home/kitty/config @@ -0,0 +1,42 @@ +enable_audio_bell = false; +background #1f2022 +foreground #a3a3a3 +selection_background #a3a3a3 +selection_foreground #1f2022 +url_color #b8b8b8 +cursor #a3a3a3 +active_border_color #585858 +inactive_border_color #282828 +active_tab_background #1f2022 +active_tab_foreground #a3a3a3 +inactive_tab_background #282828 +inactive_tab_foreground #b8b8b8 +tab_bar_background #282828 + +# normal +color0 #1f2022 +color1 #f2241f +color2 #67b11d +color3 #b1951d +color4 #4f97d7 +color5 #a31db1 +color6 #2d9574 +color7 #a3a3a3 + +# bright +color8 #585858 +color9 #f2241f +color10 #67b11d +color11 #b1951d +color12 #4f97d7 +color13 #a31db1 +color14 #2d9574 +color15 #f8f8f8 + +# extended base16 colors +color16 #ffa500 +color17 #b03060 +color18 #282828 +color19 #444155 +color20 #b8b8b8 +color21 #e8e8e8 diff --git a/modules/home/kitty/default.nix b/modules/home/kitty/default.nix new file mode 100644 index 0000000..e700baa --- /dev/null +++ b/modules/home/kitty/default.nix @@ -0,0 +1,19 @@ +{ pkgs, lib, config, ... }: +with lib; +let + cfg = config.dadada.home.kitty; +in { + options.dadada.home.kitty = { + enable = mkEnableOption "Enable kitty config"; + }; + config = mkIf cfg.enable { + programs.kitty = { + enable = true; + font = { + package = pkgs.source-code-pro; + name = "Source Code Pro 8"; + }; + extraConfig = builtins.readFile ./config; + }; + }; +} diff --git a/modules/home/mako.nix b/modules/home/mako.nix new file mode 100644 index 0000000..02ba643 --- /dev/null +++ b/modules/home/mako.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, colors, ...}: +with lib; +let + cfg = config.dadada.home.mako; +in { + options.dadada.home.mako = { + enable = mkEnableOption "Enable mako config"; + }; + config = mkIf cfg.enable { + programs.mako = { + enable = true; + anchor = "bottom-right"; + backgroundColor = colors.color8; + borderColor = colors.color0; + #defaultTimeout = -1; + font = "Source Code Pro 10"; + format = ''%a %s\n%b''; + height = 100; + #groupBy = "app-name"; + icons = false; + ignoreTimeout = false; + layer = "overlay"; + margin = "0,0,0"; + maxVisible = 200; + padding = "0"; + progressColor = colors.color4; + sort = "+time"; + textColor = colors.foreground; + width = 400; + }; + }; +} diff --git a/modules/home/module-list.nix b/modules/home/module-list.nix new file mode 100644 index 0000000..bffa457 --- /dev/null +++ b/modules/home/module-list.nix @@ -0,0 +1,20 @@ +[ + ./colors.nix + ./direnv.nix + ./fish.nix + ./git.nix + ./gpg.nix + ./gtk.nix + ./keyring.nix + ./kitty + ./mako.nix + ./session.nix + ./ssh.nix + ./sway + ./syncthing.nix + ./termite.nix + ./tmux.nix + ./vim + ./xdg.nix + ./zsh.nix +] diff --git a/home/modules/session.nix b/modules/home/session.nix similarity index 85% rename from home/modules/session.nix rename to modules/home/session.nix index ba5c941..d9520a9 100644 --- a/home/modules/session.nix +++ b/modules/home/session.nix @@ -1,21 +1,16 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: with lib; let cfg = config.dadada.home.session; -in -{ +in { options.dadada.home.session = { enable = mkEnableOption "Enable session variable management"; sessionVars = mkOption { description = "Session variables"; type = types.attrs; - default = { }; + default = {}; example = '' - EDITOR = "hx"; + EDITOR = "vim"; PAGER = "less"; ''; }; diff --git a/home/modules/ssh.nix b/modules/home/ssh.nix similarity index 86% rename from home/modules/ssh.nix rename to modules/home/ssh.nix index b8aab54..b428a8b 100644 --- a/home/modules/ssh.nix +++ b/modules/home/ssh.nix @@ -1,13 +1,8 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: with lib; let cfg = config.dadada.home.ssh; -in -{ +in { options.dadada.home.ssh = { enable = mkEnableOption "Enable SSH config"; }; diff --git a/modules/home/sway/config b/modules/home/sway/config new file mode 100644 index 0000000..f5a8382 --- /dev/null +++ b/modules/home/sway/config @@ -0,0 +1,306 @@ +set $wallpaper ~/.config/nixpkgs/modules/sway/wallpaper +set $foreground #a3a3a3ff +set $background #1f2022e5 +set $dark_black #1f2022ff +set $light_black #282828ff +set $dark_red #444155ff +set $light_red #585858ff +set $dark_green #b8b8b8ff +set $light_green #a3a3a3ff +set $dark_yellow #e8e8e8ff +set $light_yellow #f8f8f8ff +set $dark_blue #f2241fff +set $light_blue #ffa500ff +set $dark_magenta #b1951dff +set $light_magenta #67b11dff +set $dark_cyan #2d9574ff +set $light_cyan #4f97d7ff +set $dark_white #a31db1ff +set $light_white #b03060ff + +xwayland enable + +# global modifier key +set $mod Mod4 + +# reload the configuration file +bindsym $mod+Shift+c reload + +# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) +bindsym $mod+Shift+r restart + +# the font to be used for i3bar and window decorations +font pango:Source Code Pro 8 + +bindsym $mod+Return exec termite +bindsym $mod+Space exec bemenu-run + +# switch keyboard to neo +#bindsym $mod+F1 exec neo-key +#bindsym $mod+F2 exec eu-key + +# kill focused window +bindsym $mod+Shift+q kill + +# toggle moving floating windows with the mouse +floating_modifier $mod + +# toggle tiling / floating +bindsym $mod+Shift+f floating toggle + +# resize window (you can also use the mouse for that) +mode "resize" { + # resize windows with hjkl + bindsym h resize shrink width 10 px or 10 ppt + bindsym j resize grow height 10 px or 10 ppt + bindsym k resize shrink height 10 px or 10 ppt + bindsym l resize grow width 10 px or 10 ppt + + # back to normal mode + bindsym Return mode "default" + bindsym Escape mode "default" +} + +# switch to resize mode +bindsym $mod+r mode "resize" + +# set border width of new window +default_border pixel 1 + +# keep focus within current container? +focus_wrapping no + +# focus goes to window if mouse is moved onto it +focus_follows_mouse yes + +# enter fullscreen mode for the focused container +bindsym $mod+o fullscreen + +# default orientation of new windows +default_orientation horizontal + +# split in horizontal orientation +bindsym $mod+b split h + +# split in vertical orientation +bindsym $mod+shift+b split v + +# change container layout (stacked, tabbed, toggle split) +bindsym $mod+x layout toggle all + +# name workspaces +set $1 1 +set $2 2 +set $3 3 +set $4 4 +set $5 5 +set $6 6 +set $7 7 +set $8 8 +set $9 9 +set $10 10 + +# default mode +workspace_layout tabbed + +# automatically jump back to previous workspace +workspace_auto_back_and_forth yes + +# messaging +workspace 2 output LVDS-1 + +# web and doc +workspace 1 output VGA-1 + +# editor and IDE +workspace 3 output DP-2 + +# change focus +bindsym $mod+h focus left +bindsym $mod+j focus down +bindsym $mod+k focus up +bindsym $mod+l focus right + +# focus latest urgent window +bindsym $mod+Shift+1 [urgent=latest] focus + +# focus the parent container +bindsym $mod+Up focus parent + +# focus the child container +bindsym $mod+Down focus child + +# focus tiling/floating +bindsym $mod+f focus mode_toggle + +# focus workspace +bindsym $mod+1 workspace number $1 +bindsym $mod+2 workspace number $2 +bindsym $mod+3 workspace number $3 +bindsym $mod+4 workspace number $4 +bindsym $mod+5 workspace number $5 +bindsym $mod+6 workspace number $6 +bindsym $mod+7 workspace number $7 +bindsym $mod+8 workspace number $8 +bindsym $mod+9 workspace number $9 +bindsym $mod+0 workspace number $10 +bindsym $mod+n workspace next_on_output +bindsym $mod+p workspace prev_on_output + +# focus different outputs (displays) +bindsym $mod+shift+h focus output left +bindsym $mod+shift+j focus output down +bindsym $mod+shift+k focus output up +bindsym $mod+shift+l focus output right + +# show the first scratchpad window +bindsym $mod+minus scratchpad show + +set $mode_move "move" +bindsym $mod+m mode "$mode_move" + +mode "$mode_move" { + + # move focused container + bindsym h move left ;mode "default" + bindsym j move down ;mode "default" + bindsym k move up ;mode "default" + bindsym l move right;mode "default" + bindsym 1 move container to workspace number $1 ;mode "default" + bindsym 2 move container to workspace number $2 ;mode "default" + bindsym 3 move container to workspace number $3 ;mode "default" + bindsym 4 move container to workspace number $4 ;mode "default" + bindsym 5 move container to workspace number $5 ;mode "default" + bindsym 6 move container to workspace number $6 ;mode "default" + bindsym 7 move container to workspace number $7 ;mode "default" + bindsym 8 move container to workspace number $8 ;mode "default" + bindsym 9 move container to workspace number $9 ;mode "default" + bindsym 0 move container to workspace number $10 ;mode "default" + bindsym n move container to workspace next_on_output;mode "default" + bindsym p move container to workspace prev_on_output;mode "default" + + # move focused workspace to output + bindsym shift+h move workspace to output left ; mode "default" + bindsym shift+j move workspace to output down ; mode "default" + bindsym shift+k move workspace to output up ; mode "default" + bindsym shift+l move workspace to output right ; mode "default" + bindsym shift+n move container to output next ; mode "default" + bindsym shift+p move container to output prev ; mode "default" + + # make the currently focused window a scratchpad + bindsym minus move scratchpad; mode "default" + + # Move container to the current position of the cursor + bindsym m move position mouse; mode "default" + + bindsym Escape mode "default" +} + +# lock the screen +bindsym $mod+equal exec ~/bin/lock-session + +# control volume +bindsym --locked XF86AudioRaiseVolume exec amixer set 'Master' 5%+ && pkill -RTMIN+10 i3blocks +bindsym --locked XF86AudioLowerVolume exec amixer set 'Master' 5%- && pkill -RTMIN+10 i3blocks +bindsym --locked XF86AudioMute exec amixer set Master toggle && pkill -RTMIN+10 i3blocks +bindsym --locked --to-code XF86AudioMicMute exec --no-startup-id pactl set-source-mute 1 toggle + +# control media player +bindsym --locked XF86AudioPlay exec playerctl play-pause && pkill -RTMIN+11 i3blocks +bindsym --locked XF86LaunchA exec playerctl play-pause && pkill -RTMIN+11 i3blocks +bindsym --locked XF86AudioNext exec playerctl next && pkill -RTMIN+11 i3blocks +bindsym --locked XF86Explorer exec playerctl next && pkill -RTMIN+11 i3blocks +bindsym --locked XF86AudioPrev exec playerctl previous && pkill -RTMIN+11 i3blocks +bindsym --locked XF86Search exec playerctl previous && pkill -RTMIN+11 i3blocks + +# control screen brightness +bindsym --locked XF86MonBrightnessUp exec brightnessctl set -d intel_backlight +5% +bindsym --locked XF86MonBrightnessDown exec brightnessctl set -d intel_backlight 5%- + +# Basic bar configuration using the Base16 variables. +bar { + id bar + status_command i3blocks + mode dock + modifier $mod + position bottom + strip_workspace_numbers yes + workspace_buttons yes + #output LVDS-1 + + colors { + background $background + separator $light_green + statusline $foreground + + # State Border BG Text + focused_workspace $light_black $dark_cyan $background + active_workspace $light_black $dark_green $background + inactive_workspace $dark_black $background $foreground + urgent_workspace $light_black $dark_red $background + binding_mode $light_black $dark_magenta $background + } +} + +#hide_edge_borders both +bindsym XF86Launch1 exec aplay ~/lib/sounds/wortwitzklingel-mono.wav + +# Basic color configuration using the Base16 variables for windows and borders. +# Property Name Border BG Text Indicator Child Border +client.focused $light_black $dark_cyan $background $dark_cyan $dark_cyan +client.focused_inactive $light_black $dark_green $background $dark_green $dark_green +client.unfocused $light_black $background $foreground $dark_white $dark_white +client.urgent $light_black $dark_red $background $dark_red $dark_red +client.placeholder $light_black $dark_magenta $background $dark_magenta $dark_magenta + +input * { + xkb_layout eu + xkb_model pc105+inet + xkb_options caps:escape + natural_scroll enabled +} + +input 2:7:SynPS/2_Synaptics_TouchPad { + # disables the input device + events disabled +} + +output VGA-1 { + background $wallpaper fill + pos 0 0 +} + +output DP-2 { + background $wallpaper fill + pos 1280 0 +} + +output LVDS-1 { + background $wallpaper fill + pos 3840 0 +} + + +seat * { + hide_cursor 5000 +} + +assign [app_id="thunderbird"] workspace 1 +assign [app_id="telegramdesktop"] workspace 1 +assign [app_id="firefox" title="Riot.*"] workspace 1 +assign [app_id="firefox" title="Instant messaging.*"] workspace 1 +assign [app_id="firefox" title="Threema Web.*"] workspace 1 +assign [app_id="firefox" title="chaos\.social.*"] workspace 1 +assign [app_id="thunderbird" title="Write:.*"] workspace 3 +assign [app_id="firefox"] workspace 2 +assign [app_id="jetbrains-studio"] workspace 3 +assign [app_id="org.keepassxc.KeePassXC"] workspace 10 + +exec xset s off +exec mako +#exec swayidle -w timeout 300 '$HOME/bin/lock-session' timeout 240 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' before-sleep '$HOME/bin/lock-session' lock '$HOME/bin/lock-session' +#exec redshift +#exec keepassxc +#exec firefox +#exec thunderbird +#exec riot-desktop diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix new file mode 100644 index 0000000..5dfbd09 --- /dev/null +++ b/modules/home/sway/default.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, colors, ...}: +with lib; +let + cfg = config.dadada.home.sway; +in { + options.dadada.home.sway = { + enable = mkEnableOption "Enable Sway config"; + }; + config = mkIf cfg.enable { + home.packages = with pkgs; [ + qt5.qtwayland + swayidle + xwayland + mako + kanshi + i3blocks + termite + bemenu + xss-lock + ] ++ (with unstable; [ + swaylock + ]); + + wayland.windowManager.sway = { + enable = true; + config = null; + extraConfig = (builtins.readFile ./config); + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + # needs qt5.qtwayland in systemPackages + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + # Fix for some Java AWT applications (e.g. Android Studio), + # use this if they aren't displayed properly: + export _JAVA_AWT_WM_NONREPARENTING=1 + ''; + }; + }; +} diff --git a/home/modules/syncthing.nix b/modules/home/syncthing.nix similarity index 86% rename from home/modules/syncthing.nix rename to modules/home/syncthing.nix index 8095904..17db865 100644 --- a/home/modules/syncthing.nix +++ b/modules/home/syncthing.nix @@ -1,14 +1,8 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.dadada.home.syncthing; -in -{ +in { options.dadada.home.syncthing = { enable = mkEnableOption "Enable Syncthing config"; }; diff --git a/modules/home/termite.nix b/modules/home/termite.nix new file mode 100644 index 0000000..8264024 --- /dev/null +++ b/modules/home/termite.nix @@ -0,0 +1,69 @@ +{ + config, + lib, + pkgs, + colors ? ../../lib/colors.nix, + ... +}: +with lib; +let + cfg = config.dadada.home.termite; +in { + options.dadada.home.termite = { + enable = mkEnableOption "Enable termite config"; + }; + config = mkIf cfg.enable { + programs.termite = { + enable = true; + allowBold = true; + audibleBell = false; + clickableUrl = true; + dynamicTitle = true; + font = "Source Code Pro 10"; + mouseAutohide = false; + scrollOnOutput = false; + scrollOnKeystroke = true; + scrollbackLines = -1; + searchWrap = true; + urgentOnBell = true; + cursorBlink = "off"; + cursorShape = "block"; + sizeHints = false; + scrollbar = "off"; + colorsExtra = '' + foreground = ${colors.foreground} + foreground_bold = ${colors.foregroundBold} + cursor = ${colors.cursor} + cursor_foreground = ${colors.cursorForeground} + background = ${colors.background} + color0 = ${colors.background} + color8 = ${colors.color8} + color7 = ${colors.color7} + color15 = ${colors.color15} + color1 = ${colors.color1} + color9 = ${colors.color9} + color2 = ${colors.color2} + color10 = ${colors.color10} + color3 = ${colors.color3} + color11 = ${colors.color11} + color4 = ${colors.color4} + color12 = ${colors.color12} + color5 = ${colors.color5} + color13 = ${colors.color13} + color6 = ${colors.color6} + color14 = ${colors.color14} + color16 = ${colors.color16} + color17 = ${colors.color17} + color18 = ${colors.color18} + color19 = ${colors.color19} + color20 = ${colors.color20} + color21 = ${colors.color21} + ''; + }; + + # Add font that is used in config + home.packages = [ + pkgs.source-code-pro + ]; + }; +} diff --git a/modules/home/tmux.nix b/modules/home/tmux.nix new file mode 100644 index 0000000..d25eb30 --- /dev/null +++ b/modules/home/tmux.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +with lib; +let + cfg = config.dadada.home.tmux; +in { + options.dadada.home.tmux = { + enable = mkEnableOption "Enable tmux config"; + }; + config = mkIf cfg.enable { + programs.tmux = { + enable = true; + terminal = "xterm-256color"; + extraConfig = '' + set -g status on + set-option -g set-titles on + set-option -g automatic-rename on + set-window-option -g mode-keys vi + ''; + }; + }; +} diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix new file mode 100644 index 0000000..1199c8c --- /dev/null +++ b/modules/home/vim/default.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.home.vim; + vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {}; +in +{ + options.dadada.home.vim = { + enable = mkEnableOption "Enable VIM config"; + }; + + config = mkIf cfg.enable { + programs.vim = { + enable = true; + extraConfig = builtins.readFile ./vimrc; + plugins = [ + pkgs.vimPlugins.vim-nix + #pkgs.vimPlugins.kotlin-vim + pkgs.vimPlugins.ale + pkgs.vimPlugins.fzf-vim + pkgs.vimPlugins.rust-vim + pkgs.vimPlugins.base16-vim + pkgs.vimPlugins.typescript-vim + pkgs.vimPlugins.vim-airline + pkgs.vimPlugins.vim-airline-themes + pkgs.vimPlugins.vim-fish + vimPlugins.spacemacsTheme + vimPlugins.filetype + #pkgs.vimPlugins.vim-gnupg + #pkgs.vimPlugins.vim-l9 + pkgs.vimPlugins.vim-ledger + #pkgs.vimPlugins.clang_complete + ]; + }; + home.packages = [ pkgs.languagetool ]; + }; +} diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc new file mode 100644 index 0000000..3538ae9 --- /dev/null +++ b/modules/home/vim/vimrc @@ -0,0 +1,144 @@ +filetype plugin on +filetype indent on + +set autoread +" :W sudo saves the file +" (useful for handling the permission-denied error) +command W w !sudo tee % > /dev/null + +" no command execution from modeline +set nomodeline + +" Turn on the Wild menu +set wildmenu + +" Enable hidden buffers +set hidden + +" Clipboard copy & paste +"set clipboard=unnamedplus + +" Always show current position +set ruler + +" When searching try to be smart about cases +set smartcase + +" Highlight search results +set hlsearch + +" Inenteremental search +set incsearch + +" Don't redraw while executing macros (good performance config) +set lazyredraw + +" Do not show matching brackets when text indicator is over them +" set noshowmatch +" let loaded_matchparen = 1 + +" No annoying sound on errors +set noerrorbells +set novisualbell + +set wrap +set linebreak +set nolist " list disables linebreak + +" Enable syntax highlighting +syntax enable + +if (has("termguicolors")) + set termguicolors +endif + +set t_Co=256 + +set background=dark +colorscheme spacemacs-theme + +" Use tabs for indent +set smarttab +set smartindent +set autoindent +set copyindent +set preserveindent + +set wildmode=longest,list,full +set wildmenu + +set cursorline +set number +set relativenumber + +" Transparency +"hi Normal guibg=NONE ctermbg=NONE + +"set list! +"set listchars=trail:⛤,extends:⟩,precedes:⟨,nbsp:␣,conceal:… + +" Map leader to do extra key combinations +let mapleader = " " + +" Toggle paste mode on and off +map pp :setlocal paste! + +" Fast saving +nmap w :w! + +" Buffer switching +nmap bb :Buffers +nmap bl :Buffers +nmap bn :bnext +nmap bp :bprevious + +nmap ll :Lines +nmap mm :Marks +nmap ww :Windows +nmap hh :History/ +nmap rr :reg + +" finding files +nmap ff :Files +nmap pp :FufDir + +set statusline+=%#warningmsg# +set statusline+=%{SyntasticStatuslineFlag()} +set statusline+=%* + +"let g:syntastic_always_populate_loc_list = 1 +"let g:syntastic_auto_loc_list = 1 +"let g:syntastic_check_on_open = 1 +"let g:syntastic_check_on_wq = 0 +nmap sp :ALEFindReferences +nmap ss :ALESymbolSearch +nmap gd :ALEGoToDefinition +nmap ?? :ALEHover + +" Enable completion where available. +" This setting must be set before ALE is loaded. +let g:ale_completion_enabled = 1 + +let g:ale_fix_on_save = 1 + +let g:ale_warn_about_trailing_whitespace = 1 +let g:ale_warn_about_trailing_lines = 1 +let g:ale_completion_tsserver_autoimport = 1 +let g:ale_languagetool_executable = 'languagetool-commandline' + +"let g:ale_lint_on_text_changed = 'never' +" You can disable this option too +" if you don't want linters to run on opening a file +"let g:ale_lint_on_enter = 0 + +" Set airline theme +let g:airline_theme='base16_spacemacs' + +" Load all plugins now. +" Plugins need to be added to runtimepath before helptags can be generated. +packloadall +" Load all of the helptags now, after plugins have been loaded. +" All messages and errors will be ignored. +silent! helptags ALL + +set omnifunc=ale#completion#OmniFunc diff --git a/home/modules/xdg.nix b/modules/home/xdg.nix similarity index 73% rename from home/modules/xdg.nix rename to modules/home/xdg.nix index 02cadaf..d560780 100644 --- a/home/modules/xdg.nix +++ b/modules/home/xdg.nix @@ -1,14 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let apps = { - "x-scheme-handler/mailto" = "evolution.desktop"; - "message/rfc822" = "evolution.desktop"; + "x-scheme-handler/mailto" = "userapp-Thunderbird-PB7NI0.desktop"; + "message/rfc822" = "userapp-Thunderbird-PB7NI0.desktop"; "x-scheme-handler/http" = "firefox.desktop"; "x-scheme-handler/https" = "firefox.desktop"; "x-scheme-handler/ftp" = "firefox.desktop"; @@ -20,36 +15,35 @@ let "application/xhtml+xml" = "firefox.desktop"; "application/x-extension-xhtml" = "firefox.desktop"; "application/x-extension-xht" = "firefox.desktop"; - "application/pdf" = "evince.desktop"; + "text/plain" = "vim.desktop"; + "application/pdf" = "org.pwmt.zathura.desktop"; }; cfg = config.dadada.home.xdg; -in -{ +in { options.dadada.home.xdg = { enable = mkEnableOption "Enable XDG config"; }; config = mkIf cfg.enable { xdg = { enable = true; - configHome = "${config.home.homeDirectory}/.config"; mimeApps = { enable = false; associations.added = apps; defaultApplications = apps; }; userDirs = { - desktop = "\$HOME/.desktop"; - download = "\$HOME/tmp"; + download ="\$HOME/tmp"; music = "\$HOME/lib/music"; - videos = "\$HOME/lib/videos"; + videos ="\$HOME/lib/videos"; pictures = "\$HOME/lib/pictures"; documents = "\$HOME/lib"; + desktop = "$HOME/tmp"; }; }; home.packages = with pkgs; [ - evince - firefox - xdg-utils + firefox-bin + xdg_utils + zathura ]; }; } diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix new file mode 100644 index 0000000..91ab985 --- /dev/null +++ b/modules/home/zsh.nix @@ -0,0 +1,65 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.home.zsh; +in { + options.dadada.home.zsh = { + enable = mkEnableOption "Enable ZSH config"; + }; + config = mkIf cfg.enable { + programs.fzf.enableZshIntegration = true; + programs.zsh = { + enable = true; + enableAutosuggestions = true; + enableCompletion = true; + autocd = true; + sessionVariables = { + EDITOR = "vim"; + }; + history = { + extended = true; + ignoreDups = true; + ignoreSpace = true; + save = 100000; + share = true; + }; + plugins = [ + ]; + initExtra = '' + source ~/.nix-profile/share/zsh-git-prompt/zshrc.sh + source ~/.nix-profile/share/fzf/key-bindings.zsh + source ~/.nix-profile/share/fzf/completion.zsh + + preexec() { echo -n -e "\033]0;$1\007" } + + PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " + RPROMPT='$(git_super_status)' + #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" + if [ "$TMUX" = "" ] + then + tmux + fi + ''; + profileExtra = '' + ''; + shellAliases = { + gst = "git status"; + gco = "git commit"; + glo = "git log"; + gad = "git add"; + ls = "exa"; + ll = "exa -l"; + la = "exa -la"; + mv = "mv -i"; + cp = "cp -i"; + }; + }; + + home.packages = with pkgs; [ + fzf + exa + zsh-git-prompt + tmux + ]; + }; +} diff --git a/modules/homepage.nix b/modules/homepage.nix new file mode 100644 index 0000000..94468ba --- /dev/null +++ b/modules/homepage.nix @@ -0,0 +1,18 @@ +{ config, pkgs, lib, ... }: + +let + cfg = config.dadada.homePage; +in with lib; { + options.dadada.homePage = { + enable = mkEnableOption "Enable home page"; + }; + config = mkIf cfg.enable { + services.nginx.enable = true; + + services.nginx.virtualHosts."dadada.li" = { + enableACME = true; + forceSSL = true; + root = pkgs.homePage; + }; + }; +} diff --git a/modules/module-list.nix b/modules/module-list.nix new file mode 100644 index 0000000..4650c02 --- /dev/null +++ b/modules/module-list.nix @@ -0,0 +1,14 @@ +[ + ./admin.nix + ./backup.nix + ./element.nix + ./fido2.nix + ./fileShare.nix + ./homepage.nix + ./networking.nix + ./share.nix + ./steam.nix + ./update.nix + ./vpnServer.nix + ./weechat.nix +] diff --git a/modules/networking.nix b/modules/networking.nix new file mode 100644 index 0000000..badd59d --- /dev/null +++ b/modules/networking.nix @@ -0,0 +1,80 @@ +{ config, pkgs, lib, ...}: +with lib; +let + cfg = config.dadada.networking; +in { + options.dadada.networking = { + useLocalResolver = mkEnableOption "Enable local caching name server"; + wanInterfaces = mkOption { + type = with types; listOf str; + description = "WAN network interfaces"; + default = []; + }; + vpnExtension = mkOption { + type = with types; nullOr str; + description = "Last part of VPN address"; + default = null; + }; + enableBsShare = mkEnableOption "Enable network share at BS location"; + }; + + config = { + networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true; + services.unbound = mkIf cfg.useLocalResolver { + enable = true; + allowedAccess = [ + "127.0.0.1/8" + "::1" + ]; + extraConfig = '' + tls-upstream: yes + tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt" + forward-zone: + name: . + forward-tls-upstream: yes + forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com + forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com + forward-addr: 1.1.1.1@853#cloudflare-dns.com + forward-addr: 1.0.0.1@853#cloudflare-dns.com + ''; + }; + + networking.useDHCP = false; + + networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i { + useDHCP = true; + })); + + networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { + bs = { + ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ]; + listenPort = 51234; + + privateKeyFile = "/var/lib/wireguard/privkey"; + + peers = [ + { + publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs="; + allowedIPs = [ "fd42:dead:beef::/48" ]; + endpoint = "bs.vpn.dadada.li:51234"; + persistentKeepalive = 25; + } + ]; + }; + }; + + fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare { + device = "media.dadada.li:/mnt/storage/share"; + fsType = "nfs"; + options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; + }; + + networking.firewall = { + enable = true; + allowedUDPPorts = [ + 51234 # Wireguard + 5353 # mDNS + ]; + }; + }; +} diff --git a/modules/profiles/base/default.nix b/modules/profiles/base/default.nix new file mode 100644 index 0000000..ec6fc2d --- /dev/null +++ b/modules/profiles/base/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: +with lib; +{ + nixpkgs.overlays = attrValues (import ../../../overlays); + + imports = import ../../module-list.nix; + + networking.domain = mkDefault "dadada.li"; + + dadada.admin.users = { + "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; + }; + + #dadada.autoUpgrade = mkDefault true; + + environment.noXlibs = mkDefault true; + documentation.enable = mkDefault false; + documentation.nixos.enable = mkDefault false; + + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + console = mkDefault { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + +} diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix new file mode 100644 index 0000000..3ae87ed --- /dev/null +++ b/modules/profiles/default.nix @@ -0,0 +1,4 @@ +{ + base = ./base; + laptop = ./laptop; +} diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix new file mode 100644 index 0000000..bb585a1 --- /dev/null +++ b/modules/profiles/laptop/default.nix @@ -0,0 +1,37 @@ +{ config, pkgs, lib, ... }: +with lib; +{ + imports = [ + ../base + ]; + + dadada = { + networking = { + useLocalResolver = mkDefault true; + }; + }; + + services.fwupd.enable = true; + + fonts.fonts = mkDefault (with pkgs; [ + source-code-pro + ]); + + time.timeZone = mkDefault "Europe/Berlin"; + + programs.zsh = mkDefault { + enable = true; + autosuggestions.enable = true; + enableCompletion = true; + histSize = 100000; + vteIntegration = true; + syntaxHighlighting = { + enable = true; + highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ]; + }; + }; + + environment.noXlibs = false; + documentation.enable = true; + documentation.nixos.enable = true; +} diff --git a/nixos/modules/share.nix b/modules/share.nix similarity index 93% rename from nixos/modules/share.nix rename to modules/share.nix index 7c7410b..852ae80 100644 --- a/nixos/modules/share.nix +++ b/modules/share.nix @@ -1,14 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: + with lib; let cfg = config.dadada.share; -in -{ +in { options.dadada.share = { enable = mkEnableOption "Enable file share"; }; @@ -32,3 +27,4 @@ in }; }; } + diff --git a/nixos/modules/steam.nix b/modules/steam.nix similarity index 51% rename from nixos/modules/steam.nix rename to modules/steam.nix index e14add3..273b1c0 100644 --- a/nixos/modules/steam.nix +++ b/modules/steam.nix @@ -1,22 +1,17 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: with lib; let cfg = config.dadada.steam; -in -{ - options = { - dadada.steam = { - enable = mkEnableOption "Enable Steam config"; - }; +in { + options.dadada.steam = { + enable = mkEnableOption "Enable Steam config"; }; config = mkIf cfg.enable { - hardware.graphics = { + nixpkgs.config.allowUnfree = true; + + hardware.opengl = { enable = true; + driSupport32Bit = true; extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; }; diff --git a/modules/update.nix b/modules/update.nix new file mode 100644 index 0000000..4b37227 --- /dev/null +++ b/modules/update.nix @@ -0,0 +1,27 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.dadada.autoUpgrade; +in { + + options.dadada.autoUpgrade = { + enable = mkEnableOption "Enable automatic upgrades"; + }; + + config = mkIf cfg.enable { + nix = { + autoOptimiseStore = true; + useSandbox = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + + system.autoUpgrade = { + enable = true; + dates = "daily"; + }; + }; +} diff --git a/modules/vpnServer.nix b/modules/vpnServer.nix new file mode 100644 index 0000000..7fb108e --- /dev/null +++ b/modules/vpnServer.nix @@ -0,0 +1,47 @@ +{ config, lib, ... }: + +with lib; +let + cfg = config.dadada.vpnServer; + wgPeer = { name, ... }: { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; + }; + }; + }; +in { + options.dadada.vpnServer = { + enable = mkEnableOption "Enable wireguard gateway"; + peers = mkOption { + description = "Set of extensions and public keys of peers"; + type = with types; attrsOf (submodule wgPeer); + default = {}; + }; + }; + config = mkIf cfg.enable { + networking.wireguard.enable = true; + networking.wireguard.interfaces."wg0" = { + allowedIPsAsRoutes = true; + privateKeyFile = "/var/lib/wireguard/wg0-key"; + ips = [ "fd42:dead:beef:1337::0/64" ]; + listenPort = 51234; + peers = map (peer: ( + { + allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; + publicKey = peer.key; + })) (attrValues cfg.peers); + }; + }; +} diff --git a/nixos/modules/weechat.nix b/modules/weechat.nix similarity index 94% rename from nixos/modules/weechat.nix rename to modules/weechat.nix index 6ff0106..7fabdb8 100644 --- a/nixos/modules/weechat.nix +++ b/modules/weechat.nix @@ -1,14 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: + with lib; let cfg = config.dadada.weechat; -in -{ +in { options.dadada.weechat = { enable = mkEnableOption "Enable weechat relay"; }; @@ -36,7 +31,7 @@ in }; }; services.nginx.virtualHosts."weechat.dadada.li" = { - enableACME = true; + useACMEHost = "webchat.dadada.li"; forceSSL = true; root = "${pkgs.nginx}/html"; @@ -60,3 +55,4 @@ in }; }; } + diff --git a/nixos/configurations.nix b/nixos/configurations.nix deleted file mode 100644 index 877c6a9..0000000 --- a/nixos/configurations.nix +++ /dev/null @@ -1,110 +0,0 @@ -{ - self, - agenix, - disko, - home-manager, - homepage, - lanzaboote, - nixos-hardware, - nixos-generators, - nixpkgs, - ... -}@inputs: -let - # create a new instance allowing some unfree packages - nixpkgsx86 = import nixpkgs { - system = "x86_64-linux"; - config.allowUnfreePredicate = - pkg: - builtins.elem (nixpkgs.lib.getName pkg) [ - "aspell-dict-en-science" - "brgenml1lpr" - "saleae-logic-2" - "spotify" - ]; - }; - nixosSystem = nixpkgs.lib.nixosSystem; - baseModule = - { lib, ... }: - { - _module.args.inputs = inputs; - imports = [ - inputs.agenix.nixosModules.age - inputs.disko.nixosModules.disko - inputs.home-manager.nixosModules.home-manager - ( - { pkgs, ... }: - { - dadada.homepage.package = homepage; - dadada.pkgs = inputs.self.packages.${pkgs.system}; - dadada.inputs = inputs // { - dadada = inputs.self; - }; - } - ) - inputs.lanzaboote.nixosModules.lanzaboote - ] - ++ (lib.attrValues inputs.self.nixosModules); - }; - homeModule = ./modules/profiles/home.nix; -in -{ - stolas = nixosSystem { - modules = [ - { nixpkgs.pkgs = nixpkgsx86; } - baseModule - nixos-hardware.nixosModules.framework-amd-ai-300-series - homeModule - ./stolas - ]; - }; - - gorgon = nixosSystem { - modules = [ - { nixpkgs.pkgs = nixpkgsx86; } - baseModule - nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 - homeModule - ./gorgon/configuration.nix - ]; - }; - - surgat = nixosSystem { - modules = [ - { nixpkgs.pkgs = nixpkgsx86; } - baseModule - ./surgat/configuration.nix - ]; - }; - - installer = nixosSystem { - modules = [ - nixos-generators.nixosModules.install-iso - inputs.self.nixosModules.admin - ( - { lib, ... }: - { - nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux"; - isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso"; - networking.tempAddresses = "disabled"; - dadada.admin.enable = true; - documentation.enable = true; - documentation.nixos.enable = true; - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - } - ) - ]; - }; - - ninurta = nixosSystem { - modules = [ - { nixpkgs.pkgs = nixpkgsx86; } - baseModule - ./ninurta/configuration.nix - ]; - }; -} diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix deleted file mode 100644 index 69e7588..0000000 --- a/nixos/gorgon/configuration.nix +++ /dev/null @@ -1,284 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - secretsPath = config.dadada.secrets.path; - xilinxJtag = pkgs.writeTextFile { - name = "xilinx-jtag"; - text = '' - ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", TAG+="uaccess" - ''; - destination = "/etc/udev/rules.d/61-xilinx-jtag.rules"; - }; - saleaeLogic = pkgs.writeTextFile { - name = "saleae-logic"; - text = '' - # Saleae Logic analyzer (USB Based) - ATTRS{idVendor}=="21a9", ATTRS{idProduct}=="1006", TAG+="uaccess" - ''; - destination = "/etc/udev/rules.d/61-saleae-logic.rules"; - }; - keychron = pkgs.writeTextFile { - name = "keychron"; - text = '' - # Saleae Logic analyzer (USB Based) - ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0280", TAG+="uaccess" - ''; - destination = "/etc/udev/rules.d/61-keychron.rules"; - }; -in -{ - imports = [ - ../modules/profiles/laptop.nix - ./hardware-configuration.nix - ]; - - dadada.backupClient.bs.enable = false; - dadada.backupClient.backup1.enable = true; - dadada.backupClient.backup2 = { - enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; - }; - dadada.backupClient.gs = { - enable = true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; - }; - - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; - - programs.ssh.startAgent = true; - - nix.extraOptions = '' - experimental-features = nix-command flakes - # Prevent garbage collection for nix shell and direnv - keep-outputs = true - keep-derivations = true - ''; - - boot = { - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; - kernelParams = [ "resume=/dev/disk/by-label/swap" ]; - initrd = { - systemd.enable = true; - luks.devices = { - root = { - device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; - preLVM = true; - allowDiscards = true; - crypttabExtraOpts = [ "fido2-device=auto" ]; - }; - }; - }; - }; - - zramSwap.enable = true; - - networking.hostName = "gorgon"; - - dadada = { - steam.enable = false; - yubikey.enable = true; - }; - - programs.adb.enable = true; - - programs.firefox = { - enable = true; - package = pkgs.firefox-wayland; - }; - - programs.wireshark.enable = true; - - services.avahi.enable = true; - - services.smartd.enable = true; - - services.tor = { - enable = true; - client.enable = true; - }; - - services.paperless = { - enable = true; - passwordFile = config.age.secrets.paperless.path; - }; - - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; - - age.secrets.paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; - mode = "700"; - owner = "paperless"; - }; - - # Enable CUPS to print documents. - services.printing = { - enable = true; - browsing = true; - drivers = with pkgs; [ - config.dadada.pkgs.citizen-cups - hplip - brlaser - brgenml1lpr - brgenml1cupswrapper - ]; - }; - - #hardware.printers.ensurePrinters = [ - # { - # name = "Brother_HL-L2300D"; - # model = "everywhere"; - # location = "BS"; - # deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - # } - #]; - - environment.systemPackages = with pkgs; [ - ghostscript - smartmontools - - dmenu - grim # screenshot functionality - slurp # screenshot functionality - #mako # notification system developed by swaywm maintainer - pulseaudio - - # KDE apps - kdePackages.kmail - kdePackages.kmail-account-wizard - ]; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22000 # Syncthing - ]; - allowedUDPPorts = [ - 21027 # Syncthing - ]; - }; - - systemd.services.modem-manager.enable = lib.mkForce false; - systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - - systemd.sleep.extraConfig = '' - HibernateDelaySec=1h - ''; - - services.udev.packages = [ - xilinxJtag - saleaeLogic - keychron - pkgs.libsigrok - ]; # noMtpUdevRules ]; - - virtualisation.libvirtd.enable = true; - - virtualisation.podman = { - enable = true; - dockerCompat = true; - }; - - users.users = { - dadada = { - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "libvirtd" - "adbusers" - "kvm" - "video" - "scanner" - "lp" - "docker" - "dialout" - "wireshark" - "paperless" - ]; - shell = "/run/current-system/sw/bin/zsh"; - }; - }; - - networking.hosts = { - "127.0.0.2" = [ "kanboard.dadada.li" ]; - }; - - services.gnome.gnome-keyring.enable = lib.mkForce false; - programs.gnupg.agent.enable = true; - - # KDE - services = { - desktopManager.plasma6.enable = true; - displayManager.sddm.enable = true; - displayManager.sddm.wayland.enable = true; - }; - services.greetd = { - enable = false; - settings = { - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; - user = "greeter"; - }; - }; - }; - systemd.user.services.kanshi = { - enable = false; - description = "kanshi daemon"; - environment = { - WAYLAND_DISPLAY = "wayland-1"; - DISPLAY = ":0"; - }; - serviceConfig = { - Type = "simple"; - ExecStart = ''${pkgs.kanshi}/bin/kanshi''; - }; - }; - # enable Sway window manager - programs.sway = { - enable = false; - wrapperFeatures.gtk = true; - }; - programs.light.enable = true; - xdg.portal.wlr.enable = false; - hardware.bluetooth.enable = true; - - hardware.graphics = { - enable = true; - extraPackages = with pkgs; [ - vaapiVdpau - libvdpau-va-gl - ]; - }; - - powerManagement = { - enable = true; - powertop.enable = true; - cpuFreqGovernor = "schedutil"; - powerUpCommands = '' - echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold - echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold - ''; - }; - services.tlp.enable = false; - - system.stateVersion = "23.11"; -} diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix deleted file mode 100644 index 30d7447..0000000 --- a/nixos/gorgon/hardware-configuration.nix +++ /dev/null @@ -1,53 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "nvme" - "ehci_pci" - "xhci_pci" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/5B90-D460"; - fsType = "vfat"; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0"; - fsType = "ext4"; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef"; - fsType = "ext4"; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; } - ]; - - nix.settings.max-jobs = lib.mkDefault 16; -} diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix deleted file mode 100644 index bd03ba7..0000000 --- a/nixos/modules/admin.nix +++ /dev/null @@ -1,122 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.dadada.admin; - extraGroups = [ - "wheel" - "libvirtd" - ]; - - shells = { - "bash" = pkgs.bashInteractive; - "zsh" = pkgs.zsh; - "fish" = pkgs.fish; - }; - - shellNames = builtins.attrNames shells; - - adminOpts = - { - name, - config, - ... - }: - { - options = { - keys = mkOption { - type = types.listOf types.str; - default = [ ]; - apply = - x: - assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); - x; - description = '' - The keys that should be able to access the account. - ''; - }; - shell = mkOption { - type = types.nullOr types.str; - apply = - x: - assert ( - builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}" - ); - x; - default = "zsh"; - defaultText = literalExpression "zsh"; - example = literalExpression "bash"; - description = '' - One of ${builtins.toString shellNames} - ''; - }; - }; - }; -in -{ - options = { - dadada.admin = { - enable = mkEnableOption "Enable admin access"; - - users = mkOption { - type = with types; attrsOf (submodule adminOpts); - default = import ../../admins.nix; - description = '' - Admin users with root access machine. - ''; - example = literalExample "\"user1\" = { shell = pkgs.bashInteractive; keys = [ 'ssh-rsa 123456789' ]; }"; - }; - - rat = mkOption { - type = types.bool; - default = false; - description = '' - Enable NAT and firewall traversal for SSH via tor hidden service - ''; - }; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.users != [ ]; - message = "Must provide at least one admin, if the admin module is enabled."; - } - ]; - - programs.zsh.enable = mkDefault true; - - services.sshd.enable = true; - services.openssh.settings.PasswordAuthentication = false; - security.sudo.wheelNeedsPassword = lib.mkDefault false; - services.openssh.openFirewall = true; - - users.users = mapAttrs (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = lib.mkDefault extraGroups; - isNormalUser = true; - openssh.authorizedKeys.keys = keys.keys; - }) cfg.users; - - nix.settings.trusted-users = builtins.attrNames cfg.users; - - users.mutableUsers = mkDefault false; - - environment.systemPackages = with pkgs; [ - helix - tmux - ]; - - services.tor.relay.onionServices = { - "rat" = mkIf cfg.rat.enable { - name = "rat"; - map = [ { port = 22; } ]; - }; - }; - }; -} diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix deleted file mode 100644 index 095fd35..0000000 --- a/nixos/modules/backup.nix +++ /dev/null @@ -1,196 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - backupExcludes = [ - "/backup" - "/dev" - "/efi" - "/home/*/.cache" - "/home/*/.config/Riot/Cache" - "/home/iserv" - "/lost+found" - "/mnt" - "/nix" - "/proc" - "/root" - "/run" - "/sys" - "/tmp" - "/var/cache" - "/var/lib/machines" - "/var/log" - "/var/tmp" - "/swapfile" - ]; - cfg = config.dadada.backupClient; -in -{ - options = { - dadada.backupClient = { - gs = { - enable = mkEnableOption "Enable backup to GS location"; - passphrasePath = mkOption { - type = with types; nullOr str; - description = '' - The path to the passphrase file. - ''; - default = "/var/lib/borgbackup/gs/passphrase"; - }; - }; - bs = { - enable = mkEnableOption "Enable backup to BS location"; - passphrasePath = mkOption { - type = types.str; - description = '' - The path to the passphrase file. - ''; - default = "/var/lib/borgbackup/bs/passphrase"; - }; - sshIdentityFile = mkOption { - type = types.str; - description = '' - Path to the SSH key that is used to transmit the backup. - ''; - default = "/var/lib/borgbackup/bs/id_ed25519"; - }; - }; - backup1 = { - enable = mkEnableOption "Enable backup to new BS location"; - passphrasePath = mkOption { - type = types.str; - description = '' - The path to the passphrase file. - ''; - default = "/var/lib/borgbackup/backup1/passphrase"; - }; - sshIdentityFile = mkOption { - type = types.str; - description = '' - Path to the SSH key that is used to transmit the backup. - ''; - default = "/var/lib/borgbackup/backup1/id_ed25519"; - }; - }; - backup2 = { - enable = mkEnableOption "Enable backup to Hetzner storage box"; - passphrasePath = mkOption { - type = types.str; - description = "The path to the passphrase file."; - default = "/var/lib/borgbackup/backup2/passphrase"; - }; - sshIdentityFile = mkOption { - type = types.str; - description = "Path to the SSH key that is used to transmit the backup."; - default = "/var/lib/borgbackup/backup2/id_ed25519"; - }; - repo = mkOption { - type = types.str; - description = "URL to the repo inside the sub-account."; - example = "u355513-sub1@u355513-sub1.your-storagebox.de:borg"; - }; - }; - }; - }; - - config = { - systemd.mounts = mkIf cfg.gs.enable [ - { - type = "ext4"; - what = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; - where = "/backup"; - options = "nofail,noauto"; - } - ]; - - systemd.automounts = mkIf cfg.gs.enable [ - { - where = "/backup"; - automountConfig.TimeoutIdleSec = "600"; - } - ]; - - services.borgbackup.jobs.gs = mkIf cfg.gs.enable { - removableDevice = true; - paths = "/"; - exclude = backupExcludes; - repo = "/backup/${config.networking.hostName}"; - doInit = false; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.gs.passphrasePath}"; - }; - compression = "auto,lz4"; - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 2; - monthly = -1; # Keep at least one archive for each month - yearly = -1; # Keep at least one archive for each year - }; - startAt = "monthly"; - }; - - systemd.services."borgbackup-job-gs".enable = mkIf cfg.gs.enable true; - systemd.services."borgbackup-job-gs".wants = mkIf cfg.gs.enable [ "backup.mount" ]; - systemd.timers."borgbackup-job-gs".enable = mkIf cfg.gs.enable true; - - services.borgbackup.jobs.bs = mkIf cfg.bs.enable { - paths = "/"; - exclude = backupExcludes; - repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; - doInit = false; - environment = { - BORG_RSH = "ssh -6 -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; - }; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.bs.passphrasePath}"; - }; - compression = "auto,lz4"; - startAt = "daily"; - environment = { - BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; - }; - }; - - services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable { - paths = "/"; - exclude = backupExcludes; - repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}"; - doInit = true; - environment = { - BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; - }; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.backup1.passphrasePath}"; - }; - compression = "auto,lz4"; - startAt = "daily"; - }; - - services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { - paths = "/"; - exclude = backupExcludes; - repo = cfg.backup2.repo; - doInit = true; - environment = { - BORG_RSH = "ssh -6 -p23 -i ${cfg.backup2.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; - }; - encryption = { - mode = "repokey"; - passCommand = "cat ${cfg.backup2.passphrasePath}"; - }; - compression = "auto,lz4"; - startAt = "daily"; - environment = { - BORG_RELOCATED_REPO_ACCESS_IS_OK = "no"; - }; - }; - }; -} diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix deleted file mode 100644 index e498cd1..0000000 --- a/nixos/modules/borg-server.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, ... }: -let - inherit (lib) - mkEnableOption - mkIf - mkOption - types - ; - cfg = config.dadada.borgServer; -in -{ - options = { - dadada.borgServer = { - enable = mkEnableOption "Enable Borg backup server"; - path = mkOption { - type = types.path; - default = "/var/lib/backup"; - example = "/mnt/storage/backup"; - }; - }; - }; - - config = mkIf cfg.enable { - users.users.borg.home = cfg.path; - services.borgbackup.repos = { - "metis" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" - ]; - path = "${cfg.path}/metis"; - quota = "1T"; - }; - "gorgon" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" - ]; - path = "${cfg.path}/gorgon"; - quota = "1T"; - }; - "stolas" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC/mVYd3o7oA0dsA58CgkqR40CSfeuU+rikleSrSXFz dadada@gorgon" - ]; - path = "${cfg.path}/stolas"; - quota = "1T"; - }; - "surgat" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" - ]; - path = "${cfg.path}/surgat"; - quota = "50G"; - }; - "pruflas" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" - ]; - path = "${cfg.path}/pruflas"; - quota = "50G"; - }; - "wohnzimmerpi" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" - ]; - path = "${cfg.path}/wohnzimmerpi"; - quota = "50G"; - }; - "fginfo" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup - ]; - path = "${cfg.path}/fginfo"; - quota = "50G"; - }; - "fginfo-git" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCNSecnVGNPpX2BEvP7EkkHzx46RzJ1L3eaAyIfLYRB flareflo@Dragoncave" # restore from backup - ]; - path = "${cfg.path}/fginfo-git"; - quota = "50G"; - }; - }; - - systemd.tmpfiles.rules = [ - "d ${cfg.path} 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" - ]; - }; -} diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix deleted file mode 100644 index 594be6d..0000000 --- a/nixos/modules/ddns.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.dadada.ddns; - ddnsConfig = - { - domains, - credentialsPath, - interface, - }: - { - systemd.timers = listToAttrs ( - forEach domains ( - domain: - nameValuePair "ddns-${domain}" { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${domain}.service" ]; - timerConfig.OnCalendar = "hourly"; - } - ) - ); - - systemd.services = listToAttrs ( - forEach domains ( - domain: - nameValuePair "ddns-${domain}" { - serviceConfig = { - Type = "oneshot"; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - PrivateMounts = true; - PrivateIPC = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - BindReadOnlyPaths = [ credentialsPath ]; - NoNewPrivileges = true; - CapabilitBoundingSet = [ ]; - }; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } - - IFS=':' - read -r user password < ${credentialsPath} - unset IFS - - curl_url=$(url "$user" "$password" ${domain}) - - ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${ - if interface == null then "" else "--interface ${interface}" - } || true - ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${ - if interface == null then "" else "--interface ${interface}" - } - ''; - } - ) - ); - }; -in -{ - options = { - dadada.ddns.domains = mkOption { - type = types.listOf types.str; - description = '' - Enables DDNS for these domains. - ''; - example = '' - [ "example.com" ] - ''; - default = [ ]; - }; - dadada.ddns.credentialsPath = mkOption { - type = types.path; - description = "Credentials file"; - default = "/var/lib/ddns/credentials"; - }; - dadada.ddns.interface = mkOption { - type = types.nullOr types.str; - description = "Source interface to use"; - default = null; - }; - }; - - config = with cfg; ddnsConfig { inherit domains interface credentialsPath; }; -} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix deleted file mode 100644 index fa94c8c..0000000 --- a/nixos/modules/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ lib, ... }: -with lib; -let - modules' = - dir: - filterAttrs ( - name: type: - (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))) - ) (builtins.readDir dir); - modules = - dir: - mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( - modules' dir - ); -in -(modules ./.) diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix deleted file mode 100644 index 783bf6f..0000000 --- a/nixos/modules/gitea.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - cfg = config.dadada.forgejo; -in -{ - options.dadada.forgejo = { - enable = lib.mkEnableOption "Enable forgejo"; - }; - config = lib.mkIf cfg.enable { - services.forgejo = { - enable = true; - user = "gitea"; - group = "gitea"; - stateDir = "/var/lib/gitea"; - - database = { - type = "postgres"; - name = "gitea"; - user = "gitea"; - }; - - settings = { - DEFAULT.APP_NAME = "dadada forgejo"; - service = { - DISABLE_REGISTRATION = true; - }; - sessions = { - COOKIE_SECURE = true; - }; - server = { - ROOT_URL = "https://git.dadada.li/"; - PROTOCOL = "http+unix"; - LANDING_PAGE = "explore"; - OFFLINE_MODE = true; - DISABLE_SSH = false; - - # Use built-in SSH server - START_SSH_SERVER = true; - SSH_PORT = 22; - - DOMAIN = "git.dadada.li"; - }; - picture = { - DISABLE_GRAVATAR = true; - REPOSITORY_AVATAR_FALLBACK = "random"; - ENABLE_FEDERATED_AVATAR = false; - }; - other = { - SHOW_FOOTER_BRANDING = false; - SHOW_FOOTER_VERSION = false; - SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; - }; - log = { - DISABLE_ROUTER_LOG = true; - LEVEL = "Error"; - }; - cache = { - ENABLE = true; - ADAPTER = "redis"; - HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180"; - }; - }; - }; - - services.redis = { - servers.forgejo = { - enable = true; - user = config.services.forgejo.user; - }; - vmOverCommit = true; - }; - - systemd.services.forgejo.serviceConfig = { - AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE"; - CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE"; - PrivateUsers = lib.mkForce false; - }; - - services.nginx.virtualHosts."git.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - - locations."/".extraConfig = '' - proxy_pass http://unix:/run/forgejo/forgejo.sock:/; - ''; - }; - - users.users.gitea = { - home = "/var/lib/gitea"; - useDefaultShell = true; - group = "gitea"; - isSystemUser = true; - }; - - users.groups.gitea = { }; - }; -} diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix deleted file mode 100644 index 877be07..0000000 --- a/nixos/modules/headphones.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.dadada.headphones; -in -{ - options = { - dadada.headphones = { - enable = mkEnableOption "Enable bluetooth headphones with more audio codecs."; - }; - }; - config = mkIf cfg.enable { - hardware = { - bluetooth.enable = true; - pulseaudio = { - enable = true; - extraModules = [ pkgs.pulseaudio-modules-bt ]; - extraConfig = '' - set-source-volume 1 10000 - ''; - package = pkgs.pulseaudioFull; - }; - }; - }; -} diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix deleted file mode 100644 index 193e71e..0000000 --- a/nixos/modules/homepage.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - config, - lib, - ... -}: -let - cfg = config.dadada.homepage; -in -with lib; -{ - options.dadada.homepage = { - enable = mkEnableOption "Enable home page"; - package = mkOption { - type = lib.types.path; - description = "Path containing the homepage"; - }; - }; - config = mkIf cfg.enable { - services.nginx.enable = true; - - services.nginx.virtualHosts."dadada.li" = { - enableACME = true; - forceSSL = true; - root = "${cfg.package}"; - }; - }; -} diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix deleted file mode 100644 index 9d18883..0000000 --- a/nixos/modules/inputs.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - cfg = config.dadada.inputs; -in -{ - options = { - dadada.inputs = lib.mkOption { - type = lib.types.attrsOf lib.types.attrs; - description = "Flake inputs that should be available inside Nix modules"; - default = { }; - }; - }; - - config = { }; -} diff --git a/nixos/modules/miniflux.nix b/nixos/modules/miniflux.nix deleted file mode 100644 index 6898f34..0000000 --- a/nixos/modules/miniflux.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.dadada.miniflux; - domain = "miniflux.${config.networking.domain}"; - adminCredentialsFile = "miniflux-admin-credentials"; -in -{ - - options.dadada.miniflux = { - enable = lib.mkEnableOption "Enable miniflux RSS aggregator"; - }; - - config = lib.mkIf cfg.enable { - services.miniflux = { - enable = true; - config = { - CLEANUP_FREQUENCY = "48"; - LISTEN_ADDR = "localhost:8080"; - }; - adminCredentialsFile = config.age.secrets.${adminCredentialsFile}.path; - }; - - services.nginx.virtualHosts.${domain} = { - enableACME = true; - forceSSL = true; - - locations."/".extraConfig = '' - proxy_pass http://localhost:8080/; - ''; - }; - - age.secrets.${adminCredentialsFile} = { - file = "${config.dadada.secrets.path}/${adminCredentialsFile}.age"; - mode = "0600"; - }; - }; -} diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix deleted file mode 100644 index 4db8af2..0000000 --- a/nixos/modules/packages.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, ... }: -{ - options = { - dadada.pkgs = lib.mkOption { - type = lib.types.attrsOf lib.types.package; - description = "Additional packages that are not sourced from nixpkgs"; - default = { }; - }; - }; -} diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix deleted file mode 100644 index d333804..0000000 --- a/nixos/modules/profiles/backup.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, lib, ... }: -let - secretsPath = config.dadada.secrets.path; -in -{ - dadada.backupClient.bs = { - enable = lib.mkDefault false; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - }; - - dadada.backupClient.backup1 = { - enable = lib.mkDefault true; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - }; - - dadada.backupClient.backup2 = { - enable = lib.mkDefault false; - passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; - sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; - }; - - age.secrets."${config.networking.hostName}-backup-passphrase".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = - "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; -} diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix deleted file mode 100644 index 0976788..0000000 --- a/nixos/modules/profiles/base.nix +++ /dev/null @@ -1,74 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - mkDefault = lib.mkDefault; - inputs = config.dadada.inputs; -in -{ - imports = [ - ./upgrade-pg-cluster.nix - ]; - - boot.tmp.useTmpfs = lib.mkDefault true; - boot.tmp.tmpfsSize = lib.mkDefault "50%"; - - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - console = mkDefault { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - i18n.supportedLocales = mkDefault [ - "C.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - "de_DE.UTF-8/UTF-8" - ]; - - time.timeZone = mkDefault "Europe/Berlin"; - - nix.package = pkgs.lix; - - nix.settings.substituters = [ "https://cache.nixos.org/" ]; - - nix.settings.trusted-public-keys = [ - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" - ]; - - nix.settings.require-sigs = true; - - nix.settings.auto-optimise-store = true; - - nix.gc = { - automatic = true; - dates = "daily"; - options = "--delete-older-than 3d"; - }; - - nix.extraOptions = '' - experimental-features = nix-command flakes - ''; - - networking.networkmanager.dns = mkDefault "systemd-resolved"; - - networking.hosts = { - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" = [ "backup1.dadada.li" ]; - }; - - services.resolved = { - enable = mkDefault true; - fallbackDns = [ - "9.9.9.9#dns.quad9.net" - "2620:fe::fe:11#dns11.quad9.net" - ]; - }; - - programs.zsh.enable = mkDefault true; - - # Avoid some bots - services.openssh.ports = [ 2222 ]; -} diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix deleted file mode 100644 index 1ddbb1e..0000000 --- a/nixos/modules/profiles/cloud.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, ... }: -let - secretsPath = config.dadada.secrets.path; - initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; -in -{ - imports = [ - ./server.nix - ]; - - boot.initrd.availableKernelModules = [ "virtio-pci" ]; - - boot.kernelParams = [ - # Wait forever for the filesystem root to show up - "rootflags=x-systemd.device-timeout=0" - - # Wait forever to enter the LUKS passphrase via SSH - "rd.luks.options=timeout=0" - ]; - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = 2223; - hostKeys = [ - config.age.secrets."${initrdHostKey}".path - ]; - authorizedKeys = - with lib; - concatLists ( - mapAttrsToList ( - name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] - ) config.users.users - ); - }; - postCommands = '' - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - - assertions = lib.singleton { - assertion = - (config.boot.initrd.network.ssh.hostKeys != [ ]) - -> config.boot.loader.supportsInitrdSecrets == true; - message = "Refusing to store private keys in store"; - }; - - age.secrets."${initrdHostKey}" = { - file = "${secretsPath}/initrd-${initrdHostKey}.age"; - mode = "600"; - path = "/etc/initrd/${initrdHostKey}"; - symlink = false; - }; -} diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix deleted file mode 100644 index a695e8b..0000000 --- a/nixos/modules/profiles/home.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ pkgs, inputs, ... }: -{ - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules; - home-manager.users.dadada = inputs.self.hmConfigurations.dadada; -} diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix deleted file mode 100644 index 7089f4e..0000000 --- a/nixos/modules/profiles/laptop.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - ... -}: -let - inputs = config.dadada.inputs; -in -with lib; -{ - imports = [ - ./backup.nix - ./base.nix - ]; - - networking.domain = mkDefault "dadada.li"; - - services.fwupd.enable = mkDefault true; - programs.ssh.enableAskPassword = true; - programs.nix-ld.enable = true; - - nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs; - nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs); - nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; - - age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - - users.mutableUsers = true; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = mkDefault true; - boot.loader.efi.canTouchEfiVariables = mkDefault true; - - services.fstrim.enable = mkDefault true; - - services.avahi.enable = mkDefault true; - - networking.networkmanager.enable = mkDefault true; - networking.firewall.enable = mkDefault true; - - xdg.mime.enable = mkDefault true; - - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - services.pulseaudio.enable = false; - security.sudo.wheelNeedsPassword = true; -} diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix deleted file mode 100644 index 724655f..0000000 --- a/nixos/modules/profiles/server.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -{ - imports = [ - ./backup.nix - ./base.nix - ]; - - networking.domain = mkDefault "dadada.li"; - networking.tempAddresses = "disabled"; - - dadada.admin.enable = true; - documentation.enable = mkDefault false; - documentation.nixos.enable = mkDefault false; - - services.btrfs.autoScrub.enable = mkDefault ( - (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { } - ); - - services.journald.extraConfig = '' - SystemKeepFree = 2G - MaxRetentionSec = 100days - ''; - - system.autoUpgrade = { - enable = true; - flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}"; - allowReboot = mkDefault false; - randomizedDelaySec = "45min"; - }; - - security.acme = { - defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; - }; - -} diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix deleted file mode 100644 index 486bf29..0000000 --- a/nixos/modules/profiles/upgrade-pg-cluster.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -{ - environment.systemPackages = lib.mkIf config.services.postgresql.enable [ - ( - let - # Do not forget to list the extensions you need. - newPostgres = pkgs.postgresql_15.withPackages (pp: [ ]); - in - pkgs.writeScriptBin "upgrade-pg-cluster" '' - set -eux - # XXX it's perhaps advisable to stop all services that depend on postgresql - systemctl stop postgresql - - export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" - - export NEWBIN="${newPostgres}/bin" - - export OLDDATA="${config.services.postgresql.dataDir}" - export OLDBIN="${config.services.postgresql.package}/bin" - - install -d -m 0700 -o postgres -g postgres "$NEWDATA" - cd "$NEWDATA" - sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" - - sudo -u postgres $NEWBIN/pg_upgrade \ - --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ - --old-bindir $OLDBIN --new-bindir $NEWBIN \ - "$@" - '' - ) - ]; -} diff --git a/nixos/modules/secrets.nix b/nixos/modules/secrets.nix deleted file mode 100644 index 5b74f5b..0000000 --- a/nixos/modules/secrets.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, ... }: -{ - options = { - dadada.secrets.path = lib.mkOption { - type = lib.types.path; - description = "Path to encrypted secrets files"; - default = ../../secrets; - }; - }; -} diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix deleted file mode 100644 index ee2298e..0000000 --- a/nixos/modules/vpnServer.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - cfg = config.dadada.vpnServer; - wgPeer = - { name, ... }: - { - options = { - name = mkOption { - internal = true; - default = name; - }; - id = mkOption { - description = "VPN client id"; - default = 0; - type = types.str; - }; - key = mkOption { - description = "VPN client public key"; - default = ""; - type = types.str; - }; - }; - }; -in -{ - options.dadada.vpnServer = { - enable = mkEnableOption "Enable wireguard gateway"; - peers = mkOption { - description = "Set of extensions and public keys of peers"; - type = with types; attrsOf (submodule wgPeer); - default = { }; - }; - }; - config = mkIf cfg.enable { - networking.wireguard = { - enable = true; - interfaces."wg0" = { - allowedIPsAsRoutes = true; - privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = [ "fd42:9c3b:f96d:0201::0/64" ]; - listenPort = 51234; - peers = map (peer: { - allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; - publicKey = peer.key; - }) (attrValues cfg.peers); - postSetup = '' - wg set wg0 fwmark 51234 - ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 - ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0 - ip -6 rule add fwmark 51234 table 2468 - ''; - }; - }; - boot.kernel.sysctl = { - # Enable forwarding for VPN - "net.ipv6.conf.wg0.forwarding" = true; - "net.ipv6.conf.ens3.forwarding" = true; - }; - }; -} diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix deleted file mode 100644 index 47699e1..0000000 --- a/nixos/modules/yubikey.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; -let - yubikey = config.dadada.yubikey; -in -{ - options = { - dadada.yubikey = { - enable = mkEnableOption "Enable Yubikey"; - fido2Credentials = mkOption { - type = with types; listOf str; - description = "FIDO2 credential strings"; - default = [ ]; - }; - luksUuid = mkOption { - type = with types; nullOr str; - description = "Device UUID"; - default = null; - }; - }; - }; - - config = mkIf yubikey.enable { - security.pam = { - # Keys must be placed in $XDG_CONFIG_HOME/Yubico/u2f_keys - services = { - login.u2fAuth = true; - sudo.u2fAuth = true; - }; - u2f = { - control = "sufficient"; - settings.cue = true; - }; - }; - - services.pcscd.enable = true; - - services.udev.packages = [ pkgs.yubikey-personalization ]; - - environment.systemPackages = with pkgs; [ - #fido2luks - #linuxPackages.acpi_call - pam_u2f - pamtester - yubioath-flutter - ]; - }; -} diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix deleted file mode 100644 index d4a7bb9..0000000 --- a/nixos/ninurta/configuration.nix +++ /dev/null @@ -1,455 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -let - hostAliases = [ - "ifrit.dadada.li" - "media.dadada.li" - "backup1.dadada.li" - ]; - secretsPath = config.dadada.secrets.path; - uwuPrivKey = "pruflas-wg0-key"; - wgHydraPrivKey = "pruflas-wg-hydra-key"; - uwuPresharedKey = "pruflas-wg0-preshared-key"; - initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; - softServePort = 23231; -in -{ - imports = [ - ../modules/profiles/server.nix - ./hardware-configuration.nix - ./printing.nix - ./monitoring.nix - ]; - - services.soft-serve = { - enable = true; - settings = { - name = "dadada's repos"; - log_format = "text"; - ssh = { - listen_addr = ":${toString softServePort}"; - public_url = "ssh://soft-serve.dadada.li:${toString softServePort}"; - max_timeout = 30; - idle_timeout = 120; - }; - stats.listen_addr = ":23233"; - initial_admin_keys = config.dadada.admin.users.dadada.keys; - }; - }; - - services.openssh.ports = [ - 22 - 2222 - ]; - - dadada.backupClient.bs.enable = false; - dadada.backupClient.backup1.enable = false; - - dadada.backupClient.backup2 = { - enable = true; - repo = "u355513-sub2@u355513-sub2.your-storagebox.de:/home/backup"; - }; - - networking.hostName = "ninurta"; - networking.domain = "bs.dadada.li"; - - networking.hosts = { - "127.0.0.1" = hostAliases; - "::1" = hostAliases; - }; - - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - assertions = lib.singleton { - assertion = - (config.boot.initrd.network.ssh.hostKeys != [ ]) - -> config.boot.loader.supportsInitrdSecrets == true; - message = "Refusing to store private keys in store"; - }; - - boot.kernelParams = [ - # Use the in-kernel DHCP client (yes that exists) - "ip=dhcp" - - # Wait forever for the filesystem root to show up - "rootflags=x-systemd.device-timeout=0" - - # Wait forever to enter the LUKS passphrase via SSH - "rd.luks.options=timeout=0" - ]; - boot.initrd = { - network = { - enable = true; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 2222; - authorizedKeys = config.dadada.admin.users.dadada.keys; - hostKeys = [ initrdSshKey ]; - }; - }; - systemd = { - enable = true; - network = { - enable = true; - links = { - "10-lan" = { - matchConfig.Name = "e*"; - linkConfig.MACAddressPolicy = "persistent"; - }; - }; - networks = { - "10-lan" = { - matchConfig.Name = "e*"; - networkConfig.DHCP = "ipv4"; - linkConfig.RequiredForOnline = "routable"; - }; - }; - }; - }; - }; - - dadada.borgServer = { - enable = true; - path = "/mnt/storage/backups"; - }; - - services.borgbackup.jobs."backup1.bs.dadada.li" = { - removableDevice = true; - paths = [ - "/var/backup" - "/var/lib" - "/var/www" - "/home" - ]; - exclude = [ - "/home/*/.cache" - "/var/lib/machines" - ]; - repo = "/mnt/storage/backups/${config.networking.hostName}"; - doInit = true; - encryption = { - mode = "repokey"; - passCommand = "cat ${config.age.secrets.ninurta-backup-passphrase.path}"; - }; - compression = "auto,lz4"; - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 2; - monthly = -1; # Keep at least one archive for each month - yearly = -1; # Keep at least one archive for each year - }; - startAt = "daily"; - }; - - age.secrets."ninurta-backup-passphrase" = { - file = "${secretsPath}/ninurta-backup-passphrase.age"; - mode = "400"; - }; - - nix.buildMachines = [ - { - hostName = "localhost"; - system = "x86_64-linux"; - supportedFeatures = [ - "kvm" - "nixos-test" - "big-parallel" - "benchmark" - ]; - maxJobs = 16; - } - ]; - - nix.extraOptions = '' - allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents https://github.com/giterlizzi/dokuwiki-template-bootstrap3 - ''; - - systemd.tmpfiles.rules = [ - "d /mnt/storage/backups/ninurta 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" - "v /var/.snapshots 0755 root root - -" - "v /home/.snapshots 0755 root root - -" - "v /mnt/storage/.snapshots 0755 root root - -" - "v /mnt/storage/backups 0755 root root - -" - ]; - - age.secrets.${uwuPrivKey} = { - file = "${secretsPath}/${uwuPrivKey}.age"; - owner = "systemd-network"; - }; - - age.secrets.${uwuPresharedKey} = { - file = "${secretsPath}/${uwuPresharedKey}.age"; - owner = "systemd-network"; - }; - age.secrets.${wgHydraPrivKey} = { - file = "${secretsPath}/${wgHydraPrivKey}.age"; - owner = "systemd-network"; - }; - - # This does not work, since the key is needed earlier than run-agenix.mount. - # age.secrets.${initrdSshKey} = { - # file = "${secretsPath}/${initrdSshKey}.age"; - # mode = "700"; - # }; - - services.snapper = { - cleanupInterval = "1d"; - snapshotInterval = "daily"; - configs.home = { - SUBVOLUME = "/home"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; - configs.var = { - SUBVOLUME = "/var"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; - configs.storage = { - SUBVOLUME = "/mnt/storage"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_LIMIT_HOURLY = "10"; - TIMELINE_LIMIT_DAILY = "10"; - TIMELINE_LIMIT_WEEKLY = "10"; - TIMELINE_LIMIT_MONTHLY = "10"; - TIMELINE_LIMIT_YEARLY = "10"; - }; - }; - - services.smartd.enable = true; - - systemd.network = { - enable = true; - links = { - "10-lan" = { - matchConfig.Name = "enp*"; - linkConfig.MACAddressPolicy = "persistent"; - }; - }; - networks = { - "10-wlan" = { - matchConfig.Name = "wlan*"; - linkConfig.RequiredForOnline = false; - }; - "10-wlo" = { - matchConfig.Name = "wlo*"; - linkConfig.RequiredForOnline = false; - }; - "10-lan" = { - matchConfig.Name = "enp*"; - bridge = [ "br0" ]; - }; - "30-wg0" = { - matchConfig.Name = "wg0"; - address = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - Destination = "10.3.3.1/24"; - } - { - Destination = "fd42:9c3b:f96d:121::1/64"; - } - ]; - }; - "30-uwu" = { - matchConfig.Name = "uwu"; - address = [ - "10.11.0.39/24" - "fc00:1337:dead:beef::10.11.0.39/128" - ]; - dns = [ "10.11.0.1%uwu#uwu" ]; - domains = [ "uwu" ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = false; - routes = [ - { - Destination = "10.11.0.0/22"; - } - { - Destination = "fc00:1337:dead:beef::10.11.0.0/118"; - } - ]; - }; - "20-br0" = { - matchConfig.Name = "br0"; - networkConfig.DHCP = "ipv4"; - networkConfig.Domains = [ "bs.dadada.li" ]; - networkConfig.VLAN = [ ]; - networkConfig.IPv6PrivacyExtensions = false; - linkConfig.RequiredForOnline = "routable"; - dhcpV4Config = { - UseDomains = true; - UseDNS = true; - UseNTP = true; - }; - ipv6AcceptRAConfig = { - UseDomains = true; - UseDNS = true; - }; - }; - }; - netdevs = { - "20-br0" = { - netdevConfig = { - Kind = "bridge"; - Name = "br0"; - }; - }; - "20-wg0" = { - netdevConfig = { - Kind = "wireguard"; - Name = "wg0"; - }; - wireguardConfig = { - PrivateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; - ListenPort = 51235; - }; - wireguardPeers = [ - { - PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; - PersistentKeepalive = 25; - Endpoint = "surgat.dadada.li:51235"; - } - { - PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; - Endpoint = "192.168.101.1:51235"; - } - ]; - }; - "20-uwu" = { - netdevConfig = { - Kind = "wireguard"; - Name = "uwu"; - }; - wireguardConfig = { - PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; - }; - wireguardPeers = [ - { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ - "10.11.0.0/22" - "fc00:1337:dead:beef::10.11.0.0/118" - "192.168.178.0/23" - ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - } - ]; - }; - }; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 2222 # SSH - ]; - allowedUDPPorts = [ - 51234 # Wireguard - 51235 # Wireguard - ]; - interfaces = { - br0.allowedTCPPorts = [ - 22 # SSH - 80 # munin web - 631 # IPP - ]; - br0.allowedUDPPorts = [ - 631 # IPP - ]; - uwu.allowedTCPPorts = [ - softServePort - ]; - wg0.allowedTCPPorts = [ - 3000 # Hydra - 4949 # munin-node - ]; - }; - }; - - services.resolved.enable = true; - networking.networkmanager.enable = false; - networking.useDHCP = false; - - powerManagement = { - enable = true; - cpuFreqGovernor = "powersave"; - # powertop autotune - powertop.enable = true; - # This generally means no power management for SCSI - scsiLinkPolicy = "med_power_with_dipm"; - # Configure the disks to spin down after 10 min of inactivity. - }; - - services.udev.packages = [ - (pkgs.writeTextFile { - name = "60-hdparm"; - text = '' - ACTION=="add|change", KERNEL=="sd[a-z]", ATTRS{queue/rotational}=="1", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k" - ''; - destination = "/etc/udev/rules.d/60-hdparm.rules"; - }) - ]; - - services.pulseaudio.enable = false; - - environment.systemPackages = with pkgs; [ - smartmontools - hdparm - ]; - - users.users."backup-keepassxc" = { - home = "/mnt/storage/backups/backup-keepassxc"; - isNormalUser = true; - description = "Backup KeepassXC database"; - extraGroups = [ ]; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIirODQlcTJ8e9OcFuMlYlGekrUMtDpD5HhbTmuQ+jDW KeepassXC DB backup " - ]; - }; - - virtualisation.libvirtd.enable = true; - - documentation.enable = true; - documentation.nixos.enable = true; - - system.stateVersion = "23.05"; -} diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix deleted file mode 100644 index cd6b64b..0000000 --- a/nixos/ninurta/hardware-configuration.nix +++ /dev/null @@ -1,117 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ - "igc" - "xhci_pci" - "thunderbolt" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "compress=zstd" ]; - }; - - boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; - - fileSystems."/swap" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=swap" - "noatime" - ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "noatime" - "compress=zstd" - ]; - }; - - fileSystems."/var" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=var" - "compress=zstd" - ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress=zstd" - ]; - }; - - fileSystems."/root" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2E20-49CB"; - fsType = "vfat"; - }; - - swapDevices = [ - { - device = "/swap/swapfile"; - size = 32 * 1024; # 32 GByte - } - ]; - - fileSystems."/mnt/storage" = { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - fileSystems."/mnt/storage/backups" = { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ - "subvol=backups" - "noatime" - ]; - }; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix deleted file mode 100644 index c8bee05..0000000 --- a/nixos/ninurta/monitoring.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: -{ - services.nginx.enable = true; - services.nginx.virtualHosts."ninurta.bs.dadada.li" = { - addSSL = false; - enableACME = false; - root = "/var/www/munin/"; - locations = { - "/" = { - root = "/var/www/munin/"; - }; - }; - }; - services.munin-cron = { - enable = true; - hosts = '' - [${config.networking.hostName}] - address 127.0.0.1 - - [surgat] - address 10.3.3.1 - ''; - }; - services.munin-node.enable = true; -} diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix deleted file mode 100644 index c1d2aa8..0000000 --- a/nixos/ninurta/printing.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ cfg, pkgs, ... }: -{ - hardware = { - printers = { - ensurePrinters = [ - { - name = "Brother_HL-L2300D"; - model = "drv:///brlaser.drv/brl2300d.ppd"; - location = "BS"; - deviceUri = "usb://Brother/HL-L2310D%20series?serial=E78096H3N771439"; - ppdOptions = { - PageSize = "A4"; - Duplex = "DuplexNoTumble"; - }; - } - ]; - }; - }; - - services.avahi = { - enable = true; - nssmdns4 = true; - openFirewall = true; - publish = { - enable = true; - userServices = true; - }; - }; - - services.printing = { - enable = true; - drivers = [ - pkgs.brlaser - pkgs.gutenprint - ]; - # Remove all state at the start of the service - stateless = true; - listenAddresses = [ "192.168.101.29:631" ]; - allowFrom = [ "from 192.168.101.0/24" ]; - browsing = true; - defaultShared = true; - }; -} diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix deleted file mode 100644 index 1c5cc9b..0000000 --- a/nixos/stolas/default.nix +++ /dev/null @@ -1,205 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -{ - - imports = [ - ../modules/profiles/laptop.nix - ./disks.nix - ./paperless.nix - ]; - - boot = { - lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; - }; - kernelModules = [ "kvm-amd" ]; - # Hopefully fixes suspend issues with wifi card - kernelPackages = pkgs.linuxPackages_latest; - kernelParams = [ - "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" - "resume_offset=79859524" - "zswap.enabled=1" - ]; - extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - loader.systemd-boot.enable = lib.mkForce false; - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "thunderbolt" - "usb_storage" - "sd_mod" - ]; - # Ensure that TPM module is loaded - kernelModules = [ "tpm" ]; - }; - }; - - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; - - hardware = { - # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features - bluetooth.enable = true; - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - enableRedistributableFirmware = true; - framework.laptop13.audioEnhancement.enable = true; - graphics = { - enable = true; - extraPackages = with pkgs; [ - vaapiVdpau - libvdpau-va-gl - ]; - }; - }; - - powerManagement = { - enable = true; - cpuFreqGovernor = "schedutil"; - }; - - networking = { - hostName = "stolas"; - firewall = { - enable = true; - allowedTCPPorts = [ - 22000 # Syncthing - ]; - allowedUDPPorts = [ - 21027 # Syncthing - ]; - }; - }; - - nix = { - settings.max-jobs = lib.mkDefault 16; - }; - - dadada = { - admin.enable = true; - backupClient.gs.enable = false; - backupClient.backup1.enable = true; - backupClient.backup2 = { - enable = true; - repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; - }; - }; - - programs = { - adb.enable = true; - firefox = { - enable = true; - package = pkgs.firefox-wayland; - }; - gnupg.agent.enable = true; - ssh.startAgent = true; - wireshark.enable = true; - }; - - services = { - avahi.enable = true; - desktopManager.plasma6.enable = true; - displayManager = { - sddm.enable = true; - sddm.wayland.enable = true; - }; - gnome.gnome-keyring.enable = lib.mkForce false; - smartd.enable = true; - printing = { - enable = true; - browsing = true; - }; - tlp.enable = false; - snapper = { - cleanupInterval = "1d"; - snapshotInterval = "hourly"; - configs = { - home = { - SUBVOLUME = "/home/dadada"; - ALLOW_USERS = [ "dadada" ]; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; - var = { - SUBVOLUME = "/var"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "1800"; - TIMELINE_LIMIT_HOURLY = "5"; - TIMELINE_LIMIT_DAILY = "7"; - TIMELINE_LIMIT_WEEKLY = "0"; - TIMELINE_LIMIT_MONTHLY = "0"; - TIMELINE_LIMIT_YEARLY = "0"; - }; - paperless = { - SUBVOLUME = "/var/lib/paperless"; - TIMELINE_CREATE = true; - TIMELINE_CLEANUP = true; - TIMELINE_MIN_AGE = "3600"; - TIMELINE_LIMIT_HOURLY = "10"; - TIMELINE_LIMIT_DAILY = "10"; - TIMELINE_LIMIT_WEEKLY = "10"; - TIMELINE_LIMIT_MONTHLY = "10"; - TIMELINE_LIMIT_YEARLY = "10"; - }; - }; - }; - }; - - system = { - stateVersion = "25.05"; - }; - - systemd.services = { - modem-manager.enable = lib.mkForce false; - "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; - }; - - systemd.tmpfiles.rules = [ - "v /var/.snapshots 0755 root root - -" - "v /var/paperless/.snapshots 0755 root root - -" - "v /home/dadada/.snapshots 0755 root root - -" - ]; - - virtualisation.libvirtd.enable = true; - - users = { - users = { - dadada = { - initialHashedPassword = "$y$j9T$43qGBeY6hg6AXQmcVkS131$6AeRDOe6XAnmgA/AkJGaSIYTj5dbQLd9vrQ7zSyi5TA"; - isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "libvirtd" - "adbusers" - "kvm" - "video" - "scanner" - "lp" - "docker" - "dialout" - "wireshark" - "paperless" - ]; - }; - }; - }; -} diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix deleted file mode 100644 index eff5680..0000000 --- a/nixos/stolas/disks.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ - disko.devices = { - nodev."/nix/var/nix/builds" = { - fsType = "tmpfs"; - mountOptions = [ - "size=80%" - "defaults" - "mode=755" - ]; - }; - disk = { - main = { - type = "disk"; - device = "/dev/nvme0n1"; - content = { - type = "gpt"; - partitions = { - ESP = { - size = "1G"; - type = "EF00"; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - luks = { - size = "100%"; - content = { - type = "luks"; - name = "crypted"; - settings = { - allowDiscards = true; - crypttabExtraOpts = [ - "tpm2-device=auto" - "tpm2-pin=true" - ]; - }; - #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; - content = { - type = "btrfs"; - extraArgs = [ "-f" ]; - subvolumes = { - "/root" = { - mountpoint = "/"; - mountOptions = [ - "compress=zstd" - "relatime" - ]; - }; - "/home" = { - mountpoint = "/home"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/dadada" = { - mountpoint = "/home/dadada"; - mountOptions = [ - "compress=zstd" - "relatime" - ]; - }; - "/nix" = { - mountpoint = "/nix"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/var" = { - mountpoint = "/var"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/paperless" = { - mountpoint = "/var/lib/paperless"; - mountOptions = [ - "compress=zstd" - "noatime" - ]; - }; - "/swap" = { - mountpoint = "/.swapvol"; - swap.swapfile.size = "128G"; - }; - }; - }; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix deleted file mode 100644 index a5fa69f..0000000 --- a/nixos/stolas/paperless.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ config, ... }: -{ - services.paperless = { - # TODO migrate DB - enable = true; - passwordFile = config.age.secrets.paperless.path; - }; - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; - - age.secrets = { - paperless = { - file = "${config.dadada.secrets.path}/paperless.age"; - mode = "700"; - owner = "paperless"; - }; - }; -} diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix deleted file mode 100644 index 5ddef7f..0000000 --- a/nixos/surgat/configuration.nix +++ /dev/null @@ -1,177 +0,0 @@ -{ - config, - pkgs, - ... -}: -let - hostName = "surgat"; -in -{ - imports = [ - ./hardware-configuration.nix - ../modules/profiles/cloud.nix - ]; - - networking.hostName = hostName; - - services.nginx = { - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - - #logError = "/dev/null"; - appendHttpConfig = '' - access_log off; - ''; - }; - - services.nginx.virtualHosts."hydra.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - - root = "${pkgs.nginx}/html"; - - locations."/" = { - proxyPass = "http://10.3.3.3:3000/"; - extraConfig = '' - proxy_redirect default; - ''; - }; - }; - - dadada.element.enable = true; - dadada.forgejo.enable = true; - dadada.miniflux.enable = true; - dadada.weechat.enable = false; - dadada.homepage.enable = true; - dadada.share.enable = true; - dadada.backupClient = { - backup1.enable = true; - backup2 = { - enable = true; - repo = "u355513-sub3@u355513-sub3.your-storagebox.de:/home/backup"; - }; - }; - - services.postgresqlBackup = { - enable = true; - backupAll = true; - compression = "zstd"; - location = "/var/backup/postgresql"; - }; - - networking.useDHCP = false; - - systemd.network = { - enable = true; - networks = { - "10-wan" = { - matchConfig.Name = "ens3"; - networkConfig.DHCP = "ipv4"; - address = [ - "49.12.3.98/32" - "2a01:4f8:c17:1d70::/64" - ]; - routes = [ - { Gateway = "fe80::1"; } - { - Gateway = "172.31.1.1"; - GatewayOnLink = true; - } - ]; - linkConfig.RequiredForOnline = "routable"; - }; - "10-ninurta" = { - matchConfig.Name = "ninurta"; - address = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; - DHCP = "no"; - networkConfig.IPv6AcceptRA = false; - linkConfig.RequiredForOnline = "no"; - routes = [ - { - Destination = "10.3.3.3/24"; - } - { - Destination = "fd42:9c3b:f96d:121::/64"; - } - { - Destination = "fd42:9c3b:f96d:101::/64"; - } - ]; - }; - }; - netdevs = { - "10-ninurta" = { - netdevConfig = { - Kind = "wireguard"; - Name = "ninurta"; - }; - wireguardConfig = { - PrivateKeyFile = "/var/lib/wireguard/hydra"; - ListenPort = 51235; - }; - wireguardPeers = [ - { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - } - ]; - }; - }; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - 80 - 443 # HTTPS - ]; - allowedUDPPorts = [ - 51234 # Wireguard - 51235 # Wireguard - ]; - interfaces.ninurta.allowedTCPPorts = [ - 4949 # munin-node - ]; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - - boot.kernelParams = [ - "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" - ]; - - services.resolved = { - enable = true; - fallbackDns = [ - "9.9.9.9" - "2620:fe::fe" - ]; - }; - - system.autoUpgrade.allowReboot = false; - - services.postgresql.package = pkgs.postgresql_15; - - services.munin-node = { - enable = true; - extraConfig = '' - host_name surgat - cidr_allow 10.3.3.3/32 - ''; - }; - - system.stateVersion = "23.05"; -} diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix deleted file mode 100644 index 8476779..0000000 --- a/nixos/surgat/hardware-configuration.nix +++ /dev/null @@ -1,40 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "virtio_pci" - "xhci_pci" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11"; - fsType = "ext4"; - }; - - boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093"; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3"; - fsType = "ext2"; - }; - - swapDevices = [ ]; -} diff --git a/outputs.nix b/outputs.nix deleted file mode 100644 index ef7a742..0000000 --- a/outputs.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ - self, - flake-utils, - nixpkgs, - agenix, - devshell, - treefmt-nix, - ... -}@inputs: -(flake-utils.lib.eachDefaultSystem ( - system: - let - pkgs = nixpkgs.legacyPackages.${system}; - treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; - in - { - devShells.default = - let - pkgs = import nixpkgs { - inherit system; - overlays = [ - agenix.overlays.default - devshell.overlays.default - ]; - }; - extraModules = [ "${devshell}/extra/git/hooks.nix" ]; - in - import ./devshell.nix { inherit pkgs extraModules; }; - - checks = { - formatting = treefmtEval.config.build.check self; - }; - - formatter = treefmtEval.config.build.wrapper; - - packages = import ./pkgs { inherit pkgs; } // { - installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage; - }; - } -)) -// { - hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; - hmConfigurations = { - dadada = import ./home; - }; - nixosConfigurations = import ./nixos/configurations.nix inputs; - nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; -} diff --git a/overlay.nix b/overlay.nix new file mode 100644 index 0000000..4be40f3 --- /dev/null +++ b/overlay.nix @@ -0,0 +1,11 @@ +self: super: + +let + isReserved = n: n == "lib" || n == "overlays" || n == "modules"; + nameValuePair = n: v: { name = n; value = v; }; + attrs = import ./default.nix { pkgs = super; }; +in + builtins.listToAttrs + (map (n: nameValuePair n attrs.${n}) + (builtins.filter (n: !isReserved n) + (builtins.attrNames attrs))) diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..a49268e --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,9 @@ +{ + tubslatex = import ./tubslatex.nix; + dadadaKeys = self: super: { + dadadaKeys = super.callPackage ../pkgs/keys { }; + }; + homePage = self: super: { + homePage = super.callPackage ../pkgs/homePage { }; + }; +} diff --git a/overlays/tubslatex.nix b/overlays/tubslatex.nix new file mode 100644 index 0000000..121fecc --- /dev/null +++ b/overlays/tubslatex.nix @@ -0,0 +1,25 @@ +self: super: +{ + # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 + tubslatex = super.lib.overrideDerivation (super.texlive.combine { + inherit (super.texlive) scheme-full; + tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex {}) ]; + }) (oldAttrs: { + postBuild = '' + # Save the udpmap.cfg because texlive.combine removes it. + cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 + '' + oldAttrs.postBuild + '' + # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it + rm $out/share/texmf/web2c/updmap.cfg || true + cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg + rm $out/share/texmf/web2c/updmap.cfg.1 + perl `type -P mktexlsr.pl` $out/share/texmf + yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true + perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map + # Regenerate .map files. + perl `type -P updmap.pl` --sys + ''; + }); + +} + diff --git a/pkgs/citizen-cups.nix b/pkgs/citizen-cups.nix deleted file mode 100644 index 9a63bdd..0000000 --- a/pkgs/citizen-cups.nix +++ /dev/null @@ -1,70 +0,0 @@ -{ - cups, - fetchzip, - lib, - stdenv, - rpm, -}: - -let - version = "1.2.8"; -in -stdenv.mkDerivation { - inherit version; - name = "citizen-cups"; - pname = "citizen-cups"; - - src = fetchzip { - url = "https://www.citizen-systems.com/resource/support/POS/Generic_Printer_Files/CUPS_Linux_Driver/CUPS_Linux_Driver.zip"; - hash = "sha256-2ha24/7oS/rINKmYxyVryX66kkc6niCChxhw/2KOPSw="; - }; - - nativeBuildInputs = [ - rpm - ]; - - buildInputs = [ - cups - ]; - - postUnpack = '' - pushd source - ls -la - rpm2archive ctzpos-cups-1.2.8-0.src.rpm - tar xvf ctzpos-cups-1.2.8-0.src.rpm.tgz - tar xvf ctzpos-cups-1.2.8.tar.bz2 - popd - ''; - - buildPhase = '' - runHook preBuild - pushd "ctzpos-cups-${version}"; - gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocbm1k rastertocbm1k.c -lcupsimage -lcups - gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocds500 rastertocds500.c -lcupsimage -lcups - gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocts2kl rastertocts2kl.c -lcupsimage -lcups - popd - runHook postBuild - ''; - - installPhase = '' - runHook preInstall - - mkdir -p $out/lib/cups/filter - install -D -m 755 ./ctzpos-cups-${version}/rastertocbm1k $out/lib/cups/filter/rastertocbm1k - install -D -m 755 ./ctzpos-cups-${version}/rastertocds500 $out/lib/cups/filter/rastertocds500 - install -D -m 755 ./ctzpos-cups-${version}/rastertocts2kl $out/lib/cups/filter/rastertocts2kl - - mkdir -p $out/share/cups/model/citizen - install -D -m 644 ./ctzpos-cups-${version}/*.ppd $out/share/cups/model/citizen - - runHook postInstall - ''; - - meta = with lib; { - description = "Citizen CUPS drivers and filters"; - homepage = "https://www.citizen-systems.com"; - #license = licenses.unfreeRedistributable; - maintainers = with maintainers; [ dadada ]; - platforms = platforms.linux; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix deleted file mode 100644 index 9f52a8a..0000000 --- a/pkgs/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs }: -{ - citizen-cups = pkgs.callPackage ./citizen-cups.nix { }; -} diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix new file mode 100644 index 0000000..1de8811 --- /dev/null +++ b/pkgs/homePage/default.nix @@ -0,0 +1,19 @@ +{ stdenv, pandoc, fetchFromGitHub }: +stdenv.mkDerivation rec { + src = fetchFromGitHub { + owner = "dadada"; + repo = "dadada.li"; + rev = "9aba585da873cd40808616f76b4bf40c1d12d3f5"; + sha256 = "0k74kkrvbkxi129ch6yqr1gfmlxpb4661gh9hqhx8w6babsw2zg5"; + }; + nativeBuildInputs = [ pandoc ]; + buildPhase = '' + ./build.sh + ''; + installPhase = '' + mkdir -p $out + cp -r src/* $out/ + ''; + name = "dadada.li"; + version = "0.1"; +} diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix new file mode 100644 index 0000000..85dc382 --- /dev/null +++ b/pkgs/keys/default.nix @@ -0,0 +1,22 @@ +{ stdenv }: + +stdenv.mkDerivation rec { + name = "dadadaKeys"; + version = "1"; + + src = ./keys; + + buildPhase = ""; + + installPhase = '' + mkdir $out + cp * $out + ''; + + meta = with stdenv.lib; { + description = "Public keys for my infrastructure"; + license = licenses.publicDomain; + platforms = platforms.all; + maintainers = [ "dadada" ]; + }; +} diff --git a/pkgs/keys/keys/dadada.pub b/pkgs/keys/keys/dadada.pub new file mode 100644 index 0000000..6dfc30f --- /dev/null +++ b/pkgs/keys/keys/dadada.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix new file mode 100644 index 0000000..acb8fc2 --- /dev/null +++ b/pkgs/tubslatex/default.nix @@ -0,0 +1,14 @@ +{ stdenv, fetchzip, unzip }: +stdenv.mkDerivation rec { + src = ./tubslatex_1.3.2.tds.zip; + sourceRoot = "."; + nativeBuildInputs = [ unzip ]; + buildInputs = [ unzip ]; + installPhase = '' + mkdir -p $out + cp -r * $out/ + ''; + pname = "tubslatex"; + name = pname; + tlType = "run"; +} diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix new file mode 100644 index 0000000..13f293e --- /dev/null +++ b/pkgs/vimPlugins/default.nix @@ -0,0 +1,20 @@ +{ pkgs, lib, fetchFromGitHub, ... }: +with lib; +{ + filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { + pname = "dadadaVimFiletype"; + version = "2010-11-06"; + src = ./filetype; + }; + + spacemacsTheme = pkgs.vimUtils.buildVimPluginFrom2Nix { + pname = "spacemacs-theme"; + version = "2.0.1"; + src = pkgs.fetchFromGitHub { + owner = "colepeters"; + repo = "spacemacs-theme.vim"; + rev = "056bba9bd05a2c97c63c28216a1c232cfb91529e"; + sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz"; + }; + }; +} diff --git a/pkgs/vimPlugins/filetype/ftplugin/cpp.vim b/pkgs/vimPlugins/filetype/ftplugin/cpp.vim new file mode 100644 index 0000000..7cdc5a6 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/cpp.vim @@ -0,0 +1,11 @@ +let b:ale_fixers = ['clang-format', 'remove_trailing_lines', 'trim_whitespace'] +let b:ale_linters = ['clangd'] + +"setlocal tabstop=8 expandtab shiftwidth=2 smarttab +" GNU Coding Standards +setlocal cindent +setlocal cinoptions=>4,n-2,{2,^-2,:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1 +setlocal shiftwidth=2 +setlocal softtabstop=2 +setlocal textwidth=79 +setlocal fo-=ro fo+=cql diff --git a/pkgs/vimPlugins/filetype/ftplugin/css.vim b/pkgs/vimPlugins/filetype/ftplugin/css.vim new file mode 100644 index 0000000..51f2b56 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/css.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/fish.vim b/pkgs/vimPlugins/filetype/ftplugin/fish.vim new file mode 100644 index 0000000..b1a5c53 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/fish.vim @@ -0,0 +1,2 @@ +" Set up :make to use fish for syntax checking. +compiler fish diff --git a/pkgs/vimPlugins/filetype/ftplugin/foo.kt b/pkgs/vimPlugins/filetype/ftplugin/foo.kt new file mode 100644 index 0000000..892968c --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/foo.kt @@ -0,0 +1,3 @@ +class Foo { + fun +} diff --git a/pkgs/vimPlugins/filetype/ftplugin/html.vim b/pkgs/vimPlugins/filetype/ftplugin/html.vim new file mode 100644 index 0000000..51f2b56 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/html.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/javascript.vim b/pkgs/vimPlugins/filetype/ftplugin/javascript.vim new file mode 100644 index 0000000..00196be --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/javascript.vim @@ -0,0 +1,5 @@ +let b:ale_fixers = ['prettier', 'eslint'] + +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim b/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim new file mode 100644 index 0000000..62f7206 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim @@ -0,0 +1,5 @@ +setlocal expandtab +setlocal shiftwidth=4 +setlocal softtabstop=4 +let g:ale_kotlin_languageserver_executable = "/home/tim/src/kotlin-language-server/server/build/install/server/bin/kotlin-language-server" + diff --git a/pkgs/vimPlugins/filetype/ftplugin/ledger.vim b/pkgs/vimPlugins/filetype/ftplugin/ledger.vim new file mode 100644 index 0000000..765e06c --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/ledger.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=4 +setlocal softtabstop=4 diff --git a/pkgs/vimPlugins/filetype/ftplugin/markdown.md b/pkgs/vimPlugins/filetype/ftplugin/markdown.md new file mode 100644 index 0000000..0c79590 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/markdown.md @@ -0,0 +1,2 @@ +let b:ale_linters = {'markdown': ['languagetool']} +let b:ale_fixers = {'markdown': ['languagetool']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/nix.vim b/pkgs/vimPlugins/filetype/ftplugin/nix.vim new file mode 100644 index 0000000..51f2b56 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/nix.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/python.vim b/pkgs/vimPlugins/filetype/ftplugin/python.vim new file mode 100644 index 0000000..52a8bc2 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/python.vim @@ -0,0 +1,4 @@ +" Check Python files with flake8 and pylint. +let b:ale_linters = ['flake8', 'pylint'] +" Fix Python files with autopep8 and yapf. +let b:ale_fixers = ['autopep8', 'yapf', 'add_blank_lines_for_python_control_statements', 'autopep8', 'remove_trailing_lines', 'reorder-python-imports', 'trim_whitespace'] diff --git a/pkgs/vimPlugins/filetype/ftplugin/rust.vim b/pkgs/vimPlugins/filetype/ftplugin/rust.vim new file mode 100644 index 0000000..3a4bd48 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/rust.vim @@ -0,0 +1,2 @@ +let b:ale_linters = {'rust': ['rustc', 'rls', 'rust-analyzer']} +let b:ale_fixers = {'rust': ['rustfmt']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/scss.vim b/pkgs/vimPlugins/filetype/ftplugin/scss.vim new file mode 100644 index 0000000..51f2b56 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/scss.vim @@ -0,0 +1,3 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/typescript.vim b/pkgs/vimPlugins/filetype/ftplugin/typescript.vim new file mode 100644 index 0000000..8312237 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/typescript.vim @@ -0,0 +1,5 @@ +let b:ale_fixers = ['prettier', 'eslint', 'tsserver'] + +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/yaml.vim b/pkgs/vimPlugins/filetype/ftplugin/yaml.vim new file mode 100644 index 0000000..51521e2 --- /dev/null +++ b/pkgs/vimPlugins/filetype/ftplugin/yaml.vim @@ -0,0 +1,4 @@ +setlocal expandtab +setlocal shiftwidth=2 +setlocal softtabstop=2 + diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age deleted file mode 100644 index d710a45..0000000 --- a/secrets/agares-backup-passphrase.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 L7f05w Sof4o2JYLqx59paPpBJWFek1IwCHb4VhuOcPpBkut20 -QNsXS0H2z5NCnKcDuxDVvY+AnTV27/Ijeo/kd12nkoQ --> ssh-ed25519 Otklkw WZt99A5jBrb7MNqzpCuGiJ8wJ/NxZrJE5Q02hvcVEVo -yYlAifPMGC01CGpke5ABasi/sJ8O4r3+5SyoVpbpmM4 ---- vIe/LRs2QxPpZJUrdOFuTBNanHcMyzh7iAFRalWd2dU -+]GHuUʈQ&3'Eg܃Z‘\~e) 1׻ya \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age deleted file mode 100644 index 32c7885..0000000 Binary files a/secrets/agares-backup-ssh-key.age and /dev/null differ diff --git a/secrets/agares-wg0-key.age b/secrets/agares-wg0-key.age deleted file mode 100644 index 5e12fbe..0000000 --- a/secrets/agares-wg0-key.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 L7f05w Nj0zjzK+5vf4YfUxLPNcBBY4ZC57tH9+rEVCv/ycNWo -5Sk99vaYclDFwTnVKB6IOcTVYJ3SGTuLVJxyjb1W4tM --> ssh-ed25519 Otklkw ogKGpgcz0Gekw7p4LnmIKU2CEdhlkjypRGVZmFda8TI -nkOU/yc7F5BCBRakevYDXyD8akGqYwD67C+9VDxUgyE ---- zuz8UjdxI+CbMr33Z4P5ga1UoRe+oDXzVWgFUhUH1qE -b#sPDF%|Ul e9f_UZ5oeeK}M`aM!5R@j}~3ZҾ͒\ \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age deleted file mode 100644 index e749a1b..0000000 --- a/secrets/ddns-credentials.age +++ /dev/null @@ -1,11 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 L7f05w FvYel4vJLlCA/BLb8z4Q6tAbquepLo9+jr/To2JwIC4 -4Ll4IvTCNyyawY9mOceOVH/yV2rCTlc5gz9vRRwxerI --> ssh-ed25519 J6ROvw 3YjYM7IwiFQGRDEh6BEo2OmeKQ8iABX28sgka4XomVg -RmdQdO6hBhEEzxNhtDCDqn6e4TxniZQOk1jgrBXTCpo --> ssh-ed25519 Otklkw eii6X4khCNyI9XEy2/zK6RfnCBjm6QYv7kmsMzvUVlY -V+btfmK+sa8lObD66LEz6fyAzhcFF012cLkamd9I4tg ---- o94E2RVIyPbMOU3OX1hu1Mf86q1w+wtGRLT3W0Y0j9Q -;Zjж( -~wպw IY#ju.dIQ]L+ -Qg# \ No newline at end of file diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age deleted file mode 100644 index ff3e453..0000000 Binary files a/secrets/etc-ppp-chap-secrets.age and /dev/null differ diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age deleted file mode 100644 index ece12f8..0000000 Binary files a/secrets/etc-ppp-telekom-secret.age and /dev/null differ diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age deleted file mode 100644 index 416b011..0000000 --- a/secrets/gorgon-backup-passphrase-gs.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 0aOabg wLeN7m0IGDOkAtt3eQ1qD7s/MN6kNMj/B/Vo0ZKODT0 -wUILw/rYBfI4xCIvD2iVfMZJfC6iIGUZP1d0Yj7Jwx8 --> ssh-ed25519 Otklkw vhgSZhgLgCxXKg0pQP1S7WNLFf+cNwRjg/uMfEke9Xs -UDtI6mb/qTefqyrxXRAkjWQ7z4PQbJ1jYwgz7uZ4m1A ---- zkn75uvrvwWdvK0YYcc1NTbyTrKf387tWkgTUqmxyYE -h WK vy^q(<Hd$ \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age deleted file mode 100644 index 68cc452..0000000 Binary files a/secrets/gorgon-backup-passphrase.age and /dev/null differ diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age deleted file mode 100644 index 0a00855..0000000 Binary files a/secrets/gorgon-backup-ssh-key.age and /dev/null differ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age deleted file mode 100644 index ef32814..0000000 Binary files a/secrets/hydra-github-authorization.age and /dev/null differ diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age deleted file mode 100644 index b4e55eb..0000000 --- a/secrets/ifrit-backup-passphrase.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 yMjj5g pE3otZ4+5k1GxhoU7FocCMvcHZ9PFzTRqRYiVXXq/H4 -aKCBiwVwbfetSTRaTJ31iTRsvNnbm2JYFQnqTOgCyOA --> ssh-ed25519 Otklkw jn4ZUyWFIeAt+XpxmlqckovK4/jit6SR+Xaouv7gfTU -8yJLyWHk1m9KInOWozqRWXi3kiirgQ7c/ONOwgHk/Z8 ---- 8TS+ZFZfHvgcgOYBE3nzSxbCCmCOtqPWyldlegSu6QU -:{ 4~NtXRl =>$8DQ @G1FAOtΫ \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age deleted file mode 100644 index 9d2879c..0000000 Binary files a/secrets/ifrit-backup-ssh-key.age and /dev/null differ diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age deleted file mode 100644 index 36c4b0c..0000000 Binary files a/secrets/initrd-surgat-ssh_host_ed25519_key.age and /dev/null differ diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age deleted file mode 100644 index 9745c07..0000000 --- a/secrets/miniflux-admin-credentials.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 jUOjpw 6ThewcuTvg2mn/jC1eqR0KFDXdN8G3JIUBLLiBabkFI -lstfGPvJgaUOp0jriP2nsi4IvgwRjs8dnRye7+ihD/Q --> ssh-ed25519 Otklkw N0ozjfxbOBq7EIvxP4TRa2XyMQ8fINCiHjK0MFq2X0w -tEeua88G2aN6REaUN6xTlkRLy0GFgNfj7v0VXhqddc4 ---- N9V7UfSDvrOAeOr3MRXiCwIu8JJt3NSL3FrGyPapLrM -E"K?>VÄbXdg!ѹ) B f\=[2LxwXH*l9w \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age deleted file mode 100644 index 6b89f13..0000000 Binary files a/secrets/ninurta-backup-passphrase.age and /dev/null differ diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age deleted file mode 100644 index 0eb3e9c..0000000 Binary files a/secrets/ninurta-backup-ssh-key.age and /dev/null differ diff --git a/secrets/ninurta-initrd-ssh-key.age b/secrets/ninurta-initrd-ssh-key.age deleted file mode 100644 index bdb981f..0000000 Binary files a/secrets/ninurta-initrd-ssh-key.age and /dev/null differ diff --git a/secrets/paperless.age b/secrets/paperless.age deleted file mode 100644 index 318a9f9..0000000 --- a/secrets/paperless.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 WJCMDA NDB+Z1hpwH3PWjViCbrRdrt0WCFnsYDBVd1rADCQy2I -p/QYmC6ZwwlyCNrVhUw1vUNfnNGiw8B/rsqP9EMGJ5E --> ssh-ed25519 Otklkw yLMSfitfbXO8qRqaJwKxx68R0AJHsTre0XlN2huudWY -JYogGtU0LLPcJpN9oWmAQE0Kyk2yhNmxrVgh0JMFphE ---- pGx08jh8YJCDeEvi7iZa6pXrlwg8otUTkxv0T5gwLcM -˲'t2͟E/ؿ6@ -DfiVGO_a\{}_~:>GN@K| \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age deleted file mode 100644 index 7315527..0000000 --- a/secrets/pruflas-backup-passphrase.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IXCPDQ fXDb8H8lwLZQYQzGScIiEKdfxYE4HMNvwxfyu+3Taj8 -pt5awmlOg/pA/8rwk9hKge1USnkw/GS6hzmZSIeVSM8 --> ssh-ed25519 Otklkw JqPKMYsXuekb7XNBhcJpdoJq2OkbwGagSuJBh/bQ31g -SyJKqO6H2acurdbfZBPOeCE4TN0S4Byda69MoL8IO0g ---- uw6PTa5f53Bum1C3isESEeDfpqFgdc9L/6P4ayVInZ0 -ޡQ4,lLuK *Vs>GxfhmXJGe_  \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age deleted file mode 100644 index 57e57c8..0000000 --- a/secrets/pruflas-backup-ssh-key.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 IXCPDQ Z+ExSQC/qi/vfcJQ08CXlSqALi7goOm6orst1l+uL0U -6ugXvL0e+vQeRxgHRWwqJBaTYZ2iJnVwKVsx3ye8FBA --> ssh-ed25519 Otklkw UqgQ/IgcAJtZmqtHS2IziL1cRHh4q+uffI4Mx1Qkqw4 -u8jrPucegyOAkZ/guLDNoeTsM2/sQ8nq+HY0s37gIVw ---- os1Cok8Srxkz4pQCel37eE4NIRB+fBEF6+L8f27IAbI -採 & 3!w8[|>,B9UxAk}V+$·3Wnlɾ {- #I[b0,[p\{*YӈqzɱP)Vy͍onY}zu.YyaW7ͯ딨BvCNBcIɸ$Ēn{fr?I7HPj;J4E.̮c]aM22 ->leo]MKċfo̤"~UyS]m%0 IH> wXUԏ$geD[,ِwS+\x4=lE*#_"NpX5oz$ 0ܿRSjq۷t{u`E.66[FwyNCPH&E ; \ No newline at end of file diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age deleted file mode 100644 index 7c1333d..0000000 --- a/secrets/pruflas-wg-hydra-key.age +++ /dev/null @@ -1,8 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 J6ROvw xzey0OqH2HSPLdz9sUHX2d9Xb3j/xnvuz0ekjE5MGh8 -cvfzziAX7cVSJAwRr0Avxeaa5ogXhMxz4c6EcpyIrMM --> ssh-ed25519 Otklkw qlfHwO86ojlvmdfLHtuZwvpIDCxAFgnOQ4tvsz7VTiI -3eVexGX09ALqANLrZm/3WvzZTIhEs/hWLpvYR5oQFYE ---- /+Xv0iaeal+E0g5+Fphqw260kmzHE/BEWA9UWZqkxpM -Q$ -'HQ6E%&҉>0e[Gbg5@oy~ V`yFu~< \ No newline at end of file diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age deleted file mode 100644 index 1312de7..0000000 --- a/secrets/pruflas-wg0-key.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 J6ROvw jC7rwmoizfZqenUwlrMlLRyN9yQnog2X3KIJ2GgRZB8 -yGoiZTNfrPm6+fb1BcZGH6Lzm8Pj4aeyjWtLNYbGSFg --> ssh-ed25519 Otklkw a2/N7JOiOY/orGyCogBIj48EjTltThv7AAHuMHK7Xzo -PTP9vaEpFf7PXoRobHJgAkNVBh+u3+7rUMKiMj+fadQ ---- KR51LRGHd6jWP4rUWvQqXskwEGfxb0tSCNKtnFT255A -Gw)HkG F&e[{RGh"L{\{H~{.uWMaZ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age deleted file mode 100644 index 94f9a88..0000000 Binary files a/secrets/pruflas-wg0-preshared-key.age and /dev/null differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix deleted file mode 100644 index 50dd263..0000000 --- a/secrets/secrets.nix +++ /dev/null @@ -1,83 +0,0 @@ -let - dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) "; - systems = { - gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; - ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; - ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; - pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; - surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; - stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObI38cB8gTDXmDb5GcK4pLm5xM+nnvGeSfEpB4lVEwE root@stolas"; - }; - backupSecrets = hostName: { - "${hostName}-backup-passphrase.age".publicKeys = [ - systems.${hostName} - dadada - ]; - "${hostName}-backup-ssh-key.age".publicKeys = [ - systems.${hostName} - dadada - ]; - }; -in -{ - "pruflas-wg0-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "pruflas-wg0-preshared-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "pruflas-wg-hydra-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "hydra-github-authorization.age".publicKeys = [ - systems.ninurta - dadada - ]; - "miniflux-admin-credentials.age".publicKeys = [ - systems.surgat - dadada - ]; - "gorgon-backup-passphrase-gs.age".publicKeys = [ - systems.gorgon - dadada - ]; - "paperless.age".publicKeys = [ - #systems.gorgon - systems.stolas - dadada - ]; - "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ - systems.surgat - dadada - ]; - "surgat-ssh_host_ed25519_key.age".publicKeys = [ - systems.surgat - dadada - ]; - "ninurta-initrd-ssh-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "ddns-credentials.age".publicKeys = [ - systems.ninurta - dadada - ]; - "etc-ppp-chap-secrets.age".publicKeys = [ - dadada - ]; - "etc-ppp-telekom-secret.age".publicKeys = [ - dadada - ]; - "wg-privkey-vpn-dadada-li.age".publicKeys = [ - dadada - ]; -} -// backupSecrets "ninurta" -// backupSecrets "gorgon" -// backupSecrets "ifrit" -// backupSecrets "pruflas" -// backupSecrets "surgat" -// backupSecrets "stolas" diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age deleted file mode 100644 index 4b4a687..0000000 Binary files a/secrets/stolas-backup-passphrase.age and /dev/null differ diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age deleted file mode 100644 index 0a06547..0000000 Binary files a/secrets/stolas-backup-ssh-key.age and /dev/null differ diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age deleted file mode 100644 index b3a0a80..0000000 --- a/secrets/surgat-backup-passphrase.age +++ /dev/null @@ -1,7 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 jUOjpw FXHC9VzSKIkbJ9JVge5vsGHiGtxBnxB7Nvqqi4OsRHA -1zhd0kCd37fXmWtq9kRx1vQvjTT4i5HsQ9DibyGmNUI --> ssh-ed25519 Otklkw ZKy9Vbf1W1UpejNy8nh+eGss19XLqJuHL6qJuG1KP20 -t5C0Jw//1vK5iiG3+tJK6bu/SBR7StHRDog9ivlfVAI ---- 08Q8bBFnJF2TFV62trgPig/VL3RwKN0dyw4PBgg5LDU -F` 4tۭ ٧o9~}ق)7#a/W\;l2Рl \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age deleted file mode 100644 index 2abfeac..0000000 Binary files a/secrets/surgat-backup-ssh-key.age and /dev/null differ diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age deleted file mode 100644 index 7400a57..0000000 Binary files a/secrets/surgat-ssh_host_ed25519_key.age and /dev/null differ diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age deleted file mode 100644 index 4bd9044..0000000 Binary files a/secrets/wg-privkey-vpn-dadada-li.age and /dev/null differ diff --git a/treefmt.nix b/treefmt.nix deleted file mode 100644 index 75acdfa..0000000 --- a/treefmt.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - projectRootFile = "flake.nix"; - programs.nixfmt.enable = true; - programs.shellcheck.enable = pkgs.hostPlatform.system != "riscv64-linux"; - programs.shfmt.enable = pkgs.hostPlatform.system != "riscv64-linux"; - programs.yamlfmt.enable = true; -}