diff --git a/admins.nix b/admins.nix
index 82f6cef..e5e29ba 100644
--- a/admins.nix
+++ b/admins.nix
@@ -2,7 +2,7 @@
dadada = {
shell = "zsh";
keys = [
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE2JWU+BuWSvoiGFSTDQ9/1SCvfJEnkFQsFLYPNlY6wcAAAABHNzaDo= dadada <dadada@dadada.li>"
+ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada <dadada@dadada.li>"
];
};
diff --git a/checks.nix b/checks.nix
index 65d3493..9505c35 100644
--- a/checks.nix
+++ b/checks.nix
@@ -1,20 +1,20 @@
-{ self
-, flake-utils
-, nixpkgs
-, ...
+{
+ self,
+ flake-utils,
+ nixpkgs,
+ ...
}:
-(flake-utils.lib.eachDefaultSystem (system:
+(flake-utils.lib.eachDefaultSystem (
+ system:
let
pkgs = nixpkgs.legacyPackages.${system};
formatter = self.formatter.${system};
in
{
checks = {
- format = pkgs.runCommand
- "check-format"
- {
- buildInputs = [ formatter ];
- }
- "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
+ format = pkgs.runCommand "check-format" {
+ buildInputs = [ formatter ];
+ } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out";
};
- })).checks
+ }
+)).checks
diff --git a/devshell.nix b/devshell.nix
index 27b9799..ebdfb12 100644
--- a/devshell.nix
+++ b/devshell.nix
@@ -8,7 +8,6 @@
agenix
nixpkgs-fmt
nixos-rebuild
- nil
];
commands = [
diff --git a/flake.lock b/flake.lock
index 5b71aea..0aba46f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -6,19 +6,19 @@
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
- ]
+ ],
+ "systems": "systems"
},
"locked": {
- "lastModified": 1703089996,
- "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=",
+ "lastModified": 1747575206,
+ "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d",
+ "rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"type": "github"
},
"original": {
"owner": "ryantm",
- "ref": "0.15.0",
"repo": "agenix",
"type": "github"
}
@@ -31,11 +31,11 @@
]
},
"locked": {
- "lastModified": 1673295039,
- "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+ "lastModified": 1744478979,
+ "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+ "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
@@ -47,17 +47,16 @@
},
"devshell": {
"inputs": {
- "flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
- "lastModified": 1717408969,
- "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=",
+ "lastModified": 1741473158,
+ "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
- "rev": "1ebbe68d57457c8cae98145410b164b5477761f4",
+ "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
@@ -69,11 +68,11 @@
"flake-registry": {
"flake": false,
"locked": {
- "lastModified": 1717415742,
- "narHash": "sha256-HKvoLGZUsBpjkxWkdtctGYj6RH0bl6vcw0OjTOqyzJk=",
+ "lastModified": 1744623129,
+ "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=",
"owner": "NixOS",
"repo": "flake-registry",
- "rev": "895a65f8d5acf848136ee8fe8e8f736f0d27df96",
+ "rev": "1322f33d5836ae757d2e6190239252cf8402acf6",
"type": "github"
},
"original": {
@@ -83,35 +82,17 @@
}
},
"flake-utils": {
- "inputs": {
- "systems": "systems"
- },
- "locked": {
- "lastModified": 1701680307,
- "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
- "type": "github"
- },
- "original": {
- "owner": "numtide",
- "repo": "flake-utils",
- "type": "github"
- }
- },
- "flake-utils_2": {
"inputs": {
"systems": [
"systems"
]
},
"locked": {
- "lastModified": 1710146030,
- "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
+ "lastModified": 1731533236,
+ "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
+ "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -128,11 +109,11 @@
]
},
"locked": {
- "lastModified": 1682203081,
- "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+ "lastModified": 1745494811,
+ "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+ "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github"
},
"original": {
@@ -148,16 +129,15 @@
]
},
"locked": {
- "lastModified": 1718530513,
- "narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
+ "lastModified": 1749358668,
+ "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
+ "rev": "06451df423dd5e555f39857438ffc16c5b765862",
"type": "github"
},
"original": {
"owner": "nix-community",
- "ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
@@ -165,26 +145,24 @@
"homepage": {
"flake": false,
"locked": {
- "lastModified": 1714328013,
- "narHash": "sha256-nA/7hKv8qz2+ru84rXiMa52+gyvyIhLWP9tJB6Q/DLQ=",
- "owner": "dadada",
- "repo": "dadada.li",
- "rev": "b971b5905b38be19b4fa4e7d99a70df0aebfba28",
- "type": "github"
+ "lastModified": 1727338449,
+ "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=",
+ "rev": "60398d3d728a0057b4cad49879ef637c06b28371",
+ "type": "tarball",
+ "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371"
},
"original": {
- "owner": "dadada",
- "repo": "dadada.li",
- "type": "github"
+ "type": "tarball",
+ "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"
}
},
"nixlib": {
"locked": {
- "lastModified": 1719103869,
- "narHash": "sha256-kbTUy+/lfjUrMfV7JkTJwxowsFhi9Tb3BdbiOcIGcsc=",
+ "lastModified": 1736643958,
+ "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
- "rev": "f820613f886cd1aa4bcfd1dbaa6c83c8a3dcd863",
+ "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
@@ -201,11 +179,11 @@
]
},
"locked": {
- "lastModified": 1719450236,
- "narHash": "sha256-fh0l6pLvuTrTBakFMQfK7lwpjvWd5i+CFyVs8TMzPNo=",
+ "lastModified": 1747663185,
+ "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"owner": "nix-community",
"repo": "nixos-generators",
- "rev": "1867f28f87fcf4e817f165003aff967a5280aaab",
+ "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
@@ -216,11 +194,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1719681865,
- "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
+ "lastModified": 1749195551,
+ "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=",
"owner": "NixOS",
"repo": "nixos-hardware",
- "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
+ "rev": "4602f7e1d3f197b3cb540d5accf5669121629628",
"type": "github"
},
"original": {
@@ -232,16 +210,32 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1719426051,
- "narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
+ "lastModified": 1749143949,
+ "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
+ "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
"type": "github"
},
"original": {
"owner": "NixOS",
- "ref": "nixos-24.05",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-small": {
+ "locked": {
+ "lastModified": 1749289455,
+ "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
@@ -251,12 +245,13 @@
"agenix": "agenix",
"devshell": "devshell",
"flake-registry": "flake-registry",
- "flake-utils": "flake-utils_2",
+ "flake-utils": "flake-utils",
"home-manager": "home-manager_2",
"homepage": "homepage",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
+ "nixpkgs-small": "nixpkgs-small",
"systems": "systems_2",
"treefmt-nix": "treefmt-nix"
}
@@ -298,11 +293,11 @@
]
},
"locked": {
- "lastModified": 1719243788,
- "narHash": "sha256-9T9mSY35EZSM1KAwb7K9zwQ78qTlLjosZgtUGnw4rn4=",
+ "lastModified": 1749194973,
+ "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
"owner": "numtide",
"repo": "treefmt-nix",
- "rev": "065a23edceff48f948816b795ea8cc6c0dee7cdf",
+ "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index fb8c468..0cc4b5c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,22 +2,23 @@
description = "dadada's nix flake";
inputs = {
- nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+ nixpkgs-small.url = "github:NixOS/nixpkgs/nixos-unstable-small";
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-utils = {
url = "github:numtide/flake-utils";
inputs.systems.follows = "systems";
};
home-manager = {
- url = "github:nix-community/home-manager/release-24.05";
+ url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
homepage = {
- url = "github:dadada/dadada.li";
+ url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz";
flake = false;
};
agenix = {
- url = "github:ryantm/agenix/0.15.0";
+ url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
devshell = {
@@ -39,5 +40,5 @@
};
};
- outputs = { ... } @ args: import ./outputs.nix args;
+ outputs = { ... }@args: import ./outputs.nix args;
}
diff --git a/home/dconf.nix b/home/dconf.nix
index 4569a88..5238c97 100644
--- a/home/dconf.nix
+++ b/home/dconf.nix
@@ -1,6 +1,11 @@
-{ lib, ... }:
+{ lib, pkgs, ... }:
with lib.hm.gvariant;
{
+ home.packages = [
+ pkgs.adwaita-icon-theme
+ pkgs.adwaita-qt
+ ];
+
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell" = {
favorite-apps = [
@@ -13,7 +18,11 @@ with lib.hm.gvariant;
};
"org/gnome/shell" = {
- disable-user-extensions = true;
+ disable-user-extensions = false;
+ enabled-extensions = [
+ "system-monitor@gnome-shell-extensions.gcampax.github.com"
+ "switcher@landau.fi"
+ ];
};
"org/gnome/desktop/calendar" = {
@@ -24,14 +33,27 @@ with lib.hm.gvariant;
current = mkUint32 0;
per-window = false;
show-all-sources = true;
- sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ];
- xkb-options = [ "lv3:ralt_switch" "caps:escape" ];
+ sources = [
+ (mkTuple [
+ "xkb"
+ "eu"
+ ])
+ (mkTuple [
+ "xkb"
+ "de"
+ ])
+ ];
+ xkb-options = [
+ "lv3:ralt_switch"
+ "caps:escape"
+ ];
};
"org/gnome/desktop/interface" = {
clock-show-date = true;
clock-show-seconds = false;
clock-show-weekday = true;
+ cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = false;
font-antialiasing = "grayscale";
@@ -40,11 +62,12 @@ with lib.hm.gvariant;
gtk-enable-primary-paste = false;
gtk-key-theme = "Emacs";
gtk-theme = "Adwaita";
+ color-scheme = "prefer-light";
icon-theme = "Adwaita";
locate-pointer = false;
monospace-font-name = "JetBrains Mono 10";
show-battery-percentage = false;
- text-scaling-factor = 1.0;
+ #text-scaling-factor = 1.0;
toolkit-accessibility = false;
};
@@ -116,7 +139,10 @@ with lib.hm.gvariant;
composer-attribution-language = "de_DE";
composer-reply-start-bottom = false;
composer-signature-in-new-only = true;
- composer-spell-languages = [ "de" "en_US" ];
+ composer-spell-languages = [
+ "de"
+ "en_US"
+ ];
composer-top-signature = false;
composer-unicode-smileys = false;
composer-visually-wrap-long-lines = true;
@@ -168,11 +194,11 @@ with lib.hm.gvariant;
};
"org/gnome/settings-daemon/plugins/power" = {
- idle-dim = false;
- power-button-action = "hibernate";
+ idle-dim = true;
+ power-button-action = "interactive";
power-saver-profile-on-low-battery = true;
- sleep-inactive-ac-type = "nothing";
- sleep-inactive-battery-timeout = 3600;
+ sleep-inactive-ac-type = "blank";
+ sleep-inactive-battery-timeout = 600;
sleep-inactive-battery-type = "suspend";
};
diff --git a/home/default.nix b/home/default.nix
index 35bd006..a21362c 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -1,6 +1,7 @@
-{ pkgs
-, lib
-, ...
+{
+ pkgs,
+ lib,
+ ...
}:
let
useFeatures = [
@@ -9,7 +10,7 @@ let
"direnv"
"git"
"gpg"
- "gtk"
+ #"gtk"
#"keyring"
"syncthing"
"tmux"
@@ -17,6 +18,26 @@ let
"zsh"
"helix"
];
+ colors = {
+ background = "fdf6e3";
+ foreground = "657b83";
+ regular0 = "eee8d5"; # background darker
+ regular1 = "dc322f"; # red
+ regular2 = "859900"; # green
+ regular3 = "b58900"; # dark orange
+ regular4 = "268bd2"; # azure blue
+ regular5 = "d33682"; # hot pink
+ regular6 = "2aa198"; # petrol
+ regular7 = "073642"; # navy
+ bright0 = "cb4b16"; # orange
+ bright1 = "fdf6e3"; # foreground
+ bright2 = "93a1a1"; # grey
+ bright3 = "839496"; # slightly darker grey
+ bright4 = "657b83"; # even slightly darker grey
+ bright5 = "6c71c4"; # purple
+ bright6 = "586e75"; # pretty dark grey
+ bright7 = "002b36"; # dark navy blue
+ };
in
{
imports = [
@@ -28,7 +49,9 @@ in
programs.gpg.settings.default-key = "99658A3EB5CD7C13";
dadada.home =
- lib.attrsets.genAttrs useFeatures (useFeatures: { enable = true; })
+ lib.attrsets.genAttrs useFeatures (useFeatures: {
+ enable = true;
+ })
// {
session = {
enable = true;
@@ -56,7 +79,9 @@ in
Restart = "always";
};
- Install = { WantedBy = [ "graphical-session.target" ]; };
+ Install = {
+ WantedBy = [ "graphical-session.target" ];
+ };
};
programs.offlineimap.enable = false;
@@ -127,6 +152,288 @@ in
Install.WantedBy = [ "multi-user.target" ];
};
+ programs.foot = {
+ enable = true;
+ server.enable = false;
+ settings = {
+ inherit colors;
+ main = {
+ shell = "tmux";
+ font = "Jetbrains Mono:size=8";
+ dpi-aware = false;
+ };
+ mouse.hide-when-typing = true;
+ csd.preferred = "none";
+ cursor.color = "fdf6e3 586e75";
+ bell = {
+ urgent = true;
+ visual = false;
+ };
+ };
+ };
+
+ home.file.".config/sway/config".text = with colors; ''
+ # Read `man 5 sway` for a complete reference.
+
+ ### Variables
+ #
+ # Logo key. Use Mod1 for Alt.
+ set $mod Mod4
+ # Home row direction keys, like vim
+ set $left h
+ set $down j
+ set $up k
+ set $right l
+ # Your preferred terminal emulator
+ set $term foot
+ # Your preferred application launcher
+ # Note: pass the final command to swaymsg so that the resulting window can be opened
+ # on the original workspace that the command was run on.
+ set $menu fuzzel
+ set $wallpaper "~/lib/pictures/wallpaper.jpg"
+
+ ### Idle configuration
+ #
+ # Example configuration:
+ #
+ exec swayidle -w \
+ timeout 300 'swaylock -f -i $wallpaper -s fill' \
+ timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \
+ before-sleep 'swaylock -f -i $wallpaper -s fill'
+ #
+ # This will lock your screen after 300 seconds of inactivity, then turn off
+ # your displays after another 300 seconds, and turn your screens back on when
+ # resumed. It will also lock your screen before your computer goes to sleep.
+
+ input * {
+ xkb_layout eu
+ xkb_model pc105+inet
+ xkb_options caps:escape
+ drag_lock enabled
+ drag enabled
+ dwt enabled
+ tap enabled
+ tap_button_map lrm
+ natural_scroll enabled
+ }
+
+ ### Key bindings
+ #
+ # Basics:
+ #
+ # Start a terminal
+ bindsym $mod+Return exec $term
+
+ # Kill focused window
+ bindsym $mod+Shift+q kill
+
+ # Start your launcher
+ bindsym $mod+d exec $menu
+
+ # Drag floating windows by holding down $mod and left mouse button.
+ # Resize them with right mouse button + $mod.
+ # Despite the name, also works for non-floating windows.
+ # Change normal to inverse to use left mouse button for resizing and right
+ # mouse button for dragging.
+ floating_modifier $mod normal
+
+ # Lock the screen
+ bindsym XF86Sleep exec 'swaylock -f -c ${background}'
+ bindsym $mod+End exec 'swaylock -f -c ${background}'
+
+ # Reload the configuration file
+ bindsym $mod+Shift+c reload
+
+ # Exit sway (logs you out of your Wayland session)
+ bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
+
+ # Brightness
+ bindsym --locked XF86MonBrightnessDown exec light -U 10
+ bindsym --locked XF86MonBrightnessUp exec light -A 10
+
+ # Volume
+ bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%'
+ bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%'
+ bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle'
+
+ #
+ # Moving around:
+ #
+ # Move your focus around
+ bindsym $mod+$left focus left
+ bindsym $mod+$down focus down
+ bindsym $mod+$up focus up
+ bindsym $mod+$right focus right
+ # Or use $mod+[up|down|left|right]
+ bindsym $mod+Left focus left
+ bindsym $mod+Down focus down
+ bindsym $mod+Up focus up
+ bindsym $mod+Right focus right
+
+ # Move the focused window with the same, but add Shift
+ bindsym $mod+Shift+$left move left
+ bindsym $mod+Shift+$down move down
+ bindsym $mod+Shift+$up move up
+ bindsym $mod+Shift+$right move right
+ # Ditto, with arrow keys
+ bindsym $mod+Shift+Left move left
+ bindsym $mod+Shift+Down move down
+ bindsym $mod+Shift+Up move up
+ bindsym $mod+Shift+Right move right
+
+ #
+ # Workspaces:
+ #
+ # Switch to workspace
+ bindsym $mod+1 workspace number 1
+ bindsym $mod+2 workspace number 2
+ bindsym $mod+3 workspace number 3
+ bindsym $mod+4 workspace number 4
+ bindsym $mod+5 workspace number 5
+ bindsym $mod+6 workspace number 6
+ bindsym $mod+7 workspace number 7
+ bindsym $mod+8 workspace number 8
+ bindsym $mod+9 workspace number 9
+ bindsym $mod+0 workspace number 10
+ # Move focused container to workspace
+ bindsym $mod+Shift+1 move container to workspace number 1
+ bindsym $mod+Shift+2 move container to workspace number 2
+ bindsym $mod+Shift+3 move container to workspace number 3
+ bindsym $mod+Shift+4 move container to workspace number 4
+ bindsym $mod+Shift+5 move container to workspace number 5
+ bindsym $mod+Shift+6 move container to workspace number 6
+ bindsym $mod+Shift+7 move container to workspace number 7
+ bindsym $mod+Shift+8 move container to workspace number 8
+ bindsym $mod+Shift+9 move container to workspace number 9
+ bindsym $mod+Shift+0 move container to workspace number 10
+ # Note: workspaces can have any name you want, not just numbers.
+ # We just use 1-10 as the default.
+
+ #
+ # Layout stuff:
+ #
+ # You can "split" the current object of your focus with
+ # $mod+b or $mod+v, for horizontal and vertical splits
+ # respectively.
+ bindsym $mod+b splith
+ bindsym $mod+v splitv
+
+ # Switch the current container between different layout styles
+ bindsym $mod+s layout stacking
+ bindsym $mod+w layout tabbed
+ bindsym $mod+e layout toggle split
+
+ # Make the current focus fullscreen
+ bindsym $mod+f fullscreen
+
+ # Toggle the current focus between tiling and floating mode
+ bindsym $mod+Shift+space floating toggle
+
+ # Swap focus between the tiling area and the floating area
+ bindsym $mod+space focus mode_toggle
+
+ # Move focus to the parent container
+ bindsym $mod+a focus parent
+
+ #
+ # Font
+ #
+ font "pango:Jetbrains Mono 8"
+
+ #
+ # Scratchpad:
+ #
+ # Sway has a "scratchpad", which is a bag of holding for windows.
+ # You can send windows there and get them back later.
+
+ # Move the currently focused window to the scratchpad
+ bindsym $mod+Shift+minus move scratchpad
+
+ # Show the next scratchpad window or hide the focused scratchpad window.
+ # If there are multiple scratchpad windows, this command cycles through them.
+ bindsym $mod+minus scratchpad show
+
+ #
+ # Resizing containers:
+ #
+ mode "resize" {
+ # left will shrink the containers width
+ # right will grow the containers width
+ # up will shrink the containers height
+ # down will grow the containers height
+ bindsym $left resize shrink width 10px
+ bindsym $down resize grow height 10px
+ bindsym $up resize shrink height 10px
+ bindsym $right resize grow width 10px
+
+ # Ditto, with arrow keys
+ bindsym Left resize shrink width 10px
+ bindsym Down resize grow height 10px
+ bindsym Up resize shrink height 10px
+ bindsym Right resize grow width 10px
+
+ # Return to default mode
+ bindsym Return mode "default"
+ bindsym Escape mode "default"
+ }
+ bindsym $mod+r mode "resize"
+
+ #
+ # Status Bar:
+ #
+ # Read `man 5 sway-bar` for more information about this section.
+ bar {
+ position bottom
+
+ # When the status_command prints a new line to stdout, swaybar updates.
+ # The default just shows the current date and time.
+ status_command ~/.config/sway/status
+
+ colors {
+ statusline ${foreground}
+ background ${background}
+ inactive_workspace ${background}ee ${background}ee ${foreground}ee
+ }
+ }
+
+ # Gaps between multiple tiling windows
+ gaps inner 10
+ smart_gaps on
+
+ bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3
+
+ # class border backgr. text indicator child_border
+ client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4}
+ client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0}
+ client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0}
+ client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0}
+ client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2}
+
+ client.background #${foreground}
+
+ include /etc/sway/config.d/*
+
+ exec sleep 5; systemctl --user restart kanshi.service
+ exec sleep 5; swaymsg output '*' bg $wallpaper fill
+ '';
+ home.file.".config/sway/status".source = ./status;
+ home.file.".config/kanshi/config".text = ''
+ profile Laptop {
+ output eDP-1 enable
+ }
+
+ profile Docked {
+ output eDP-1 disable
+ output "LG Electronics LG HDR 4K 0x000354D1" {
+ enable
+ scale 1.4
+ position 0,0
+ }
+ }
+ '';
+
+ #services.poweralertd.enable = true;
+
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
diff --git a/home/modules.nix b/home/modules.nix
index 0e295c9..0a6c961 100644
--- a/home/modules.nix
+++ b/home/modules.nix
@@ -1,8 +1,13 @@
{ lib, ... }:
-with lib; let
- modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory"))
- (builtins.readDir dir);
- modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}")))
- (modules' dir);
+with lib;
+let
+ modules' =
+ dir:
+ filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir);
+ modules =
+ dir:
+ mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
+ modules' dir
+ );
in
(modules ./modules)
diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix
index 0b84642..da9f503 100644
--- a/home/modules/alacritty/default.nix
+++ b/home/modules/alacritty/default.nix
@@ -1,9 +1,11 @@
-{ pkgs
-, lib
-, config
-, ...
+{
+ pkgs,
+ lib,
+ config,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.alacritty;
in
{
@@ -11,7 +13,6 @@ in
enable = mkEnableOption "Enable alacritty config";
};
config = mkIf cfg.enable {
- fonts.fontconfig.enable = true;
home.packages = [
pkgs.jetbrains-mono
];
diff --git a/home/modules/colors.nix b/home/modules/colors.nix
index 5c197a1..a4dc5c7 100644
--- a/home/modules/colors.nix
+++ b/home/modules/colors.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; {
+with lib;
+{
options.dadada.home.colors = mkOption {
type = types.attrs;
description = "Color scheme";
diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix
index cf36bf1..27a0907 100644
--- a/home/modules/direnv.nix
+++ b/home/modules/direnv.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.direnv;
in
{
diff --git a/home/modules/git.nix b/home/modules/git.nix
index e89e62a..92c4c12 100644
--- a/home/modules/git.nix
+++ b/home/modules/git.nix
@@ -1,14 +1,17 @@
-{ config
-, lib
-, pkgs
-, ...
+{
+ config,
+ lib,
+ pkgs,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.git;
allowedSigners = pkgs.writeTextFile {
name = "allowed-signers";
text = ''
dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>
+ dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon
'';
};
in
@@ -33,7 +36,7 @@ in
user = {
email = "dadada@dadada.li";
name = "Tim Schubert";
- signingKey = "key::sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada <dadada@dadada.li>";
+ signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon";
};
core = {
whitespace = {
diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix
index d1af776..baa17dd 100644
--- a/home/modules/gpg.nix
+++ b/home/modules/gpg.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.gpg;
in
{
diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix
index eb6dae8..5dcd2e6 100644
--- a/home/modules/gtk.nix
+++ b/home/modules/gtk.nix
@@ -1,9 +1,11 @@
-{ config
-, lib
-, pkgs
-, ...
+{
+ config,
+ lib,
+ pkgs,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.gtk;
in
{
diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix
index 2ffdc51..7717423 100644
--- a/home/modules/helix/default.nix
+++ b/home/modules/helix/default.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
let
cfg = config.dadada.home.helix;
in
diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix
index e82d476..48b8b54 100644
--- a/home/modules/keyring.nix
+++ b/home/modules/keyring.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.keyring;
in
{
diff --git a/home/modules/session.nix b/home/modules/session.nix
index 879400d..ba5c941 100644
--- a/home/modules/session.nix
+++ b/home/modules/session.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.session;
in
{
diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix
index 96f4ed3..b8aab54 100644
--- a/home/modules/ssh.nix
+++ b/home/modules/ssh.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.ssh;
in
{
diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix
index fd566b4..8095904 100644
--- a/home/modules/syncthing.nix
+++ b/home/modules/syncthing.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.syncthing;
in
{
diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix
index 70f2974..063b8f2 100644
--- a/home/modules/tmux.nix
+++ b/home/modules/tmux.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.tmux;
in
{
diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix
index b093eca..02cadaf 100644
--- a/home/modules/xdg.nix
+++ b/home/modules/xdg.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
apps = {
"x-scheme-handler/mailto" = "evolution.desktop";
"message/rfc822" = "evolution.desktop";
@@ -29,6 +31,7 @@ in
config = mkIf cfg.enable {
xdg = {
enable = true;
+ configHome = "${config.home.homeDirectory}/.config";
mimeApps = {
enable = false;
associations.added = apps;
@@ -46,7 +49,7 @@ in
home.packages = with pkgs; [
evince
firefox
- xdg_utils
+ xdg-utils
];
};
}
diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix
index 58cef5b..96364ff 100644
--- a/home/modules/zsh.nix
+++ b/home/modules/zsh.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.home.zsh;
in
{
@@ -26,7 +28,9 @@ in
ignoreDups = true;
ignoreSpace = true;
save = 100000;
- share = true;
+ # FIXME https://github.com/junegunn/fzf/issues/4061
+ #share = true;
+ share = false;
};
plugins = [
];
@@ -40,12 +44,10 @@ in
preexec() { echo -n -e "\033]0;$1\007" }
- PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f "
+ PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> "
RPROMPT='$(git_super_status)'
- #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh"
- '';
- profileExtra = ''
'';
+ profileExtra = '''';
shellAliases = {
ga = "git add";
gc = "git commit";
diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix
index 83fcdbc..6a29a63 100644
--- a/home/nixpkgs-config.nix
+++ b/home/nixpkgs-config.nix
@@ -1,4 +1,5 @@
-{ pkgs }: {
+{ pkgs }:
+{
allowUnfree = true;
allowUnfreePredicate = pkg: true;
allowBroken = false;
diff --git a/home/pkgs.nix b/home/pkgs.nix
index 67bf482..8fd23e8 100644
--- a/home/pkgs.nix
+++ b/home/pkgs.nix
@@ -1,5 +1,6 @@
{ pkgs }:
-with pkgs; [
+with pkgs;
+[
anki
aqbanking
aria2
@@ -14,19 +15,21 @@ with pkgs; [
bluez-tools
btop # htop
choose # alternative to cut and awk with more readable syntax
+ chromium
colordiff
darcs
delta # feature-rich diff viewer
dig
direnv
- dstat
duf # disk usage
+ dune3d
dyff # diff tool for YAML
element-desktop
evince
evolution
ffmpeg
file
+ fuzzel
fx # themable json viewer
fzf
fzf
@@ -36,7 +39,6 @@ with pkgs; [
gimp
glow
glow # render markdown
- gnome.gnome-tweaks
gnumake
gnupg
gping # ping with graphs
@@ -61,13 +63,11 @@ with pkgs; [
jameica
jc # convert output to json
josm
- jujutsu
jq
- jq
- #jupyter
- kcachegrind
+ kanshi
keepassxc
kubetail
+ krita
ldns
liboping # oping, ping multiple hosts at once
libreoffice
@@ -80,8 +80,11 @@ with pkgs; [
mpv
mtr
mumble
+ nix-output-monitor
ncurses
newsflash
+ nixd
+ nixfmt-rfc-style
nfs-utils
niv
nix-index
@@ -103,9 +106,11 @@ with pkgs; [
prusa-slicer
pv
pwgen
- python3
+ (python3.withPackages (pkgs: [
+ pkgs.pandas
+ pkgs.requests
+ ]))
ranger
- recipemd
reptyr
ripgrep
ripgrep
@@ -117,6 +122,7 @@ with pkgs; [
skim # fzf in Rust
slurp
socat
+ solvespace
spotify
sqlite
sshfs-fuse
@@ -128,17 +134,17 @@ with pkgs; [
ttyd
unzip
usbutils
+ vegur
virt-manager
viu # view images from the terminal
vscodium
whois
wireshark
- xdg_utils
+ xdg-utils
xmlstarlet
- xsv # cut for csv
unixtools.xxd
xxh # portable shells
- youtube-dl
+ yt-dlp
# zotero Marked as insecure
zeal
zk
diff --git a/home/status b/home/status
new file mode 100755
index 0000000..e24816b
--- /dev/null
+++ b/home/status
@@ -0,0 +1,138 @@
+#!/usr/bin/env python3
+
+import json
+import sys
+import time
+import requests
+import logging
+import subprocess
+
+from datetime import datetime
+
+logger = logging.getLogger(__name__)
+
+
+class Status:
+ def status(self):
+ return None
+
+
+class Cat(Status):
+ index = 0
+
+ def status(self):
+ cat_width = 200
+ index = self.index
+ catwalk = "🐈🏳️🌈" + " " * index
+ self.index = (index + 1) % cat_width
+
+ return {"full_text": catwalk}
+
+
+class Space(Status):
+ backoff = 0
+ c_status = None
+
+ def status(self):
+ backoff = self.backoff
+ if self.backoff == 0:
+ self.update()
+
+ return {"full_text": self.c_status}
+
+ def update(self):
+ spacestatus_url = "https://status.stratum0.org/status.json"
+ resp = requests.get(url=spacestatus_url)
+ self.backoff = (self.backoff + 1) % 120
+ data = resp.json()
+ if data["isOpen"]:
+ since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M")
+ spacestatus = f"Space is open since {since}"
+ else:
+ spacestatus = "Space is closed"
+ self.c_status = spacestatus
+
+
+class Battery(Status):
+ capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r')
+ status_file = open('/sys/class/power_supply/BAT0/status', 'r')
+
+ def status(self):
+ self.status_file.seek(0)
+ status = self.status_file.read().rstrip()
+
+ self.capacity_file.seek(0)
+ capacity = self.capacity_file.read().rstrip()
+
+ battery = f"{status} {capacity}%"
+
+ return {"full_text": battery}
+
+
+class Time(Status):
+ def status(self):
+ now = datetime.now()
+ match now.isocalendar().week % 10:
+ case 1:
+ th = "st"
+ case 2:
+ th = "nd"
+ case 3:
+ th = "rd"
+ case _:
+ th = "th"
+ return {"full_text": now.strftime(f"%V{th} %A %H:%M") }
+
+
+class FailedUnits(Status):
+ def status(self):
+ proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True)
+ stdout = proc.stdout.decode('utf-8')
+ failed = 0
+ for line in stdout:
+ if 'failed' in line:
+ failed += 1
+ if failed == 0:
+ return {"full_text": f"No failed units"}
+ else:
+ return {"full_text": f"There are {failed} failed units", "color": "#ff0000"}
+
+
+def print_header():
+ header = {
+ "version": 1,
+ "click_events": False,
+ }
+ print(json.dumps(header))
+ print("[")
+
+
+def run(interval, widgets):
+ print_header()
+
+ while True:
+ body = []
+
+ for widget in widgets:
+ try:
+ status = widget.status()
+ except Exception as e:
+ logger.error(e)
+ if status:
+ body += status,
+
+ print(json.dumps(body), ",", flush=True)
+
+ ts = interval - (time.time() % interval)
+ time.sleep(ts)
+
+
+if __name__ == "__main__":
+ logging.basicConfig(level=logging.INFO)
+
+ # Interval in seconds
+ interval = 1.0
+
+ widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()]
+
+ run(interval, widgets)
diff --git a/hydra-jobs.nix b/hydra-jobs.nix
index 1d7dde7..3369943 100644
--- a/hydra-jobs.nix
+++ b/hydra-jobs.nix
@@ -1,5 +1,4 @@
{ self, nixpkgs, ... }:
-(nixpkgs.lib.mapAttrs'
- (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel)
- self.nixosConfigurations
-)
+(nixpkgs.lib.mapAttrs' (
+ name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel
+) self.nixosConfigurations)
diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix
index c8ab058..ba00c29 100644
--- a/nixos/agares/configuration.nix
+++ b/nixos/agares/configuration.nix
@@ -1,7 +1,8 @@
-{ config
-, modulesPath
-, pkgs
-, ...
+{
+ config,
+ modulesPath,
+ pkgs,
+ ...
}:
{
imports = [
@@ -30,7 +31,10 @@
fileSystems."/swap" = {
device = "/dev/sda1";
fsType = "btrfs";
- options = [ "subvol=/root/swap" "noatime" ];
+ options = [
+ "subvol=/root/swap"
+ "noatime"
+ ];
};
#swapDevices = [{
@@ -49,7 +53,14 @@
networking.hostName = "agares";
networking.domain = "bs.dadada.li";
- boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
+ boot.initrd.availableKernelModules = [
+ "xhci_pci"
+ "ahci"
+ "ehci_pci"
+ "usb_storage"
+ "sd_mod"
+ "sdhci_pci"
+ ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
# Use the GRUB 2 boot loader.
diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix
index 7e52d8b..fe2843f 100644
--- a/nixos/agares/dns.nix
+++ b/nixos/agares/dns.nix
@@ -66,7 +66,10 @@
];
stub-zone =
let
- stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; };
+ stubZone = name: addrs: {
+ name = "${name}";
+ stub-addr = addrs;
+ };
in
[
#(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"])
diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix
index af15e05..6d86d22 100644
--- a/nixos/agares/network.nix
+++ b/nixos/agares/network.nix
@@ -10,7 +10,10 @@ in
enable = true;
links = {
"10-persistent" = {
- matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network]
+ matchConfig.OriginalName = [
+ "enp1s0"
+ "enp2s0"
+ ]; # takes search domains from the [Network]
linkConfig.MACAddressPolicy = "persistent";
};
};
@@ -49,19 +52,21 @@ in
PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path;
ListenPort = 51234;
};
- wireguardPeers = [{
- wireguardPeerConfig =
- let
- peerAddresses = i: [
- "${ipv4Prefix}.120.${i}/32"
- "${ulaPrefix}:120::${i}/128"
- ];
- in
- {
- PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
- AllowedIPs = peerAddresses "3";
- };
- }];
+ wireguardPeers = [
+ {
+ wireguardPeerConfig =
+ let
+ peerAddresses = i: [
+ "${ipv4Prefix}.120.${i}/32"
+ "${ulaPrefix}:120::${i}/128"
+ ];
+ in
+ {
+ PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU=";
+ AllowedIPs = peerAddresses "3";
+ };
+ }
+ ];
};
"20-wg0" = {
netdevConfig = {
@@ -137,7 +142,10 @@ in
"10-mgmt" = lib.mkMerge [
(subnet "enp1s0" "100")
{
- networkConfig.VLAN = [ "lan.10" "ff.11" ];
+ networkConfig.VLAN = [
+ "lan.10"
+ "ff.11"
+ ];
dhcpServerStaticLeases = [
{
# legion
@@ -158,13 +166,24 @@ in
];
"30-wg0" = {
matchConfig.Name = "wg0";
- address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ];
+ address = [
+ "10.3.3.2/32"
+ "fd42:9c3b:f96d:121::2/128"
+ ];
DHCP = "no";
networkConfig.IPv6AcceptRA = false;
linkConfig.RequiredForOnline = false;
routes = [
- { routeConfig = { Destination = "10.3.3.1/24"; }; }
- { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; }
+ {
+ routeConfig = {
+ Destination = "10.3.3.1/24";
+ };
+ }
+ {
+ routeConfig = {
+ Destination = "fd42:9c3b:f96d:121::1/64";
+ };
+ }
];
};
"30-lan" = subnet "lan.10" "101" // {
@@ -266,10 +285,14 @@ in
linkConfig.RequiredForOnline = false;
routes = [
{
- routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; };
+ routeConfig = {
+ Destination = "${ipv4Prefix}.120.1/24";
+ };
}
{
- routeConfig = { Destination = "${ulaPrefix}::120:1/64"; };
+ routeConfig = {
+ Destination = "${ulaPrefix}::120:1/64";
+ };
}
];
};
diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix
index dc26e46..ffa5bc4 100644
--- a/nixos/agares/ppp.nix
+++ b/nixos/agares/ppp.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+ pkgs,
+ lib,
+ config,
+ ...
+}:
let
secretsPath = config.dadada.secrets.path;
in
diff --git a/nixos/configurations.nix b/nixos/configurations.nix
index d587829..adacb51 100644
--- a/nixos/configurations.nix
+++ b/nixos/configurations.nix
@@ -1,51 +1,73 @@
-{ self
-, agenix
-, nixpkgs
-, home-manager
-, homepage
-, nixos-hardware
-, nixos-generators
-, ...
+{
+ self,
+ agenix,
+ home-manager,
+ homepage,
+ nixos-hardware,
+ nixos-generators,
+ nixpkgs,
+ nixpkgs-small,
+ ...
}@inputs:
let
- nixosSystem = { system ? "x86_64-linux", extraModules ? [ ] }: nixpkgs.lib.nixosSystem {
- inherit system;
+ nixosSystem =
+ {
+ nixpkgs,
+ system ? "x86_64-linux",
+ extraModules ? [ ],
+ }:
+ nixpkgs.lib.nixosSystem {
+ inherit system;
- modules = [{
-
- nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
- }] ++ (nixpkgs.lib.attrValues self.nixosModules) ++ [ agenix.nixosModules.age ] ++ extraModules;
- };
+ modules =
+ [
+ {
+ nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
+ }
+ ]
+ ++ (nixpkgs.lib.attrValues self.nixosModules)
+ ++ [ agenix.nixosModules.age ]
+ ++ extraModules;
+ };
in
{
- gorgon = nixosSystem rec {
- system = "x86_64-linux";
+ gorgon =
+ let
+ system = "x86_64-linux";
+ in
+ nixosSystem {
+ inherit nixpkgs system;
- extraModules = [
- {
- nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
- dadada.pkgs = self.packages.${system};
- dadada.inputs = inputs // { dadada = self; };
- }
-
- nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
-
- home-manager.nixosModules.home-manager
- ({ pkgs, lib, ... }:
+ extraModules = [
{
- home-manager.useGlobalPkgs = true;
- home-manager.useUserPackages = true;
- home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
- { dadada.home.helix.package = pkgs.helix; }
- { manual.manpages.enable = false; }
- ];
- home-manager.users.dadada = import ../home;
- })
- ./gorgon/configuration.nix
- ];
- };
+ nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays;
+ dadada.pkgs = self.packages.${system};
+ dadada.inputs = inputs // {
+ dadada = self;
+ };
+ }
+
+ nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1
+
+ home-manager.nixosModules.home-manager
+ (
+ { pkgs, lib, ... }:
+ {
+ home-manager.useGlobalPkgs = true;
+ home-manager.useUserPackages = true;
+ home-manager.sharedModules = (nixpkgs.lib.attrValues self.hmModules) ++ [
+ { dadada.home.helix.package = pkgs.helix; }
+ { manual.manpages.enable = false; }
+ ];
+ home-manager.users.dadada = import ../home;
+ }
+ )
+ ./gorgon/configuration.nix
+ ];
+ };
surgat = nixosSystem {
+ nixpkgs = nixpkgs-small;
system = "x86_64-linux";
extraModules = [
{
@@ -57,32 +79,38 @@ in
};
agares = nixosSystem {
+ nixpkgs = nixpkgs-small;
extraModules = [
./agares/configuration.nix
];
};
- installer = nixpkgs.lib.nixosSystem {
- system = "x86_64-linux";
- modules = [
- nixos-generators.nixosModules.install-iso
- self.nixosModules.admin
- {
- isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
- networking.tempAddresses = "disabled";
- dadada.admin.enable = true;
- documentation.enable = true;
- documentation.nixos.enable = true;
- i18n.defaultLocale = "en_US.UTF-8";
- console = {
- font = "Lat2-Terminus16";
- keyMap = "us";
- };
- }
- ];
- };
+ installer =
+ let
+ nixpkgs = nixpkgs-small;
+ in
+ nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ modules = [
+ nixos-generators.nixosModules.install-iso
+ self.nixosModules.admin
+ {
+ isoImage.isoName = nixpkgs.lib.mkForce "dadada-nixos-installer.iso";
+ networking.tempAddresses = "disabled";
+ dadada.admin.enable = true;
+ documentation.enable = true;
+ documentation.nixos.enable = true;
+ i18n.defaultLocale = "en_US.UTF-8";
+ console = {
+ font = "Lat2-Terminus16";
+ keyMap = "us";
+ };
+ }
+ ];
+ };
ninurta = nixosSystem {
+ nixpkgs = nixpkgs-small;
extraModules = [
./ninurta/configuration.nix
];
diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix
index b2da49d..9c8b8e3 100644
--- a/nixos/gorgon/configuration.nix
+++ b/nixos/gorgon/configuration.nix
@@ -1,7 +1,8 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
let
xilinxJtag = pkgs.writeTextFile {
@@ -34,6 +35,8 @@ in
./hardware-configuration.nix
];
+ dadada.backupClient.bs.enable = false;
+ dadada.backupClient.backup1.enable = true;
dadada.backupClient.backup2 = {
enable = true;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
@@ -41,6 +44,10 @@ in
repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup";
};
+ nixpkgs.config.android_sdk.accept_license = true;
+
+ programs.ssh.startAgent = true;
+
nix.extraOptions = ''
experimental-features = nix-command flakes
# Prevent garbage collection for nix shell and direnv
@@ -98,13 +105,18 @@ in
passwordFile = config.age.secrets.paperless.path;
};
- systemd.tmpfiles.rules = let cfg = config.services.paperless; in [
- (if cfg.consumptionDirIsPublic then
- "d '${cfg.consumptionDir}' 777 - - - -"
- else
- "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
- )
- ];
+ systemd.tmpfiles.rules =
+ let
+ cfg = config.services.paperless;
+ in
+ [
+ (
+ if cfg.consumptionDirIsPublic then
+ "d '${cfg.consumptionDir}' 777 - - - -"
+ else
+ "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -"
+ )
+ ];
age.secrets.paperless = {
file = "${config.dadada.secrets.path}/paperless.age";
@@ -124,10 +136,29 @@ in
];
};
+ hardware.printers.ensurePrinters = [
+ {
+ name = "Brother_HL-L2300D";
+ model = "everywhere";
+ location = "BS";
+ deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D";
+ }
+ ];
+
environment.systemPackages = with pkgs; [
- chromium
+ android-studio
ghostscript
smartmontools
+
+ dmenu
+ grim # screenshot functionality
+ slurp # screenshot functionality
+ #mako # notification system developed by swaywm maintainer
+ pulseaudio
+
+ # KDE apps
+ kdePackages.kmail
+ kdePackages.kmail-account-wizard
];
networking.firewall = {
@@ -143,7 +174,16 @@ in
systemd.services.modem-manager.enable = lib.mkForce false;
systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false;
- services.udev.packages = [ xilinxJtag saleaeLogic keychron ]; #noMtpUdevRules ];
+ systemd.sleep.extraConfig = ''
+ HibernateDelaySec=1h
+ '';
+
+ services.udev.packages = [
+ xilinxJtag
+ saleaeLogic
+ keychron
+ pkgs.libsigrok
+ ]; # noMtpUdevRules ];
virtualisation.libvirtd.enable = true;
@@ -155,7 +195,20 @@ in
users.users = {
dadada = {
isNormalUser = true;
- extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ];
+ extraGroups = [
+ "wheel"
+ "networkmanager"
+ "libvirtd"
+ "adbusers"
+ "kvm"
+ "video"
+ "scanner"
+ "lp"
+ "docker"
+ "dialout"
+ "wireshark"
+ "paperless"
+ ];
shell = "/run/current-system/sw/bin/zsh";
};
};
@@ -164,44 +217,44 @@ in
"127.0.0.2" = [ "kanboard.dadada.li" ];
};
- # https://lists.zx2c4.com/pipermail/wireguard/2017-November/002028.html
- systemd.timers.wg-reresolve-dns = {
- wantedBy = [ "timers.target" ];
- partOf = [ "wg-reresolve-dns.service" ];
- timerConfig.OnCalendar = "hourly";
- };
-
- systemd.services.wg-reresolve-dns =
- let
- vpnPubKey = "x/y6I59buVzv9Lfzl+b17mGWbzxU+3Ke9mQNa1DLsDI=";
- in
- {
- serviceConfig.Type = "oneshot";
- script = ''
- ${pkgs.wireguard-tools}/bin/wg set dadada peer ${vpnPubKey} endpoint vpn.dadada.li:51234 persistent-keepalive 25 allowed-ips fd42:9c3b:f96d::/48
- '';
- };
-
- #networking.wg-quick.interfaces.mullvad = {
- # address = [ "10.68.15.202/32" "fc00:bbbb:bbbb:bb01::5:fc9/128" ];
- # privateKeyFile = "/var/lib/wireguard/mullvad";
- # peers = [
- # {
- # publicKey = "Ec/wwcosVal9Kjc97ZuTTV7Dy5c0/W5iLet7jrSEm2k=";
- # allowedIPs = [ "0.0.0.0/0" "::0/0" ];
- # endpoint = "193.27.14.66:51820";
- # persistentKeepalive = 25;
- # }
- # ];
- # postUp = "${pkgs.iproute2}/bin/ip rule add to 193.27.14.66 lookup main";
- #};
-
services.gnome.gnome-keyring.enable = lib.mkForce false;
programs.gnupg.agent.enable = true;
- services.xserver.enable = true;
- services.xserver.desktopManager.gnome.enable = true;
- services.xserver.displayManager.gdm.enable = true;
+ # KDE
+ services = {
+ desktopManager.plasma6.enable = true;
+ displayManager.sddm.enable = true;
+ displayManager.sddm.wayland.enable = true;
+ };
+ services.greetd = {
+ enable = false;
+ settings = {
+ default_session = {
+ command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway";
+ user = "greeter";
+ };
+ };
+ };
+ systemd.user.services.kanshi = {
+ enable = false;
+ description = "kanshi daemon";
+ environment = {
+ WAYLAND_DISPLAY = "wayland-1";
+ DISPLAY = ":0";
+ };
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = ''${pkgs.kanshi}/bin/kanshi'';
+ };
+ };
+ # enable Sway window manager
+ programs.sway = {
+ enable = false;
+ wrapperFeatures.gtk = true;
+ };
+ programs.light.enable = true;
+ xdg.portal.wlr.enable = false;
+ hardware.bluetooth.enable = true;
hardware.opengl = {
enable = true;
@@ -211,5 +264,16 @@ in
];
};
+ powerManagement = {
+ enable = true;
+ powertop.enable = true;
+ cpuFreqGovernor = "schedutil";
+ powerUpCommands = ''
+ echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold
+ echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold
+ '';
+ };
+ services.tlp.enable = false;
+
system.stateVersion = "23.11";
}
diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix
index 4155fae..30d7447 100644
--- a/nixos/gorgon/hardware-configuration.nix
+++ b/nixos/gorgon/hardware-configuration.nix
@@ -1,17 +1,26 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config
-, lib
-, pkgs
-, modulesPath
-, ...
-}: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
+{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
- boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
+ boot.initrd.availableKernelModules = [
+ "nvme"
+ "ehci_pci"
+ "xhci_pci"
+ "usb_storage"
+ "sd_mod"
+ "rtsx_pci_sdmmc"
+ ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix
index 873832d..07323da 100644
--- a/nixos/modules/admin.nix
+++ b/nixos/modules/admin.nix
@@ -1,11 +1,16 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.admin;
- extraGroups = [ "wheel" "libvirtd" ];
+ extraGroups = [
+ "wheel"
+ "libvirtd"
+ ];
shells = {
"bash" = pkgs.bashInteractive;
@@ -16,22 +21,32 @@ with lib; let
shellNames = builtins.attrNames shells;
adminOpts =
- { name
- , config
- , ...
- }: {
+ {
+ name,
+ config,
+ ...
+ }:
+ {
options = {
keys = mkOption {
type = types.listOf types.str;
default = [ ];
- apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x;
+ apply =
+ x:
+ assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in");
+ x;
description = ''
The keys that should be able to access the account.
'';
};
shell = mkOption {
type = types.nullOr types.str;
- apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x;
+ apply =
+ x:
+ assert (
+ builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"
+ );
+ x;
default = "zsh";
defaultText = literalExpression "zsh";
example = literalExpression "bash";
@@ -81,15 +96,12 @@ in
security.sudo.wheelNeedsPassword = false;
services.openssh.openFirewall = true;
- users.users =
- mapAttrs
- (user: keys: {
- shell = shells."${keys.shell}";
- extraGroups = extraGroups;
- isNormalUser = true;
- openssh.authorizedKeys.keys = keys.keys;
- })
- cfg.users;
+ users.users = mapAttrs (user: keys: {
+ shell = shells."${keys.shell}";
+ extraGroups = extraGroups;
+ isNormalUser = true;
+ openssh.authorizedKeys.keys = keys.keys;
+ }) cfg.users;
nix.settings.trusted-users = builtins.attrNames cfg.users;
@@ -103,7 +115,7 @@ in
services.tor.relay.onionServices = {
"rat" = mkIf cfg.rat.enable {
name = "rat";
- map = [{ port = 22; }];
+ map = [ { port = 22; } ];
};
};
};
diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix
index c18aeb8..095fd35 100644
--- a/nixos/modules/backup.nix
+++ b/nixos/modules/backup.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
backupExcludes = [
"/backup"
"/dev"
@@ -156,7 +158,7 @@ in
};
};
- services.borgbackup.jobs.backup1 = mkIf cfg.bs.enable {
+ services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable {
paths = "/";
exclude = backupExcludes;
repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}";
diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix
index c1aceeb..594f356 100644
--- a/nixos/modules/borg-server.nix
+++ b/nixos/modules/borg-server.nix
@@ -1,6 +1,11 @@
{ config, lib, ... }:
let
- inherit (lib) mkEnableOption mkIf mkOption types;
+ inherit (lib)
+ mkEnableOption
+ mkIf
+ mkOption
+ types
+ ;
cfg = config.dadada.borgServer;
in
{
@@ -20,31 +25,41 @@ in
services.borgbackup.repos = {
"metis" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ];
+ authorizedKeysAppendOnly = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis"
+ ];
path = "${cfg.path}/metis";
quota = "1T";
};
"gorgon" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ];
+ authorizedKeysAppendOnly = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon"
+ ];
path = "${cfg.path}/gorgon";
quota = "1T";
};
"surgat" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ];
+ authorizedKeysAppendOnly = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat"
+ ];
path = "${cfg.path}/surgat";
quota = "50G";
};
"pruflas" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ];
+ authorizedKeysAppendOnly = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas"
+ ];
path = "${cfg.path}/pruflas";
quota = "50G";
};
"wohnzimmerpi" = {
allowSubRepos = false;
- authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ];
+ authorizedKeysAppendOnly = [
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi"
+ ];
path = "${cfg.path}/wohnzimmerpi";
quota = "50G";
};
diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix
index af7d725..594be6d 100644
--- a/nixos/modules/ddns.nix
+++ b/nixos/modules/ddns.nix
@@ -1,52 +1,70 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.ddns;
- ddnsConfig = { domains, credentialsPath, interface }: {
- systemd.timers = listToAttrs (forEach domains (domain:
- nameValuePair "ddns-${domain}"
- {
- wantedBy = [ "timers.target" ];
- partOf = [ "ddns-${domain}.service" ];
- timerConfig.OnCalendar = "hourly";
- }));
+ ddnsConfig =
+ {
+ domains,
+ credentialsPath,
+ interface,
+ }:
+ {
+ systemd.timers = listToAttrs (
+ forEach domains (
+ domain:
+ nameValuePair "ddns-${domain}" {
+ wantedBy = [ "timers.target" ];
+ partOf = [ "ddns-${domain}.service" ];
+ timerConfig.OnCalendar = "hourly";
+ }
+ )
+ );
- systemd.services = listToAttrs (forEach domains (domain:
- nameValuePair "ddns-${domain}"
- {
- serviceConfig = {
- Type = "oneshot";
- PrivateTmp = true;
- PrivateDevices = true;
- PrivateUsers = true;
- PrivateMounts = true;
- PrivateIPC = true;
- ProtectHome = true;
- ProtectSystem = "strict";
- ProtectKernelTunables = true;
- BindReadOnlyPaths = [ credentialsPath ];
- NoNewPrivileges = true;
- CapabilitBoundingSet = [ ];
- };
- script = ''
- function url() {
- echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
- }
+ systemd.services = listToAttrs (
+ forEach domains (
+ domain:
+ nameValuePair "ddns-${domain}" {
+ serviceConfig = {
+ Type = "oneshot";
+ PrivateTmp = true;
+ PrivateDevices = true;
+ PrivateUsers = true;
+ PrivateMounts = true;
+ PrivateIPC = true;
+ ProtectHome = true;
+ ProtectSystem = "strict";
+ ProtectKernelTunables = true;
+ BindReadOnlyPaths = [ credentialsPath ];
+ NoNewPrivileges = true;
+ CapabilitBoundingSet = [ ];
+ };
+ script = ''
+ function url() {
+ echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
+ }
- IFS=':'
- read -r user password < ${credentialsPath}
- unset IFS
+ IFS=':'
+ read -r user password < ${credentialsPath}
+ unset IFS
- curl_url=$(url "$user" "$password" ${domain})
+ curl_url=$(url "$user" "$password" ${domain})
- ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true
- ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"}
- '';
- }));
- };
+ ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${
+ if interface == null then "" else "--interface ${interface}"
+ } || true
+ ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${
+ if interface == null then "" else "--interface ${interface}"
+ }
+ '';
+ }
+ )
+ );
+ };
in
{
options = {
diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index d0554cc..fa94c8c 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -1,8 +1,16 @@
{ lib, ... }:
-with lib; let
- modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))))
- (builtins.readDir dir);
- modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}")))
- (modules' dir);
+with lib;
+let
+ modules' =
+ dir:
+ filterAttrs (
+ name: type:
+ (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))
+ ) (builtins.readDir dir);
+ modules =
+ dir:
+ mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) (
+ modules' dir
+ );
in
(modules ./.)
diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix
index 2a45da1..2fcefec 100644
--- a/nixos/modules/element.nix
+++ b/nixos/modules/element.nix
@@ -1,7 +1,8 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
let
cfg = config.dadada.element;
diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix
index 5b6a0f2..a3a72ba 100644
--- a/nixos/modules/fileShare.nix
+++ b/nixos/modules/fileShare.nix
@@ -1,8 +1,10 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.fileShare;
sharePath = "/mnt/storage/share";
ipv6 = "fd42:dead:beef::/48";
diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix
index f73ddc0..783bf6f 100644
--- a/nixos/modules/gitea.nix
+++ b/nixos/modules/gitea.nix
@@ -1,7 +1,8 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
let
cfg = config.dadada.forgejo;
@@ -37,6 +38,11 @@ in
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
DISABLE_SSH = false;
+
+ # Use built-in SSH server
+ START_SSH_SERVER = true;
+ SSH_PORT = 22;
+
DOMAIN = "git.dadada.li";
};
picture = {
@@ -69,6 +75,12 @@ in
vmOverCommit = true;
};
+ systemd.services.forgejo.serviceConfig = {
+ AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE";
+ CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE";
+ PrivateUsers = lib.mkForce false;
+ };
+
services.nginx.virtualHosts."git.${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix
index 585a5dd..877be07 100644
--- a/nixos/modules/headphones.nix
+++ b/nixos/modules/headphones.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.headphones;
in
{
diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix
index b04c3b2..193e71e 100644
--- a/nixos/modules/homepage.nix
+++ b/nixos/modules/homepage.nix
@@ -1,11 +1,13 @@
-{ config
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
let
cfg = config.dadada.homepage;
in
-with lib; {
+with lib;
+{
options.dadada.homepage = {
enable = mkEnableOption "Enable home page";
package = mkOption {
diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix
index 4db219c..9d18883 100644
--- a/nixos/modules/inputs.nix
+++ b/nixos/modules/inputs.nix
@@ -1,7 +1,8 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
let
cfg = config.dadada.inputs;
diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix
index a69a89c..d333804 100644
--- a/nixos/modules/profiles/backup.nix
+++ b/nixos/modules/profiles/backup.nix
@@ -4,7 +4,7 @@ let
in
{
dadada.backupClient.bs = {
- enable = lib.mkDefault true;
+ enable = lib.mkDefault false;
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path;
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
@@ -21,6 +21,8 @@ in
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
- age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
- age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
+ age.secrets."${config.networking.hostName}-backup-passphrase".file =
+ "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
+ age.secrets."${config.networking.hostName}-backup-ssh-key".file =
+ "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
}
diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix
index 56e17cd..b681d72 100644
--- a/nixos/modules/profiles/base.nix
+++ b/nixos/modules/profiles/base.nix
@@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
mkDefault = lib.mkDefault;
inputs = config.dadada.inputs;
@@ -8,15 +13,26 @@ in
./upgrade-pg-cluster.nix
];
+ boot.tmp.useTmpfs = true;
+ boot.tmp.tmpfsSize = "50%";
+
i18n.defaultLocale = mkDefault "en_US.UTF-8";
console = mkDefault {
font = "Lat2-Terminus16";
keyMap = "us";
};
+ i18n.supportedLocales = mkDefault [
+ "C.UTF-8/UTF-8"
+ "en_US.UTF-8/UTF-8"
+ "de_DE.UTF-8/UTF-8"
+ ];
+
time.timeZone = mkDefault "Europe/Berlin";
- nix.settings.substituters = [ https://cache.nixos.org/ ];
+ nix.package = pkgs.lix;
+
+ nix.settings.substituters = [ "https://cache.nixos.org/" ];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@@ -45,9 +61,14 @@ in
services.resolved = {
enable = mkDefault true;
- fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ];
+ fallbackDns = [
+ "9.9.9.9#dns.quad9.net"
+ "2620:fe::fe:11#dns11.quad9.net"
+ ];
};
programs.zsh.enable = mkDefault true;
-}
+ # Avoid some bots
+ services.openssh.ports = [ 2222 ];
+}
diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix
index 98314c7..de57714 100644
--- a/nixos/modules/profiles/cloud.nix
+++ b/nixos/modules/profiles/cloud.nix
@@ -5,30 +5,44 @@ let
in
{
boot.initrd.availableKernelModules = [ "virtio-pci" ];
+
+ boot.kernelParams = [
+ # Wait forever for the filesystem root to show up
+ "rootflags=x-systemd.device-timeout=0"
+
+ # Wait forever to enter the LUKS passphrase via SSH
+ "rd.luks.options=timeout=0"
+ ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
- port = 22;
+ port = 2223;
hostKeys = [
config.age.secrets."${initrdHostKey}".path
];
- authorizedKeys = with lib;
- concatLists (mapAttrsToList
- (name: user:
- if elem "wheel" user.extraGroups then
- user.openssh.authorizedKeys.keys
- else
- [ ])
- config.users.users);
+ authorizedKeys =
+ with lib;
+ concatLists (
+ mapAttrsToList (
+ name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
+ ) config.users.users
+ );
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
+ assertions = lib.singleton {
+ assertion =
+ (config.boot.initrd.network.ssh.hostKeys != [ ])
+ -> config.boot.loader.supportsInitrdSecrets == true;
+ message = "Refusing to store private keys in store";
+ };
+
age.secrets."${initrdHostKey}" = {
- file = "${secretsPath}/${initrdHostKey}.age";
+ file = "${secretsPath}/initrd-${initrdHostKey}.age";
mode = "600";
path = "/etc/initrd/${initrdHostKey}";
symlink = false;
diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix
index cc36988..d9f0bde 100644
--- a/nixos/modules/profiles/laptop.nix
+++ b/nixos/modules/profiles/laptop.nix
@@ -1,13 +1,14 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ lib,
+ ...
}:
let
inputs = config.dadada.inputs;
secretsPath = config.dadada.secrets.path;
in
-with lib; {
+with lib;
+{
imports = [
./backup.nix
./base.nix
@@ -16,20 +17,15 @@ with lib; {
networking.domain = mkDefault "dadada.li";
services.fwupd.enable = mkDefault true;
- programs.ssh.startAgent = true;
programs.ssh.enableAskPassword = true;
programs.nix-ld.enable = true;
- nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value}") inputs;
- nix.registry = lib.mapAttrs' (name: value: lib.nameValuePair name { flake = value; }) inputs;
+ nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs;
+ nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs);
nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json";
age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
- fonts.packages = mkDefault (with pkgs; [
- source-code-pro
- ]);
-
users.mutableUsers = mkDefault true;
# Use the systemd-boot EFI boot loader.
@@ -59,5 +55,6 @@ with lib; {
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path;
};
- age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
+ age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
+ "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
}
diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix
index c10979a..724655f 100644
--- a/nixos/modules/profiles/server.nix
+++ b/nixos/modules/profiles/server.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; {
+with lib;
+{
imports = [
./backup.nix
./base.nix
@@ -16,15 +18,18 @@ with lib; {
documentation.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;
- services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { });
+ services.btrfs.autoScrub.enable = mkDefault (
+ (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }
+ );
services.journald.extraConfig = ''
SystemKeepFree = 2G
+ MaxRetentionSec = 100days
'';
system.autoUpgrade = {
enable = true;
- flake = "github:dadada/nix-config#${config.networking.hostName}";
+ flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}";
allowReboot = mkDefault false;
randomizedDelaySec = "45min";
};
diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix
index 3042265..486bf29 100644
--- a/nixos/modules/profiles/upgrade-pg-cluster.nix
+++ b/nixos/modules/profiles/upgrade-pg-cluster.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
{
environment.systemPackages = lib.mkIf config.services.postgresql.enable [
(
diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix
index a4e5f9c..7c7410b 100644
--- a/nixos/modules/share.nix
+++ b/nixos/modules/share.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.share;
in
{
diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix
index 82944eb..b6b0846 100644
--- a/nixos/modules/steam.nix
+++ b/nixos/modules/steam.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.steam;
in
{
diff --git a/nixos/modules/sway.nix b/nixos/modules/sway.nix
deleted file mode 100644
index 190d13e..0000000
--- a/nixos/modules/sway.nix
+++ /dev/null
@@ -1,40 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
- cfg = config.dadada.sway;
-in
-{
- options = {
- dadada.sway.enable = lib.mkEnableOption "Enable sway";
- };
-
- config = lib.mkIf cfg.enable {
- programs.sway = {
- enable = true;
- wrapperFeatures.gtk = true;
- wrapperFeatures.base = true;
- extraPackages = with pkgs; [
- qt5.qtwayland
- swayidle
- xwayland
- mako
- kanshi
- kitty
- i3status
- bemenu
- xss-lock
- swaylock
- brightnessctl
- playerctl
- ];
- extraSessionCommands = ''
- export SDL_VIDEODRIVER=wayland
- # needs qt5.qtwayland in systemPackages
- export QT_QPA_PLATFORM=wayland
- export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
- # Fix for some Java AWT applications (e.g. Android Studio),
- # use this if they aren't displayed properly:
- export _JAVA_AWT_WM_NONREPARENTING=1
- '';
- };
- };
-}
diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix
index 6c0513f..ee2298e 100644
--- a/nixos/modules/vpnServer.nix
+++ b/nixos/modules/vpnServer.nix
@@ -1,28 +1,32 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.vpnServer;
- wgPeer = { name, ... }: {
- options = {
- name = mkOption {
- internal = true;
- default = name;
- };
- id = mkOption {
- description = "VPN client id";
- default = 0;
- type = types.str;
- };
- key = mkOption {
- description = "VPN client public key";
- default = "";
- type = types.str;
+ wgPeer =
+ { name, ... }:
+ {
+ options = {
+ name = mkOption {
+ internal = true;
+ default = name;
+ };
+ id = mkOption {
+ description = "VPN client id";
+ default = 0;
+ type = types.str;
+ };
+ key = mkOption {
+ description = "VPN client public key";
+ default = "";
+ type = types.str;
+ };
};
};
- };
in
{
options.dadada.vpnServer = {
@@ -41,13 +45,10 @@ in
privateKeyFile = "/var/lib/wireguard/wg0-key";
ips = [ "fd42:9c3b:f96d:0201::0/64" ];
listenPort = 51234;
- peers =
- map
- (peer: {
- allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
- publicKey = peer.key;
- })
- (attrValues cfg.peers);
+ peers = map (peer: {
+ allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ];
+ publicKey = peer.key;
+ }) (attrValues cfg.peers);
postSetup = ''
wg set wg0 fwmark 51234
ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3
diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix
index 340f64c..6ff0106 100644
--- a/nixos/modules/weechat.nix
+++ b/nixos/modules/weechat.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
cfg = config.dadada.weechat;
in
{
@@ -34,7 +36,7 @@ in
};
};
services.nginx.virtualHosts."weechat.dadada.li" = {
- useACMEHost = "webchat.dadada.li";
+ enableACME = true;
forceSSL = true;
root = "${pkgs.nginx}/html";
diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix
index 3df9499..4be4492 100644
--- a/nixos/modules/yubikey.nix
+++ b/nixos/modules/yubikey.nix
@@ -1,9 +1,11 @@
-{ config
-, pkgs
-, lib
-, ...
+{
+ config,
+ pkgs,
+ lib,
+ ...
}:
-with lib; let
+with lib;
+let
yubikey = config.dadada.yubikey;
in
{
@@ -45,8 +47,7 @@ in
#linuxPackages.acpi_call
pam_u2f
pamtester
- yubikey-manager
- yubikey-manager-qt
+ yubioath-flutter
];
};
}
diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index 8bf36de..d4eed97 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
let
hostAliases = [
"ifrit.dadada.li"
@@ -37,6 +42,11 @@ in
};
};
+ services.openssh.ports = [
+ 22
+ 2222
+ ];
+
dadada.backupClient.bs.enable = false;
dadada.backupClient.backup1.enable = false;
@@ -57,7 +67,9 @@ in
boot.loader.efi.canTouchEfiVariables = true;
assertions = lib.singleton {
- assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true;
+ assertion =
+ (config.boot.initrd.network.ssh.hostKeys != [ ])
+ -> config.boot.loader.supportsInitrdSecrets == true;
message = "Refusing to store private keys in store";
};
@@ -157,8 +169,8 @@ in
};
services.hydra = {
- enable = true;
- package = pkgs.hydra-unstable;
+ enable = false;
+ package = pkgs.hydra;
hydraURL = "https://hydra.dadada.li";
notificationSender = "hydra@localhost";
buildMachinesFiles = [ ];
@@ -181,7 +193,12 @@ in
{
hostName = "localhost";
system = "x86_64-linux";
- supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+ supportedFeatures = [
+ "kvm"
+ "nixos-test"
+ "big-parallel"
+ "benchmark"
+ ];
maxJobs = 16;
}
];
@@ -225,28 +242,28 @@ in
SUBVOLUME = "/home";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
- TIMELINE_LIMIT_HOURLY = 24;
- TIMELINE_LIMIT_DAILY = 13;
- TIMELINE_LIMIT_WEEKLY = 6;
- TIMELINE_LIMIT_MONTHLY = 3;
+ TIMELINE_LIMIT_HOURLY = "24";
+ TIMELINE_LIMIT_DAILY = "13";
+ TIMELINE_LIMIT_WEEKLY = "6";
+ TIMELINE_LIMIT_MONTHLY = "3";
};
configs.var = {
SUBVOLUME = "/var";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
- TIMELINE_LIMIT_HOURLY = 24;
- TIMELINE_LIMIT_DAILY = 13;
- TIMELINE_LIMIT_WEEKLY = 6;
- TIMELINE_LIMIT_MONTHLY = 3;
+ TIMELINE_LIMIT_HOURLY = "24";
+ TIMELINE_LIMIT_DAILY = "13";
+ TIMELINE_LIMIT_WEEKLY = "6";
+ TIMELINE_LIMIT_MONTHLY = "3";
};
configs.storage = {
SUBVOLUME = "/mnt/storage";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
- TIMELINE_LIMIT_HOURLY = 24;
- TIMELINE_LIMIT_DAILY = 13;
- TIMELINE_LIMIT_WEEKLY = 6;
- TIMELINE_LIMIT_MONTHLY = 3;
+ TIMELINE_LIMIT_HOURLY = "24";
+ TIMELINE_LIMIT_DAILY = "13";
+ TIMELINE_LIMIT_WEEKLY = "6";
+ TIMELINE_LIMIT_MONTHLY = "3";
};
};
@@ -271,6 +288,56 @@ in
};
"10-lan" = {
matchConfig.Name = "enp*";
+ bridge = [ "br0" ];
+ };
+ "30-wg0" = {
+ matchConfig.Name = "wg0";
+ address = [
+ "10.3.3.3/32"
+ "fd42:9c3b:f96d:121::3/128"
+ ];
+ DHCP = "no";
+ networkConfig.IPv6AcceptRA = false;
+ linkConfig.RequiredForOnline = false;
+ routes = [
+ {
+ routeConfig = {
+ Destination = "10.3.3.1/24";
+ };
+ }
+ {
+ routeConfig = {
+ Destination = "fd42:9c3b:f96d:121::1/64";
+ };
+ }
+ ];
+ };
+ "30-uwu" = {
+ matchConfig.Name = "uwu";
+ address = [
+ "10.11.0.39/24"
+ "fc00:1337:dead:beef::10.11.0.39/128"
+ ];
+ dns = [ "10.11.0.1%uwu#uwu" ];
+ domains = [ "uwu" ];
+ DHCP = "no";
+ networkConfig.IPv6AcceptRA = false;
+ linkConfig.RequiredForOnline = false;
+ routes = [
+ {
+ routeConfig = {
+ Destination = "10.11.0.0/22";
+ };
+ }
+ {
+ routeConfig = {
+ Destination = "fc00:1337:dead:beef::10.11.0.0/118";
+ };
+ }
+ ];
+ };
+ "20-br0" = {
+ matchConfig.Name = "br0";
networkConfig.DHCP = "ipv4";
networkConfig.Domains = [ "bs.dadada.li" ];
networkConfig.VLAN = [ ];
@@ -286,32 +353,14 @@ in
UseDNS = true;
};
};
- "30-wg0" = {
- matchConfig.Name = "wg0";
- address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ];
- DHCP = "no";
- networkConfig.IPv6AcceptRA = false;
- linkConfig.RequiredForOnline = false;
- routes = [
- { routeConfig = { Destination = "10.3.3.1/24"; }; }
- { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; }
- ];
- };
- "30-uwu" = {
- matchConfig.Name = "uwu";
- address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ];
- dns = [ "10.11.0.1%uwu#uwu" ];
- domains = [ "uwu" ];
- DHCP = "no";
- networkConfig.IPv6AcceptRA = false;
- linkConfig.RequiredForOnline = false;
- routes = [
- { routeConfig = { Destination = "10.11.0.0/22"; }; }
- { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; }
- ];
- };
};
netdevs = {
+ "20-br0" = {
+ netdevConfig = {
+ Kind = "bridge";
+ Name = "br0";
+ };
+ };
"20-wg0" = {
netdevConfig = {
Kind = "wireguard";
@@ -325,7 +374,10 @@ in
{
wireguardPeerConfig = {
PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY=";
- AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ];
+ AllowedIPs = [
+ "10.3.3.1/32"
+ "fd42:9c3b:f96d:121::1/128"
+ ];
PersistentKeepalive = 25;
Endpoint = "surgat.dadada.li:51235";
};
@@ -333,7 +385,10 @@ in
{
wireguardPeerConfig = {
PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU=";
- AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ];
+ AllowedIPs = [
+ "10.3.3.2/32"
+ "fd42:9c3b:f96d:121::2/128"
+ ];
Endpoint = "192.168.101.1:51235";
};
}
@@ -347,15 +402,21 @@ in
wireguardConfig = {
PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path;
};
- wireguardPeers = [{
- wireguardPeerConfig = {
- PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
- AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ];
- PersistentKeepalive = 25;
- PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
- Endpoint = "53c70r.de:51820";
- };
- }];
+ wireguardPeers = [
+ {
+ wireguardPeerConfig = {
+ PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8=";
+ AllowedIPs = [
+ "10.11.0.0/22"
+ "fc00:1337:dead:beef::10.11.0.0/118"
+ "192.168.178.0/23"
+ ];
+ PersistentKeepalive = 25;
+ PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path;
+ Endpoint = "53c70r.de:51820";
+ };
+ }
+ ];
};
};
};
@@ -364,16 +425,21 @@ in
enable = true;
allowPing = true;
allowedTCPPorts = [
- 22 # SSH
- 80 # munin web
- 631 # Printing
+ 2222 # SSH
];
allowedUDPPorts = [
- 631 # Printing
51234 # Wireguard
51235 # Wireguard
];
interfaces = {
+ br0.allowedTCPPorts = [
+ 22 # SSH
+ 80 # munin web
+ 631 # IPP
+ ];
+ br0.allowedUDPPorts = [
+ 631 # IPP
+ ];
uwu.allowedTCPPorts = [
softServePort
];
@@ -388,30 +454,6 @@ in
networking.networkmanager.enable = false;
networking.useDHCP = false;
- # Desktop things for media playback
-
- services.xserver.enable = true;
- services.xserver.displayManager.gdm.enable = true;
- services.xserver.desktopManager.gnome = {
- enable = true;
- extraGSettingsOverridePackages = with pkgs; [ gnome3.gnome-settings-daemon ];
- extraGSettingsOverrides = ''
- [org.gnome.desktop.screensaver]
- lock-delay=uint32 30
- lock-enabled=true
-
- [org.gnome.desktop.session]
- idle-delay=uint32 0
-
- [org.gnome.settings-daemon.plugins.power]
- idle-dim=false
- power-button-action='interactive'
- power-saver-profile-on-low-battery=false
- sleep-inactive-ac-type='nothing'
- sleep-inactive-battery-type='nothing'
- '';
- };
-
powerManagement = {
enable = true;
cpuFreqGovernor = "powersave";
@@ -422,15 +464,6 @@ in
# Configure the disks to spin down after 10 min of inactivity.
};
- security.rtkit.enable = true;
-
- services.pipewire = {
- enable = true;
- alsa.enable = true;
- alsa.support32Bit = true;
- pulse.enable = true;
- };
-
services.udev.packages = [
(pkgs.writeTextFile {
name = "60-hdparm";
@@ -444,21 +477,10 @@ in
hardware.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
- firefox
- spotify
- mpv
smartmontools
hdparm
];
- users.users."media" = {
- isNormalUser = true;
- description = "Media playback user";
- extraGroups = [ "users" "video" ];
- # allow anyone with physical access to log in
- password = "media";
- };
-
users.users."backup-keepassxc" = {
home = "/mnt/storage/backups/backup-keepassxc";
isNormalUser = true;
diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix
index 8de34e8..cd6b64b 100644
--- a/nixos/ninurta/hardware-configuration.nix
+++ b/nixos/ninurta/hardware-configuration.nix
@@ -1,89 +1,115 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config, lib, modulesPath, ... }:
+{
+ config,
+ lib,
+ modulesPath,
+ ...
+}:
{
- imports =
- [
- (modulesPath + "/installer/scan/not-detected.nix")
- ];
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
- boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.availableKernelModules = [
+ "igc"
+ "xhci_pci"
+ "thunderbolt"
+ "ahci"
+ "nvme"
+ "usbhid"
+ "usb_storage"
+ "sd_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
- fileSystems."/" =
- {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "compress=zstd" ];
- };
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [ "compress=zstd" ];
+ };
boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae";
- fileSystems."/swap" =
+ fileSystems."/swap" = {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [
+ "subvol=swap"
+ "noatime"
+ ];
+ };
+
+ fileSystems."/nix" = {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [
+ "subvol=nix"
+ "noatime"
+ "compress=zstd"
+ ];
+ };
+
+ fileSystems."/var" = {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [
+ "subvol=var"
+ "compress=zstd"
+ ];
+ };
+
+ fileSystems."/home" = {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [
+ "subvol=home"
+ "compress=zstd"
+ ];
+ };
+
+ fileSystems."/root" = {
+ device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
+ fsType = "btrfs";
+ options = [
+ "subvol=root"
+ "compress=zstd"
+ ];
+ };
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/2E20-49CB";
+ fsType = "vfat";
+ };
+
+ swapDevices = [
{
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "subvol=swap" "noatime" ];
- };
+ device = "/swap/swapfile";
+ size = 32 * 1024; # 32 GByte
+ }
+ ];
- fileSystems."/nix" =
- {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "subvol=nix" "noatime" "compress=zstd" ];
- };
+ fileSystems."/mnt/storage" = {
+ device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
+ fsType = "btrfs";
+ options = [
+ "subvol=root"
+ "compress=zstd"
+ ];
+ };
- fileSystems."/var" =
- {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "subvol=var" "compress=zstd" ];
- };
-
- fileSystems."/home" =
- {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "subvol=home" "compress=zstd" ];
- };
-
- fileSystems."/root" =
- {
- device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714";
- fsType = "btrfs";
- options = [ "subvol=root" "compress=zstd" ];
- };
-
- fileSystems."/boot" =
- {
- device = "/dev/disk/by-uuid/2E20-49CB";
- fsType = "vfat";
- };
-
- swapDevices = [{
- device = "/swap/swapfile";
- size = 32 * 1024; # 32 GByte
- }];
-
-
- fileSystems."/mnt/storage" =
- {
- device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
- fsType = "btrfs";
- options = [ "subvol=root" "compress=zstd" ];
- };
-
-
- fileSystems."/mnt/storage/backups" =
- {
- device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
- fsType = "btrfs";
- options = [ "subvol=backups" "noatime" ];
- };
+ fileSystems."/mnt/storage/backups" = {
+ device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9";
+ fsType = "btrfs";
+ options = [
+ "subvol=backups"
+ "noatime"
+ ];
+ };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix
index 9a0b983..c8bee05 100644
--- a/nixos/ninurta/monitoring.nix
+++ b/nixos/ninurta/monitoring.nix
@@ -19,9 +19,6 @@
[surgat]
address 10.3.3.1
-
- [agares]
- address 10.3.3.2
'';
};
services.munin-node.enable = true;
diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix
index 6fdbb08..e22c989 100644
--- a/nixos/ninurta/printing.nix
+++ b/nixos/ninurta/printing.nix
@@ -32,7 +32,7 @@
drivers = [ pkgs.brlaser ];
# Remove all state at the start of the service
stateless = true;
- listenAddresses = [ "192.168.101.184:631" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe:631" ];
+ listenAddresses = [ "192.168.101.29:631" ];
allowFrom = [ "from 192.168.101.0/24" ];
browsing = true;
defaultShared = true;
diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix
index 9a9bc54..5cd9596 100644
--- a/nixos/surgat/configuration.nix
+++ b/nixos/surgat/configuration.nix
@@ -1,6 +1,7 @@
-{ config
-, pkgs
-, ...
+{
+ config,
+ pkgs,
+ ...
}:
let
hostName = "surgat";
@@ -42,7 +43,7 @@ in
dadada.element.enable = true;
dadada.forgejo.enable = true;
dadada.miniflux.enable = true;
- dadada.weechat.enable = true;
+ dadada.weechat.enable = false;
dadada.homepage.enable = true;
dadada.share.enable = true;
dadada.backupClient = {
@@ -85,14 +86,29 @@ in
};
"10-ninurta" = {
matchConfig.Name = "ninurta";
- address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ];
+ address = [
+ "10.3.3.1/32"
+ "fd42:9c3b:f96d:121::1/128"
+ ];
DHCP = "no";
networkConfig.IPv6AcceptRA = false;
linkConfig.RequiredForOnline = "no";
routes = [
- { routeConfig = { Destination = "10.3.3.3/24"; }; }
- { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; }
- { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; }
+ {
+ routeConfig = {
+ Destination = "10.3.3.3/24";
+ };
+ }
+ {
+ routeConfig = {
+ Destination = "fd42:9c3b:f96d:121::/64";
+ };
+ }
+ {
+ routeConfig = {
+ Destination = "fd42:9c3b:f96d:101::/64";
+ };
+ }
];
};
};
@@ -106,12 +122,18 @@ in
PrivateKeyFile = "/var/lib/wireguard/hydra";
ListenPort = 51235;
};
- wireguardPeers = [{
- wireguardPeerConfig = {
- PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
- AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ];
- };
- }];
+ wireguardPeers = [
+ {
+ wireguardPeerConfig = {
+ PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE=";
+ AllowedIPs = [
+ "10.3.3.3/32"
+ "fd42:9c3b:f96d:121::3/128"
+ "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128"
+ ];
+ };
+ }
+ ];
};
};
};
@@ -137,16 +159,16 @@ in
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
- swapDevices = [
- {
- device = "/var/swapfile";
- size = 4096;
- }
+ boot.kernelParams = [
+ "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp"
];
services.resolved = {
enable = true;
- fallbackDns = [ "9.9.9.9" "2620:fe::fe" ];
+ fallbackDns = [
+ "9.9.9.9"
+ "2620:fe::fe"
+ ];
};
system.autoUpgrade.allowReboot = false;
diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix
index 71b7257..8476779 100644
--- a/nixos/surgat/hardware-configuration.nix
+++ b/nixos/surgat/hardware-configuration.nix
@@ -1,17 +1,25 @@
# Do not modify this file! It was generated by ‘nixos-generate-config’
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
-{ config
-, lib
-, pkgs
-, modulesPath
-, ...
-}: {
+{
+ config,
+ lib,
+ pkgs,
+ modulesPath,
+ ...
+}:
+{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
- boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ];
+ boot.initrd.availableKernelModules = [
+ "ata_piix"
+ "virtio_pci"
+ "xhci_pci"
+ "sd_mod"
+ "sr_mod"
+ ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
diff --git a/outputs.nix b/outputs.nix
index 8199211..aea7953 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -1,16 +1,14 @@
# Adapted from Mic92/dotfiles
-{ self
-, flake-utils
-, flake-registry
-, homepage
-, nixpkgs
-, home-manager
-, nixos-hardware
-, agenix
-, devshell
-, ...
-} @ inputs:
-(flake-utils.lib.eachDefaultSystem (system:
+{
+ self,
+ flake-utils,
+ nixpkgs,
+ agenix,
+ devshell,
+ ...
+}@inputs:
+(flake-utils.lib.eachDefaultSystem (
+ system:
let
pkgs = import nixpkgs { inherit system; };
in
@@ -28,13 +26,14 @@
in
import ./devshell.nix { inherit pkgs extraModules; };
- formatter = pkgs.nixpkgs-fmt;
+ formatter = pkgs.nixfmt-tree;
packages = import ./pkgs { inherit pkgs; } // {
installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage;
};
- }))
- // {
+ }
+))
+// {
hmModules = import ./home/modules.nix { lib = nixpkgs.lib; };
diff --git a/overlays.nix b/overlays.nix
index bf0588c..ffcd441 100644
--- a/overlays.nix
+++ b/overlays.nix
@@ -1,23 +1 @@
-{
- kanboard = final: prev: {
- kanboard = prev.kanboard.overrideAttrs (oldAttrs: {
- src = prev.fetchFromGitHub {
- owner = "kanboard";
- repo = "kanboard";
- rev = "v${oldAttrs.version}";
- sha256 = "sha256-WG2lTPpRG9KQpRdb+cS7CqF4ZDV7JZ8XtNqAI6eVzm0=";
- };
- });
- };
-
- recipemd = final: prev: {
- pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
- (
- python-final: python-prev: {
- recipemd = python-final.callPackage ./pkgs/recipemd.nix { };
- }
- )
- ];
- recipemd = prev.python3Packages.toPythonApplication final.python3Packages.recipemd;
- };
-}
+{ }
diff --git a/pkgs/default.nix b/pkgs/default.nix
index c78fe50..9fce6e9 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,2 +1 @@
-{ pkgs }:
-{ }
+{ pkgs }: { }
diff --git a/pkgs/recipemd.nix b/pkgs/recipemd.nix
deleted file mode 100644
index 4879a9a..0000000
--- a/pkgs/recipemd.nix
+++ /dev/null
@@ -1,58 +0,0 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, pytestCheckHook
-, pythonPackages
-, installShellFiles
-, pythonOlder
-, pythonAtLeast
-}:
-buildPythonPackage rec {
- pname = "recipemd";
- version = "4.0.8";
-
- disabled = pythonOlder "3.7" || pythonAtLeast "4";
-
- src = fetchFromGitHub {
- owner = "tstehr";
- repo = "RecipeMD";
- rev = "v${version}";
- hash = "sha256-eumV2zm7TIJcTPRtWSckYz7jiyH3Ek4nIAVtuJs3sJc=";
- };
-
- propagatedBuildInputs = with pythonPackages; [
- dataclasses-json
- yarl
- CommonMark
- argcomplete
- pyparsing
- ];
-
- nativeBuildInputs = [ installShellFiles ];
-
- postInstall = ''
- ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s bash ${pname} > $out/completions.bash
- installShellCompletion --bash --name recipemd.bash $out/completions.bash
-
- ${pythonPackages.argcomplete}/bin/register-python-argcomplete -s fish ${pname} > $out/completions.fish
- installShellCompletion --fish --name recipemd.fish $out/completions.fish
-
- # The version of argcomplete in nixpkgs-stable does not have support for zsh
- #${pythonPackages.argcomplete}/bin/register-python-argcomplete -s zsh ${pname} > $out/completions.zsh
- #installShellCompletion --zsh --name _recipemd $out/completions.zsh
- '';
-
- checkInputs = [
- pytestCheckHook
- pythonPackages.pytestcov
- ];
-
- doCheck = true;
-
- meta = with lib; {
- description = "Markdown recipe manager, reference implementation of RecipeMD";
- homepage = "https://recipemd.org";
- license = [ licenses.lgpl3Only ];
- maintainers = [ maintainers.dadada ];
- };
-}
diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age
new file mode 100644
index 0000000..32dbcbf
Binary files /dev/null and b/secrets/initrd-surgat-ssh_host_ed25519_key.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7da57e3..1da186e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,29 +9,82 @@ let
surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat";
};
backupSecrets = hostName: {
- "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ];
- "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ];
+ "${hostName}-backup-passphrase.age".publicKeys = [
+ systems.${hostName}
+ dadada
+ ];
+ "${hostName}-backup-ssh-key.age".publicKeys = [
+ systems.${hostName}
+ dadada
+ ];
};
in
{
- "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ];
- "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ];
- "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ];
- "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ];
- "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
- "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
- "paperless.age".publicKeys = [ systems.gorgon dadada ];
- "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
- "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
- "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];
- "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ];
- "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ];
- "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ];
- "agares-wg0-key.age".publicKeys = [ systems.agares dadada ];
-} //
-backupSecrets "ninurta" //
-backupSecrets "gorgon" //
-backupSecrets "ifrit" //
-backupSecrets "pruflas" //
-backupSecrets "surgat" //
-backupSecrets "agares"
+ "pruflas-wg0-key.age".publicKeys = [
+ systems.ninurta
+ dadada
+ ];
+ "pruflas-wg0-preshared-key.age".publicKeys = [
+ systems.ninurta
+ dadada
+ ];
+ "pruflas-wg-hydra-key.age".publicKeys = [
+ systems.ninurta
+ dadada
+ ];
+ "hydra-github-authorization.age".publicKeys = [
+ systems.ninurta
+ dadada
+ ];
+ "miniflux-admin-credentials.age".publicKeys = [
+ systems.surgat
+ dadada
+ ];
+ "gorgon-backup-passphrase-gs.age".publicKeys = [
+ systems.gorgon
+ dadada
+ ];
+ "paperless.age".publicKeys = [
+ systems.gorgon
+ dadada
+ ];
+ "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [
+ systems.surgat
+ dadada
+ ];
+ "surgat-ssh_host_ed25519_key.age".publicKeys = [
+ systems.surgat
+ dadada
+ ];
+ "ninurta-initrd-ssh-key.age".publicKeys = [
+ systems.ninurta
+ dadada
+ ];
+ "ddns-credentials.age".publicKeys = [
+ systems.agares
+ systems.ninurta
+ dadada
+ ];
+ "etc-ppp-chap-secrets.age".publicKeys = [
+ systems.agares
+ dadada
+ ];
+ "etc-ppp-telekom-secret.age".publicKeys = [
+ systems.agares
+ dadada
+ ];
+ "wg-privkey-vpn-dadada-li.age".publicKeys = [
+ systems.agares
+ dadada
+ ];
+ "agares-wg0-key.age".publicKeys = [
+ systems.agares
+ dadada
+ ];
+}
+// backupSecrets "ninurta"
+// backupSecrets "gorgon"
+// backupSecrets "ifrit"
+// backupSecrets "pruflas"
+// backupSecrets "surgat"
+// backupSecrets "agares"