diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..6a37c4f --- /dev/null +++ b/.envrc @@ -0,0 +1,5 @@ +#!/bin/sh + +watch_file devshell.nix + +use flake diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..512e01e --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + assignees: ["dadada"] diff --git a/.github/workflows/nix-flake-check.yml b/.github/workflows/nix-flake-check.yml new file mode 100644 index 0000000..28b1d3c --- /dev/null +++ b/.github/workflows/nix-flake-check.yml @@ -0,0 +1,24 @@ +name: Continuous Integration +on: + pull_request: + push: + branches: [main] +jobs: + checks: + name: "Checks" + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: cachix/install-nix-action@v26 + with: + nix_path: nixpkgs=channel:nixos-stable + extra_nix_config: | + experimental-features = nix-command flakes + access-tokens = github.com=${{ secrets.GITHUB_TOKEN }} + system-features = nixos-test benchmark big-parallel kvm + - uses: cachix/cachix-action@v14 + with: + name: dadada + signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' + authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' + - run: nix flake check diff --git a/.github/workflows/nix-flake-update.yml b/.github/workflows/nix-flake-update.yml new file mode 100644 index 0000000..33843d1 --- /dev/null +++ b/.github/workflows/nix-flake-update.yml @@ -0,0 +1,20 @@ +name: update-flake-lock +on: + workflow_dispatch: # allows manual triggering + schedule: + - cron: '0 0 * * 0' # runs weekly on Sunday at 00:00 +jobs: + lockfile: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + - name: Install Nix + uses: DeterminateSystems/nix-installer-action@v10 + - name: Update flake.lock + uses: DeterminateSystems/update-flake-lock@v21 + with: + pr-title: "Update flake.lock" # Title of PR to be created + pr-labels: | # Labels to be set on the PR + dependencies + automated diff --git a/.gitignore b/.gitignore index 03f357d..01c6686 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ result *.zip *.qcow2 work.nix +.direnv/ diff --git a/.gitmodules b/.gitmodules deleted file mode 100644 index 64b9dbd..0000000 --- a/.gitmodules +++ /dev/null @@ -1,3 +0,0 @@ -[submodule "nur-packages"] - path = nur-packages - url = git@github.com:dadada/nur-packages.git diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..8f60ca3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2021 Tim Schubert + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md index 2e95a5b..c5dc70a 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,3 @@ # nix configuration -```nix -{ - imports = [ - ./modules/profiles/gorgon.nix - ./private/metis - ]; -} -``` - -```nix -{ config, pkgs, lib, ... }: -let - dadada = import (builtins.fetchGit { - url = "https://github.com/dadada/nix-config.git"; - sha256 = "1a661h3ssy35yha66xnhldlwlr9safzw4h83z5mg82assgbbh9fz"; - }) {}; -in { - imports = [ - ./secrets.nix - ./hardware-configuration.nix - dadada.hosts.ifrit - ]; - - system.stateVersion = "20.03"; -} - -``` +Use at your own risk. diff --git a/admins.nix b/admins.nix new file mode 100644 index 0000000..e5e29ba --- /dev/null +++ b/admins.nix @@ -0,0 +1,9 @@ +{ + dadada = { + shell = "zsh"; + keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrT9sQhJWrTPIMOEsZ8UzkY7BKJYYK2Aj/Q3NZu2z7uAAAABHNzaDo= dadada@gorgon" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOFHB9T6fjkuIU8jW9gGiYGSEFSfrnY/6GJUfmfMx10HAAAABHNzaDo= Backup dadada " + ]; + }; +} diff --git a/default.nix b/default.nix deleted file mode 100644 index 8c06d4a..0000000 --- a/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs }: - -with pkgs; -rec { - lib = import ./lib { inherit pkgs; }; - modules = import ./modules; - hmModules = import ./modules/home; - overlays = import ./overlays; - - profiles = import ./modules/profiles; - hmProfiles = import ./modules/home/profiles; - - hosts = import ./hosts; - - tubslatex = callPackage ./pkgs/tubslatex {}; - keys = callPackage ./pkgs/keys {}; - homePage = callPackage ./pkgs/homePage {}; -} diff --git a/deploy b/deploy deleted file mode 100755 index c783cfa..0000000 --- a/deploy +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/env bash - -set -e -set -o pipefail - -if [ -z "$1" ] -then - echo "usage: deploy " - exit 1 -fi - -git push - -function hash { - archive="$(mktemp /tmp/nix-config.XXX.tar.gz)" - git archive "$1" | gzip > "$archive" - nix-prefetch-url --unpack --type sha256 "file:$archive" 2>/dev/null - rm "$archive" -} - -host="${1}" -rev="$(git rev-parse HEAD)" -url="https://github.com/dadada/nix-config/archive/${rev}.tar.gz" -sha256=$(hash "$rev") - -cat < /etc/nixos/deploy.nix && tmux new -d \"nixos-rebuild switch |& tee /var/log/dadada-deploy.log\""' -{ config, pkgs, lib, ... }: -let - dadada = import (builtins.fetchTarball { - url = ${url}; - sha256 = "${sha256}"; - }) { inherit pkgs; }; -in { - imports = [ - ./hardware-configuration.nix - dadada.hosts."${host}" - ]; -} -EOF diff --git a/devshell.nix b/devshell.nix new file mode 100644 index 0000000..3931494 --- /dev/null +++ b/devshell.nix @@ -0,0 +1,49 @@ +{ pkgs, extraModules, ... }: +(pkgs.devshell.mkShell { + imports = extraModules; + + name = "dadada/nix-config"; + + packages = with pkgs; [ + agenix + nixos-rebuild + ]; + + commands = [ + { + name = "switch"; + help = "Switch the configuration on the current system."; + command = '' + flake=$(nix flake metadata --json ${./.} | jq -r .url) + ${pkgs.nixos-rebuild}/bin/nixos-rebuild switch --flake ".#" --use-remote-sudo + ''; + category = "deploy"; + } + { + name = "format"; + help = "Format the project"; + command = '' + treefmt . + ''; + category = "dev"; + } + { + name = "update"; + help = "Update the project"; + command = '' + nix flake update --commit-lock-file + ''; + category = "dev"; + } + { + name = "check"; + help = "Run checks"; + category = "dev"; + command = "nix flake check"; + } + ]; + + git.hooks = { + pre-commit.text = "nix flake check"; + }; +}) diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..3d0d3f2 --- /dev/null +++ b/flake.lock @@ -0,0 +1,462 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "darwin": "darwin", + "home-manager": [ + "home-manager" + ], + "nixpkgs": [ + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1750173260, + "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=", + "owner": "ryantm", + "repo": "agenix", + "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "crane": { + "locked": { + "lastModified": 1731098351, + "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1744478979, + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", + "owner": "numtide", + "repo": "devshell", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753140376, + "narHash": "sha256-7lrVrE0jSvZHrxEzvnfHFE/Wkk9DDqb+mYCodI5uuB8=", + "owner": "nix-community", + "repo": "disko", + "rev": "545aba02960caa78a31bd9a8709a0ad4b6320a5c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730504689, + "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "506278e768c2a08bec68eb62932193e341f55c90", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-registry": { + "flake": false, + "locked": { + "lastModified": 1744623129, + "narHash": "sha256-nlQTQrHqM+ywXN0evDXnYEV6z6WWZB5BFQ2TkXsduKw=", + "owner": "NixOS", + "repo": "flake-registry", + "rev": "1322f33d5836ae757d2e6190239252cf8402acf6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-registry", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": [ + "systems" + ] + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753470191, + "narHash": "sha256-hOUWU5L62G9sm8NxdiLWlLIJZz9H52VuFiDllHdwmVA=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "a1817d1c0e5eabe7dfdfe4caa46c94d9d8f3fdb6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "homepage": { + "flake": false, + "locked": { + "lastModified": 1727338449, + "narHash": "sha256-VwOGtT1WB+isk0z/D/Be05GgeaTFfsXTGt7aScCAfec=", + "rev": "60398d3d728a0057b4cad49879ef637c06b28371", + "type": "tarball", + "url": "https://git.dadada.li/api/v1/repos/dadada/dadada.li/archive/60398d3d728a0057b4cad49879ef637c06b28371.tar.gz?rev=60398d3d728a0057b4cad49879ef637c06b28371" + }, + "original": { + "type": "tarball", + "url": "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1737639419, + "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.2", + "repo": "lanzaboote", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1736643958, + "narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1751903740, + "narHash": "sha256-PeSkNMvkpEvts+9DjFiop1iT2JuBpyknmBUs0Un0a4I=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "032decf9db65efed428afd2fa39d80f7089085eb", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1753122741, + "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1753429684, + "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1730741070, + "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1731363552, + "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "devshell": "devshell", + "disko": "disko", + "flake-registry": "flake-registry", + "flake-utils": "flake-utils", + "home-manager": "home-manager", + "homepage": "homepage", + "lanzaboote": "lanzaboote", + "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + } + }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1731897198, + "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753439394, + "narHash": "sha256-Bv9h1AJegLI8uAhiJ1sZ4XAndYxhgf38tMgCQwiEpmc=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "2673921c03d6e75fdf4aa93e025772608d1482cf", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..151f1b5 --- /dev/null +++ b/flake.nix @@ -0,0 +1,52 @@ +{ + description = "dadada's nix flake"; + + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-utils = { + url = "github:numtide/flake-utils"; + inputs.systems.follows = "systems"; + }; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.2"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + homepage = { + url = "https://git.dadada.li/dadada/dadada.li/archive/main.tar.gz"; + flake = false; + }; + agenix = { + url = "github:ryantm/agenix"; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.home-manager.follows = "home-manager"; + }; + devshell = { + url = "github:numtide/devshell"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake-registry = { + url = "github:NixOS/flake-registry"; + flake = false; + }; + systems.url = "github:nix-systems/default"; + treefmt-nix = { + url = "github:numtide/treefmt-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = { ... }@args: import ./outputs.nix args; +} diff --git a/home/dconf.nix b/home/dconf.nix new file mode 100644 index 0000000..5238c97 --- /dev/null +++ b/home/dconf.nix @@ -0,0 +1,209 @@ +{ lib, pkgs, ... }: +with lib.hm.gvariant; +{ + home.packages = [ + pkgs.adwaita-icon-theme + pkgs.adwaita-qt + ]; + + dconf.settings = with lib.hm.gvariant; { + "org/gnome/shell" = { + favorite-apps = [ + "alacritty.desktop" + "element.desktop" + "evolution.desktop" + "firefox.desktop" + "spotify.desktop" + ]; + }; + + "org/gnome/shell" = { + disable-user-extensions = false; + enabled-extensions = [ + "system-monitor@gnome-shell-extensions.gcampax.github.com" + "switcher@landau.fi" + ]; + }; + + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + + "org/gnome/desktop/input-sources" = { + current = mkUint32 0; + per-window = false; + show-all-sources = true; + sources = [ + (mkTuple [ + "xkb" + "eu" + ]) + (mkTuple [ + "xkb" + "de" + ]) + ]; + xkb-options = [ + "lv3:ralt_switch" + "caps:escape" + ]; + }; + + "org/gnome/desktop/interface" = { + clock-show-date = true; + clock-show-seconds = false; + clock-show-weekday = true; + cursor-theme = "Adwaita"; + enable-animations = true; + enable-hot-corners = false; + font-antialiasing = "grayscale"; + font-hinting = "slight"; + font-name = "Cantarell 10"; + gtk-enable-primary-paste = false; + gtk-key-theme = "Emacs"; + gtk-theme = "Adwaita"; + color-scheme = "prefer-light"; + icon-theme = "Adwaita"; + locate-pointer = false; + monospace-font-name = "JetBrains Mono 10"; + show-battery-percentage = false; + #text-scaling-factor = 1.0; + toolkit-accessibility = false; + }; + + "org/gnome/desktop/peripherals/keyboard" = { + numlock-state = false; + }; + + "org/gnome/desktop/peripherals/mouse" = { + accel-profile = "default"; + natural-scroll = true; + }; + + "org/gnome/desktop/peripherals/touchpad" = { + send-events = "enabled"; + tap-to-click = true; + two-finger-scrolling-enabled = true; + }; + + "org/gnome/desktop/privacy" = { + disable-microphone = false; + old-files-age = mkUint32 30; + recent-files-max-age = -1; + report-technical-problems = false; + }; + + "org/gnome/desktop/screensaver" = { + color-shading-type = "solid"; + lock-delay = mkUint32 30; + lock-enabled = true; + }; + + "org/gnome/desktop/session" = { + idle-delay = mkUint32 0; + }; + + "org/gnome/desktop/sound" = { + event-sounds = false; + theme-name = "__custom"; + }; + + "org/gnome/evince/default" = { + continuous = true; + dual-page = false; + dual-page-odd-left = false; + enable-spellchecking = true; + fullscreen = false; + inverted-colors = false; + show-sidebar = false; + sidebar-page = "links"; + sidebar-size = 132; + sizing-mode = "free"; + }; + + "org/gnome/evolution/calendar" = { + editor-show-timezone = true; + use-24hour-format = true; + week-start-day-name = "monday"; + work-day-friday = true; + work-day-monday = true; + work-day-saturday = false; + work-day-sunday = false; + work-day-thursday = true; + work-day-tuesday = true; + work-day-wednesday = true; + }; + + "org/gnome/evolution/mail" = { + browser-close-on-reply-policy = "always"; + composer-attribution-language = "de_DE"; + composer-reply-start-bottom = false; + composer-signature-in-new-only = true; + composer-spell-languages = [ + "de" + "en_US" + ]; + composer-top-signature = false; + composer-unicode-smileys = false; + composer-visually-wrap-long-lines = true; + composer-wrap-quoted-text-in-replies = false; + forward-style = 0; + forward-style-name = "attached"; + headers-collapsed = false; + image-loading-policy = "never"; + junk-check-custom-header = true; + junk-check-incoming = true; + junk-empty-on-exit-days = 0; + junk-lookup-addressbook = false; + notify-remote-content = true; + prompt-check-if-default-mailer = false; + prompt-on-composer-mode-switch = true; + prompt-on-empty-subject = true; + prompt-on-expunge = true; + prompt-on-mark-all-read = false; + prompt-on-mark-as-junk = true; + prompt-on-reply-close-browser = "always"; + prompt-on-unwanted-html = true; + reply-style = 0; + reply-style-name = "quoted"; + search-gravatar-for-photo = false; + }; + + "org/gnome/evolution/plugin/prefer-plain" = { + mode = "only_plain"; + show-suppressed = true; + }; + + "org/gnome/gnome-screenshot" = { + border-effect = "none"; + delay = 0; + include-border = true; + include-pointer = false; + last-save-directory = "file:///home/dadada/lib/pictures/Screenshots"; + }; + + "org/gnome/mutter" = { + attach-modal-dialogs = true; + center-new-windows = true; + dynamic-workspaces = true; + edge-tiling = true; + experimental-features = [ ]; + focus-change-on-pointer-rest = true; + overlay-key = "Super_L"; + workspaces-only-on-primary = true; + }; + + "org/gnome/settings-daemon/plugins/power" = { + idle-dim = true; + power-button-action = "interactive"; + power-saver-profile-on-low-battery = true; + sleep-inactive-ac-type = "blank"; + sleep-inactive-battery-timeout = 600; + sleep-inactive-battery-type = "suspend"; + }; + + "org/gnome/system/location" = { + enabled = false; + }; + }; +} diff --git a/home/default.nix b/home/default.nix new file mode 100644 index 0000000..a21362c --- /dev/null +++ b/home/default.nix @@ -0,0 +1,441 @@ +{ + pkgs, + lib, + ... +}: +let + useFeatures = [ + "alacritty" + #"emacs" + "direnv" + "git" + "gpg" + #"gtk" + #"keyring" + "syncthing" + "tmux" + "xdg" + "zsh" + "helix" + ]; + colors = { + background = "fdf6e3"; + foreground = "657b83"; + regular0 = "eee8d5"; # background darker + regular1 = "dc322f"; # red + regular2 = "859900"; # green + regular3 = "b58900"; # dark orange + regular4 = "268bd2"; # azure blue + regular5 = "d33682"; # hot pink + regular6 = "2aa198"; # petrol + regular7 = "073642"; # navy + bright0 = "cb4b16"; # orange + bright1 = "fdf6e3"; # foreground + bright2 = "93a1a1"; # grey + bright3 = "839496"; # slightly darker grey + bright4 = "657b83"; # even slightly darker grey + bright5 = "6c71c4"; # purple + bright6 = "586e75"; # pretty dark grey + bright7 = "002b36"; # dark navy blue + }; +in +{ + imports = [ + ./dconf.nix + ]; + + home.stateVersion = "20.09"; + + programs.gpg.settings.default-key = "99658A3EB5CD7C13"; + + dadada.home = + lib.attrsets.genAttrs useFeatures (useFeatures: { + enable = true; + }) + // { + session = { + enable = true; + sessionVars = { + EDITOR = "hx"; + PAGER = "less"; + MAILDIR = "\$HOME/.var/mail"; + MBLAZE = "\$HOME/.config/mblaze"; + NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; + }; + }; + }; + + # Languagetool server for web extension + systemd.user.services."languagetool-http-server" = { + Unit = { + Description = "Languagetool HTTP server"; + PartOf = [ "graphical-session-pre.target" ]; + After = [ "graphical-session.target" ]; + }; + + Service = { + Type = "simple"; + ExecStart = "${pkgs.languagetool}/bin/languagetool-http-server org.languagetool.server.HTTPServer --allow-origin '*'"; + Restart = "always"; + }; + + Install = { + WantedBy = [ "graphical-session.target" ]; + }; + }; + + programs.offlineimap.enable = false; + xdg.configFile."offlineimap/config".text = '' + [general] + accounts = tu-bs,mailbox + + [Account tu-bs] + localrepository = tu-bs-local + remoterepository = tu-bs-remote + + [Repository tu-bs-local] + type = Maildir + localfolders = ~/lib/backup/y0067212@tu-bs.de + + [Repository tu-bs-remote] + type = IMAP + remotehost = mail.tu-braunschweig.de + remoteuser = y0067212 + sslcacertfile = /etc/ssl/certs/ca-certificates.crt + + [Account mailbox] + localrepository = mailbox-local + remoterepository = mailbox-remote + + [Repository mailbox-local] + type = Maildir + localfolders = ~/lib/backup/mailbox.org + + [Repository mailbox-remote] + type = IMAP + remotehost = imap.mailbox.org + remoteuser = dadada@dadada.li + sslcacertfile = /etc/ssl/certs/ca-certificates.crt + ''; + + home.file.".jjconfig.toml".source = ./jjconfig.toml; + + systemd.user.timers."backup-keepassxc" = { + Unit.Description = "Backup password DB"; + Timer = { + OnBootSec = "15min"; + OnUnitActiveSec = "1d"; + }; + Install.WantedBy = [ "timers.target" ]; + }; + + systemd.user.services."backup-keepassxc" = { + Unit.Description = "Backup password DB"; + Unit.Type = "oneshot"; + Service.ExecStart = "${pkgs.openssh}/bin/scp -P 23 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx u355513-sub4@u355513-sub4.your-storagebox.de:Personal.kdbx"; + Install.WantedBy = [ "multi-user.target" ]; + }; + + systemd.user.timers."backup-keepassxc-ninurta" = { + Unit.Description = "Backup password DB to ninurta"; + Timer = { + OnBootSec = "15min"; + OnUnitActiveSec = "1d"; + }; + Install.WantedBy = [ "timers.target" ]; + }; + + systemd.user.services."backup-keepassxc-ninurta" = { + Unit.Description = "Backup password DB to ninurta"; + Unit.Type = "oneshot"; + Service.ExecStart = "${pkgs.openssh}/bin/scp -P 22 -i /home/dadada/.ssh/keepassxc-backup /home/dadada/lib/sync/Personal.kdbx backup-keepassxc@ninurta.bs.dadada.li:/mnt/storage/backups/backup-keepassxc/Personal.kdbx"; + Install.WantedBy = [ "multi-user.target" ]; + }; + + programs.foot = { + enable = true; + server.enable = false; + settings = { + inherit colors; + main = { + shell = "tmux"; + font = "Jetbrains Mono:size=8"; + dpi-aware = false; + }; + mouse.hide-when-typing = true; + csd.preferred = "none"; + cursor.color = "fdf6e3 586e75"; + bell = { + urgent = true; + visual = false; + }; + }; + }; + + home.file.".config/sway/config".text = with colors; '' + # Read `man 5 sway` for a complete reference. + + ### Variables + # + # Logo key. Use Mod1 for Alt. + set $mod Mod4 + # Home row direction keys, like vim + set $left h + set $down j + set $up k + set $right l + # Your preferred terminal emulator + set $term foot + # Your preferred application launcher + # Note: pass the final command to swaymsg so that the resulting window can be opened + # on the original workspace that the command was run on. + set $menu fuzzel + set $wallpaper "~/lib/pictures/wallpaper.jpg" + + ### Idle configuration + # + # Example configuration: + # + exec swayidle -w \ + timeout 300 'swaylock -f -i $wallpaper -s fill' \ + timeout 600 'swaymsg "output * power off"' resume 'swaymsg "output * power on"' \ + before-sleep 'swaylock -f -i $wallpaper -s fill' + # + # This will lock your screen after 300 seconds of inactivity, then turn off + # your displays after another 300 seconds, and turn your screens back on when + # resumed. It will also lock your screen before your computer goes to sleep. + + input * { + xkb_layout eu + xkb_model pc105+inet + xkb_options caps:escape + drag_lock enabled + drag enabled + dwt enabled + tap enabled + tap_button_map lrm + natural_scroll enabled + } + + ### Key bindings + # + # Basics: + # + # Start a terminal + bindsym $mod+Return exec $term + + # Kill focused window + bindsym $mod+Shift+q kill + + # Start your launcher + bindsym $mod+d exec $menu + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Lock the screen + bindsym XF86Sleep exec 'swaylock -f -c ${background}' + bindsym $mod+End exec 'swaylock -f -c ${background}' + + # Reload the configuration file + bindsym $mod+Shift+c reload + + # Exit sway (logs you out of your Wayland session) + bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit' + + # Brightness + bindsym --locked XF86MonBrightnessDown exec light -U 10 + bindsym --locked XF86MonBrightnessUp exec light -A 10 + + # Volume + bindsym --locked XF86AudioRaiseVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ +1%' + bindsym --locked XF86AudioLowerVolume exec 'pactl set-sink-volume @DEFAULT_SINK@ -1%' + bindsym --locked XF86AudioMute exec 'pactl set-sink-mute @DEFAULT_SINK@ toggle' + + # + # Moving around: + # + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right + + # + # Workspaces: + # + # Switch to workspace + bindsym $mod+1 workspace number 1 + bindsym $mod+2 workspace number 2 + bindsym $mod+3 workspace number 3 + bindsym $mod+4 workspace number 4 + bindsym $mod+5 workspace number 5 + bindsym $mod+6 workspace number 6 + bindsym $mod+7 workspace number 7 + bindsym $mod+8 workspace number 8 + bindsym $mod+9 workspace number 9 + bindsym $mod+0 workspace number 10 + # Move focused container to workspace + bindsym $mod+Shift+1 move container to workspace number 1 + bindsym $mod+Shift+2 move container to workspace number 2 + bindsym $mod+Shift+3 move container to workspace number 3 + bindsym $mod+Shift+4 move container to workspace number 4 + bindsym $mod+Shift+5 move container to workspace number 5 + bindsym $mod+Shift+6 move container to workspace number 6 + bindsym $mod+Shift+7 move container to workspace number 7 + bindsym $mod+Shift+8 move container to workspace number 8 + bindsym $mod+Shift+9 move container to workspace number 9 + bindsym $mod+Shift+0 move container to workspace number 10 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. + + # + # Layout stuff: + # + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+b splith + bindsym $mod+v splitv + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+space focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent + + # + # Font + # + font "pango:Jetbrains Mono 8" + + # + # Scratchpad: + # + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show + + # + # Resizing containers: + # + mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" + } + bindsym $mod+r mode "resize" + + # + # Status Bar: + # + # Read `man 5 sway-bar` for more information about this section. + bar { + position bottom + + # When the status_command prints a new line to stdout, swaybar updates. + # The default just shows the current date and time. + status_command ~/.config/sway/status + + colors { + statusline ${foreground} + background ${background} + inactive_workspace ${background}ee ${background}ee ${foreground}ee + } + } + + # Gaps between multiple tiling windows + gaps inner 10 + smart_gaps on + + bindsym $mod+grave exec busctl --user call org.keepassxc.KeePassXC.MainWindow /keepassxc org.keepassxc.KeePassXC.MainWindow lockAllDatabases && swaylock -c #fdf6e3 + + # class border backgr. text indicator child_border + client.focused #${bright6} #${foreground} #${background} #${bright5} #${regular4} + client.focused_inactive #${regular0} #${regular0} #${foreground} #${bright5} #${regular0} + client.unfocused #${regular0} #${background} #${bright2} #${bright5} #${regular0} + client.urgent #${bright1} #${bright0} #${regular4} #${background} #${bright0} + client.placeholder #${background} #${bright2} #${foreground} #${background} #${bright2} + + client.background #${foreground} + + include /etc/sway/config.d/* + + exec sleep 5; systemctl --user restart kanshi.service + exec sleep 5; swaymsg output '*' bg $wallpaper fill + ''; + home.file.".config/sway/status".source = ./status; + home.file.".config/kanshi/config".text = '' + profile Laptop { + output eDP-1 enable + } + + profile Docked { + output eDP-1 disable + output "LG Electronics LG HDR 4K 0x000354D1" { + enable + scale 1.4 + position 0,0 + } + } + ''; + + #services.poweralertd.enable = true; + + # Let Home Manager install and manage itself. + programs.home-manager.enable = true; + + home.packages = import ./pkgs.nix { pkgs = pkgs; }; +} diff --git a/home/jjconfig.toml b/home/jjconfig.toml new file mode 100644 index 0000000..43fbcbd --- /dev/null +++ b/home/jjconfig.toml @@ -0,0 +1,8 @@ +[user] +name = "Tim Schubert" +email = "dadada@dadada.li" + +[ui] +diff-editor = ["scm-diff-editor", "--dir-diff", "$left", "$right"] +diff-instructions = false +merge-editor = ["meld"] diff --git a/home/modules.nix b/home/modules.nix new file mode 100644 index 0000000..0a6c961 --- /dev/null +++ b/home/modules.nix @@ -0,0 +1,13 @@ +{ lib, ... }: +with lib; +let + modules' = + dir: + filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir); + modules = + dir: + mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( + modules' dir + ); +in +(modules ./modules) diff --git a/home/modules/alacritty/colors.toml b/home/modules/alacritty/colors.toml new file mode 100644 index 0000000..3f7eb25 --- /dev/null +++ b/home/modules/alacritty/colors.toml @@ -0,0 +1,28 @@ +# Colors (Solarized Light) + +# Default colors +[colors.primary] +background = '#fdf6e3' +foreground = '#586e75' + +# Normal colors +[colors.normal] +black = '#073642' +red = '#dc322f' +green = '#859900' +yellow = '#b58900' +blue = '#268bd2' +magenta = '#d33682' +cyan = '#2aa198' +white = '#eee8d5' + +# Bright colors +[colors.bright] +black = '#002b36' +red = '#cb4b16' +green = '#586e75' +yellow = '#657b83' +blue = '#839496' +magenta = '#6c71c4' +cyan = '#93a1a1' +white = '#fdf6e3' diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix new file mode 100644 index 0000000..da9f503 --- /dev/null +++ b/home/modules/alacritty/default.nix @@ -0,0 +1,49 @@ +{ + pkgs, + lib, + config, + ... +}: +with lib; +let + cfg = config.dadada.home.alacritty; +in +{ + options.dadada.home.alacritty = { + enable = mkEnableOption "Enable alacritty config"; + }; + config = mkIf cfg.enable { + home.packages = [ + pkgs.jetbrains-mono + ]; + programs.alacritty = { + enable = true; + settings = { + env.TERM = "xterm-256color"; + scrolling.history = 0; + font = { + size = 9; + normal = { + family = "Jetbrains Mono"; + style = "Regular"; + }; + bold = { + family = "Jetbrains Mono"; + style = "Bold"; + }; + italic = { + family = "Jetbrains Mono"; + style = "Italic"; + }; + bold_italic = { + family = "Jetbrains Mono"; + style = "Bold Italic"; + }; + }; + shell.program = "tmux"; + window.decorations = "none"; + colors = (lib.trivial.importTOML ./colors.toml).colors; + }; + }; + }; +} diff --git a/modules/home/colors.nix b/home/modules/colors.nix similarity index 69% rename from modules/home/colors.nix rename to home/modules/colors.nix index 89af392..a4dc5c7 100644 --- a/modules/home/colors.nix +++ b/home/modules/colors.nix @@ -1,4 +1,8 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; { options.dadada.home.colors = mkOption { @@ -13,21 +17,21 @@ with lib; cursor = "#e8e8e8"; cursorForeground = "#1f2022"; background = "#292b2e"; - color0 = "#1f2022"; - color8 = "#585858"; - color7 = "#a3a3a3"; + color0 = "#1f2022"; + color8 = "#585858"; + color7 = "#a3a3a3"; color15 = "#f8f8f8"; - color1 = "#f2241f"; - color9 = "#f2241f"; - color2 = "#67b11d"; + color1 = "#f2241f"; + color9 = "#f2241f"; + color2 = "#67b11d"; color10 = "#67b11d"; - color3 = "#b1951d"; + color3 = "#b1951d"; color11 = "#b1951d"; - color4 = "#4f97d7"; + color4 = "#4f97d7"; color12 = "#4f97d7"; - color5 = "#a31db1"; + color5 = "#a31db1"; color13 = "#a31db1"; - color6 = "#2d9574"; + color6 = "#2d9574"; color14 = "#2d9574"; color16 = "#ffa500"; color17 = "#b03060"; diff --git a/modules/home/direnv.nix b/home/modules/direnv.nix similarity index 79% rename from modules/home/direnv.nix rename to home/modules/direnv.nix index 12abf88..27a0907 100644 --- a/modules/home/direnv.nix +++ b/home/modules/direnv.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.dadada.home.direnv; @@ -11,7 +16,7 @@ in programs.direnv = { enable = true; enableZshIntegration = true; - enableNixDirenvIntegration = true; + nix-direnv.enable = true; }; }; } diff --git a/home/modules/git.nix b/home/modules/git.nix new file mode 100644 index 0000000..92c4c12 --- /dev/null +++ b/home/modules/git.nix @@ -0,0 +1,107 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.dadada.home.git; + allowedSigners = pkgs.writeTextFile { + name = "allowed-signers"; + text = '' + dadada@dadada.li sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKu+pA5Vy0QPHJMjn2S5DCsqKg2UvDhOsBwvvJLf4HbyAAAABHNzaDo= dadada + dadada@dadada.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon + ''; + }; +in +{ + options.dadada.home.git = { + enable = mkEnableOption "Enable git config"; + }; + config = mkIf cfg.enable { + programs.git = { + enable = true; + extraConfig = { + commit = { + gpgSign = true; + verbose = true; + }; + gpg = { + format = "ssh"; + ssh.allowedSignersFile = "${allowedSigners}"; + ssh.program = "ssh-keygen"; + }; + tag.gpgSign = true; + user = { + email = "dadada@dadada.li"; + name = "Tim Schubert"; + signingKey = "key::ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFKRuecjbtDh4jyDZH3ccU9t0QFcAgZDBFO8ZWZBA9iT dadada@gorgon"; + }; + core = { + whitespace = { + tab-in-indent = true; + tabwidth = 4; + }; + alias = { }; + pager = "delta"; + }; + column.ui = "never"; + checkout.defaultRemote = "origin"; + delta = { + navigate = true; # use n and N to move between diff sections + side-by-side = false; + line-numbers = true; + light = true; + }; + diff = { + renames = "copies"; + algorithm = "histogram"; + colorMoved = "default"; + }; + interactive.diffFilter = "delta --color-only"; + merge = { + conflictstyle = "zdiff3"; + keepbackup = false; + tool = "meld"; + }; + status = { + short = true; + branch = true; + showUntrackedFiled = "all"; + }; + log.date = "iso8601-local"; + fetch.prune = true; + pull = { + prune = true; + ff = "only"; + rebase = "interactive"; + }; + push = { + default = "current"; + autoSetupRemote = true; + }; + rebase = { + abbreviateCommands = true; + # Automatically force-update any branches that point to commits that are being rebased. + updateRefs = true; + }; + rerere.enabled = true; + transfer.fsckobjects = true; + fetch.fsckobjects = true; + receive.fsckObjects = true; + branch.sort = "-committerdate"; + }; + }; + + home.packages = with pkgs; [ + delta + git-branchless + git-lfs + gitAndTools.hub + gitAndTools.lab + gitAndTools.git-absorb + meld + ]; + }; +} diff --git a/modules/home/gpg.nix b/home/modules/gpg.nix similarity index 82% rename from modules/home/gpg.nix rename to home/modules/gpg.nix index 2129255..baa17dd 100644 --- a/modules/home/gpg.nix +++ b/home/modules/gpg.nix @@ -1,8 +1,13 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; let cfg = config.dadada.home.gpg; -in { +in +{ options.dadada.home.gpg = { enable = mkEnableOption "Enable GnuPG config"; }; @@ -24,11 +29,6 @@ in { enable = true; defaultCacheTtl = 1800; enableSshSupport = false; - pinentryFlavor = "gnome3"; - }; - - programs.git.extraConfig = { - commit = { gpgSign = true; }; }; }; } diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix new file mode 100644 index 0000000..5dcd2e6 --- /dev/null +++ b/home/modules/gtk.nix @@ -0,0 +1,20 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; +let + cfg = config.dadada.home.gtk; +in +{ + options.dadada.home.gtk = { + enable = mkEnableOption "Enable GTK config"; + }; + config = mkIf cfg.enable { + gtk = { + enable = true; + }; + }; +} diff --git a/home/modules/helix/config/config.toml b/home/modules/helix/config/config.toml new file mode 100644 index 0000000..41cf786 --- /dev/null +++ b/home/modules/helix/config/config.toml @@ -0,0 +1,12 @@ +theme = "solarized_light" + +[editor] +line-number = "relative" +mouse = true +auto-completion = true + +[editor.soft-wrap] +enable = true + +[keys.normal] +C-q = [ ":reflow 80" ] diff --git a/home/modules/helix/config/languages.toml b/home/modules/helix/config/languages.toml new file mode 100644 index 0000000..070bf61 --- /dev/null +++ b/home/modules/helix/config/languages.toml @@ -0,0 +1,35 @@ +[language-server.rust-analyzer] +config = { rust-analyzer = { checkOnSave = { command = "clippy" }, procMacro.enable = true } } + +[language-server.nixd] +command = "nixd" + +[language-server.ltex-ls] +command = "ltex-ls" + +[language-server.zk] +command = "zk" +args = ["lsp"] + +[[language]] +name = "rust" +language-servers = [ {name="rust-analyzer"} ] + +[[language]] +name = "latex" +language-servers = [{ name = "ltex-ls" }] +file-types = ["tex"] +scope = "source.latex" +roots = [] + +[[language]] +name = "nix" +file-types = ["nix"] +language-servers = [{ name = "nixd" }] + +[[language]] +name = "markdown" +scope = "source.md" +injection-regex = "md|markdown" +file-types = ["md", "markdown"] +roots = [".zk"] diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix new file mode 100644 index 0000000..7717423 --- /dev/null +++ b/home/modules/helix/default.nix @@ -0,0 +1,27 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.dadada.home.helix; +in +{ + options.dadada.home.helix = { + enable = lib.mkEnableOption "Enable helix editor"; + package = lib.mkOption { + type = lib.types.package; + description = "Helix editor package to use"; + default = pkgs.helix; + }; + }; + + config = lib.mkIf cfg.enable { + home.file.".config/helix".source = ./config; + home.packages = [ + cfg.package + #pkgs.nixd + ]; + }; +} diff --git a/modules/home/keyring.nix b/home/modules/keyring.nix similarity index 77% rename from modules/home/keyring.nix rename to home/modules/keyring.nix index 098ee0e..48b8b54 100644 --- a/modules/home/keyring.nix +++ b/home/modules/keyring.nix @@ -1,15 +1,20 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; let cfg = config.dadada.home.keyring; -in { +in +{ options.dadada.home.keyring = { enable = mkEnableOption "Enable keyring config"; }; config = mkIf cfg.enable { services.gnome-keyring = { enable = false; - components = [ "pkcs11" "secrets" ]; + components = [ "secrets" ]; }; }; } diff --git a/modules/home/session.nix b/home/modules/session.nix similarity index 85% rename from modules/home/session.nix rename to home/modules/session.nix index d9520a9..ba5c941 100644 --- a/modules/home/session.nix +++ b/home/modules/session.nix @@ -1,16 +1,21 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; let cfg = config.dadada.home.session; -in { +in +{ options.dadada.home.session = { enable = mkEnableOption "Enable session variable management"; sessionVars = mkOption { description = "Session variables"; type = types.attrs; - default = {}; + default = { }; example = '' - EDITOR = "vim"; + EDITOR = "hx"; PAGER = "less"; ''; }; diff --git a/modules/home/ssh.nix b/home/modules/ssh.nix similarity index 86% rename from modules/home/ssh.nix rename to home/modules/ssh.nix index b428a8b..b8aab54 100644 --- a/modules/home/ssh.nix +++ b/home/modules/ssh.nix @@ -1,8 +1,13 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; let cfg = config.dadada.home.ssh; -in { +in +{ options.dadada.home.ssh = { enable = mkEnableOption "Enable SSH config"; }; diff --git a/modules/home/syncthing.nix b/home/modules/syncthing.nix similarity index 86% rename from modules/home/syncthing.nix rename to home/modules/syncthing.nix index 17db865..8095904 100644 --- a/modules/home/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,8 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.dadada.home.syncthing; -in { +in +{ options.dadada.home.syncthing = { enable = mkEnableOption "Enable Syncthing config"; }; diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix new file mode 100644 index 0000000..063b8f2 --- /dev/null +++ b/home/modules/tmux.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: +with lib; +let + cfg = config.dadada.home.tmux; +in +{ + options.dadada.home.tmux = { + enable = mkEnableOption "Enable tmux config"; + }; + config = mkIf cfg.enable { + programs.tmux = { + enable = true; + terminal = "tmux-256color"; + extraConfig = '' + setw -g mode-keys vi + set -g mouse on + set -g set-clipboard external + set -g set-titles on + set -g status on + set -ga terminal-overrides ',*256col*:Tc' + set-option -g status-interval 5 + set-option -g automatic-rename on + set-option -g automatic-rename-format '#{b:pane_current_path}' + bind '"' split-window -c "#{pane_current_path}" + bind % split-window -h -c "#{pane_current_path}" + bind c new-window -c "#{pane_current_path}" + ''; + }; + }; +} diff --git a/modules/home/xdg.nix b/home/modules/xdg.nix similarity index 73% rename from modules/home/xdg.nix rename to home/modules/xdg.nix index d560780..02cadaf 100644 --- a/modules/home/xdg.nix +++ b/home/modules/xdg.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let apps = { - "x-scheme-handler/mailto" = "userapp-Thunderbird-PB7NI0.desktop"; - "message/rfc822" = "userapp-Thunderbird-PB7NI0.desktop"; + "x-scheme-handler/mailto" = "evolution.desktop"; + "message/rfc822" = "evolution.desktop"; "x-scheme-handler/http" = "firefox.desktop"; "x-scheme-handler/https" = "firefox.desktop"; "x-scheme-handler/ftp" = "firefox.desktop"; @@ -15,35 +20,36 @@ let "application/xhtml+xml" = "firefox.desktop"; "application/x-extension-xhtml" = "firefox.desktop"; "application/x-extension-xht" = "firefox.desktop"; - "text/plain" = "vim.desktop"; - "application/pdf" = "org.pwmt.zathura.desktop"; + "application/pdf" = "evince.desktop"; }; cfg = config.dadada.home.xdg; -in { +in +{ options.dadada.home.xdg = { enable = mkEnableOption "Enable XDG config"; }; config = mkIf cfg.enable { xdg = { enable = true; + configHome = "${config.home.homeDirectory}/.config"; mimeApps = { enable = false; associations.added = apps; defaultApplications = apps; }; userDirs = { - download ="\$HOME/tmp"; + desktop = "\$HOME/.desktop"; + download = "\$HOME/tmp"; music = "\$HOME/lib/music"; - videos ="\$HOME/lib/videos"; + videos = "\$HOME/lib/videos"; pictures = "\$HOME/lib/pictures"; documents = "\$HOME/lib"; - desktop = "$HOME/tmp"; }; }; home.packages = with pkgs; [ - firefox-bin - xdg_utils - zathura + evince + firefox + xdg-utils ]; }; } diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix new file mode 100644 index 0000000..7a0cd6c --- /dev/null +++ b/home/modules/zsh.nix @@ -0,0 +1,83 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.dadada.home.zsh; +in +{ + options.dadada.home.zsh = { + enable = mkEnableOption "Enable ZSH config"; + }; + config = mkIf cfg.enable { + programs.fzf.enableZshIntegration = true; + programs.zsh = { + enable = true; + enableCompletion = true; + enableVteIntegration = true; + autosuggestion.enable = true; + autocd = true; + sessionVariables = { + EDITOR = "hx"; + }; + history = { + extended = true; + ignoreDups = true; + ignoreSpace = true; + save = 100000; + # FIXME https://github.com/junegunn/fzf/issues/4061 + #share = true; + share = false; + }; + plugins = [ + ]; + initContent = '' + source ${pkgs.zsh-git-prompt}/share/zsh-git-prompt/zshrc.sh + source ${pkgs.fzf}/share/fzf/key-bindings.zsh + source ${pkgs.fzf}/share/fzf/completion.zsh + eval "$(${pkgs.h}/bin/h --setup ~/src)" + + bindkey -e '^n' autosuggest-accept + + preexec() { echo -n -e "\033]0;$1\007" } + + PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " + RPROMPT='$(git_super_status)' + ''; + profileExtra = ''''; + shellAliases = { + ga = "git add"; + gc = "git commit"; + gd = "git diff"; + gdw = "git diff --color-words"; + gf = "git fetch"; + gl = "git log"; + gpu = "git push"; + gpul = "git pull"; + grb = "git rebase"; + gre = "git reflog"; + gs = "git status"; + gsh = "git show"; + gst = "git status"; + gsta = "git stash"; + gstap = "git stash apply"; + exa = "eza"; + ls = "exa"; + la = "exa -a"; + ll = "exa -la --no-filesize --changed --time-style=long-iso --git --octal-permissions --no-permissions --no-user --ignore-glob=\".git\""; + mv = "mv -i"; + cp = "cp -i"; + }; + }; + + home.packages = with pkgs; [ + fzf + eza + zsh-git-prompt + tmux + ]; + }; +} diff --git a/home/pkgs.nix b/home/pkgs.nix new file mode 100644 index 0000000..e980614 --- /dev/null +++ b/home/pkgs.nix @@ -0,0 +1,151 @@ +{ pkgs }: +with pkgs; +[ + anki + aqbanking + aria2 + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.en-science + bash + bat # cat with syntax highlighting and git integration + binutils + bluez-tools + btop # htop + choose # alternative to cut and awk with more readable syntax + chromium + colordiff + darcs + delta # feature-rich diff viewer + dig + direnv + duf # disk usage + dune3d + dyff # diff tool for YAML + element-desktop + evince + evolution + ffmpeg + file + fuzzel + fx # themable json viewer + fzf + fzf + gdb + gh + ghidra-bin + gimp + glow + glow # render markdown + gnumake + gnupg + gping # ping with graphs + graphviz + grim + gron # make json grepable + h # Manage git repos + hexyl # hex viewer + htop + httpie + hub + hyperfine # A command-line benchmarking tool. + icdiff + imagemagick + inkscape + inotify-tools + ioping # ping but for block devices + iproute2 + iputils # tracepath + irssi + jameica + jc # convert output to json + josm + jq + kanshi + keepassxc + kubetail + krita + ldns + liboping # oping, ping multiple hosts at once + libreoffice + libvirt + lsof + lynis + man-pages + mblaze + mkpasswd + mpv + mtr + mumble + nix-output-monitor + ncurses + newsflash + nixd + nixfmt-rfc-style + nfs-utils + niv + nix-index + nmap + nmon + nodePackages.prettier + map-cmd + obs-studio + offlineimap + openscad + openssl + p7zip + pandoc # document converter and templater + pass + pavucontrol + picocom + playerctl + procs # ps in rust + prusa-slicer + pv + pwgen + (python3.withPackages (pkgs: [ + pkgs.pandas + pkgs.requests + ])) + ranger + reptyr + ripgrep + ripgrep + saleae-logic-2 + sd # search and displace like sed but with better syntax + sieveshell + signal-desktop + silver-searcher + skim # fzf in Rust + slurp + socat + solvespace + spotify + sqlite + sshfs-fuse + taplo + tcpdump + tdesktop + thunderbird + tmux + ttyd + unzip + usbutils + vegur + virt-manager + viu # view images from the terminal + vscodium + whois + wireshark + xdg-utils + xmlstarlet + unixtools.xxd + xxh # portable shells + yt-dlp + # zotero Marked as insecure + zeal + zk + zsh +] diff --git a/home/status b/home/status new file mode 100755 index 0000000..e24816b --- /dev/null +++ b/home/status @@ -0,0 +1,138 @@ +#!/usr/bin/env python3 + +import json +import sys +import time +import requests +import logging +import subprocess + +from datetime import datetime + +logger = logging.getLogger(__name__) + + +class Status: + def status(self): + return None + + +class Cat(Status): + index = 0 + + def status(self): + cat_width = 200 + index = self.index + catwalk = "🐈🏳️‍🌈" + " " * index + self.index = (index + 1) % cat_width + + return {"full_text": catwalk} + + +class Space(Status): + backoff = 0 + c_status = None + + def status(self): + backoff = self.backoff + if self.backoff == 0: + self.update() + + return {"full_text": self.c_status} + + def update(self): + spacestatus_url = "https://status.stratum0.org/status.json" + resp = requests.get(url=spacestatus_url) + self.backoff = (self.backoff + 1) % 120 + data = resp.json() + if data["isOpen"]: + since = datetime.strptime(data["since"], "%Y-%m-%dT%H:%M:%S.%f").strftime("%A at %H:%M") + spacestatus = f"Space is open since {since}" + else: + spacestatus = "Space is closed" + self.c_status = spacestatus + + +class Battery(Status): + capacity_file = open('/sys/class/power_supply/BAT0/capacity', 'r') + status_file = open('/sys/class/power_supply/BAT0/status', 'r') + + def status(self): + self.status_file.seek(0) + status = self.status_file.read().rstrip() + + self.capacity_file.seek(0) + capacity = self.capacity_file.read().rstrip() + + battery = f"{status} {capacity}%" + + return {"full_text": battery} + + +class Time(Status): + def status(self): + now = datetime.now() + match now.isocalendar().week % 10: + case 1: + th = "st" + case 2: + th = "nd" + case 3: + th = "rd" + case _: + th = "th" + return {"full_text": now.strftime(f"%V{th} %A %H:%M") } + + +class FailedUnits(Status): + def status(self): + proc = subprocess.run(["systemctl", "list-units", "--failed"], capture_output = True) + stdout = proc.stdout.decode('utf-8') + failed = 0 + for line in stdout: + if 'failed' in line: + failed += 1 + if failed == 0: + return {"full_text": f"No failed units"} + else: + return {"full_text": f"There are {failed} failed units", "color": "#ff0000"} + + +def print_header(): + header = { + "version": 1, + "click_events": False, + } + print(json.dumps(header)) + print("[") + + +def run(interval, widgets): + print_header() + + while True: + body = [] + + for widget in widgets: + try: + status = widget.status() + except Exception as e: + logger.error(e) + if status: + body += status, + + print(json.dumps(body), ",", flush=True) + + ts = interval - (time.time() % interval) + time.sleep(ts) + + +if __name__ == "__main__": + logging.basicConfig(level=logging.INFO) + + # Interval in seconds + interval = 1.0 + + widgets = [Cat(), FailedUnits(), Space(), Battery(), Time()] + + run(interval, widgets) diff --git a/hosts/default.nix b/hosts/default.nix deleted file mode 100644 index ade7342..0000000 --- a/hosts/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - ifrit = ./ifrit; - gorgon = ./gorgon; - surgat = ./surgat; -} diff --git a/hosts/gorgon/default.nix b/hosts/gorgon/default.nix deleted file mode 100644 index 8cbb199..0000000 --- a/hosts/gorgon/default.nix +++ /dev/null @@ -1,124 +0,0 @@ -{ config, pkgs, lib, ... }: -let - this = import ../.. { inherit pkgs; }; - nixos-hardware = buildins.fetchTarball { - url = "https://github.com/NixOS/nixos-hardware/archive/c242378e63b0ec334e964ac0c0fbbdd2b3e89ebf.tar.gz"; - sha256 = "1z4cr5gsyfdpcy31vqg4ikalbxmnnac6jjk1nl8mxj0h0ix7pp36"; - }; -in -{ - imports = (lib.attrValues this.modules) ++ [ - ../../modules/profiles/laptop - "${nixos-hardware}/lenovo/thinkpad/t14s" - ]; - - boot.kernelModules = [ "kvm-amd" ]; - - virtualisation = { - libvirtd.enable = true; - docker.enable = false; - }; - - networking.hostName = "gorgon"; - - dadada = { - admin.enable = false; - steam.enable = true; - fido2 = { - credential = "04ea2813a116f634e90f9728dbbb45f1c0f93b7811941a5a14fb75e711794df0c26552dae2262619c1da2be7562ec9dd94888c71a9326fea70dfe16214b5ea8ec01473070000"; - enablePam = true; - }; - luks.uuid = "3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; - networking = { - wanInterfaces = [ "enp2s0f0" "wlp3s0" ]; - enableBsShare = true; - vpnExtension = "3"; - }; - }; - - boot.kernel.sysctl = { - "vm.swappiness" = 90; - }; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - programs.adb.enable = true; - - services.fstrim.enable = true; - - # Enable CUPS to print documents. - services.printing = { - enable = true; - browsing = true; - drivers = with pkgs; [ - hplip - brlaser - brgenml1lpr - brgenml1cupswrapper - ]; - }; - - hardware = { - bluetooth.enable = true; - pulseaudio = { - enable = true; - extraModules = [ pkgs.pulseaudio-modules-bt ]; - extraConfig = '' - set-source-volume 1 10000 - ''; - package = pkgs.pulseaudioFull; - }; - }; - - services.avahi.enable = true; - - networking.firewall = { - enable = true; - allowedTCPPorts = [ - 22000 # Syncthing - ]; - allowedUDPPorts = [ - 21027 # Syncthing - ]; - }; - - services.xserver.enable = true; - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome3.enable = true; - - xdg.mime.enable = true; - - users.users = { - dadada = { - isNormalUser = true; - extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; - shell = "/run/current-system/sw/bin/zsh"; - initialHashedPassword = "nopass"; - }; - - "tim.schubert" = { - isNormalUser = true; - extraGroups = [ "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" ]; - shell = "/run/current-system/sw/bin/zsh"; - initialHashedPassword = "nopass"; - }; - }; - - networking.hosts = { - "fd42:dead:beef:0:5054:ff:fefb:7361" = [ - "media.dadada.li" - "ifrit.dadada.li" - ]; - "192.168.42.103" = [ - "media.dadada.li" - "ifrit.dadada.li" - ]; - "fd42:dead:beef::5054:ff:fe8b:58df" = [ "iot.dadada.li" ]; - "fd42:dead:beef::20d:b9ff:fe4c:c9ac" = [ "agares.dadada.li" ]; - "192.168.42.15" = [ "agares.dadada.li" "agares" ]; - "192.168.42.11" = [ "wohnzimmerpi.dadada.li" "wohnzimmerpi" ]; - "10.1.2.9" = [ "fgprinter.fginfo.tu-bs.de" ]; - }; -} diff --git a/hosts/gorgon/home/default.nix b/hosts/gorgon/home/default.nix deleted file mode 100644 index 2a55e72..0000000 --- a/hosts/gorgon/home/default.nix +++ /dev/null @@ -1,43 +0,0 @@ -{ config, pkgs, lib, ... }: -let - this = import ../../.. { inherit pkgs; }; -in -{ - nixpkgs.overlays = [ - this.overlays.tubslatex - ]; - - imports = lib.attrValues this.hmModules; - - dadada.home = { - vim.enable = true; - direnv.enable = true; - git.enable = true; - gpg.enable = true; - gtk.enable = true; - keyring.enable = true; - kitty.enable = true; - ssh.enable = true; - syncthing.enable = true; - tmux.enable = true; - xdg.enable = true; - zsh.enable = true; - - session = { - enable = true; - sessionVars = { - EDITOR = "vim"; - PAGER = "less"; - MAILDIR = "\$HOME/.var/mail"; - MBLAZE = "\$HOME/.config/mblaze"; - NOTMUCH_CONFIG = "\$HOME/.config/notmuch/config"; - MOZ_ENABLE_WAYLAND= "1"; - }; - }; - }; - - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - home.packages = import ./pkgs.nix { pkgs = pkgs; }; -} diff --git a/hosts/gorgon/home/pkgs.nix b/hosts/gorgon/home/pkgs.nix deleted file mode 100644 index 953364c..0000000 --- a/hosts/gorgon/home/pkgs.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ pkgs }: -with pkgs; [ - android-studio - anki - aspell - aspellDicts.de - aspellDicts.en - aspellDicts.en-computers - aspellDicts.en-science - aqbanking - bluez-tools - chromium - clang - clang-tools - darcs - direnv - element-desktop - evince - ffmpeg - file - firefox-bin - fractal - fzf - gimp - git-lfs - gitAndTools.hub - gnome3.gnome-tweak-tool - gnome3.nautilus - gnome3.vinagre - gnucash - gnumake - gnupg - graphviz - grim - imagemagick - inkscape - inotify-tools - irssi - jameica - jq - kcachegrind - keepassxc - #keys - kitty - ldns - libreoffice - libvirt - lsof - mblaze - mkpasswd - mpv - mumble - ncurses - nfs-utils - niv - nmap - openssl - p7zip - pass - pavucontrol - pinentry-gnome - playerctl - pwgen - python27Packages.dbus-python - python3 - python38Packages.dateutil - python38Packages.managesieve - python38Packages.solo-python - signal-desktop - slurp - sqlite - sshfs-fuse - steam - tcpdump - tdesktop - tubslatex - thunderbird-bin - unzip - usbutils - virtmanager - whois - wireshark - xdg_utils - youtube-dl -] diff --git a/hosts/ifrit/default.nix b/hosts/ifrit/default.nix deleted file mode 100644 index d31c86d..0000000 --- a/hosts/ifrit/default.nix +++ /dev/null @@ -1,148 +0,0 @@ -{ config, pkgs, lib, ... }: -let - hostAliases = [ - "ifrit.dadada.li" - "bs.vpn.dadada.li" - "media.dadada.li" - "media.local" - ]; - backups = "/mnt/storage/backup"; -in { - imports = [ - ../../modules/profiles/base - ]; - - dadada = { - admin.enable = true; - fileShare.enable = true; - - vpnServer.enable = true; - vpnServer.peers = { - "metis" = { - id = "1"; - key = "u+HCYDbK0zwbIEfGf+LVQErlJ0vchf5ZYj0N93NB5ns="; - }; - "morax" = { - id = "2"; - key = "Lq5QLGoI3r3BXEJ72dWH9UTmY/8uaYRPLQB5WWHqJUE="; - }; - "gorgon" = { - id = "3"; - key = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - }; - "surgat" = { - id = "4"; - key = "+paiOqOITdLy3oqoI2DhOj4k8gncAcjFLkJrxJl0iBE="; - }; - }; - }; - - services.borgbackup.repos = { - "metis" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/metis"; - quota = "1T"; - }; - "gorgon" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/gorgon"; - quota = "1T"; - }; - "surgat" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/surgat"; - quota = "100G"; - }; - "wohnzimmerpi" = { - allowSubRepos = false; - authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; - authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis" ]; - path = "${backups}/wohnzimmerpi"; - quota = "50G"; - }; - }; - - networking.hostName = "ifrit"; - networking.domain = "dadada.li"; - - networking.hosts = { - "127.0.0.1" = hostAliases; - "::1" = hostAliases; - }; - - networking.nameservers = [ - "1.1.1.1" - "1.0.0.1" - ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - - networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; - - fileSystems."/mnt/storage" = { - device = "/dev/disk/by-uuid/a34e36fc-d7dd-4ceb-93c4-48f9c2727cb7"; - mountPoint = "/mnt/storage"; - neededForBoot = false; - options = [ "nofail" ]; - }; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - 80 443 # HTTP(S) - 111 2049 # NFS - 137 138 139 445 # SMB - ]; - allowedUDPPorts = [ - 137 138 139 445 # SMB - 111 2049 # NFS - 51234 # Wireguard - ]; - }; - - security.acme = { - email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; - # certs."webchat.dadada.li" = { - # credentialsFile = "/var/lib/lego/acme-joker.env"; - # dnsProvider = "joker"; - # postRun = "systemctl reload nginx.service"; - # }; - # certs."weechat.dadada.li" = { - # credentialsFile = "/var/lib/lego/acme-joker.env"; - # dnsProvider = "joker"; - # postRun = "systemctl reload nginx.service"; - # }; - }; - - users.users."mist" = { - isNormalUser = true; - }; - - services.avahi = { - enable = false; - publish = { - enable = true; - addresses = true; - workstation = false; - }; - }; -} diff --git a/hosts/surgat/default.nix b/hosts/surgat/default.nix deleted file mode 100644 index b90d3aa..0000000 --- a/hosts/surgat/default.nix +++ /dev/null @@ -1,86 +0,0 @@ -{ config, pkgs, lib, ... }: -let - hostName = "surgat"; - this = import ../.. { inherit pkgs; }; -in { - imports = [ this.profiles.base ]; - - networking.hostName = hostName; - - services.nginx = { - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - logError = "/dev/null"; - appendHttpConfig = '' - access_log off; - ''; - }; - - dadada.admin = { - enable = true; - users = { - "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; - }; - }; - - dadada.element.enable = true; - dadada.networking.vpnExtension = "4"; - dadada.weechat.enable = true; - dadada.homePage.enable = true; - dadada.share.enable = true; - dadada.backupClient = { - enable = true; - bs = true; - }; - - networking.useDHCP = false; - networking.interfaces.ens3.useDHCP = true; - - networking.firewall = { - enable = true; - allowPing = true; - allowedTCPPorts = [ - 22 # SSH - 80 443 # HTTPS - ]; - allowedUDPPorts = [ - 51234 # Wireguard - ]; - }; - - security.acme = { - email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; - acceptTerms = true; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; - - networking.interfaces."ens3".ipv6.addresses = [ { - address = "2a01:4f8:c17:1d70::"; - prefixLength = 64; - } ]; - - networking.defaultGateway6 = { - address = "fe80::1"; - interface = "ens3"; - }; - - #boot.initrd.network.ssh = { - # enable = true; - # port = 22; - # authorizedKeys = "${keys}/dadada.pub"; - # hostKeys = [ - # ]; - #}; - - swapDevices = [ - { - device = "/var/swapfile"; - size = 4096; - } - ]; -} diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 878d2c0..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ pkgs }: - -with pkgs.lib; { - # TODO -} diff --git a/modules/admin.nix b/modules/admin.nix deleted file mode 100644 index c826325..0000000 --- a/modules/admin.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.dadada.admin; -in { - options.dadada.admin = { - enable = mkEnableOption "Enable admin access"; - - users = mkOption { - type = with types; attrsOf (listOf path); - default = []; - description = '' - List of admin users with root access to all the machine. - ''; - example = literalExample "\"user1\" = [ /path/to/key1 /path/to/key2 ]"; - }; - - rat = mkOption { - type = types.bool; - default = false; - description = '' - Enable NAT and firewall traversal for SSH via tor hidden service - ''; - }; - }; - - config = mkIf cfg.enable { - services.sshd.enable = true; - services.openssh.passwordAuthentication = false; - security.sudo.wheelNeedsPassword = false; - - users.mutableUsers = false; - - users.users = mapAttrs (user: keys: ( - { - extraGroups = [ "wheel" ]; - isNormalUser = true; - openssh.authorizedKeys.keyFiles = keys; - })) cfg.users; - - networking.firewall.allowedTCPPorts = [ 22 ]; - - environment.systemPackages = with pkgs; [ - vim - tmux - ]; - - services.tor.hiddenServices = { - "rat" = mkIf cfg.rat.enable { - name = "rat"; - map = [ { port = 22; } ]; - }; - }; - }; -} - diff --git a/modules/backup.nix b/modules/backup.nix deleted file mode 100644 index aa7ad70..0000000 --- a/modules/backup.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ config, pkgs, lib, ...}: -with lib; -let - backupExcludes = [ - "/backup" - "/dev" - "/efi" - "/home/*/.cache" - "/home/*/.config/Riot/Cache" - "/home/iserv" - "/lost+found" - "/mnt" - "/nix" - "/proc" - "/run" - "/sys" - "/tmp" - "/var/cache" - "/var/log" - "/var/tmp" - ]; - cfg = config.dadada.backupClient; -in { - options.dadada.backupClient = { - enable = mkEnableOption "Enable backup client"; - gs = mkEnableOption "Enable backup to GS location"; - bs = mkEnableOption "Enable backup to BS location"; - }; - - config = mkIf cfg.enable { - - fileSystems = mkIf cfg.gs { - "/backup" = { - device = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; - fsType = "ext4"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - }; - - services.borgbackup.jobs.gs = mkIf cfg.gs { - paths = "/"; - exclude = backupExcludes; - repo = "/backup/${config.networking.hostName}"; - doInit = false; - encryption = { - mode = "repokey"; - passCommand = "cat /var/lib/borgbackup/gs/passphrase"; - }; - compression = "auto,lz4"; - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 2; - monthly = -1; # Keep at least one archive for each month - yearly = -1; # Keep at least one archive for each year - }; - startAt = "monthly"; - }; - - networking.hosts = mkIf cfg.bs { - "fd42:dead:beef:0:5054:ff:fefb:7361" = [ - "media.dadada.li" - ]; - }; - - services.borgbackup.jobs.bs = mkIf cfg.bs{ - paths = "/"; - exclude = backupExcludes; - repo = "borg@media.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; - doInit = true; - environment = { - BORG_RSH = "ssh -i /var/lib/borgbackup/bs/id_ed25519 -o 'StrictHostKeyChecking accept-new'"; - }; - encryption = { - mode = "repokey"; - passCommand = "cat /var/lib/borgbackup/bs/passphrase"; - }; - compression = "auto,lz4"; - startAt = "daily"; - }; - }; -} diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index f06bdf1..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - admin = ./admin.nix; - backup = ./backup.nix; - homePage = ./homepage.nix; - element = ./element.nix; - fido2 = ./fido2.nix; - fileShare = ./fileShare.nix; - networking = ./networking.nix; - share = ./share.nix; - steam = ./steam.nix; - update = ./update.nix; - vpnServer = ./vpnServer.nix; - weechat = ./weechat.nix; -} diff --git a/modules/fido2.nix b/modules/fido2.nix deleted file mode 100644 index 3948bdb..0000000 --- a/modules/fido2.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - luks = config.dadada.luks; - fido2 = config.dadada.fido2; -in { - - options = { - dadada.luks = { - uuid = mkOption { - type = with types; nullOr str; - description = "Device UUID"; - default = null; - }; - }; - - dadada.fido2 = { - enablePam = mkEnableOption "Enable PAM U2F"; - credential = mkOption { - type = with types; nullOr str; - description = "FIDO2 credential string"; - default = null; - }; - }; - }; - - config = { - boot.initrd.luks.devices = mkIf (luks.uuid != null) { - root = { - device = "/dev/disk/by-uuid/${luks.uuid}"; - preLVM = true; - allowDiscards = true; - fido2 = mkIf (fido2.credential != null) { - credential = fido2.credential; - passwordLess = true; - }; - }; - }; - - boot.initrd.luks.fido2Support = mkIf (fido2.credential != null) true; - - environment.systemPackages = mkIf (fido2.credential != null) (with pkgs; [ - linuxPackages.acpi_call - fido2luks - python27Packages.dbus-python - python38Packages.solo-python - ]); - - security.pam.u2f = mkIf fido2.enablePam { - enable = true; - control = "sufficient"; - cue = true; - }; - }; - -} diff --git a/modules/home/default.nix b/modules/home/default.nix deleted file mode 100644 index cb610f8..0000000 --- a/modules/home/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ - colors = ./colors.nix; - direnv = ./direnv.nix; - fish = ./fish.nix; - git = ./git.nix; - gpg = ./gpg.nix; - gtk = ./gtk.nix; - keyring = ./keyring.nix; - kitty = ./kitty; - mako = ./mako.nix; - session = ./session.nix; - ssh = ./ssh.nix; - sway = ./sway; - syncthing = ./syncthing.nix; - termite = ./termite.nix; - tmux = ./tmux.nix; - vim = ./vim; - xdg = ./xdg.nix; - zsh = ./zsh.nix; -} diff --git a/modules/home/fish.nix b/modules/home/fish.nix deleted file mode 100644 index e22b779..0000000 --- a/modules/home/fish.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.fish; -in { - options.dadada.home.fish = { - enable = mkEnableOption "Enable fish config"; - }; - - config = mkIf cfg.enable { - programs.fish = { - enable = true; - plugins = with pkgs; [{ - name = "fzf"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "fzf"; - rev = "c3defd4a922e97120503b45e26efa775bc672b50"; - sha256 = "1k5b0nva0mbqc9830qhbcwxsi8d9b2p4ws1fq0bw9nkf2ripyp4p"; - }; - }]; - interactiveShellInit = '' - # fish git prompt - set __fish_git_prompt_show_informative_status 'yes' - set __fish_git_prompt_showdirtystate 'yes' - set __fish_git_prompt_showstashstate 'yes' - set __fish_git_prompt_showuntrackedfiles 'yes' - set __fish_git_prompt_showupstream 'yes' - set __fish_git_prompt_showcolorhints 'yes' - - set fish_greeting - - # disable path shortening - set fish_prompt_pwd_dir_length 0 - - set -U FZF_LEGACY_KEYBINDINGS 0 - set -x TERM xterm-256color - set -U fish_user_paths ~/bin $fish_user_paths - - #if status is-interactive - #and not status is-login - #and not set -q TMUX - #and string match -qr "^xterm-.*" "$TERM" - # exec tmux - #end - ''; - promptInit = '' - function fish_prompt - set last_status $status - printf '%s %s:%s ' \ - (set_color red - echo $last_status) \ - (set_color green - hostname) \ - (set_color blue - prompt_pwd) - set_color normal - end - - function fish_right_prompt - printf '%s' (__fish_git_prompt) - end - ''; - shellAliases = { - gst = "git status"; - gco = "git commit"; - glo = "git log"; - gad = "git add"; - ls = "exa"; - ll = "exa -l"; - la = "exa -la"; - mv = "mv -i"; - cp = "cp -i"; - }; - }; - - home.packages = [ pkgs.exa ]; - }; -} diff --git a/modules/home/git.nix b/modules/home/git.nix deleted file mode 100644 index 43047eb..0000000 --- a/modules/home/git.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.git; -in -{ - options.dadada.home.git = { - enable = mkEnableOption "Enable git config"; - }; - config = mkIf cfg.enable { - programs.git.enable = true; - }; -} diff --git a/modules/home/gtk.nix b/modules/home/gtk.nix deleted file mode 100644 index 8c47571..0000000 --- a/modules/home/gtk.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.dadada.home.gtk; -in -{ - options.dadada.home.gtk = { - enable = mkEnableOption "Enable GTK config"; - }; - config = mkIf cfg.enable { - gtk = { - enable = true; - theme.package = pkgs.gnome3.gnome-themes-extra; - theme.name = "Adwaita-dark"; - iconTheme.package = pkgs.gnome3.adwaita-icon-theme; - iconTheme.name = "Adwaita"; - font.package = pkgs.cantarell-fonts; - font.name = "Cantarell"; - }; - qt = { - enable = true; - platformTheme = "gtk"; - }; - }; -} diff --git a/modules/home/kitty/config b/modules/home/kitty/config deleted file mode 100644 index 54f0cfc..0000000 --- a/modules/home/kitty/config +++ /dev/null @@ -1,42 +0,0 @@ -enable_audio_bell = false; -background #1f2022 -foreground #a3a3a3 -selection_background #a3a3a3 -selection_foreground #1f2022 -url_color #b8b8b8 -cursor #a3a3a3 -active_border_color #585858 -inactive_border_color #282828 -active_tab_background #1f2022 -active_tab_foreground #a3a3a3 -inactive_tab_background #282828 -inactive_tab_foreground #b8b8b8 -tab_bar_background #282828 - -# normal -color0 #1f2022 -color1 #f2241f -color2 #67b11d -color3 #b1951d -color4 #4f97d7 -color5 #a31db1 -color6 #2d9574 -color7 #a3a3a3 - -# bright -color8 #585858 -color9 #f2241f -color10 #67b11d -color11 #b1951d -color12 #4f97d7 -color13 #a31db1 -color14 #2d9574 -color15 #f8f8f8 - -# extended base16 colors -color16 #ffa500 -color17 #b03060 -color18 #282828 -color19 #444155 -color20 #b8b8b8 -color21 #e8e8e8 diff --git a/modules/home/kitty/default.nix b/modules/home/kitty/default.nix deleted file mode 100644 index e700baa..0000000 --- a/modules/home/kitty/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ pkgs, lib, config, ... }: -with lib; -let - cfg = config.dadada.home.kitty; -in { - options.dadada.home.kitty = { - enable = mkEnableOption "Enable kitty config"; - }; - config = mkIf cfg.enable { - programs.kitty = { - enable = true; - font = { - package = pkgs.source-code-pro; - name = "Source Code Pro 8"; - }; - extraConfig = builtins.readFile ./config; - }; - }; -} diff --git a/modules/home/mako.nix b/modules/home/mako.nix deleted file mode 100644 index 02ba643..0000000 --- a/modules/home/mako.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, colors, ...}: -with lib; -let - cfg = config.dadada.home.mako; -in { - options.dadada.home.mako = { - enable = mkEnableOption "Enable mako config"; - }; - config = mkIf cfg.enable { - programs.mako = { - enable = true; - anchor = "bottom-right"; - backgroundColor = colors.color8; - borderColor = colors.color0; - #defaultTimeout = -1; - font = "Source Code Pro 10"; - format = ''%a %s\n%b''; - height = 100; - #groupBy = "app-name"; - icons = false; - ignoreTimeout = false; - layer = "overlay"; - margin = "0,0,0"; - maxVisible = 200; - padding = "0"; - progressColor = colors.color4; - sort = "+time"; - textColor = colors.foreground; - width = 400; - }; - }; -} diff --git a/modules/home/module-list.nix b/modules/home/module-list.nix deleted file mode 100644 index bffa457..0000000 --- a/modules/home/module-list.nix +++ /dev/null @@ -1,20 +0,0 @@ -[ - ./colors.nix - ./direnv.nix - ./fish.nix - ./git.nix - ./gpg.nix - ./gtk.nix - ./keyring.nix - ./kitty - ./mako.nix - ./session.nix - ./ssh.nix - ./sway - ./syncthing.nix - ./termite.nix - ./tmux.nix - ./vim - ./xdg.nix - ./zsh.nix -] diff --git a/modules/home/sway/config b/modules/home/sway/config deleted file mode 100644 index f5a8382..0000000 --- a/modules/home/sway/config +++ /dev/null @@ -1,306 +0,0 @@ -set $wallpaper ~/.config/nixpkgs/modules/sway/wallpaper -set $foreground #a3a3a3ff -set $background #1f2022e5 -set $dark_black #1f2022ff -set $light_black #282828ff -set $dark_red #444155ff -set $light_red #585858ff -set $dark_green #b8b8b8ff -set $light_green #a3a3a3ff -set $dark_yellow #e8e8e8ff -set $light_yellow #f8f8f8ff -set $dark_blue #f2241fff -set $light_blue #ffa500ff -set $dark_magenta #b1951dff -set $light_magenta #67b11dff -set $dark_cyan #2d9574ff -set $light_cyan #4f97d7ff -set $dark_white #a31db1ff -set $light_white #b03060ff - -xwayland enable - -# global modifier key -set $mod Mod4 - -# reload the configuration file -bindsym $mod+Shift+c reload - -# restart i3 inplace (preserves your layout/session, can be used to upgrade i3) -bindsym $mod+Shift+r restart - -# the font to be used for i3bar and window decorations -font pango:Source Code Pro 8 - -bindsym $mod+Return exec termite -bindsym $mod+Space exec bemenu-run - -# switch keyboard to neo -#bindsym $mod+F1 exec neo-key -#bindsym $mod+F2 exec eu-key - -# kill focused window -bindsym $mod+Shift+q kill - -# toggle moving floating windows with the mouse -floating_modifier $mod - -# toggle tiling / floating -bindsym $mod+Shift+f floating toggle - -# resize window (you can also use the mouse for that) -mode "resize" { - # resize windows with hjkl - bindsym h resize shrink width 10 px or 10 ppt - bindsym j resize grow height 10 px or 10 ppt - bindsym k resize shrink height 10 px or 10 ppt - bindsym l resize grow width 10 px or 10 ppt - - # back to normal mode - bindsym Return mode "default" - bindsym Escape mode "default" -} - -# switch to resize mode -bindsym $mod+r mode "resize" - -# set border width of new window -default_border pixel 1 - -# keep focus within current container? -focus_wrapping no - -# focus goes to window if mouse is moved onto it -focus_follows_mouse yes - -# enter fullscreen mode for the focused container -bindsym $mod+o fullscreen - -# default orientation of new windows -default_orientation horizontal - -# split in horizontal orientation -bindsym $mod+b split h - -# split in vertical orientation -bindsym $mod+shift+b split v - -# change container layout (stacked, tabbed, toggle split) -bindsym $mod+x layout toggle all - -# name workspaces -set $1 1 -set $2 2 -set $3 3 -set $4 4 -set $5 5 -set $6 6 -set $7 7 -set $8 8 -set $9 9 -set $10 10 - -# default mode -workspace_layout tabbed - -# automatically jump back to previous workspace -workspace_auto_back_and_forth yes - -# messaging -workspace 2 output LVDS-1 - -# web and doc -workspace 1 output VGA-1 - -# editor and IDE -workspace 3 output DP-2 - -# change focus -bindsym $mod+h focus left -bindsym $mod+j focus down -bindsym $mod+k focus up -bindsym $mod+l focus right - -# focus latest urgent window -bindsym $mod+Shift+1 [urgent=latest] focus - -# focus the parent container -bindsym $mod+Up focus parent - -# focus the child container -bindsym $mod+Down focus child - -# focus tiling/floating -bindsym $mod+f focus mode_toggle - -# focus workspace -bindsym $mod+1 workspace number $1 -bindsym $mod+2 workspace number $2 -bindsym $mod+3 workspace number $3 -bindsym $mod+4 workspace number $4 -bindsym $mod+5 workspace number $5 -bindsym $mod+6 workspace number $6 -bindsym $mod+7 workspace number $7 -bindsym $mod+8 workspace number $8 -bindsym $mod+9 workspace number $9 -bindsym $mod+0 workspace number $10 -bindsym $mod+n workspace next_on_output -bindsym $mod+p workspace prev_on_output - -# focus different outputs (displays) -bindsym $mod+shift+h focus output left -bindsym $mod+shift+j focus output down -bindsym $mod+shift+k focus output up -bindsym $mod+shift+l focus output right - -# show the first scratchpad window -bindsym $mod+minus scratchpad show - -set $mode_move "move" -bindsym $mod+m mode "$mode_move" - -mode "$mode_move" { - - # move focused container - bindsym h move left ;mode "default" - bindsym j move down ;mode "default" - bindsym k move up ;mode "default" - bindsym l move right;mode "default" - bindsym 1 move container to workspace number $1 ;mode "default" - bindsym 2 move container to workspace number $2 ;mode "default" - bindsym 3 move container to workspace number $3 ;mode "default" - bindsym 4 move container to workspace number $4 ;mode "default" - bindsym 5 move container to workspace number $5 ;mode "default" - bindsym 6 move container to workspace number $6 ;mode "default" - bindsym 7 move container to workspace number $7 ;mode "default" - bindsym 8 move container to workspace number $8 ;mode "default" - bindsym 9 move container to workspace number $9 ;mode "default" - bindsym 0 move container to workspace number $10 ;mode "default" - bindsym n move container to workspace next_on_output;mode "default" - bindsym p move container to workspace prev_on_output;mode "default" - - # move focused workspace to output - bindsym shift+h move workspace to output left ; mode "default" - bindsym shift+j move workspace to output down ; mode "default" - bindsym shift+k move workspace to output up ; mode "default" - bindsym shift+l move workspace to output right ; mode "default" - bindsym shift+n move container to output next ; mode "default" - bindsym shift+p move container to output prev ; mode "default" - - # make the currently focused window a scratchpad - bindsym minus move scratchpad; mode "default" - - # Move container to the current position of the cursor - bindsym m move position mouse; mode "default" - - bindsym Escape mode "default" -} - -# lock the screen -bindsym $mod+equal exec ~/bin/lock-session - -# control volume -bindsym --locked XF86AudioRaiseVolume exec amixer set 'Master' 5%+ && pkill -RTMIN+10 i3blocks -bindsym --locked XF86AudioLowerVolume exec amixer set 'Master' 5%- && pkill -RTMIN+10 i3blocks -bindsym --locked XF86AudioMute exec amixer set Master toggle && pkill -RTMIN+10 i3blocks -bindsym --locked --to-code XF86AudioMicMute exec --no-startup-id pactl set-source-mute 1 toggle - -# control media player -bindsym --locked XF86AudioPlay exec playerctl play-pause && pkill -RTMIN+11 i3blocks -bindsym --locked XF86LaunchA exec playerctl play-pause && pkill -RTMIN+11 i3blocks -bindsym --locked XF86AudioNext exec playerctl next && pkill -RTMIN+11 i3blocks -bindsym --locked XF86Explorer exec playerctl next && pkill -RTMIN+11 i3blocks -bindsym --locked XF86AudioPrev exec playerctl previous && pkill -RTMIN+11 i3blocks -bindsym --locked XF86Search exec playerctl previous && pkill -RTMIN+11 i3blocks - -# control screen brightness -bindsym --locked XF86MonBrightnessUp exec brightnessctl set -d intel_backlight +5% -bindsym --locked XF86MonBrightnessDown exec brightnessctl set -d intel_backlight 5%- - -# Basic bar configuration using the Base16 variables. -bar { - id bar - status_command i3blocks - mode dock - modifier $mod - position bottom - strip_workspace_numbers yes - workspace_buttons yes - #output LVDS-1 - - colors { - background $background - separator $light_green - statusline $foreground - - # State Border BG Text - focused_workspace $light_black $dark_cyan $background - active_workspace $light_black $dark_green $background - inactive_workspace $dark_black $background $foreground - urgent_workspace $light_black $dark_red $background - binding_mode $light_black $dark_magenta $background - } -} - -#hide_edge_borders both -bindsym XF86Launch1 exec aplay ~/lib/sounds/wortwitzklingel-mono.wav - -# Basic color configuration using the Base16 variables for windows and borders. -# Property Name Border BG Text Indicator Child Border -client.focused $light_black $dark_cyan $background $dark_cyan $dark_cyan -client.focused_inactive $light_black $dark_green $background $dark_green $dark_green -client.unfocused $light_black $background $foreground $dark_white $dark_white -client.urgent $light_black $dark_red $background $dark_red $dark_red -client.placeholder $light_black $dark_magenta $background $dark_magenta $dark_magenta - -input * { - xkb_layout eu - xkb_model pc105+inet - xkb_options caps:escape - natural_scroll enabled -} - -input 2:7:SynPS/2_Synaptics_TouchPad { - # disables the input device - events disabled -} - -output VGA-1 { - background $wallpaper fill - pos 0 0 -} - -output DP-2 { - background $wallpaper fill - pos 1280 0 -} - -output LVDS-1 { - background $wallpaper fill - pos 3840 0 -} - - -seat * { - hide_cursor 5000 -} - -assign [app_id="thunderbird"] workspace 1 -assign [app_id="telegramdesktop"] workspace 1 -assign [app_id="firefox" title="Riot.*"] workspace 1 -assign [app_id="firefox" title="Instant messaging.*"] workspace 1 -assign [app_id="firefox" title="Threema Web.*"] workspace 1 -assign [app_id="firefox" title="chaos\.social.*"] workspace 1 -assign [app_id="thunderbird" title="Write:.*"] workspace 3 -assign [app_id="firefox"] workspace 2 -assign [app_id="jetbrains-studio"] workspace 3 -assign [app_id="org.keepassxc.KeePassXC"] workspace 10 - -exec xset s off -exec mako -#exec swayidle -w timeout 300 '$HOME/bin/lock-session' timeout 240 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' before-sleep '$HOME/bin/lock-session' lock '$HOME/bin/lock-session' -#exec redshift -#exec keepassxc -#exec firefox -#exec thunderbird -#exec riot-desktop diff --git a/modules/home/sway/default.nix b/modules/home/sway/default.nix deleted file mode 100644 index 5dfbd09..0000000 --- a/modules/home/sway/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, pkgs, lib, colors, ...}: -with lib; -let - cfg = config.dadada.home.sway; -in { - options.dadada.home.sway = { - enable = mkEnableOption "Enable Sway config"; - }; - config = mkIf cfg.enable { - home.packages = with pkgs; [ - qt5.qtwayland - swayidle - xwayland - mako - kanshi - i3blocks - termite - bemenu - xss-lock - ] ++ (with unstable; [ - swaylock - ]); - - wayland.windowManager.sway = { - enable = true; - config = null; - extraConfig = (builtins.readFile ./config); - extraSessionCommands = '' - export SDL_VIDEODRIVER=wayland - # needs qt5.qtwayland in systemPackages - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - # Fix for some Java AWT applications (e.g. Android Studio), - # use this if they aren't displayed properly: - export _JAVA_AWT_WM_NONREPARENTING=1 - ''; - }; - }; -} diff --git a/modules/home/termite.nix b/modules/home/termite.nix deleted file mode 100644 index 8264024..0000000 --- a/modules/home/termite.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - lib, - pkgs, - colors ? ../../lib/colors.nix, - ... -}: -with lib; -let - cfg = config.dadada.home.termite; -in { - options.dadada.home.termite = { - enable = mkEnableOption "Enable termite config"; - }; - config = mkIf cfg.enable { - programs.termite = { - enable = true; - allowBold = true; - audibleBell = false; - clickableUrl = true; - dynamicTitle = true; - font = "Source Code Pro 10"; - mouseAutohide = false; - scrollOnOutput = false; - scrollOnKeystroke = true; - scrollbackLines = -1; - searchWrap = true; - urgentOnBell = true; - cursorBlink = "off"; - cursorShape = "block"; - sizeHints = false; - scrollbar = "off"; - colorsExtra = '' - foreground = ${colors.foreground} - foreground_bold = ${colors.foregroundBold} - cursor = ${colors.cursor} - cursor_foreground = ${colors.cursorForeground} - background = ${colors.background} - color0 = ${colors.background} - color8 = ${colors.color8} - color7 = ${colors.color7} - color15 = ${colors.color15} - color1 = ${colors.color1} - color9 = ${colors.color9} - color2 = ${colors.color2} - color10 = ${colors.color10} - color3 = ${colors.color3} - color11 = ${colors.color11} - color4 = ${colors.color4} - color12 = ${colors.color12} - color5 = ${colors.color5} - color13 = ${colors.color13} - color6 = ${colors.color6} - color14 = ${colors.color14} - color16 = ${colors.color16} - color17 = ${colors.color17} - color18 = ${colors.color18} - color19 = ${colors.color19} - color20 = ${colors.color20} - color21 = ${colors.color21} - ''; - }; - - # Add font that is used in config - home.packages = [ - pkgs.source-code-pro - ]; - }; -} diff --git a/modules/home/tmux.nix b/modules/home/tmux.nix deleted file mode 100644 index d25eb30..0000000 --- a/modules/home/tmux.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ config, lib, ... }: -with lib; -let - cfg = config.dadada.home.tmux; -in { - options.dadada.home.tmux = { - enable = mkEnableOption "Enable tmux config"; - }; - config = mkIf cfg.enable { - programs.tmux = { - enable = true; - terminal = "xterm-256color"; - extraConfig = '' - set -g status on - set-option -g set-titles on - set-option -g automatic-rename on - set-window-option -g mode-keys vi - ''; - }; - }; -} diff --git a/modules/home/vim/default.nix b/modules/home/vim/default.nix deleted file mode 100644 index 1199c8c..0000000 --- a/modules/home/vim/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.vim; - vimPlugins = pkgs.callPackage ../../../pkgs/vimPlugins {}; -in -{ - options.dadada.home.vim = { - enable = mkEnableOption "Enable VIM config"; - }; - - config = mkIf cfg.enable { - programs.vim = { - enable = true; - extraConfig = builtins.readFile ./vimrc; - plugins = [ - pkgs.vimPlugins.vim-nix - #pkgs.vimPlugins.kotlin-vim - pkgs.vimPlugins.ale - pkgs.vimPlugins.fzf-vim - pkgs.vimPlugins.rust-vim - pkgs.vimPlugins.base16-vim - pkgs.vimPlugins.typescript-vim - pkgs.vimPlugins.vim-airline - pkgs.vimPlugins.vim-airline-themes - pkgs.vimPlugins.vim-fish - vimPlugins.spacemacsTheme - vimPlugins.filetype - #pkgs.vimPlugins.vim-gnupg - #pkgs.vimPlugins.vim-l9 - pkgs.vimPlugins.vim-ledger - #pkgs.vimPlugins.clang_complete - ]; - }; - home.packages = [ pkgs.languagetool ]; - }; -} diff --git a/modules/home/vim/vimrc b/modules/home/vim/vimrc deleted file mode 100644 index 3538ae9..0000000 --- a/modules/home/vim/vimrc +++ /dev/null @@ -1,144 +0,0 @@ -filetype plugin on -filetype indent on - -set autoread -" :W sudo saves the file -" (useful for handling the permission-denied error) -command W w !sudo tee % > /dev/null - -" no command execution from modeline -set nomodeline - -" Turn on the Wild menu -set wildmenu - -" Enable hidden buffers -set hidden - -" Clipboard copy & paste -"set clipboard=unnamedplus - -" Always show current position -set ruler - -" When searching try to be smart about cases -set smartcase - -" Highlight search results -set hlsearch - -" Inenteremental search -set incsearch - -" Don't redraw while executing macros (good performance config) -set lazyredraw - -" Do not show matching brackets when text indicator is over them -" set noshowmatch -" let loaded_matchparen = 1 - -" No annoying sound on errors -set noerrorbells -set novisualbell - -set wrap -set linebreak -set nolist " list disables linebreak - -" Enable syntax highlighting -syntax enable - -if (has("termguicolors")) - set termguicolors -endif - -set t_Co=256 - -set background=dark -colorscheme spacemacs-theme - -" Use tabs for indent -set smarttab -set smartindent -set autoindent -set copyindent -set preserveindent - -set wildmode=longest,list,full -set wildmenu - -set cursorline -set number -set relativenumber - -" Transparency -"hi Normal guibg=NONE ctermbg=NONE - -"set list! -"set listchars=trail:⛤,extends:⟩,precedes:⟨,nbsp:␣,conceal:… - -" Map leader to do extra key combinations -let mapleader = " " - -" Toggle paste mode on and off -map pp :setlocal paste! - -" Fast saving -nmap w :w! - -" Buffer switching -nmap bb :Buffers -nmap bl :Buffers -nmap bn :bnext -nmap bp :bprevious - -nmap ll :Lines -nmap mm :Marks -nmap ww :Windows -nmap hh :History/ -nmap rr :reg - -" finding files -nmap ff :Files -nmap pp :FufDir - -set statusline+=%#warningmsg# -set statusline+=%{SyntasticStatuslineFlag()} -set statusline+=%* - -"let g:syntastic_always_populate_loc_list = 1 -"let g:syntastic_auto_loc_list = 1 -"let g:syntastic_check_on_open = 1 -"let g:syntastic_check_on_wq = 0 -nmap sp :ALEFindReferences -nmap ss :ALESymbolSearch -nmap gd :ALEGoToDefinition -nmap ?? :ALEHover - -" Enable completion where available. -" This setting must be set before ALE is loaded. -let g:ale_completion_enabled = 1 - -let g:ale_fix_on_save = 1 - -let g:ale_warn_about_trailing_whitespace = 1 -let g:ale_warn_about_trailing_lines = 1 -let g:ale_completion_tsserver_autoimport = 1 -let g:ale_languagetool_executable = 'languagetool-commandline' - -"let g:ale_lint_on_text_changed = 'never' -" You can disable this option too -" if you don't want linters to run on opening a file -"let g:ale_lint_on_enter = 0 - -" Set airline theme -let g:airline_theme='base16_spacemacs' - -" Load all plugins now. -" Plugins need to be added to runtimepath before helptags can be generated. -packloadall -" Load all of the helptags now, after plugins have been loaded. -" All messages and errors will be ignored. -silent! helptags ALL - -set omnifunc=ale#completion#OmniFunc diff --git a/modules/home/zsh.nix b/modules/home/zsh.nix deleted file mode 100644 index 91ab985..0000000 --- a/modules/home/zsh.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.home.zsh; -in { - options.dadada.home.zsh = { - enable = mkEnableOption "Enable ZSH config"; - }; - config = mkIf cfg.enable { - programs.fzf.enableZshIntegration = true; - programs.zsh = { - enable = true; - enableAutosuggestions = true; - enableCompletion = true; - autocd = true; - sessionVariables = { - EDITOR = "vim"; - }; - history = { - extended = true; - ignoreDups = true; - ignoreSpace = true; - save = 100000; - share = true; - }; - plugins = [ - ]; - initExtra = '' - source ~/.nix-profile/share/zsh-git-prompt/zshrc.sh - source ~/.nix-profile/share/fzf/key-bindings.zsh - source ~/.nix-profile/share/fzf/completion.zsh - - preexec() { echo -n -e "\033]0;$1\007" } - - PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f " - RPROMPT='$(git_super_status)' - #NIX_BUILD_SHELL="${pkgs.zsh}/bin/zsh" - if [ "$TMUX" = "" ] - then - tmux - fi - ''; - profileExtra = '' - ''; - shellAliases = { - gst = "git status"; - gco = "git commit"; - glo = "git log"; - gad = "git add"; - ls = "exa"; - ll = "exa -l"; - la = "exa -la"; - mv = "mv -i"; - cp = "cp -i"; - }; - }; - - home.packages = with pkgs; [ - fzf - exa - zsh-git-prompt - tmux - ]; - }; -} diff --git a/modules/homepage.nix b/modules/homepage.nix deleted file mode 100644 index 94468ba..0000000 --- a/modules/homepage.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, pkgs, lib, ... }: - -let - cfg = config.dadada.homePage; -in with lib; { - options.dadada.homePage = { - enable = mkEnableOption "Enable home page"; - }; - config = mkIf cfg.enable { - services.nginx.enable = true; - - services.nginx.virtualHosts."dadada.li" = { - enableACME = true; - forceSSL = true; - root = pkgs.homePage; - }; - }; -} diff --git a/modules/module-list.nix b/modules/module-list.nix deleted file mode 100644 index 4650c02..0000000 --- a/modules/module-list.nix +++ /dev/null @@ -1,14 +0,0 @@ -[ - ./admin.nix - ./backup.nix - ./element.nix - ./fido2.nix - ./fileShare.nix - ./homepage.nix - ./networking.nix - ./share.nix - ./steam.nix - ./update.nix - ./vpnServer.nix - ./weechat.nix -] diff --git a/modules/networking.nix b/modules/networking.nix deleted file mode 100644 index badd59d..0000000 --- a/modules/networking.nix +++ /dev/null @@ -1,80 +0,0 @@ -{ config, pkgs, lib, ...}: -with lib; -let - cfg = config.dadada.networking; -in { - options.dadada.networking = { - useLocalResolver = mkEnableOption "Enable local caching name server"; - wanInterfaces = mkOption { - type = with types; listOf str; - description = "WAN network interfaces"; - default = []; - }; - vpnExtension = mkOption { - type = with types; nullOr str; - description = "Last part of VPN address"; - default = null; - }; - enableBsShare = mkEnableOption "Enable network share at BS location"; - }; - - config = { - networking.resolvconf.useLocalResolver = mkIf cfg.useLocalResolver true; - services.unbound = mkIf cfg.useLocalResolver { - enable = true; - allowedAccess = [ - "127.0.0.1/8" - "::1" - ]; - extraConfig = '' - tls-upstream: yes - tls-cert-bundle: "/etc/ssl/certs/ca-bundle.crt" - forward-zone: - name: . - forward-tls-upstream: yes - forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com - forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com - forward-addr: 1.1.1.1@853#cloudflare-dns.com - forward-addr: 1.0.0.1@853#cloudflare-dns.com - ''; - }; - - networking.useDHCP = false; - - networking.interfaces = listToAttrs (forEach cfg.wanInterfaces (i: nameValuePair i { - useDHCP = true; - })); - - networking.wireguard.interfaces = mkIf (cfg.vpnExtension != null) { - bs = { - ips = [ "fd42:dead:beef:1337::${cfg.vpnExtension}/64" ]; - listenPort = 51234; - - privateKeyFile = "/var/lib/wireguard/privkey"; - - peers = [ - { - publicKey = "lFB2DWtzp55ajV0Fk/OWdO9JlGvN9QsayYKQQHV3GEs="; - allowedIPs = [ "fd42:dead:beef::/48" ]; - endpoint = "bs.vpn.dadada.li:51234"; - persistentKeepalive = 25; - } - ]; - }; - }; - - fileSystems."/mnt/media.dadada.li" = mkIf cfg.enableBsShare { - device = "media.dadada.li:/mnt/storage/share"; - fsType = "nfs"; - options = [ "x-systemd.automount" "noauto" "x-systemd.idle-timeout=600" ]; - }; - - networking.firewall = { - enable = true; - allowedUDPPorts = [ - 51234 # Wireguard - 5353 # mDNS - ]; - }; - }; -} diff --git a/modules/profiles/base/default.nix b/modules/profiles/base/default.nix deleted file mode 100644 index ec6fc2d..0000000 --- a/modules/profiles/base/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -{ - nixpkgs.overlays = attrValues (import ../../../overlays); - - imports = import ../../module-list.nix; - - networking.domain = mkDefault "dadada.li"; - - dadada.admin.users = { - "dadada" = [ "${pkgs.dadadaKeys}/dadada.pub" ]; - }; - - #dadada.autoUpgrade = mkDefault true; - - environment.noXlibs = mkDefault true; - documentation.enable = mkDefault false; - documentation.nixos.enable = mkDefault false; - - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - console = mkDefault { - font = "Lat2-Terminus16"; - keyMap = "us"; - }; - -} diff --git a/modules/profiles/default.nix b/modules/profiles/default.nix deleted file mode 100644 index 3ae87ed..0000000 --- a/modules/profiles/default.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - base = ./base; - laptop = ./laptop; -} diff --git a/modules/profiles/laptop/default.nix b/modules/profiles/laptop/default.nix deleted file mode 100644 index bb585a1..0000000 --- a/modules/profiles/laptop/default.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -{ - imports = [ - ../base - ]; - - dadada = { - networking = { - useLocalResolver = mkDefault true; - }; - }; - - services.fwupd.enable = true; - - fonts.fonts = mkDefault (with pkgs; [ - source-code-pro - ]); - - time.timeZone = mkDefault "Europe/Berlin"; - - programs.zsh = mkDefault { - enable = true; - autosuggestions.enable = true; - enableCompletion = true; - histSize = 100000; - vteIntegration = true; - syntaxHighlighting = { - enable = true; - highlighters = [ "main" "brackets" "pattern" "cursor" "root" "line" ]; - }; - }; - - environment.noXlibs = false; - documentation.enable = true; - documentation.nixos.enable = true; -} diff --git a/modules/update.nix b/modules/update.nix deleted file mode 100644 index 4b37227..0000000 --- a/modules/update.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.dadada.autoUpgrade; -in { - - options.dadada.autoUpgrade = { - enable = mkEnableOption "Enable automatic upgrades"; - }; - - config = mkIf cfg.enable { - nix = { - autoOptimiseStore = true; - useSandbox = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - system.autoUpgrade = { - enable = true; - dates = "daily"; - }; - }; -} diff --git a/modules/vpnServer.nix b/modules/vpnServer.nix deleted file mode 100644 index 7fb108e..0000000 --- a/modules/vpnServer.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib, ... }: - -with lib; -let - cfg = config.dadada.vpnServer; - wgPeer = { name, ... }: { - options = { - name = mkOption { - internal = true; - default = name; - }; - id = mkOption { - description = "VPN client id"; - default = 0; - type = types.str; - }; - key = mkOption { - description = "VPN client public key"; - default = ""; - type = types.str; - }; - }; - }; -in { - options.dadada.vpnServer = { - enable = mkEnableOption "Enable wireguard gateway"; - peers = mkOption { - description = "Set of extensions and public keys of peers"; - type = with types; attrsOf (submodule wgPeer); - default = {}; - }; - }; - config = mkIf cfg.enable { - networking.wireguard.enable = true; - networking.wireguard.interfaces."wg0" = { - allowedIPsAsRoutes = true; - privateKeyFile = "/var/lib/wireguard/wg0-key"; - ips = [ "fd42:dead:beef:1337::0/64" ]; - listenPort = 51234; - peers = map (peer: ( - { - allowedIPs = [ "fd42:dead:beef:1337::${peer.id}/128" ]; - publicKey = peer.key; - })) (attrValues cfg.peers); - }; - }; -} diff --git a/nixos/configurations.nix b/nixos/configurations.nix new file mode 100644 index 0000000..877c6a9 --- /dev/null +++ b/nixos/configurations.nix @@ -0,0 +1,110 @@ +{ + self, + agenix, + disko, + home-manager, + homepage, + lanzaboote, + nixos-hardware, + nixos-generators, + nixpkgs, + ... +}@inputs: +let + # create a new instance allowing some unfree packages + nixpkgsx86 = import nixpkgs { + system = "x86_64-linux"; + config.allowUnfreePredicate = + pkg: + builtins.elem (nixpkgs.lib.getName pkg) [ + "aspell-dict-en-science" + "brgenml1lpr" + "saleae-logic-2" + "spotify" + ]; + }; + nixosSystem = nixpkgs.lib.nixosSystem; + baseModule = + { lib, ... }: + { + _module.args.inputs = inputs; + imports = [ + inputs.agenix.nixosModules.age + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + ( + { pkgs, ... }: + { + dadada.homepage.package = homepage; + dadada.pkgs = inputs.self.packages.${pkgs.system}; + dadada.inputs = inputs // { + dadada = inputs.self; + }; + } + ) + inputs.lanzaboote.nixosModules.lanzaboote + ] + ++ (lib.attrValues inputs.self.nixosModules); + }; + homeModule = ./modules/profiles/home.nix; +in +{ + stolas = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + nixos-hardware.nixosModules.framework-amd-ai-300-series + homeModule + ./stolas + ]; + }; + + gorgon = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + nixos-hardware.nixosModules.lenovo-thinkpad-t14s-amd-gen1 + homeModule + ./gorgon/configuration.nix + ]; + }; + + surgat = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + ./surgat/configuration.nix + ]; + }; + + installer = nixosSystem { + modules = [ + nixos-generators.nixosModules.install-iso + inputs.self.nixosModules.admin + ( + { lib, ... }: + { + nixpkgs.pkgs = nixpkgs.legacyPackages."x86_64-linux"; + isoImage.isoName = lib.mkForce "dadada-nixos-installer.iso"; + networking.tempAddresses = "disabled"; + dadada.admin.enable = true; + documentation.enable = true; + documentation.nixos.enable = true; + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + } + ) + ]; + }; + + ninurta = nixosSystem { + modules = [ + { nixpkgs.pkgs = nixpkgsx86; } + baseModule + ./ninurta/configuration.nix + ]; + }; +} diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix new file mode 100644 index 0000000..69e7588 --- /dev/null +++ b/nixos/gorgon/configuration.nix @@ -0,0 +1,284 @@ +{ + config, + pkgs, + lib, + ... +}: +let + secretsPath = config.dadada.secrets.path; + xilinxJtag = pkgs.writeTextFile { + name = "xilinx-jtag"; + text = '' + ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6010", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/61-xilinx-jtag.rules"; + }; + saleaeLogic = pkgs.writeTextFile { + name = "saleae-logic"; + text = '' + # Saleae Logic analyzer (USB Based) + ATTRS{idVendor}=="21a9", ATTRS{idProduct}=="1006", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/61-saleae-logic.rules"; + }; + keychron = pkgs.writeTextFile { + name = "keychron"; + text = '' + # Saleae Logic analyzer (USB Based) + ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0280", TAG+="uaccess" + ''; + destination = "/etc/udev/rules.d/61-keychron.rules"; + }; +in +{ + imports = [ + ../modules/profiles/laptop.nix + ./hardware-configuration.nix + ]; + + dadada.backupClient.bs.enable = false; + dadada.backupClient.backup1.enable = true; + dadada.backupClient.backup2 = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + repo = "u355513-sub1@u355513-sub1.your-storagebox.de:/home/backup"; + }; + dadada.backupClient.gs = { + enable = true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; + }; + + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + + programs.ssh.startAgent = true; + + nix.extraOptions = '' + experimental-features = nix-command flakes + # Prevent garbage collection for nix shell and direnv + keep-outputs = true + keep-derivations = true + ''; + + boot = { + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ]; + kernelParams = [ "resume=/dev/disk/by-label/swap" ]; + initrd = { + systemd.enable = true; + luks.devices = { + root = { + device = "/dev/disk/by-uuid/3d0e5b93-90ca-412a-b4e0-3e6bfa47d3f4"; + preLVM = true; + allowDiscards = true; + crypttabExtraOpts = [ "fido2-device=auto" ]; + }; + }; + }; + }; + + zramSwap.enable = true; + + networking.hostName = "gorgon"; + + dadada = { + steam.enable = false; + yubikey.enable = true; + }; + + programs.adb.enable = true; + + programs.firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + + programs.wireshark.enable = true; + + services.avahi.enable = true; + + services.smartd.enable = true; + + services.tor = { + enable = true; + client.enable = true; + }; + + services.paperless = { + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; + + age.secrets.paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + + # Enable CUPS to print documents. + services.printing = { + enable = true; + browsing = true; + drivers = with pkgs; [ + config.dadada.pkgs.citizen-cups + hplip + brlaser + brgenml1lpr + brgenml1cupswrapper + ]; + }; + + #hardware.printers.ensurePrinters = [ + # { + # name = "Brother_HL-L2300D"; + # model = "everywhere"; + # location = "BS"; + # deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + # } + #]; + + environment.systemPackages = with pkgs; [ + ghostscript + smartmontools + + dmenu + grim # screenshot functionality + slurp # screenshot functionality + #mako # notification system developed by swaywm maintainer + pulseaudio + + # KDE apps + kdePackages.kmail + kdePackages.kmail-account-wizard + ]; + + networking.firewall = { + enable = true; + allowedTCPPorts = [ + 22000 # Syncthing + ]; + allowedUDPPorts = [ + 21027 # Syncthing + ]; + }; + + systemd.services.modem-manager.enable = lib.mkForce false; + systemd.services."dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + + systemd.sleep.extraConfig = '' + HibernateDelaySec=1h + ''; + + services.udev.packages = [ + xilinxJtag + saleaeLogic + keychron + pkgs.libsigrok + ]; # noMtpUdevRules ]; + + virtualisation.libvirtd.enable = true; + + virtualisation.podman = { + enable = true; + dockerCompat = true; + }; + + users.users = { + dadada = { + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "adbusers" + "kvm" + "video" + "scanner" + "lp" + "docker" + "dialout" + "wireshark" + "paperless" + ]; + shell = "/run/current-system/sw/bin/zsh"; + }; + }; + + networking.hosts = { + "127.0.0.2" = [ "kanboard.dadada.li" ]; + }; + + services.gnome.gnome-keyring.enable = lib.mkForce false; + programs.gnupg.agent.enable = true; + + # KDE + services = { + desktopManager.plasma6.enable = true; + displayManager.sddm.enable = true; + displayManager.sddm.wayland.enable = true; + }; + services.greetd = { + enable = false; + settings = { + default_session = { + command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd sway"; + user = "greeter"; + }; + }; + }; + systemd.user.services.kanshi = { + enable = false; + description = "kanshi daemon"; + environment = { + WAYLAND_DISPLAY = "wayland-1"; + DISPLAY = ":0"; + }; + serviceConfig = { + Type = "simple"; + ExecStart = ''${pkgs.kanshi}/bin/kanshi''; + }; + }; + # enable Sway window manager + programs.sway = { + enable = false; + wrapperFeatures.gtk = true; + }; + programs.light.enable = true; + xdg.portal.wlr.enable = false; + hardware.bluetooth.enable = true; + + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; + + powerManagement = { + enable = true; + powertop.enable = true; + cpuFreqGovernor = "schedutil"; + powerUpCommands = '' + echo 40 > /sys/class/power_supply/BAT0/charge_control_start_threshold + echo 80 > /sys/class/power_supply/BAT0/charge_control_stop_threshold + ''; + }; + services.tlp.enable = false; + + system.stateVersion = "23.11"; +} diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix new file mode 100644 index 0000000..30d7447 --- /dev/null +++ b/nixos/gorgon/hardware-configuration.nix @@ -0,0 +1,53 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "nvme" + "ehci_pci" + "xhci_pci" + "usb_storage" + "sd_mod" + "rtsx_pci_sdmmc" + ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/2478e089-e5d6-480c-8530-4ea46988f9f7"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5B90-D460"; + fsType = "vfat"; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/a617625e-9325-4612-a086-954fb4b99ee0"; + fsType = "ext4"; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/1f6ab0fb-ef4d-45b1-a731-ad0e7a440eef"; + fsType = "ext4"; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/92310a00-7f69-4775-85cb-38e1790f71db"; } + ]; + + nix.settings.max-jobs = lib.mkDefault 16; +} diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix new file mode 100644 index 0000000..bd03ba7 --- /dev/null +++ b/nixos/modules/admin.nix @@ -0,0 +1,122 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.dadada.admin; + extraGroups = [ + "wheel" + "libvirtd" + ]; + + shells = { + "bash" = pkgs.bashInteractive; + "zsh" = pkgs.zsh; + "fish" = pkgs.fish; + }; + + shellNames = builtins.attrNames shells; + + adminOpts = + { + name, + config, + ... + }: + { + options = { + keys = mkOption { + type = types.listOf types.str; + default = [ ]; + apply = + x: + assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); + x; + description = '' + The keys that should be able to access the account. + ''; + }; + shell = mkOption { + type = types.nullOr types.str; + apply = + x: + assert ( + builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}" + ); + x; + default = "zsh"; + defaultText = literalExpression "zsh"; + example = literalExpression "bash"; + description = '' + One of ${builtins.toString shellNames} + ''; + }; + }; + }; +in +{ + options = { + dadada.admin = { + enable = mkEnableOption "Enable admin access"; + + users = mkOption { + type = with types; attrsOf (submodule adminOpts); + default = import ../../admins.nix; + description = '' + Admin users with root access machine. + ''; + example = literalExample "\"user1\" = { shell = pkgs.bashInteractive; keys = [ 'ssh-rsa 123456789' ]; }"; + }; + + rat = mkOption { + type = types.bool; + default = false; + description = '' + Enable NAT and firewall traversal for SSH via tor hidden service + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.users != [ ]; + message = "Must provide at least one admin, if the admin module is enabled."; + } + ]; + + programs.zsh.enable = mkDefault true; + + services.sshd.enable = true; + services.openssh.settings.PasswordAuthentication = false; + security.sudo.wheelNeedsPassword = lib.mkDefault false; + services.openssh.openFirewall = true; + + users.users = mapAttrs (user: keys: { + shell = shells."${keys.shell}"; + extraGroups = lib.mkDefault extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + }) cfg.users; + + nix.settings.trusted-users = builtins.attrNames cfg.users; + + users.mutableUsers = mkDefault false; + + environment.systemPackages = with pkgs; [ + helix + tmux + ]; + + services.tor.relay.onionServices = { + "rat" = mkIf cfg.rat.enable { + name = "rat"; + map = [ { port = 22; } ]; + }; + }; + }; +} diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix new file mode 100644 index 0000000..095fd35 --- /dev/null +++ b/nixos/modules/backup.nix @@ -0,0 +1,196 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + backupExcludes = [ + "/backup" + "/dev" + "/efi" + "/home/*/.cache" + "/home/*/.config/Riot/Cache" + "/home/iserv" + "/lost+found" + "/mnt" + "/nix" + "/proc" + "/root" + "/run" + "/sys" + "/tmp" + "/var/cache" + "/var/lib/machines" + "/var/log" + "/var/tmp" + "/swapfile" + ]; + cfg = config.dadada.backupClient; +in +{ + options = { + dadada.backupClient = { + gs = { + enable = mkEnableOption "Enable backup to GS location"; + passphrasePath = mkOption { + type = with types; nullOr str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/gs/passphrase"; + }; + }; + bs = { + enable = mkEnableOption "Enable backup to BS location"; + passphrasePath = mkOption { + type = types.str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/bs/passphrase"; + }; + sshIdentityFile = mkOption { + type = types.str; + description = '' + Path to the SSH key that is used to transmit the backup. + ''; + default = "/var/lib/borgbackup/bs/id_ed25519"; + }; + }; + backup1 = { + enable = mkEnableOption "Enable backup to new BS location"; + passphrasePath = mkOption { + type = types.str; + description = '' + The path to the passphrase file. + ''; + default = "/var/lib/borgbackup/backup1/passphrase"; + }; + sshIdentityFile = mkOption { + type = types.str; + description = '' + Path to the SSH key that is used to transmit the backup. + ''; + default = "/var/lib/borgbackup/backup1/id_ed25519"; + }; + }; + backup2 = { + enable = mkEnableOption "Enable backup to Hetzner storage box"; + passphrasePath = mkOption { + type = types.str; + description = "The path to the passphrase file."; + default = "/var/lib/borgbackup/backup2/passphrase"; + }; + sshIdentityFile = mkOption { + type = types.str; + description = "Path to the SSH key that is used to transmit the backup."; + default = "/var/lib/borgbackup/backup2/id_ed25519"; + }; + repo = mkOption { + type = types.str; + description = "URL to the repo inside the sub-account."; + example = "u355513-sub1@u355513-sub1.your-storagebox.de:borg"; + }; + }; + }; + }; + + config = { + systemd.mounts = mkIf cfg.gs.enable [ + { + type = "ext4"; + what = "/dev/disk/by-uuid/0fdab735-cc3e-493a-b4ec-cbf6a77d48d5"; + where = "/backup"; + options = "nofail,noauto"; + } + ]; + + systemd.automounts = mkIf cfg.gs.enable [ + { + where = "/backup"; + automountConfig.TimeoutIdleSec = "600"; + } + ]; + + services.borgbackup.jobs.gs = mkIf cfg.gs.enable { + removableDevice = true; + paths = "/"; + exclude = backupExcludes; + repo = "/backup/${config.networking.hostName}"; + doInit = false; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.gs.passphrasePath}"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "monthly"; + }; + + systemd.services."borgbackup-job-gs".enable = mkIf cfg.gs.enable true; + systemd.services."borgbackup-job-gs".wants = mkIf cfg.gs.enable [ "backup.mount" ]; + systemd.timers."borgbackup-job-gs".enable = mkIf cfg.gs.enable true; + + services.borgbackup.jobs.bs = mkIf cfg.bs.enable { + paths = "/"; + exclude = backupExcludes; + repo = "borg@backup0.dadada.li:/mnt/storage/backup/${config.networking.hostName}"; + doInit = false; + environment = { + BORG_RSH = "ssh -6 -i ${cfg.bs.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.bs.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + environment = { + BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; + }; + }; + + services.borgbackup.jobs.backup1 = mkIf cfg.backup1.enable { + paths = "/"; + exclude = backupExcludes; + repo = "borg@backup1.dadada.li:/mnt/storage/backups/${config.networking.hostName}"; + doInit = true; + environment = { + BORG_RSH = "ssh -6 -i ${cfg.backup1.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.backup1.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + }; + + services.borgbackup.jobs.backup2 = mkIf cfg.backup2.enable { + paths = "/"; + exclude = backupExcludes; + repo = cfg.backup2.repo; + doInit = true; + environment = { + BORG_RSH = "ssh -6 -p23 -i ${cfg.backup2.sshIdentityFile} -o 'StrictHostKeyChecking accept-new' -o 'TCPKeepAlive=yes'"; + }; + encryption = { + mode = "repokey"; + passCommand = "cat ${cfg.backup2.passphrasePath}"; + }; + compression = "auto,lz4"; + startAt = "daily"; + environment = { + BORG_RELOCATED_REPO_ACCESS_IS_OK = "no"; + }; + }; + }; +} diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix new file mode 100644 index 0000000..e498cd1 --- /dev/null +++ b/nixos/modules/borg-server.nix @@ -0,0 +1,99 @@ +{ config, lib, ... }: +let + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; + cfg = config.dadada.borgServer; +in +{ + options = { + dadada.borgServer = { + enable = mkEnableOption "Enable Borg backup server"; + path = mkOption { + type = types.path; + default = "/var/lib/backup"; + example = "/mnt/storage/backup"; + }; + }; + }; + + config = mkIf cfg.enable { + users.users.borg.home = cfg.path; + services.borgbackup.repos = { + "metis" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" + ]; + path = "${cfg.path}/metis"; + quota = "1T"; + }; + "gorgon" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" + ]; + path = "${cfg.path}/gorgon"; + quota = "1T"; + }; + "stolas" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINC/mVYd3o7oA0dsA58CgkqR40CSfeuU+rikleSrSXFz dadada@gorgon" + ]; + path = "${cfg.path}/stolas"; + quota = "1T"; + }; + "surgat" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" + ]; + path = "${cfg.path}/surgat"; + quota = "50G"; + }; + "pruflas" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" + ]; + path = "${cfg.path}/pruflas"; + quota = "50G"; + }; + "wohnzimmerpi" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" + ]; + path = "${cfg.path}/wohnzimmerpi"; + quota = "50G"; + }; + "fginfo" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxsyJeZVlVix0FPE8S/Gx0DVutS1ZNESVdYvHBwo36wGlYpSsQoSy/2HSwbpxs88MOGw1QNboxvvpBxCWxZ5HyjxuO5SwYgtmpjPXvmqfVqNXXnLChhSnKgk9b+HesQJCbHyrF9ZAJXEFCOGhOL3YTgd6lTX3lQUXgh/LEDlrPrigUMDNPecPWxpPskP6Vvpe9u+duhL+ihyxXaV+CoPk8nkWrov5jCGPiM48pugbwAfqARyZDgFpmWwL7Xg2UKgVZ1ttHZCWwH+htgioVZMYpdkQW1aq6LLGwN34Hj2VKXzmJN5frh6vQoZr2AFGHNKyJwAMpqnoY//QwuREpZTrh root@fginfo.ibr.cs.tu-bs.de" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup + ]; + path = "${cfg.path}/fginfo"; + quota = "50G"; + }; + "fginfo-git" = { + allowSubRepos = false; + authorizedKeysAppendOnly = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmI6cUv3j0T9ofFB286sDwXwwczqi41cp4MZyGH3VWQnqBPNjICqAdY3CLhgvGBCxSe6ZgKQ+5YLsGSSlU1uhrJXW2UiVKuIPd0kjMF/9e8hmNoTTh0pdk9THfz9LLAdI1vPin1EeVReuDXlZkCI7DFYuTO9yiyZ1uLZUfT1KBRoqiqyypZhut7zT3UaDs2L+Y5hho6WiTdm7INuz6HEB7qYXzrmx93hlcuLZA7fDfyMO9F4APZFUqefcUIEyDI2b+Q/8Q2/rliT2PoC69XLVlj7HyVhfgKsOnopwBDNF3rRcJ6zz4WICPM18i4ZCmfoDTL/cFr5c41Lan1X7wS5wR root@fginfo-git" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9N+E5fXHBL2juml+zeq/0auvqeQ5D+ljUE+EOY8cQ2 flareflo@flareflo-desktop" # restore from backup + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCNSecnVGNPpX2BEvP7EkkHzx46RzJ1L3eaAyIfLYRB flareflo@Dragoncave" # restore from backup + ]; + path = "${cfg.path}/fginfo-git"; + quota = "50G"; + }; + }; + + systemd.tmpfiles.rules = [ + "d ${cfg.path} 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" + ]; + }; +} diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix new file mode 100644 index 0000000..594be6d --- /dev/null +++ b/nixos/modules/ddns.nix @@ -0,0 +1,94 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.dadada.ddns; + ddnsConfig = + { + domains, + credentialsPath, + interface, + }: + { + systemd.timers = listToAttrs ( + forEach domains ( + domain: + nameValuePair "ddns-${domain}" { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${domain}.service" ]; + timerConfig.OnCalendar = "hourly"; + } + ) + ); + + systemd.services = listToAttrs ( + forEach domains ( + domain: + nameValuePair "ddns-${domain}" { + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + PrivateMounts = true; + PrivateIPC = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + BindReadOnlyPaths = [ credentialsPath ]; + NoNewPrivileges = true; + CapabilitBoundingSet = [ ]; + }; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } + + IFS=':' + read -r user password < ${credentialsPath} + unset IFS + + curl_url=$(url "$user" "$password" ${domain}) + + ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${ + if interface == null then "" else "--interface ${interface}" + } || true + ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${ + if interface == null then "" else "--interface ${interface}" + } + ''; + } + ) + ); + }; +in +{ + options = { + dadada.ddns.domains = mkOption { + type = types.listOf types.str; + description = '' + Enables DDNS for these domains. + ''; + example = '' + [ "example.com" ] + ''; + default = [ ]; + }; + dadada.ddns.credentialsPath = mkOption { + type = types.path; + description = "Credentials file"; + default = "/var/lib/ddns/credentials"; + }; + dadada.ddns.interface = mkOption { + type = types.nullOr types.str; + description = "Source interface to use"; + default = null; + }; + }; + + config = with cfg; ddnsConfig { inherit domains interface credentialsPath; }; +} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix new file mode 100644 index 0000000..fa94c8c --- /dev/null +++ b/nixos/modules/default.nix @@ -0,0 +1,16 @@ +{ lib, ... }: +with lib; +let + modules' = + dir: + filterAttrs ( + name: type: + (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))) + ) (builtins.readDir dir); + modules = + dir: + mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( + modules' dir + ); +in +(modules ./.) diff --git a/modules/element.nix b/nixos/modules/element.nix similarity index 95% rename from modules/element.nix rename to nixos/modules/element.nix index 45e9a48..2fcefec 100644 --- a/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,7 +1,13 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.dadada.element; -in { +in +{ options.dadada.element = { enable = lib.mkEnableOption "Enable element webapp"; }; @@ -32,4 +38,4 @@ in { }; }; }; -} +} diff --git a/modules/fileShare.nix b/nixos/modules/fileShare.nix similarity index 69% rename from modules/fileShare.nix rename to nixos/modules/fileShare.nix index 0abb065..a3a72ba 100644 --- a/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,12 +1,16 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; ipv4 = "192.168.42.0/24"; - allow = "192.168.42.0 fd42:dead:beef::"; -in { +in +{ options.dadada.fileShare = { enable = mkEnableOption "Enable file share server"; }; @@ -18,11 +22,7 @@ in { workgroup = WORKGROUP server string = media netbios name = media - security = user - #use sendfile = yes - #max protocol = smb2 - hosts allow = ${allow} localhost - hosts deny = 0.0.0.0/0 + security = user guest account = nobody map to guest = bad user ''; @@ -30,12 +30,13 @@ in { public = { path = sharePath; browseable = "yes"; - "read only" = "no"; + "read only" = "yes"; "guest ok" = "yes"; - "create mask" = "0644"; - "directory mask" = "0755"; - "force user" = "username"; - "force group" = "groupname"; + "guest only" = "yes"; + "create mask" = "0660"; + "directory mask" = "2770"; + "force user" = "nobody"; + "force group" = "nobody"; }; }; }; @@ -47,4 +48,3 @@ in { }; }; } - diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix new file mode 100644 index 0000000..783bf6f --- /dev/null +++ b/nixos/modules/gitea.nix @@ -0,0 +1,102 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.dadada.forgejo; +in +{ + options.dadada.forgejo = { + enable = lib.mkEnableOption "Enable forgejo"; + }; + config = lib.mkIf cfg.enable { + services.forgejo = { + enable = true; + user = "gitea"; + group = "gitea"; + stateDir = "/var/lib/gitea"; + + database = { + type = "postgres"; + name = "gitea"; + user = "gitea"; + }; + + settings = { + DEFAULT.APP_NAME = "dadada forgejo"; + service = { + DISABLE_REGISTRATION = true; + }; + sessions = { + COOKIE_SECURE = true; + }; + server = { + ROOT_URL = "https://git.dadada.li/"; + PROTOCOL = "http+unix"; + LANDING_PAGE = "explore"; + OFFLINE_MODE = true; + DISABLE_SSH = false; + + # Use built-in SSH server + START_SSH_SERVER = true; + SSH_PORT = 22; + + DOMAIN = "git.dadada.li"; + }; + picture = { + DISABLE_GRAVATAR = true; + REPOSITORY_AVATAR_FALLBACK = "random"; + ENABLE_FEDERATED_AVATAR = false; + }; + other = { + SHOW_FOOTER_BRANDING = false; + SHOW_FOOTER_VERSION = false; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; + }; + log = { + DISABLE_ROUTER_LOG = true; + LEVEL = "Error"; + }; + cache = { + ENABLE = true; + ADAPTER = "redis"; + HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180"; + }; + }; + }; + + services.redis = { + servers.forgejo = { + enable = true; + user = config.services.forgejo.user; + }; + vmOverCommit = true; + }; + + systemd.services.forgejo.serviceConfig = { + AmbientCapabilities = lib.mkForce "CAP_NET_BIND_SERVICE"; + CapabilityBoundingSet = lib.mkForce "CAP_NET_BIND_SERVICE"; + PrivateUsers = lib.mkForce false; + }; + + services.nginx.virtualHosts."git.${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + proxy_pass http://unix:/run/forgejo/forgejo.sock:/; + ''; + }; + + users.users.gitea = { + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + + users.groups.gitea = { }; + }; +} diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix new file mode 100644 index 0000000..877be07 --- /dev/null +++ b/nixos/modules/headphones.nix @@ -0,0 +1,30 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.dadada.headphones; +in +{ + options = { + dadada.headphones = { + enable = mkEnableOption "Enable bluetooth headphones with more audio codecs."; + }; + }; + config = mkIf cfg.enable { + hardware = { + bluetooth.enable = true; + pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraConfig = '' + set-source-volume 1 10000 + ''; + package = pkgs.pulseaudioFull; + }; + }; + }; +} diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix new file mode 100644 index 0000000..193e71e --- /dev/null +++ b/nixos/modules/homepage.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + ... +}: +let + cfg = config.dadada.homepage; +in +with lib; +{ + options.dadada.homepage = { + enable = mkEnableOption "Enable home page"; + package = mkOption { + type = lib.types.path; + description = "Path containing the homepage"; + }; + }; + config = mkIf cfg.enable { + services.nginx.enable = true; + + services.nginx.virtualHosts."dadada.li" = { + enableACME = true; + forceSSL = true; + root = "${cfg.package}"; + }; + }; +} diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix new file mode 100644 index 0000000..9d18883 --- /dev/null +++ b/nixos/modules/inputs.nix @@ -0,0 +1,20 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.dadada.inputs; +in +{ + options = { + dadada.inputs = lib.mkOption { + type = lib.types.attrsOf lib.types.attrs; + description = "Flake inputs that should be available inside Nix modules"; + default = { }; + }; + }; + + config = { }; +} diff --git a/nixos/modules/miniflux.nix b/nixos/modules/miniflux.nix new file mode 100644 index 0000000..6898f34 --- /dev/null +++ b/nixos/modules/miniflux.nix @@ -0,0 +1,37 @@ +{ config, lib, ... }: +let + cfg = config.dadada.miniflux; + domain = "miniflux.${config.networking.domain}"; + adminCredentialsFile = "miniflux-admin-credentials"; +in +{ + + options.dadada.miniflux = { + enable = lib.mkEnableOption "Enable miniflux RSS aggregator"; + }; + + config = lib.mkIf cfg.enable { + services.miniflux = { + enable = true; + config = { + CLEANUP_FREQUENCY = "48"; + LISTEN_ADDR = "localhost:8080"; + }; + adminCredentialsFile = config.age.secrets.${adminCredentialsFile}.path; + }; + + services.nginx.virtualHosts.${domain} = { + enableACME = true; + forceSSL = true; + + locations."/".extraConfig = '' + proxy_pass http://localhost:8080/; + ''; + }; + + age.secrets.${adminCredentialsFile} = { + file = "${config.dadada.secrets.path}/${adminCredentialsFile}.age"; + mode = "0600"; + }; + }; +} diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix new file mode 100644 index 0000000..4db8af2 --- /dev/null +++ b/nixos/modules/packages.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + options = { + dadada.pkgs = lib.mkOption { + type = lib.types.attrsOf lib.types.package; + description = "Additional packages that are not sourced from nixpkgs"; + default = { }; + }; + }; +} diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix new file mode 100644 index 0000000..d333804 --- /dev/null +++ b/nixos/modules/profiles/backup.nix @@ -0,0 +1,28 @@ +{ config, lib, ... }: +let + secretsPath = config.dadada.secrets.path; +in +{ + dadada.backupClient.bs = { + enable = lib.mkDefault false; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + }; + + dadada.backupClient.backup1 = { + enable = lib.mkDefault true; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + }; + + dadada.backupClient.backup2 = { + enable = lib.mkDefault false; + passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase".path; + sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; + }; + + age.secrets."${config.networking.hostName}-backup-passphrase".file = + "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = + "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; +} diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix new file mode 100644 index 0000000..0976788 --- /dev/null +++ b/nixos/modules/profiles/base.nix @@ -0,0 +1,74 @@ +{ + config, + lib, + pkgs, + ... +}: +let + mkDefault = lib.mkDefault; + inputs = config.dadada.inputs; +in +{ + imports = [ + ./upgrade-pg-cluster.nix + ]; + + boot.tmp.useTmpfs = lib.mkDefault true; + boot.tmp.tmpfsSize = lib.mkDefault "50%"; + + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + console = mkDefault { + font = "Lat2-Terminus16"; + keyMap = "us"; + }; + + i18n.supportedLocales = mkDefault [ + "C.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "de_DE.UTF-8/UTF-8" + ]; + + time.timeZone = mkDefault "Europe/Berlin"; + + nix.package = pkgs.lix; + + nix.settings.substituters = [ "https://cache.nixos.org/" ]; + + nix.settings.trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "gorgon:eEE/PToceRh34UnnoFENERhk89dGw5yXOpJ2CUbfL/Q=" + ]; + + nix.settings.require-sigs = true; + + nix.settings.auto-optimise-store = true; + + nix.gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 3d"; + }; + + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + networking.networkmanager.dns = mkDefault "systemd-resolved"; + + networking.hosts = { + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe" = [ "backup1.dadada.li" ]; + }; + + services.resolved = { + enable = mkDefault true; + fallbackDns = [ + "9.9.9.9#dns.quad9.net" + "2620:fe::fe:11#dns11.quad9.net" + ]; + }; + + programs.zsh.enable = mkDefault true; + + # Avoid some bots + services.openssh.ports = [ 2222 ]; +} diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix new file mode 100644 index 0000000..1ddbb1e --- /dev/null +++ b/nixos/modules/profiles/cloud.nix @@ -0,0 +1,54 @@ +{ config, lib, ... }: +let + secretsPath = config.dadada.secrets.path; + initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key"; +in +{ + imports = [ + ./server.nix + ]; + + boot.initrd.availableKernelModules = [ "virtio-pci" ]; + + boot.kernelParams = [ + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 2223; + hostKeys = [ + config.age.secrets."${initrdHostKey}".path + ]; + authorizedKeys = + with lib; + concatLists ( + mapAttrsToList ( + name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] + ) config.users.users + ); + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + + assertions = lib.singleton { + assertion = + (config.boot.initrd.network.ssh.hostKeys != [ ]) + -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + + age.secrets."${initrdHostKey}" = { + file = "${secretsPath}/initrd-${initrdHostKey}.age"; + mode = "600"; + path = "/etc/initrd/${initrdHostKey}"; + symlink = false; + }; +} diff --git a/nixos/modules/profiles/home.nix b/nixos/modules/profiles/home.nix new file mode 100644 index 0000000..a695e8b --- /dev/null +++ b/nixos/modules/profiles/home.nix @@ -0,0 +1,7 @@ +{ pkgs, inputs, ... }: +{ + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.sharedModules = pkgs.lib.attrValues inputs.self.hmModules; + home-manager.users.dadada = inputs.self.hmConfigurations.dadada; +} diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix new file mode 100644 index 0000000..7089f4e --- /dev/null +++ b/nixos/modules/profiles/laptop.nix @@ -0,0 +1,52 @@ +{ + config, + lib, + ... +}: +let + inputs = config.dadada.inputs; +in +with lib; +{ + imports = [ + ./backup.nix + ./base.nix + ]; + + networking.domain = mkDefault "dadada.li"; + + services.fwupd.enable = mkDefault true; + programs.ssh.enableAskPassword = true; + programs.nix-ld.enable = true; + + nix.nixPath = mapAttrsToList (name: value: "${name}=${value}") inputs; + nix.registry = mkForce (mapAttrs' (name: value: nameValuePair name { flake = value; }) inputs); + nix.settings.flake-registry = "${config.dadada.inputs.flake-registry}/flake-registry.json"; + + age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + users.mutableUsers = true; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = mkDefault true; + boot.loader.efi.canTouchEfiVariables = mkDefault true; + + services.fstrim.enable = mkDefault true; + + services.avahi.enable = mkDefault true; + + networking.networkmanager.enable = mkDefault true; + networking.firewall.enable = mkDefault true; + + xdg.mime.enable = mkDefault true; + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + services.pulseaudio.enable = false; + security.sudo.wheelNeedsPassword = true; +} diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix new file mode 100644 index 0000000..724655f --- /dev/null +++ b/nixos/modules/profiles/server.nix @@ -0,0 +1,42 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +{ + imports = [ + ./backup.nix + ./base.nix + ]; + + networking.domain = mkDefault "dadada.li"; + networking.tempAddresses = "disabled"; + + dadada.admin.enable = true; + documentation.enable = mkDefault false; + documentation.nixos.enable = mkDefault false; + + services.btrfs.autoScrub.enable = mkDefault ( + (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { } + ); + + services.journald.extraConfig = '' + SystemKeepFree = 2G + MaxRetentionSec = 100days + ''; + + system.autoUpgrade = { + enable = true; + flake = "https://git.dadada.li/dadada/nix-config/archive/main.tar.gz#${config.networking.hostName}"; + allowReboot = mkDefault false; + randomizedDelaySec = "45min"; + }; + + security.acme = { + defaults.email = "d553a78d-0349-48db-9c20-5b27af3a1dfc@dadada.li"; + acceptTerms = true; + }; + +} diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix new file mode 100644 index 0000000..486bf29 --- /dev/null +++ b/nixos/modules/profiles/upgrade-pg-cluster.nix @@ -0,0 +1,37 @@ +{ + config, + pkgs, + lib, + ... +}: +{ + environment.systemPackages = lib.mkIf config.services.postgresql.enable [ + ( + let + # Do not forget to list the extensions you need. + newPostgres = pkgs.postgresql_15.withPackages (pp: [ ]); + in + pkgs.writeScriptBin "upgrade-pg-cluster" '' + set -eux + # XXX it's perhaps advisable to stop all services that depend on postgresql + systemctl stop postgresql + + export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}" + + export NEWBIN="${newPostgres}/bin" + + export OLDDATA="${config.services.postgresql.dataDir}" + export OLDBIN="${config.services.postgresql.package}/bin" + + install -d -m 0700 -o postgres -g postgres "$NEWDATA" + cd "$NEWDATA" + sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" + + sudo -u postgres $NEWBIN/pg_upgrade \ + --old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \ + --old-bindir $OLDBIN --new-bindir $NEWBIN \ + "$@" + '' + ) + ]; +} diff --git a/nixos/modules/secrets.nix b/nixos/modules/secrets.nix new file mode 100644 index 0000000..5b74f5b --- /dev/null +++ b/nixos/modules/secrets.nix @@ -0,0 +1,10 @@ +{ config, lib, ... }: +{ + options = { + dadada.secrets.path = lib.mkOption { + type = lib.types.path; + description = "Path to encrypted secrets files"; + default = ../../secrets; + }; + }; +} diff --git a/modules/share.nix b/nixos/modules/share.nix similarity index 93% rename from modules/share.nix rename to nixos/modules/share.nix index 852ae80..7c7410b 100644 --- a/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, ... }: - +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.dadada.share; -in { +in +{ options.dadada.share = { enable = mkEnableOption "Enable file share"; }; @@ -27,4 +32,3 @@ in { }; }; } - diff --git a/modules/steam.nix b/nixos/modules/steam.nix similarity index 51% rename from modules/steam.nix rename to nixos/modules/steam.nix index 273b1c0..e14add3 100644 --- a/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,17 +1,22 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.dadada.steam; -in { - options.dadada.steam = { - enable = mkEnableOption "Enable Steam config"; +in +{ + options = { + dadada.steam = { + enable = mkEnableOption "Enable Steam config"; + }; }; config = mkIf cfg.enable { - nixpkgs.config.allowUnfree = true; - - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport32Bit = true; extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; }; diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix new file mode 100644 index 0000000..ee2298e --- /dev/null +++ b/nixos/modules/vpnServer.nix @@ -0,0 +1,66 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + cfg = config.dadada.vpnServer; + wgPeer = + { name, ... }: + { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; + }; + }; + }; +in +{ + options.dadada.vpnServer = { + enable = mkEnableOption "Enable wireguard gateway"; + peers = mkOption { + description = "Set of extensions and public keys of peers"; + type = with types; attrsOf (submodule wgPeer); + default = { }; + }; + }; + config = mkIf cfg.enable { + networking.wireguard = { + enable = true; + interfaces."wg0" = { + allowedIPsAsRoutes = true; + privateKeyFile = "/var/lib/wireguard/wg0-key"; + ips = [ "fd42:9c3b:f96d:0201::0/64" ]; + listenPort = 51234; + peers = map (peer: { + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; + publicKey = peer.key; + }) (attrValues cfg.peers); + postSetup = '' + wg set wg0 fwmark 51234 + ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 + ip -6 route add table 2468 fd42:9c3b:f96d:201::/64 dev wg0 + ip -6 rule add fwmark 51234 table 2468 + ''; + }; + }; + boot.kernel.sysctl = { + # Enable forwarding for VPN + "net.ipv6.conf.wg0.forwarding" = true; + "net.ipv6.conf.ens3.forwarding" = true; + }; + }; +} diff --git a/modules/weechat.nix b/nixos/modules/weechat.nix similarity index 94% rename from modules/weechat.nix rename to nixos/modules/weechat.nix index 7fabdb8..6ff0106 100644 --- a/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,9 +1,14 @@ -{ config, pkgs, lib, ... }: - +{ + config, + pkgs, + lib, + ... +}: with lib; let cfg = config.dadada.weechat; -in { +in +{ options.dadada.weechat = { enable = mkEnableOption "Enable weechat relay"; }; @@ -31,7 +36,7 @@ in { }; }; services.nginx.virtualHosts."weechat.dadada.li" = { - useACMEHost = "webchat.dadada.li"; + enableACME = true; forceSSL = true; root = "${pkgs.nginx}/html"; @@ -55,4 +60,3 @@ in { }; }; } - diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix new file mode 100644 index 0000000..47699e1 --- /dev/null +++ b/nixos/modules/yubikey.nix @@ -0,0 +1,53 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; +let + yubikey = config.dadada.yubikey; +in +{ + options = { + dadada.yubikey = { + enable = mkEnableOption "Enable Yubikey"; + fido2Credentials = mkOption { + type = with types; listOf str; + description = "FIDO2 credential strings"; + default = [ ]; + }; + luksUuid = mkOption { + type = with types; nullOr str; + description = "Device UUID"; + default = null; + }; + }; + }; + + config = mkIf yubikey.enable { + security.pam = { + # Keys must be placed in $XDG_CONFIG_HOME/Yubico/u2f_keys + services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + u2f = { + control = "sufficient"; + settings.cue = true; + }; + }; + + services.pcscd.enable = true; + + services.udev.packages = [ pkgs.yubikey-personalization ]; + + environment.systemPackages = with pkgs; [ + #fido2luks + #linuxPackages.acpi_call + pam_u2f + pamtester + yubioath-flutter + ]; + }; +} diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix new file mode 100644 index 0000000..d4a7bb9 --- /dev/null +++ b/nixos/ninurta/configuration.nix @@ -0,0 +1,455 @@ +{ + config, + pkgs, + lib, + ... +}: +let + hostAliases = [ + "ifrit.dadada.li" + "media.dadada.li" + "backup1.dadada.li" + ]; + secretsPath = config.dadada.secrets.path; + uwuPrivKey = "pruflas-wg0-key"; + wgHydraPrivKey = "pruflas-wg-hydra-key"; + uwuPresharedKey = "pruflas-wg0-preshared-key"; + initrdSshKey = "/etc/ssh/ssh_initrd_ed25519_key"; + softServePort = 23231; +in +{ + imports = [ + ../modules/profiles/server.nix + ./hardware-configuration.nix + ./printing.nix + ./monitoring.nix + ]; + + services.soft-serve = { + enable = true; + settings = { + name = "dadada's repos"; + log_format = "text"; + ssh = { + listen_addr = ":${toString softServePort}"; + public_url = "ssh://soft-serve.dadada.li:${toString softServePort}"; + max_timeout = 30; + idle_timeout = 120; + }; + stats.listen_addr = ":23233"; + initial_admin_keys = config.dadada.admin.users.dadada.keys; + }; + }; + + services.openssh.ports = [ + 22 + 2222 + ]; + + dadada.backupClient.bs.enable = false; + dadada.backupClient.backup1.enable = false; + + dadada.backupClient.backup2 = { + enable = true; + repo = "u355513-sub2@u355513-sub2.your-storagebox.de:/home/backup"; + }; + + networking.hostName = "ninurta"; + networking.domain = "bs.dadada.li"; + + networking.hosts = { + "127.0.0.1" = hostAliases; + "::1" = hostAliases; + }; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + assertions = lib.singleton { + assertion = + (config.boot.initrd.network.ssh.hostKeys != [ ]) + -> config.boot.loader.supportsInitrdSecrets == true; + message = "Refusing to store private keys in store"; + }; + + boot.kernelParams = [ + # Use the in-kernel DHCP client (yes that exists) + "ip=dhcp" + + # Wait forever for the filesystem root to show up + "rootflags=x-systemd.device-timeout=0" + + # Wait forever to enter the LUKS passphrase via SSH + "rd.luks.options=timeout=0" + ]; + boot.initrd = { + network = { + enable = true; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 2222; + authorizedKeys = config.dadada.admin.users.dadada.keys; + hostKeys = [ initrdSshKey ]; + }; + }; + systemd = { + enable = true; + network = { + enable = true; + links = { + "10-lan" = { + matchConfig.Name = "e*"; + linkConfig.MACAddressPolicy = "persistent"; + }; + }; + networks = { + "10-lan" = { + matchConfig.Name = "e*"; + networkConfig.DHCP = "ipv4"; + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + }; + }; + + dadada.borgServer = { + enable = true; + path = "/mnt/storage/backups"; + }; + + services.borgbackup.jobs."backup1.bs.dadada.li" = { + removableDevice = true; + paths = [ + "/var/backup" + "/var/lib" + "/var/www" + "/home" + ]; + exclude = [ + "/home/*/.cache" + "/var/lib/machines" + ]; + repo = "/mnt/storage/backups/${config.networking.hostName}"; + doInit = true; + encryption = { + mode = "repokey"; + passCommand = "cat ${config.age.secrets.ninurta-backup-passphrase.path}"; + }; + compression = "auto,lz4"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 2; + monthly = -1; # Keep at least one archive for each month + yearly = -1; # Keep at least one archive for each year + }; + startAt = "daily"; + }; + + age.secrets."ninurta-backup-passphrase" = { + file = "${secretsPath}/ninurta-backup-passphrase.age"; + mode = "400"; + }; + + nix.buildMachines = [ + { + hostName = "localhost"; + system = "x86_64-linux"; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; + maxJobs = 16; + } + ]; + + nix.extraOptions = '' + allowed-uris = https://github.com/NixOS https://github.com/nix-community https://github.com/dadada https://git.dadada.li/ github.com/ryantm/agenix github.com/serokell/deploy-rs https://gitlab.com/khumba/nvd.git https://github.com/real-or-random/dokuwiki-plugin-icalevents https://github.com/giterlizzi/dokuwiki-template-bootstrap3 + ''; + + systemd.tmpfiles.rules = [ + "d /mnt/storage/backups/ninurta 0750 ${config.users.users.borg.name} ${config.users.users.borg.group} - -" + "v /var/.snapshots 0755 root root - -" + "v /home/.snapshots 0755 root root - -" + "v /mnt/storage/.snapshots 0755 root root - -" + "v /mnt/storage/backups 0755 root root - -" + ]; + + age.secrets.${uwuPrivKey} = { + file = "${secretsPath}/${uwuPrivKey}.age"; + owner = "systemd-network"; + }; + + age.secrets.${uwuPresharedKey} = { + file = "${secretsPath}/${uwuPresharedKey}.age"; + owner = "systemd-network"; + }; + age.secrets.${wgHydraPrivKey} = { + file = "${secretsPath}/${wgHydraPrivKey}.age"; + owner = "systemd-network"; + }; + + # This does not work, since the key is needed earlier than run-agenix.mount. + # age.secrets.${initrdSshKey} = { + # file = "${secretsPath}/${initrdSshKey}.age"; + # mode = "700"; + # }; + + services.snapper = { + cleanupInterval = "1d"; + snapshotInterval = "daily"; + configs.home = { + SUBVOLUME = "/home"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + configs.var = { + SUBVOLUME = "/var"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + configs.storage = { + SUBVOLUME = "/mnt/storage"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_LIMIT_HOURLY = "10"; + TIMELINE_LIMIT_DAILY = "10"; + TIMELINE_LIMIT_WEEKLY = "10"; + TIMELINE_LIMIT_MONTHLY = "10"; + TIMELINE_LIMIT_YEARLY = "10"; + }; + }; + + services.smartd.enable = true; + + systemd.network = { + enable = true; + links = { + "10-lan" = { + matchConfig.Name = "enp*"; + linkConfig.MACAddressPolicy = "persistent"; + }; + }; + networks = { + "10-wlan" = { + matchConfig.Name = "wlan*"; + linkConfig.RequiredForOnline = false; + }; + "10-wlo" = { + matchConfig.Name = "wlo*"; + linkConfig.RequiredForOnline = false; + }; + "10-lan" = { + matchConfig.Name = "enp*"; + bridge = [ "br0" ]; + }; + "30-wg0" = { + matchConfig.Name = "wg0"; + address = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = false; + routes = [ + { + Destination = "10.3.3.1/24"; + } + { + Destination = "fd42:9c3b:f96d:121::1/64"; + } + ]; + }; + "30-uwu" = { + matchConfig.Name = "uwu"; + address = [ + "10.11.0.39/24" + "fc00:1337:dead:beef::10.11.0.39/128" + ]; + dns = [ "10.11.0.1%uwu#uwu" ]; + domains = [ "uwu" ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = false; + routes = [ + { + Destination = "10.11.0.0/22"; + } + { + Destination = "fc00:1337:dead:beef::10.11.0.0/118"; + } + ]; + }; + "20-br0" = { + matchConfig.Name = "br0"; + networkConfig.DHCP = "ipv4"; + networkConfig.Domains = [ "bs.dadada.li" ]; + networkConfig.VLAN = [ ]; + networkConfig.IPv6PrivacyExtensions = false; + linkConfig.RequiredForOnline = "routable"; + dhcpV4Config = { + UseDomains = true; + UseDNS = true; + UseNTP = true; + }; + ipv6AcceptRAConfig = { + UseDomains = true; + UseDNS = true; + }; + }; + }; + netdevs = { + "20-br0" = { + netdevConfig = { + Kind = "bridge"; + Name = "br0"; + }; + }; + "20-wg0" = { + netdevConfig = { + Kind = "wireguard"; + Name = "wg0"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets.${wgHydraPrivKey}.path; + ListenPort = 51235; + }; + wireguardPeers = [ + { + PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; + AllowedIPs = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; + PersistentKeepalive = 25; + Endpoint = "surgat.dadada.li:51235"; + } + { + PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; + AllowedIPs = [ + "10.3.3.2/32" + "fd42:9c3b:f96d:121::2/128" + ]; + Endpoint = "192.168.101.1:51235"; + } + ]; + }; + "20-uwu" = { + netdevConfig = { + Kind = "wireguard"; + Name = "uwu"; + }; + wireguardConfig = { + PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; + }; + wireguardPeers = [ + { + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ + "10.11.0.0/22" + "fc00:1337:dead:beef::10.11.0.0/118" + "192.168.178.0/23" + ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; + } + ]; + }; + }; + }; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 2222 # SSH + ]; + allowedUDPPorts = [ + 51234 # Wireguard + 51235 # Wireguard + ]; + interfaces = { + br0.allowedTCPPorts = [ + 22 # SSH + 80 # munin web + 631 # IPP + ]; + br0.allowedUDPPorts = [ + 631 # IPP + ]; + uwu.allowedTCPPorts = [ + softServePort + ]; + wg0.allowedTCPPorts = [ + 3000 # Hydra + 4949 # munin-node + ]; + }; + }; + + services.resolved.enable = true; + networking.networkmanager.enable = false; + networking.useDHCP = false; + + powerManagement = { + enable = true; + cpuFreqGovernor = "powersave"; + # powertop autotune + powertop.enable = true; + # This generally means no power management for SCSI + scsiLinkPolicy = "med_power_with_dipm"; + # Configure the disks to spin down after 10 min of inactivity. + }; + + services.udev.packages = [ + (pkgs.writeTextFile { + name = "60-hdparm"; + text = '' + ACTION=="add|change", KERNEL=="sd[a-z]", ATTRS{queue/rotational}=="1", RUN+="${pkgs.hdparm}/bin/hdparm -S 60 /dev/%k" + ''; + destination = "/etc/udev/rules.d/60-hdparm.rules"; + }) + ]; + + services.pulseaudio.enable = false; + + environment.systemPackages = with pkgs; [ + smartmontools + hdparm + ]; + + users.users."backup-keepassxc" = { + home = "/mnt/storage/backups/backup-keepassxc"; + isNormalUser = true; + description = "Backup KeepassXC database"; + extraGroups = [ ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIirODQlcTJ8e9OcFuMlYlGekrUMtDpD5HhbTmuQ+jDW KeepassXC DB backup " + ]; + }; + + virtualisation.libvirtd.enable = true; + + documentation.enable = true; + documentation.nixos.enable = true; + + system.stateVersion = "23.05"; +} diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix new file mode 100644 index 0000000..cd6b64b --- /dev/null +++ b/nixos/ninurta/hardware-configuration.nix @@ -0,0 +1,117 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ + "igc" + "xhci_pci" + "thunderbolt" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + + boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; + + fileSystems."/swap" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=swap" + "noatime" + ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "noatime" + "compress=zstd" + ]; + }; + + fileSystems."/var" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=var" + "compress=zstd" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + ]; + }; + + fileSystems."/root" = { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/2E20-49CB"; + fsType = "vfat"; + }; + + swapDevices = [ + { + device = "/swap/swapfile"; + size = 32 * 1024; # 32 GByte + } + ]; + + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + ]; + }; + + fileSystems."/mnt/storage/backups" = { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ + "subvol=backups" + "noatime" + ]; + }; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/ninurta/monitoring.nix b/nixos/ninurta/monitoring.nix new file mode 100644 index 0000000..c8bee05 --- /dev/null +++ b/nixos/ninurta/monitoring.nix @@ -0,0 +1,25 @@ +{ config, ... }: +{ + services.nginx.enable = true; + services.nginx.virtualHosts."ninurta.bs.dadada.li" = { + addSSL = false; + enableACME = false; + root = "/var/www/munin/"; + locations = { + "/" = { + root = "/var/www/munin/"; + }; + }; + }; + services.munin-cron = { + enable = true; + hosts = '' + [${config.networking.hostName}] + address 127.0.0.1 + + [surgat] + address 10.3.3.1 + ''; + }; + services.munin-node.enable = true; +} diff --git a/nixos/ninurta/printing.nix b/nixos/ninurta/printing.nix new file mode 100644 index 0000000..c1d2aa8 --- /dev/null +++ b/nixos/ninurta/printing.nix @@ -0,0 +1,43 @@ +{ cfg, pkgs, ... }: +{ + hardware = { + printers = { + ensurePrinters = [ + { + name = "Brother_HL-L2300D"; + model = "drv:///brlaser.drv/brl2300d.ppd"; + location = "BS"; + deviceUri = "usb://Brother/HL-L2310D%20series?serial=E78096H3N771439"; + ppdOptions = { + PageSize = "A4"; + Duplex = "DuplexNoTumble"; + }; + } + ]; + }; + }; + + services.avahi = { + enable = true; + nssmdns4 = true; + openFirewall = true; + publish = { + enable = true; + userServices = true; + }; + }; + + services.printing = { + enable = true; + drivers = [ + pkgs.brlaser + pkgs.gutenprint + ]; + # Remove all state at the start of the service + stateless = true; + listenAddresses = [ "192.168.101.29:631" ]; + allowFrom = [ "from 192.168.101.0/24" ]; + browsing = true; + defaultShared = true; + }; +} diff --git a/nixos/stolas/default.nix b/nixos/stolas/default.nix new file mode 100644 index 0000000..1c5cc9b --- /dev/null +++ b/nixos/stolas/default.nix @@ -0,0 +1,205 @@ +{ + config, + lib, + pkgs, + ... +}: +{ + + imports = [ + ../modules/profiles/laptop.nix + ./disks.nix + ./paperless.nix + ]; + + boot = { + lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + kernelModules = [ "kvm-amd" ]; + # Hopefully fixes suspend issues with wifi card + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = [ + "resume=UUID=81dfbfa5-d578-479c-b11c-3ee5abd6848a" + "resume_offset=79859524" + "zswap.enabled=1" + ]; + extraModulePackages = [ config.boot.kernelPackages.v4l2loopback ]; + # Lanzaboote currently replaces the systemd-boot module. + # This setting is usually set to true in configuration.nix + # generated at installation time. So we force it to false + # for now. + loader.systemd-boot.enable = lib.mkForce false; + initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "thunderbolt" + "usb_storage" + "sd_mod" + ]; + # Ensure that TPM module is loaded + kernelModules = [ "tpm" ]; + }; + }; + + environment.systemPackages = [ + # For debugging and troubleshooting Secure Boot. + pkgs.sbctl + ]; + + hardware = { + # NOTE: hardware.framework.enableKmod requires kernel patching, but enables access to some EC features + bluetooth.enable = true; + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + enableRedistributableFirmware = true; + framework.laptop13.audioEnhancement.enable = true; + graphics = { + enable = true; + extraPackages = with pkgs; [ + vaapiVdpau + libvdpau-va-gl + ]; + }; + }; + + powerManagement = { + enable = true; + cpuFreqGovernor = "schedutil"; + }; + + networking = { + hostName = "stolas"; + firewall = { + enable = true; + allowedTCPPorts = [ + 22000 # Syncthing + ]; + allowedUDPPorts = [ + 21027 # Syncthing + ]; + }; + }; + + nix = { + settings.max-jobs = lib.mkDefault 16; + }; + + dadada = { + admin.enable = true; + backupClient.gs.enable = false; + backupClient.backup1.enable = true; + backupClient.backup2 = { + enable = true; + repo = "u355513-sub5@u355513-sub5.your-storagebox.de:/home/backup"; + }; + }; + + programs = { + adb.enable = true; + firefox = { + enable = true; + package = pkgs.firefox-wayland; + }; + gnupg.agent.enable = true; + ssh.startAgent = true; + wireshark.enable = true; + }; + + services = { + avahi.enable = true; + desktopManager.plasma6.enable = true; + displayManager = { + sddm.enable = true; + sddm.wayland.enable = true; + }; + gnome.gnome-keyring.enable = lib.mkForce false; + smartd.enable = true; + printing = { + enable = true; + browsing = true; + }; + tlp.enable = false; + snapper = { + cleanupInterval = "1d"; + snapshotInterval = "hourly"; + configs = { + home = { + SUBVOLUME = "/home/dadada"; + ALLOW_USERS = [ "dadada" ]; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + var = { + SUBVOLUME = "/var"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "1800"; + TIMELINE_LIMIT_HOURLY = "5"; + TIMELINE_LIMIT_DAILY = "7"; + TIMELINE_LIMIT_WEEKLY = "0"; + TIMELINE_LIMIT_MONTHLY = "0"; + TIMELINE_LIMIT_YEARLY = "0"; + }; + paperless = { + SUBVOLUME = "/var/lib/paperless"; + TIMELINE_CREATE = true; + TIMELINE_CLEANUP = true; + TIMELINE_MIN_AGE = "3600"; + TIMELINE_LIMIT_HOURLY = "10"; + TIMELINE_LIMIT_DAILY = "10"; + TIMELINE_LIMIT_WEEKLY = "10"; + TIMELINE_LIMIT_MONTHLY = "10"; + TIMELINE_LIMIT_YEARLY = "10"; + }; + }; + }; + }; + + system = { + stateVersion = "25.05"; + }; + + systemd.services = { + modem-manager.enable = lib.mkForce false; + "dbus-org.freedesktop.ModemManager1".enable = lib.mkForce false; + }; + + systemd.tmpfiles.rules = [ + "v /var/.snapshots 0755 root root - -" + "v /var/paperless/.snapshots 0755 root root - -" + "v /home/dadada/.snapshots 0755 root root - -" + ]; + + virtualisation.libvirtd.enable = true; + + users = { + users = { + dadada = { + initialHashedPassword = "$y$j9T$43qGBeY6hg6AXQmcVkS131$6AeRDOe6XAnmgA/AkJGaSIYTj5dbQLd9vrQ7zSyi5TA"; + isNormalUser = true; + extraGroups = [ + "wheel" + "networkmanager" + "libvirtd" + "adbusers" + "kvm" + "video" + "scanner" + "lp" + "docker" + "dialout" + "wireshark" + "paperless" + ]; + }; + }; + }; +} diff --git a/nixos/stolas/disks.nix b/nixos/stolas/disks.nix new file mode 100644 index 0000000..eff5680 --- /dev/null +++ b/nixos/stolas/disks.nix @@ -0,0 +1,100 @@ +{ + disko.devices = { + nodev."/nix/var/nix/builds" = { + fsType = "tmpfs"; + mountOptions = [ + "size=80%" + "defaults" + "mode=755" + ]; + }; + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "1G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + settings = { + allowDiscards = true; + crypttabExtraOpts = [ + "tpm2-device=auto" + "tpm2-pin=true" + ]; + }; + #additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/dadada" = { + mountpoint = "/home/dadada"; + mountOptions = [ + "compress=zstd" + "relatime" + ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/var" = { + mountpoint = "/var"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/paperless" = { + mountpoint = "/var/lib/paperless"; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "128G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nixos/stolas/paperless.nix b/nixos/stolas/paperless.nix new file mode 100644 index 0000000..a5fa69f --- /dev/null +++ b/nixos/stolas/paperless.nix @@ -0,0 +1,28 @@ +{ config, ... }: +{ + services.paperless = { + # TODO migrate DB + enable = true; + passwordFile = config.age.secrets.paperless.path; + }; + systemd.tmpfiles.rules = + let + cfg = config.services.paperless; + in + [ + ( + if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; + + age.secrets = { + paperless = { + file = "${config.dadada.secrets.path}/paperless.age"; + mode = "700"; + owner = "paperless"; + }; + }; +} diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix new file mode 100644 index 0000000..5ddef7f --- /dev/null +++ b/nixos/surgat/configuration.nix @@ -0,0 +1,177 @@ +{ + config, + pkgs, + ... +}: +let + hostName = "surgat"; +in +{ + imports = [ + ./hardware-configuration.nix + ../modules/profiles/cloud.nix + ]; + + networking.hostName = hostName; + + services.nginx = { + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + + #logError = "/dev/null"; + appendHttpConfig = '' + access_log off; + ''; + }; + + services.nginx.virtualHosts."hydra.${config.networking.domain}" = { + enableACME = true; + forceSSL = true; + + root = "${pkgs.nginx}/html"; + + locations."/" = { + proxyPass = "http://10.3.3.3:3000/"; + extraConfig = '' + proxy_redirect default; + ''; + }; + }; + + dadada.element.enable = true; + dadada.forgejo.enable = true; + dadada.miniflux.enable = true; + dadada.weechat.enable = false; + dadada.homepage.enable = true; + dadada.share.enable = true; + dadada.backupClient = { + backup1.enable = true; + backup2 = { + enable = true; + repo = "u355513-sub3@u355513-sub3.your-storagebox.de:/home/backup"; + }; + }; + + services.postgresqlBackup = { + enable = true; + backupAll = true; + compression = "zstd"; + location = "/var/backup/postgresql"; + }; + + networking.useDHCP = false; + + systemd.network = { + enable = true; + networks = { + "10-wan" = { + matchConfig.Name = "ens3"; + networkConfig.DHCP = "ipv4"; + address = [ + "49.12.3.98/32" + "2a01:4f8:c17:1d70::/64" + ]; + routes = [ + { Gateway = "fe80::1"; } + { + Gateway = "172.31.1.1"; + GatewayOnLink = true; + } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + "10-ninurta" = { + matchConfig.Name = "ninurta"; + address = [ + "10.3.3.1/32" + "fd42:9c3b:f96d:121::1/128" + ]; + DHCP = "no"; + networkConfig.IPv6AcceptRA = false; + linkConfig.RequiredForOnline = "no"; + routes = [ + { + Destination = "10.3.3.3/24"; + } + { + Destination = "fd42:9c3b:f96d:121::/64"; + } + { + Destination = "fd42:9c3b:f96d:101::/64"; + } + ]; + }; + }; + netdevs = { + "10-ninurta" = { + netdevConfig = { + Kind = "wireguard"; + Name = "ninurta"; + }; + wireguardConfig = { + PrivateKeyFile = "/var/lib/wireguard/hydra"; + ListenPort = 51235; + }; + wireguardPeers = [ + { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ + "10.3.3.3/32" + "fd42:9c3b:f96d:121::3/128" + "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" + ]; + } + ]; + }; + }; + }; + + networking.firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 22 # SSH + 80 + 443 # HTTPS + ]; + allowedUDPPorts = [ + 51234 # Wireguard + 51235 # Wireguard + ]; + interfaces.ninurta.allowedTCPPorts = [ + 4949 # munin-node + ]; + }; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; + + boot.kernelParams = [ + "ip=49.12.3.98::172.31.1.1:255.255.255.255:surgat::dhcp" + ]; + + services.resolved = { + enable = true; + fallbackDns = [ + "9.9.9.9" + "2620:fe::fe" + ]; + }; + + system.autoUpgrade.allowReboot = false; + + services.postgresql.package = pkgs.postgresql_15; + + services.munin-node = { + enable = true; + extraConfig = '' + host_name surgat + cidr_allow 10.3.3.3/32 + ''; + }; + + system.stateVersion = "23.05"; +} diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix new file mode 100644 index 0000000..8476779 --- /dev/null +++ b/nixos/surgat/hardware-configuration.nix @@ -0,0 +1,40 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ + (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ + "ata_piix" + "virtio_pci" + "xhci_pci" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/bd0b4d2d-37e5-444b-82ba-d7629114bf11"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."surgat".device = "/dev/disk/by-uuid/5aa2b4d3-5711-451c-bd35-7c33b5019093"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/472bc34f-3803-44ee-ad2a-f0080c0a44d3"; + fsType = "ext2"; + }; + + swapDevices = [ ]; +} diff --git a/outputs.nix b/outputs.nix new file mode 100644 index 0000000..ef7a742 --- /dev/null +++ b/outputs.nix @@ -0,0 +1,48 @@ +{ + self, + flake-utils, + nixpkgs, + agenix, + devshell, + treefmt-nix, + ... +}@inputs: +(flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; + in + { + devShells.default = + let + pkgs = import nixpkgs { + inherit system; + overlays = [ + agenix.overlays.default + devshell.overlays.default + ]; + }; + extraModules = [ "${devshell}/extra/git/hooks.nix" ]; + in + import ./devshell.nix { inherit pkgs extraModules; }; + + checks = { + formatting = treefmtEval.config.build.check self; + }; + + formatter = treefmtEval.config.build.wrapper; + + packages = import ./pkgs { inherit pkgs; } // { + installer-iso = inputs.self.nixosConfigurations.installer.config.system.build.isoImage; + }; + } +)) +// { + hmModules = import ./home/modules.nix { lib = nixpkgs.lib; }; + hmConfigurations = { + dadada = import ./home; + }; + nixosConfigurations = import ./nixos/configurations.nix inputs; + nixosModules = import ./nixos/modules { lib = nixpkgs.lib; }; +} diff --git a/overlay.nix b/overlay.nix deleted file mode 100644 index 4be40f3..0000000 --- a/overlay.nix +++ /dev/null @@ -1,11 +0,0 @@ -self: super: - -let - isReserved = n: n == "lib" || n == "overlays" || n == "modules"; - nameValuePair = n: v: { name = n; value = v; }; - attrs = import ./default.nix { pkgs = super; }; -in - builtins.listToAttrs - (map (n: nameValuePair n attrs.${n}) - (builtins.filter (n: !isReserved n) - (builtins.attrNames attrs))) diff --git a/overlays/default.nix b/overlays/default.nix deleted file mode 100644 index a49268e..0000000 --- a/overlays/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ - tubslatex = import ./tubslatex.nix; - dadadaKeys = self: super: { - dadadaKeys = super.callPackage ../pkgs/keys { }; - }; - homePage = self: super: { - homePage = super.callPackage ../pkgs/homePage { }; - }; -} diff --git a/overlays/tubslatex.nix b/overlays/tubslatex.nix deleted file mode 100644 index 121fecc..0000000 --- a/overlays/tubslatex.nix +++ /dev/null @@ -1,25 +0,0 @@ -self: super: -{ - # Based on https://gist.github.com/clefru/9ed1186bf0b76d27e0ad20cbd9966b87 - tubslatex = super.lib.overrideDerivation (super.texlive.combine { - inherit (super.texlive) scheme-full; - tubslatex.pkgs = [ (super.callPackage ../pkgs/tubslatex {}) ]; - }) (oldAttrs: { - postBuild = '' - # Save the udpmap.cfg because texlive.combine removes it. - cat $out/share/texmf/web2c/updmap.cfg > $out/share/texmf/web2c/updmap.cfg.1 - '' + oldAttrs.postBuild + '' - # Move updmap.cfg into its original place and rerun mktexlsr, so that kpsewhich finds it - rm $out/share/texmf/web2c/updmap.cfg || true - cat $out/share/texmf/web2c/updmap.cfg.1 > $out/share/texmf/web2c/updmap.cfg - rm $out/share/texmf/web2c/updmap.cfg.1 - perl `type -P mktexlsr.pl` $out/share/texmf - yes | perl `type -P updmap.pl` --sys --syncwithtrees --force || true - perl `type -P updmap.pl` --sys --enable Map=NexusProSerif.map --enable Map=NexusProSans.map - # Regenerate .map files. - perl `type -P updmap.pl` --sys - ''; - }); - -} - diff --git a/pkgs/citizen-cups.nix b/pkgs/citizen-cups.nix new file mode 100644 index 0000000..9a63bdd --- /dev/null +++ b/pkgs/citizen-cups.nix @@ -0,0 +1,70 @@ +{ + cups, + fetchzip, + lib, + stdenv, + rpm, +}: + +let + version = "1.2.8"; +in +stdenv.mkDerivation { + inherit version; + name = "citizen-cups"; + pname = "citizen-cups"; + + src = fetchzip { + url = "https://www.citizen-systems.com/resource/support/POS/Generic_Printer_Files/CUPS_Linux_Driver/CUPS_Linux_Driver.zip"; + hash = "sha256-2ha24/7oS/rINKmYxyVryX66kkc6niCChxhw/2KOPSw="; + }; + + nativeBuildInputs = [ + rpm + ]; + + buildInputs = [ + cups + ]; + + postUnpack = '' + pushd source + ls -la + rpm2archive ctzpos-cups-1.2.8-0.src.rpm + tar xvf ctzpos-cups-1.2.8-0.src.rpm.tgz + tar xvf ctzpos-cups-1.2.8.tar.bz2 + popd + ''; + + buildPhase = '' + runHook preBuild + pushd "ctzpos-cups-${version}"; + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocbm1k rastertocbm1k.c -lcupsimage -lcups + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocds500 rastertocds500.c -lcupsimage -lcups + gcc -Wl,-rpath,/usr/lib -Wall -fPIC -O2 -o rastertocts2kl rastertocts2kl.c -lcupsimage -lcups + popd + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/cups/filter + install -D -m 755 ./ctzpos-cups-${version}/rastertocbm1k $out/lib/cups/filter/rastertocbm1k + install -D -m 755 ./ctzpos-cups-${version}/rastertocds500 $out/lib/cups/filter/rastertocds500 + install -D -m 755 ./ctzpos-cups-${version}/rastertocts2kl $out/lib/cups/filter/rastertocts2kl + + mkdir -p $out/share/cups/model/citizen + install -D -m 644 ./ctzpos-cups-${version}/*.ppd $out/share/cups/model/citizen + + runHook postInstall + ''; + + meta = with lib; { + description = "Citizen CUPS drivers and filters"; + homepage = "https://www.citizen-systems.com"; + #license = licenses.unfreeRedistributable; + maintainers = with maintainers; [ dadada ]; + platforms = platforms.linux; + }; +} diff --git a/pkgs/default.nix b/pkgs/default.nix new file mode 100644 index 0000000..9f52a8a --- /dev/null +++ b/pkgs/default.nix @@ -0,0 +1,4 @@ +{ pkgs }: +{ + citizen-cups = pkgs.callPackage ./citizen-cups.nix { }; +} diff --git a/pkgs/homePage/default.nix b/pkgs/homePage/default.nix deleted file mode 100644 index 1de8811..0000000 --- a/pkgs/homePage/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ stdenv, pandoc, fetchFromGitHub }: -stdenv.mkDerivation rec { - src = fetchFromGitHub { - owner = "dadada"; - repo = "dadada.li"; - rev = "9aba585da873cd40808616f76b4bf40c1d12d3f5"; - sha256 = "0k74kkrvbkxi129ch6yqr1gfmlxpb4661gh9hqhx8w6babsw2zg5"; - }; - nativeBuildInputs = [ pandoc ]; - buildPhase = '' - ./build.sh - ''; - installPhase = '' - mkdir -p $out - cp -r src/* $out/ - ''; - name = "dadada.li"; - version = "0.1"; -} diff --git a/pkgs/keys/default.nix b/pkgs/keys/default.nix deleted file mode 100644 index 85dc382..0000000 --- a/pkgs/keys/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ stdenv }: - -stdenv.mkDerivation rec { - name = "dadadaKeys"; - version = "1"; - - src = ./keys; - - buildPhase = ""; - - installPhase = '' - mkdir $out - cp * $out - ''; - - meta = with stdenv.lib; { - description = "Public keys for my infrastructure"; - license = licenses.publicDomain; - platforms = platforms.all; - maintainers = [ "dadada" ]; - }; -} diff --git a/pkgs/keys/keys/dadada.pub b/pkgs/keys/keys/dadada.pub deleted file mode 100644 index 6dfc30f..0000000 --- a/pkgs/keys/keys/dadada.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyTgdVPPxQeL5KZo9frZQlDIv2QkelJw3gNGoGtUMfw tim@metis diff --git a/pkgs/tubslatex/default.nix b/pkgs/tubslatex/default.nix deleted file mode 100644 index acb8fc2..0000000 --- a/pkgs/tubslatex/default.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ stdenv, fetchzip, unzip }: -stdenv.mkDerivation rec { - src = ./tubslatex_1.3.2.tds.zip; - sourceRoot = "."; - nativeBuildInputs = [ unzip ]; - buildInputs = [ unzip ]; - installPhase = '' - mkdir -p $out - cp -r * $out/ - ''; - pname = "tubslatex"; - name = pname; - tlType = "run"; -} diff --git a/pkgs/vimPlugins/default.nix b/pkgs/vimPlugins/default.nix deleted file mode 100644 index 13f293e..0000000 --- a/pkgs/vimPlugins/default.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, fetchFromGitHub, ... }: -with lib; -{ - filetype = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "dadadaVimFiletype"; - version = "2010-11-06"; - src = ./filetype; - }; - - spacemacsTheme = pkgs.vimUtils.buildVimPluginFrom2Nix { - pname = "spacemacs-theme"; - version = "2.0.1"; - src = pkgs.fetchFromGitHub { - owner = "colepeters"; - repo = "spacemacs-theme.vim"; - rev = "056bba9bd05a2c97c63c28216a1c232cfb91529e"; - sha256 = "0iy3i6waigk759p2z59mrxkjc0p412y7d8zf3cjak4a9sh1sh6qz"; - }; - }; -} diff --git a/pkgs/vimPlugins/filetype/ftplugin/cpp.vim b/pkgs/vimPlugins/filetype/ftplugin/cpp.vim deleted file mode 100644 index 7cdc5a6..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/cpp.vim +++ /dev/null @@ -1,11 +0,0 @@ -let b:ale_fixers = ['clang-format', 'remove_trailing_lines', 'trim_whitespace'] -let b:ale_linters = ['clangd'] - -"setlocal tabstop=8 expandtab shiftwidth=2 smarttab -" GNU Coding Standards -setlocal cindent -setlocal cinoptions=>4,n-2,{2,^-2,:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1 -setlocal shiftwidth=2 -setlocal softtabstop=2 -setlocal textwidth=79 -setlocal fo-=ro fo+=cql diff --git a/pkgs/vimPlugins/filetype/ftplugin/css.vim b/pkgs/vimPlugins/filetype/ftplugin/css.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/css.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/fish.vim b/pkgs/vimPlugins/filetype/ftplugin/fish.vim deleted file mode 100644 index b1a5c53..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/fish.vim +++ /dev/null @@ -1,2 +0,0 @@ -" Set up :make to use fish for syntax checking. -compiler fish diff --git a/pkgs/vimPlugins/filetype/ftplugin/foo.kt b/pkgs/vimPlugins/filetype/ftplugin/foo.kt deleted file mode 100644 index 892968c..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/foo.kt +++ /dev/null @@ -1,3 +0,0 @@ -class Foo { - fun -} diff --git a/pkgs/vimPlugins/filetype/ftplugin/html.vim b/pkgs/vimPlugins/filetype/ftplugin/html.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/html.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/javascript.vim b/pkgs/vimPlugins/filetype/ftplugin/javascript.vim deleted file mode 100644 index 00196be..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/javascript.vim +++ /dev/null @@ -1,5 +0,0 @@ -let b:ale_fixers = ['prettier', 'eslint'] - -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim b/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim deleted file mode 100644 index 62f7206..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/kotlin.vim +++ /dev/null @@ -1,5 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=4 -setlocal softtabstop=4 -let g:ale_kotlin_languageserver_executable = "/home/tim/src/kotlin-language-server/server/build/install/server/bin/kotlin-language-server" - diff --git a/pkgs/vimPlugins/filetype/ftplugin/ledger.vim b/pkgs/vimPlugins/filetype/ftplugin/ledger.vim deleted file mode 100644 index 765e06c..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/ledger.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=4 -setlocal softtabstop=4 diff --git a/pkgs/vimPlugins/filetype/ftplugin/markdown.md b/pkgs/vimPlugins/filetype/ftplugin/markdown.md deleted file mode 100644 index 0c79590..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/markdown.md +++ /dev/null @@ -1,2 +0,0 @@ -let b:ale_linters = {'markdown': ['languagetool']} -let b:ale_fixers = {'markdown': ['languagetool']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/nix.vim b/pkgs/vimPlugins/filetype/ftplugin/nix.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/nix.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/python.vim b/pkgs/vimPlugins/filetype/ftplugin/python.vim deleted file mode 100644 index 52a8bc2..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/python.vim +++ /dev/null @@ -1,4 +0,0 @@ -" Check Python files with flake8 and pylint. -let b:ale_linters = ['flake8', 'pylint'] -" Fix Python files with autopep8 and yapf. -let b:ale_fixers = ['autopep8', 'yapf', 'add_blank_lines_for_python_control_statements', 'autopep8', 'remove_trailing_lines', 'reorder-python-imports', 'trim_whitespace'] diff --git a/pkgs/vimPlugins/filetype/ftplugin/rust.vim b/pkgs/vimPlugins/filetype/ftplugin/rust.vim deleted file mode 100644 index 3a4bd48..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/rust.vim +++ /dev/null @@ -1,2 +0,0 @@ -let b:ale_linters = {'rust': ['rustc', 'rls', 'rust-analyzer']} -let b:ale_fixers = {'rust': ['rustfmt']} diff --git a/pkgs/vimPlugins/filetype/ftplugin/scss.vim b/pkgs/vimPlugins/filetype/ftplugin/scss.vim deleted file mode 100644 index 51f2b56..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/scss.vim +++ /dev/null @@ -1,3 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/typescript.vim b/pkgs/vimPlugins/filetype/ftplugin/typescript.vim deleted file mode 100644 index 8312237..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/typescript.vim +++ /dev/null @@ -1,5 +0,0 @@ -let b:ale_fixers = ['prettier', 'eslint', 'tsserver'] - -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 diff --git a/pkgs/vimPlugins/filetype/ftplugin/yaml.vim b/pkgs/vimPlugins/filetype/ftplugin/yaml.vim deleted file mode 100644 index 51521e2..0000000 --- a/pkgs/vimPlugins/filetype/ftplugin/yaml.vim +++ /dev/null @@ -1,4 +0,0 @@ -setlocal expandtab -setlocal shiftwidth=2 -setlocal softtabstop=2 - diff --git a/secrets/agares-backup-passphrase.age b/secrets/agares-backup-passphrase.age new file mode 100644 index 0000000..d710a45 --- /dev/null +++ b/secrets/agares-backup-passphrase.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w Sof4o2JYLqx59paPpBJWFek1IwCHb4VhuOcPpBkut20 +QNsXS0H2z5NCnKcDuxDVvY+AnTV27/Ijeo/kd12nkoQ +-> ssh-ed25519 Otklkw WZt99A5jBrb7MNqzpCuGiJ8wJ/NxZrJE5Q02hvcVEVo +yYlAifPMGC01CGpke5ABasi/sJ8O4r3+5SyoVpbpmM4 +--- vIe/LRs2QxPpZJUrdOFuTBNanHcMyzh7iAFRalWd2dU ++]GHuUʈQ&3'Eg܃Z‘\~e) 1׻ya \ No newline at end of file diff --git a/secrets/agares-backup-ssh-key.age b/secrets/agares-backup-ssh-key.age new file mode 100644 index 0000000..32c7885 Binary files /dev/null and b/secrets/agares-backup-ssh-key.age differ diff --git a/secrets/agares-wg0-key.age b/secrets/agares-wg0-key.age new file mode 100644 index 0000000..5e12fbe --- /dev/null +++ b/secrets/agares-wg0-key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w Nj0zjzK+5vf4YfUxLPNcBBY4ZC57tH9+rEVCv/ycNWo +5Sk99vaYclDFwTnVKB6IOcTVYJ3SGTuLVJxyjb1W4tM +-> ssh-ed25519 Otklkw ogKGpgcz0Gekw7p4LnmIKU2CEdhlkjypRGVZmFda8TI +nkOU/yc7F5BCBRakevYDXyD8akGqYwD67C+9VDxUgyE +--- zuz8UjdxI+CbMr33Z4P5ga1UoRe+oDXzVWgFUhUH1qE +b#sPDF%|Ul e9f_UZ5oeeK}M`aM!5R@j}~3ZҾ͒\ \ No newline at end of file diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age new file mode 100644 index 0000000..e749a1b --- /dev/null +++ b/secrets/ddns-credentials.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 L7f05w FvYel4vJLlCA/BLb8z4Q6tAbquepLo9+jr/To2JwIC4 +4Ll4IvTCNyyawY9mOceOVH/yV2rCTlc5gz9vRRwxerI +-> ssh-ed25519 J6ROvw 3YjYM7IwiFQGRDEh6BEo2OmeKQ8iABX28sgka4XomVg +RmdQdO6hBhEEzxNhtDCDqn6e4TxniZQOk1jgrBXTCpo +-> ssh-ed25519 Otklkw eii6X4khCNyI9XEy2/zK6RfnCBjm6QYv7kmsMzvUVlY +V+btfmK+sa8lObD66LEz6fyAzhcFF012cLkamd9I4tg +--- o94E2RVIyPbMOU3OX1hu1Mf86q1w+wtGRLT3W0Y0j9Q +;Zjж( +~wպw IY#ju.dIQ]L+ +Qg# \ No newline at end of file diff --git a/secrets/etc-ppp-chap-secrets.age b/secrets/etc-ppp-chap-secrets.age new file mode 100644 index 0000000..ff3e453 Binary files /dev/null and b/secrets/etc-ppp-chap-secrets.age differ diff --git a/secrets/etc-ppp-telekom-secret.age b/secrets/etc-ppp-telekom-secret.age new file mode 100644 index 0000000..ece12f8 Binary files /dev/null and b/secrets/etc-ppp-telekom-secret.age differ diff --git a/secrets/gorgon-backup-passphrase-gs.age b/secrets/gorgon-backup-passphrase-gs.age new file mode 100644 index 0000000..416b011 --- /dev/null +++ b/secrets/gorgon-backup-passphrase-gs.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 0aOabg wLeN7m0IGDOkAtt3eQ1qD7s/MN6kNMj/B/Vo0ZKODT0 +wUILw/rYBfI4xCIvD2iVfMZJfC6iIGUZP1d0Yj7Jwx8 +-> ssh-ed25519 Otklkw vhgSZhgLgCxXKg0pQP1S7WNLFf+cNwRjg/uMfEke9Xs +UDtI6mb/qTefqyrxXRAkjWQ7z4PQbJ1jYwgz7uZ4m1A +--- zkn75uvrvwWdvK0YYcc1NTbyTrKf387tWkgTUqmxyYE +h WK vy^q(<Hd$ \ No newline at end of file diff --git a/secrets/gorgon-backup-passphrase.age b/secrets/gorgon-backup-passphrase.age new file mode 100644 index 0000000..68cc452 Binary files /dev/null and b/secrets/gorgon-backup-passphrase.age differ diff --git a/secrets/gorgon-backup-ssh-key.age b/secrets/gorgon-backup-ssh-key.age new file mode 100644 index 0000000..0a00855 Binary files /dev/null and b/secrets/gorgon-backup-ssh-key.age differ diff --git a/secrets/hydra-github-authorization.age b/secrets/hydra-github-authorization.age new file mode 100644 index 0000000..ef32814 Binary files /dev/null and b/secrets/hydra-github-authorization.age differ diff --git a/secrets/ifrit-backup-passphrase.age b/secrets/ifrit-backup-passphrase.age new file mode 100644 index 0000000..b4e55eb --- /dev/null +++ b/secrets/ifrit-backup-passphrase.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 yMjj5g pE3otZ4+5k1GxhoU7FocCMvcHZ9PFzTRqRYiVXXq/H4 +aKCBiwVwbfetSTRaTJ31iTRsvNnbm2JYFQnqTOgCyOA +-> ssh-ed25519 Otklkw jn4ZUyWFIeAt+XpxmlqckovK4/jit6SR+Xaouv7gfTU +8yJLyWHk1m9KInOWozqRWXi3kiirgQ7c/ONOwgHk/Z8 +--- 8TS+ZFZfHvgcgOYBE3nzSxbCCmCOtqPWyldlegSu6QU +:{ 4~NtXRl =>$8DQ @G1FAOtΫ \ No newline at end of file diff --git a/secrets/ifrit-backup-ssh-key.age b/secrets/ifrit-backup-ssh-key.age new file mode 100644 index 0000000..9d2879c Binary files /dev/null and b/secrets/ifrit-backup-ssh-key.age differ diff --git a/secrets/initrd-surgat-ssh_host_ed25519_key.age b/secrets/initrd-surgat-ssh_host_ed25519_key.age new file mode 100644 index 0000000..36c4b0c Binary files /dev/null and b/secrets/initrd-surgat-ssh_host_ed25519_key.age differ diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age new file mode 100644 index 0000000..9745c07 --- /dev/null +++ b/secrets/miniflux-admin-credentials.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 jUOjpw 6ThewcuTvg2mn/jC1eqR0KFDXdN8G3JIUBLLiBabkFI +lstfGPvJgaUOp0jriP2nsi4IvgwRjs8dnRye7+ihD/Q +-> ssh-ed25519 Otklkw N0ozjfxbOBq7EIvxP4TRa2XyMQ8fINCiHjK0MFq2X0w +tEeua88G2aN6REaUN6xTlkRLy0GFgNfj7v0VXhqddc4 +--- N9V7UfSDvrOAeOr3MRXiCwIu8JJt3NSL3FrGyPapLrM +E"K?>VÄbXdg!ѹ) B f\=[2LxwXH*l9w \ No newline at end of file diff --git a/secrets/ninurta-backup-passphrase.age b/secrets/ninurta-backup-passphrase.age new file mode 100644 index 0000000..6b89f13 Binary files /dev/null and b/secrets/ninurta-backup-passphrase.age differ diff --git a/secrets/ninurta-backup-ssh-key.age b/secrets/ninurta-backup-ssh-key.age new file mode 100644 index 0000000..0eb3e9c Binary files /dev/null and b/secrets/ninurta-backup-ssh-key.age differ diff --git a/secrets/ninurta-initrd-ssh-key.age b/secrets/ninurta-initrd-ssh-key.age new file mode 100644 index 0000000..bdb981f Binary files /dev/null and b/secrets/ninurta-initrd-ssh-key.age differ diff --git a/secrets/paperless.age b/secrets/paperless.age new file mode 100644 index 0000000..318a9f9 --- /dev/null +++ b/secrets/paperless.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 WJCMDA NDB+Z1hpwH3PWjViCbrRdrt0WCFnsYDBVd1rADCQy2I +p/QYmC6ZwwlyCNrVhUw1vUNfnNGiw8B/rsqP9EMGJ5E +-> ssh-ed25519 Otklkw yLMSfitfbXO8qRqaJwKxx68R0AJHsTre0XlN2huudWY +JYogGtU0LLPcJpN9oWmAQE0Kyk2yhNmxrVgh0JMFphE +--- pGx08jh8YJCDeEvi7iZa6pXrlwg8otUTkxv0T5gwLcM +˲'t2͟E/ؿ6@ +DfiVGO_a\{}_~:>GN@K| \ No newline at end of file diff --git a/secrets/pruflas-backup-passphrase.age b/secrets/pruflas-backup-passphrase.age new file mode 100644 index 0000000..7315527 --- /dev/null +++ b/secrets/pruflas-backup-passphrase.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 IXCPDQ fXDb8H8lwLZQYQzGScIiEKdfxYE4HMNvwxfyu+3Taj8 +pt5awmlOg/pA/8rwk9hKge1USnkw/GS6hzmZSIeVSM8 +-> ssh-ed25519 Otklkw JqPKMYsXuekb7XNBhcJpdoJq2OkbwGagSuJBh/bQ31g +SyJKqO6H2acurdbfZBPOeCE4TN0S4Byda69MoL8IO0g +--- uw6PTa5f53Bum1C3isESEeDfpqFgdc9L/6P4ayVInZ0 +ޡQ4,lLuK *Vs>GxfhmXJGe_  \ No newline at end of file diff --git a/secrets/pruflas-backup-ssh-key.age b/secrets/pruflas-backup-ssh-key.age new file mode 100644 index 0000000..57e57c8 --- /dev/null +++ b/secrets/pruflas-backup-ssh-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 IXCPDQ Z+ExSQC/qi/vfcJQ08CXlSqALi7goOm6orst1l+uL0U +6ugXvL0e+vQeRxgHRWwqJBaTYZ2iJnVwKVsx3ye8FBA +-> ssh-ed25519 Otklkw UqgQ/IgcAJtZmqtHS2IziL1cRHh4q+uffI4Mx1Qkqw4 +u8jrPucegyOAkZ/guLDNoeTsM2/sQ8nq+HY0s37gIVw +--- os1Cok8Srxkz4pQCel37eE4NIRB+fBEF6+L8f27IAbI +採 & 3!w8[|>,B9UxAk}V+$·3Wnlɾ {- #I[b0,[p\{*YӈqzɱP)Vy͍onY}zu.YyaW7ͯ딨BvCNBcIɸ$Ēn{fr?I7HPj;J4E.̮c]aM22 +>leo]MKċfo̤"~UyS]m%0 IH> wXUԏ$geD[,ِwS+\x4=lE*#_"NpX5oz$ 0ܿRSjq۷t{u`E.66[FwyNCPH&E ; \ No newline at end of file diff --git a/secrets/pruflas-wg-hydra-key.age b/secrets/pruflas-wg-hydra-key.age new file mode 100644 index 0000000..7c1333d --- /dev/null +++ b/secrets/pruflas-wg-hydra-key.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 J6ROvw xzey0OqH2HSPLdz9sUHX2d9Xb3j/xnvuz0ekjE5MGh8 +cvfzziAX7cVSJAwRr0Avxeaa5ogXhMxz4c6EcpyIrMM +-> ssh-ed25519 Otklkw qlfHwO86ojlvmdfLHtuZwvpIDCxAFgnOQ4tvsz7VTiI +3eVexGX09ALqANLrZm/3WvzZTIhEs/hWLpvYR5oQFYE +--- /+Xv0iaeal+E0g5+Fphqw260kmzHE/BEWA9UWZqkxpM +Q$ +'HQ6E%&҉>0e[Gbg5@oy~ V`yFu~< \ No newline at end of file diff --git a/secrets/pruflas-wg0-key.age b/secrets/pruflas-wg0-key.age new file mode 100644 index 0000000..1312de7 --- /dev/null +++ b/secrets/pruflas-wg0-key.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 J6ROvw jC7rwmoizfZqenUwlrMlLRyN9yQnog2X3KIJ2GgRZB8 +yGoiZTNfrPm6+fb1BcZGH6Lzm8Pj4aeyjWtLNYbGSFg +-> ssh-ed25519 Otklkw a2/N7JOiOY/orGyCogBIj48EjTltThv7AAHuMHK7Xzo +PTP9vaEpFf7PXoRobHJgAkNVBh+u3+7rUMKiMj+fadQ +--- KR51LRGHd6jWP4rUWvQqXskwEGfxb0tSCNKtnFT255A +Gw)HkG F&e[{RGh"L{\{H~{.uWMaZ \ No newline at end of file diff --git a/secrets/pruflas-wg0-preshared-key.age b/secrets/pruflas-wg0-preshared-key.age new file mode 100644 index 0000000..94f9a88 Binary files /dev/null and b/secrets/pruflas-wg0-preshared-key.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..50dd263 --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,83 @@ +let + dadada = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+bBJptw2H35vMPV7Mfj9oaepR7cHCQH8ZsvL8qnj+r dadada (nix-config-secrets) "; + systems = { + gorgon = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDCcwG8BkqjZJ1bPdFbLYfXeBgaI10+gyVs1r1aNJ49H root@gorgon"; + ifrit = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEYO4L5EvKRtVUB6YHtHN7R980fwH9kKVt0V3kj6rORS root@nixos"; + ninurta = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO8TDCzjVVO7A4k6rp+srMj0HHc5gmUOlskTBOvhMkEc root@nixos"; + pruflas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBqZHu5ygTODgrNzcU9C2O+b8yCfVsnztV83qxXV4aA8 root@pruflas"; + surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; + stolas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObI38cB8gTDXmDb5GcK4pLm5xM+nnvGeSfEpB4lVEwE root@stolas"; + }; + backupSecrets = hostName: { + "${hostName}-backup-passphrase.age".publicKeys = [ + systems.${hostName} + dadada + ]; + "${hostName}-backup-ssh-key.age".publicKeys = [ + systems.${hostName} + dadada + ]; + }; +in +{ + "pruflas-wg0-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "pruflas-wg0-preshared-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "pruflas-wg-hydra-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "hydra-github-authorization.age".publicKeys = [ + systems.ninurta + dadada + ]; + "miniflux-admin-credentials.age".publicKeys = [ + systems.surgat + dadada + ]; + "gorgon-backup-passphrase-gs.age".publicKeys = [ + systems.gorgon + dadada + ]; + "paperless.age".publicKeys = [ + #systems.gorgon + systems.stolas + dadada + ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ + systems.surgat + dadada + ]; + "surgat-ssh_host_ed25519_key.age".publicKeys = [ + systems.surgat + dadada + ]; + "ninurta-initrd-ssh-key.age".publicKeys = [ + systems.ninurta + dadada + ]; + "ddns-credentials.age".publicKeys = [ + systems.ninurta + dadada + ]; + "etc-ppp-chap-secrets.age".publicKeys = [ + dadada + ]; + "etc-ppp-telekom-secret.age".publicKeys = [ + dadada + ]; + "wg-privkey-vpn-dadada-li.age".publicKeys = [ + dadada + ]; +} +// backupSecrets "ninurta" +// backupSecrets "gorgon" +// backupSecrets "ifrit" +// backupSecrets "pruflas" +// backupSecrets "surgat" +// backupSecrets "stolas" diff --git a/secrets/stolas-backup-passphrase.age b/secrets/stolas-backup-passphrase.age new file mode 100644 index 0000000..4b4a687 Binary files /dev/null and b/secrets/stolas-backup-passphrase.age differ diff --git a/secrets/stolas-backup-ssh-key.age b/secrets/stolas-backup-ssh-key.age new file mode 100644 index 0000000..0a06547 Binary files /dev/null and b/secrets/stolas-backup-ssh-key.age differ diff --git a/secrets/surgat-backup-passphrase.age b/secrets/surgat-backup-passphrase.age new file mode 100644 index 0000000..b3a0a80 --- /dev/null +++ b/secrets/surgat-backup-passphrase.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 jUOjpw FXHC9VzSKIkbJ9JVge5vsGHiGtxBnxB7Nvqqi4OsRHA +1zhd0kCd37fXmWtq9kRx1vQvjTT4i5HsQ9DibyGmNUI +-> ssh-ed25519 Otklkw ZKy9Vbf1W1UpejNy8nh+eGss19XLqJuHL6qJuG1KP20 +t5C0Jw//1vK5iiG3+tJK6bu/SBR7StHRDog9ivlfVAI +--- 08Q8bBFnJF2TFV62trgPig/VL3RwKN0dyw4PBgg5LDU +F` 4tۭ ٧o9~}ق)7#a/W\;l2Рl \ No newline at end of file diff --git a/secrets/surgat-backup-ssh-key.age b/secrets/surgat-backup-ssh-key.age new file mode 100644 index 0000000..2abfeac Binary files /dev/null and b/secrets/surgat-backup-ssh-key.age differ diff --git a/secrets/surgat-ssh_host_ed25519_key.age b/secrets/surgat-ssh_host_ed25519_key.age new file mode 100644 index 0000000..7400a57 Binary files /dev/null and b/secrets/surgat-ssh_host_ed25519_key.age differ diff --git a/secrets/wg-privkey-vpn-dadada-li.age b/secrets/wg-privkey-vpn-dadada-li.age new file mode 100644 index 0000000..4bd9044 Binary files /dev/null and b/secrets/wg-privkey-vpn-dadada-li.age differ diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..75acdfa --- /dev/null +++ b/treefmt.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + projectRootFile = "flake.nix"; + programs.nixfmt.enable = true; + programs.shellcheck.enable = pkgs.hostPlatform.system != "riscv64-linux"; + programs.shfmt.enable = pkgs.hostPlatform.system != "riscv64-linux"; + programs.yamlfmt.enable = true; +}