diff --git a/class/desktop/clipboard.nix b/class/desktop/clipboard.nix deleted file mode 100644 index cab0c1c..0000000 --- a/class/desktop/clipboard.nix +++ /dev/null @@ -1,3 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.wl-clipboard]; -} diff --git a/class/desktop/default.nix b/class/desktop/default.nix deleted file mode 100644 index 30765f5..0000000 --- a/class/desktop/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - imports = [ - ./clipboard.nix - ./flatpak.nix - ./fonts.nix - ./fs.nix - ./gamemode.nix - ./hardware.nix - ./location.nix - ./mullvad.nix - ./neovide.nix - ./networking.nix - ./pipewire.nix - ./plasma.nix - ./printing.nix - ./syncthing.nix - ./users.nix - ./vm.nix - ./wine.nix - ]; -} diff --git a/class/desktop/flatpak.nix b/class/desktop/flatpak.nix deleted file mode 100644 index 1ff0c53..0000000 --- a/class/desktop/flatpak.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - services.flatpak.enable = true; -} diff --git a/class/desktop/fonts.nix b/class/desktop/fonts.nix deleted file mode 100644 index 48e47b6..0000000 --- a/class/desktop/fonts.nix +++ /dev/null @@ -1,27 +0,0 @@ -{pkgs, ...}: { - fonts = { - enableDefaultPackages = true; - packages = [ - pkgs.noto-fonts - pkgs.noto-fonts-extra - pkgs.noto-fonts-cjk-sans - pkgs.noto-fonts-cjk-serif - pkgs.noto-fonts-monochrome-emoji - pkgs.noto-fonts-color-emoji - (pkgs.nerdfonts.override {fonts = ["FiraCode"];}) - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = ["FiraCode Nerd Font"]; - sansSerif = ["Noto Sans"]; - serif = ["Noto Serif"]; - emoji = ["Noto Color Emoji" "Noto Emoji"]; - }; - }; - - fontDir.enable = true; - }; -} diff --git a/class/desktop/fs.nix b/class/desktop/fs.nix deleted file mode 100644 index c59c848..0000000 --- a/class/desktop/fs.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain"; - - fileSystems."/".device = "/dev/mapper/main"; -} diff --git a/class/desktop/gamemode.nix b/class/desktop/gamemode.nix deleted file mode 100644 index 36e3c0d..0000000 --- a/class/desktop/gamemode.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - lib, - pkgs, - ... -}: { - programs.gamemode = { - enable = true; - settings = { - general = { - renice = 10; - }; - custom = { - start = "${lib.getExe pkgs.libnotify} 'GameMode started'"; - end = "${lib.getExe pkgs.libnotify} 'GameMode stopped'"; - }; - }; - }; -} diff --git a/class/desktop/hardware.nix b/class/desktop/hardware.nix deleted file mode 100644 index 476bbf1..0000000 --- a/class/desktop/hardware.nix +++ /dev/null @@ -1,20 +0,0 @@ -{pkgs, ...}: { - hardware = { - bluetooth.enable = true; - xone.enable = true; - xpadneo.enable = true; - opentabletdriver.enable = true; - graphics = { - enable = true; - enable32Bit = true; - extraPackages = [ - pkgs.libvdpau-va-gl - pkgs.vaapiVdpau - ]; - extraPackages32 = [ - pkgs.pkgsi686Linux.libvdpau-va-gl - pkgs.pkgsi686Linux.vaapiVdpau - ]; - }; - }; -} diff --git a/class/desktop/location.nix b/class/desktop/location.nix deleted file mode 100644 index 285b45d..0000000 --- a/class/desktop/location.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - location.provider = "geoclue2"; - - services.automatic-timezoned.enable = true; -} diff --git a/class/desktop/mullvad.nix b/class/desktop/mullvad.nix deleted file mode 100644 index 31d3c05..0000000 --- a/class/desktop/mullvad.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - services.mullvad-vpn = { - enable = true; - package = pkgs.mullvad-vpn; - }; -} diff --git a/class/desktop/neovide.nix b/class/desktop/neovide.nix deleted file mode 100644 index 6821dbf..0000000 --- a/class/desktop/neovide.nix +++ /dev/null @@ -1,5 +0,0 @@ -{pkgs, ...}: let - package = pkgs.neovide; -in { - environment.systemPackages = [package]; -} diff --git a/class/desktop/networking.nix b/class/desktop/networking.nix deleted file mode 100644 index 1844edb..0000000 --- a/class/desktop/networking.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ - services.resolved.enable = true; - - networking = { - networkmanager = { - enable = true; - dns = "systemd-resolved"; - }; - firewall = { - allowedTCPPorts = [ - # Spotify track sync - 57621 - # Steam Remote Play - 27036 - # Source Dedicated Server SRCDS Rcon port - 27015 - # Syncthing TCP based sync protocol traffic - 22000 - ]; - allowedUDPPorts = [ - # Source Dedicated Server gameplay traffic - 27015 - # Syncthing QUIC based sync protocol traffic - 22000 - # Syncthing port for discovery broadcasts on IPv4 and multicasts on IPv6 - 21027 - ]; - allowedUDPPortRanges = [ - # Steam Remote Play - { - from = 27031; - to = 27036; - } - ]; - }; - }; -} diff --git a/class/desktop/pipewire.nix b/class/desktop/pipewire.nix deleted file mode 100644 index f22fcef..0000000 --- a/class/desktop/pipewire.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - hardware.pulseaudio.enable = false; - security.rtkit.enable = true; - - services.pipewire = { - enable = true; - wireplumber.enable = true; - alsa.enable = true; - pulse.enable = true; - jack.enable = true; - }; -} diff --git a/class/desktop/plasma.nix b/class/desktop/plasma.nix deleted file mode 100644 index 41f2ecf..0000000 --- a/class/desktop/plasma.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - lib, - pkgs, - ... -}: { - services = { - desktopManager.plasma6.enable = true; - displayManager.sddm = { - enable = true; - wayland.enable = true; - }; - }; - - environment.systemPackages = with pkgs.kdePackages; [sddm-kcm discover kate]; - - programs = { - kdeconnect.enable = true; - partition-manager.enable = true; - }; - - xdg.portal = { - xdgOpenUsePortal = true; - extraPortals = [pkgs.xdg-desktop-portal-gtk]; - }; -} diff --git a/class/desktop/printing.nix b/class/desktop/printing.nix deleted file mode 100644 index a7b3b55..0000000 --- a/class/desktop/printing.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - services = { - printing = { - enable = true; - webInterface = true; - cups-pdf.enable = true; - }; - system-config-printer.enable = true; - }; -} diff --git a/class/desktop/syncthing.nix b/class/desktop/syncthing.nix deleted file mode 100644 index 8b1f0d8..0000000 --- a/class/desktop/syncthing.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ - #what? - services.syncthing = { - enable = true; - overrideDevices = false; - overrideFolders = false; - }; - - systemd.user.services.syncthing.wantedBy = ["default.target"]; -} diff --git a/class/desktop/users.nix b/class/desktop/users.nix deleted file mode 100644 index 5ba1911..0000000 --- a/class/desktop/users.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - users.mutableUsers = true; - - # install neovide/neovim for user? -} diff --git a/class/desktop/vm.nix b/class/desktop/vm.nix deleted file mode 100644 index d923a08..0000000 --- a/class/desktop/vm.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; -} diff --git a/class/desktop/wine.nix b/class/desktop/wine.nix deleted file mode 100644 index 632cc98..0000000 --- a/class/desktop/wine.nix +++ /dev/null @@ -1,3 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.wineWowPackages.stableFull]; -} diff --git a/class/server/default.nix b/class/server/default.nix deleted file mode 100644 index e10d867..0000000 --- a/class/server/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./fs.nix - ./time.nix - ./users.nix - ]; -} diff --git a/class/server/fs.nix b/class/server/fs.nix deleted file mode 100644 index da52d7a..0000000 --- a/class/server/fs.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - fileSystems."/".label = "main"; -} diff --git a/class/server/users.nix b/class/server/users.nix deleted file mode 100644 index 23b7787..0000000 --- a/class/server/users.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - users.mutableUsers = false; -} diff --git a/common/avahi.nix b/common/avahi.nix deleted file mode 100644 index 2f549a2..0000000 --- a/common/avahi.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - services.avahi = { - enable = true; - nssmdns4 = true; - nssmdns6 = true; - publish = { - enable = true; - addresses = true; - domain = true; - hinfo = true; - userServices = true; - workstation = true; - }; - }; -} diff --git a/common/bash.nix b/common/bash.nix index f4ac06c..a2f42c5 100644 --- a/common/bash.nix +++ b/common/bash.nix @@ -1,5 +1,5 @@ { - programs.bash. interactiveShellInit = '' + programs.bash.interactiveShellInit = '' shopt -s autocd globstar failglob extglob checkwinsize ''; } diff --git a/common/default.nix b/common/default.nix index 8bce748..25607bc 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,22 +1,21 @@ { imports = [ ./bash.nix - ./cnf.nix - ./fish.nix ./boot.nix ./bottom.nix + ./cnf.nix ./dbus.nix ./direnv.nix ./fs.nix ./fwupd.nix ./git.nix - ./neovim.nix ./nix.nix ./readline.nix ./ssh.nix ./starship.nix ./sudo.nix ./swap.nix + ./time.nix ./users.nix ]; } diff --git a/common/fish.nix b/common/fish.nix deleted file mode 100644 index fc9c0ae..0000000 --- a/common/fish.nix +++ /dev/null @@ -1,15 +0,0 @@ -{pkgs, ...}: { - programs.fish.enable = true; - - users.defaultUserShell = pkgs.fish; - - nixpkgs.overlays = [ - (final: prev: { - fish = prev.fish.overrideAttrs (_: { - postInstall = '' - rm $out/share/applications/fish.desktop - ''; - }); - }) - ]; -} diff --git a/common/fs.nix b/common/fs.nix index f61bcb5..e08bddd 100644 --- a/common/fs.nix +++ b/common/fs.nix @@ -4,6 +4,7 @@ fileSystems = { "/" = { fsType = "ext4"; + label = "main"; options = ["noatime"]; }; "/boot" = { diff --git a/common/neovim.nix b/common/neovim.nix deleted file mode 100644 index b79cb46..0000000 --- a/common/neovim.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ - inputs, - lib, - pkgs, - ... -}: { - environment = let - package = inputs.myvim.packages.${pkgs.system}.default.overrideAttrs (oldAttrs: { - postInstall = '' - rm $out/share/applications/nvim.desktop - ''; - }); - in { - systemPackages = [package]; - variables = lib.genAttrs ["EDITOR" "VISUAL"] (_: lib.getExe package); - }; -} diff --git a/common/readline.nix b/common/readline.nix index 9115947..c7bb33d 100644 --- a/common/readline.nix +++ b/common/readline.nix @@ -12,6 +12,7 @@ Control-a: beginning-of-line Tab: menu-complete "\e[Z": complete + set keymap vi-insert Control-l: clear-screen Control-a: beginning-of-line diff --git a/class/server/time.nix b/common/time.nix similarity index 100% rename from class/server/time.nix rename to common/time.nix diff --git a/common/users.nix b/common/users.nix index 12ace5b..e562aea 100644 --- a/common/users.nix +++ b/common/users.nix @@ -2,6 +2,8 @@ age.secrets.user-lukas.file = ../secrets/user-lukas.age; users = { + mutableUsers = false; + groups.lukas.gid = 1000; users = { diff --git a/common/zellij.nix b/common/zellij.nix deleted file mode 100644 index 62d8011..0000000 --- a/common/zellij.nix +++ /dev/null @@ -1,3 +0,0 @@ -{pkgs, ...}: { - environment.systemPackages = [pkgs.zellij]; -} diff --git a/flake.lock b/flake.lock index 04bd83d..02cfcf8 100644 --- a/flake.lock +++ b/flake.lock @@ -43,42 +43,6 @@ "type": "github" } }, - "devshell": { - "inputs": { - "nixpkgs": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722113426, - "narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=", - "owner": "numtide", - "repo": "devshell", - "rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "revCount": 57, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz" - } - }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -97,120 +61,6 @@ "type": "github" } }, - "flake-parts_2": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722555600, - "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "8471fe90ad337a8074e957b69ca4d0089218391d", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-utils": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "git-hooks": { - "inputs": { - "flake-compat": [ - "myvim", - "nixvim", - "flake-compat" - ], - "gitignore": "gitignore", - "nixpkgs": [ - "myvim", - "nixvim", - "nixpkgs" - ], - "nixpkgs-stable": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722857853, - "narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, - "gitignore": { - "inputs": { - "nixpkgs": [ - "myvim", - "nixvim", - "git-hooks", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", - "type": "github" - } - }, "hardware": { "locked": { "lastModified": 1723310128, @@ -247,70 +97,6 @@ "type": "github" } }, - "home-manager_2": { - "inputs": { - "nixpkgs": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722630065, - "narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "afc892db74d65042031a093adb6010c4c3378422", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "myvim": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_2", - "nixvim": "nixvim" - }, - "locked": { - "lastModified": 1723337900, - "narHash": "sha256-sikwTpsSGRagCWS8wVP731ibDFuwZUj2+nukOjJifKo=", - "owner": "lukaswrz", - "repo": "myvim", - "rev": "c39a65463856678ee5dfd691e0d6acf1a4106331", - "type": "github" - }, - "original": { - "owner": "lukaswrz", - "repo": "myvim", - "type": "github" - } - }, - "nix-darwin": { - "inputs": { - "nixpkgs": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722924007, - "narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "91010a5613ffd7ee23ee9263213157a1c422b705", - "type": "github" - }, - "original": { - "owner": "lnl7", - "repo": "nix-darwin", - "type": "github" - } - }, "nixpkgs": { "locked": { "lastModified": 1703013332, @@ -339,41 +125,13 @@ "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" } }, - "nixpkgs-lib_2": { - "locked": { - "lastModified": 1722555339, - "narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1720605482, - "narHash": "sha256-PGLu9cTfSkqmDVd7cJswAckrd4WrtWHhGuqD4MWOwkU=", + "lastModified": 1723637854, + "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb2e1920b2f0d9970c83e26319f7a1285ecbf2fe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "fb2e1920b2f0d9970c83e26319f7a1285ecbf2fe", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1722813957, - "narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa", + "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9", "type": "github" }, "original": { @@ -383,78 +141,12 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1723362943, - "narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "a58bc8ad779655e790115244571758e8de055e3d", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixvim": { - "inputs": { - "devshell": "devshell", - "flake-compat": "flake-compat", - "flake-parts": "flake-parts_3", - "git-hooks": "git-hooks", - "home-manager": "home-manager_2", - "nix-darwin": "nix-darwin", - "nixpkgs": "nixpkgs_3", - "nuschtosSearch": "nuschtosSearch", - "treefmt-nix": "treefmt-nix" - }, - "locked": { - "lastModified": 1723230145, - "narHash": "sha256-FyjcuYZMqXdiKOXkHaIC2ubag+TPV9Z12urC/sdVI6A=", - "owner": "nix-community", - "repo": "nixvim", - "rev": "4852f94f8ccae551514df0092a077014bafb95ca", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixvim", - "type": "github" - } - }, - "nuschtosSearch": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722772237, - "narHash": "sha256-3eCYmzeLngX8eutIsTZAG8DIvT/0DWQQxiszTQz8n0s=", - "owner": "NuschtOS", - "repo": "search", - "rev": "aa5f6246565cc9b1e697d2c9d6ed2c842b17fff6", - "type": "github" - }, - "original": { - "owner": "NuschtOS", - "repo": "search", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", "flake-parts": "flake-parts", "hardware": "hardware", - "myvim": "myvim", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_2" } }, "systems": { @@ -471,43 +163,6 @@ "repo": "default", "type": "github" } - }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "myvim", - "nixvim", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1722330636, - "narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "768acdb06968e53aa1ee8de207fd955335c754b7", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 8174fb3..9da3b1a 100644 --- a/flake.nix +++ b/flake.nix @@ -6,7 +6,6 @@ flake-parts.url = "github:hercules-ci/flake-parts"; hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix"; - myvim.url = "github:lukaswrz/myvim"; }; outputs = { @@ -18,30 +17,29 @@ flake-parts.lib.mkFlake {inherit inputs;} { systems = ["x86_64-linux" "aarch64-linux"]; - flake = let - commonNixosSystem = name: class: - nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs; - attrName = name; + flake = { + nixosConfigurations = let + commonNixosSystem = name: + nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + attrName = name; + }; + modules = [ + inputs.agenix.nixosModules.default + + ./common + ./hosts/${name} + + ({lib, ...}: {networking.hostName = lib.mkDefault name;}) + ]; }; - modules = [ - inputs.agenix.nixosModules.default - - ./common - ./class/${class} - ./hosts/${name} - - ({lib, ...}: {networking.hostName = lib.mkDefault name;}) - ]; - }; - in { - nixosConfigurations = builtins.mapAttrs commonNixosSystem { - glacier = "desktop"; - flamingo = "desktop"; - abacus = "server"; - vessel = "server"; - }; + in + nixpkgs.lib.genAttrs [ + "abacus" + "vessel" + ] + commonNixosSystem; }; perSystem = { diff --git a/hosts/abacus/backup.nix b/hosts/abacus/backup.nix index 77f3a1d..204ca06 100644 --- a/hosts/abacus/backup.nix +++ b/hosts/abacus/backup.nix @@ -8,7 +8,11 @@ services.restic.backups.${attrName} = { repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; initialize = true; - paths = [config.services.syncthing.dataDir]; + paths = [ + config.services.vaultwarden.backupDir + # TODO + # config.services.syncthing.dataDir + ]; passwordFile = config.age.secrets."restic-${attrName}".path; pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; timerConfig = { diff --git a/hosts/abacus/conduit.nix b/hosts/abacus/conduit.nix deleted file mode 100644 index a59b15a..0000000 --- a/hosts/abacus/conduit.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ - config, - pkgs, - ... -}: let - inherit (config.networking) domain; - subdomain = "matrix"; - jsonFormat = pkgs.formats.json {}; - wellKnownServer = jsonFormat.generate "well-known-matrix-server" { - "m.server" = "${subdomain}.${domain}:443"; - }; - wellKnownClient = jsonFormat.generate "well-known-matrix-client" { - "m.homeserver".base_url = "https://${subdomain}.${domain}"; - }; -in { - services.matrix-conduit = { - enable = true; - - settings.global = { - server_name = domain; - - address = "127.0.0.1"; - port = 8010; - - database_backend = "rocksdb"; - - allow_registration = false; - }; - }; - - systemd.services.conduit.serviceConfig.LimitNOFILE = 8192; - - services.nginx.virtualHosts = { - ${domain}.locations = { - "=/.well-known/matrix/server" = { - alias = wellKnownServer; - - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin "*"; - ''; - }; - - "=/.well-known/matrix/client" = { - alias = wellKnownClient; - - extraConfig = '' - default_type application/json; - add_header Access-Control-Allow-Origin "*"; - ''; - }; - }; - - "${subdomain}.${domain}" = { - enableACME = true; - forceSSL = true; - quic = true; - - locations = { - "/".return = "404"; - - "/_matrix/" = { - proxyPass = "http://${config.services.matrix-conduit.settings.global.address}:${toString config.services.matrix-conduit.settings.global.port}"; - proxyWebsockets = true; - - extraConfig = '' - proxy_buffering off; - ''; - }; - }; - - extraConfig = '' - merge_slashes off; - ''; - }; - }; -} diff --git a/hosts/abacus/default.nix b/hosts/abacus/default.nix index 2c20658..77266fc 100644 --- a/hosts/abacus/default.nix +++ b/hosts/abacus/default.nix @@ -12,7 +12,7 @@ boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"]; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; powerManagement.cpuFreqGovernor = "performance"; diff --git a/hosts/abacus/microbin.nix b/hosts/abacus/microbin.nix index 27fb007..831fec1 100644 --- a/hosts/abacus/microbin.nix +++ b/hosts/abacus/microbin.nix @@ -11,8 +11,6 @@ in { MICROBIN_BIND = "localhost"; MICROBIN_PORT = 8020; - MICROBIN_ADMIN_USERNAME = "lukas"; - MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/"; MICROBIN_QR = true; diff --git a/hosts/abacus/miniflux.nix b/hosts/abacus/miniflux.nix index df96c2a..6389afd 100644 --- a/hosts/abacus/miniflux.nix +++ b/hosts/abacus/miniflux.nix @@ -1,15 +1,21 @@ {config, ...}: let inherit (config.networking) domain; - virtualHostName = "bin.${domain}"; + virtualHostName = "flux.${domain}"; in { + age.secrets.miniflux = { + file = ../../secrets/miniflux.age; + owner = config.systemd.services.miniflux.serviceConfig.User; + }; + services.miniflux = { enable = true; createDatabaseLocally = true; - adminCredentialsFile = ""; + adminCredentialsFile = config.age.secrets.miniflux.path; config = { - LISTEN_ADDR = "localhost:8040"; + LISTEN_ADDR = "localhost:8030"; BASE_URL = "https://${virtualHostName}"; - WEBAUTHN = true; + CREATE_ADMIN = 1; + WEBAUTHN = 1; }; }; diff --git a/hosts/abacus/vaultwarden.nix b/hosts/abacus/vaultwarden.nix index 6371283..bcaa49e 100644 --- a/hosts/abacus/vaultwarden.nix +++ b/hosts/abacus/vaultwarden.nix @@ -1,6 +1,7 @@ {config, ...}: let inherit (config.networking) domain; virtualHostName = "vault.${domain}"; + backupDir = "/srv/backup/vaultwarden"; in { age.secrets.vaultwarden = { file = ../../secrets/vaultwarden.age; @@ -11,6 +12,10 @@ in { services.vaultwarden = { enable = true; + dbBackend = "sqlite"; + + inherit backupDir; + config = { DOMAIN = "https://${virtualHostName}"; @@ -24,6 +29,8 @@ in { environmentFile = config.age.secrets.vaultwarden.path; }; + systemd.timers.backup-vaultwarden.timerConfig.OnCalendar = "*-*-* 02:00:00"; + services.nginx.virtualHosts.${virtualHostName} = { enableACME = true; forceSSL = true; diff --git a/hosts/flamingo/default.nix b/hosts/flamingo/default.nix deleted file mode 100644 index bf13491..0000000 --- a/hosts/flamingo/default.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - inputs, - modulesPath, - ... -}: { - imports = [ - "${modulesPath}/installer/scan/not-detected.nix" - - inputs.hardware.nixosModules.lenovo-thinkpad-t480 - ]; - - nixpkgs.hostPlatform = "x86_64-linux"; - - boot = { - initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - kernelModules = ["kvm-intel"]; - }; - - system.stateVersion = "24.05"; - - powerManagement.cpuFreqGovernor = "powersave"; - - console.keyMap = "de"; - services.xserver.layout = "de"; -} diff --git a/hosts/glacier/default.nix b/hosts/glacier/default.nix deleted file mode 100644 index 18884b9..0000000 --- a/hosts/glacier/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - inputs, - modulesPath, - ... -}: { - imports = [ - "${modulesPath}/installer/scan/not-detected.nix" - - inputs.hardware.nixosModules.common-cpu-amd - inputs.hardware.nixosModules.common-gpu-amd - inputs.hardware.nixosModules.common-pc-ssd - - ./printing.nix - ]; - - nixpkgs.hostPlatform = "x86_64-linux"; - - boot = { - initrd = { - availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; - kernelModules = ["amdgpu"]; - }; - kernelModules = ["kvm-amd"]; - binfmt.emulatedSystems = ["aarch64-linux"]; - }; - - system.stateVersion = "24.11"; - - powerManagement.cpuFreqGovernor = "performance"; -} diff --git a/hosts/glacier/printing.nix b/hosts/glacier/printing.nix deleted file mode 100644 index f1fb132..0000000 --- a/hosts/glacier/printing.nix +++ /dev/null @@ -1,6 +0,0 @@ -{pkgs, ...}: { - services.printing.drivers = with pkgs; [ - epson-escpr - epson-escpr2 - ]; -} diff --git a/hosts/vessel/backup.nix b/hosts/vessel/backup.nix index 1b59552..0dd65bf 100644 --- a/hosts/vessel/backup.nix +++ b/hosts/vessel/backup.nix @@ -6,39 +6,39 @@ ... }: let backupPath = "/srv/backup"; - backups = { - storage = "/srv/storage"; - safe = "/srv/safe"; - sync = config.services.syncthing.dataDir; - }; + backups = { + storage = "/srv/storage"; + safe = "/srv/safe"; + sync = config.services.syncthing.dataDir; + }; in { systemd = lib.mkMerge (map ( - backupName: let - systemdName = "${backupName}-backup"; - in { - timers.${systemdName} = { - description = "Local rsync Backup ${backupName}"; - wantedBy = ["timers.target"]; - timerConfig = { - OnCalendar = "*-*-* 03:00:00"; - Persistent = true; - Unit = "${systemdName}.service"; - }; + backupName: let + systemdName = "${backupName}-backup"; + in { + timers.${systemdName} = { + description = "Local rsync Backup ${backupName}"; + wantedBy = ["timers.target"]; + timerConfig = { + OnCalendar = "*-*-* 03:00:00"; + Persistent = true; + Unit = "${systemdName}.service"; }; + }; - services.${systemdName} = { - description = "Local rsync Backup ${backupName}"; - serviceConfig = { - Type = "oneshot"; - User = "root"; - Group = "root"; - }; - script = '' - ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/ - ''; + services.${systemdName} = { + description = "Local rsync Backup ${backupName}"; + serviceConfig = { + Type = "oneshot"; + User = "root"; + Group = "root"; }; - } - ) (lib.attrNames backups)); + script = '' + ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/ + ''; + }; + } + ) (lib.attrNames backups)); fileSystems.${backupPath} = { label = "backup"; @@ -51,7 +51,10 @@ in { services.restic.backups.${attrName} = { repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; initialize = true; - paths = [backups.safe backups.sync]; + paths = [ + backups.safe + backups.sync + ]; passwordFile = config.age.secrets."restic-${attrName}".path; pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; timerConfig = { diff --git a/hosts/vessel/default.nix b/hosts/vessel/default.nix index 7c7fcf3..599fd48 100644 --- a/hosts/vessel/default.nix +++ b/hosts/vessel/default.nix @@ -23,7 +23,7 @@ kernelModules = ["kvm-intel"]; }; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; powerManagement.cpuFreqGovernor = "powersave"; } diff --git a/hosts/vessel/storage.nix b/hosts/vessel/storage.nix index ed5de47..61d5ea7 100644 --- a/hosts/vessel/storage.nix +++ b/hosts/vessel/storage.nix @@ -1,14 +1,14 @@ { systemd.tmpfiles.settings = { "10-safe"."/srv/safe".d = { - user = "root"; - group = "root"; + user = "lukas"; + group = "users"; mode = "0755"; }; "10-storage"."/srv/storage".d = { - user = "root"; - group = "root"; + user = "lukas"; + group = "users"; mode = "0755"; }; }; diff --git a/pubkeys.nix b/pubkeys.nix index bcf77d0..9ae30e3 100644 --- a/pubkeys.nix +++ b/pubkeys.nix @@ -5,10 +5,8 @@ let }; hosts = { - glacier = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrKpoDV/ImivtTZVbSsQ59IbGYVvSsKls4av2Zc9Nk8"; abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg"; vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d"; - flamingo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInV+UpCZhoTwgkgnCzCPEu3TD5b5mu6tagRslljrFJ/"; }; in { inherit users hosts; diff --git a/secrets/microbin.age b/secrets/microbin.age index 67480f3..644d7ea 100644 Binary files a/secrets/microbin.age and b/secrets/microbin.age differ diff --git a/secrets/miniflux.age b/secrets/miniflux.age new file mode 100644 index 0000000..3a9e5bf --- /dev/null +++ b/secrets/miniflux.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 SFHVrw 7IUsgabq/d+4prqwDCSwfrVvEEhp4nVYRvlYtBaReEY +OgSjIcOOnzIzRphDnpUOdisOxhfou9cQ2xPD7LxPkD8 +-> ssh-ed25519 S+dwQQ XgeEXzPoIW/AbGN5Mj+Z9QV/xmjqybEVgQ0lpFov4GI +n4v/ulFqPZcCj9Z0V/rpXLgO9V1KEx5XkctB+UQX7gM +-> ssh-ed25519 ffmsLw KE3L3CV3hBXZZ0Uup6ggdO0JNgQZNwRW1bgLQu59CQE +KkZK1aZ740LPYKblEINVwNrThrMKiI85xvu2Zj2wfzw +--- Hhtrr0g6S2TYjX6bIT0pmpRF6Gr/HazJXo6uuoeVh+M +)0QV [: ^Uj3C o{!S;s ssh-ed25519 SFHVrw ZKy5pT2k8ZMK3ez4sKvUluIO/HHenkp6/tqo1tXnWBI -PQiVjRobbDylgCW5bMhwZDwYz/eLKpepAZ5Ou7JSTQQ --> ssh-ed25519 S+dwQQ AhVo9/MEPtEc8JqAvW8PxmVHPaVf2vyJjz/2DN8C9HY -GbwL6xaEW0odeap37KDlCswK7PFsULYAoSjvb6oqVjE --> ssh-ed25519 ffmsLw iGaG+Ee3Zpa6dY8ZEN8mgUxj4CwufnBBypxOrUmKvXM -JkiSWVQ+eY0yegEXprWAvuh3CBCJzEs8og2yXLMBYIU ---- ndbarJZU8KYlzxybpyTvoU2B9Fnu3maf4sqbBFlsJ7I - aYq~:+5lCG ^*y]n5M(c>NaD'>e@tHi2(H -(>j+ˍʦɿLk#i.ຈ?O=m 7|fzR --GD K+i;koJ<#F= \ No newline at end of file +-> ssh-ed25519 SFHVrw OkFXbD1FlYU64gTMHZgLyc/ogQHGcagZiaRU6mNzqWQ +XxdusqcB4ad4ox6aE2ghSFxRQ3MElK0STCtN65AlKd8 +-> ssh-ed25519 S+dwQQ 3vSuLSzdWoQLVqJ02cB1rJPP1Cv1bawD6aKpmthfNwY +XSMaXG0dqcVtSWZZ64qKbmWBCPjcoFQDawr4euGYAdg +-> ssh-ed25519 ffmsLw EIBfN2nt0+JXJb1RgOx6mvhGqFePpTyKXPqN4nfb2g4 +ZTspMuw8Mrru3kpHhSDIOeAE0f9YtE5UylB2llhjXtI +--- 579tsTYYUv0O4FJ9lbtRG9GV4faV4qFC/ErzDicBhfE +(_ؘrjGzP3A矡F8ɔzP"RLg<2*DeuqXv|z,} R"7Fstl|aJ~ʶAdI0K:Akgϭ4ϧT/ @#$|P7G^: \ No newline at end of file