helvetica/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

stuff

Browse source
This commit is contained in:
Lukas Wurzinger 2024-08-18 14:54:44 +02:00
parent 7b2a024010
commit 6375d98a74
53 changed files with 112 additions and 852 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
class/desktop/clipboard.nix
View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.wl-clipboard];
}

21
class/desktop/default.nix
View file

@ -1,21 +0,0 @@
{
imports = [
./clipboard.nix
./flatpak.nix
./fonts.nix
./fs.nix
./gamemode.nix
./hardware.nix
./location.nix
./mullvad.nix
./neovide.nix
./networking.nix
./pipewire.nix
./plasma.nix
./printing.nix
./syncthing.nix
./users.nix
./vm.nix
./wine.nix
];
}

3
class/desktop/flatpak.nix
View file

@ -1,3 +0,0 @@
{
services.flatpak.enable = true;
}

27
class/desktop/fonts.nix
View file

@ -1,27 +0,0 @@
{pkgs, ...}: {
fonts = {
enableDefaultPackages = true;
packages = [
pkgs.noto-fonts
pkgs.noto-fonts-extra
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.noto-fonts-monochrome-emoji
pkgs.noto-fonts-color-emoji
(pkgs.nerdfonts.override {fonts = ["FiraCode"];})
];
fontconfig = {
enable = true;
defaultFonts = {
monospace = ["FiraCode Nerd Font"];
sansSerif = ["Noto Sans"];
serif = ["Noto Serif"];
emoji = ["Noto Color Emoji" "Noto Emoji"];
};
};
fontDir.enable = true;
};
}

5
class/desktop/fs.nix
View file

@ -1,5 +0,0 @@
{
boot.initrd.luks.devices.main.device = "/dev/disk/by-label/cryptmain";
fileSystems."/".device = "/dev/mapper/main";
}

18
class/desktop/gamemode.nix
View file

@ -1,18 +0,0 @@
{
lib,
pkgs,
...
}: {
programs.gamemode = {
enable = true;
settings = {
general = {
renice = 10;
};
custom = {
start = "${lib.getExe pkgs.libnotify} 'GameMode started'";
end = "${lib.getExe pkgs.libnotify} 'GameMode stopped'";
};
};
};
}

20
class/desktop/hardware.nix
View file

@ -1,20 +0,0 @@
{pkgs, ...}: {
hardware = {
bluetooth.enable = true;
xone.enable = true;
xpadneo.enable = true;
opentabletdriver.enable = true;
graphics = {
enable = true;
enable32Bit = true;
extraPackages = [
pkgs.libvdpau-va-gl
pkgs.vaapiVdpau
];
extraPackages32 = [
pkgs.pkgsi686Linux.libvdpau-va-gl
pkgs.pkgsi686Linux.vaapiVdpau
];
};
};
}

5
class/desktop/location.nix
View file

@ -1,5 +0,0 @@
{
location.provider = "geoclue2";
services.automatic-timezoned.enable = true;
}

6
class/desktop/mullvad.nix
View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
}

5
class/desktop/neovide.nix
View file

@ -1,5 +0,0 @@
{pkgs, ...}: let
package = pkgs.neovide;
in {
environment.systemPackages = [package];
}

37
class/desktop/networking.nix
View file

@ -1,37 +0,0 @@
{
services.resolved.enable = true;
networking = {
networkmanager = {
enable = true;
dns = "systemd-resolved";
};
firewall = {
allowedTCPPorts = [
# Spotify track sync
57621
# Steam Remote Play
27036
# Source Dedicated Server SRCDS Rcon port
27015
# Syncthing TCP based sync protocol traffic
22000
];
allowedUDPPorts = [
# Source Dedicated Server gameplay traffic
27015
# Syncthing QUIC based sync protocol traffic
22000
# Syncthing port for discovery broadcasts on IPv4 and multicasts on IPv6
21027
];
allowedUDPPortRanges = [
# Steam Remote Play
{
from = 27031;
to = 27036;
}
];
};
};
}

12
class/desktop/pipewire.nix
View file

@ -1,12 +0,0 @@
{
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
wireplumber.enable = true;
alsa.enable = true;
pulse.enable = true;
jack.enable = true;
};
}

25
class/desktop/plasma.nix
View file

@ -1,25 +0,0 @@
{
lib,
pkgs,
...
}: {
services = {
desktopManager.plasma6.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
};
environment.systemPackages = with pkgs.kdePackages; [sddm-kcm discover kate];
programs = {
kdeconnect.enable = true;
partition-manager.enable = true;
};
xdg.portal = {
xdgOpenUsePortal = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
}

10
class/desktop/printing.nix
View file

@ -1,10 +0,0 @@
{
services = {
printing = {
enable = true;
webInterface = true;
cups-pdf.enable = true;
};
system-config-printer.enable = true;
};
}

10
class/desktop/syncthing.nix
View file

@ -1,10 +0,0 @@
{
#what?
services.syncthing = {
enable = true;
overrideDevices = false;
overrideFolders = false;
};
systemd.user.services.syncthing.wantedBy = ["default.target"];
}

5
class/desktop/users.nix
View file

@ -1,5 +0,0 @@
{
users.mutableUsers = true;
# install neovide/neovim for user?
}

4
class/desktop/vm.nix
View file

@ -1,4 +0,0 @@
{
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
}

3
class/desktop/wine.nix
View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.wineWowPackages.stableFull];
}

7
class/server/default.nix
View file

@ -1,7 +0,0 @@
{
imports = [
./fs.nix
./time.nix
./users.nix
];
}

3
class/server/fs.nix
View file

@ -1,3 +0,0 @@
{
fileSystems."/".label = "main";
}

3
class/server/users.nix
View file

@ -1,3 +0,0 @@
{
users.mutableUsers = false;
}

15
common/avahi.nix
View file

@ -1,15 +0,0 @@
{
services.avahi = {
enable = true;
nssmdns4 = true;
nssmdns6 = true;
publish = {
enable = true;
addresses = true;
domain = true;
hinfo = true;
userServices = true;
workstation = true;
};
};
}

2
common/bash.nix
View file

@ -1,5 +1,5 @@
{ {
programs.bash. interactiveShellInit = '' programs.bash.interactiveShellInit = ''
shopt -s autocd globstar failglob extglob checkwinsize shopt -s autocd globstar failglob extglob checkwinsize
''; '';
} }

5
common/default.nix
View file

@ -1,22 +1,21 @@
{ {
imports = [ imports = [
./bash.nix ./bash.nix
./cnf.nix
./fish.nix
./boot.nix ./boot.nix
./bottom.nix ./bottom.nix
./cnf.nix
./dbus.nix ./dbus.nix
./direnv.nix ./direnv.nix
./fs.nix ./fs.nix
./fwupd.nix ./fwupd.nix
./git.nix ./git.nix
./neovim.nix
./nix.nix ./nix.nix
./readline.nix ./readline.nix
./ssh.nix ./ssh.nix
./starship.nix ./starship.nix
./sudo.nix ./sudo.nix
./swap.nix ./swap.nix
./time.nix
./users.nix ./users.nix
]; ];
} }

15
common/fish.nix
View file

@ -1,15 +0,0 @@
{pkgs, ...}: {
programs.fish.enable = true;
users.defaultUserShell = pkgs.fish;
nixpkgs.overlays = [
(final: prev: {
fish = prev.fish.overrideAttrs (_: {
postInstall = ''
rm $out/share/applications/fish.desktop
'';
});
})
];
}

1
common/fs.nix
View file

@ -4,6 +4,7 @@
fileSystems = { fileSystems = {
"/" = { "/" = {
fsType = "ext4"; fsType = "ext4";
label = "main";
options = ["noatime"]; options = ["noatime"];
}; };
"/boot" = { "/boot" = {

17
common/neovim.nix
View file

@ -1,17 +0,0 @@
{
inputs,
lib,
pkgs,
...
}: {
environment = let
package = inputs.myvim.packages.${pkgs.system}.default.overrideAttrs (oldAttrs: {
postInstall = ''
rm $out/share/applications/nvim.desktop
'';
});
in {
systemPackages = [package];
variables = lib.genAttrs ["EDITOR" "VISUAL"] (_: lib.getExe package);
};
}

1
common/readline.nix
View file

@ -12,6 +12,7 @@
Control-a: beginning-of-line Control-a: beginning-of-line
Tab: menu-complete Tab: menu-complete
"\e[Z": complete "\e[Z": complete
set keymap vi-insert set keymap vi-insert
Control-l: clear-screen Control-l: clear-screen
Control-a: beginning-of-line Control-a: beginning-of-line

0
class/server/time.nix → common/time.nix
View file

2
common/users.nix
View file

@ -2,6 +2,8 @@
age.secrets.user-lukas.file = ../secrets/user-lukas.age; age.secrets.user-lukas.file = ../secrets/user-lukas.age;
users = { users = {
mutableUsers = false;
groups.lukas.gid = 1000; groups.lukas.gid = 1000;
users = { users = {

3
common/zellij.nix
View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.zellij];
}

353
flake.lock
View file

@ -43,42 +43,6 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
@ -97,120 +61,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
"myvim",
"nixvim",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722857853,
"narHash": "sha256-3Zx53oz/MSIyevuWO/SumxABkrIvojnB7g9cimxkhiE=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "06939f6b7ec4d4f465bf3132a05367cccbbf64da",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"myvim",
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hardware": { "hardware": {
"locked": { "locked": {
"lastModified": 1723310128, "lastModified": 1723310128,
@ -247,70 +97,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_2": {
"inputs": {
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722630065,
"narHash": "sha256-QfM/9BMRkCmgWzrPDK+KbgJOUlSJnfX4OvsUupEUZvA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "afc892db74d65042031a093adb6010c4c3378422",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"myvim": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2",
"nixvim": "nixvim"
},
"locked": {
"lastModified": 1723337900,
"narHash": "sha256-sikwTpsSGRagCWS8wVP731ibDFuwZUj2+nukOjJifKo=",
"owner": "lukaswrz",
"repo": "myvim",
"rev": "c39a65463856678ee5dfd691e0d6acf1a4106331",
"type": "github"
},
"original": {
"owner": "lukaswrz",
"repo": "myvim",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722924007,
"narHash": "sha256-+CQDamNwqO33REJLft8c26NbUi2Td083hq6SvAm2xkU=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "91010a5613ffd7ee23ee9263213157a1c422b705",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1703013332,
@ -339,41 +125,13 @@
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
} }
}, },
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1720605482, "lastModified": 1723637854,
"narHash": "sha256-PGLu9cTfSkqmDVd7cJswAckrd4WrtWHhGuqD4MWOwkU=", "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fb2e1920b2f0d9970c83e26319f7a1285ecbf2fe", "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fb2e1920b2f0d9970c83e26319f7a1285ecbf2fe",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1722813957,
"narHash": "sha256-IAoYyYnED7P8zrBFMnmp7ydaJfwTnwcnqxUElC1I26Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cb9a96f23c491c081b38eab96d22fa958043c9fa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -383,78 +141,12 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": {
"locked": {
"lastModified": 1723362943,
"narHash": "sha256-dFZRVSgmJkyM0bkPpaYRtG/kRMRTorUIDj8BxoOt1T4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a58bc8ad779655e790115244571758e8de055e3d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_3",
"git-hooks": "git-hooks",
"home-manager": "home-manager_2",
"nix-darwin": "nix-darwin",
"nixpkgs": "nixpkgs_3",
"nuschtosSearch": "nuschtosSearch",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1723230145,
"narHash": "sha256-FyjcuYZMqXdiKOXkHaIC2ubag+TPV9Z12urC/sdVI6A=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "4852f94f8ccae551514df0092a077014bafb95ca",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722772237,
"narHash": "sha256-3eCYmzeLngX8eutIsTZAG8DIvT/0DWQQxiszTQz8n0s=",
"owner": "NuschtOS",
"repo": "search",
"rev": "aa5f6246565cc9b1e697d2c9d6ed2c842b17fff6",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"hardware": "hardware", "hardware": "hardware",
"myvim": "myvim", "nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_4"
} }
}, },
"systems": { "systems": {
@ -471,43 +163,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"myvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722330636,
"narHash": "sha256-uru7JzOa33YlSRwf9sfXpJG+UAV+bnBEYMjrzKrQZFw=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "768acdb06968e53aa1ee8de207fd955335c754b7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

46
flake.nix
View file

@ -6,7 +6,6 @@
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
hardware.url = "github:NixOS/nixos-hardware"; hardware.url = "github:NixOS/nixos-hardware";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
myvim.url = "github:lukaswrz/myvim";
}; };
outputs = { outputs = {
@ -18,30 +17,29 @@
flake-parts.lib.mkFlake {inherit inputs;} { flake-parts.lib.mkFlake {inherit inputs;} {
systems = ["x86_64-linux" "aarch64-linux"]; systems = ["x86_64-linux" "aarch64-linux"];
flake = let flake = {
commonNixosSystem = name: class: nixosConfigurations = let
nixpkgs.lib.nixosSystem { commonNixosSystem = name:
specialArgs = { nixpkgs.lib.nixosSystem {
inherit inputs; specialArgs = {
attrName = name; inherit inputs;
attrName = name;
};
modules = [
inputs.agenix.nixosModules.default
./common
./hosts/${name}
({lib, ...}: {networking.hostName = lib.mkDefault name;})
];
}; };
modules = [ in
inputs.agenix.nixosModules.default nixpkgs.lib.genAttrs [
"abacus"
./common "vessel"
./class/${class} ]
./hosts/${name} commonNixosSystem;
({lib, ...}: {networking.hostName = lib.mkDefault name;})
];
};
in {
nixosConfigurations = builtins.mapAttrs commonNixosSystem {
glacier = "desktop";
flamingo = "desktop";
abacus = "server";
vessel = "server";
};
}; };
perSystem = { perSystem = {

6
hosts/abacus/backup.nix
View file

@ -8,7 +8,11 @@
services.restic.backups.${attrName} = { services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true; initialize = true;
paths = [config.services.syncthing.dataDir]; paths = [
config.services.vaultwarden.backupDir
# TODO
# config.services.syncthing.dataDir
];
passwordFile = config.age.secrets."restic-${attrName}".path; passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = { timerConfig = {

77
hosts/abacus/conduit.nix
View file

@ -1,77 +0,0 @@
{
config,
pkgs,
...
}: let
inherit (config.networking) domain;
subdomain = "matrix";
jsonFormat = pkgs.formats.json {};
wellKnownServer = jsonFormat.generate "well-known-matrix-server" {
"m.server" = "${subdomain}.${domain}:443";
};
wellKnownClient = jsonFormat.generate "well-known-matrix-client" {
"m.homeserver".base_url = "https://${subdomain}.${domain}";
};
in {
services.matrix-conduit = {
enable = true;
settings.global = {
server_name = domain;
address = "127.0.0.1";
port = 8010;
database_backend = "rocksdb";
allow_registration = false;
};
};
systemd.services.conduit.serviceConfig.LimitNOFILE = 8192;
services.nginx.virtualHosts = {
${domain}.locations = {
"=/.well-known/matrix/server" = {
alias = wellKnownServer;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
"=/.well-known/matrix/client" = {
alias = wellKnownClient;
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "*";
'';
};
};
"${subdomain}.${domain}" = {
enableACME = true;
forceSSL = true;
quic = true;
locations = {
"/".return = "404";
"/_matrix/" = {
proxyPass = "http://${config.services.matrix-conduit.settings.global.address}:${toString config.services.matrix-conduit.settings.global.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffering off;
'';
};
};
extraConfig = ''
merge_slashes off;
'';
};
};
}

2
hosts/abacus/default.nix
View file

@ -12,7 +12,7 @@
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"]; boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod"];
system.stateVersion = "24.05"; system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";

2
hosts/abacus/microbin.nix
View file

@ -11,8 +11,6 @@ in {
MICROBIN_BIND = "localhost"; MICROBIN_BIND = "localhost";
MICROBIN_PORT = 8020; MICROBIN_PORT = 8020;
MICROBIN_ADMIN_USERNAME = "lukas";
MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/"; MICROBIN_PUBLIC_PATH = "https://${virtualHostName}/";
MICROBIN_QR = true; MICROBIN_QR = true;

14
hosts/abacus/miniflux.nix
View file

@ -1,15 +1,21 @@
{config, ...}: let {config, ...}: let
inherit (config.networking) domain; inherit (config.networking) domain;
virtualHostName = "bin.${domain}"; virtualHostName = "flux.${domain}";
in { in {
age.secrets.miniflux = {
file = ../../secrets/miniflux.age;
owner = config.systemd.services.miniflux.serviceConfig.User;
};
services.miniflux = { services.miniflux = {
enable = true; enable = true;
createDatabaseLocally = true; createDatabaseLocally = true;
adminCredentialsFile = ""; adminCredentialsFile = config.age.secrets.miniflux.path;
config = { config = {
LISTEN_ADDR = "localhost:8040"; LISTEN_ADDR = "localhost:8030";
BASE_URL = "https://${virtualHostName}"; BASE_URL = "https://${virtualHostName}";
WEBAUTHN = true; CREATE_ADMIN = 1;
WEBAUTHN = 1;
}; };
}; };

7
hosts/abacus/vaultwarden.nix
View file

@ -1,6 +1,7 @@
{config, ...}: let {config, ...}: let
inherit (config.networking) domain; inherit (config.networking) domain;
virtualHostName = "vault.${domain}"; virtualHostName = "vault.${domain}";
backupDir = "/srv/backup/vaultwarden";
in { in {
age.secrets.vaultwarden = { age.secrets.vaultwarden = {
file = ../../secrets/vaultwarden.age; file = ../../secrets/vaultwarden.age;
@ -11,6 +12,10 @@ in {
services.vaultwarden = { services.vaultwarden = {
enable = true; enable = true;
dbBackend = "sqlite";
inherit backupDir;
config = { config = {
DOMAIN = "https://${virtualHostName}"; DOMAIN = "https://${virtualHostName}";
@ -24,6 +29,8 @@ in {
environmentFile = config.age.secrets.vaultwarden.path; environmentFile = config.age.secrets.vaultwarden.path;
}; };
systemd.timers.backup-vaultwarden.timerConfig.OnCalendar = "*-*-* 02:00:00";
services.nginx.virtualHosts.${virtualHostName} = { services.nginx.virtualHosts.${virtualHostName} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

25
hosts/flamingo/default.nix
View file

@ -1,25 +0,0 @@
{
inputs,
modulesPath,
...
}: {
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
inputs.hardware.nixosModules.lenovo-thinkpad-t480
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
kernelModules = ["kvm-intel"];
};
system.stateVersion = "24.05";
powerManagement.cpuFreqGovernor = "powersave";
console.keyMap = "de";
services.xserver.layout = "de";
}

30
hosts/glacier/default.nix
View file

@ -1,30 +0,0 @@
{
inputs,
modulesPath,
...
}: {
imports = [
"${modulesPath}/installer/scan/not-detected.nix"
inputs.hardware.nixosModules.common-cpu-amd
inputs.hardware.nixosModules.common-gpu-amd
inputs.hardware.nixosModules.common-pc-ssd
./printing.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
initrd = {
availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = ["amdgpu"];
};
kernelModules = ["kvm-amd"];
binfmt.emulatedSystems = ["aarch64-linux"];
};
system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "performance";
}

6
hosts/glacier/printing.nix
View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
services.printing.drivers = with pkgs; [
epson-escpr
epson-escpr2
];
}

61
hosts/vessel/backup.nix
View file

@ -6,39 +6,39 @@
... ...
}: let }: let
backupPath = "/srv/backup"; backupPath = "/srv/backup";
backups = { backups = {
storage = "/srv/storage"; storage = "/srv/storage";
safe = "/srv/safe"; safe = "/srv/safe";
sync = config.services.syncthing.dataDir; sync = config.services.syncthing.dataDir;
}; };
in { in {
systemd = lib.mkMerge (map ( systemd = lib.mkMerge (map (
backupName: let backupName: let
systemdName = "${backupName}-backup"; systemdName = "${backupName}-backup";
in { in {
timers.${systemdName} = { timers.${systemdName} = {
description = "Local rsync Backup ${backupName}"; description = "Local rsync Backup ${backupName}";
wantedBy = ["timers.target"]; wantedBy = ["timers.target"];
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 03:00:00"; OnCalendar = "*-*-* 03:00:00";
Persistent = true; Persistent = true;
Unit = "${systemdName}.service"; Unit = "${systemdName}.service";
};
}; };
};
services.${systemdName} = { services.${systemdName} = {
description = "Local rsync Backup ${backupName}"; description = "Local rsync Backup ${backupName}";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";
Group = "root"; Group = "root";
};
script = ''
${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/
'';
}; };
} script = ''
) (lib.attrNames backups)); ${lib.getExe pkgs.rsync} --verbose --verbose --archive --update --delete --mkpath ${backups.${backupName}} ${backupPath}/${backupName}/
'';
};
}
) (lib.attrNames backups));
fileSystems.${backupPath} = { fileSystems.${backupPath} = {
label = "backup"; label = "backup";
@ -51,7 +51,10 @@ in {
services.restic.backups.${attrName} = { services.restic.backups.${attrName} = {
repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}"; repository = "sftp:u385962@u385962.your-storagebox.de:/restic/${attrName}";
initialize = true; initialize = true;
paths = [backups.safe backups.sync]; paths = [
backups.safe
backups.sync
];
passwordFile = config.age.secrets."restic-${attrName}".path; passwordFile = config.age.secrets."restic-${attrName}".path;
pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"]; pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12"];
timerConfig = { timerConfig = {

2
hosts/vessel/default.nix
View file

@ -23,7 +23,7 @@
kernelModules = ["kvm-intel"]; kernelModules = ["kvm-intel"];
}; };
system.stateVersion = "24.05"; system.stateVersion = "24.11";
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
} }

8
hosts/vessel/storage.nix
View file

@ -1,14 +1,14 @@
{ {
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-safe"."/srv/safe".d = { "10-safe"."/srv/safe".d = {
user = "root"; user = "lukas";
group = "root"; group = "users";
mode = "0755"; mode = "0755";
}; };
"10-storage"."/srv/storage".d = { "10-storage"."/srv/storage".d = {
user = "root"; user = "lukas";
group = "root"; group = "users";
mode = "0755"; mode = "0755";
}; };
}; };

2
pubkeys.nix
View file

@ -5,10 +5,8 @@ let
}; };
hosts = { hosts = {
glacier = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrKpoDV/ImivtTZVbSsQ59IbGYVvSsKls4av2Zc9Nk8";
abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg"; abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg";
vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d"; vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d";
flamingo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIInV+UpCZhoTwgkgnCzCPEu3TD5b5mu6tagRslljrFJ/";
}; };
in { in {
inherit users hosts; inherit users hosts;

BIN
secrets/microbin.age
View file

Binary file not shown.

9
secrets/miniflux.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw 7IUsgabq/d+4prqwDCSwfrVvEEhp4nVYRvlYtBaReEY
OgSjIcOOnzIzRphDnpUOdisOxhfou9cQ2xPD7LxPkD8
-> ssh-ed25519 S+dwQQ XgeEXzPoIW/AbGN5Mj+Z9QV/xmjqybEVgQ0lpFov4GI
n4v/ulFqPZcCj9Z0V/rpXLgO9V1KEx5XkctB+UQX7gM
-> ssh-ed25519 ffmsLw KE3L3CV3hBXZZ0Uup6ggdO0JNgQZNwRW1bgLQu59CQE
KkZK1aZ740LPYKblEINVwNrThrMKiI85xvu2Zj2wfzw
--- Hhtrr0g6S2TYjX6bIT0pmpRF6Gr/HazJXo6uuoeVh+M
ì)0QVæ çª[’Ø:ó åìæ^õ¶£ÜUj÷®Ò†÷Ñ3ÐC— o§{!S;š»˜ós<ŒGf³w#{<1F>%d÷Ñ M¾Q~Zpôý‡ÆzÖ¿¥2

BIN
secrets/restic-abacus.age Normal file
View file

Binary file not shown.

BIN
secrets/restic-vessel.age
View file

Binary file not shown.

3
secrets/secrets.nix
View file

@ -2,8 +2,9 @@ with import ../pubkeys.nix; {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts); "user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues hosts);
"microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"miniflux.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus]; "vaultwarden.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
"restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel]; "restic-vessel.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel];
"restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.vessel]; "restic-abacus.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];
} }

BIN
secrets/user-lukas.age
View file

Binary file not shown.

18
secrets/vaultwarden.age
View file

@ -1,11 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 SFHVrw ZKy5pT2k8ZMK3ez4sKvUluIO/HHenkp6/tqo1tXnWBI -> ssh-ed25519 SFHVrw OkFXbD1FlYU64gTMHZgLyc/ogQHGcagZiaRU6mNzqWQ
PQiVjRobbDylgCW5bMhwZDwYz/eLKpepAZ5Ou7JSTQQ XxdusqcB4ad4ox6aE2ghSFxRQ3MElK0STCtN65AlKd8
-> ssh-ed25519 S+dwQQ AhVo9/MEPtEc8JqAvW8PxmVHPaVf2vyJjz/2DN8C9HY -> ssh-ed25519 S+dwQQ 3vSuLSzdWoQLVqJ02cB1rJPP1Cv1bawD6aKpmthfNwY
GbwL6xaEW0odeap37KDlCswK7PFsULYAoSjvb6oqVjE XSMaXG0dqcVtSWZZ64qKbmWBCPjcoFQDawr4euGYAdg
-> ssh-ed25519 ffmsLw iGaG+Ee3Zpa6dY8ZEN8mgUxj4CwufnBBypxOrUmKvXM -> ssh-ed25519 ffmsLw EIBfN2nt0+JXJb1RgOx6mvhGqFePpTyKXPqN4nfb2g4
JkiSWVQ+eY0yegEXprWAvuh3CBCJzEs8og2yXLMBYIU ZTspMuw8Mrru3kpHhSDIOeAE0f9YtE5UylB2llhjXtI
--- ndbarJZU8KYlzxybpyTvoU2B9Fnu3maf4sqbBFlsJ7I --- 579tsTYYUv0O4FJ9lbtRG9GV4faV4qFC/ErzDicBhfE
•aúYqÿ~ð:+Âî©“5lÉC” ^Ð*yï]ÌnÁ5£Mý(cë>NaÎùD'Â>e„©@t¿Hi2ÏÎ(HŒ  šÿœê™Ž¥¡(_ؘrèÄjáóÈGzP3A矡ÄFÃ8É”zÆPüÍ"RìLÑgë<»2ãâÔÛõ*D×euqXv¦|¸zµÃÔ,»}ò êËR"”7Fstl|ö† aJ~ʶAdÌI0öK:AÑééŽØkº<6B> ¾gÏ­•4ϧTôÅ/ @íÐ#­<C2AD>­$|P7¦ûG^š½:
»ò(ô¨÷<C2A8>üúëª>j—+˜ÔË<C394>ʦɿóÔ€êžk€¶¹#i.«àºˆ?O=m 7|ŸÛ­Åýf¸zR<7A>
”Ä-âØGD K+iÈ;îóø¨k©oJ<ü#F=