Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

format the repo files

Browse Source
This commit is contained in:
Kabbone
2026-04-26 10:27:50 +02:00
parent 92fd97c9a2
commit b319cd93e9
116 changed files with 4726 additions and 4247 deletions
Download Patch File Download Diff File Expand all files Collapse all files

302
modules/desktop/default.nix
View File

@@ -28,29 +28,31 @@
#
# myDesktop.extraSystemPackages = with pkgs; [ some-tool ];
#
{ config, lib, pkgs, inputs, user, ... }:
let
cfg = config.myDesktop;
in
{
config,
lib,
pkgs,
inputs,
user,
...
}: let
cfg = config.myDesktop;
in {
# Hardware modules that are always useful on desktops (bluetooth, …)
imports = (import ../hardware);
imports = import ../hardware;
# ── Options ──────────────────────────────────────────────────────────────
options.myDesktop = with lib; {
windowManager = mkOption {
type = types.enum [ "niri" "sway" "kde" ];
default = "niri";
type = types.enum ["niri" "sway" "kde"];
default = "niri";
description = "Window manager / desktop environment for this host.";
};
cpu = mkOption {
type = types.enum [ "amd" "intel" "none" ];
default = "none";
type = types.enum ["amd" "intel" "none"];
default = "none";
description = "CPU type selects the matching KVM kernel parameters.";
};
@@ -58,42 +60,44 @@ in
mkEnableOption "virtualisation stack (podman/docker-compat, qemu/libvirt, virt-manager)";
syncthing = {
enable = mkEnableOption "syncthing continuous file synchronisation";
enable = mkEnableOption "syncthing continuous file synchronisation";
devices = mkOption {
type = types.attrs;
type = types.attrs;
default = {};
example = literalExpression
example =
literalExpression
''{ "jupiter.home.example.de" = { id = "XXXXX-XXXXX-XXXXX-..."; }; }'';
description = "Syncthing peer devices.";
};
folders = mkOption {
type = types.attrs;
type = types.attrs;
default = {};
example = literalExpression
example =
literalExpression
''{ "Sync" = { path = "/home/user/Sync"; devices = [ "jupiter" ]; ignorePerms = false; }; }'';
description = "Syncthing shared folders.";
};
};
openrgb = {
enable = mkEnableOption "OpenRGB RGB motherboard control";
enable = mkEnableOption "OpenRGB RGB motherboard control";
motherboard = mkOption {
type = types.str;
default = "amd";
type = types.str;
default = "amd";
description = "Motherboard vendor string passed to OpenRGB (amd or intel).";
};
};
laptop = {
enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)";
lidSwitch = mkOption {
type = types.str;
default = "suspend-then-hibernate";
enable = mkEnableOption "laptop-specific settings (lid-switch, hibernate delay)";
lidSwitch = mkOption {
type = types.str;
default = "suspend-then-hibernate";
description = "systemd-logind action on lid close.";
};
hibernateDelaySec = mkOption {
type = types.str;
default = "1h";
hibernateDelaySec = mkOption {
type = types.str;
default = "1h";
description = "Delay before transitioning from suspend to hibernate.";
};
};
@@ -101,20 +105,20 @@ in
nitrokey.enable = mkEnableOption "Nitrokey hardware security key support";
niri.hotkeyVariant = mkOption {
type = types.enum [ "default" "lifebook" ];
default = "default";
type = types.enum ["default" "lifebook"];
default = "default";
description = "Niri hotkey variant to deploy selects binds/<variant>.kdl.";
};
git.signingKey = mkOption {
type = types.str;
default = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
type = types.str;
default = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
description = "SSH key used for git commit signing on this host.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
};
@@ -122,15 +126,23 @@ in
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base desktop config (replaces configuration_desktop.nix) ───────────
{
users.users.${user} = {
isNormalUser = true;
uid = 2000;
extraGroups = [
"wheel" "video" "audio" "camera" "networkmanager"
"lp" "kvm" "libvirtd" "adb" "dialout" "tss"
uid = 2000;
extraGroups = [
"wheel"
"video"
"audio"
"camera"
"networkmanager"
"lp"
"kvm"
"libvirtd"
"adb"
"dialout"
"tss"
];
};
@@ -138,7 +150,7 @@ in
pam.services.login.enableGnomeKeyring = true;
# swaylock PAM is harmless on non-sway WMs
pam.services.swaylock = {};
rtkit.enable = true;
rtkit.enable = true;
};
environment.systemPackages = with pkgs;
@@ -157,37 +169,37 @@ in
ausweisapp
e2fsprogs
orca-slicer
]
]
++ cfg.extraSystemPackages;
nixpkgs.config.permittedInsecurePackages = [ "mbedtls-2.28.10" ];
nixpkgs.config.permittedInsecurePackages = ["mbedtls-2.28.10"];
services = {
pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
enable = true;
alsa.enable = true;
pulse.enable = true;
wireplumber.enable = true;
};
pcscd.enable = true;
pcscd.enable = true;
yubikey-agent.enable = true;
udev.packages = with pkgs; [ yubikey-personalization nitrokey-udev-rules ];
flatpak.enable = true;
gvfs.enable = true;
fwupd.enable = true;
blueman.enable = true;
udev.packages = with pkgs; [yubikey-personalization nitrokey-udev-rules];
flatpak.enable = true;
gvfs.enable = true;
fwupd.enable = true;
blueman.enable = true;
avahi = {
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
enable = true;
nssmdns4 = true;
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
programs.dconf.enable = true;
programs.dconf.enable = true;
system.autoUpgrade.enable = false;
home-manager.users.${user}.programs.git.signing.key =
@@ -226,20 +238,18 @@ in
services = {
iio-niri.enable = false;
greetd = {
enable = true;
useTextGreeter = true;
settings.default_session.command =
"${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
enable = true;
useTextGreeter = true;
settings.default_session.command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
};
tuned.enable = true;
tuned.enable = true;
upower.enable = true;
};
programs = {
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword =
"${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
# Noctalia shell + niri home config via home-manager
@@ -253,7 +263,7 @@ in
../wm/niri/binds/${cfg.niri.hotkeyVariant}.kdl;
services = {
mako.enable = true;
mako.enable = true;
polkit-gnome.enable = true;
};
@@ -261,37 +271,60 @@ in
fuzzel.enable = true;
noctalia-shell = {
enable = true;
enable = true;
settings = {
appLauncher.terminalCommand = "alacritty -e";
bar = {
density = "compact";
position = "top";
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{ id = "ControlCenter"; useDistroLogo = true; }
{ hideUnoccupied = false; id = "Workspace";
labelMode = "index"; showApplications = true; }
{ id = "ActiveWindow"; }
{
id = "ControlCenter";
useDistroLogo = true;
}
{
hideUnoccupied = false;
id = "Workspace";
labelMode = "index";
showApplications = true;
}
{id = "ActiveWindow";}
];
center = [
{ formatHorizontal = "HH:mm\\ndd-MM-yy";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true; }
{
formatHorizontal = "HH:mm\\ndd-MM-yy";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true;
}
];
right = [
{ id = "MediaMini"; }
{ id = "SystemMonitor"; showNetworkStats = true; compactMode = false; }
{ id = "WiFi"; }
{ id = "Bluetooth"; }
{ id = "Battery"; displayMode = "icon-always"; hideIfNotDetected = true; }
{ id = "Volume"; displayMode = "alwaysShow"; }
{ id = "NotificationHistory"; hideWhenZero = true; }
{ id = "Tray"; }
{id = "MediaMini";}
{
id = "SystemMonitor";
showNetworkStats = true;
compactMode = false;
}
{id = "WiFi";}
{id = "Bluetooth";}
{
id = "Battery";
displayMode = "icon-always";
hideIfNotDetected = true;
}
{
id = "Volume";
displayMode = "alwaysShow";
}
{
id = "NotificationHistory";
hideWhenZero = true;
}
{id = "Tray";}
];
};
};
@@ -299,22 +332,22 @@ in
colorSchemes.predefinedScheme = "Catppuccin";
general = {
avatarImage = "/home/${user}/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
avatarImage = "/home/${user}/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
};
location = {
monthBeforeDay = true;
name = "Munich, Germany";
monthBeforeDay = true;
name = "Munich, Germany";
showWeekNumberInCalendar = true;
firstDayOfWeek = 0;
firstDayOfWeek = 0;
};
wallpaper = {
enabled = true;
enabled = true;
overviewEnabled = false;
directory = "/home/${user}/.setup/modules/themes/";
directory = "/home/${user}/.setup/modules/themes/";
};
brightness = {
@@ -323,26 +356,26 @@ in
};
controlCenter.shortcuts.left = [
{ id = "WiFi"; }
{ id = "Bluetooth"; }
{ id = "ScreenRecorder"; }
{ id = "PowerProfile"; }
{ id = "KeepAwake"; }
{id = "WiFi";}
{id = "Bluetooth";}
{id = "ScreenRecorder";}
{id = "PowerProfile";}
{id = "KeepAwake";}
];
dock.enabled = false;
dock.enabled = false;
sessionMenu.enableCountdown = false;
templates = {
fuzzel = true;
fuzzel = true;
alacritty = true;
qt = true;
gtk = true;
discord = true;
code = true;
qt = true;
gtk = true;
discord = true;
code = true;
telegram = true;
niri = true;
firefox = true;
niri = true;
firefox = true;
};
};
};
@@ -379,7 +412,7 @@ in
programs = {
sway = {
enable = true;
enable = true;
extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND="1"
export MOZ_WEBRENDER="1"
@@ -390,19 +423,18 @@ in
'';
};
ssh.enableAskPassword = true;
ssh.askPassword =
"${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
xdg.portal = {
enable = true;
wlr.enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
enable = true;
wlr.enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
home-manager.users.${user}.imports = [
../wm/sway/home.nix
../wm/waybar.nix # sway uses waybar for the bar
../wm/waybar.nix # sway uses waybar for the bar
];
})
@@ -417,36 +449,36 @@ in
programs.ssh = {
enableAskPassword = true;
askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
};
services = {
packagekit.enable = true;
desktopManager.plasma6.enable = true;
udev.packages = with pkgs; [ gnome-settings-daemon ];
packagekit.enable = true;
desktopManager.plasma6.enable = true;
udev.packages = with pkgs; [gnome-settings-daemon];
};
qt.platformTheme = "kde";
home-manager.users.${user}.imports = [ ../wm/kde/home.nix ];
home-manager.users.${user}.imports = [../wm/kde/home.nix];
})
# ── Virtualisation (podman/docker-compat + qemu/libvirt) ───────────────
(lib.mkIf cfg.virtualisation.enable {
users.groups = {
docker.members = [ user ];
libvirtd.members = [ "root" user ];
docker.members = [user];
libvirtd.members = ["root" user];
};
virtualisation = {
podman = {
enable = true;
enable = true;
autoPrune.enable = true;
dockerCompat = true;
dockerCompat = true;
};
libvirtd = {
enable = true;
onShutdown = "shutdown";
enable = true;
onShutdown = "shutdown";
qemu.runAsRoot = false;
};
spiceUSBRedirection.enable = true;
@@ -482,13 +514,13 @@ in
# ── Syncthing ──────────────────────────────────────────────────────────
(lib.mkIf cfg.syncthing.enable {
services.syncthing = {
enable = true;
group = "users";
user = user;
dataDir = "/home/${user}/Sync";
configDir = "/home/${user}/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
enable = true;
group = "users";
user = user;
dataDir = "/home/${user}/Sync";
configDir = "/home/${user}/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
settings = {
devices = cfg.syncthing.devices;
@@ -500,15 +532,14 @@ in
# ── OpenRGB ────────────────────────────────────────────────────────────
(lib.mkIf cfg.openrgb.enable {
services.hardware.openrgb = {
enable = true;
enable = true;
motherboard = cfg.openrgb.motherboard;
};
})
# ── Laptop ─────────────────────────────────────────────────────────────
(lib.mkIf cfg.laptop.enable {
systemd.sleep.extraConfig =
"HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
systemd.sleep.extraConfig = "HibernateDelaySec=${cfg.laptop.hibernateDelaySec}";
services.logind.settings.Login.HandleLidSwitch =
cfg.laptop.lidSwitch;
})
@@ -517,6 +548,5 @@ in
(lib.mkIf cfg.nitrokey.enable {
hardware.nitrokey.enable = true;
})
];
}

1
modules/editors/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix *
# └─ ...
#
[
./nvim
]

21
modules/editors/nvim/config/default.nix
View File

@@ -1,16 +1,15 @@
{ nvim, ... }:
{
{nvim, ...}: {
# Import all your configuration modules here
programs.nixvim = {
enable = true;
colorschemes.gruvbox.enable = true;
enable = true;
colorschemes.gruvbox.enable = true;
imports = [
./bufferline.nix
./plugins.nix
./options.nix
./keymaps.nix
./highlight.nix
];
imports = [
./bufferline.nix
./plugins.nix
./options.nix
./keymaps.nix
./highlight.nix
];
};
}

18
modules/editors/nvim/config/options.nix
View File

@@ -1,14 +1,14 @@
{
config = {
globals.mapleader = " ";
viAlias = true;
vimAlias = true;
config = {
globals.mapleader = " ";
viAlias = true;
vimAlias = true;
opts = {
number = true; # Show line numbers
relativenumber = true; # Show relative line numbers
opts = {
number = true; # Show line numbers
relativenumber = true; # Show relative line numbers
shiftwidth = 2; # Tab width should be 2
};
shiftwidth = 2; # Tab width should be 2
};
};
}

90
modules/editors/nvim/config/plugins.nix
View File

@@ -1,51 +1,51 @@
{
plugins = {
lualine.enable = true;
plugins = {
lualine.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{name = "nvim_lsp";}
{name = "path";}
{name = "buffer";}
{name = "luasnip";}
];
cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{name = "nvim_lsp";}
{name = "path";}
{name = "buffer";}
{name = "luasnip";}
];
mapping = {
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
};
};
mapping = {
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
};
lsp = {
enable = true;
servers = {
tsserver.enable = true;
lua-ls = {
enable = true;
settings.telemetry.enable = false;
};
# rust-analyzer = {
# enable = true;
# installCargo = true;
# };
};
};
telescope.enable = true;
treesitter.enable = true;
luasnip.enable = true;
};
};
lsp = {
enable = true;
servers = {
tsserver.enable = true;
lua-ls = {
enable = true;
settings.telemetry.enable = false;
};
# rust-analyzer = {
# enable = true;
# installCargo = true;
# };
};
};
telescope.enable = true;
treesitter.enable = true;
luasnip.enable = true;
};
}

279
modules/editors/nvim/default.nix
View File

@@ -1,13 +1,9 @@
#
# Neovim
#
{ pkgs, ... }:
{
{pkgs, ...}: {
home = {
packages = [ pkgs.gnvim ];
packages = [pkgs.gnvim];
};
programs = {
@@ -20,145 +16,144 @@
withRuby = true;
withPython3 = true;
# plugins = with pkgs.vimPlugins; [
#
# # Syntax
# #vim-nix
# #vim-markdown
#
# # Quality of life
# vim-lastplace # Opens document where you left it
# auto-pairs # Print double quotes/brackets/etc.
# vim-gitgutter # See uncommitted changes of file :GitGutterEnable
#
# # File Tree
# nerdtree # File Manager - set in extraConfig to F6
#
# # Customization
# wombat256-vim # Color scheme for lightline
# srcery-vim # Color scheme for text
#
# lightline-vim # Info bar at bottom
# indent-blankline-nvim # Indentation lines
#
# # Syntax
# nvim-treesitter.withAllGrammars
# # finder
# telescope-nvim
# # completion
# nvim-cmp
# # status line
# lualine-nvim
# # indent
# indent-blankline-nvim
# ];
# plugins = with pkgs.vimPlugins; [
#
# # Syntax
# #vim-nix
# #vim-markdown
#
# # Quality of life
# vim-lastplace # Opens document where you left it
# auto-pairs # Print double quotes/brackets/etc.
# vim-gitgutter # See uncommitted changes of file :GitGutterEnable
#
# # File Tree
# nerdtree # File Manager - set in extraConfig to F6
#
# # Customization
# wombat256-vim # Color scheme for lightline
# srcery-vim # Color scheme for text
#
# lightline-vim # Info bar at bottom
# indent-blankline-nvim # Indentation lines
#
# # Syntax
# nvim-treesitter.withAllGrammars
# # finder
# telescope-nvim
# # completion
# nvim-cmp
# # status line
# lualine-nvim
# # indent
# indent-blankline-nvim
# ];
# extraPackages = with pkgs; [
# ripgrep
# fd
# nodejs
# nodePackages.npm
# ];
# extraPackages = with pkgs; [
# ripgrep
# fd
# nodejs
# nodePackages.npm
# ];
# extraConfig = ''
# set expandtab
# set shiftwidth=4
# set tabstop=4
# '';
# extraConfig = ''
# set expandtab
# set shiftwidth=4
# set tabstop=4
# '';
# extraLuaConfig = ''
# vim.g.mapleader = ' '
# vim.g.maplocalleader = ' '
#
# -- Set highlight on search
# vim.o.hlsearch = false
#
# -- Make line numbers default
# vim.wo.number = true
#
# -- Enable mouse mode
# vim.o.mouse = 'a'
#
# -- Sync clipboard between OS and Neovim.
# -- Remove this option if you want your OS clipboard to remain independent.
# -- See `:help 'clipboard'`
# vim.o.clipboard = 'unnamedplus'
#
# -- Enable break indent
# vim.o.breakindent = true
#
# -- Save undo history
# vim.o.undofile = true
#
# -- Case insensitive searching UNLESS /C or capital in search
# vim.o.ignorecase = true
# vim.o.smartcase = true
#
# -- Keep signcolumn on by default
# vim.wo.signcolumn = 'yes'
#
# -- Decrease update time
# vim.o.updatetime = 250
# vim.o.timeout = true
# vim.o.timeoutlen = 300
#
# -- Set completeopt to have a better completion experience
# vim.o.completeopt = 'menuone,noselect'
#
# -- NOTE: You should make sure your terminal supports this
# vim.o.termguicolors = true
#
# -- [[ Highlight on yank ]]
# -- See `:help vim.highlight.on_yank()`
# local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true })
# vim.api.nvim_create_autocmd('TextYankPost', {
# callback = function()
# vim.highlight.on_yank()
# end,
# group = highlight_group,
# pattern = '*',
# })
#
# -- [[ Configure Telescope ]]
# -- See `:help telescope` and `:help telescope.setup()`
# require('telescope').setup {
# defaults = {
# mappings = {
# i = {
# ['<C-u>'] = false,
# ['<C-d>'] = false,
# },
# },
# },
# }
#
# -- Enable telescope fzf native, if installed
# pcall(require('telescope').load_extension, 'fzf')
#
# -- See `:help telescope.builtin`
# vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' })
# vim.keymap.set('n', '<leader><space>', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' })
# vim.keymap.set('n', '<leader>/', function()
# -- You can pass additional configuration to telescope to change theme, layout, etc.
# require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown {
# winblend = 10,
# previewer = false,
# })
# end, { desc = '[/] Fuzzily search in current buffer' })
#
# vim.keymap.set('n', '<leader>gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' })
# vim.keymap.set('n', '<leader>sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' })
# vim.keymap.set('n', '<leader>sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' })
# vim.keymap.set('n', '<leader>sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' })
# vim.keymap.set('n', '<leader>sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' })
# vim.keymap.set('n', '<leader>sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' })
# require("indent_blankline").setup {
# -- for example, context is off by default, use this to turn it on
# show_current_context = true,
# show_current_context_start = true,
# }
# '';
# extraLuaConfig = ''
# vim.g.mapleader = ' '
# vim.g.maplocalleader = ' '
#
# -- Set highlight on search
# vim.o.hlsearch = false
#
# -- Make line numbers default
# vim.wo.number = true
#
# -- Enable mouse mode
# vim.o.mouse = 'a'
#
# -- Sync clipboard between OS and Neovim.
# -- Remove this option if you want your OS clipboard to remain independent.
# -- See `:help 'clipboard'`
# vim.o.clipboard = 'unnamedplus'
#
# -- Enable break indent
# vim.o.breakindent = true
#
# -- Save undo history
# vim.o.undofile = true
#
# -- Case insensitive searching UNLESS /C or capital in search
# vim.o.ignorecase = true
# vim.o.smartcase = true
#
# -- Keep signcolumn on by default
# vim.wo.signcolumn = 'yes'
#
# -- Decrease update time
# vim.o.updatetime = 250
# vim.o.timeout = true
# vim.o.timeoutlen = 300
#
# -- Set completeopt to have a better completion experience
# vim.o.completeopt = 'menuone,noselect'
#
# -- NOTE: You should make sure your terminal supports this
# vim.o.termguicolors = true
#
# -- [[ Highlight on yank ]]
# -- See `:help vim.highlight.on_yank()`
# local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true })
# vim.api.nvim_create_autocmd('TextYankPost', {
# callback = function()
# vim.highlight.on_yank()
# end,
# group = highlight_group,
# pattern = '*',
# })
#
# -- [[ Configure Telescope ]]
# -- See `:help telescope` and `:help telescope.setup()`
# require('telescope').setup {
# defaults = {
# mappings = {
# i = {
# ['<C-u>'] = false,
# ['<C-d>'] = false,
# },
# },
# },
# }
#
# -- Enable telescope fzf native, if installed
# pcall(require('telescope').load_extension, 'fzf')
#
# -- See `:help telescope.builtin`
# vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' })
# vim.keymap.set('n', '<leader><space>', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' })
# vim.keymap.set('n', '<leader>/', function()
# -- You can pass additional configuration to telescope to change theme, layout, etc.
# require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown {
# winblend = 10,
# previewer = false,
# })
# end, { desc = '[/] Fuzzily search in current buffer' })
#
# vim.keymap.set('n', '<leader>gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' })
# vim.keymap.set('n', '<leader>sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' })
# vim.keymap.set('n', '<leader>sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' })
# vim.keymap.set('n', '<leader>sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' })
# vim.keymap.set('n', '<leader>sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' })
# vim.keymap.set('n', '<leader>sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' })
# require("indent_blankline").setup {
# -- for example, context is off by default, use this to turn it on
# show_current_context = true,
# show_current_context_start = true,
# }
# '';
};
};
}

13
modules/hardware/backup.nix
View File

@@ -1,17 +1,18 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.btrbk = {
sshAccess = [
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ];
roles = ["source" "info" "send"];
}
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = [ "target" "info" "receive" "delete" ];
roles = ["target" "info" "receive" "delete"];
}
];
};

7
modules/hardware/bluetooth.nix
View File

@@ -1,13 +1,10 @@
#
# Bluetooth
#
{ pkgs, ... }:
{
{pkgs, ...}: {
hardware.bluetooth = {
enable = true;
hsphfpd.enable = false; # HSP & HFP daemon
hsphfpd.enable = false; # HSP & HFP daemon
settings = {
General = {
Enable = "Source,Sink,Media,Socket";

11
modules/hardware/hydraCache.nix
View File

@@ -1,12 +1,14 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
nix = {
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
];
extra-substituters = [
"https://cache.home.opel-online.de"
@@ -15,5 +17,4 @@
];
};
};
}

11
modules/hardware/remoteBuilder.nix
View File

@@ -1,10 +1,13 @@
{ pkgs, config, ... }:
{
users.users.nixremote = { # System User
pkgs,
config,
...
}: {
users.users.nixremote = {
# System User
isSystemUser = true;
group = "nixremote";
extraGroups = [ "kvm" ];
extraGroups = ["kvm"];
uid = 1001;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"

34
modules/hardware/remoteClient.nix
View File

@@ -1,20 +1,24 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
nix = {
distributedBuilds = false;
buildMachines = [ {
hostName = "hades";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "big-parallel" ];
sshUser = "nixremote";
sshKey = config.age.secrets."keys/nixremote".path;
maxJobs = 1;
speedFactor = 4;
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng";
} ];
buildMachines = [
{
hostName = "hades";
system = "x86_64-linux";
supportedFeatures = ["kvm" "big-parallel"];
sshUser = "nixremote";
sshKey = config.age.secrets."keys/nixremote".path;
maxJobs = 1;
speedFactor = 4;
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng";
}
];
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
@@ -24,7 +28,7 @@
];
};
};
age.secrets."keys/nixremote" = {
file = ../../secrets/keys/nixremote.age;
owner = "root";

78
modules/home.nix
View File

@@ -1,31 +1,75 @@
{ lib, options, ... }:
{
lib,
options,
...
}: {
options = with lib; {
cmds = {
shell = mkOption { type = types.str; default = "zsh"; };
fetch = mkOption { type = types.str; default = "hyfetch"; };
editor = mkOption { type = types.str; default = "nvim"; };
shell = mkOption {
type = types.str;
default = "zsh";
};
fetch = mkOption {
type = types.str;
default = "hyfetch";
};
editor = mkOption {
type = types.str;
default = "nvim";
};
wm = mkOption { type = types.str; default = "sway"; };
wm = mkOption {
type = types.str;
default = "sway";
};
terminal = mkOption { type = types.str; default = "alacritty"; };
menu = mkOption { type = types.str; default = "rofi -show drun -show-icons"; };
terminal = mkOption {
type = types.str;
default = "alacritty";
};
menu = mkOption {
type = types.str;
default = "rofi -show drun -show-icons";
};
lock = mkOption { type = types.str; default = "locksway"; };
lock = mkOption {
type = types.str;
default = "locksway";
};
notifications = {
volume = mkOption { type = types.str; default = "volume-notify"; };
brightness = mkOption { type = types.str; default = "brightness-notify"; };
volume = mkOption {
type = types.str;
default = "volume-notify";
};
brightness = mkOption {
type = types.str;
default = "brightness-notify";
};
};
};
is-wayland = mkOption { type = types.bool; default = true; };
is-wayland = mkOption {
type = types.bool;
default = true;
};
theme = {
theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
font = mkOption { type = types.str; default = "Cascadia Code 11"; };
wallpaper = mkOption { type = types.str; default = ""; };
theme = mkOption {
type = types.str;
default = "catppuccin-mocha";
};
icon-theme = mkOption {
type = types.str;
default = "Papirus-Dark";
};
font = mkOption {
type = types.str;
default = "Cascadia Code 11";
};
wallpaper = mkOption {
type = types.str;
default = "";
};
};
};
}

41
modules/kabbone/corosync-qdevice.nix
View File

@@ -4,20 +4,18 @@
pkgs,
pkgs-kabbone,
...
}:
let
}: let
cfg = config.services.corosync-qnetd;
dataDir = "/var/run/corosync-qnetd";
in
{
in {
# interface
options.services.corosync-qnetd = {
enable = lib.mkEnableOption "corosync-qnetd";
package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" { };
package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" {};
extraOptions = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
default = [];
description = "Additional options with which to start corosync-qnetd.";
};
};
@@ -26,7 +24,7 @@ in
# implementation
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
environment.systemPackages = [cfg.package];
users.users.coroqnetd = {
isSystemUser = true;
@@ -35,23 +33,22 @@ in
description = "Corosync-qnetd Service User";
};
users.groups.coroqnetd = { };
users.groups.coroqnetd = {};
# environment.etc."corosync/corosync-qnetd.conf".text = ''
# totem {
# version: 2
# secauth: on
# cluster_name: ${cfg.clusterName}
# transport: knet
# }
# environment.etc."corosync/corosync-qnetd.conf".text = ''
# totem {
# version: 2
# secauth: on
# cluster_name: ${cfg.clusterName}
# transport: knet
# }
# logging {
# to_syslog: yes
# }
# '';
# logging {
# to_syslog: yes
# }
# '';
systemd.packages = [ cfg.package ];
systemd.packages = [cfg.package];
systemd.services.corosync-qnetd = {
serviceConfig = {
User = "coroqnetd";
@@ -60,7 +57,7 @@ in
};
};
environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != [ ]) ''
environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != []) ''
COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}"
'';
};

37
modules/kabbone/mautrix-whatsapp.nix
View File

@@ -3,14 +3,13 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.services.kabbone_mautrix-whatsapp;
dataDir = "/var/lib/mautrix-whatsapp";
registrationFile = "${dataDir}/whatsapp-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
settingsFormat = pkgs.formats.json { };
settingsFormat = pkgs.formats.json {};
appservicePort = 29318;
# to be used with a list of lib.mkIf values
@@ -47,8 +46,8 @@ let
username_template = "whatsapp_{{.}}";
};
double_puppet = {
servers = { };
secrets = { };
servers = {};
secrets = {};
};
# By default, the following keys/secrets are set to `generate`. This would break when the service
# is restarted, since the previously generated configuration will be overwritten everytime.
@@ -66,13 +65,11 @@ let
};
};
};
in
{
in {
options.services.kabbone_mautrix-whatsapp = {
enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
package = lib.mkPackageOption pkgs "mautrix-whatsapp" { };
package = lib.mkPackageOption pkgs "mautrix-whatsapp" {};
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
@@ -159,7 +156,6 @@ in
};
config = lib.mkIf cfg.enable {
users.users.mautrix-whatsapp = {
isSystemUser = true;
group = "mautrix-whatsapp";
@@ -167,19 +163,18 @@ in
description = "Mautrix-Whatsapp bridge user";
};
users.groups.mautrix-whatsapp = { };
users.groups.mautrix-whatsapp = {};
services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [ registrationFile ];
settings.app_service_config_files = [registrationFile];
};
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ];
serviceConfig.SupplementaryGroups = ["mautrix-whatsapp"];
};
# Note: this is defined here to avoid the docs depending on `config`
services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
with config.services;
[
with config.services; [
(lib.mkIf matrix-synapse.enable (mkDefaults {
domain = matrix-synapse.settings.server_name;
}))
@@ -193,11 +188,11 @@ in
systemd.services.kabbone_mautrix-whatsapp = {
description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
wantedBy = ["multi-user.target"];
wants = ["network-online.target"] ++ cfg.serviceDependencies;
after = ["network-online.target"] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages
path = [ pkgs.ffmpeg-headless ];
path = [pkgs.ffmpeg-headless];
preStart = ''
# substitute the settings file by environment variables
@@ -263,11 +258,11 @@ in
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
SystemCallFilter = ["@system-service"];
Type = "simple";
UMask = 27;
};
restartTriggers = [ settingsFileUnsubstituted ];
restartTriggers = [settingsFileUnsubstituted];
};
};
meta = {

3
modules/programs/configs/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix *
# └─ ...
#
[
./mpv.nix
./mpv.nix
]

17
modules/programs/configs/mpv.nix
View File

@@ -9,17 +9,14 @@
# └─ ./configs
# └─ mpv.nix *
#
{ pkgs, ... }:
{
{pkgs, ...}: {
home.file = {
".config/mpv/mpv.conf".text = ''
hwdec=vaapi
vo=gpu
hwdec-codecs=all
gpu-context=wayland
#profile=gpu-hq
'';
hwdec=vaapi
vo=gpu
hwdec-codecs=all
gpu-context=wayland
#profile=gpu-hq
'';
};
}

299
modules/programs/firefox.nix
View File

@@ -1,12 +1,11 @@
#
# Firefox Brower Emulator
#
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
#home.packages = [ pkgs.firefox-wayland ];
programs = {
@@ -14,155 +13,155 @@
enable = true;
configPath = "${config.xdg.configHome}/mozilla/firefox";
#package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
#forceWayland = true;
#forceWayland = true;
# extraPolicies = {
# ExtensionSettings = {};
# };
#};
# package = pkgs.firefox-wayland;
# profiles.kabbone = {
# #id = 271987;
# name = "kabbone";
# isDefault = true;
# settings = {
# "media.ffmpeg.vaapi.enabled" = true;
# "gfx.webrender.all" = true;
# "browser.contentblocking.category" = "strict";
# "browser.search.region" = "DE";
# "extensions.active.ThemeID" = "dreamer-bold-colorway@mozilla.org";
# "media.autoplay.default" = 0;
# "security.enterprise_roots.enabled" = true;
# "widget.gtk.overlay-scrollbars.enabled" = true;
# "signon.rememberSignons" = false;
# "extensions.formautofill.creditCards.enabled" = false;
# "datareporting.healthreport.uploadEnabled" = false;
# "browser.urlbar.placeholderName" = "DuckDuckGo";
# "browser.urlbar.placeholderName.private" = "DuckDuckGo";
# "browser.theme.toolbar-theme" = 0;
# };
#
# userChrome = ''
# /* Hide tab bar in FF Quantum */
# @-moz-document url("chrome://browser/content/browser.xul") {
# #TabsToolbar {
# visibility: collapse !important;
# margin-bottom: 21px !important;
# }
#
# #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
# visibility: collapse !important;
# }
# }
# '';
#
# search = {
# engines = {
# "Nix Packages" = {
# urls = [{
# template = "https://search.nixos.org/packages";
# params = [
# { name = "type"; value = "packages"; }
# { name = "query"; value = "{searchTerms}"; }
# ];
# }];
#
# icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
# definedAliases = [ "@np" ];
# };
#
# "NixOS Wiki" = {
# urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
# iconUpdateURL = "https://nixos.wiki/favicon.png";
# updateInterval = 24 * 60 * 60 * 1000; # every day
# definedAliases = [ "@nw" ];
# };
# };
#
# order = [ "DuckDuckGo" ];
# default = "DuckDuckGo";
# };
#
# bookmarks = [
# {
# name = "Kabtop Nextcloud";
# url = "https://cloud.kabtop.de/";
# }
# {
# name = "Home Assistant";
# url = "https://hass.home.opel-online.de/";
# }
# {
# name = "Netflix";
# url = "https://netflix.com/browse";
# }
# {
# name = "YouTube";
# url = "https://youtube.com/";
# }
# {
# name = "Kicker";
# url = "https://kicker.de/";
# }
# {
# name = "Chilloutzone";
# url = "https://chilloutzone.net/";
# }
# {
# name = "myDealZ";
# url = "https://mydealz.de/";
# }
# {
# name = "Kabtop Git";
# url = "https://git.kabtop.de/";
# }
# {
# name = "Spotify";
# url = "https://open.spotify.com/";
# }
# {
# name = "Tech";
# bookmarks = [
# {
# name = "Golem";
# url = "https://golem.de/";
# }
# {
# name = "Heise";
# url = "https://heise.de/";
# }
# {
# name = "Phoronix";
# url = "https://phoronix.com/";
# }
# ];
# }
# {
# name = "Foren";
# bookmarks = [
# {
# name = "Archlinux-en";
# url = "https://archlinux.org/";
# }
# {
# name = "Archlinux-ARM";
# url = "https://archlinuxarm.org/";
# }
# {
# name = "Archlinux-de";
# url = "https://archlinux.de/";
# }
# ];
# }
# ];
# };
#
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# honey
# keepassxc-browser
# multi-account-containers
# netflix-1080p
# ublock-origin
# ];
# package = pkgs.firefox-wayland;
# profiles.kabbone = {
# #id = 271987;
# name = "kabbone";
# isDefault = true;
# settings = {
# "media.ffmpeg.vaapi.enabled" = true;
# "gfx.webrender.all" = true;
# "browser.contentblocking.category" = "strict";
# "browser.search.region" = "DE";
# "extensions.active.ThemeID" = "dreamer-bold-colorway@mozilla.org";
# "media.autoplay.default" = 0;
# "security.enterprise_roots.enabled" = true;
# "widget.gtk.overlay-scrollbars.enabled" = true;
# "signon.rememberSignons" = false;
# "extensions.formautofill.creditCards.enabled" = false;
# "datareporting.healthreport.uploadEnabled" = false;
# "browser.urlbar.placeholderName" = "DuckDuckGo";
# "browser.urlbar.placeholderName.private" = "DuckDuckGo";
# "browser.theme.toolbar-theme" = 0;
# };
#
# userChrome = ''
# /* Hide tab bar in FF Quantum */
# @-moz-document url("chrome://browser/content/browser.xul") {
# #TabsToolbar {
# visibility: collapse !important;
# margin-bottom: 21px !important;
# }
#
# #sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
# visibility: collapse !important;
# }
# }
# '';
#
# search = {
# engines = {
# "Nix Packages" = {
# urls = [{
# template = "https://search.nixos.org/packages";
# params = [
# { name = "type"; value = "packages"; }
# { name = "query"; value = "{searchTerms}"; }
# ];
# }];
#
# icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
# definedAliases = [ "@np" ];
# };
#
# "NixOS Wiki" = {
# urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
# iconUpdateURL = "https://nixos.wiki/favicon.png";
# updateInterval = 24 * 60 * 60 * 1000; # every day
# definedAliases = [ "@nw" ];
# };
# };
#
# order = [ "DuckDuckGo" ];
# default = "DuckDuckGo";
# };
#
# bookmarks = [
# {
# name = "Kabtop Nextcloud";
# url = "https://cloud.kabtop.de/";
# }
# {
# name = "Home Assistant";
# url = "https://hass.home.opel-online.de/";
# }
# {
# name = "Netflix";
# url = "https://netflix.com/browse";
# }
# {
# name = "YouTube";
# url = "https://youtube.com/";
# }
# {
# name = "Kicker";
# url = "https://kicker.de/";
# }
# {
# name = "Chilloutzone";
# url = "https://chilloutzone.net/";
# }
# {
# name = "myDealZ";
# url = "https://mydealz.de/";
# }
# {
# name = "Kabtop Git";
# url = "https://git.kabtop.de/";
# }
# {
# name = "Spotify";
# url = "https://open.spotify.com/";
# }
# {
# name = "Tech";
# bookmarks = [
# {
# name = "Golem";
# url = "https://golem.de/";
# }
# {
# name = "Heise";
# url = "https://heise.de/";
# }
# {
# name = "Phoronix";
# url = "https://phoronix.com/";
# }
# ];
# }
# {
# name = "Foren";
# bookmarks = [
# {
# name = "Archlinux-en";
# url = "https://archlinux.org/";
# }
# {
# name = "Archlinux-ARM";
# url = "https://archlinuxarm.org/";
# }
# {
# name = "Archlinux-de";
# url = "https://archlinux.de/";
# }
# ];
# }
# ];
# };
#
# extensions = with pkgs.nur.repos.rycee.firefox-addons; [
# honey
# keepassxc-browser
# multi-account-containers
# netflix-1080p
# ublock-origin
# ];
};
};
}

76
modules/server/default.nix
View File

@@ -16,90 +16,91 @@
#
# myServer.extraSystemPackages = with pkgs; [ some-tool ];
#
{ config, lib, pkgs, user, ... }:
let
cfg = config.myServer;
in
{
config,
lib,
pkgs,
user,
...
}: let
cfg = config.myServer;
in {
# ── Options ──────────────────────────────────────────────────────────────
options.myServer = with lib; {
uid = mkOption {
type = types.int;
default = 3000;
type = types.int;
default = 3000;
description = "UID for the server user.";
};
sshPort = mkOption {
type = types.port;
default = 2220;
type = types.port;
default = 2220;
description = "Port openssh listens on.";
};
sudoRequiresPassword = mkOption {
type = types.bool;
default = true;
type = types.bool;
default = true;
description = "Whether wheel users must enter a password for sudo.";
};
autoUpgrade.enable = mkOption {
type = types.bool;
default = true;
type = types.bool;
default = true;
description = "Enable automatic NixOS upgrades (inherits flake URL from configuration_common.nix).";
};
virtualisation = {
enable = mkEnableOption "container/VM stack (podman with docker-compat, KVM tuning)";
cpu = mkOption {
type = types.enum [ "amd" "intel" "none" ];
default = "none";
cpu = mkOption {
type = types.enum ["amd" "intel" "none"];
default = "none";
description = "CPU type selects KVM kernel parameters when virtualisation is enabled.";
};
};
extraGroups = mkOption {
type = types.listOf types.str;
default = [];
type = types.listOf types.str;
default = [];
description = "Additional groups for the server user beyond the defaults.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
fail2ban = {
enable = mkEnableOption "fail2ban intrusion prevention";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base server config ────────────────────────────────────────────────
{
users.users.${user} = {
isNormalUser = true;
uid = cfg.uid;
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ] ++ cfg.extraGroups;
uid = cfg.uid;
extraGroups = ["wheel" "networkmanager" "kvm" "libvirtd"] ++ cfg.extraGroups;
};
security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword;
environment.systemPackages = with pkgs; [
ffmpeg
smartmontools
htop
] ++ cfg.extraSystemPackages;
environment.systemPackages = with pkgs;
[
ffmpeg
smartmontools
htop
]
++ cfg.extraSystemPackages;
services.openssh = {
ports = [ cfg.sshPort ];
ports = [cfg.sshPort];
openFirewall = true;
};
@@ -114,12 +115,12 @@ in
# ── Virtualisation (podman/docker-compat) ─────────────────────────────
(lib.mkIf cfg.virtualisation.enable {
virtualisation.podman = {
enable = true;
enable = true;
autoPrune.enable = true;
dockerCompat = true;
dockerCompat = true;
};
users.groups.docker.members = [ user ];
users.groups.docker.members = [user];
})
# ── KVM AMD ─────────────────────────────────────────────────────────
@@ -141,11 +142,10 @@ in
# ── Fail2ban ──────────────────────────────────────────────────────────
(lib.mkIf cfg.fail2ban.enable {
services.fail2ban = {
enable = true;
maxretry = 5;
enable = true;
maxretry = 5;
jails.DEFAULT.settings.findtime = "15m";
};
})
];
}

5
modules/services/dmz/default.nix
View File

@@ -9,11 +9,10 @@
# └─ default.nix *
# └─ ...
#
[
./microvm.nix
# ./hydra.nix
# ./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

113
modules/services/dmz/gitea_runner.nix
View File

@@ -1,60 +1,63 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "192.168.101.1" ];
#containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
lib,
config,
pkgs,
...
}: {
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = ["192.168.101.1"];
#containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
homerunner = {
enable = true;
url = "https://git.kabtop.de";
name = "Homerunner";
tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
labels = [
"home"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
services.gitea-actions-runner.instances = {
homerunner = {
enable = true;
url = "https://git.kabtop.de";
name = "Homerunner";
tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
labels = [
"home"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/homerunner-token" = {
file = ../../../secrets/services/gitea/homerunner-token.age;
owner = "gitea-runner";
};
age.secrets."services/gitea/homerunner-token" = {
file = ../../../secrets/services/gitea/homerunner-token.age;
owner = "gitea-runner";
};
}

159
modules/services/dmz/hydra.nix
View File

@@ -1,91 +1,92 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.home.opel-online.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
lib,
config,
pkgs,
...
}: {
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.home.opel-online.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

120
modules/services/dmz/microvm.nix
View File

@@ -1,48 +1,55 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
imports =
[agenix.nixosModules.default]
++ [impermanence.nixosModules.impermanence]
++ [(./gitea_runner.nix)];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedUDPPorts = [];
allowedTCPPorts = [];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
users.users.${user} = {
# System User
isNormalUser = true;
extraGroups = [ "wheel" ];
extraGroups = ["wheel"];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
@@ -56,30 +63,32 @@ in
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
}
];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
systemPackages = with pkgs; [
# Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
@@ -100,27 +109,30 @@ in
vcpu = 4;
mem = 4096;
interfaces = [
{
type = "macvtap";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
macvtap = {
{
type = "macvtap";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
macvtap = {
link = "ens18";
mode = "bridge";
};
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
};
}
];
shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}
];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};

5
modules/services/kabtopci/default.nix
View File

@@ -9,11 +9,10 @@
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

111
modules/services/kabtopci/gitea_runner.nix
View File

@@ -1,59 +1,62 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
lib,
config,
pkgs,
...
}: {
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = ["8.8.8.8" "8.8.4.4"];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

144
modules/services/kabtopci/hydra.nix
View File

@@ -1,82 +1,84 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
lib,
config,
pkgs,
...
}: {
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

116
modules/services/kabtopci/microvm.nix
View File

@@ -1,48 +1,55 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
imports =
[agenix.nixosModules.default]
++ [impermanence.nixosModules.impermanence]
++ [(./gitea_runner.nix)];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedUDPPorts = [];
allowedTCPPorts = [];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
users.users.${user} = {
# System User
isNormalUser = true;
extraGroups = [ "wheel" ];
extraGroups = ["wheel"];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
@@ -56,30 +63,32 @@ in
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
}
];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
systemPackages = with pkgs; [
# Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
@@ -100,23 +109,26 @@ in
mem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
}
];
shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}
];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};

12
modules/services/keyring.nix
View File

@@ -1,14 +1,16 @@
#
# Screenshots
#
{ pkgs, user, ... }:
{
services = { # sxhkd shortcut = Printscreen button (Print)
pkgs,
user,
...
}: {
services = {
# sxhkd shortcut = Printscreen button (Print)
gnome-keyring = {
enable = true;
};
};
home.packages = with pkgs; [ gcr seahorse ];
home.packages = with pkgs; [gcr seahorse];
}

7
modules/services/kubemaster/default.nix
View File

@@ -9,11 +9,10 @@
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
# ./hydra.nix
# ./microvm.nix
# ./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

3
modules/services/nas/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix *
# └─ ...
#
[
./nfs.nix
./nginx.nix
@@ -17,6 +16,6 @@
./syncthing.nix
./paperless.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

23
modules/services/nas/nfs.nix
View File

@@ -1,18 +1,23 @@
{config, pkgs, lib, ...}: {
{
config,
pkgs,
lib,
...
}: {
# enable nfs
services.nfs.server = rec {
enable = true;
exports = ''
/export 192.168.2.0/24(rw,fsid=0,no_subtree_check)
/export/Pluto 192.168.2.0/24(rw,no_subtree_check)
/export/Mars 192.168.2.0/24(rw,no_subtree_check)
'';
createMountPoints = true;
enable = true;
exports = ''
/export 192.168.2.0/24(rw,fsid=0,no_subtree_check)
/export/Pluto 192.168.2.0/24(rw,no_subtree_check)
/export/Mars 192.168.2.0/24(rw,no_subtree_check)
'';
createMountPoints = true;
};
# open the firewall
networking.firewall = {
interfaces.ens18 = {
allowedTCPPorts = [ 2049 ];
allowedTCPPorts = [2049];
};
};
}

18
modules/services/nas/nginx.nix
View File

@@ -1,10 +1,12 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
@@ -56,13 +58,12 @@
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
@@ -75,17 +76,16 @@
};
};
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/mnt/Pluto/nix-cache" ];
systemd.services.nginx.serviceConfig.ReadWritePaths = ["/mnt/Pluto/nix-cache"];
networking.firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

15
modules/services/nas/paperless.nix
View File

@@ -1,15 +1,17 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.paperless = {
enable = true;
domain = "paperless.home.opel-online.de";
passwordFile = config.age.secrets."services/paperless/pwFile".path;
# environmentFile = config.age.secrets."services/paperless/environment".path;
# environmentFile = config.age.secrets."services/paperless/environment".path;
configureTika = true;
settings = {
PAPERLESS_OCR_LANGUAGE = "deu+eng";
@@ -31,8 +33,7 @@
};
age.secrets."services/paperless/pwFile" = {
file = ../../../secrets/services/paperless/pwFile.age;
owner = "paperless";
file = ../../../secrets/services/paperless/pwFile.age;
owner = "paperless";
};
}

42
modules/services/nas/syncthing.nix
View File

@@ -1,29 +1,32 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
"hades.home.opel-online.de" = {id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA";};
"lifebook.home.opel-online.de" = {id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4";};
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
"Sync" = {
# Name of folder in Syncthing, also the folder ID
path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = ["hades.home.opel-online.de" "lifebook.home.opel-online.de"]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
@@ -35,19 +38,18 @@
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
recommendedProxySettings = false;
proxyPass = "http://${toString config.services.syncthing.guiAddress}";
recommendedProxySettings = false;
proxyPass = "http://${toString config.services.syncthing.guiAddress}";
extraConfig = ''
proxy_set_header Host localhost;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header Host localhost;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
};
};
};
};
}

13
modules/services/nas/vaultwarden.nix
View File

@@ -1,10 +1,12 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
@@ -31,8 +33,7 @@
};
age.secrets."services/vaultwarden/environment" = {
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
};
}

5
modules/services/nasbackup/default.nix
View File

@@ -9,10 +9,9 @@
# └─ default.nix *
# └─ ...
#
[
# ./nfs.nix
# ./nfs.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

3
modules/services/printer/default.nix
View File

@@ -9,10 +9,9 @@
# └─ default.nix *
# └─ ...
#
[
./klipper.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

192
modules/services/printer/klipper.nix
View File

@@ -1,101 +1,103 @@
{ lib, config, pkgs, ... }:
{
environment = {
systemPackages = with pkgs; [
klipperscreen
];
lib,
config,
pkgs,
...
}: {
environment = {
systemPackages = with pkgs; [
klipperscreen
];
};
services = {
klipper = {
enable = true;
user = "moonraker";
group = "moonraker";
configFile = ./printer.cfg;
mutableConfig = true;
configDir = "/var/lib/moonraker/config";
firmwares."sovol06" = {
serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
enableKlipperFlash = true;
enable = true;
configFile = ./firmware.conf;
};
};
services = {
klipper = {
enable = true;
user = "moonraker";
group = "moonraker";
configFile = ./printer.cfg;
mutableConfig = true;
configDir = "/var/lib/moonraker/config";
firmwares."sovol06" = {
serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
enableKlipperFlash = true;
enable = true;
configFile = ./firmware.conf;
};
mainsail = {
enable = true;
nginx = {
enableACME = false;
#useACMEHost = "home.opel-online.de";
serverName = "nbf5.home.opel-online.de";
#onlySSL = true;
#listenAddresses = [ "0.0.0.0" "::" ];
#forceSSL = true;
};
mainsail = {
enable = true;
nginx = {
enableACME = false;
#useACMEHost = "home.opel-online.de";
serverName = "nbf5.home.opel-online.de";
#onlySSL = true;
#listenAddresses = [ "0.0.0.0" "::" ];
#forceSSL = true;
};
};
moonraker = {
enable = true;
allowSystemControl = true;
address = "0.0.0.0";
settings = {
authorization = {
force_logins = true;
cors_domains = [
"*://nbf5.home.opel-online.de"
"*.local"
];
trusted_clients = [
"127.0.0.0/8"
"192.168.2.0/24"
];
};
file_manager = {
enable_object_processing = true;
};
};
};
# nginx = {
# enable = true;
# recommendedProxySettings = true;
# recommendedTlsSettings = true;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# virtualHosts = {
# "ci.kabtop.de" = {
# enableACME = true;
# forceSSL = true;
# default = true;
# locations."/".return = "503";
# };
# "hydra.ci.kabtop.de" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://localhost:3000";
# extraConfig = ''
# proxy_set_header X-Forwarded-Port 443;
# '';
# };
# };
# "cache.ci.kabtop.de" = {
# enableACME = true;
# forceSSL = true;
# locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
# };
# };
# };
# };
#
# security.acme = {
# acceptTerms = true;
# defaults = {
# email = "webmaster@kabtop.de";
# webroot = "/var/lib/acme/acme-challenge";
# #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
# };
};
moonraker = {
enable = true;
allowSystemControl = true;
address = "0.0.0.0";
settings = {
authorization = {
force_logins = true;
cors_domains = [
"*://nbf5.home.opel-online.de"
"*.local"
];
trusted_clients = [
"127.0.0.0/8"
"192.168.2.0/24"
];
};
file_manager = {
enable_object_processing = true;
};
};
};
# nginx = {
# enable = true;
# recommendedProxySettings = true;
# recommendedTlsSettings = true;
# recommendedGzipSettings = true;
# recommendedOptimisation = true;
# virtualHosts = {
# "ci.kabtop.de" = {
# enableACME = true;
# forceSSL = true;
# default = true;
# locations."/".return = "503";
# };
# "hydra.ci.kabtop.de" = {
# enableACME = true;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://localhost:3000";
# extraConfig = ''
# proxy_set_header X-Forwarded-Port 443;
# '';
# };
# };
# "cache.ci.kabtop.de" = {
# enableACME = true;
# forceSSL = true;
# locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
# };
# };
# };
# };
#
# security.acme = {
# acceptTerms = true;
# defaults = {
# email = "webmaster@kabtop.de";
# webroot = "/var/lib/acme/acme-challenge";
# #server = "https://acme-staging-v02.api.letsencrypt.org/directory";
# };
};
}

16
modules/services/printer/nginx.nix
View File

@@ -1,10 +1,12 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
@@ -20,13 +22,12 @@
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
@@ -41,13 +42,12 @@
networking.firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPorts = [];
allowedTCPPorts = [80 443];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

32
modules/services/server/coturn.nix
View File

@@ -1,4 +1,9 @@
{config, pkgs, lib, ...}: {
{
config,
pkgs,
lib,
...
}: {
# enable coturn
services.coturn = rec {
enable = true;
@@ -43,21 +48,24 @@
# open the firewall
networking.firewall = {
interfaces.ens18 = let
range = with config.services.coturn; [ {
from = min-port;
to = max-port;
} ];
in
{
range = with config.services.coturn; [
{
from = min-port;
to = max-port;
}
];
in {
allowedUDPPortRanges = range;
allowedUDPPorts = [ 3478 ];
allowedUDPPorts = [3478];
allowedTCPPortRanges = range;
allowedTCPPorts = [ 3478 5349 ];
allowedTCPPorts = [3478 5349];
};
};
# get a certificate
security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */
/*
insert here the right configuration to obtain a certificate
*/
postRun = "systemctl restart coturn.service";
group = "turnserver";
};
@@ -67,7 +75,7 @@
#};
age.secrets."services/coturn/static-auth" = {
file = ../../../secrets/services/coturn/static-auth.age;
owner = "turnserver";
file = ../../../secrets/services/coturn/static-auth.age;
owner = "turnserver";
};
}

5
modules/services/server/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix *
# └─ ...
#
[
./postgresql.nix
./gitea.nix
@@ -19,8 +18,8 @@
./coturn.nix
./hydra.nix
./mealie.nix
# ./ollama.nix
# ./ollama.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

114
modules/services/server/gitea.nix
View File

@@ -1,10 +1,12 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
services.gitea = {
enable = true;
dump.enable = false;
@@ -19,56 +21,56 @@
appName = "Kabtop Git";
mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path;
settings = {
server = {
ROOT_URL = "https://git.kabtop.de";
HTTP_ADDR = "localhost";
DOMAIN = "git.kabtop.de";
SSH_PORT = 2220;
ENABLE_GZIP = true;
LFS_START_SERVER = true;
LFS_ALLOW_PURE_SSH = true;
};
security = {
MIN_PASSWORD_LENGTH = 12;
PASSWORD_CHECK_PWN = true;
PASSWORD_HASH_ALGO = "argon2";
};
# oauth2 = {
# ENABLE = true;
# #JWT_SECRET = "secret123";
# };
repository = {
MAX_CREATION_LIMIT = 100;
};
ui = {
SHOW_USER_EMAIL = false;
DEFAULT_THEME = "gitea-dark";
};
# openid = {
# ENABLE_OPENID_SIGNIN = true;
# WHITELISTED_URIS = "https://auth.kabtop.de";
# };
# oauth2_client = {
# ENABLE_AUTO_REGISTRATION = true;
# };
time = {
DEFAULT_UI_LOCATION = "Europe/Berlin";
};
other = {
SHOW_FOOTER_VERSION = false;
};
server = {
ROOT_URL = "https://git.kabtop.de";
HTTP_ADDR = "localhost";
DOMAIN = "git.kabtop.de";
SSH_PORT = 2220;
ENABLE_GZIP = true;
LFS_START_SERVER = true;
LFS_ALLOW_PURE_SSH = true;
};
security = {
MIN_PASSWORD_LENGTH = 12;
PASSWORD_CHECK_PWN = true;
PASSWORD_HASH_ALGO = "argon2";
};
# oauth2 = {
# ENABLE = true;
# #JWT_SECRET = "secret123";
# };
repository = {
MAX_CREATION_LIMIT = 100;
};
ui = {
SHOW_USER_EMAIL = false;
DEFAULT_THEME = "gitea-dark";
};
# openid = {
# ENABLE_OPENID_SIGNIN = true;
# WHITELISTED_URIS = "https://auth.kabtop.de";
# };
# oauth2_client = {
# ENABLE_AUTO_REGISTRATION = true;
# };
time = {
DEFAULT_UI_LOCATION = "Europe/Berlin";
};
other = {
SHOW_FOOTER_VERSION = false;
};
session.COOKIE_SECURE = true;
service = {
REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true;
};
actions = {
ENABLED = true;
};
indexer = {
REPO_INDEXER_ENABLED = false;
};
session.COOKIE_SECURE = true;
service = {
REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true;
};
actions = {
ENABLED = true;
};
indexer = {
REPO_INDEXER_ENABLED = false;
};
};
};
@@ -87,11 +89,11 @@
};
};
age.secrets."services/gitea/mailerPassword" = {
file = ../../../secrets/services/gitea/mailerPassword.age;
owner = "gitea";
file = ../../../secrets/services/gitea/mailerPassword.age;
owner = "gitea";
};
age.secrets."services/gitea/databasePassword" = {
file = ../../../secrets/services/gitea/databasePassword.age;
owner = "gitea";
file = ../../../secrets/services/gitea/databasePassword.age;
owner = "gitea";
};
}

111
modules/services/server/gitea_runner.nix
View File

@@ -1,59 +1,62 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
lib,
config,
pkgs,
...
}: {
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = ["8.8.8.8" "8.8.4.4"];
};
};
services.gitea-actions-runner.instances = {
serverrunner = {
enable = true;
url = "https://git.kabtop.de";
name = "Server runner";
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
labels = [
"server"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
services.gitea-actions-runner.instances = {
serverrunner = {
enable = true;
url = "https://git.kabtop.de";
name = "Server runner";
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
labels = [
"server"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/serverrunner-token" = {
file = ../../../secrets/services/gitea/serverrunner-token.age;
owner = "gitea-runner";
};
age.secrets."services/gitea/serverrunner-token" = {
file = ../../../secrets/services/gitea/serverrunner-token.age;
owner = "gitea-runner";
};
}

138
modules/services/server/hydra.nix
View File

@@ -1,77 +1,79 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
port = 3001;
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 50;
maxServers = 10;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
lib,
config,
pkgs,
...
}: {
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
port = 3001;
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 50;
maxServers = 10;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
nix = {
settings = {
cores = 5;
max-jobs = 1;
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
nix = {
settings = {
cores = 5;
max-jobs = 1;
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

82
modules/services/server/jitsi.nix
View File

@@ -1,46 +1,48 @@
{ config, pkgs, ... }:
{
services.jitsi-meet = {
enable = true;
hostName = "meet.kabtop.de";
config = {
enableWelcomePage = false;
prejoinPageEnabled = true;
defaultLang = "en";
};
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
config,
pkgs,
...
}: {
services.jitsi-meet = {
enable = true;
hostName = "meet.kabtop.de";
config = {
enableWelcomePage = false;
prejoinPageEnabled = true;
defaultLang = "en";
};
#services.jibri = {
# enable = true;
# config = {
# recording = {
# recordings-directory = "/var/lib/jitsi-meet-recordings";
# };
# ffmpeg = {
# #framerate = 30;
# #video-encode-preset = "veryfast"; # https://trac.ffmpeg.org/wiki/Encode/H.264#a2.Chooseapresetandtune
# h264-constant-rate-factor = 21; # https://trac.ffmpeg.org/wiki/Encode/H.264#a1.ChooseaCRFvalue
# };
# };
#};
services.jitsi-videobridge = {
enable = true;
openFirewall = true;
interfaceConfig = {
SHOW_JITSI_WATERMARK = false;
SHOW_WATERMARK_FOR_GUESTS = false;
};
};
#services.jibri = {
# enable = true;
# config = {
# recording = {
# recordings-directory = "/var/lib/jitsi-meet-recordings";
# };
# ffmpeg = {
# #framerate = 30;
# #video-encode-preset = "veryfast"; # https://trac.ffmpeg.org/wiki/Encode/H.264#a2.Chooseapresetandtune
# h264-constant-rate-factor = 21; # https://trac.ffmpeg.org/wiki/Encode/H.264#a1.ChooseaCRFvalue
# };
# };
#};
services.jitsi-videobridge = {
enable = true;
openFirewall = true;
};
services.prosody.extraConfig = ''
log = "/var/log/prosody/prosody.log"
'';
systemd.tmpfiles.rules = [
"d /var/log/prosody - prosody prosody"
#"d ${config.services.jibri.config.recording.recordings-directory} 0750 jibri jibri -"
];
services.prosody.extraConfig = ''
log = "/var/log/prosody/prosody.log"
'';
systemd.tmpfiles.rules = [
"d /var/log/prosody - prosody prosody"
#"d ${config.services.jibri.config.recording.recordings-directory} 0750 jibri jibri -"
];
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
}

391
modules/services/server/matrix.nix
View File

@@ -1,10 +1,12 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
let
{
config,
lib,
pkgs,
...
}: let
fqdn = "matrix.${config.networking.domain}";
clientConfig = {
"m.homeserver".base_url = "https://${fqdn}";
@@ -24,230 +26,237 @@ in {
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.networking.domain}" = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."/_matrix".proxyPass = "http://localhost:8008";
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
locations."/_matrix".proxyPass = "http://localhost:8008";
};
"${fqdn}" = {
enableACME = true;
forceSSL = true;
locations."/health".proxyPass = "http://localhost:8008";
locations."/_matrix".proxyPass = "http://localhost:8008";
locations."/_synapse/client".proxyPass = "http://localhost:8008";
locations."/".extraConfig = ''
locations."/health".proxyPass = "http://localhost:8008";
locations."/_matrix".proxyPass = "http://localhost:8008";
locations."/_synapse/client".proxyPass = "http://localhost:8008";
locations."/".extraConfig = ''
return 404;
'';
};
# "element.${config.networking.domain}" = {
# enableACME = true;
# forceSSL = true;
#
# root = pkgs.element-web.override {
# conf = {
# default_server_config = clientConfig;
# };
# };
# };
# "element.${config.networking.domain}" = {
# enableACME = true;
# forceSSL = true;
#
# root = pkgs.element-web.override {
# conf = {
# default_server_config = clientConfig;
# };
# };
# };
};
};
imports = [ ../../kabbone/mautrix-whatsapp.nix ];
imports = [../../kabbone/mautrix-whatsapp.nix];
services.matrix-synapse = {
enable = true;
settings = {
server_name = config.networking.domain;
public_baseurl = "https://matrix.${config.networking.domain}";
listeners = [
{ port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{ names = [ "client" ]; compress = true; }
{ names = [ "federation" ]; compress = false; }
];
}
];
server_name = config.networking.domain;
public_baseurl = "https://matrix.${config.networking.domain}";
listeners = [
{
port = 8008;
bind_addresses = ["::1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client"];
compress = true;
}
{
names = ["federation"];
compress = false;
}
];
}
];
};
extraConfigFiles = [
config.age.secrets."services/matrix/synapse.yml".path
config.age.secrets."services/matrix/synapse.yml".path
];
};
systemd.services = {
matrix-synapse = {
requires = [ "postgresql.service" ];
};
matrix-synapse = {
requires = ["postgresql.service"];
};
};
services = {
mautrix-telegram = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
provisioning.enabled = false;
id = "telegram";
public = {
enabled = false;
};
};
bridge = {
sync_channel_members = true;
startup_sync = true;
public_portals = true;
double_puppet_server_map = {
"kabtop.de" = "https://kabtop.de";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
};
private_chat_portal_meta = "default";
backfill = {
disable_notifications = true;
};
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
loggers = {
mau = {
level = "WARN";
};
telethon = {
level = "WARN";
};
};
root = {
handlers = [
"console"
];
level = "WARN";
};
};
mautrix-telegram = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
provisioning.enabled = false;
id = "telegram";
public = {
enabled = false;
};
};
mautrix-signal = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-signal.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
id = "signal";
as_token = "$MAUTRIX_SIGNAL_AS_TOKEN";
hs_token = "$MAUTRIX_SIGNAL_HS_TOKEN";
};
database = {
type = "postgres";
uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
backfill = {
enabled = true;
};
bridge = {
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
min_level = "warn";
writers = [
{
format = "pretty-colored";
type = "stdout";
}
];
};
};
bridge = {
sync_channel_members = true;
startup_sync = true;
public_portals = true;
double_puppet_server_map = {
"kabtop.de" = "https://kabtop.de";
};
};
kabbone_mautrix-whatsapp = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-whatsapp.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
id = "whatsapp";
as_token = "$MAUTRIX_WHATSAPP_AS_TOKEN";
hs_token = "$MAUTRIX_WHATSAPP_HS_TOKEN";
};
database = {
type = "postgres";
uri = "$MAUTRIX_WHATSAPP_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY";
};
network = {
history_sync.request_full_sync = true;
};
bridge = {
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
min_level = "warn";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
};
private_chat_portal_meta = "default";
backfill = {
disable_notifications = true;
};
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
loggers = {
mau = {
level = "WARN";
};
telethon = {
level = "WARN";
};
};
root = {
handlers = [
"console"
];
level = "WARN";
};
};
};
};
mautrix-signal = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-signal.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
id = "signal";
as_token = "$MAUTRIX_SIGNAL_AS_TOKEN";
hs_token = "$MAUTRIX_SIGNAL_HS_TOKEN";
};
database = {
type = "postgres";
uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
backfill = {
enabled = true;
};
bridge = {
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
min_level = "warn";
writers = [
{
format = "pretty-colored";
type = "stdout";
}
];
};
};
};
kabbone_mautrix-whatsapp = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-whatsapp.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
id = "whatsapp";
as_token = "$MAUTRIX_WHATSAPP_AS_TOKEN";
hs_token = "$MAUTRIX_WHATSAPP_HS_TOKEN";
};
database = {
type = "postgres";
uri = "$MAUTRIX_WHATSAPP_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY";
};
network = {
history_sync.request_full_sync = true;
};
bridge = {
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
min_level = "warn";
};
};
};
};
age.secrets."services/matrix/synapse.yml" = {
file = ../../../secrets/services/matrix/synapse.age;
owner = "matrix-synapse";
file = ../../../secrets/services/matrix/synapse.age;
owner = "matrix-synapse";
};
age.secrets."services/matrix/mautrix-telegram.env" = {
file = ../../../secrets/services/matrix/mautrix-telegram.age;
owner = "mautrix-telegram";
file = ../../../secrets/services/matrix/mautrix-telegram.age;
owner = "mautrix-telegram";
};
age.secrets."services/matrix/mautrix-whatsapp.env" = {
file = ../../../secrets/services/matrix/mautrix-whatsapp.age;
owner = "mautrix-whatsapp";
file = ../../../secrets/services/matrix/mautrix-whatsapp.age;
owner = "mautrix-whatsapp";
};
age.secrets."services/matrix/mautrix-signal.env" = {
file = ../../../secrets/services/matrix/mautrix-signal.age;
owner = "mautrix-signal";
file = ../../../secrets/services/matrix/mautrix-signal.age;
owner = "mautrix-signal";
};
}

56
modules/services/server/mealie.nix
View File

@@ -1,36 +1,36 @@
{ config, pkgs, ... }:
{
services.mealie = {
enable = true;
listenAddress = "127.0.0.1";
credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
settings = {
ALLOW_SIGNUP = "false";
DB_ENGINE = "postgres";
TZ = "Europe/Berlin";
};
config,
pkgs,
...
}: {
services.mealie = {
enable = true;
listenAddress = "127.0.0.1";
credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
settings = {
ALLOW_SIGNUP = "false";
DB_ENGINE = "postgres";
TZ = "Europe/Berlin";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"mealie.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:9000";
};
services.nginx = {
enable = true;
virtualHosts = {
"mealie.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:9000";
};
};
};
age.secrets."services/mealie/credentialsFile" = {
file = ../../../secrets/services/mealie/credentialsFile.age;
owner = "mealie";
};
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
age.secrets."services/mealie/credentialsFile" = {
file = ../../../secrets/services/mealie/credentialsFile.age;
owner = "mealie";
};
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
}

116
modules/services/server/microvm.nix
View File

@@ -1,48 +1,55 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
config,
microvm,
lib,
pkgs,
user,
agenix,
impermanence,
...
}: let
name = "gitea-runner";
in {
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
imports =
[agenix.nixosModules.default]
++ [impermanence.nixosModules.impermanence]
++ [(./gitea_runner.nix)];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedUDPPorts = [];
allowedTCPPorts = [];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
users.users.${user} = {
# System User
isNormalUser = true;
extraGroups = [ "wheel" ];
extraGroups = ["wheel"];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
@@ -56,30 +63,32 @@ in
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
}
];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
systemPackages = with pkgs; [
# Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
@@ -100,23 +109,26 @@ in
mem = 4096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
}
];
shares = [
{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}
];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};

149
modules/services/server/nextcloud.nix
View File

@@ -1,35 +1,37 @@
{ config, pkgs, ... }:
{
services.nextcloud = {
enable = true;
hostName = "cloud.kabtop.de";
https = true;
package = pkgs.nextcloud32;
database.createLocally = false;
notify_push.enable = false;
enableImagemagick = true;
maxUploadSize = "512M";
caching = {
redis = true;
apcu = true;
};
imaginary.enable = true;
settings = {
log_type = "file";
logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
config,
pkgs,
...
}: {
services.nextcloud = {
enable = true;
hostName = "cloud.kabtop.de";
https = true;
package = pkgs.nextcloud32;
database.createLocally = false;
notify_push.enable = false;
enableImagemagick = true;
maxUploadSize = "512M";
caching = {
redis = true;
apcu = true;
};
imaginary.enable = true;
settings = {
log_type = "file";
logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
redis = {
host = "/run/redis-nextcloud/redis.sock";
port = 0;
};
"memcache.local" = "\\OC\\Memcache\\APCu";
"memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis";
"enable_previews" = true;
"enabledPreviewproviders" = "
redis = {
host = "/run/redis-nextcloud/redis.sock";
port = 0;
};
"memcache.local" = "\\OC\\Memcache\\APCu";
"memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis";
"enable_previews" = true;
"enabledPreviewproviders" = "
array (
'OC\Preview\PNG',
'OC\Preview\JPEG',
@@ -43,57 +45,56 @@
'OC\Preview\Krita',
'OC\Preview\HEIC',
)";
"maintenance_window_start" = "1";
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "localhost";
dbname = "nextclouddb";
adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
};
"maintenance_window_start" = "1";
};
services.redis = {
vmOverCommit = true;
servers.nextcloud = {
enable = true;
user = "nextcloud";
port = 0;
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "localhost";
dbname = "nextclouddb";
adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
};
};
services.nginx = {
services.redis = {
vmOverCommit = true;
servers.nextcloud = {
enable = true;
virtualHosts = {
"${config.services.nextcloud.hostName}" = {
enableACME = true;
forceSSL = true;
};
user = "nextcloud";
port = 0;
};
};
services.nginx = {
enable = true;
virtualHosts = {
"${config.services.nextcloud.hostName}" = {
enableACME = true;
forceSSL = true;
};
};
};
age.secrets."services/nextcloud/dbpassFile" = {
file = ../../../secrets/services/nextcloud/dbpassFile.age;
owner = "nextcloud";
};
age.secrets."services/nextcloud/adminpassFile" = {
file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud";
};
age.secrets."services/nextcloud/dbpassFile" = {
file = ../../../secrets/services/nextcloud/dbpassFile.age;
owner = "nextcloud";
};
age.secrets."services/nextcloud/adminpassFile" = {
file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud";
};
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
}

23
modules/services/server/ollama.nix
View File

@@ -1,9 +1,10 @@
{ config, pkgs, ... }:
let
ollamahostname = "llm.kabtop.de";
in
{
config,
pkgs,
...
}: let
ollamahostname = "llm.kabtop.de";
in {
virtualisation.oci-containers.containers."open-webui" = {
autoStart = true;
image = "ghcr.io/open-webui/open-webui:ollama";
@@ -11,17 +12,17 @@ in
"/var/lib/open-webui:/app/backend/data"
];
hostname = "open-webui";
ports = [ "8081:8080" ];
ports = ["8081:8080"];
};
services = {
nginx = {
virtualHosts = {
${ollamahostname} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:8081";
};
${ollamahostname} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:8081";
};
};
};
};

55
modules/services/server/postgresql.nix
View File

@@ -1,37 +1,39 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
# imports = [ ./postgresql_upgrade.nix ];
config,
lib,
pkgs,
...
}: {
# imports = [ ./postgresql_upgrade.nix ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
settings = {
max_connections = 200;
listen_addresses = "localhost";
password_encryption = "scram-sha-256";
shared_buffers = "4GB";
work_mem = "2GB";
maintenance_work_mem = "500MB";
autovacuum_work_mem = -1;
log_timezone = "Europe/Berlin";
timezone = "Europe/Berlin";
max_connections = 200;
listen_addresses = "localhost";
password_encryption = "scram-sha-256";
shared_buffers = "4GB";
work_mem = "2GB";
maintenance_work_mem = "500MB";
autovacuum_work_mem = -1;
log_timezone = "Europe/Berlin";
timezone = "Europe/Berlin";
};
authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer
host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256
host mealie mealie localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
local hydra all ident map=hydra-users
local all postgres peer
host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256
host mealie mealie localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
local hydra all ident map=hydra-users
'';
identMap = ''
hydra-users hydra hydra
@@ -47,8 +49,7 @@
services.postgresqlBackup.enable = true;
age.secrets."services/postgresql/initScript.sql" = {
file = ../../../secrets/services/postgresql/initScript.age;
owner = "postgres";
file = ../../../secrets/services/postgresql/initScript.age;
owner = "postgres";
};
}

39
modules/services/server/postgresql_upgrade.nix
View File

@@ -1,5 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
@@ -8,26 +12,27 @@
# pp.plv8
]);
cfg = config.services.postgresql;
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
in
pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

71
modules/services/server/woodpecker.nix
View File

@@ -1,11 +1,14 @@
#
# CI/CD Woodpecker
#
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [ # Default packages install system-wide
config,
lib,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
# Default packages install system-wide
woodpecker-server
woodpecker-cli
];
@@ -28,35 +31,35 @@
systemd.services = {
woodpecker-server = {
description = "CI/CD Pipeline Server";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" ];
requires = [ "postgresql.service" ];
wantedBy = ["multi-user.target"];
after = ["network.target" "postgresql.service"];
requires = ["postgresql.service"];
script = "${pkgs.woodpecker-server}/bin/woodpecker-server";
serviceConfig = {
User="woodpecker";
Group="woodpecker";
Environment="HOME=/var/lib/woodpecker";
EnvironmentFile=config.age.secrets."services/woodpecker/environment".path;
ReadWritePaths="/var/lib/woodpecker /var/log/woodpecker";
NoNewPrivileges=true;
MemoryDenyWriteExecute=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;
ProtectSystem="strict";
ProtectControlGroups=true;
RestrictSUIDSGID=true;
RestrictRealtime=true;
LockPersonality=true;
ProtectKernelLogs=true;
ProtectKernelTunables=true;
ProtectHostname=true;
ProtectKernelModules=true;
PrivateUsers=true;
ProtectClock=true;
SystemCallArchitectures="native";
SystemCallErrorNumber="EPERM";
SystemCallFilter="@system-service";
User = "woodpecker";
Group = "woodpecker";
Environment = "HOME=/var/lib/woodpecker";
EnvironmentFile = config.age.secrets."services/woodpecker/environment".path;
ReadWritePaths = "/var/lib/woodpecker /var/log/woodpecker";
NoNewPrivileges = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
PrivateTmp = true;
ProtectHome = true;
ProtectSystem = "strict";
ProtectControlGroups = true;
RestrictSUIDSGID = true;
RestrictRealtime = true;
LockPersonality = true;
ProtectKernelLogs = true;
ProtectKernelTunables = true;
ProtectHostname = true;
ProtectKernelModules = true;
PrivateUsers = true;
ProtectClock = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = "@system-service";
};
};
};
@@ -81,9 +84,7 @@
};
age.secrets."services/woodpecker/environment" = {
file = ../../../secrets/services/woodpecker/environment.age;
owner = "woodpecker";
file = ../../../secrets/services/woodpecker/environment.age;
owner = "woodpecker";
};
}

1
modules/shell/default.nix
View File

@@ -9,7 +9,6 @@
# └─ default.nix *
# └─ ...
#
[
./git.nix
./tmux.nix

49
modules/shell/tmux.nix
View File

@@ -1,10 +1,7 @@
#
# Tmux
#
{ pkgs, ... }:
{
{pkgs, ...}: {
programs = {
tmux = {
enable = true;
@@ -17,24 +14,24 @@
shortcut = "Space";
baseIndex = 1;
plugins = with pkgs.tmuxPlugins; [
yank
sidebar
# {
# plugin = dracula;
# extraConfig = "
# set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true
# ";
# plugin = catppuccin;
# extraConfig = "
# set -g @catppuccin_flavour 'macchiato'
# set -g @catppuccin_window_tabs_enabled 'on'
# set -g @catppuccin_host 'on'
# set -g @catppuccin_user 'on'
# set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
# ";
# }
yank
sidebar
# {
# plugin = dracula;
# extraConfig = "
# set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true
# ";
# plugin = catppuccin;
# extraConfig = "
# set -g @catppuccin_flavour 'macchiato'
# set -g @catppuccin_window_tabs_enabled 'on'
# set -g @catppuccin_host 'on'
# set -g @catppuccin_user 'on'
# set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
# ";
# }
];
extraConfig = ''
set -g mouse on
@@ -45,7 +42,7 @@
bind-key v split-window -v -c "#{pane_current_path}"
unbind '"'
unbind '%'
# moving between windows with vim movement keys
bind m select-pane -L
bind n select-pane -D
@@ -55,19 +52,19 @@
# moving between windows with vim movement keys
bind -r C-m select-window -t :-
bind -r C-i select-window -t :+
# Vim style X clipboard integration
bind-key -T copy-mode-vi 'v' send-keys -X begin-selection
bind-key -T copy-mode-vi C-v send-keys -X rectangle-toggle
bind-key -T copy-mode-vi 'y' send-keys -X copy-selection-and-cancel
bind-key P run "xsel -o | tmux load-buffer - ; tmux paste-buffer"
# resize panes with vim movement keys
bind -r M resize-pane -L 5
bind -r N resize-pane -D 5
bind -r E resize-pane -U 5
bind -r I resize-pane -R 5
# bindings for pane joining and breaking
bind < split-window -h \; choose-window 'kill-pane ; join-pane -hs %%'
bind > break-pane -d

40
modules/shell/zsh.nix
View File

@@ -1,39 +1,37 @@
#
# Shell
#
{ pkgs, ... }:
{
{pkgs, ...}: {
programs = {
zsh = {
enable = true;
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true;
history.size = 10000;
oh-my-zsh = { # Extra plugins for zsh
oh-my-zsh = {
# Extra plugins for zsh
enable = true;
plugins = [ "git" ];
plugins = ["git"];
#custom = "$HOME/.config/zsh_nix/custom";
};
initContent = ''
if [[ $WAYLAND_DISPLAY ]]; then
[[ $- != *i* ]] && return
[[ -z "$TMUX" ]] && (tmux attach || tmux new-session)
fi
if [[ $WAYLAND_DISPLAY ]]; then
[[ $- != *i* ]] && return
[[ -z "$TMUX" ]] && (tmux attach || tmux new-session)
fi
# Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit
# source $HOME/.config/shell/shell_init
# Hook direnv
# emulate zsh -c "$(direnv hook zsh)"
# Swag
pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
# Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit
# source $HOME/.config/shell/shell_init
# Hook direnv
# emulate zsh -c "$(direnv hook zsh)"
# Swag
pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
'';
};
};

37
modules/wm/default.nix
View File

@@ -1,16 +1,29 @@
{ pkgs, lib, config, ... }:
with lib;
{
# NOTE: Dynamic imports based on option values are not supported in NixOS modules.
# To conditionally load a WM, either import all WM modules and use mkIf in each,
# or select the WM module directly in the host configuration.
imports = [];
pkgs,
lib,
config,
...
}:
with lib; {
# NOTE: Dynamic imports based on option values are not supported in NixOS modules.
# To conditionally load a WM, either import all WM modules and use mkIf in each,
# or select the WM module directly in the host configuration.
imports = [];
options = {
desktop = {
wm = mkOption { type = types.str; default = "sway"; };
taskbar = mkOption { type = types.str; default = "waybar"; };
launcher = mkOption { type = types.str; default = "bemenu"; };
};
options = {
desktop = {
wm = mkOption {
type = types.str;
default = "sway";
};
taskbar = mkOption {
type = types.str;
default = "waybar";
};
launcher = mkOption {
type = types.str;
default = "bemenu";
};
};
};
}

8
modules/wm/kde/home.nix
View File

@@ -10,8 +10,10 @@
# └─ ./gnome
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
}

37
modules/wm/niri/home.nix
View File

@@ -10,18 +10,20 @@
# └─ ./sway
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
programs = {
swaylock = {
enable = true;
settings = {
color = "000000";
image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
color = "000000";
image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
};
};
};
@@ -30,12 +32,24 @@
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{
event = "before-sleep";
command = "${pkgs.swaylock}/bin/swaylock";
}
{
event = "lock";
command = "${pkgs.swaylock}/bin/swaylock -fF";
}
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.niri}/bin/niri msg action power-off-monitors"; }
{
timeout = 300;
command = "${pkgs.swaylock}/bin/swaylock -fF";
}
{
timeout = 600;
command = "${pkgs.niri}/bin/niri msg action power-off-monitors";
}
];
};
};
@@ -43,5 +57,4 @@
xdg.configFile = {
"niri/config.kdl".source = ./config.kdl;
};
}

50
modules/wm/steam/default.nix
View File

@@ -10,33 +10,37 @@
# └─ ./gnome
# └─ default.nix *
#
{ config, lib, user, pkgs, jovian-nixos, ... }:
{
imports = [
(jovian-nixos + "/modules")
];
config,
lib,
user,
pkgs,
jovian-nixos,
...
}: {
imports = [
(jovian-nixos + "/modules")
];
jovian = {
steam = {
enable = true;
user = "kabbone";
autoStart = true;
desktopSession = "plasma";
};
devices.steamdeck = {
enable = true;
};
decky-loader.enable = true;
jovian = {
steam = {
enable = true;
user = "kabbone";
autoStart = true;
desktopSession = "plasma";
};
hardware.graphics = {
enable = true;
enable32Bit = true;
devices.steamdeck = {
enable = true;
};
decky-loader.enable = true;
};
environment.systemPackages = with pkgs; [
steamdeck-firmware
];
hardware.graphics = {
enable = true;
enable32Bit = true;
};
environment.systemPackages = with pkgs; [
steamdeck-firmware
];
}

7
modules/wm/steam/home.nix
View File

@@ -10,9 +10,12 @@
# └─ ./steam
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
home = {
packages = with pkgs; [
steam

21
modules/wm/sway/default.nix
View File

@@ -10,18 +10,22 @@
# └─ ./hyprland
# └─ hyprland.nix *
#
{ config, lib, user, pkgs, desktop, ... }:
{
imports = [ ../waybar.nix ];
config,
lib,
user,
pkgs,
desktop,
...
}: {
imports = [../waybar.nix];
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
exec sway
fi
''; # Will automatically open sway when logged into tty1
''; # Will automatically open sway when logged into tty1
systemPackages = with pkgs; [
xdg-desktop-portal-wlr
sway
@@ -42,7 +46,7 @@
programs = {
sway.enable = true;
sway.extraSessionCommands = ''
sway.extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND="1";
export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2";
@@ -65,9 +69,10 @@
security.pam.services.swaylock = {};
xdg.portal = { # Required for flatpak with windowmanagers
xdg.portal = {
# Required for flatpak with windowmanagers
enable = true;
wlr.enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
}

544
modules/wm/sway/home.nix
View File

@@ -10,229 +10,251 @@
# └─ ./sway
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
wayland.windowManager.sway = {
enable = true;
checkConfig = false;
config = rec {
menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons";
left = "m";
down = "n";
up = "e";
right = "i";
modifier = "Mod4";
floating.modifier = "Mod4";
floating.titlebar = true;
input = {
"type:keyboard" = {
xkb_layout = "us,de";
xkb_variant = "altgr-intl,";
xkb_options = "grp:win_space_toggle";
};
"type:touchpad" = {
tap = "enabled";
natural_scroll = "disabled";
drag = "enabled";
dwt = "enabled";
middle_emulation = "enabled";
scroll_method = "two_finger";
tap_button_map = "lmr";
};
enable = true;
checkConfig = false;
config = rec {
menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons";
left = "m";
down = "n";
up = "e";
right = "i";
modifier = "Mod4";
floating.modifier = "Mod4";
floating.titlebar = true;
input = {
"type:keyboard" = {
xkb_layout = "us,de";
xkb_variant = "altgr-intl,";
xkb_options = "grp:win_space_toggle";
};
output = {
"*" = {
bg = "$HOME/.config/wall fill";
};
#"HDMI-A-1" = {
# mode = "2560x1440";
# pos = "0,0";
# #scale = "1.1";
#};
"DP-2" = {
mode = "2560x1440";
pos = "0,250";
};
"DP-3" = {
mode = "1920x1200";
pos = "2560,0";
transform = "90";
};
#"eDP-1" = {
# mode = "1920x1080";
# #pos = "4480,0";
# pos = "2560,0";
# subpixel = "none";
# scale = "1.3";
#};
"type:touchpad" = {
tap = "enabled";
natural_scroll = "disabled";
drag = "enabled";
dwt = "enabled";
middle_emulation = "enabled";
scroll_method = "two_finger";
tap_button_map = "lmr";
};
};
terminal = "${pkgs.alacritty}/bin/alacritty";
fonts = {
names = [ "Cascadia Code" ];
size = 10.0;
output = {
"*" = {
bg = "$HOME/.config/wall fill";
};
colors.focused = {
background = "#212121";
border = "#999999";
childBorder = "#999999";
indicator = "#999999";
text = "#FFFFFF";
#"HDMI-A-1" = {
# mode = "2560x1440";
# pos = "0,0";
# #scale = "1.1";
#};
"DP-2" = {
mode = "2560x1440";
pos = "0,250";
};
startup = [
{ command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; }
{ command = "xrdb -load ~/.Xresources"; }
# { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{ command = "${pkgs.thunderbird}/bin/thunderbird"; }
{ command = "${pkgs.firefox}/bin/firefox"; }
{ command = "${pkgs.element-desktop}/bin/element-desktop"; }
];
workspaceAutoBackAndForth = true;
gaps.inner = 8;
gaps.outer = 4;
gaps.smartGaps = true;
gaps.smartBorders = "on";
assigns = {
"workspace number 1" = [{ app_id = "thunderbird"; }];
"workspace number 2" = [{ app_id = "firefox"; }];
"workspace number 3" = [{ app_id = "Element"; }];
"DP-3" = {
mode = "1920x1200";
pos = "2560,0";
transform = "90";
};
#"eDP-1" = {
# mode = "1920x1080";
# #pos = "4480,0";
# pos = "2560,0";
# subpixel = "none";
# scale = "1.3";
#};
};
window.commands = [
{ command = "floating enable"; criteria = { app_id = ".yubioath-flutter-wrapped"; }; }
{ command = "floating enable"; criteria = { app_id = "pavucontrol"; }; }
{ command = "floating enable"; criteria = { app_id = "galculator"; }; }
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; }
];
bars = [
{ command = "${pkgs.waybar}/bin/waybar"; }
];
terminal = "${pkgs.alacritty}/bin/alacritty";
defaultWorkspace = "workspace number 2";
fonts = {
names = ["Cascadia Code"];
size = 10.0;
};
keybindings =
let
mod = config.wayland.windowManager.sway.config.modifier;
alt = "Mod1";
left = config.wayland.windowManager.sway.config.left;
down = config.wayland.windowManager.sway.config.down;
up = config.wayland.windowManager.sway.config.up;
right = config.wayland.windowManager.sway.config.right;
in
{
"${mod}+Escape" = "exec swaymsg exit"; # Exit Sway
"${mod}+Return" = "exec ${terminal}"; # Open terminal
"${mod}+d" = "exec ${menu}"; # Open menu
"${mod}+l" = "exec ${pkgs.swaylock}/bin/swaylock"; # Lock Screen
colors.focused = {
background = "#212121";
border = "#999999";
childBorder = "#999999";
indicator = "#999999";
text = "#FFFFFF";
};
"${mod}+r" = "reload"; # Reload environment
"${mod}+q" = "kill"; # Kill container
startup = [
{command = "exec ${pkgs.rot8}/bin/rot8 -Y -k";}
{command = "xrdb -load ~/.Xresources";}
# { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{command = "${pkgs.thunderbird}/bin/thunderbird";}
{command = "${pkgs.firefox}/bin/firefox";}
{command = "${pkgs.element-desktop}/bin/element-desktop";}
];
"${mod}+Shift+f" = "exec ${pkgs.pcmanfm}/bin/pcmanfm"; # File Manager
workspaceAutoBackAndForth = true;
gaps.inner = 8;
gaps.outer = 4;
gaps.smartGaps = true;
gaps.smartBorders = "on";
"${alt}+${left}" = "workspace prev_on_output"; # Navigate to previous or next workspace on output if it exists
"${alt}+${right}" = "workspace next_on_output";
"${alt}+Shift+${left}" = "move container to workspace prev, workspace prev"; # Move container to next available workspace and focus
"${alt}+Shift+${right}" = "move container to workspace next, workspace next";
assigns = {
"workspace number 1" = [{app_id = "thunderbird";}];
"workspace number 2" = [{app_id = "firefox";}];
"workspace number 3" = [{app_id = "Element";}];
};
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop";
# Sink volume raise optionally with --device
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
# Sink volume toggle mute
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
# Source volume toggle mute
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
window.commands = [
{
command = "floating enable";
criteria = {app_id = ".yubioath-flutter-wrapped";};
}
{
command = "floating enable";
criteria = {app_id = "pavucontrol";};
}
{
command = "floating enable";
criteria = {app_id = "galculator";};
}
{
command = "floating enable";
criteria = {app_id = "com.nitrokey.";};
}
{
command = "floating enable";
criteria = {app_id = "org.keepassxc.KeePassXC.";};
}
{
command = "floating enable";
criteria = {app_id = "virt-manager";};
}
{
command = "floating enable";
criteria = {title = "^OpenSSH Authentication";};
}
{
command = "floating enable";
criteria = {class = "pop-up";};
}
];
bars = [
{command = "${pkgs.waybar}/bin/waybar";}
];
"${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down";
"${mod}+${up}" = "focus up";
"${mod}+${right}" = "focus right";
"${mod}+Shift+${left}" = "move left";
"${mod}+Shift+${down}" = "move down";
"${mod}+Shift+${up}" = "move up";
"${mod}+Shift+${right}" = "move right";
"${mod}+${alt}+${left}" = "resize grow width 10px";
"${mod}+${alt}+${down}" = "resize shrink height 10px";
"${mod}+${alt}+${up}" = "resize grow height 10px";
"${mod}+${alt}+${right}" = "resize shrink width 10px";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+0" = "workspace number 10";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
"${mod}+Shift+0" = "move container to workspace number 10";
"${mod}+Tab" = "workspace next";
"${mod}+Alt+Tab" = "workspace prev";
defaultWorkspace = "workspace number 2";
"${mod}+k" = "splith";
"${mod}+v" = "splitv";
"${mod}+b" = "layout stacking";
"${mod}+w" = "layout tabbed";
"${mod}+p" = "layout toggle split";
"${mod}+f" = "fullscreen";
"${mod}+Shift+space" = "floating toggle";
"${mod}+h" = "focus mode_toggle";
"${mod}+a" = "focus parent";
"${mod}+Shift+minus" = "move scratchpad";
"${mod}+minus" = "scratchpad show";
};
};
keybindings = let
mod = config.wayland.windowManager.sway.config.modifier;
alt = "Mod1";
left = config.wayland.windowManager.sway.config.left;
down = config.wayland.windowManager.sway.config.down;
up = config.wayland.windowManager.sway.config.up;
right = config.wayland.windowManager.sway.config.right;
in {
"${mod}+Escape" = "exec swaymsg exit"; # Exit Sway
"${mod}+Return" = "exec ${terminal}"; # Open terminal
"${mod}+d" = "exec ${menu}"; # Open menu
"${mod}+l" = "exec ${pkgs.swaylock}/bin/swaylock"; # Lock Screen
"${mod}+r" = "reload"; # Reload environment
"${mod}+q" = "kill"; # Kill container
"${mod}+Shift+f" = "exec ${pkgs.pcmanfm}/bin/pcmanfm"; # File Manager
"${alt}+${left}" = "workspace prev_on_output"; # Navigate to previous or next workspace on output if it exists
"${alt}+${right}" = "workspace next_on_output";
"${alt}+Shift+${left}" = "move container to workspace prev, workspace prev"; # Move container to next available workspace and focus
"${alt}+Shift+${right}" = "move container to workspace next, workspace next";
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop";
# Sink volume raise optionally with --device
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
# Sink volume toggle mute
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
# Source volume toggle mute
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down";
"${mod}+${up}" = "focus up";
"${mod}+${right}" = "focus right";
"${mod}+Shift+${left}" = "move left";
"${mod}+Shift+${down}" = "move down";
"${mod}+Shift+${up}" = "move up";
"${mod}+Shift+${right}" = "move right";
"${mod}+${alt}+${left}" = "resize grow width 10px";
"${mod}+${alt}+${down}" = "resize shrink height 10px";
"${mod}+${alt}+${up}" = "resize grow height 10px";
"${mod}+${alt}+${right}" = "resize shrink width 10px";
"${mod}+1" = "workspace number 1";
"${mod}+2" = "workspace number 2";
"${mod}+3" = "workspace number 3";
"${mod}+4" = "workspace number 4";
"${mod}+5" = "workspace number 5";
"${mod}+6" = "workspace number 6";
"${mod}+7" = "workspace number 7";
"${mod}+8" = "workspace number 8";
"${mod}+9" = "workspace number 9";
"${mod}+0" = "workspace number 10";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
"${mod}+Shift+0" = "move container to workspace number 10";
"${mod}+Tab" = "workspace next";
"${mod}+Alt+Tab" = "workspace prev";
"${mod}+k" = "splith";
"${mod}+v" = "splitv";
"${mod}+b" = "layout stacking";
"${mod}+w" = "layout tabbed";
"${mod}+p" = "layout toggle split";
"${mod}+f" = "fullscreen";
"${mod}+Shift+space" = "floating toggle";
"${mod}+h" = "focus mode_toggle";
"${mod}+a" = "focus parent";
"${mod}+Shift+minus" = "move scratchpad";
"${mod}+minus" = "scratchpad show";
};
};
systemd.enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
@@ -255,12 +277,12 @@
'';
extraConfig = ''
set $output-primary DP-2
set $output-secondary DP-3
set $output-primary DP-2
set $output-secondary DP-3
workspace 1 output $output-secondary
workspace 2 output $output-primary
workspace 3 output $output-secondary
workspace 1 output $output-secondary
workspace 2 output $output-primary
workspace 3 output $output-secondary
'';
};
@@ -268,28 +290,28 @@
swaylock = {
enable = true;
settings = {
color = "000000";
image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
color = "000000";
image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
};
};
rofi = {
enable = true;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
enable = true;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
};
};
@@ -297,34 +319,52 @@
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{
event = "before-sleep";
command = "${pkgs.swaylock}/bin/swaylock";
}
{
event = "lock";
command = "${pkgs.swaylock}/bin/swaylock -fF";
}
{
event = "after-resume";
command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'";
}
{
event = "unlock";
command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'";
}
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{
timeout = 300;
command = "${pkgs.swaylock}/bin/swaylock -fF";
}
{
timeout = 600;
command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'";
resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'";
}
];
};
swayosd.enable = true;
};
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
}

1
modules/wm/virtualisation/default.nix
View File

@@ -10,7 +10,6 @@
# └─ ./virtualisation
# └─ default.nix *
#
[
./docker.nix
./qemu.nix

26
modules/wm/virtualisation/docker.nix
View File

@@ -1,19 +1,21 @@
#
# Docker
#
{ config, pkgs, user, ... }:
{
config,
pkgs,
user,
...
}: {
virtualisation = {
podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
};
users.groups.docker.members = [ "${user}" ];
users.groups.docker.members = ["${user}"];
#environment = {
# interactiveShellInit = ''
@@ -21,11 +23,10 @@
# ''; # Alias to easily start container
#};
# environment.systemPackages = with pkgs; [
# docker-compose
# ];
# environment.systemPackages = with pkgs; [
# docker-compose
# ];
}
# USAGE:
# list images (that can be run as container): docker images
# list containers (that are active): docker container ls
@@ -49,4 +50,5 @@
# -v </your/local/assets/>:/www/assets \
# --restart=always \
# b4bz/homer:latest
#
#

14
modules/wm/virtualisation/kvm-amd.nix
View File

@@ -1,12 +1,14 @@
#
# KVM module options amd
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
{
config,
pkgs,
user,
...
}: {
# Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
''; # Needed to run OSX-KVM
''; # Needed to run OSX-KVM
}

15
modules/wm/virtualisation/kvm-intel.nix
View File

@@ -1,13 +1,16 @@
#
# KVM module options intel
# KVM module options intel
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
{
config,
pkgs,
user,
...
}: {
# Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
''; # Needed to run OSX-KVM
''; # Needed to run OSX-KVM
}

24
modules/wm/virtualisation/qemu.nix
View File

@@ -1,22 +1,25 @@
#
# Qemu/KVM with virt-manager
# Qemu/KVM with virt-manager
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
users.groups.libvirtd.members = [ "root" "${user}" ];
{
config,
pkgs,
user,
...
}: {
# Add libvirtd and kvm to userGroups
users.groups.libvirtd.members = ["root" "${user}"];
virtualisation = {
libvirtd = {
enable = true; # Virtual drivers
enable = true; # Virtual drivers
onShutdown = "shutdown";
#qemuPackage = pkgs.qemu_kvm; # Default
qemu = {
runAsRoot = false;
};
};
spiceUSBRedirection.enable = true; # USB passthrough
spiceUSBRedirection.enable = true; # USB passthrough
};
programs.dconf.enable = true;
@@ -27,12 +30,13 @@
qemu
OVMF
OVMF-cloud-hypervisor
gvfs # Used for shared folders between linux and windows
gvfs # Used for shared folders between linux and windows
cloud-hypervisor
];
};
services = { # Enable file sharing between OS
services = {
# Enable file sharing between OS
gvfs.enable = true;
};
}

278
modules/wm/waybar.nix
View File

@@ -1,15 +1,19 @@
#
# Bar
#
{ config, lib, user, pkgs, ...}:
{
config,
lib,
user,
pkgs,
...
}: {
environment.systemPackages = with pkgs; [
waybar
];
home-manager.users.${user} = { # Home-manager waybar config
home-manager.users.${user} = {
# Home-manager waybar config
programs.waybar = {
enable = true;
#systemd = {
@@ -25,25 +29,25 @@
font-size: 11px;
min-height: 0;
}
window#waybar {
background: rgba(43, 48, 59, 0.3);
border-bottom: 3px solid transparent;
color: white;
}
#workspaces button {
padding: 0 5px;
margin: 0 3px;
color: white;
border-bottom: 3px solid transparent;
}
#workspaces button.focused {
background: rgba(100, 114, 125, 0.2);
border-bottom: 2px solid gray;
}
#mode {
background: transparent;
border-bottom: 2px solid gray;
@@ -53,26 +57,26 @@
padding: 0 6px;
margin: 0 5px;
}
#custom-vkeyboard, #custom-appkill, #custom-rotate {
padding: 0px 50px;
margin: 0px 0px;
font-size: 20px;
}
#clock {
background-color: transparent;
color: white;
}
#battery {
color: white;
}
#battery.charging {
color: white;
}
@keyframes blink {
to {
background-color: rgba(1, 1, 1, 0);
@@ -87,29 +91,29 @@
animation-iteration-count: infinite;
animation-direction: alternate;
}
#cpu {
background: transparent;
border-bottom: 2px solid yellow;
color: white;
}
#memory {
background: transparent;
border-bottom: 2px solid green;
color: white;
}
#network {
background: transparent;
color: white
}
#network.disconnected {
background: transparent;
color: crimson;
}
#pulseaudio {
background: transparent;
color: white;
@@ -118,19 +122,19 @@
#pulseaudio.muted {
border-bottom: 2px solid red;
}
#tray {
background-color: transparent;
}
#custom-sl.good {
border-bottom: 3px solid green;
}
#custom-sl.other {
border-bottom: 3px solid #F4AF39;
}
#custom-appkill {
color: red;
background-color: black;
@@ -140,146 +144,148 @@
background-color: black;
}
'';
settings = [{
layer = "bottom";
position = "top";
height = 22;
tray = { spacing = 10; };
modules-center = [ "custom/rotate" "clock" "custom/appkill" ];
modules-left = [ "sway/mode" "sway/workspaces" "sway/window" ];
#modules-left = [ "wlr/workspaces" ];
modules-right = [ "idle_inhibitor" "pulseaudio" "network" "cpu" "memory" "backlight" "temperature" "battery" "tray" ];
#modules-right = [ "cpu" "memory" "pulseaudio" "clock" "tray" ];
settings = [
{
layer = "bottom";
position = "top";
height = 22;
tray = {spacing = 10;};
modules-center = ["custom/rotate" "clock" "custom/appkill"];
modules-left = ["sway/mode" "sway/workspaces" "sway/window"];
#modules-left = [ "wlr/workspaces" ];
modules-right = ["idle_inhibitor" "pulseaudio" "network" "cpu" "memory" "backlight" "temperature" "battery" "tray"];
#modules-right = [ "cpu" "memory" "pulseaudio" "clock" "tray" ];
"sway/workspaces" = {
format = "<span font='14'>{icon}</span>";
format-icons = {
"1"="";
"2"="";
"3"="";
"4"="";
"5"="";
"sway/workspaces" = {
format = "<span font='14'>{icon}</span>";
format-icons = {
"1" = "";
"2" = "";
"3" = "";
"4" = "";
"5" = "";
};
all-outputs = false;
persistent_workspaces = {
"1" = [];
"2" = [];
"3" = [];
"4" = [];
"5" = [];
};
};
all-outputs = false;
persistent_workspaces = {
"1" = [];
"2" = [];
"3" = [];
"4" = [];
"5" = [];
};
};
"wlr/workspaces" = {
format = "{icon}";
format-icons = {
"1"="";
"2"="";
"3"="";
"4"="";
"5"="";
};
all-outputs = true;
active-only = false;
on-click = "activate";
};
clock = {
format = "{:%b %d %H:%M}";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
format-alt = "{:%A, %B %d, %Y}";
};
idle_inhibitor = {
"wlr/workspaces" = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
"1" = "";
"2" = "";
"3" = "";
"4" = "";
"5" = "";
};
};
cpu = {
format = "{usage}% ";
tooltip = false;
interval = 2;
};
disk = {
format = "{percentage_used}% ";
path = "/";
interval = 30;
};
memory = {
format = "{}% ";
interval = 5;
};
temperature = {
all-outputs = true;
active-only = false;
on-click = "activate";
};
clock = {
format = "{:%b %d %H:%M}";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
format-alt = "{:%A, %B %d, %Y}";
};
idle_inhibitor = {
format = "{icon}";
format-icons = {
activated = "";
deactivated = "";
};
};
cpu = {
format = "{usage}% ";
tooltip = false;
interval = 2;
};
disk = {
format = "{percentage_used}% ";
path = "/";
interval = 30;
};
memory = {
format = "{}% ";
interval = 5;
};
temperature = {
states = {
"good" = 50;
"warning" = 70;
"critical" = 80;
"good" = 50;
"warning" = 70;
"critical" = 80;
};
"thermal-zone" = 2;
"hwmon-path" = "/sys/class/hwmon/hwmon3/temp1_input";
"format" = "{temperatureC}°C {icon}";
"format-icons" = ["" "" "" "" ""];
};
backlight = {
};
backlight = {
"format" = "{percent}% {icon}";
"format-icons" = ["" ""];
"on-scroll-up" = "light -A +5%";
"on-scroll-down" = "light -U -5%";
};
battery = {
interval = 60;
states = {
good = 95;
warning = 20;
critical = 5;
};
format = "{capacity}% {icon}";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-alt = "{time} {icon}";
format-icons = ["" "" "" "" ""];
};
network = {
format-wifi = " {ipaddr}";
format-ethernet = "{ifname}: {ipaddr}/{cidr} ";
format-linked = "{ifname} (No IP) ";
format-disconnected = "Not connected ";
format-alt = "{ifname}: {ipaddr}/{cidr}";
tooltip-format = "{essid} {signalStrength}%";
on-click-right = "${pkgs.alacritty}/bin/alacritty -e nmtui";
};
pulseaudio = {
scroll-step = 1;
format = "{volume}% {icon} {format_source}";
format-bluetooth = "{volume}% {icon} {format_source}";
format-bluetooth-muted = "{volume}% {icon} {format_source}";
format-muted = " {format_source}";
format-source = "{volume}% ";
#format-source = "<span font='14'></span>";
format-source-muted = "";
format-icons = {
default = [ "" "" "" ];
headphones = "";
handsfree = "";
headset = "";
battery = {
interval = 60;
states = {
good = 95;
warning = 20;
critical = 5;
};
format = "{capacity}% {icon}";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-alt = "{time} {icon}";
format-icons = ["" "" "" "" ""];
};
tooltip-format = "{desc}, {volume}%";
on-click-right = "${pkgs.pamixer}/bin/pamixer --default-source -t";
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
};
"custom/appkill" = {
network = {
format-wifi = " {ipaddr}";
format-ethernet = "{ifname}: {ipaddr}/{cidr} ";
format-linked = "{ifname} (No IP) ";
format-disconnected = "Not connected ";
format-alt = "{ifname}: {ipaddr}/{cidr}";
tooltip-format = "{essid} {signalStrength}%";
on-click-right = "${pkgs.alacritty}/bin/alacritty -e nmtui";
};
pulseaudio = {
scroll-step = 1;
format = "{volume}% {icon} {format_source}";
format-bluetooth = "{volume}% {icon} {format_source}";
format-bluetooth-muted = "{volume}% {icon} {format_source}";
format-muted = " {format_source}";
format-source = "{volume}% ";
#format-source = "<span font='14'></span>";
format-source-muted = "";
format-icons = {
default = ["" "" ""];
headphones = "";
handsfree = "";
headset = "";
};
tooltip-format = "{desc}, {volume}%";
on-click-right = "${pkgs.pamixer}/bin/pamixer --default-source -t";
on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
};
"custom/appkill" = {
format = " ";
icon-size = 20;
#on-click = "${pkgs.hyprland}/bin/hyprctl dispatch killactive .";
on-click = "${pkgs.sway}/bin/swaymsg kill";
tooltip = false;
};
"custom/rotate" = {
};
"custom/rotate" = {
format = " ";
icon-size = 20;
on-click = "${pkgs.sway}/bin/swaymsg output eDP-1 transform 180 clockwise";
tooltip = false;
};
}];
};
}
];
};
};
}