Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:557aa480ee2f515e4423c59a80561144df91ff07
Branches Tags
Kabbone:main Kabbone:refactor
...
compare: Kabbone:refactor
Branches Tags
Kabbone:main Kabbone:refactor

85 Commits
557aa480ee ... refactor

Author SHA1 Message Date
Kabbone
0249d17ac1 restructure desktop/wm and remove nur 2024-05-19 17:57:35 +02:00
Kabbone
a3f253bd53 flake update 2024-05-09 21:28:57 +02:00
Kabbone
034bc1e4e0 flake add hydraJobs 2024-05-05 20:12:39 +02:00
Kabbone
bd07e688fc flake add hydraJobs 2024-05-05 20:09:55 +02:00
Kabbone
32133438d9 flake add hydraJobs 2024-05-05 20:09:02 +02:00
Kabbone
d95cca9908 flake add hydraJobs 2024-05-05 20:05:19 +02:00
Kabbone
6f278377d7 flake add hydraJobs 2024-05-05 20:04:01 +02:00
Kabbone
731e4e33c5 flake add hydraJobs 2024-05-05 20:02:15 +02:00
Kabbone
bca0dddb1f flake add hydraJobs 2024-05-05 20:01:08 +02:00
Kabbone
b88a5b9a2a flake add hydraJobs 2024-05-05 19:58:51 +02:00
Kabbone
f864f543b8 hosts: dmz: enable hydra 2024-05-05 19:39:35 +02:00
Kabbone
941276e83f flake update lanzaboote to master 2024-05-03 14:51:11 +02:00
Kabbone
f54df874d4 flake update, lanzaboote to master 2024-05-02 15:29:56 +02:00
Kabbone
a83c214180 flake update 2024-05-02 14:18:50 +02:00
Kabbone
8e7629da2e font: try cascadia code 2024-05-02 14:16:25 +02:00
Kabbone
941e8a5dca remoteClient enable Client again 2024-05-02 11:38:40 +02:00
Kabbone
522966f808 virtualisation: typo kvm module import 2024-05-02 10:13:43 +02:00
Kabbone
62acac7285 virtualisation: restructure kvm module options and enable libvirt by default 2024-05-02 09:56:41 +02:00
Kabbone
08aa2cd458 hosts: nasbak: add bypass workqueue 2024-05-02 09:46:49 +02:00
Kabbone
d65b9b558d hosts: nasbak: change name to match hostname 2024-05-01 16:16:33 +02:00
Kabbone
64545e3086 flake update 2024-04-30 22:01:00 +02:00
Kabbone
02267d4825 hosts: server: change to kabtop 2024-04-21 15:06:42 +02:00
Kabbone
0a0ba2b5a1 flake update 2024-04-20 19:09:16 +02:00
Kabbone
1f7f453fc3 nvim: initial config 2024-04-20 19:09:03 +02:00
Kabbone
a667691f49 hosts: steamdeck: disable luks workqueue 2024-04-20 14:17:30 +02:00
Kabbone
d296306cb6 hosts: steamdeck: remove wireplumber overwrite 2024-04-20 13:08:38 +02:00
Kabbone
b1574ab9e1 flake update 2024-04-20 13:08:03 +02:00
Kabbone
55b518345b remoteClient change to extra-* 2024-04-20 13:06:33 +02:00
Kabbone
b4892083e8 flake update 2024-04-19 20:49:30 +02:00
Kabbone
8d4d1e4be8 service: ollama + open-webui 2024-04-14 21:04:25 +02:00
Kabbone
653476ec32 service: fail2ban gitea match 2024-04-14 21:03:59 +02:00
Kabbone
949691b4c2 secrets: rekey 2024-04-13 13:58:47 +02:00
Kabbone
ed60b8cc2b hosts: dmz: remove testpassword 2024-04-13 12:01:09 +02:00
Kabbone
9ee26c983e hosts: server: fix gitea runner 2024-04-13 12:00:44 +02:00
Kabbone
21ecad4db0 hosts: dmz: get gitea runner working 2024-04-13 11:45:52 +02:00
Kabbone
a77d2243bf flake update 2024-04-13 09:19:33 +02:00
Kabbone
51b596ea83 service: gitea register 2024-04-07 13:47:49 +02:00
Kabbone
909e2bb494 service: gitea register 2024-04-07 09:32:27 +02:00
Kabbone
ff56f1d4ab service: gitea register 2024-04-07 09:29:48 +02:00
Kabbone
a86dbd6253 service: gitea register 2024-04-06 19:33:10 +02:00
Kabbone
c285b75264 service: gitea register 2024-04-06 18:19:59 +02:00
Kabbone
893d31d52c server: add ollama 2024-04-06 08:39:22 +02:00
Kabbone
7bdc00290e server2: enable virt 2024-04-02 12:01:34 +02:00
Kabbone
b70620ae99 secrets: rekey 2024-04-02 12:01:02 +02:00
Kabbone
62ac639d08 hosts: server: fix initial mistakes and add pub 2024-04-02 11:49:46 +02:00
Kabbone
9de2d29400 hosts: add server_big prototype 2024-04-01 15:45:28 +02:00
Kabbone
a0d72f98b9 hosts: server: add direnv 2024-04-01 14:03:45 +02:00
Kabbone
fa778a6040 hosts: remove channel autoupdate 2024-04-01 13:42:23 +02:00
Kabbone
3b886aa6ad hosts: typo autoupdate 2024-04-01 11:59:22 +02:00
Kabbone
2277c363dd flake update 2024-04-01 11:51:36 +02:00
Kabbone
d31042fef5 steamdeck: override wireplumber to nixpkgs to fix bt headset 2024-04-01 11:51:23 +02:00
Kabbone
edb0ca235e hosts: steamdeck: disable autoupgrade for now and wifi powersave 2024-03-28 22:24:16 +01:00
Kabbone
db3a1d9ee9 hosts: add autoupdate with git flake 2024-03-24 21:28:00 +01:00
Kabbone
f3388b4dbf remoteClient disable distributed builds and remove substituter 2024-03-24 17:17:05 +01:00
Kabbone
5b63ced9e5 steamdeck: remove yuzu, disable remoteClient 2024-03-24 09:51:10 +01:00
Kabbone
2a17f98a00 server: gitea: disable dump 2024-03-24 09:49:51 +01:00
Kabbone
77bba122a5 flake update 2024-03-23 10:55:42 +01:00
Kabbone
e1168e2a77 flake update 2024-03-15 18:24:02 +01:00
Kabbone
df5fecb899 remoteClient uses user@fqdn 2024-03-09 12:08:44 +01:00
Kabbone
a574bcf8fe flake update 2024-03-09 12:08:06 +01:00
Kabbone
f7ef0aff13 steamdeck: add yuzu 2024-03-06 22:52:28 +01:00
Kabbone
b1e9a4fb94 flake update 2024-03-06 18:59:24 +01:00
Kabbone
32e7e7eb02 nix flake stick to default input 2024-03-03 17:01:07 +01:00
Kabbone
438717fdf2 remote Builder with default as backup 2024-03-03 15:17:58 +01:00
Kabbone
e6b35bfc2a flake update 2024-03-02 21:10:11 +01:00
Kabbone
aaff72d9f0 nasbak: correct btrbk target 2024-02-29 12:54:30 +01:00
Kabbone
8c6d79ca6f nasbak: change to 2.5 raid1 2024-02-25 20:36:58 +01:00
Kabbone
d3101d88c9 steamdeck: use valve kernel 2024-02-25 08:12:49 +01:00
Kabbone
80178917bb desktop/steamdeck: enable secureboot 2024-02-25 08:09:17 +01:00
Kabbone
e51e3095a1 add btop globaly 2024-02-25 08:08:48 +01:00
Kabbone
37547460ff flake update 2024-02-24 12:42:18 +01:00
Kabbone
10f2f33cae server: local user for onlyoffice 2024-02-18 13:53:25 +01:00
Kabbone
7b0cfb5dfa add token for onlyoffice 2024-02-18 13:50:50 +01:00
Kabbone
98320fd0bd increase postgresql buffers 2024-02-18 11:26:33 +01:00
Kabbone
e6d6049c08 clean up db's 2024-02-18 10:18:03 +01:00
Kabbone
b4e573b9f2 update postresq to 15 2024-02-18 09:34:50 +01:00
Kabbone
dab2e8b0ac flake update 2024-02-12 19:49:16 +01:00
Kabbone
ef91ffd016 server: typo 2024-02-12 12:40:32 +01:00
Kabbone
10c0d47c79 server: forgot ; 2024-02-12 12:37:31 +01:00
Kabbone
b37e0cdda5 server: tweak postgresql to more caching 2024-02-12 12:34:15 +01:00
Kabbone
f750968224 server: disable jitsi, add acme to nextcloud, add office 2024-02-12 12:25:27 +01:00
Kabbone
88c2a62223 desktop: add docker alias and hotkey for sway next workspace 2024-02-11 19:47:19 +01:00
Kabbone
9ed74e74d2 flake update 2024-02-06 21:13:22 +01:00
Kabbone
ab8ad96c3e flake update 2024-02-01 22:36:50 +01:00
Kabbone
04ae6d8317 hosts: server: make runner persistent 2024-01-21 14:24:41 +01:00
85 changed files with 1471 additions and 366 deletions
Expand all files Collapse all files

47
disko/nas_luks.nix Normal file
View File

@@ -0,0 +1,47 @@
{
disko.devices = {
disk = {
sda = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "NAS-RAID";
askPassword = true;
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f -L NAS-RAID" ];
subvolumes = {
"@" = {
mountpoint = "/mnt/Pluto";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@/Backups";
"@/Media";
"@/Games";
"@/IT";
"@/Rest";
"@snapshots" = {
mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
};
};
};
};
};
};
};
};
};
}

537
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1703433843, "lastModified": 1715290355,
"narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "417caa847f9383e111d1397039c9d4337d024bf0", "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,6 +23,27 @@
"type": "github" "type": "github"
} }
}, },
"crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711299236,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"owner": "ipetkov",
"repo": "crane",
"rev": "880573f80d09e18a11713f402b9e6172a085449f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -45,10 +66,171 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
@@ -63,6 +245,50 @@
"type": "github" "type": "github"
} }
}, },
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -91,11 +317,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1705104164, "lastModified": 1715930644,
"narHash": "sha256-pllCu3Hcm1wP/B0SUxgUXvHeEd4w8s2aVrEQRdIL1yo=", "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0912d26b30332ae6a90e1b321ff88e80492127dd", "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -111,11 +337,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704980875, "lastModified": 1715381426,
"narHash": "sha256-IPZmMjk5f4TBbEpzUFBc3OC1W6OwDNEXk2w/0uVXX1o=", "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "5f0ab0eedc6ede69beb8f45561ffefa54edc6e65", "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -125,13 +351,34 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1703656108, "lastModified": 1708968331,
"narHash": "sha256-hCSUqdFJKHHbER8Cenf5JRzjMlBjIdwdftGQsO0xoJs=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "033643a45a4a920660ef91caa391fbffb14da466", "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -148,11 +395,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1704665257, "lastModified": 1716107076,
"narHash": "sha256-Cycz00I26e8QZ9sZtCz0uIz6Cad5ld3zM7N2I+5beqI=", "narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "8951673c6c216ddd6bac3db3e88e3f2281b3511a", "rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -161,20 +408,47 @@
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1713369831,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "lanzaboote",
"type": "github"
}
},
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1705057870, "lastModified": 1715787097,
"narHash": "sha256-o5Mc/awjkFOVDUm/dx8Es0NcWG5v/kw4Zt3B/ZO+KpE=", "narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "8a8b8c68d15029752b0669a57281e7d2aaf23dd5", "rev": "fa673bf8656fe6f28253b83971a36999bc9995d2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -183,6 +457,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715901937,
"narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -207,11 +502,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1704786394, "lastModified": 1716034089,
"narHash": "sha256-aJM0ln9fMGWw1+tjyl5JZWZ3ahxAA2gw2ZpZY/hkEMs=", "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "b34a6075e9e298c4124e35c3ccaf2210c1f3a43b", "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -223,11 +518,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1704874635, "lastModified": 1716061101,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356", "rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -239,11 +550,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1704722960, "lastModified": 1715961556,
"narHash": "sha256-mKGJ3sPsT6//s+Knglai5YflJUF2DGj7Ai6Ynopz0kI=", "narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "317484b1ead87b9c1b8ac5261a8d2dd748a0492d", "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -253,18 +564,89 @@
"type": "github" "type": "github"
} }
}, },
"nur": { "nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1705142735, "lastModified": 1716125991,
"narHash": "sha256-RA4nC6WFaMj62bdJHLW9idSD18g78dNS94Jy0R2DpU4=", "narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "nixvim",
"rev": "eb257a2f64d88dd14eaaf112822160496f6a916f", "rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "nixvim",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715870890,
"narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github" "type": "github"
} }
}, },
@@ -275,21 +657,47 @@
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence", "impermanence": "impermanence",
"jovian-nixos": "jovian-nixos", "jovian-nixos": "jovian-nixos",
"lanzaboote": "lanzaboote",
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur" "nixvim": "nixvim"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711246447,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
} }
}, },
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1703273931, "lastModified": 1708358594,
"narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=", "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691", "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 597, "revCount": 614,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@@ -327,6 +735,57 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

24
flake.nix
View File

@@ -9,11 +9,6 @@
{ {
description = "Kabbone's peronal NixOS Flake config"; description = "Kabbone's peronal NixOS Flake config";
# nixConfig = {
# extra-substituters = [ "https://app.cachix.org/cache/0uptime" ];
# extra-trusted-public-keys = [ "0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE=" ];
# };
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = # All flake references used to build my NixOS setup. These are dependencies.
{ {
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
@@ -37,10 +32,6 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
nur = {
url = "github:nix-community/NUR"; # NUR Packages
};
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -50,9 +41,19 @@
url = "github:Jovian-Experiments/Jovian-NixOS"; url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
lanzaboote = {
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, agenix, jovian-nixos, microvm, impermanence, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
let # Variables that can be used in the config files let # Variables that can be used in the config files
user = "kabbone"; user = "kabbone";
userdmz = "diablo"; userdmz = "diablo";
@@ -63,10 +64,11 @@
nixosConfigurations = ( # NixOS configurations nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable nur user userdmz userserver location agenix jovian-nixos microvm impermanence; # Also inherit home-manager so it does not need to be defined here. inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ]; nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
} }
); );
}; };
} }

26
hosts/configuration_desktop.nix
View File

@@ -69,12 +69,11 @@
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
jetbrains-mono
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
intel-one-mono intel-one-mono
office-code-pro cascadia-code
(nerdfonts.override { # Nerdfont Icons override (nerdfonts.override { # Nerdfont Icons override
fonts = [ fonts = [
"FiraCode" "FiraCode"
@@ -115,6 +114,8 @@
tree tree
direnv direnv
linuxPackages_latest.cpupower linuxPackages_latest.cpupower
btop
sbctl
]; ];
}; };
@@ -176,25 +177,24 @@
options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
}; };
package = pkgs.nixVersions.stable; # Enable nixFlakes on system package = pkgs.nixVersions.stable; # Enable nixFlakes on system
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
system = { # NixOS settings system = { # NixOS settings
# autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
# enable = true; enable = true;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
#channel = "https://nixos.org/channels/nixos-unstable"; #channel = "https://nixos.org/channels/nixos-unstable";
# }; };
stateVersion = "23.05"; stateVersion = "23.05";
}; };
} }

27
hosts/configuration_server.nix
View File

@@ -58,7 +58,7 @@
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
jetbrains-mono cascadia-code
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
@@ -94,6 +94,9 @@
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
btop
htop
direnv
]; ];
}; };
@@ -122,7 +125,6 @@
options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
}; };
package = pkgs.nixVersions.stable; # Enable nixFlakes on system package = pkgs.nixVersions.stable; # Enable nixFlakes on system
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
keep-outputs = true keep-outputs = true
@@ -130,17 +132,18 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
system = { # NixOS settings system = { # NixOS settings
# autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
# enable = true; enable = true;
# channel = "https://nixos.org/channels/nixos-unstable"; flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
# }; randomizedDelaySec = "5m";
stateVersion = "22.05"; allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
};
stateVersion = "23.05";
}; };
} }

79
hosts/default.nix
View File

@@ -11,7 +11,7 @@
# └─ ./home.nix # └─ ./home.nix
# #
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, nur, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, ... }: { lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
let let
system = "x86_64-linux"; # System architecture system = "x86_64-linux"; # System architecture
@@ -28,11 +28,12 @@ in
{ {
desktop = lib.nixosSystem { # Desktop profile desktop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix microvm nixpkgs; }; specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
microvm.nixosModules.host microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop ./desktop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteBuilder.nix ../modules/hardware/remoteBuilder.nix
@@ -42,9 +43,6 @@ in
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -57,21 +55,17 @@ in
laptop = lib.nixosSystem { # Laptop profile laptop = lib.nixosSystem { # Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
./laptop ./laptop
./configuration_desktop.nix ./configuration_desktop.nix
#../modules/hardware/remoteClient.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -84,22 +78,19 @@ in
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix jovian-nixos; }; specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
jovian-nixos.nixosModules.default jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./steamdeck ./steamdeck
./configuration_desktop.nix ./configuration_desktop.nix
#../modules/hardware/remoteClient.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager { home-manager-unstable.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -112,20 +103,16 @@ in
server = lib.nixosSystem { # Desktop profile server = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
nur.nixosModules.nur
./server ./server
./configuration_server.nix ./configuration_server.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -136,22 +123,40 @@ in
]; ];
}; };
nasbackup = lib.nixosSystem { # Desktop profile kabtop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtop
./configuration_server.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
};
}
];
};
nasbak = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
./nasbackup ./nasbackup
./configuration_desktop.nix ./configuration_desktop.nix
#../modules/hardware/remoteClient.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -164,20 +169,16 @@ in
jupiter = lib.nixosSystem { # Desktop profile jupiter = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
./jupiter ./jupiter
./configuration_desktop.nix ./configuration_desktop.nix
#../modules/hardware/remoteClient.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -190,19 +191,15 @@ in
dmz = lib.nixosSystem { # Desktop profile dmz = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware nur agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
microvm.nixosModules.host microvm.nixosModules.host
./dmz ./dmz
./configuration_server.nix ./configuration_server.nix
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };

15
hosts/desktop/default.nix
View File

@@ -17,27 +17,32 @@
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, ... }: { config, nixpkgs, pkgs, user, lib, nixvim, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/desktop/hyprland/default.nix)] ++ # Window Manager [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/sway/default.nix)] ++ # Window Manager (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
(import ../../modules/desktop/virtualisation) ++ # Docker [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = lib.mkForce false;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
}; };
timeout = 1; # Grub auto select time timeout = 1; # Grub auto select time
}; };
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}; };
# hardware.sane = { # Used for scanning with Xsane # hardware.sane = { # Used for scanning with Xsane

5
hosts/desktop/home.nix
View File

@@ -16,8 +16,8 @@
{ {
imports = imports =
[ [
#../../modules/desktop/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/desktop/sway/home.nix # Window Manager ../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
@@ -36,6 +36,7 @@
#yubioath-flutter #yubioath-flutter
nitrokey-app nitrokey-app
kicad kicad
yuzu-mainline
# Display # Display
#light # xorg.xbacklight not supported. Other option is just use xrandr. #light # xorg.xbacklight not supported. Other option is just use xrandr.

3
hosts/dmz/default.nix
View File

@@ -22,7 +22,8 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/dmz) ++ # Server Services (import ../../modules/services/dmz) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices

29
hosts/home.nix
View File

@@ -31,7 +31,6 @@
packages = with pkgs; [ packages = with pkgs; [
# Terminal # Terminal
btop # Resource Manager
pfetch # Minimal fetch pfetch # Minimal fetch
ranger # File Manager ranger # File Manager
gnupg # sign and authorize 2nd Fac gnupg # sign and authorize 2nd Fac
@@ -113,20 +112,20 @@
}; };
gtk = { # Theming # gtk = { # Theming
enable = true; # enable = true;
theme = { # theme = {
name = "Dracula"; # name = "Dracula";
package = pkgs.dracula-theme; # package = pkgs.dracula-theme;
}; # };
iconTheme = { # iconTheme = {
name = "Papirus-Dark"; # name = "Papirus-Dark";
package = pkgs.papirus-icon-theme; # package = pkgs.papirus-icon-theme;
}; # };
font = { # font = {
name = "FiraCode Nerd Font"; # or FiraCode Nerd Font Mono Medium # name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium
}; # Cursor is declared under home.pointerCursor # }; # Cursor is declared under home.pointerCursor
}; # };
systemd.user.services.mpris-proxy = { systemd.user.services.mpris-proxy = {
Unit.Description = "Mpris proxy"; Unit.Description = "Mpris proxy";
Unit.After = [ "network.target" "sound.target" ]; Unit.After = [ "network.target" "sound.target" ];

1
hosts/home_server.nix
View File

@@ -31,7 +31,6 @@
packages = with pkgs; [ packages = with pkgs; [
# Terminal # Terminal
btop # Resource Manager
pfetch # Minimal fetch pfetch # Minimal fetch
ranger # File Manager ranger # File Manager
gnupg # sign and authorize 2nd Fac gnupg # sign and authorize 2nd Fac

2
hosts/jupiter/default.nix
View File

@@ -22,7 +22,7 @@
{ {
imports = # For now, if applying to other ssystem, swap files imports = # For now, if applying to other ssystem, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#(import ../../modules/desktop/virtualisation) ++ # Docker #(import ../../modules/wm/virtualisation) ++ # Docker
(import ../../modules/services/nas) ++ # Server Services (import ../../modules/services/nas) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices

112
hosts/kabtop/default.nix Normal file
View File

@@ -0,0 +1,112 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/sda";
};
timeout = 1; # Grub auto select time
};
};
environment = {
etc = {
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
};
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
}

144
hosts/kabtop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,144 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
#swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtop";
domain = "kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens18 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "37.44.215.182";
prefixLength = 24;
} ];
ipv6.addresses = [ {
address = "2a13:7e80:0:ef::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "37.44.215.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtop/home.nix Normal file
View File

@@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

7
hosts/laptop/default.nix
View File

@@ -22,9 +22,10 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/desktop/hyprland/default.nix)] ++ # Window Manager #[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/sway/default.nix)] ++ # Window Manager [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options

4
hosts/laptop/home.nix
View File

@@ -16,8 +16,8 @@
{ {
imports = imports =
[ [
#../../modules/desktop/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/desktop/sway/home.nix # Window Manager ../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];

2
hosts/nas/default.nix
View File

@@ -22,7 +22,7 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
(import ../../modules/desktop/virtualisation) ++ # Docker (import ../../modules/wm/virtualisation) ++ # Docker
(import ../../modules/services/nas) ++ # Server Services (import ../../modules/services/nas) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices

2
hosts/nasbackup/default.nix
View File

@@ -22,7 +22,7 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
(import ../../modules/desktop/virtualisation) ++ # Docker #[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
(import ../../modules/services/nasbackup) ++ # Server Services (import ../../modules/services/nasbackup) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices

36
hosts/nasbackup/hardware-configuration.nix
View File

@@ -19,20 +19,22 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
# boot.initrd.secrets = { boot.initrd.secrets = {
# "/root/NASKeyfile" = "/root/NASKeyfile" =
# /root/NASKeyfile; /root/NASKeyfile;
# }; };
# boot.initrd.luks.devices = { boot.initrd.luks.devices = {
# NAS-RAID1 = { NAS-RAID1 = {
# device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088"; device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
# keyFile = "/root/NASKeyfile"; keyFile = "/root/NASKeyfile";
# }; bypassWorkqueues = true;
# NAS-RAID2 = { };
# device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2"; NAS-RAID2 = {
# keyFile = "/root/NASKeyfile"; device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
# }; keyFile = "/root/NASKeyfile";
# }; bypassWorkqueues = true;
};
};
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
@@ -91,7 +93,7 @@
volume = { volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = { "ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/nas/Mars"; target = "/mnt/nas/Backups/Mars";
subvolume = { subvolume = {
"@nas" = {}; "@nas" = {};
}; };
@@ -99,7 +101,7 @@
}; };
volume = { volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = { "ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/nas/Pluto"; target = "/mnt/nas/Backups/Pluto";
subvolume = { subvolume = {
"@/Games" = {}; "@/Games" = {};
"@/IT" = {}; "@/IT" = {};
@@ -184,7 +186,7 @@
# }; # };
# #
fileSystems."/mnt/nas" = fileSystems."/mnt/nas" =
{ device = "/dev/disk/by-uuid/6f53d32d-b56f-42ec-bfad-c0b8d1114015"; { device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ]; options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ];
}; };

2
hosts/server/default.nix
View File

@@ -22,7 +22,7 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
(import ../../modules/services/server) ++ # Server Services (import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices

21
hosts/steamdeck/default.nix
View File

@@ -17,27 +17,31 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, jovian-nixos, ... }: { config, pkgs, user, jovian-nixos, lib, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/desktop/steam/default.nix)] ++ # Window Manager [(import ../../modules/wm/steam/default.nix)] ++ # jovian steam
[(import ../../modules/desktop/kde/default.nix)] ++ # Window Manager [(import ../../modules/wm/kde/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = lib.mkForce false;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
}; };
timeout = 1; # Grub auto select time timeout = 1; # Grub auto select time
}; };
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}; };
# hardware.sane = { # Used for scanning with Xsane # hardware.sane = { # Used for scanning with Xsane
@@ -62,7 +66,7 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; #pinentryFlavor = "curses";
}; };
}; };
@@ -84,4 +88,5 @@
tailscale.enable = true; tailscale.enable = true;
}; };
security.pam.sshAgentAuth.enable = true;
} }

3
hosts/steamdeck/hardware-configuration.nix
View File

@@ -26,6 +26,7 @@
devices."crypted" = { devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks"; device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true; allowDiscards = true;
bypassWorkqueues = true;
}; };
}; };
}; };
@@ -154,7 +155,7 @@
enable = true; enable = true;
wifi = { wifi = {
backend = "iwd"; backend = "iwd";
powersave = true; powersave = false;
}; };
}; };
# interfaces = { # interfaces = {

5
hosts/steamdeck/home.nix
View File

@@ -16,8 +16,8 @@
{ {
imports = imports =
[ [
../../modules/desktop/steam/home.nix # Window Manager ../../modules/wm/steam/home.nix # Window Manager
../../modules/desktop/kde/home.nix # Window Manager ../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
@@ -32,6 +32,7 @@
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop element-desktop
pulsemixer pulsemixer
#yuzu-early-access
# Display # Display
light # xorg.xbacklight not supported. Other option is just use xrandr. light # xorg.xbacklight not supported. Other option is just use xrandr.

5
modules/editors/nvim/config/bufferline.nix Normal file
View File

@@ -0,0 +1,5 @@
{
plugins.bufferline = {
enable = true;
};
}

16
modules/editors/nvim/config/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ nvim, ... }:
{
# Import all your configuration modules here
programs.nixvim = {
enable = true;
colorschemes.gruvbox.enable = true;
imports = [
./bufferline.nix
./plugins.nix
./options.nix
./keymaps.nix
./highlight.nix
];
};
}

8
modules/editors/nvim/config/highlight.nix Normal file
View File

@@ -0,0 +1,8 @@
{
highlight = {
Comment.fg = "#ff00ff";
Comment.bg = "#000000";
Comment.underline = true;
Comment.bold = true;
};
}

8
modules/editors/nvim/config/keymaps.nix Normal file
View File

@@ -0,0 +1,8 @@
{
keymaps = [
{
action = "<cmd>Telescope live_grep<CR>";
key = "<leader>g";
}
];
}

14
modules/editors/nvim/config/options.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config = {
globals.mapleader = " ";
viAlias = true;
vimAlias = true;
opts = {
number = true; # Show line numbers
relativenumber = true; # Show relative line numbers
shiftwidth = 2; # Tab width should be 2
};
};
}

51
modules/editors/nvim/config/plugins.nix Normal file
View File

@@ -0,0 +1,51 @@
{
plugins = {
lualine.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{name = "nvim_lsp";}
{name = "path";}
{name = "buffer";}
{name = "luasnip";}
];
mapping = {
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
};
};
};
lsp = {
enable = true;
servers = {
tsserver.enable = true;
lua-ls = {
enable = true;
settings.telemetry.enable = false;
};
# rust-analyzer = {
# enable = true;
# installCargo = true;
# };
};
};
telescope.enable = true;
treesitter.enable = true;
luasnip.enable = true;
};
}

10
modules/hardware/remoteClient.nix
View File

@@ -3,7 +3,7 @@
{ {
nix = { nix = {
distributedBuilds = true; distributedBuilds = false;
buildMachines = [ { buildMachines = [ {
hostName = "hades"; hostName = "hades";
system = "x86_64-linux"; system = "x86_64-linux";
@@ -11,16 +11,16 @@
sshUser = "nixremote"; sshUser = "nixremote";
sshKey = config.age.secrets."keys/nixremote".path; sshKey = config.age.secrets."keys/nixremote".path;
maxJobs = 1; maxJobs = 1;
speedFactor = 8; speedFactor = 4;
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%"; publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng"; protocol = "ssh-ng";
} ]; } ];
settings = { settings = {
trusted-public-keys = [ extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII=" "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
]; ];
substituters = [ trusted-users = [
"ssh-ng://hades" "kabbone"
]; ];
}; };
}; };

2
modules/home.nix
View File

@@ -24,7 +24,7 @@
theme = { theme = {
theme = mkOption { type = types.str; default = "catppuccin-mocha"; }; theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; }; icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
font = mkOption { type = types.str; default = "FiraCode Nerd Font 11"; }; font = mkOption { type = types.str; default = "Cascadia Code 11"; };
wallpaper = mkOption { type = types.str; default = ""; }; wallpaper = mkOption { type = types.str; default = ""; };
}; };
}; };

5
modules/programs/alacritty.nix
View File

@@ -16,8 +16,9 @@
package = pkgs.alacritty; package = pkgs.alacritty;
settings = { settings = {
font = rec { # Font - Laptop has size manually changed at home.nix font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "Source Code Pro"; #normal.family = "FiraCode Nerd Font";
normal.family = "FiraCode Nerd Font"; normal.family = "Cascadia Code";
#normal.family = "Intel One Mono";
#bold = { style = "Bold"; }; #bold = { style = "Bold"; };
# size = 8; # size = 8;
}; };

2
modules/programs/default.nix
View File

@@ -17,5 +17,5 @@
#./waybar.nix #./waybar.nix
#./games.nix #./games.nix
] ]
# Waybar.nix is pulled from modules/desktop/.. # Waybar.nix is pulled from modules/wm/..
# Games.nix is pulled from desktop/default.nix # Games.nix is pulled from desktop/default.nix

1
modules/services/dmz/default.nix
View File

@@ -12,6 +12,7 @@
[ [
./microvm.nix ./microvm.nix
./hydra.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

30
modules/services/dmz/gitea_runner.nix
View File

@@ -5,6 +5,12 @@
podman ={ podman ={
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "192.168.101.1" ];
#containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
}; };
}; };
@@ -15,17 +21,35 @@
name = "Homerunner"; name = "Homerunner";
tokenFile = config.age.secrets."services/gitea/homerunner-token".path; tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
labels = [ labels = [
"home"
"debian-latest:docker://node:18-bullseye" "debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host" "native:host"
]; ];
hostPackages = with pkgs; [ hostPackages = with pkgs; [
bash bash
curl
gitMinimal
coreutils coreutils
wget curl
gawk
gitMinimal
gnused gnused
nodejs
wget
]; ];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
}; };
}; };

11
modules/services/dmz/hydra.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, config, pkgs, ... }:
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000";
notificationSender = "hydra@localhost";
useSubstitutes = true;
};
}

27
modules/services/dmz/microvm.nix
View File

@@ -1,4 +1,4 @@
{ config, microvm, nixpkgs, user, agenix, impermanence, ... }: { config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let let
name = "gitea-runner"; name = "gitea-runner";
in in
@@ -10,10 +10,7 @@ in
vms = { vms = {
${name} = { ${name} = {
pkgs = import nixpkgs { inherit pkgs;
system = "x86_64-linux";
config.allowUnfree = true;
};
config = { config = {
imports = imports =
@@ -45,7 +42,6 @@ in
users.users.${user} = { # System User users.users.${user} = { # System User
isNormalUser = true; isNormalUser = true;
initialPassword = "runnertest";
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
uid = 2000; uid = 2000;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
@@ -72,19 +68,30 @@ in
}; };
}; };
fileSystems."/persist".neededForBoot = nixpkgs.lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment.persistence."/persist" = { environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [ directories = [
"/var/lib/nixos"
"/var/log" "/var/log"
"/var/lib/gitea-runner" "/var/lib/private"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
]; ];
}; };
};
microvm = { microvm = {
hypervisor = "cloud-hypervisor"; hypervisor = "cloud-hypervisor";

1
modules/services/server/default.nix
View File

@@ -18,6 +18,7 @@
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./jitsi.nix ./jitsi.nix
./ollama.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

3
modules/services/server/fail2ban/filter/gitea.conf
View File

@@ -1,5 +1,4 @@
[Definition] [Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST> failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex = ignoreregex =
#journalmatch = _SYSTEMD_UNIT=gitea.servie journalmatch = _SYSTEMD_UNIT=gitea.service + _COMM=gitea
journalmatch =

4
modules/services/server/fail2ban/filter/open-webui.conf Normal file
View File

@@ -0,0 +1,4 @@
[Definition]
failregex = <HOST> - .*(401 Unauthorized|invalid credentials|Attempted access of unknown user).*
ignoreregex =
journalmatch = _SYSTEMD_UNIT=podman-open-webui.service + _COMM=podman-open-webui

2
modules/services/server/gitea.nix
View File

@@ -7,7 +7,7 @@
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
dump.enable = true; dump.enable = false;
lfs.enable = true; lfs.enable = true;
dump.type = "tar.xz"; dump.type = "tar.xz";
database.type = "postgres"; database.type = "postgres";

29
modules/services/server/gitea_runner.nix
View File

@@ -5,6 +5,11 @@
podman ={ podman ={
enable = true; enable = true;
autoPrune.enable = true; autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
}; };
}; };
@@ -15,17 +20,35 @@
name = "Server runner"; name = "Server runner";
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path; tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
labels = [ labels = [
"server"
"debian-latest:docker://node:18-bullseye" "debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host" "native:host"
]; ];
hostPackages = with pkgs; [ hostPackages = with pkgs; [
bash bash
curl
gitMinimal
coreutils coreutils
wget curl
gawk
gitMinimal
gnused gnused
nodejs
wget
]; ];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
}; };
}; };

24
modules/services/server/microvm.nix
View File

@@ -3,7 +3,6 @@ let
name = "gitea-runner"; name = "gitea-runner";
in in
{ {
microvm = { microvm = {
autostart = [ autostart = [
name name
@@ -14,11 +13,6 @@ in
inherit pkgs; inherit pkgs;
config = { config = {
#pkgs = import nixpkgs {
# system = "x86_64-linux";
# config.allowUnfree = true;
#};
imports = imports =
[ agenix.nixosModules.default ] ++ [ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++ [ impermanence.nixosModules.impermanence ] ++
@@ -46,7 +40,6 @@ in
}; };
}; };
users.users.${user} = { # System User users.users.${user} = { # System User
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
@@ -77,17 +70,28 @@ in
fileSystems."/persist".neededForBoot = lib.mkForce true; fileSystems."/persist".neededForBoot = lib.mkForce true;
environment.persistence."/persist" = { environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [ directories = [
"/var/lib/nixos"
"/var/log" "/var/log"
"/var/lib/gitea-runner" "/var/lib/private"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"
]; ];
}; };
};
microvm = { microvm = {
hypervisor = "qemu"; hypervisor = "qemu";

14
modules/services/server/nextcloud.nix
View File

@@ -45,11 +45,12 @@
services.onlyoffice = { services.onlyoffice = {
enable = true; enable = true;
hostname = "localhost"; hostname = "docs.cloud.kabtop.de";
postgresName = "onlyofficedb"; postgresName = "onlyoffice";
postgresHost = "localhost"; postgresHost = "localhost";
postgresUser = "onlyoffice"; postgresUser = "onlyoffice";
postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path; postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
}; };
services.redis = { services.redis = {
@@ -86,9 +87,18 @@
file = ../../../secrets/services/nextcloud/onlyofficedb.age; file = ../../../secrets/services/nextcloud/onlyofficedb.age;
owner = "onlyoffice"; owner = "onlyoffice";
}; };
age.secrets."services/nextcloud/onlyofficejwt" = {
file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
owner = "onlyoffice";
};
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = ["postgresql.service"];
after = ["postgresql.service"]; after = ["postgresql.service"];
}; };
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
} }

28
modules/services/server/ollama.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
let
ollamahostname = "llm.kabtop.de";
in
{
virtualisation.oci-containers.containers."open-webui" = {
autoStart = true;
image = "ghcr.io/open-webui/open-webui:ollama";
volumes = [
"/var/lib/open-webui:/app/backend/data"
];
hostname = "open-webui";
ports = [ "8081:8080" ];
};
services = {
nginx = {
virtualHosts = {
${ollamahostname} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:8081";
};
};
};
};
}

13
modules/services/server/postgresql.nix
View File

@@ -7,29 +7,28 @@
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_14; package = pkgs.postgresql_15;
settings = { settings = {
max_connections = 200; max_connections = 200;
listen_addresses = "localhost"; listen_addresses = "localhost";
password_encryption = "scram-sha-256"; password_encryption = "scram-sha-256";
shared_buffers = "512MB"; shared_buffers = "4GB";
work_mem = "8MB"; work_mem = "2GB";
maintenance_work_mem = "500MB";
autovacuum_work_mem = -1; autovacuum_work_mem = -1;
min_wal_size = "1GB";
max_wal_size = "4GB";
log_timezone = "Europe/Berlin"; log_timezone = "Europe/Berlin";
timezone = "Europe/Berlin"; timezone = "Europe/Berlin";
}; };
authentication = pkgs.lib.mkOverride 14 '' authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer local all postgres peer
host giteadb gitea localhost scram-sha-256 host giteadb gitea localhost scram-sha-256
host woodpeckerdb woodpecker localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256 host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256 host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256 host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256 host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256 host signaldb mautrixsignal localhost scram-sha-256
host onlyofficedb onlyoffice localhost scram-sha-256 host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
''; '';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path; initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
}; };

16
modules/wm/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, lib, config, ... }:
{
options = {
desktop = {
wm = lib.mkOption { type = types.str; default = "sway"; };
taskbar = lib.mkOption { type = types.str; default = "waybar"; };
launcher = lib.mkOption { type = types.str; default = "bemenu"; };
};
};
config = {
imports =
(import ./ + (desktop.wm)) ++
};
}

0
modules/desktop/gnome/default.nix → modules/wm/gnome/default.nix
View File

0
modules/desktop/gnome/home.nix → modules/wm/gnome/home.nix
View File

0
modules/desktop/hyprland/default.nix → modules/wm/hyprland/default.nix
View File

0
modules/desktop/hyprland/home.nix → modules/wm/hyprland/home.nix
View File

0
modules/desktop/kde/default.nix → modules/wm/kde/default.nix
View File

0
modules/desktop/kde/home.nix → modules/wm/kde/home.nix
View File

0
modules/desktop/scripts/2in1screen → modules/wm/scripts/2in1screen
View File

0
modules/desktop/steam/default.nix → modules/wm/steam/default.nix
View File

0
modules/desktop/steam/home.nix → modules/wm/steam/home.nix
View File

5
modules/desktop/sway/default.nix → modules/wm/sway/default.nix
View File

@@ -11,10 +11,10 @@
# └─ hyprland.nix * # └─ hyprland.nix *
# #
{ config, lib, user, pkgs, ... }: { config, lib, user, pkgs, desktop, ... }:
{ {
imports = [ ../../programs/waybar.nix ]; imports = [ ../waybar.nix ];
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
@@ -40,6 +40,7 @@
rocmPackages.clr.icd rocmPackages.clr.icd
rocmPackages.clr rocmPackages.clr
clinfo clinfo
waybar
]; ];
}; };

5
modules/desktop/sway/home.nix → modules/wm/sway/home.nix
View File

@@ -73,7 +73,7 @@
terminal = "${pkgs.alacritty}/bin/alacritty"; terminal = "${pkgs.alacritty}/bin/alacritty";
fonts = { fonts = {
names = [ "Source Code Pro" ]; names = [ "Cascadia Code" ];
size = 10.0; size = 10.0;
}; };
@@ -212,6 +212,9 @@
"${mod}+Shift+9" = "move container to workspace number 9"; "${mod}+Shift+9" = "move container to workspace number 9";
"${mod}+Shift+0" = "move container to workspace number 10"; "${mod}+Shift+0" = "move container to workspace number 10";
"${mod}+Tab" = "workspace next";
"${mod}+Alt+Tab" = "workspace prev";
"${mod}+k" = "splith"; "${mod}+k" = "splith";
"${mod}+v" = "splitv"; "${mod}+v" = "splitv";

2
modules/desktop/virtualisation/default.nix → modules/wm/virtualisation/default.nix
View File

@@ -13,5 +13,5 @@
[ [
./docker.nix ./docker.nix
# ./qemu.nix ./qemu.nix
] ]

12
modules/desktop/virtualisation/docker.nix → modules/wm/virtualisation/docker.nix
View File

@@ -6,7 +6,11 @@
{ {
virtualisation = { virtualisation = {
docker.enable = true; podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
}; };
users.groups.docker.members = [ "${user}" ]; users.groups.docker.members = [ "${user}" ];
@@ -17,9 +21,9 @@
# ''; # Alias to easily start container # ''; # Alias to easily start container
#}; #};
environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
docker-compose # docker-compose
]; # ];
} }
# USAGE: # USAGE:

12
modules/wm/virtualisation/kvm-amd.nix Normal file
View File

@@ -0,0 +1,12 @@
#
# KVM module options amd
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
''; # Needed to run OSX-KVM
}

13
modules/wm/virtualisation/kvm-intel.nix Normal file
View File

@@ -0,0 +1,13 @@
#
# KVM module options intel
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
''; # Needed to run OSX-KVM
}

6
modules/desktop/virtualisation/qemu.nix → modules/wm/virtualisation/qemu.nix
View File

@@ -5,12 +5,6 @@
{ config, pkgs, user, ... }: { config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups { # Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
''; # Needed to run OSX-KVM
users.groups.libvirtd.members = [ "root" "${user}" ]; users.groups.libvirtd.members = [ "root" "${user}" ];
virtualisation = { virtualisation = {

8
modules/programs/waybar.nix → modules/wm/waybar.nix
View File

@@ -9,14 +9,6 @@
waybar waybar
]; ];
# nixpkgs.overlays = [ # Waybar needs to be compiled with the experimental flag for wlr/workspaces to work
# (self: super: {
# waybar = super.waybar.overrideAttrs (oldAttrs: {
# mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
# });
# })
# ];
home-manager.users.${user} = { # Home-manager waybar config home-manager.users.${user} = { # Home-manager waybar config
programs.waybar = { programs.waybar = {
enable = true; enable = true;

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

6
secrets/secrets.nix
View File

@@ -19,6 +19,7 @@ let
]; ];
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5"; dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz"; nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
@@ -26,9 +27,10 @@ let
steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcbvtlL9xFq6kcvE6x20/Es5PVWMhbBvra8HjGUm4NB"; steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcbvtlL9xFq6kcvE6x20/Es5PVWMhbBvra8HjGUm4NB";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLDA3tmyCR4ogX7mgwaEhsceqALQvq9IqXhg8rF0OIi"; laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLDA3tmyCR4ogX7mgwaEhsceqALQvq9IqXhg8rF0OIi";
homerunner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5MASizLhydfxn0AWcG6LfeC4fghLTDVsLbEHDnIAhc"; homerunner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5MASizLhydfxn0AWcG6LfeC4fghLTDVsLbEHDnIAhc";
serverrunner="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJacRr6zXpyWsN9lcu+zZ+Mu09FselLq1b6jDvOLiKPs"; serverrunner="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfLhlJX2VlZE4myreojQ0hqCSL28kE9Y3F65uumgrSK";
systems = [ systems = [
server server
server2
dmz dmz
hades hades
nasbak nasbak
@@ -40,6 +42,7 @@ let
]; ];
servers = [ servers = [
server server
server2
]; ];
homerunners = [ homerunners = [
homerunner homerunner
@@ -70,6 +73,7 @@ in
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users; "services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficejwt.age".publicKeys = servers ++ users;
"services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users;
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;

40
secrets/services/coturn/static-auth.age
View File

@@ -1,21 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ YUpBOM+POSZ3HyM5vH0rbVtINny2mzJIVH9Bi1VwRBM -> ssh-ed25519 neExcQ FMwvw6TmjR3KbTH9UgtlHGmC3ZM9s1+g2Lb2B4oSJWI
YoOqzXSEqUxzPTNGvUoFucPaLUcZq3y8Rl9cMuiEUpY l9TBPRZpSM1Wky9J+uNaKSYVI65MlLxTU7Kh2uC9Ijs
-> ssh-ed25519 WiIaQQ J3tqbCwliMu7Hp/diV45LB0z2EWpLAwivGxxNQm1O28
O7EDQl7x7htiIyVOQfSWHQbIxVWEnDJ/rOwE7Jey6go
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Rx+W7P1946gu+KnLcDrFWaSwPwim05ctPwgA1iXC6pPx7uBEfZld9BBTwOfDeZUK BE/OvVUprp821b/gLSDol0R0P65wwtYHKulHt2Y1Ik02w/A/GCJbVX1hAbxkhRnR
aZtYwIbQCqc2YJ0Z341n6KYSKrvrHhoGXKv2IXhgjU80rYQNAsNdX3aSiIU0EAJ/ 5em/iKrbG5J3kabFgV/2VLB21yzcrdip0Cvzbgn0HsZ7I0PS80W+Nz054cdH6QV/
W/IWa58V1qUyooWOJ0NVQU9i//GCjtKbrTfVVILFWMgq9ZdL82wkVr73y8Of2yuj A+iveZxwS0x5VWI1//mmPp6YGeEOw89r/KyIZ7As8gTmVzQoVEeaqUsP9A2/+VuG
La1mS0JDShpLzVR8YzAQpkB9mXt8pGKDu4QyKhWZzfILW6EjhdbIHEcvve2rOQYh J6gbE6vCb5jxJ7OrLZbtBjfJhac3g7KHfy9QcLNRDSR+r0YVYOElUSyYdz3DUbJp
XoJrfjcT6x4BsycDBccwS9jUIwqi2GkObXA+eCpBEiNxOlYkoCD0qaDPq53dwOsV vCkNdm2s00wzAobyK5KLx4k9UB+1kJRPjP52Uxt4A+pEjIviH1vTnHzQb+vL4LuR
1ybV/oPhS+CVB0RRF1zjHEjhwSwXMYmChxk88Yg1s+uJ8jkCxdQVEQeK5LxdICGk qR6spF4vXHj14eGva51+8bxuUBj3kx9zS4XFTLug9B9xe8XgiPJDq109/fzCLkyr
fw1gdJTo+Gs85uikZXajyDucytzLvQi7TJmYR3uFSYDR6KvBAV4i3xtOHH3bOuat CZwmvAIUbghLzVw5ub4It+79GKxYXH9GjkWmVQX1J1a6ls7Fvy8pW90Fh2N5M+wk
2YkNdjfskRtVVDqzlH3Ld6zOE8L/7iXmAt/4YDGHAMxtM26+EvxCDF/S12/8u+Fw FTQru+OuwfllWUZaUWpE1mUzu65CZ84Kfg5slm3oY/y8E6UEmHiwdpCD1Y7mxGwl
Aw296UfWG8c5+eRTnuqSV0M3WK7eF1NsC0RgHoDcvmWBCJmmTopzphljElyqfLaW hlQAhOzXyiNDHtWdvRaA66if7+heTvkEoKD5/owUJ0tJTMyvZgah0r2OGbKWluTv
LoBTd24z7roiF9+zs8eHGn8946nPDHxGYQXijrNKYLorE27jGl7pB/X30ucD3qoE +w6DMlKQFtnnW437t3QZFEWmz6r8UV53CzVIjcOv6Nd8za20RKofmOCeyVJ5GRNk
6Ic7qLXWfhmI3j7WgZpIrdlFGcPSj2xAIPC0U5/FpPY weL94rH3Mv5YKh3/mJGj4fsYgka3uRO+rV6G7fNZcfQ
-> piv-p256 grR75w Av5ug7vv81U3VRhCmjQ2FvwTqNovnaurH/FiorVgCg74 -> piv-p256 grR75w AnCspIRjswTZ8aEXA15AQiJDKmUiHQhvKg4Rhfre3kCu
/1+yhaAhkThe1wiOnOllZ6dVPBaa0FOGNct5Ul2yJjM Prp1jHRXIdTXapLZgjWwjy091uc37kCIvGstSOxmNbI
-> piv-p256 RQguQQ Als2SOvlLVrIKR7UhmrqMSB01lCGR4PAeKlrIjtYmuEp -> piv-p256 RQguQQ AxfKlFTYgyFzB7sxct0s3/QcoVs1AFwSysZTTBhJjwZz
qKeWbCmNbWerOaLsDbvmntNUm2JI1cM8yM6/Yi1yoH0 GYuHnz8yk5TsY/y2oibHnkFh+Ah956ZiSKXzbT5Fu+A
--- ZfSmKl8AoLbbp3ZcthBsbtUG+k5OYqVbYX1aeYEmGBI --- ++NTK2N0Od5wJsDHGXUg5AbVPNRl2siwehTeRHNMkec
I4‡ÉOO¾|_p`]šéñÕ…7¦•—<E280A2>æŸþUHümOYÞý• ^LK?äs(A§!©¹ì¼£¹âÃ宄ËO$Èb½Ï<µŠïoBî²êB¿+I0'e;Ó{<7B>ü¢ T„ÇrI<72>Ø“b4 €tº!5d©C«/w[mA/ýÕÇ\] £N!„~岆Ž¢¯‚ÀrÆÖiéßm`ùÒYéÚ

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

40
secrets/services/gitea/homerunner-token.age
View File

@@ -1,21 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 1fxDZw M0pcnNHcHqq0pig7tXwZn8pZWc2r0qMlHaW+tf67Jyw -> ssh-ed25519 1fxDZw HPqtOnCf0xv43GQmB6iSSLGK6r/5pCFFZJC37ioMIw0
zCVBKJ18mO7ysM1DTE0VySae8q3xLXO6x/Z3bj9pIiE VjvteDjUqqkBas9FzZKxlA1y5/TwIB44I7yNH3KBDYA
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QmoE5RZNEsV4h6+BKPpxD9FcypkUaQyA5uaiu8WIrsjBgZrV8B4oIzIVOOK1kX0q Xx8tuS0ClpvIEn/diIhCInLuiNym22i0SQZCkFCz5V0FKNM0L9hzlqU2A2wLemgz
efKg1u7kxW1DgVdseFtnXCoSV0cld4pS54mlJ0JDCvlSF5U1LXIpysA9DsPFfUNP iy1So0jNJWGt9ylUCyPI9ucyLUgoXFXiQjaMkI85yj+xuUDHkmereRMW3AQD+2LL
quKxrpPMjO5Lrm8jdNrJd+8S1fbA5SDrKbl2e+4VjHQKxsd/RgfxzOi4LFlWkEtQ +NHsmQQchtmQg/gCZY0MS7gq++ULDwlakAkwMP0U6T19i299eBSBL4Zoj00rKNlx
5B5tWRIm9ch/Z8wLmB2GyNZEQajoyxVKTeNNppPkim0sbI4DRpjBHHRUSNg8TCPs KLe0jbNlIe1uhVLYRfyz3S0I9z8gWDSQ8soFoqrJwKVHsO7wmH/3a0dCEWSHRRVm
1W9AkJ2cImZEfSQcWgooVGUNIYUFZZKeuw/PtzHRyoAtQsyyg19lJnc9rJka+t2V MRfU/Oy7A8U+iD37z9DxSN2O6hKRLMDu/NyTXUV95ImYwOcA7ya4nShwpB7vZLop
latirZM9O5esSfi4qHCWYA32V9cjmHptFkbpUV9T4NGEHK9Erm2yXYokhcFqfFLQ Vu/BtX5HZ7JvBK3kApyR+Da5LYsBhqrDmqXqtykjn8TM0WG65jLKp5XolEcGEfUe
qaEclc1HFhDlWkyApBhstmzqL0D1vPratQfKMqAvxoi5UeL1FAMNtOnWG0E+6/kE KrqVMhVm+d2AijpRvsbOv13B7UmZkxBP9+6/o7uujv9nV5uSoGwv9tZn9ubeZyXo
u4UJL9RKF54jDlZaSOV5YEcNWXBR0Ysqt0AqSiFxhcprufoR+FZIgfxc5ZQWo5Pu U7q3MaURqbgv6YV+h/aJ1X0URmPMyjUgkCLI3HbKJV+ZQH1jbNsn0aiVU0d0MXBb
8TxSgfgQp69DiUzccrQ1NG5EGlnAv2gSyN/PCb6TqN8/kr0kOOVEC11I7Nc8AwVe cE1NIZdfrQ/+Mp14KuiKoY/ycrJPQkg+Au8LANSk/pzH/lvGO1EP50eBRz4hIqEg
Jk4R4cz1dTUUqt1CAeCtaMyyDSAKVcDIp764fLI3Y/k1srgyQfCzZyl34c/i2vsf RaNII+fQosyr10HPvlgMfEZQnDoG6H+Tvhgt4S6Ex9lyjKASnx/SQyRwhd9SPgDb
Sd+ZwjHab3EoAxfk+xch755nJrU+6TK9sHzTkGLPpIY bArbSq4lJ59rqw7TX2IrkjDgvv/FMqdcxjW+kIOTWDQ
-> piv-p256 grR75w A2fxX9/NDIijJ/czPeq4OcnEk9w+aSfja8UqELSfCDbl -> piv-p256 grR75w A1d8pk5Qfx1xq9vApCkKKj6gx1elqSYxLezwoChk3k7Z
MXxaGH+8ugzlx02bgrc3X2xKPoqUaawLeQduVvhAuP8 AeYO+rslswXdRJK/pwe9m3CNHIKsrRkt1lamyysDNQk
-> piv-p256 RQguQQ Au9PgueXswuVvjRyctEDginbBUwkpkQ4YZ5evkMRiVHJ -> piv-p256 RQguQQ AukcSmMTNQQZdr5zDOjMTnsOFZp5H5D5ohuVdIQUpUYM
AS/C6gF6/Zo2mdAg+mWl10W/cK6Fx6n9JD38ddBcNrg aJqrWcaXdpfS2vakEu5vi/AMHnoUUrUpm0bRRcCxiE8
--- xnMYrRW4QdvweKHLz/32ZkTXrkvPvbZJznDdqyFKCEU --- fNTWHdKIXpbJsZo2WnMAPXTNMtr0hKkgivCIi1qiQps
U ‡Ş{©<>ë”őÝ8ÎO>™.<2E>WgEŢ[™öŹřöŐ;JôBcshŁOIľř9¤đŠ´ő¶bbhÍőbáIĎcDSk˝LžŃw8ŐŢjüʦ` XƒŽR0jÙebMB7v6“‚Ȧ~
몀“8<=
2iŸ¾Š2ìJð]L×íp

40
secrets/services/gitea/mailerPassword.age
View File

@@ -1,21 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ nJVX2oMvuS++oA7WtlwgJ5+ukpJFSZtvA7gT7XRpQAo -> ssh-ed25519 neExcQ Qx3NuIC3HnyhLAPB6NGLlO8073iIEXQ3VpVDvsPsLVk
HEL5D57OgB4UrdUYr/JDSYQruBoOnbvVUPePA2CYnfc 9Cz7AXaP/EorKrdLxMfaWJJsCIv5u6upJIaNbLiDleA
-> ssh-ed25519 WiIaQQ AS+i8m6vO83lj5vZ1lr+FiM1SO1v7BU6OWertpdTXSU
LIitIW7F/8idoKvgHmirFp1V9RlObyqOueDVIdBdRM0
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Ev3wLfPrP12eTnJ7uau40u5Rxq7YrLbK/ARik7+v4HDm+hd9Ou3gzIY7LO+I7LZ9 FdINMHPfPVgkQk0A5g6uDRQmZxI0h74QkJSdYUtHRfbqBP0R3f4TrqbtO4n6E7pR
fXeGwYhoQFRfezPX++VeEzNe+whCfsmrk2nJTLXKgFZwHVTvLRtjot/XiSE0hulU 5NYLkqyZND7ApC10hoQ2UJF22Ja06ZvWhhM7Zsl0X3u/58NhgXsXWy92I2sniBa4
yAAWgJ5YPjtbMBSx3xkpGDrfNP8cJFtZfiLMmf6hOGfD7Srgsv2dE5+0zOoNmbQm DF6T3AD4bQOF4Px2A/+lnA++NIWHdroqghojWOAZazvLFaFa6HtIdrTiMb2bojuU
alXR5I7RsV/J5iouzQvLHleEf1l4ZI561f/8uLYXkR2nFODItGyBJBYHbtzR9+3V qxepekbRwJBEm9/5bKHZlEmwx3rJsYxrNKEkxPrBvNdPbnwgxrvhOXxeQJghyGGw
Bi4KaP8o0aNIro6L5j0xJqyEEwreBJV44RO5Mx/PoqzwcQaJalx5DakKia5aZqOv vnCRHKDbqvRIWfkmftRjNQMHUSMitDJHUOPsG9z5KBr4M7n7B1bV5ozsLsVyUUmE
mHLE9kk37+fqubRhH5sZ/iH4kH4OqVbZAImqi0EKxWFWQhoZYf0LbzkKzGtgs9hk 6vBvrOPz9+RiE9H61PlAvPFMmKBTQgRf8+mjbU0RGxScqLcUoHCud2x3O+WqlLoP
Y5+9u2shdX7a9UyC+RjdhkyfQNEZdpuUdKHcAewd1f9vxOb4tLrrL+PXOKWuCAFY TMQtye8ayRPgG3PbwP4pO3olcA9ANEdd2Jfo+HG4izbJxdCTbOMfEFTJIEfyGMIo
wtvx4JuwGmcWcf6IqdL3xQKDqK2MwI8UHZGc3GNJMnpYs6HBUxfKw4qe0yBIg9vw lo0Hh0EIijFAVfyAH6G/Rv1KggpINr8fTxbWz8i1PXTqzBsjfrqbHWWRrE/VJSYI
zCpO1LcIxzF6ExPOgNANTZuTlsn5fOXPDfHR/7YDbkyEPV633FIAwDZ5nY5mDS4z x9bjSHeWCOs+IlZ2YEB8dshJe5smrTnKpFYrj3kvLHOiC1jKUJdDZooQex4nkXpW
uROi4PFG5RF4uyqci7PXmZQNm0Ro1dMjicoRz/rRaStVqo8Vw7rXB5jb4157EuJE mMKIOb/VF6/QM3NkmJKLdnMJenIKL1Vqbrv/Lqu1/FaINqRsIGTXCsQs+JjxrcfX
vAZdeH4gpHzYOFbUPAskhnG71VVqhdii1AooT4Ccc0c zxpzs7Bk2eV/BaiJxJ7Cjfx1gO37GpL0kzCMuN1xnWs
-> piv-p256 grR75w A+RDGG5LD9fnZTo103tKCLh6YMU4UE81y8UZZVY9tqFd -> piv-p256 grR75w Azu36XfRZ2Evj79zCs8RA5lwbMe2Je0oBI5JM+3MC/cO
q+PuFWvdMNFrbfWbSa1WG8VtfW7RVpb35sbEsmU3Mlw p8nO/p2M3pvEevZLLItNDSz64Ju8yBA2GPBnTWMN25I
-> piv-p256 RQguQQ AtD59P3UFKbj2WVFdyXvWMeHt60DlrBloCdpqAUw4Z14 -> piv-p256 RQguQQ Av9ILPK7bsPNqgudLMq88MNSWrB+xrBVfxX3bjVCquvj
kFclCMXfUCOkfqxV2Kh1Tznmp0eJPyVxfFaKlHQVbl8 0iwRR9htchLUk88RRooXsP0H39FfybCPMQC8AMxgu/0
--- udqxDol7FA21m4iTikGhtugb2RSBE6eLE0yeQH2mmK0 --- puq9s7iYi1A0v+7Qhsqo05Yfxtg5kHJK66RM1TDLtNM
qåH^Ÿl´ìþëMVÓòÖU ‡![˘Ąëu_Ď(*­0źĹ´8«°ęŠű"úÄFsnď"TęĽ-„<>˝ş˙žÇwťw' Îü˘4ľ„«sd_­!

40
secrets/services/gitea/serverrunner-token.age
View File

@@ -1,21 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 URAPyw KfgM30iObaBFnzr/qt52XYcaoL7gtG6uV3Y6WYzY8gs -> ssh-ed25519 0qfOZA UTOzjwhqcVLmpf3P/nzO3aGKzKH0YKq04sUbFvMa/FE
AK/uaa683L/ryApa+007fq4A1qVSVWxDd+LoeBHt0nQ a2MMcZXucDEXmy/uU7JapMsboImCGsUiPA2Pr/wB5yQ
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
JqNH1SH7MBFwibYKe+VQSuj9ceHyLMo0yWOk4KOLfoMXTBfRFYsqeS+G9p1sTCiJ Nr2g/ocV0oTbZydmcRnESyI4VOJdMGafozm80EMarbQfmeeRCfi76jxct/gpnL00
I42DQHCustbQ77vElUAYt87v+s+0esK9z0HqSxuYeV2AovQ0FcV7AIrwA+m+eypv P/2d/3pfvqbpuGZRg+Q/BCY0Vm2AujJ1P2UTxpnzC42iZu7qKWd5EY4z0Hok53kg
KObVeF+c0PSLaG2HMXSwd3MTXjH8PAwxDB+f+nF2cTYm7oaz5YpNjsMjjcoHxEVz McPh+pgNhugLr4Yh2KHpT27FfJpD/Pmjajg7G78Q9P5uel6SKXIW4uFO4Lp2yLC/
GOkHWMujX1zxqdp0o0TZC4YhQa4BqF5MXX4IIVtSGMnzShCzubH47bWgLqTxFlnn vC52XMqxLrR9moCTr72dQPzd0IIhQ2vN9EtZkBnxUW6zt3ILAYJ06VLAGvVwXIWl
bcSHFxldOaPiu/GUV/ygnSGassQJ6naWqu7DlqcdT+NWxARvCRn2Cx786Avi3LHY 0Wjs3G5g5v+H2e+Em5vIy1hdub/3orEL4racHO0m0binK/IVRJY7sjZDVDrrerFS
vmZFUwdtNkmLNL0jDkmwxT8styRl5ZKJ4IwmAn86O2TcUrqt/FFJ7ph8U0N0UjOe SqPORQ3a7jmuHFeHxwAlRcmh/O1gEgAnCZTZRfQzgXI+nfPEzuL0yENd/ksUPBdm
sD3YNLLC/KeaoiF+z5DJGmbI8YZdx/sInoDlkxWRcHSkqSBmorMTO9bLrsmMkwwa q2zQSv1rrj/tLMtxk4vpG8FkPp5UctaYignvHAp95xC+TR14aDUdT4x4MGboHIxu
1dWhb/SUn2OAEv2juLhxZmUR7SrJBJCdLgkBtn3zVXbQvBkGPfzuurUhJP+VpbN6 l6Q3evVJzblwIl3JbzpP3yOA2k25Y1KI+nVDrTqAdi+Yy4jtIOA+XancIHrpLzAO
uTrBUG9Irki4Ns7q7OcrBc0aMpZEb+J8P1fXhXppw7LdL8b+4M2LrjIA4JqxY0Wf 21JO1wwGtAsjUDCdhnYSyMcOiRLRHzPoK7o/BGx6b1Uqk2WmWhZnZft9MHPp2RtX
gI8NZnGdYxb9pcJuL4SXdHZyLyeMG1bC1bMeG5ihd7a9PasclO5LjIVF2OUWaE8s Gv3PBMVjz2CO+f3d8B4akPSApgQ9fw1Vje5fY0CDWdORV7tHDCKb6fmTua2d73Iz
6TYh2bF4OE7c5rgvGbKrqLR5T3J29BOxPE5W4mExhes ANrKYonqWhjf3F9u7zzM8/xd593AH/Y+aJo+z0S+Z6I
-> piv-p256 grR75w AxpHUU6Ng4C05fdWcUyEZXn3s5SH0PaAyNi9LNyO6X/l -> piv-p256 grR75w Ap4du3RBcNdRvbwjQTpP5PPXtNCRuoQePt6ULYEpNM1r
NWfALN4H5Txhi20Xa8ntZPbbbrW3aRegNObZB5pt+0I 4Qe4c6j7df/TajuxM5Q1qnC/TCBNNI5K9WCDqD4VM1M
-> piv-p256 RQguQQ Au3A174gvw9p88Vt5KbrFs9AZM1YP/7hL1z+7dqmT0TE -> piv-p256 RQguQQ AoR+aGTAQ6VELef54cGpukkWjeKz37tDbW93ncGWFsrI
X/14RhuJnGihZ9YIpyfz8wjT6Ww88Z4B65Ju1jbM6rs KbF1N14PYEQ28a/MePeq7hW9LAgUaNriFo6UO0eBvt4
--- KL1itlvz/yBCLl2CXz3bDu5fSQbT/3XxP2f9hufzSLA --- F8GiyUf87+vhg22ldWuC2j5K8WGAK3y5lRDG6yrzBPQ
n\ô!èKã=WúÅ·Y,Å&f ·%þoÚ YŒúPÆYÆsàê_ÌsCbú,Oùènl…©¯W?¿¼¾—1ášS ÄV4­ÈJz að$ß-“¼|h.cr38ÓÉÁéPwú3üÝNhà„†B¬j !z^<5E>² bÄ8cªâ½ms­ç¤
\Ü3û»ÐÕfòx3|ùNeÍ
=:³

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

40
secrets/services/nextcloud/adminpassFile.age
View File

@@ -1,21 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 9bZm8oU43Iw1UstmkVhjCpBsnlnuvsLTuw0Df4xkO2g -> ssh-ed25519 neExcQ 8cKmhu5xTxTuvVbBhVZM2W2qzRQRVX9BSojcK6YgCys
iQrAyrg+Rl04GhrvhhwU7EpIcw3UDDxgd+rVVeG27x4 kwfUlvEPLVbaq/rjQAu4s2NhGbxFfdEeLyU1eUH2gF0
-> ssh-ed25519 WiIaQQ TvRNnifxg4OPDvwvuUIdJgwrpj8KegqfjVEB/in9UEw
U0iqVaHbZS/SvCH4UAzjJQ9nPiHv779v6s5PwjTxf5k
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
DYvb9nIj7UuvwMe7MCsT7hx9QNGoj24QVsDd2ykLyn38UReeFni29LgHQ5BQwLAJ QZHM+/KssZmfX436QJGBGbhlx36oxCg4jgdbRwa/acI2s6ppawdnFzyWZBhv/Xzk
lvreEgY3F/+jEpXk/F6MuKfvkb+TD1578Zm0kGICrcDAcxD7kS2U8SwH8y7inFvO wYcT9c2ciuy/aEx6uX7fSAiKQbfq0d9KEp+d2xwlpL02656hJ3Jya3U4RApvEFeC
oJZDbhz2umVOlNGYyBMiZUNNXPWqO6qMQGUzvQkH8p14f5yFd4yCPJ+WQWsAvFbR lNjyWgLKuyxYeC20f3/NMg2AnickMicbw4WCzG+HWnVCnxDe2JW+ZbXPsoBg9IbW
bCD11GPoTZX9bVK+wBDMFVtjsf9ppHHvHpIKz2+tjmZSMZYrhg2mq1k9XJCanx+2 BO05nRKB0jonuA5NDvHZ+a/1xf/4qarj9vmwnsoK7jU6TGK2r+iPHuppC/LTgofm
GX4a7CENPAulghNOawj4xF6hg6RHoj649XWEo2cUeF27qkqPRZg2IhVquKqneKAV 2kXKDP/gpRpIblHr2QukoGeWmXPGeF5PXXCPC5eor1jAhwrBTBY1hL29mhb6mK5M
qWEWOZDriSpyMGru2JpdHknaFYwtCjr2B8bLpZ+J1ngz+6YyaYD4+snYDzcJkvcI qvX5wvayHgIHvX73fn2oexepc3QXjazCKSdVSykj/s0N0//0fbtYJe8qIbgfeNen
9dJs4RLRIrGEBIzERHwhYa2eWCcyAO106gGXelq+9uDPYwft/etQlOlKeA3VjDgI Lvn9DgsDvQfC83Iikh3r3V4RtmHiD12gA3qxc3tZSQLftbedTbylGnMmCZr2c9w0
Qi2dgxUakM650c8kRq0NJd8nk9y5o4D6FA8LaMU1a3B9lzdqouFQzwSTuxfHJ0z4 4396ZfUfjXk2Px/XCiy6WBghW62QQ4Q6fGYWBViL1OWCoudNNRCfD72E3jdfj2l2
y0zm/+FDIY3/mkVfez7UWi3BwGq1zK/B4/8iMU8zSTe1MIj5w+4UCrED7A033MDO cScM+huEDU58dxpHM/6yLT+97Tta7JDpgz2ueMUfKFCUnopKNKBPoaZfFzvi+nCw
TGyMMt4IoDAo2OwxngDFclqQ6lR7wU8p+qw9Px9NS4mpbPhVstMWN6U0w8bAkIBO vRHVdt5CpN4oJc+mokWCGNt4fK5nyvyO6nDe9cHel91sfS2nCiukf8IKmEDlZQGd
+B/9VERjytCxBbhctFv6GpY/LdniafEFMBfsRY0kfS8 jEMLZjAkuEHwa8Powxi14egunANQPgLSM5EuStDmhlU
-> piv-p256 grR75w AnEeTHM0zSARE/MfYYiFxpNSHiHI4UzJvjfmKBBbctGE -> piv-p256 grR75w A2nunTE+4FmZOKWQhinSlizVprH0lX81NKsVEDijzDQK
4edG4E8QkuTVhszkRRrVdLOlH+/mEWRZLYh5TAljZNw 8+Rdpp1JCxbbxeTVl0WGpQHDlqb5e22zLbBkwBPDYkc
-> piv-p256 RQguQQ A0ncZHJjOST7aqlwrRuMmm/Qt12B2CpFpaoZqm9A6hsw -> piv-p256 RQguQQ Ar8nU9oNd+TEfTsdIM4ka/J4IArbeQKfn2W93TYOkajJ
PhMtq7E8GAx9VfrvxtNduukJ2RA0J+IeW9eoSXBwLZ8 5YnDAocS0lDBrO/M6sNWyn/Vxa1qLiudf2Via9UOUW4
--- vqWuyN31t46vddA5X5RRORBWOVR4EqlWVtczX8HC788 --- yDdPOHLA10Rxzl+kEyCUx/lmLZaVWucWY1Sj9rdo4hU
a^ò¨É7MDí>£„ù‰ÙR·*Vƒy”!RžaƒÙô5³¥Gó„ ƒeZ2å „ Bÿ—ó s”dGÈÿ´m`ÄÎ),NU@þ ˆ³a˜Pv(½®rMôû

41
secrets/services/nextcloud/dbpassFile.age
View File

@@ -1,22 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ A9DV8r36HcBxrddMtD1UYjvGsvBLq02aHoys8Xc/cDc -> ssh-ed25519 neExcQ VfWt68buOl2UetDKcQWuWRSOeJi4HhQxiZVI4lIfcUU
2rCO6avMysydYh40+iupXLq8hLtXk28etUZCI2SUax4 GTWI83cLyP2Kjd6twRpaWpBq+U/BYcfDJeljQ1CZ1bw
-> ssh-ed25519 WiIaQQ nqwbWtevakrHk3sODtw7l40klSb4cIyi4uSsnpcS8QI
PxfriZ8CdPhPTNtjQL3lsyjfjkpBsnmJc0TRNM1pyHM
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
MVxMeXHN+BmH5qwyf8DbV4nT4P4fM2H4UXpmI9A+V9vm/rMoiq4F4gQOMaUo7kVJ QRSdhHdAcGlw2c1hxGNmtAp5tPcjQ7CI+v9JkOyOH9W9KF3uOfshrpkz/psFPd+s
26pbJ60uUTN/frNrzHvAyxYF1wY3HCn2IEzCCwbwf0fn1D7ChAvDPt3I2dko03TC 6eqQDAwEAgla4pO6FHj/H2PK9KDHY3j2e8BZyvJ8ZsefUsSAYJ92hcD3fdISL+kc
oJPihkKZf2O0LUva0S7bl7araIIC8AOMYpqgjdYMXVI1gpGyiccLRzWD8kULI3wc +FMx4Dlm9LSeGGqElbPotyU69t2O/WLF01HqLDVgHrlyTzWvQMhvATA5Yzcj1Izb
m7cDp2c+beNMpMUq+s4e/EMozcQ9qNqwQEg5vEwfK5deKOeLOXQw7JJf64MY23y0 0AlA7IOE174E448/Ovo5a2T+DF0w2vLEPruH90Kvs2lui+i8yC3StgBwB6flmSfc
zC2yM6yi6k6wyrI+kiMGALx1JvH1kdQSi+a1bhYH2HiDuDKo2sMiFiGuIYRnK9Ro dSR5qO0XCZ8gK/kkdsz2iZonsBCbEugQayN+EoE8vop6YlPW36EtO8IJnVnKmVEX
sDgcK4O7+aX2PlrphEV6KkMoYsB3+NncMT7TacugzbdgkiBpiZOkkPeMxDWVLIL0 vy/Rj3dubm5Wsp2hAyeXSXx3ity5fdSJ3TVY7TiPLPlt1yik3Wggtv0DlgZK0AML
WgwDFSOy+KjKk7Oo/+KJvFjRfJRJ6f4Bf2GJndnnEq5IL+DwOGmMCbDBQtbggd+6 x1OJbrZRrzDZKYzxXw69+lOiV5XfVUfk9PXC+IAj3xf/dEz93b6Pief+PbOQg+tz
pWw6HJ9mFgsLzBX/MRCQfl4Hw2gLnTCoQlR12hQa2JhgNguScfSQT30k7KkJWHgd INDWkL67/Yx6rEf41iLCsQananBV16IeM2SndRyrmT/1OCcLUR/8xqBHfOg/K0kp
urtugUCnjDh51DLKxGpJ1/lrp6b8bTok0VFH/AwQfoKhL91OoAOSKiWtjI9svy3f lHL7D7/neqRh2E8KOEciHgWFqWT/tV5XpyZVvA8OiYLoVbmLG55q4pexrDfQ9OgT
02oe4oFK4EjRXq4eTtYpFukEPfgb/dE7+GigqXYTXmOEfGv/w5ITtgJqR7s5NoUj ZDIL94VjiBDH5BmPfxLhRZP/58EhLSDH3WziIWnv6Y2Y1bAl5qiRU4tEV0RCHqyJ
g0dadU5VsNSKpTHVwL+Xe5ZXe0DPii/A+i1YpcXDEEs xEeLcqI5uFwDmmt881zlyAb38oQCGq/YRXhGygwwn18
-> piv-p256 grR75w AzGNPVPxeyRnlH6t099Nh67N3YyfQfQQvWnZzVA1fvmE -> piv-p256 grR75w Ayt9mI1/BJg96jlkLVjf7xhDoklNuoFe3ZeKLYzFqDPO
edLUXUkmeYe8xEwzvq/tFLvmg09fPVHjZfHkGA2E79k S3vFS+S4ZVC2O00P5u5GKaLtbabBPUCuuFNFFxcmmUw
-> piv-p256 RQguQQ AnUloBxxUpHRAo4a/GYUTwIEuYt+z6RiRyAZ28QCxuoq -> piv-p256 RQguQQ AqsDGN35gXkyWaKSRVATyt1Ap5gzLKiAx+UHwhVXdhhG
bHCG05LMbt4l/QK8lQ4ZCXaI3wtpO5Mis5mYOlTsaQ8 YUqypxYBQ2RYbnMclNa8PSLV6atbVRCho4wHUCZegkU
--- FRWUJ/x58DC/34Ub4sarGRUf3+zErxdjJytwm+nLepY --- Bay62OwVx/Q8Nf5MHRu7VOWzwh1LtkWbxQytL16Y5Zg
h:;â«tô£à Én(/GZvÞÑ ç!ï¦ ¾™¡<E284A2>fs×à#…¯Âv5”K_àètûk‰ë³s7PÈÚèßÂÉk
­œáuU>

BIN
secrets/services/nextcloud/onlyofficedb.age
View File

Binary file not shown.

23
secrets/services/nextcloud/onlyofficejwt.age Normal file
View File

@@ -0,0 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ 39vMfysEahyydxnqENrwNOZi9yWpZSIWsNQxkMFBQik
bvJK5Gya20UhZ/dWKHAQZ7CPa7v/pISwB90WJejYA5k
-> ssh-ed25519 WiIaQQ KZ6RU6kDjHVfy5YwlmjQhH6YBVkJqrRonUl02iYA2m0
GGsCI2D1tN4lGpsHJph6pq9N8UYdG2mfIY3U9urTR08
-> ssh-rsa VtjGpQ
a0oXJCsFZdtpHuZIASZUp5C96ZP1QU1I3RSpIe59hnnpGLbXZE2qntXBfQ9ojkBW
bgNdxvAcWLaYAiCbe6Bo3S9+Q2svJQlEqIZ59o2H9jh+swSoLfWgi0Blo/56B0GQ
UrltI0ftMhM20TaszHwmVhvo3yODcZpNhjAMNVkQuAov9BSQdgGRgivBnt1FfYYI
f6nqfrE5JVoemk72Ip4jQFVWylK7drEU9W2WlwOsF9zkHOJxdNWiaaHpmnsgOEzA
BIdVqYZTtRElqDKM3j4SdE7hL6i4fIb4QAsfX5XI09eUDQLSRGF2o3lqQ4FVx+hb
YE31vr6yQEObTCbrf7zmKIK5UwgQbMf8+WbCxDdxF7FqTKrg7jVhPtu+n6UsJlzv
CXsJkKYZwyESZ5oNjCyqYkkkQP0JChl886OPFY507/Xn3gl3qj/Sh7FZyUuLZ92X
aTHCJ5AHGwQKFnVO1YLXWDcn0F3NIq90YHJ1NsxNvNXZJmcCyBTMtDJGq3q/6Xqz
qXpVoT/9XHHStrKYvi2lut/PFMC6nciixmiNaVbE5Aok5eNhG8wUTsUVRIr8+O/i
07aQBeg7RJ7lW6oQ4/kdfufQbQHuQNchQzkdvQf3azXCXBTJ/+Z6uQuVg32MVsjq
fRO2BtrWjsAVThpeVAdfQb2b43wmL9HBhivqYaBK1gI
-> piv-p256 grR75w A9sg2H7x+75AK9ErkbqMkC06KEDy2Q34seCXCGUguz6H
1TchlkXOzymAT+eDr4bpwugeLQ7gAKRvdYC2xcd9DL8
-> piv-p256 RQguQQ A364N/An/SMqBAp0yrLB0/osdlmz/MgZFG4RB6Os2fLX
V4qtGLbpJrTTFWCfTMcWpuVUiLflDdxXkMqPOtG1R/k
--- O4Xqa0RavBa09l9txN/oIQjAeZIYsur2UsxaSRmhAdE
«à´<>`˜Ñò°DkÚÊ/9¤ÊÀo Qz#fINª¶J<C2B6>ú3•KoÚµ@§>·Zzê²Ip•ÃÚhäû

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.