Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:a78df4aec185aed249467a30f9407ffbc675d0af
Branches Tags
Kabbone:main Kabbone:refactor
..
compare: Kabbone:main
Branches Tags
Kabbone:main Kabbone:refactor

116 Commits
a78df4aec1 ... main

Author SHA1 Message Date
Kabbone
f6aa846798 flake update 2026-01-30 12:33:24 +01:00
Kabbone
31691c17fb noctalia: add pwvucontrol 2026-01-30 12:28:43 +01:00
Kabbone
920876d436 flake update 2026-01-23 13:00:48 +01:00
Kabbone
f68bfe1ab6 flake update 2026-01-11 09:08:48 +01:00
Kabbone
9c4168dc5b flake update and uncomment zsh config 2026-01-05 08:28:33 +01:00
Kabbone
86f76f418a lifebook: enable virutalisation 2025-12-29 20:33:48 +01:00
Kabbone
1fed2ab17c flake update and correcting microvm url 2025-12-29 15:29:34 +01:00
Kabbone
4cc6f0d183 add cloud-hypervisor and small niri floating fix 2025-12-29 15:29:12 +01:00
Kabbone
fdf38fdfae flake update 2025-12-28 16:39:47 +01:00
Kabbone
7559b4354c fix niri home import 2025-12-28 16:39:34 +01:00
Kabbone
e912b656a3 niri final touches on desktop 2025-12-27 15:56:43 +01:00
Kabbone
b62c5850dc initial niri config 2025-12-26 18:51:26 +01:00
Kabbone
ab6e1aa16e set environment for niri and cleanups 2025-12-26 17:54:45 +01:00
Kabbone
77b5652449 flake update 2025-12-26 12:59:13 +01:00
Kabbone
726e4e9432 add wallpaper 2025-12-26 12:38:25 +01:00
Kabbone
95e20a7dfe fix zsh ini for Wayland 2025-12-26 12:29:27 +01:00
Kabbone
e14992e9fd noctalia configuration and basic niri setup 2025-12-26 12:28:22 +01:00
Kabbone
c1f4c25cb6 lifebook: move to niri 
disable ssh agent in desktop config
 2025-12-23 14:29:54 +01:00
Kabbone
1dc51c4bc4 lifebook: switch to xe 2025-12-23 10:39:41 +01:00
Kabbone
ef662a0cab disable privacyextension on jupiter 2025-12-23 09:37:50 +01:00
Kabbone
bebe13d760 give hosts dns domain list 2025-12-22 12:41:31 +01:00
Kabbone
4c21950c3a flake update 
remove nbf5
 2025-12-22 10:47:57 +01:00
Kabbone
ac664dce9b flake update 2025-12-13 10:30:58 +01:00
Kabbone
a9d12ea535 enable imaginary and cleanup 2025-12-07 11:53:30 +01:00
Kabbone
1827e4eebf remove whiteboard collab 2025-12-07 11:43:17 +01:00
Kabbone
861dd0bab4 update to nextcloud32 and enable whiteboard 2025-12-07 11:24:36 +01:00
Kabbone
55342f4912 update to 25.11 with config changes 2025-12-06 16:48:39 +01:00
Kabbone
01e47e808e flake update 2025-11-30 18:02:54 +01:00
Kabbone
76774565a9 flake update 2025-11-23 11:01:03 +01:00
Kabbone
e288514e33 flake update 2025-11-15 19:57:16 +01:00
Kabbone
4e4b696177 fix element window on specific workspace 2025-11-15 19:53:10 +01:00
Kabbone
c83ec90489 move back to element 2025-11-13 19:44:46 +01:00
Kabbone
d71af6a1c9 flake update 2025-11-13 15:50:50 +01:00
Kabbone
35d2f5afe0 update flake and some update fixes 2025-11-02 16:05:39 +01:00
Kabbone
d69e4f2d3e openrgb need insecure package 2025-10-26 15:54:43 +01:00
Kabbone
8300a32027 flake update 
add nheko instead of element
 2025-10-26 15:45:57 +01:00
Kabbone
9108daaffb server: mealie: use unstable 2025-10-19 13:08:48 +02:00
Kabbone
2a3079f35e desktop: move to nheko with gnome-keyring 2025-10-18 14:58:03 +02:00
Kabbone
687fd92a94 new flake structure and overlays for unstable 2025-10-18 14:55:26 +02:00
Kabbone
e8c9cd32fd flake update 2025-10-14 20:05:37 +02:00
Kabbone
675e3cfb86 nas: syncthing: correct nginx settings 2025-10-12 18:17:51 +02:00
Kabbone
9a593ba9a1 syncthing: add lifebook key 2025-10-12 18:13:12 +02:00
Kabbone
bc7fbcfc7d lifebook: start syncthing 2025-10-12 18:04:45 +02:00
Kabbone
a43fdc77f8 hades: start syncthing 2025-10-12 17:58:15 +02:00
Kabbone
c2f53e4533 hades: start syncthing 2025-10-12 17:54:23 +02:00
Kabbone
43cfd4b6d3 nas: start syncthing 2025-10-12 17:34:32 +02:00
Kabbone
ea0beb9673 update flake 2025-10-11 07:55:28 +02:00
Kabbone
f3063e36d9 add build script for local dev 2025-10-11 07:55:16 +02:00
Kabbone
0e48154dec server: mealie: add openai 2025-10-11 07:54:52 +02:00
Kabbone
8ae9830eba server: create mealie group 2025-10-10 20:05:44 +02:00
Kabbone
23adee92a6 server: create mealie user 2025-10-10 20:02:40 +02:00
Kabbone
9c2a801040 rekey 2025-10-10 19:39:10 +02:00
Kabbone
97b66828ca server: add mealie 2025-10-09 22:14:51 +02:00
Kabbone
d978497b7c flake update 2025-10-09 20:21:07 +02:00
Kabbone
a9ab9e64ba nas: add syncthing module 2025-10-07 15:10:50 +02:00
Kabbone
234904c08f flake update 2025-09-28 09:12:58 +02:00
Kabbone
60b69e0049 flake update 2025-09-15 13:05:03 +02:00
Kabbone
fc71ffdb18 basic implementation for own packages/services 2025-09-15 13:04:20 +02:00
Kabbone
583dd62731 corosync-qnetd package and service module working 2025-09-15 13:04:19 +02:00
Kabbone
9bf0ad396f buildable corosync-qdevice 2025-09-15 13:04:17 +02:00
Kabbone
cac8871e58 lifebook: use fqdn for nas 2025-09-14 21:05:15 +02:00
Kabbone
9a49312c80 update flake and adjust path of zsh dotdir 2025-09-07 16:28:24 +02:00
Kabbone
c5daa6ebcc flake update 2025-08-17 17:01:31 +02:00
Kabbone
d2000aea1b dmz: disable hydra 2025-08-15 15:38:31 +02:00
Kabbone
f1a5237eb3 flake update 2025-08-10 16:19:59 +02:00
Kabbone
6d15652b2e flake update 2025-08-03 12:11:38 +02:00
Kabbone
e48386377e flake update 2025-07-24 19:44:37 +02:00
Kabbone
1283f7c68e flake update 2025-07-18 20:27:31 +02:00
Kabbone
2a541c3be1 flake update 2025-07-11 08:24:46 +02:00
Kabbone
8b30475ff7 move epapirus to papirus theme 2025-07-07 12:33:41 +02:00
Kabbone
ee9662de09 flake update 2025-07-06 09:59:34 +02:00
Kabbone
cd2da22c8a flake update 2025-06-29 12:59:00 +02:00
Kabbone
efa8d20ee1 add postprocessing to klipper 2025-06-25 20:16:31 +02:00
Kabbone
4ba1798f4a flake update 2025-06-23 19:49:32 +02:00
Kabbone
827de072c7 flake update 2025-06-16 10:22:55 +02:00
Kabbone
b12d78ddee flake update 2025-06-09 19:56:51 +02:00
Kabbone
393ec69541 server: nextcloud: set enabledPreviewproviders for HEIC 2025-06-01 21:30:08 +02:00
Kabbone
f2fe113e8c server: nextcloud: explicitly add imagemagick for heic 2025-06-01 21:00:52 +02:00
Kabbone
828e2d0fde lifebook remove checkReversePath 2025-05-28 16:16:06 +02:00
Kabbone
69733fa69a kabbone_mautrix-whatsapp disable doc for now 2025-05-28 14:07:05 +02:00
Kabbone
671e3db9cf server: write own mautrix-whatsapp module and switch to it 2025-05-28 13:58:25 +02:00
Kabbone
fbeff17bb4 remove postgresql update import 2025-05-28 13:55:57 +02:00
Kabbone
333d829a6f change whatsapp module 2025-05-27 15:24:34 +02:00
Kabbone
b5bfa3a4b2 fix mautrix-signal/whatsapp logging and remove old secrets 2025-05-27 14:27:49 +02:00
Kabbone
029421bd4b move mautrix-whatsapp to module 2025-05-27 14:02:49 +02:00
Kabbone
6529d08626 fix config indentations for signal and remove old secrets 2025-05-27 12:38:46 +02:00
Kabbone
7a85f55a52 move mautrix-signal to module 2025-05-27 12:00:25 +02:00
Kabbone
08ed5fa57c fix mautrix-telegram 2025-05-27 11:12:24 +02:00
Kabbone
4a04bece79 fix network interface on dmz,nasbak 2025-05-27 09:52:44 +02:00
Kabbone
c1587221f7 fix network interface on jupiter 2025-05-27 09:24:00 +02:00
Kabbone
126161d083 update mautrix-telegram 2025-05-26 20:05:01 +02:00
Kabbone
764ed27bf3 update nextcloud to 31 2025-05-26 19:33:31 +02:00
Kabbone
c0e0174e21 upgrade to 25.05 2025-05-26 17:26:33 +02:00
Kabbone
77dbece69a don't use root for moonraker 2025-05-24 15:42:28 +02:00
Kabbone
e6d9ee7618 work on moonraker 2025-05-22 22:24:20 +02:00
Kabbone
0055fb07c4 add discord 
add zmkBATx
remove 2in1screen
 2025-05-22 22:21:01 +02:00
Kabbone
53b449206c hydra: restrict nix usage to 5 cores 1 job 2025-05-17 10:16:22 +02:00
Kabbone
c14d3ebda0 flake update 2025-05-17 08:31:11 +02:00
Kabbone
4e0ae0669d bring hydraCache back 2025-05-12 19:13:05 +02:00
Kabbone
7895f0a8b0 nix: restrict max-jobs to 4 2025-05-12 15:15:04 +02:00
Kabbone
6e1886bafd hydra: restrict starman workers to 10 2025-05-12 14:57:06 +02:00
Kabbone
25f7ae62fa hydra: restrict to 4 cores 2025-05-12 14:55:02 +02:00
Kabbone
54242cf3a0 hydra: add manual psql users 2025-05-11 20:06:13 +02:00
Kabbone
1f16da64e6 remove test secret 2025-05-11 12:59:11 +02:00
Kabbone
c20accd28f try to trigger agenix 2025-05-11 12:46:37 +02:00
Kabbone
5385dac890 flake update 2025-05-11 12:34:39 +02:00
Kabbone
0dc270abc2 hydra: increase freeSpaceLimit and remove ACME generics 2025-05-11 12:02:23 +02:00
Kabbone
a33271a8fa rekey secrets 2025-05-10 11:26:16 +02:00
Kabbone
b824ff3a89 rekey secrets 2025-05-10 11:15:52 +02:00
Kabbone
d05f436d00 add local hydra to postgresql 2025-05-10 11:13:47 +02:00
Kabbone
f34f8a78a3 add kabtop to builds 2025-05-10 11:10:45 +02:00
Kabbone
8963bb3542 move hydra to kabtop 2025-05-10 10:52:15 +02:00
Kabbone
0304d77257 disable hydraCache for now 2025-05-09 19:10:05 +02:00
Kabbone
0058f7c35f nbf5: add klipper config 2025-05-06 22:04:20 +02:00
Kabbone
a3e524de87 nbf5: remove sway 2025-05-05 22:03:15 +02:00
Kabbone
ed0ed35233 flake update 2025-05-05 22:02:56 +02:00
84 changed files with 2363 additions and 778 deletions
Expand all files Collapse all files

3
.gitattributes vendored Normal file
View File

@@ -0,0 +1,3 @@
*.jpg filter=lfs diff=lfs merge=lfs -text
*.svg filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text

274
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1736955230, "lastModified": 1762618334,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c", "rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -25,11 +25,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1741481578, "lastModified": 1769287525,
"narHash": "sha256-JBTSyJFQdO3V8cgcL08VaBUByEU6P5kXbTJN6R0PFQo=", "narHash": "sha256-gABuYA6BzoRMLuPaeO5p7SLrpd4qExgkwEmYaYQY4bM=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "bb1c9567c43e4434f54e9481eb4b8e8e0d50f0b5", "rev": "0314e365877a85c9e5758f9ea77a9972afbb4c21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -46,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1744478979,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -63,63 +63,24 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1767039857,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra", "owner": "NixOS",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "edolstra", "owner": "NixOS",
"repo": "flake-compat", "repo": "flake-compat",
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"pre-commit-hooks-nix", "pre-commit",
"nixpkgs" "nixpkgs"
] ]
}, },
@@ -145,11 +106,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1745494811,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -165,11 +126,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745256380, "lastModified": 1769723138,
"narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=", "narHash": "sha256-kgkwjs33YfJasADIrHjHcTIDs3wNX0xzJhnUP+oldEw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac", "rev": "175532b6275b34598a0ceb1aef4b9b4006dd4073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -185,27 +146,52 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1744743431, "lastModified": 1769580047,
"narHash": "sha256-iyn/WBYDc7OtjSawbegINDe/gIkok888kQxk3aVnkgg=", "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c61bfe3ae692f42ce688b5865fac9e0de58e1387", "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs"
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1769548169,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -222,11 +208,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745044299, "lastModified": 1769596123,
"narHash": "sha256-/A/xjRjJY9CGcgOHQ5kTxV7VIJxac86i6NQ5CejMzZc=", "narHash": "sha256-kcElu+HiwNIJiaNH41IdemFaaGyU3TqI4ebx5CQMHFs=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "c7ff1a4578eb11ef84288941aa23e385b6fde635", "rev": "d6bf85533180720680544a0791c7334e315c4fd6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -238,20 +224,18 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit": "pre-commit",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1745217777, "lastModified": 1769417433,
"narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=", "narHash": "sha256-0WZ7I/N9InaBHL96/qdiJxg8mqFW3vRla8Z062JmQFE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "e4cf2086105f47a22f92985358db295a20746abb", "rev": "1902463415745b992dbaf301b2a35a1277be1584",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -263,22 +247,21 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1745262696, "lastModified": 1769624238,
"narHash": "sha256-hbk/u7Tyl7PUw+e9fa2Vk3VKchy7zovEAjichIoZvTM=", "narHash": "sha256-qeXiVWfblS5w/gxwklncxfXPrdpyPJ3OGvgXKekXzaM=",
"owner": "astro", "owner": "microvm-nix",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "ae53cb29425c3077d7b088bec5d2bd9275594db3", "rev": "43406f57d740f96428a8df14d2fba80f437ca79a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "astro", "owner": "microvm-nix",
"repo": "microvm.nix", "repo": "microvm.nix",
"type": "github" "type": "github"
} }
@@ -307,11 +290,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1744633460, "lastModified": 1769302137,
"narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -323,27 +306,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1744440957, "lastModified": 1768564909,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1744932701,
"narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef", "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -353,12 +320,61 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": { "nixpkgs-unstable": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769598131,
"narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"noctalia": {
"inputs": { "inputs": {
"flake-compat": [ "nixpkgs": [
"lanzaboote", "nixpkgs"
"flake-compat" ]
], },
"locked": {
"lastModified": 1769743095,
"narHash": "sha256-yZ1bR3ducegfyauYnZ6JRbLQnIwxMWM7P2PioyEtsMk=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "4dea7d37801d705cf977ce69fd3ee87a3c995fe5",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@@ -366,11 +382,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741379162, "lastModified": 1769069492,
"narHash": "sha256-srpAbmJapkaqGRE3ytf3bj4XshspVR5964OX5LfjDWc=", "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "b5a62751225b2f62ff3147d0a334055ebadcd5cc", "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -389,8 +405,9 @@
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable",
"noctalia": "noctalia"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -401,11 +418,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741573199, "lastModified": 1769309768,
"narHash": "sha256-A2sln1GdCf+uZ8yrERSCZUCqZ3JUlOv1WE2VFqqfaLQ=", "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "c777dc8a1e35407b0e80ec89817fe69970f4e81a", "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -417,11 +434,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733308308, "lastModified": 1759482047,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
"revCount": 792, "revCount": 996,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@@ -444,21 +461,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

58
flake.nix
View File

@@ -9,21 +9,20 @@
{ {
description = "Kabbone's peronal NixOS Flake config"; description = "Kabbone's peronal NixOS Flake config";
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = {
{
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = { microvm = {
url = "github:astro/microvm.nix"; url = "github:microvm-nix/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-24.11"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -47,10 +46,52 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. };
rec {
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
home-manager-unstable,
agenix,
jovian-nixos,
microvm,
impermanence,
lanzaboote,
...
} @ inputs: rec {
inherit (self) outputs;
systems = [
# "aarch64-linux"
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
#in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system: import ./packages nixpkgs.legacyPackages.${system});
# Formatter for your nix files, available through 'nix fmt'
# Other options beside 'alejandra' include 'nixpkgs-fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
# Your custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;};
# Reusable nixos modules you might want to export
# These are usually stuff you would upstream into nixpkgs
#nixosModules = import ./modules/kabbone;
# Reusable home-manager modules you might want to export
# These are usually stuff you would upstream into home-manager
#homeManagerModules = import ./modules/home-manager;
nixosConfigurations = ( # NixOS configurations nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
@@ -59,6 +100,7 @@
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
} }
); );
hydraJobs = { hydraJobs = {
"steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel; "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = nixosConfigurations.hades.config.system.build.toplevel; "hades" = nixosConfigurations.hades.config.system.build.toplevel;
@@ -69,6 +111,4 @@
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel; "dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
}; };
}; };
} }

14
hosts/configuration_desktop.nix
View File

@@ -47,6 +47,7 @@
}; };
security = { security = {
pam.services.login.enableGnomeKeyring = true;
rtkit.enable = true; rtkit.enable = true;
pki.certificateFiles = [ pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
@@ -160,18 +161,9 @@
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true; zsh.enable = true;
dconf.enable = true; dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
};
}; };
#xdg.portal = { # Required for flatpak
# enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
#};
nix = { # Nix Package Manager settings nix = { # Nix Package Manager settings
settings ={ settings ={
auto-optimise-store = true; # Optimise syslinks auto-optimise-store = true; # Optimise syslinks
@@ -187,6 +179,10 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
"mbedtls-2.28.10"
];
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update

33
hosts/default.nix
View File

@@ -36,6 +36,11 @@ let
config.allowUnfree = true; # Allow proprietary software config.allowUnfree = true; # Allow proprietary software
}; };
pkgs-kabbone = import ../packages {
inherit system;
inherit pkgs;
};
lib = nixpkgs.lib; lib = nixpkgs.lib;
users.defaultShell = "pkgs.zsh"; users.defaultShell = "pkgs.zsh";
@@ -43,7 +48,7 @@ in
{ {
hades = lib.nixosSystem { # Desktop profile hades = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix microvm nixpkgs lanzaboote; }; specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix microvm nixpkgs lanzaboote pkgs-kabbone; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
@@ -91,28 +96,6 @@ in
]; ];
}; };
nbf5 = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix; };
modules = [
agenix.nixosModules.default
./nbf5
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./nbf5/home.nix)];
};
}
];
};
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system; inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; }; specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; };
@@ -160,7 +143,7 @@ in
kabtop = lib.nixosSystem { # Desktop profile kabtop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs pkgs-unstable impermanence; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
@@ -205,7 +188,7 @@ in
jupiter = lib.nixosSystem { # Desktop profile jupiter = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix pkgs-kabbone; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./jupiter ./jupiter

35
hosts/desktop/default.nix
View File

@@ -17,14 +17,15 @@
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, lib, ... }: { inputs, lib, config, pkgs, user, nixpkgs, pkgs-kabbone, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager [(import ../../modules/wm/niri/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
#[(import ../../modules/kabbone/corosync-qdevice.nix)] ++ # corosync qdevice quorum
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
@@ -54,8 +55,9 @@
# }; # };
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = [
linux-firmware pkgs.linux-firmware
#pkgs-kabbone.corosync-qdevice
]; ];
}; };
@@ -75,7 +77,28 @@
enable = true; enable = true;
motherboard = "amd"; motherboard = "amd";
}; };
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
}; };
} }

3
hosts/desktop/home.nix
View File

@@ -17,7 +17,7 @@
imports = imports =
[ [
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager ../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
@@ -30,7 +30,6 @@
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
#nheko #nheko
pulsemixer pulsemixer
#yubioath-flutter #yubioath-flutter

4
hosts/dmz/hardware-configuration.nix
View File

@@ -81,9 +81,9 @@
enable = true; enable = true;
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "ens18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;

14
hosts/home.nix
View File

@@ -55,14 +55,17 @@
# Apps # Apps
galculator galculator
tdesktop telegram-desktop
hdparm hdparm
python3Full python3
android-tools android-tools
calibre calibre
mtpfs mtpfs
vimiv-qt vimiv-qt
freecad freecad
discord
vesktop
element-desktop
# Fileanagement # Fileanagement
kdePackages.ark kdePackages.ark
@@ -70,7 +73,7 @@
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files unzip # Zip files
unrar # Rar files unrar # Rar files
epapirus-icon-theme papirus-icon-theme
arc-theme arc-theme
# General configuration # General configuration
@@ -79,7 +82,6 @@
gimp gimp
# Flatpak # Flatpak
prusa-slicer
#vscodium #vscodium
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
@@ -88,8 +90,8 @@
github.copilot github.copilot
#ms-python.python #ms-python.python
ms-vscode.cpptools ms-vscode.cpptools
dracula-theme.theme-dracula catppuccin.catppuccin-vsc-icons
catppuccin.catppuccin-vsc
]; ];
}) })

2
hosts/home_server.nix
View File

@@ -42,7 +42,7 @@
# Apps # Apps
hdparm hdparm
python3Full python3
# File Management # File Management
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/

11
hosts/jupiter/default.nix
View File

@@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, ... }: { config, pkgs, user, pkgs-kabbone, ... }:
{ {
imports = # For now, if applying to other ssystem, swap files imports = # For now, if applying to other ssystem, swap files
@@ -40,10 +40,11 @@
}; };
# environment = { # environment = {
# systemPackages = with pkgs; [ # systemPackages = with pkgs-kabbone; [
## simple-scan # corosync-qdevice
## intel-media-driver ### simple-scan
## alacritty ### intel-media-driver
### alacritty
# ]; # ];
# }; # };

15
hosts/jupiter/hardware-configuration.nix
View File

@@ -193,12 +193,23 @@
enable = true; enable = true;
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "ens18";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
IPv6PrivacyExtensions=false;
};
ipv6AcceptRAConfig = {
DHCPv6Client = "always";
UseDNS = true;
};
dhcpV4Config = {
UseDNS = true;
};
dhcpV6Config = {
UseDNS = true;
}; };
}; };
}; };

2
hosts/kabtop/default.nix
View File

@@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, agenix, impermanence, ... }: { config, pkgs, pkgs-unstable, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files

2
hosts/kubemaster-1/hardware-configuration.nix
View File

@@ -83,7 +83,7 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp0s31f6"; matchConfig.Name = "enp0s31f6";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;

34
hosts/lifebook/default.nix
View File

@@ -17,14 +17,13 @@
# └─ default.nix # └─ default.nix
# #
{ lib, config, pkgs, user, ... }: { inputs, lib, config, pkgs, user, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager [(import ../../modules/wm/niri/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
@@ -55,6 +54,7 @@
systemPackages = with pkgs; [ systemPackages = with pkgs; [
linux-firmware linux-firmware
intel-media-driver intel-media-driver
intel-compute-runtime
]; ];
}; };
@@ -64,7 +64,7 @@
systemd.sleep.extraConfig = "HibernateDelaySec=1h"; systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = { services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true; blueman.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
@@ -76,6 +76,28 @@
}; };
}; };
#tailscale.enable = true; #tailscale.enable = true;
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
}; };
} }

9
hosts/lifebook/hardware-configuration.nix
View File

@@ -34,7 +34,8 @@
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ]; kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = '' extraModprobeConfig = ''
options i915 enable_guc=3 options i915 force_probe=!9a49
options xe force_probe=9a49
''; '';
tmp.useTmpfs = false; tmp.useTmpfs = false;
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
@@ -172,13 +173,13 @@
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto"; { device = "jupiter.home.opel-online.de:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars"; { device = "jupiter.home.opel-online.de:/Mars";
fsType = "nfs"; fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
@@ -210,7 +211,7 @@
#defaultGateway = "192.168.0.1"; #defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ]; #nameservers = [ "192.168.0.4" ];
firewall = { firewall = {
#checkReversePath = false; checkReversePath = false;
enable = true; enable = true;
allowedUDPPorts = [ 24727 51820 ]; allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ]; allowedTCPPorts = [ 24727 ];

3
hosts/lifebook/home.nix
View File

@@ -17,7 +17,7 @@
imports = imports =
[ [
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager ../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
@@ -30,7 +30,6 @@
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools intel-gpu-tools
pulsemixer pulsemixer

4
hosts/nasbackup/hardware-configuration.nix
View File

@@ -199,9 +199,9 @@
enable = true; enable = true;
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "ens18";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;

9
hosts/nbf5/default.nix
View File

@@ -23,10 +23,11 @@
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager #[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager # [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware) ++
(import ../../modules/services/printer); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@@ -43,9 +44,7 @@
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [
# simple-scan
intel-media-driver intel-media-driver
# alacritty
]; ];
}; };
@@ -73,8 +72,6 @@
userServices = true; userServices = true;
}; };
}; };
mainsail.enable = true;
}; };
#temporary bluetooth fix #temporary bluetooth fix

10
hosts/nbf5/hardware-configuration.nix
View File

@@ -134,13 +134,9 @@
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "nbf5"; hostName = "nbf5";
wireless.iwd.enable = true; wireless = {
networkmanager = { iwd.enable = true;
enable = true; interfaces = [ "wlan0" ];
wifi = {
backend = "iwd";
powersave = true;
};
}; };
interfaces = { interfaces = {
wlan0 = { wlan0 = {

2
hosts/nbf5/home.nix
View File

@@ -17,7 +17,7 @@
imports = imports =
[ [
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager #../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];

1
hosts/steamdeck/home.nix
View File

@@ -35,7 +35,6 @@
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
pulsemixer pulsemixer
#yuzu-early-access #yuzu-early-access

3
modules/hardware/bluetooth.nix
View File

@@ -14,4 +14,7 @@
}; };
}; };
}; };
environment.systemPackages = with pkgs; [
zmkBATx
];
} }

75
modules/kabbone/corosync-qdevice.nix Normal file
View File

@@ -0,0 +1,75 @@
{
lib,
config,
pkgs,
pkgs-kabbone,
...
}:
let
cfg = config.services.corosync-qnetd;
dataDir = "/var/run/corosync-qnetd";
in
{
# interface
options.services.corosync-qnetd = {
enable = lib.mkEnableOption "corosync-qnetd";
package = lib.mkPackageOption pkgs-kabbone "corosync-qdevice" { };
extraOptions = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
description = "Additional options with which to start corosync-qnetd.";
};
};
# implementation
# implementation
config = lib.mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
users.users.coroqnetd = {
isSystemUser = true;
group = "coroqnetd";
home = dataDir;
description = "Corosync-qnetd Service User";
};
users.groups.coroqnetd = { };
# environment.etc."corosync/corosync-qnetd.conf".text = ''
# totem {
# version: 2
# secauth: on
# cluster_name: ${cfg.clusterName}
# transport: knet
# }
# logging {
# to_syslog: yes
# }
# '';
systemd.packages = [ cfg.package ];
systemd.services.corosync-qnetd = {
serviceConfig = {
User = "coroqnetd";
StateDirectory = "corosync-qnetd";
StateDirectoryMode = "0700";
};
};
environment.etc."sysconfig/corosync-qnetd".text = lib.optionalString (cfg.extraOptions != [ ]) ''
COROSYNC-QNETD_OPTIONS="${lib.escapeShellArgs cfg.extraOptions}"
'';
};
meta = {
#buildDocsInSandbox = false;
#doc = ./mautrix-whatsapp.md;
maintainers = with lib.maintainers; [
kabbone
];
};
}

32
modules/kabbone/mautrix-whatsapp.md Normal file
View File

@@ -0,0 +1,32 @@
# Mautrix-Whatsapp {#module-services-mautrix-whatsapp}
[Mautrix-Whatsapp](https://github.com/mautrix/whatsapp) is a Matrix-Whatsapp puppeting bridge.
## Configuration {#module-services-mautrix-whatsapp-configuration}
1. Set [](#opt-services.mautrix-whatsapp.enable) to `true`. The service will use
SQLite by default.
2. To create your configuration check the default configuration for
[](#opt-services.mautrix-whatsapp.settings). To obtain the complete default
configuration, run
`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c default.yaml -e"`.
::: {.warning}
Mautrix-Whatsapp allows for some options like `encryption.pickle_key`,
`provisioning.shared_secret`, allow the value `generate` to be set.
Since the configuration file is regenerated on every start of the
service, the generated values would be discarded and might break your
installation. Instead, set those values via
[](#opt-services.mautrix-whatsapp.environmentFile).
:::
## Migrating from an older configuration {#module-services-mautrix-whatsapp-migrate-configuration}
With Mautrix-Whatsapp v0.7.0 the configuration has been rearranged. Mautrix-Whatsapp
performs an automatic configuration migration so your pre-0.7.0 configuration
should just continue to work.
In case you want to update your NixOS configuration, compare the migrated configuration
at `/var/lib/mautrix-whatsapp/config.yaml` with the default configuration
(`nix-shell -p mautrix-whatsapp --run "mautrix-whatsapp -c example.yaml -e"`) and
update your module configuration accordingly.

280
modules/kabbone/mautrix-whatsapp.nix Normal file
View File

@@ -0,0 +1,280 @@
{
lib,
config,
pkgs,
...
}:
let
cfg = config.services.kabbone_mautrix-whatsapp;
dataDir = "/var/lib/mautrix-whatsapp";
registrationFile = "${dataDir}/whatsapp-registration.yaml";
settingsFile = "${dataDir}/config.yaml";
settingsFileUnsubstituted = settingsFormat.generate "mautrix-whatsapp-config-unsubstituted.json" cfg.settings;
settingsFormat = pkgs.formats.json { };
appservicePort = 29318;
# to be used with a list of lib.mkIf values
optOneOf = lib.lists.findFirst (value: value.condition) (lib.mkIf false null);
mkDefaults = lib.mapAttrsRecursive (n: v: lib.mkDefault v);
defaultConfig = {
network = {
displayname_template = "{{or .BusinessName .PushName .Phone}} (WA)";
identity_change_notices = true;
history_sync = {
request_full_sync = true;
};
};
bridge = {
command_prefix = "!wa";
relay.enabled = true;
permissions."*" = "relay";
};
database = {
type = "sqlite3";
uri = "file:${dataDir}/mautrix-whatsapp.db?_txlock=immediate";
};
homeserver.address = "http://localhost:8448";
appservice = {
hostname = "[::]";
port = appservicePort;
id = "whatsapp";
bot = {
username = "whatsappbot";
displayname = "WhatsApp Bridge Bot";
};
as_token = "";
hs_token = "";
username_template = "whatsapp_{{.}}";
};
double_puppet = {
servers = { };
secrets = { };
};
# By default, the following keys/secrets are set to `generate`. This would break when the service
# is restarted, since the previously generated configuration will be overwritten everytime.
# If encryption is enabled, it's recommended to set those keys via `environmentFile`.
encryption.pickle_key = "";
provisioning.shared_secret = "";
public_media.signing_key = "";
direct_media.server_key = "";
logging = {
min_level = "info";
writers = lib.singleton {
type = "stdout";
format = "pretty-colored";
time_format = " ";
};
};
};
in
{
options.services.kabbone_mautrix-whatsapp = {
enable = lib.mkEnableOption "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge";
package = lib.mkPackageOption pkgs "mautrix-whatsapp" { };
settings = lib.mkOption {
apply = lib.recursiveUpdate defaultConfig;
type = settingsFormat.type;
default = defaultConfig;
description = ''
{file}`config.yaml` configuration as a Nix attribute set.
Configuration options should match those described in the example configuration.
Get an example configuration by executing `mautrix-whatsapp -c example.yaml --generate-example-config`
Secret tokens should be specified using {option}`environmentFile`
instead of this world-readable attribute set.
'';
example = {
bridge = {
private_chat_portal_meta = true;
mute_only_on_create = false;
permissions = {
"example.com" = "user";
};
};
database = {
type = "postgres";
uri = "postgresql:///mautrix_whatsapp?host=/run/postgresql";
};
homeserver = {
address = "http://[::1]:8008";
domain = "my-domain.tld";
};
appservice = {
id = "whatsapp";
ephemeral_events = false;
};
matrix.message_status_events = true;
provisioning = {
shared_secret = "disable";
};
backfill.enabled = true;
encryption = {
allow = true;
default = true;
require = true;
pickle_key = "$ENCRYPTION_PICKLE_KEY";
};
};
};
environmentFile = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
description = ''
File containing environment variables to be passed to the mautrix-signal service.
If an environment variable `MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET` is set,
then its value will be used in the configuration file for the option
`double_puppet.secrets` without leaking it to the store, using the configured
`homeserver.domain` as key.
'';
};
serviceDependencies = lib.mkOption {
type = with lib.types; listOf str;
default =
(lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (lib.optional config.services.matrix-conduit.enable "conduit.service");
defaultText = lib.literalExpression ''
(optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit)
++ (optional config.services.matrix-conduit.enable "conduit.service")
'';
description = ''
List of systemd units to require and wait for when starting the application service.
'';
};
registerToSynapse = lib.mkOption {
type = lib.types.bool;
default = config.services.matrix-synapse.enable;
defaultText = lib.literalExpression ''
config.services.matrix-synapse.enable
'';
description = ''
Whether to add the bridge's app service registration file to
`services.matrix-synapse.settings.app_service_config_files`.
'';
};
};
config = lib.mkIf cfg.enable {
users.users.mautrix-whatsapp = {
isSystemUser = true;
group = "mautrix-whatsapp";
home = dataDir;
description = "Mautrix-Whatsapp bridge user";
};
users.groups.mautrix-whatsapp = { };
services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
settings.app_service_config_files = [ registrationFile ];
};
systemd.services.matrix-synapse = lib.mkIf cfg.registerToSynapse {
serviceConfig.SupplementaryGroups = [ "mautrix-whatsapp" ];
};
# Note: this is defined here to avoid the docs depending on `config`
services.kabbone_mautrix-whatsapp.settings.homeserver = optOneOf (
with config.services;
[
(lib.mkIf matrix-synapse.enable (mkDefaults {
domain = matrix-synapse.settings.server_name;
}))
(lib.mkIf matrix-conduit.enable (mkDefaults {
domain = matrix-conduit.settings.global.server_name;
address = "http://localhost:${toString matrix-conduit.settings.global.port}";
}))
]
);
systemd.services.kabbone_mautrix-whatsapp = {
description = "mautrix-whatsapp, a Matrix-Whatsapp puppeting bridge.";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ] ++ cfg.serviceDependencies;
after = [ "network-online.target" ] ++ cfg.serviceDependencies;
# ffmpeg is required for conversion of voice messages
path = [ pkgs.ffmpeg-headless ];
preStart = ''
# substitute the settings file by environment variables
# in this case read from EnvironmentFile
test -f '${settingsFile}' && rm -f '${settingsFile}'
old_umask=$(umask)
umask 0177
${pkgs.envsubst}/bin/envsubst \
-o '${settingsFile}' \
-i '${settingsFileUnsubstituted}'
umask $old_umask
# generate the appservice's registration file if absent
if [ ! -f '${registrationFile}' ]; then
${cfg.package}/bin/mautrix-whatsapp \
--generate-registration \
--config='${settingsFile}' \
--registration='${registrationFile}'
fi
chmod 640 ${registrationFile}
umask 0177
# 1. Overwrite registration tokens in config
# 2. If environment variable MAUTRIX_SIGNAL_BRIDGE_LOGIN_SHARED_SECRET
# is set, set it as the login shared secret value for the configured
# homeserver domain.
${pkgs.yq}/bin/yq -s '.[0].appservice.as_token = .[1].as_token
| .[0].appservice.hs_token = .[1].hs_token
| .[0]
| if env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET then .double_puppet.secrets.[.homeserver.domain] = env.MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET else . end' \
'${settingsFile}' '${registrationFile}' > '${settingsFile}.tmp'
mv '${settingsFile}.tmp' '${settingsFile}'
umask $old_umask
'';
serviceConfig = {
User = "mautrix-whatsapp";
Group = "mautrix-whatsapp";
EnvironmentFile = cfg.environmentFile;
StateDirectory = baseNameOf dataDir;
WorkingDirectory = dataDir;
ExecStart = ''
${cfg.package}/bin/mautrix-whatsapp \
--config='${settingsFile}' \
--registration='${registrationFile}'
'';
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
Restart = "on-failure";
RestartSec = "30s";
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [ "@system-service" ];
Type = "simple";
UMask = 27;
};
restartTriggers = [ settingsFileUnsubstituted ];
};
};
meta = {
#buildDocsInSandbox = false;
#doc = ./mautrix-whatsapp.md;
maintainers = with lib.maintainers; [
kabbone
];
};
}

21
modules/programs/alacritty.nix
View File

@@ -13,17 +13,16 @@
programs = { programs = {
alacritty = { alacritty = {
enable = true; enable = true;
package = pkgs.alacritty; #settings = {
settings = { # env.term = "screen-256color";
env.term = "screen-256color"; # font = rec { # Font - Laptop has size manually changed at home.nix
font = rec { # Font - Laptop has size manually changed at home.nix # #normal.family = "FiraCode Nerd Font";
#normal.family = "FiraCode Nerd Font"; # normal.family = "Cascadia Code";
normal.family = "Cascadia Code"; # #normal.family = "Intel One Mono";
#normal.family = "Intel One Mono"; # #bold = { style = "Bold"; };
#bold = { style = "Bold"; }; # # size = 8;
# size = 8; # };
}; #};
};
}; };
}; };
} }

2
modules/programs/default.nix
View File

@@ -11,7 +11,7 @@
# #
[ [
./alacritty.nix # ./alacritty.nix
# ./rofi.nix # ./rofi.nix
./firefox.nix ./firefox.nix
#./waybar.nix #./waybar.nix

2
modules/programs/firefox.nix
View File

@@ -18,7 +18,7 @@
# ExtensionSettings = {}; # ExtensionSettings = {};
# }; # };
#}; #};
package = pkgs.firefox-wayland; # package = pkgs.firefox-wayland;
# profiles.kabbone = { # profiles.kabbone = {
# #id = 271987; # #id = 271987;
# name = "kabbone"; # name = "kabbone";

7
modules/services/default.nix
View File

@@ -11,14 +11,15 @@
# #
[ [
./dunst.nix #./dunst.nix
./flameshot.nix #./flameshot.nix
#./picom.nix #./picom.nix
#./polybar.nix #./polybar.nix
#./sxhkd.nix #./sxhkd.nix
#./udiskie.nix #./udiskie.nix
#./redshift.nix #./redshift.nix
./kanshi.nix #./kanshi.nix
./keyring.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

2
modules/services/dmz/default.nix
View File

@@ -12,7 +12,7 @@
[ [
./microvm.nix ./microvm.nix
./hydra.nix # ./hydra.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

2
modules/services/dmz/microvm.nix
View File

@@ -103,7 +103,7 @@ in
id = "vm-${name}"; id = "vm-${name}";
mac = "04:00:00:00:00:01"; mac = "04:00:00:00:00:01";
macvtap = { macvtap = {
link = "enp6s18"; link = "ens18";
mode = "bridge"; mode = "bridge";
}; };
} ]; } ];

14
modules/services/keyring.nix Normal file
View File

@@ -0,0 +1,14 @@
#
# Screenshots
#
{ pkgs, user, ... }:
{
services = { # sxhkd shortcut = Printscreen button (Print)
gnome-keyring = {
enable = true;
};
};
home.packages = with pkgs; [ gcr seahorse ];
}

1
modules/services/nas/default.nix
View File

@@ -14,6 +14,7 @@
./nfs.nix ./nfs.nix
./nginx.nix ./nginx.nix
./vaultwarden.nix ./vaultwarden.nix
./syncthing.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

2
modules/services/nas/nfs.nix
View File

@@ -11,7 +11,7 @@
}; };
# open the firewall # open the firewall
networking.firewall = { networking.firewall = {
interfaces.enp6s18 = { interfaces.ens18 = {
allowedTCPPorts = [ 2049 ]; allowedTCPPorts = [ 2049 ];
}; };
}; };

53
modules/services/nas/syncthing.nix Normal file
View File

@@ -0,0 +1,53 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
services.nginx = {
virtualHosts = {
"syncthing.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
recommendedProxySettings = false;
proxyPass = "http://${toString config.services.syncthing.guiAddress}";
extraConfig = ''
proxy_set_header Host localhost;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
};
};
};
};
}

6
modules/services/printer/cfgs/misc-macros.cfg
View File

@@ -2,8 +2,8 @@
enable_force_move: True enable_force_move: True
# NOTE If you're using a Raspberry Pi, you can uncomment the next 2 lines, optionally. # NOTE If you're using a Raspberry Pi, you can uncomment the next 2 lines, optionally.
[temperature_sensor raspberry_pi] #[temperature_sensor raspberry_pi]
sensor_type: temperature_host #sensor_type: temperature_host
# NOTE If you're using a an Orange Pi, you can uncomment the next 3 lines, optionally. # NOTE If you're using a an Orange Pi, you can uncomment the next 3 lines, optionally.
# [temperature_sensor Orange_Pi] # [temperature_sensor Orange_Pi]
@@ -11,7 +11,7 @@ sensor_type: temperature_host
# sensor_path: /sys/class/thermal/thermal_zone0/temp # sensor_path: /sys/class/thermal/thermal_zone0/temp
[virtual_sdcard] [virtual_sdcard]
path: /home/pi/printer_data/gcodes path: /var/lib/moonraker/gcodes
# NOTE Cancel objects feature is enabled. If you're using a low powered device, comment out [exclude_object]. # NOTE Cancel objects feature is enabled. If you're using a low powered device, comment out [exclude_object].
# Also see [file_manager] section in moonraker.conf. # Also see [file_manager] section in moonraker.conf.

110
modules/services/printer/firmware.conf Normal file
View File

@@ -0,0 +1,110 @@
CONFIG_LOW_LEVEL_OPTIONS=y
# CONFIG_MACH_AVR is not set
# CONFIG_MACH_ATSAM is not set
# CONFIG_MACH_ATSAMD is not set
# CONFIG_MACH_LPC176X is not set
CONFIG_MACH_STM32=y
# CONFIG_MACH_HC32F460 is not set
# CONFIG_MACH_RP2040 is not set
# CONFIG_MACH_PRU is not set
# CONFIG_MACH_AR100 is not set
# CONFIG_MACH_LINUX is not set
# CONFIG_MACH_SIMU is not set
CONFIG_BOARD_DIRECTORY="stm32"
CONFIG_MCU="stm32f103xe"
CONFIG_CLOCK_FREQ=72000000
CONFIG_SERIAL=y
CONFIG_FLASH_SIZE=0x10000
CONFIG_FLASH_BOOT_ADDRESS=0x8000000
CONFIG_RAM_START=0x20000000
CONFIG_RAM_SIZE=0x5000
CONFIG_STACK_SIZE=512
CONFIG_FLASH_APPLICATION_ADDRESS=0x8007000
CONFIG_STM32_SELECT=y
CONFIG_MACH_STM32F103=y
# CONFIG_MACH_STM32F207 is not set
# CONFIG_MACH_STM32F401 is not set
# CONFIG_MACH_STM32F405 is not set
# CONFIG_MACH_STM32F407 is not set
# CONFIG_MACH_STM32F429 is not set
# CONFIG_MACH_STM32F446 is not set
# CONFIG_MACH_STM32F765 is not set
# CONFIG_MACH_STM32F031 is not set
# CONFIG_MACH_STM32F042 is not set
# CONFIG_MACH_STM32F070 is not set
# CONFIG_MACH_STM32F072 is not set
# CONFIG_MACH_STM32G070 is not set
# CONFIG_MACH_STM32G071 is not set
# CONFIG_MACH_STM32G0B0 is not set
# CONFIG_MACH_STM32G0B1 is not set
# CONFIG_MACH_STM32G431 is not set
# CONFIG_MACH_STM32G474 is not set
# CONFIG_MACH_STM32H723 is not set
# CONFIG_MACH_STM32H743 is not set
# CONFIG_MACH_STM32H750 is not set
# CONFIG_MACH_STM32L412 is not set
# CONFIG_MACH_N32G452 is not set
# CONFIG_MACH_N32G455 is not set
# CONFIG_MACH_STM32F103x6 is not set
CONFIG_MACH_STM32F1=y
CONFIG_HAVE_STM32_USBFS=y
CONFIG_HAVE_STM32_CANBUS=y
CONFIG_STM32F103GD_DISABLE_SWD=y
CONFIG_STM32_DFU_ROM_ADDRESS=0
# CONFIG_STM32_FLASH_START_2000 is not set
# CONFIG_STM32_FLASH_START_5000 is not set
CONFIG_STM32_FLASH_START_7000=y
# CONFIG_STM32_FLASH_START_8000 is not set
# CONFIG_STM32_FLASH_START_8800 is not set
# CONFIG_STM32_FLASH_START_9000 is not set
# CONFIG_STM32_FLASH_START_10000 is not set
# CONFIG_STM32_FLASH_START_800 is not set
# CONFIG_STM32_FLASH_START_1000 is not set
# CONFIG_STM32_FLASH_START_4000 is not set
# CONFIG_STM32_FLASH_START_0000 is not set
CONFIG_STM32_CLOCK_REF_8M=y
# CONFIG_STM32_CLOCK_REF_12M is not set
# CONFIG_STM32_CLOCK_REF_16M is not set
# CONFIG_STM32_CLOCK_REF_20M is not set
# CONFIG_STM32_CLOCK_REF_24M is not set
# CONFIG_STM32_CLOCK_REF_25M is not set
# CONFIG_STM32_CLOCK_REF_INTERNAL is not set
CONFIG_CLOCK_REF_FREQ=8000000
CONFIG_STM32F0_TRIM=16
# CONFIG_STM32_USB_PA11_PA12 is not set
CONFIG_STM32_SERIAL_USART1=y
# CONFIG_STM32_SERIAL_USART1_ALT_PB7_PB6 is not set
# CONFIG_STM32_SERIAL_USART2 is not set
# CONFIG_STM32_SERIAL_USART2_ALT_PD6_PD5 is not set
# CONFIG_STM32_SERIAL_USART3 is not set
# CONFIG_STM32_SERIAL_USART3_ALT_PD9_PD8 is not set
# CONFIG_STM32_CANBUS_PA11_PA12 is not set
# CONFIG_STM32_CANBUS_PA11_PB9 is not set
# CONFIG_STM32_MMENU_CANBUS_PB8_PB9 is not set
# CONFIG_STM32_MMENU_CANBUS_PD0_PD1 is not set
CONFIG_SERIAL_BAUD=250000
CONFIG_USB_VENDOR_ID=0x1d50
CONFIG_USB_DEVICE_ID=0x614e
CONFIG_USB_SERIAL_NUMBER="12345"
CONFIG_WANT_GPIO_BITBANGING=y
CONFIG_WANT_DISPLAYS=y
CONFIG_WANT_SENSORS=y
CONFIG_WANT_LIS2DW=y
CONFIG_WANT_LDC1612=y
CONFIG_WANT_HX71X=y
CONFIG_WANT_ADS1220=y
CONFIG_WANT_SOFTWARE_I2C=y
CONFIG_WANT_SOFTWARE_SPI=y
CONFIG_NEED_SENSOR_BULK=y
CONFIG_CANBUS_FREQUENCY=1000000
CONFIG_INITIAL_PINS=""
CONFIG_HAVE_GPIO=y
CONFIG_HAVE_GPIO_ADC=y
CONFIG_HAVE_GPIO_SPI=y
CONFIG_HAVE_GPIO_I2C=y
CONFIG_HAVE_GPIO_HARD_PWM=y
CONFIG_HAVE_STRICT_TIMING=y
CONFIG_HAVE_CHIPID=y
CONFIG_HAVE_STEPPER_BOTH_EDGE=y
CONFIG_HAVE_BOOTLOADER_REQUEST=y
CONFIG_INLINE_STEPPER_HACK=y

52
modules/services/printer/klipper.nix
View File

@@ -10,28 +10,52 @@
services = { services = {
klipper = { klipper = {
enable = true; enable = true;
configFile = "./printer.cfg"; user = "moonraker";
#firmwares."sovol06" = { group = "moonraker";
# serial = "/dev/usb/by-id/123"; configFile = ./printer.cfg;
# enableKlipperFlash = true; mutableConfig = true;
# enable = true; configDir = "/var/lib/moonraker/config";
# configFile = "./firmware.conf"; firmwares."sovol06" = {
#}; serial = "/dev/serial/by-id/usb-1a86_USB_Serial-if00-port0";
enableKlipperFlash = true;
enable = true;
configFile = ./firmware.conf;
};
}; };
mainsail = { mainsail = {
enable = true; enable = true;
nginx = { nginx = {
enableACME = true; enableACME = false;
useACMEHost = "home.opel-online.de"; #useACMEHost = "home.opel-online.de";
serverName = "sv06.home.opel-online.de"; serverName = "nbf5.home.opel-online.de";
onlySSL = true; #onlySSL = true;
listenAddresses = [ "0.0.0.0" "::" ]; #listenAddresses = [ "0.0.0.0" "::" ];
forceSSL = true; #forceSSL = true;
}; };
}; };
moonraker.enable = true; moonraker = {
enable = true;
allowSystemControl = true;
address = "0.0.0.0";
settings = {
authorization = {
force_logins = true;
cors_domains = [
"*://nbf5.home.opel-online.de"
"*.local"
];
trusted_clients = [
"127.0.0.0/8"
"192.168.2.0/24"
];
};
file_manager = {
enable_object_processing = true;
};
};
};
# nginx = { # nginx = {
# enable = true; # enable = true;

2
modules/services/server/default.nix
View File

@@ -17,6 +17,8 @@
./nextcloud.nix ./nextcloud.nix
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./hydra.nix
./mealie.nix
# ./ollama.nix # ./ollama.nix
] ]

77
modules/services/server/hydra.nix Normal file
View File

@@ -0,0 +1,77 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
port = 3001;
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 50;
maxServers = 10;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
nix = {
settings = {
cores = 5;
max-jobs = 1;
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

222
modules/services/server/matrix.nix
View File

@@ -17,12 +17,6 @@ let
return 200 '${builtins.toJSON data}'; return 200 '${builtins.toJSON data}';
''; '';
in { in {
environment.systemPackages = [
pkgs.mautrix-whatsapp
pkgs.signald
pkgs.mautrix-signal
];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
@@ -60,6 +54,8 @@ in {
}; };
}; };
imports = [ ../../kabbone/mautrix-whatsapp.nix ];
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
settings = { settings = {
@@ -77,11 +73,6 @@ in {
]; ];
} }
]; ];
app_service_config_files = [
config.age.secrets."services/matrix/whatsapp-registration.yml".path
config.age.secrets."services/matrix/telegram-registration.yml".path
config.age.secrets."services/matrix/signal-registration.yml".path
];
}; };
extraConfigFiles = [ extraConfigFiles = [
config.age.secrets."services/matrix/synapse.yml".path config.age.secrets."services/matrix/synapse.yml".path
@@ -92,112 +83,12 @@ in {
matrix-synapse = { matrix-synapse = {
requires = [ "postgresql.service" ]; requires = [ "postgresql.service" ];
}; };
mautrix-whatsapp = {
description = "Matrix <-> WhatsApp bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" "matrix-synapse.service" ];
requires = [ "postgresql.service" "matrix-synapse.service" ];
script = "${pkgs.mautrix-whatsapp}/bin/mautrix-whatsapp -n --config ${config.age.secrets."services/matrix/mautrix-whatsapp.yml".path}";
serviceConfig = {
User = "mautrix-whatsapp";
Group = "mautrix-whatsapp";
Environment = "HOME=/var/lib/mautrix-whatsapp";
ReadWritePaths="/var/log/mautrix-whatsapp";
NoNewPrivileges=true;
MemoryDenyWriteExecute=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;
ProtectSystem="strict";
ProtectControlGroups=true;
RestrictSUIDSGID=true;
RestrictRealtime=true;
LockPersonality=true;
ProtectKernelLogs=true;
ProtectKernelTunables=true;
ProtectHostname=true;
ProtectKernelModules=true;
PrivateUsers=true;
ProtectClock=true;
SystemCallArchitectures="native";
SystemCallErrorNumber="EPERM";
SystemCallFilter="@system-service";
};
};
mautrix-signal = {
description = "Matrix <-> Signal bridge";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "postgresql.service" "matrix-synapse.service" "signald.service" ];
requires = [ "postgresql.service" "matrix-synapse.service" "signald.service"];
script = "${pkgs.mautrix-signal}/bin/mautrix-signal -n --config ${config.age.secrets."services/matrix/mautrix-signal.yml".path}";
serviceConfig = {
User = "mautrix-signal";
Group = "mautrix-signal";
Environment = "HOME=/var/lib/mautrix-signal";
ReadWritePaths= [
"/var/run/signald/signald.sock"
"/var/log/mautrix-signal"
];
NoNewPrivileges=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;
ProtectSystem="strict";
ProtectControlGroups=true;
RestrictSUIDSGID=true;
RestrictRealtime=true;
LockPersonality=true;
ProtectKernelLogs=true;
ProtectKernelTunables=true;
ProtectHostname=true;
ProtectKernelModules=true;
PrivateUsers=true;
ProtectClock=true;
SystemCallArchitectures="native";
SystemCallErrorNumber="EPERM";
SystemCallFilter="@system-service";
};
};
};
systemd.tmpfiles.rules = [
"d /var/log/mautrix-whatsapp - mautrix-whatsapp mautrix-whatsapp"
"d /var/log/mautrix-signal - mautrix-signal mautrix-signal"
];
users = {
users = {
mautrix-whatsapp = {
uid = 3001;
group = "mautrix-whatsapp";
isSystemUser = true;
};
mautrix-telegram = {
uid = 3002;
group = "mautrix-telegram";
isSystemUser = true;
};
mautrix-signal = {
uid = 3003;
group = "mautrix-signal";
isSystemUser = true;
};
};
groups = {
mautrix-whatsapp = {
gid = 3001;
};
mautrix-telegram = {
gid = 3002;
};
mautrix-signal = {
gid = 3003;
};
};
}; };
services = { services = {
mautrix-telegram = { mautrix-telegram = {
enable = true; enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path; environmentFile = config.age.secrets."services/matrix/mautrix-telegram.env".path;
settings = { settings = {
homeserver = { homeserver = {
@@ -206,7 +97,6 @@ in {
}; };
appservice = { appservice = {
hostname = "127.0.0.1"; hostname = "127.0.0.1";
port = "29317";
provisioning.enabled = false; provisioning.enabled = false;
id = "telegram"; id = "telegram";
public = { public = {
@@ -254,10 +144,93 @@ in {
}; };
}; };
}; };
signald = { mautrix-signal = {
enable = true; enable = true;
user = "mautrix-signal"; registerToSynapse = true;
group = "mautrix-signal"; environmentFile = config.age.secrets."services/matrix/mautrix-signal.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
id = "signal";
as_token = "$MAUTRIX_SIGNAL_AS_TOKEN";
hs_token = "$MAUTRIX_SIGNAL_HS_TOKEN";
};
database = {
type = "postgres";
uri = "$MAUTRIX_SIGNAL_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
backfill = {
enabled = true;
};
bridge = {
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
min_level = "warn";
writers = [
{
format = "pretty-colored";
type = "stdout";
}
];
};
};
};
kabbone_mautrix-whatsapp = {
enable = true;
registerToSynapse = true;
environmentFile = config.age.secrets."services/matrix/mautrix-whatsapp.env".path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = "kabtop.de";
};
appservice = {
hostname = "127.0.0.1";
id = "whatsapp";
as_token = "$MAUTRIX_WHATSAPP_AS_TOKEN";
hs_token = "$MAUTRIX_WHATSAPP_HS_TOKEN";
};
database = {
type = "postgres";
uri = "$MAUTRIX_WHATSAPP_APPSERVICE_DATABASE";
};
encryption = {
allow = true;
default = true;
verification_levels = {
receive = "cross-signed-untrusted";
send = "cross-signed-untrusted";
};
pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY";
};
network = {
history_sync.request_full_sync = true;
};
bridge = {
permissions = {
"@kabbone:kabtop.de" = "admin";
};
};
logging = {
min_level = "warn";
};
};
}; };
}; };
@@ -269,25 +242,12 @@ in {
file = ../../../secrets/services/matrix/mautrix-telegram.age; file = ../../../secrets/services/matrix/mautrix-telegram.age;
owner = "mautrix-telegram"; owner = "mautrix-telegram";
}; };
age.secrets."services/matrix/mautrix-whatsapp.yml" = { age.secrets."services/matrix/mautrix-whatsapp.env" = {
file = ../../../secrets/services/matrix/mautrix-whatsapp.age; file = ../../../secrets/services/matrix/mautrix-whatsapp.age;
owner = "mautrix-whatsapp"; owner = "mautrix-whatsapp";
}; };
age.secrets."services/matrix/mautrix-signal.yml" = { age.secrets."services/matrix/mautrix-signal.env" = {
file = ../../../secrets/services/matrix/mautrix-signal.age; file = ../../../secrets/services/matrix/mautrix-signal.age;
owner = "mautrix-signal"; owner = "mautrix-signal";
}; };
age.secrets."services/matrix/telegram-registration.yml" = {
file = ../../../secrets/services/matrix/telegram-registration.age;
owner = "matrix-synapse";
};
age.secrets."services/matrix/whatsapp-registration.yml" = {
file = ../../../secrets/services/matrix/whatsapp-registration.age;
owner = "matrix-synapse";
};
age.secrets."services/matrix/signal-registration.yml" = {
file = ../../../secrets/services/matrix/signal-registration.age;
owner = "matrix-synapse";
};
} }

54
modules/services/server/mealie.nix Normal file
View File

@@ -0,0 +1,54 @@
{ config, pkgs, pkgs-unstable, ... }:
{
services.mealie = {
enable = true;
#package = pkgs-unstable.mealie;
listenAddress = "127.0.0.1";
credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
settings = {
ALLOW_SIGNUP = "false";
DB_ENGINE = "postgres";
TZ = "Europe/Berlin";
PGID = "911";
PUID = "911";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"mealie.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:9000";
};
};
};
users = {
users = {
mealie = {
uid = 911;
group = "mealie";
isSystemUser = true;
};
};
groups = {
mealie = {
gid = 911;
};
};
};
age.secrets."services/mealie/credentialsFile" = {
file = ../../../secrets/services/mealie/credentialsFile.age;
owner = "mealie";
};
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
}

46
modules/services/server/nextcloud.nix
View File

@@ -9,14 +9,16 @@
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
https = true; https = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud32;
database.createLocally = false; database.createLocally = false;
notify_push.enable = false; notify_push.enable = false;
enableImagemagick = true;
maxUploadSize = "512M"; maxUploadSize = "512M";
caching = { caching = {
redis = true; redis = true;
apcu = false; apcu = true;
}; };
imaginary.enable = true;
settings = { settings = {
log_type = "file"; log_type = "file";
logfile = "nextcloud.log"; logfile = "nextcloud.log";
@@ -27,9 +29,24 @@
host = "/run/redis-nextcloud/redis.sock"; host = "/run/redis-nextcloud/redis.sock";
port = 0; port = 0;
}; };
"memcache.local" = "\\OC\\Memcache\\Redis"; "memcache.local" = "\\OC\\Memcache\\APCu";
"memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis";
"enable_previews" = true;
"enabledPreviewproviders" = "
array (
'OC\Preview\PNG',
'OC\Preview\JPEG',
'OC\Preview\GIF',
'OC\Preview\BMP',
'OC\Preview\XBitmap',
'OC\Preview\MP3',
'OC\Preview\TXT',
'OC\Preview\MarkDown',
'OC\Preview\OpenDocument',
'OC\Preview\Krita',
'OC\Preview\HEIC',
)";
"maintenance_window_start" = "1"; "maintenance_window_start" = "1";
}; };
config = { config = {
@@ -44,19 +61,8 @@
phpOptions = { phpOptions = {
"opcache.interned_strings_buffer" = "16"; "opcache.interned_strings_buffer" = "16";
}; };
#autoUpdateApps.enable = true;
}; };
# services.onlyoffice = {
# enable = true;
# hostname = "docs.cloud.kabtop.de";
# postgresName = "onlyoffice";
# postgresHost = "localhost";
# postgresUser = "onlyoffice";
# postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
# jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
# };
services.redis = { services.redis = {
vmOverCommit = true; vmOverCommit = true;
servers.nextcloud = { servers.nextcloud = {
@@ -73,10 +79,6 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
# "${config.services.onlyoffice.hostname}" = {
# enableACME = true;
# forceSSL = true;
# };
}; };
}; };
@@ -88,14 +90,6 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age; file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud"; owner = "nextcloud";
}; };
# age.secrets."services/nextcloud/onlyofficedb" = {
# file = ../../../secrets/services/nextcloud/onlyofficedb.age;
# owner = "onlyoffice";
# };
# age.secrets."services/nextcloud/onlyofficejwt" = {
# file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
# owner = "onlyoffice";
# };
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = ["postgresql.service"];

12
modules/services/server/postgresql.nix
View File

@@ -5,7 +5,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ ./postgresql_upgrade.nix ]; # imports = [ ./postgresql_upgrade.nix ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_16;
@@ -28,8 +28,18 @@
host whatsappdb mautrixwa localhost scram-sha-256 host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256 host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256 host signaldb mautrixsignal localhost scram-sha-256
host mealie mealie localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256 host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer local onlyoffice onlyoffice peer
local hydra all ident map=hydra-users
'';
identMap = ''
hydra-users hydra hydra
hydra-users hydra-queue-runner hydra
hydra-users hydra-www hydra
hydra-users root hydra
# The postgres user is used to create the pg_trgm extension for the hydra database
hydra-users postgres postgres
''; '';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path; initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
}; };

16
modules/shell/git.nix
View File

@@ -7,18 +7,20 @@
programs = { programs = {
git = { git = {
enable = true; enable = true;
userName = "Kabbone"; settings = {
userEmail = "tobias@opel-online.de"; user.name = "Kabbone";
lfs.enable = true; user.email = "tobias@opel-online.de";
};
lfs = {
enable = true;
skipSmudge = true;
};
signing = { signing = {
format = "ssh";
key = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; key = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
signByDefault = true; signByDefault = true;
}; };
extraConfig = {
gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
}; };
difftastic.enable = true; difftastic.enable = true;
}; };
};
} }

BIN
modules/shell/themes/wall.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 242 KiB

9
modules/shell/zsh.nix
View File

@@ -8,7 +8,6 @@
programs = { programs = {
zsh = { zsh = {
enable = true; enable = true;
dotDir = ".config/zsh_nix";
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
history.size = 10000; history.size = 10000;
@@ -16,17 +15,15 @@
oh-my-zsh = { # Extra plugins for zsh oh-my-zsh = { # Extra plugins for zsh
enable = true; enable = true;
plugins = [ "git" ]; plugins = [ "git" ];
custom = "$HOME/.config/zsh_nix/custom"; #custom = "$HOME/.config/zsh_nix/custom";
}; };
initExtraFirst = '' # very first inits in zshrc initContent = ''
if [[ $DISPLAY ]]; then if [[ $WAYLAND_DISPLAY ]]; then
[[ $- != *i* ]] && return [[ $- != *i* ]] && return
[[ -z "$TMUX" ]] && (tmux attach || tmux new-session) [[ -z "$TMUX" ]] && (tmux attach || tmux new-session)
fi fi
'';
initExtra = '' # Zsh theme
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.jpg LFS Normal file
View File

Binary file not shown.

2
modules/themes/wall.jpg
View File

@@ -1 +1 @@
nixos-wallpaper-catppuccin-mocha.svg nixos-wallpaper-catppuccin-mocha.jpg

693
modules/wm/niri/config.kdl Normal file
View File

@@ -0,0 +1,693 @@
// This config is in the KDL format: https://kdl.dev
// "/-" comments out the following node.
// Check the wiki for a full description of the configuration:
// https://yalter.github.io/niri/Configuration:-Introduction
// Input device configuration.
// Find the full list of options on the wiki:
// https://yalter.github.io/niri/Configuration:-Input
input {
keyboard {
xkb {
// You can set rules, model, layout, variant and options.
// For more information, see xkeyboard-config(7).
// For example:
layout "us,de"
options "grp:win_space_toggle"
// If this section is empty, niri will fetch xkb settings
// from org.freedesktop.locale1. You can control these using
// localectl set-x11-keymap.
}
// Enable numlock on startup, omitting this setting disables it.
//numlock
}
// Next sections include libinput settings.
// Omitting settings disables them, or leaves them at their default values.
// All commented-out settings here are examples, not defaults.
touchpad {
// off
tap
// dwt
// dwtp
// drag false
// drag-lock
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
scroll-method "two-finger"
// disabled-on-external-mouse
}
mouse {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "no-scroll"
}
trackpoint {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "on-button-down"
// scroll-button 273
// scroll-button-lock
// middle-emulation
}
touch {
map-to-output "eDP-1"
}
// Uncomment this to make the mouse warp to the center of newly focused windows.
// warp-mouse-to-focus
// Focus windows and outputs automatically when moving the mouse into them.
// Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
focus-follows-mouse max-scroll-amount="0%"
workspace-auto-back-and-forth
}
// You can configure outputs by their name, which you can find
// by running `niri msg outputs` while inside a niri instance.
// The built-in laptop monitor is usually called "eDP-1".
// Find more information on the wiki:
// https://yalter.github.io/niri/Configuration:-Outputs
// Remember to uncomment the node by removing "/-"!
// Lenovo main
output "DP-2" {
mode "2560x1440"
scale 1.0
transform "normal"
position x=0 y=250
variable-refresh-rate
};
// Eizo right
output "DP-3" {
mode "1920x1200"
scale 1.0
transform "270"
position x=2560 y=0
};
output "eDP-1" {
// Uncomment this line to disable this output.
// off
// Resolution and, optionally, refresh rate of the output.
// The format is "<width>x<height>" or "<width>x<height>@<refresh rate>".
// If the refresh rate is omitted, niri will pick the highest refresh rate
// for the resolution.
// If the mode is omitted altogether or is invalid, niri will pick one automatically.
// Run `niri msg outputs` while inside a niri instance to list all outputs and their modes.
mode "1920x1080"
// You can use integer or fractional scale, for example use 1.5 for 150% scale.
scale 1.2
// Transform allows to rotate the output counter-clockwise, valid values are:
// normal, 90, 180, 270, flipped, flipped-90, flipped-180 and flipped-270.
transform "normal"
// Position of the output in the global coordinate space.
// This affects directional monitor actions like "focus-monitor-left", and cursor movement.
// The cursor can only move between directly adjacent outputs.
// Output scale and rotation has to be taken into account for positioning:
// outputs are sized in logical, or scaled, pixels.
// For example, a 3840×2160 output with scale 2.0 will have a logical size of 1920×1080,
// so to put another output directly adjacent to it on the right, set its x to 1920.
// If the position is unset or results in an overlap, the output is instead placed
// automatically.
position x=0 y=0
}
cursor {
xcursor-theme "Breeze_Hacked"
xcursor-size 24
hide-when-typing
hide-after-inactive-ms 1000
}
// Settings that influence how windows are positioned and sized.
// Find more information on the wiki:
// https://yalter.github.io/niri/Configuration:-Layout
layout {
// Set gaps around windows in logical pixels.
gaps 8
// When to center a column when changing focus, options are:
// - "never", default behavior, focusing an off-screen column will keep at the left
// or right edge of the screen.
// - "always", the focused column will always be centered.
// - "on-overflow", focusing a column will center it if it doesn't fit
// together with the previously focused column.
center-focused-column "never"
// You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
preset-column-widths {
// Proportion sets the width as a fraction of the output width, taking gaps into account.
// For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
// The default preset widths are 1/3, 1/2 and 2/3 of the output.
proportion 0.33333
proportion 0.5
proportion 0.66667
// Fixed sets the width in logical pixels exactly.
// fixed 1920
}
// You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
preset-window-heights {
proportion 0.5
proportion 1.0
}
// You can change the default width of the new windows.
//default-column-width { proportion 1.0; }
// If you leave the brackets empty, the windows themselves will decide their initial width.
default-column-width {}
// By default focus ring and border are rendered as a solid background rectangle
// behind windows. That is, they will show up through semitransparent windows.
// This is because windows using client-side decorations can have an arbitrary shape.
//
// If you don't like that, you should uncomment `prefer-no-csd` below.
// Niri will draw focus ring and border *around* windows that agree to omit their
// client-side decorations.
//
// Alternatively, you can override it with a window rule called
// `draw-border-with-background`.
// You can change how the focus ring looks.
focus-ring {
// Uncomment this line to disable the focus ring.
// off
// How many logical pixels the ring extends out from the windows.
width 2
// Colors can be set in a variety of ways:
// - CSS named colors: "red"
// - RGB hex: "#rgb", "#rgba", "#rrggbb", "#rrggbbaa"
// - CSS-like notation: "rgb(255, 127, 0)", rgba(), hsl() and a few others.
// Color of the ring on the active monitor.
active-color "#7fc8ff"
// Color of the ring on inactive monitors.
//
// The focus ring only draws around the active window, so the only place
// where you can see its inactive-color is on other monitors.
inactive-color "#505050"
// You can also use gradients. They take precedence over solid colors.
// Gradients are rendered the same as CSS linear-gradient(angle, from, to).
// The angle is the same as in linear-gradient, and is optional,
// defaulting to 180 (top-to-bottom gradient).
// You can use any CSS linear-gradient tool on the web to set these up.
// Changing the color space is also supported, check the wiki for more info.
//
// active-gradient from="#80c8ff" to="#c7ff7f" angle=45
// You can also color the gradient relative to the entire view
// of the workspace, rather than relative to just the window itself.
// To do that, set relative-to="workspace-view".
//
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can also add a border. It's similar to the focus ring, but always visible.
border {
// The settings are the same as for the focus ring.
// If you enable the border, you probably want to disable the focus ring.
off
width 2
active-color "#ffc87f"
inactive-color "#505050"
// Color of the border around windows that request your attention.
urgent-color "#9b0000"
// Gradients can use a few different interpolation color spaces.
// For example, this is a pastel rainbow gradient via in="oklch longer hue".
//
// active-gradient from="#e5989b" to="#ffb4a2" angle=45 relative-to="workspace-view" in="oklch longer hue"
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can enable drop shadows for windows.
shadow {
// Uncomment the next line to enable shadows.
// on
// By default, the shadow draws only around its window, and not behind it.
// Uncomment this setting to make the shadow draw behind its window.
//
// Note that niri has no way of knowing about the CSD window corner
// radius. It has to assume that windows have square corners, leading to
// shadow artifacts inside the CSD rounded corners. This setting fixes
// those artifacts.
//
// However, instead you may want to set prefer-no-csd and/or
// geometry-corner-radius. Then, niri will know the corner radius and
// draw the shadow correctly, without having to draw it behind the
// window. These will also remove client-side shadows if the window
// draws any.
//
// draw-behind-window true
// You can change how shadows look. The values below are in logical
// pixels and match the CSS box-shadow properties.
// Softness controls the shadow blur radius.
softness 30
// Spread expands the shadow.
spread 5
// Offset moves the shadow relative to the window.
offset x=0 y=5
// You can also change the shadow color and opacity.
color "#0007"
}
// Struts shrink the area occupied by windows, similarly to layer-shell panels.
// You can think of them as a kind of outer gaps. They are set in logical pixels.
// Left and right struts will cause the next window to the side to always be visible.
// Top and bottom struts will simply add outer gaps in addition to the area occupied by
// layer-shell panels and regular gaps.
struts {
// left 64
// right 64
// top 6
// bottom 64
}
}
// Add lines like this to spawn processes at startup.
// Note that running niri as a session supports xdg-desktop-autostart,
// which may be more convenient to use.
// See the binds section below for more spawn examples.
// This line starts waybar, a commonly used bar for Wayland compositors.
spawn-at-startup "noctalia-shell"
spawn-at-startup "firefox"
spawn-at-startup "element-desktop"
spawn-at-startup "thunderbird"
// To run a shell command (with variables, pipes, etc.), use spawn-sh-at-startup:
// spawn-sh-at-startup "qs -c ~/source/qs/MyAwesomeShell"
hotkey-overlay {
// Uncomment this line to disable the "Important Hotkeys" pop-up at startup.
skip-at-startup
}
// Uncomment this line to ask the clients to omit their client-side decorations if possible.
// If the client will specifically ask for CSD, the request will be honored.
// Additionally, clients will be informed that they are tiled, removing some client-side rounded corners.
// This option will also fix border/focus ring drawing behind some semitransparent windows.
// After enabling or disabling this, you need to restart the apps for this to take effect.
prefer-no-csd
// You can change the path where screenshots are saved.
// A ~ at the front will be expanded to the home directory.
// The path is formatted with strftime(3) to give you the screenshot date and time.
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
// You can also set this to null to disable saving screenshots to disk.
// screenshot-path null
// Animation settings.
// The wiki explains how to configure individual animations:
// https://yalter.github.io/niri/Configuration:-Animations
animations {
// Uncomment to turn off all animations.
// off
// Slow down all animations by this factor. Values below 1 speed them up instead.
// slowdown 3.0
}
// Window rules let you adjust behavior for individual windows.
// Find more information on the wiki:
// https://yalter.github.io/niri/Configuration:-Window-Rules
// Work around WezTerm's initial configure bug
// by setting an empty default-column-width.
workspace "browser" {
open-on-output "DP-2"
}
workspace "chat" {
open-on-output "DP-3"
}
workspace "terminal" {
}
window-rule {
// This regular expression is intentionally made as specific as possible,
// since this is the default config, and we want no false positives.
// You can get away with just app-id="wezterm" if you want.
//match app-id=r#"^org\.wezfurlong\.wezterm$"#
match app-id="Alacritty"
match title="Firefox"
default-column-width { proportion 1.0; }
}
window-rule {
match title="Firefox"
default-column-width { proportion 1.0; }
open-on-workspace "browser"
}
window-rule {
match app-id="Element"
match app-id="thunderbird"
default-column-width { proportion 1.0; }
open-on-workspace "chat"
}
// Open the Firefox picture-in-picture player as floating by default.
window-rule {
// This app-id regular expression will work for both:
// - host Firefox (app-id is "firefox")
// - Flatpak Firefox (app-id is "org.mozilla.firefox")
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
match title="galculator"
match title="OpenSSH Askpass"
open-floating true
}
// Example: block out two password managers from screen capture.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
match app-id=r#"^org\.keepassxc\.KeePassXC$"#
match app-id=r#"^org\.gnome\.World\.Secrets$"#
block-out-from "screen-capture"
// Use this instead if you want them visible on third-party screenshot tools.
// block-out-from "screencast"
}
// Example: enable rounded corners for all windows.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
binds {
// Keys consist of modifiers separated by + signs, followed by an XKB key name
// in the end. To find an XKB name for a particular key, you may use a program
// like wev.
//
// "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
// when running as a winit window.
//
// Most actions that you can bind here can also be invoked programmatically with
// `niri msg action do-something`.
// Mod-Shift-/, which is usually the same as Mod-?,
// shows a list of important hotkeys.
Mod+Shift+Slash { show-hotkey-overlay; }
// Suggested binds for running programs: terminal, app launcher, screen locker.
Mod+Return hotkey-overlay-title="Open a Terminal: alacritty" { spawn "alacritty"; }
Mod+D hotkey-overlay-title="Run an Application: fuzzel" { spawn "fuzzel"; }
XF86AudioPlay allow-when-locked=true { spawn-sh "playerctl play-pause"; }
XF86AudioStop allow-when-locked=true { spawn-sh "playerctl stop"; }
XF86AudioPrev allow-when-locked=true { spawn-sh "playerctl previous"; }
XF86AudioNext allow-when-locked=true { spawn-sh "playerctl next"; }
Mod+Alt+L { spawn-sh "noctalia-shell ipc call lockScreen lock"; }
XF86AudioLowerVolume allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume decrease"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume increase"; }
XF86MonBrightnessUp allow-when-locked=true { spawn-sh "noctalia-shell ipc call brightness increase"; }
XF86MonBrightnessDown allow-when-locked=true { spawn-sh "noctalia-shell ipc call brightness decrease"; }
XF86AudioMute allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume muteOutput"; }
XF86AudioMicMute allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume muteInput"; }
// Open/close the Overview: a zoomed-out view of workspaces and windows.
// You can also move the mouse into the top-left hot corner,
// or do a four-finger swipe up on a touchpad.
Mod+O repeat=false { toggle-overview; }
Mod+Q repeat=false { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+J { focus-window-down; }
Mod+K { focus-window-up; }
Mod+L { focus-column-right; }
// colemak-dh
Mod+M { focus-column-left; }
Mod+N { focus-window-down; }
Mod+E { focus-window-up; }
Mod+I { focus-column-right; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down; }
Mod+Ctrl+Up { move-window-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down; }
Mod+Ctrl+K { move-window-up; }
Mod+Ctrl+L { move-column-right; }
// colemak-dh
Mod+Ctrl+M { move-column-left; }
Mod+Ctrl+N { move-window-down; }
Mod+Ctrl+E { move-window-up; }
Mod+Ctrl+I { move-column-right; }
// Alternative commands that move across workspaces when reaching
// the first or last window in a column.
// Mod+J { focus-window-or-workspace-down; }
// Mod+K { focus-window-or-workspace-up; }
// Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
// Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Shift+Left { focus-monitor-left; }
Mod+Shift+Down { focus-monitor-down; }
Mod+Shift+Up { focus-monitor-up; }
Mod+Shift+Right { focus-monitor-right; }
Mod+Shift+H { focus-monitor-left; }
Mod+Shift+J { focus-monitor-down; }
Mod+Shift+K { focus-monitor-up; }
Mod+Shift+L { focus-monitor-right; }
//colemak-dh
Mod+Shift+M { focus-monitor-left; }
Mod+Shift+N { focus-monitor-down; }
Mod+Shift+I { focus-monitor-up; }
Mod+Shift+O { focus-monitor-right; }
Mod+Shift+Ctrl+Left { move-column-to-monitor-left; }
Mod+Shift+Ctrl+Down { move-column-to-monitor-down; }
Mod+Shift+Ctrl+Up { move-column-to-monitor-up; }
Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-monitor-down; }
Mod+Shift+Ctrl+K { move-column-to-monitor-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
// colemak-dh
Mod+Shift+Ctrl+M { move-column-to-monitor-left; }
Mod+Shift+Ctrl+N { move-column-to-monitor-down; }
Mod+Shift+Ctrl+E { move-column-to-monitor-up; }
Mod+Shift+Ctrl+I { move-column-to-monitor-right; }
// Alternatively, there are commands to move just a single window:
// Mod+Shift+Ctrl+Left { move-window-to-monitor-left; }
// ...
// And you can also move a whole workspace to another monitor:
// Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; }
// ...
Mod+Page_Down { focus-workspace-down; }
Mod+Page_Up { focus-workspace-up; }
Mod+U { focus-workspace-down; }
//Mod+I { focus-workspace-up; }
Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
Mod+Ctrl+Page_Up { move-column-to-workspace-up; }
Mod+Ctrl+U { move-column-to-workspace-down; }
//Mod+Ctrl+I { move-column-to-workspace-up; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
// ...
Mod+Shift+Page_Down { move-workspace-down; }
Mod+Shift+Page_Up { move-workspace-up; }
Mod+Shift+U { move-workspace-down; }
//Mod+Shift+I { move-workspace-up; }
// You can bind mouse wheel scroll ticks using the following syntax.
// These binds will change direction based on the natural-scroll setting.
//
// To avoid scrolling through workspaces really fast, you can use
// the cooldown-ms property. The bind will be rate-limited to this value.
// You can set a cooldown on any bind, but it's most useful for the wheel.
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+WheelScrollRight { focus-column-right; }
Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; }
// Usually scrolling up and down with Shift in applications results in
// horizontal scrolling; these binds replicate that.
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
// Similarly, you can bind touchpad scroll "ticks".
// Touchpad scrolling is continuous, so for these binds it is split into
// discrete intervals.
// These binds are also affected by touchpad's natural-scroll, so these
// example binds are "inverted", since we have natural-scroll enabled for
// touchpads by default.
// Mod+TouchpadScrollDown { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02+"; }
// Mod+TouchpadScrollUp { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02-"; }
// You can refer to workspaces by index. However, keep in mind that
// niri is a dynamic workspace system, so these commands are kind of
// "best effort". Trying to refer to a workspace index bigger than
// the current workspace count will instead refer to the bottommost
// (empty) workspace.
//
// For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
// will all refer to the 3rd workspace.
Mod+1 { focus-workspace "browser"; }
Mod+2 { focus-workspace "chat"; }
Mod+3 { focus-workspace "terminal"; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+Ctrl+1 { move-column-to-workspace "browser"; }
Mod+Ctrl+2 { move-column-to-workspace "chat"; }
Mod+Ctrl+3 { move-column-to-workspace "terminal"; }
Mod+Ctrl+4 { move-column-to-workspace 4; }
Mod+Ctrl+5 { move-column-to-workspace 5; }
Mod+Ctrl+6 { move-column-to-workspace 6; }
Mod+Ctrl+7 { move-column-to-workspace 7; }
Mod+Ctrl+8 { move-column-to-workspace 8; }
Mod+Ctrl+9 { move-column-to-workspace 9; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+1 { move-window-to-workspace 1; }
// Switches focus between the current and the previous workspace.
// Mod+Tab { focus-workspace-previous; }
// The following binds move the focused window in and out of a column.
// If the window is alone, they will consume it into the nearby column to the side.
// If the window is already in a column, they will expel it out.
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
// Consume one window from the right to the bottom of the focused column.
Mod+Comma { consume-window-into-column; }
// Expel the bottom window from the focused column to the right.
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
// Cycling through the presets in reverse order is also possible.
// Mod+R { switch-preset-column-width-back; }
Mod+Shift+R { switch-preset-window-height; }
Mod+Ctrl+R { reset-window-height; }
Mod+F { maximize-column; }
Mod+Shift+F { fullscreen-window; }
// Expand the focused column to space not taken up by other fully visible columns.
// Makes the column "fill the rest of the space".
Mod+Ctrl+F { expand-column-to-available-width; }
Mod+C { center-column; }
// Center all fully visible columns on screen.
Mod+Ctrl+C { center-visible-columns; }
// Finer width adjustments.
// This command can also:
// * set width in pixels: "1000"
// * adjust width in pixels: "-5" or "+5"
// * set width as a percentage of screen width: "25%"
// * adjust width as a percentage of screen width: "-10%" or "+10%"
// Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0,
// set-column-width "100" will make the column occupy 200 physical screen pixels.
Mod+Minus { set-column-width "-10%"; }
Mod+Equal { set-column-width "+10%"; }
// Finer height adjustments when in column with other windows.
Mod+Shift+Minus { set-window-height "-10%"; }
Mod+Shift+Equal { set-window-height "+10%"; }
// Move the focused window between the floating and the tiling layout.
Mod+V { toggle-window-floating; }
Mod+Shift+V { switch-focus-between-floating-and-tiling; }
// Toggle tabbed column display mode.
// Windows in this column will appear as vertical tabs,
// rather than stacked on top of each other.
Mod+W { toggle-column-tabbed-display; }
// Actions to switch layouts.
// Note: if you uncomment these, make sure you do NOT have
// a matching layout switch hotkey configured in xkb options above.
// Having both at once on the same hotkey will break the switching,
// since it will switch twice upon pressing the hotkey (once by xkb, once by niri).
// Mod+Space { switch-layout "next"; }
// Mod+Shift+Space { switch-layout "prev"; }
Print { screenshot; }
Ctrl+Print { screenshot-screen; }
Alt+Print { screenshot-window; }
// Applications such as remote-desktop clients and software KVM switches may
// request that niri stops processing the keyboard shortcuts defined here
// so they may, for example, forward the key presses as-is to a remote machine.
// It's a good idea to bind an escape hatch to toggle the inhibitor,
// so a buggy application can't hold your session hostage.
//
// The allow-inhibiting=false property can be applied to other binds as well,
// which ensures niri always processes them, even when an inhibitor is active.
Mod+Escape allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
// The quit action will show a confirmation dialog to avoid accidental exits.
Mod+Shift+E { quit; }
Ctrl+Alt+Delete { quit; }
// Powers off the monitors. To turn them back on, do any input like
// moving the mouse or pressing any other key.
Mod+Shift+P { power-off-monitors; }
}
include "./noctalia.kdl"

67
modules/wm/niri/default.nix Normal file
View File

@@ -0,0 +1,67 @@
#
# Sway configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ default.nix
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix *
#
{ config, inputs, lib, user, pkgs, ... }:
{
imports = [ ../noctalia.nix ];
environment = {
systemPackages = with pkgs; [
alacritty
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
swaylock
swayidle
slurp
grim
lxqt.lxqt-openssh-askpass
clinfo
glib
brightnessctl
playerctl
xwayland-satellite
breeze-hacked-cursor-theme
];
loginShellInit = ''
export GTK_IM_MODULE="simple"
export ELECTRON_OZONE_PLATFORM_HINT="auto"
export NIXOS_OZONE_WL="1"
export WLR_RENDERER="vulkan"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
services = {
iio-niri = {
enable = false;
};
greetd = {
enable = true;
useTextGreeter = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
};
};
};
};
programs = {
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
security.pam.services.swaylock = {};
}

47
modules/wm/niri/home.nix Normal file
View File

@@ -0,0 +1,47 @@
#
# Sway NixOS & Home manager configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix
# └─ ./modules
# └─ ./desktop
# └─ ./sway
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
programs = {
swaylock = {
enable = true;
settings = {
color = "000000";
image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
};
};
};
services = {
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.niri}/bin/niri msg action power-off-monitors"; }
];
};
};
xdg.configFile = {
"niri/config.kdl".source = ./config.kdl;
};
}

188
modules/wm/noctalia.nix Normal file
View File

@@ -0,0 +1,188 @@
#
# Bar
#
{ config, pkgs, inputs, user, ...}:
{
# install package
environment.systemPackages = with pkgs; [
pwvucontrol
# ... maybe other stuff
];
services = {
tuned.enable = true;
upower.enable = true;
};
home-manager.users.${user} = { # Home-manager waybar config
# import the home manager module
imports = [
inputs.noctalia.homeModules.default
];
services = {
mako.enable = true; # notification daemon
polkit-gnome.enable = true; # polkit
};
# configure options
programs = {
fuzzel = {
enable = true; # Super+D in the default setting (app launcher)
};
noctalia-shell = {
enable = true;
# enable the systemd service
systemd.enable = true;
settings = {
# configure noctalia here
appLauncher = {
terminalCommand = "alacritty -e";
};
bar = {
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{
id = "ControlCenter";
useDistroLogo = true;
}
{
hideUnoccupied = false;
id = "Workspace";
labelMode = "none";
}
{
id = "ActiveWindow";
}
];
center = [
{
formatHorizontal = "HH:mm";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true;
}
];
right = [
{
id = "MediaMini";
}
{
id = "SystemMonitor";
showNetworkStats = true;
compactMode = false;
}
{
id = "WiFi";
}
{
id = "Bluetooth";
}
{
id = "Battery";
warningThreshold = 20;
displayMode = "alwaysShow";
}
{
id = "Volume";
displayMode = "alwaysShow";
}
{
id = "NotificationHistory";
hideWhenZero = true;
}
{
id = "Tray";
}
];
};
};
colorSchemes.predefinedScheme = "Catppuccin";
general = {
avatarImage = "/home/kabbone/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
};
location = {
monthBeforeDay = true;
name = "Munich, Germany";
showWeekNumberInCalendar = true;
firstDayOfWeek = 0;
};
wallpaper = {
enabled = true;
overviewEnabled = false;
directory = "/home/${user}/.setup/modules/themes/";
};
brightness = {
enforceMinimum = true;
brightnessStep = 5;
};
controlCenter = {
shortcuts = {
left = [
{
id = "WiFi";
}
{
id = "Bluetooth";
}
{
id = "ScreenRecorder";
}
{
id = "PowerProfile";
}
{
id = "KeepAwake";
}
];
};
};
dock = {
enabled = false;
};
sessionMenu = {
enableCountdown = false;
};
templates = {
fuzzel = true;
alacritty = true;
qt = true;
gtk = true;
discord = true;
code = true;
telegram = true;
niri = true;
firefox = true;
};
};
};
};
home.file.".cache/noctalia/wallpapers.json" = {
text = builtins.toJSON {
defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg";
};
};
};
}

5
modules/wm/sway/home.nix
View File

@@ -14,8 +14,6 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
home.file.".config/sway/scripts/2in1screen".source = ../scripts/2in1screen;
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false; checkConfig = false;
@@ -110,7 +108,7 @@
assigns = { assigns = {
"workspace number 1" = [{ app_id = "thunderbird"; }]; "workspace number 1" = [{ app_id = "thunderbird"; }];
"workspace number 2" = [{ app_id = "firefox"; }]; "workspace number 2" = [{ app_id = "firefox"; }];
"workspace number 3" = [{ class = "Element"; }]; "workspace number 3" = [{ app_id = "Element"; }];
}; };
window.commands = [ window.commands = [
@@ -278,7 +276,6 @@
}; };
rofi = { rofi = {
enable = true; enable = true;
package = pkgs.rofi-wayland;
extraConfig = { extraConfig = {
modi = "window,drun,ssh"; modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert"; kb-primary-paste = "Control+V,Shift+Insert";

193
modules/wm/virtualisation/qemu.nix
View File

@@ -14,11 +14,6 @@
#qemuPackage = pkgs.qemu_kvm; # Default #qemuPackage = pkgs.qemu_kvm; # Default
qemu = { qemu = {
runAsRoot = false; runAsRoot = false;
ovmf.enable = true;
# ovmf.packages = [ pkgs.OVMFFull ];
# verbatimConfig = ''
# nvram = [ "${pkgs.OVMF}/FV/OVMF_CODE.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
# '';
}; };
}; };
spiceUSBRedirection.enable = true; # USB passthrough spiceUSBRedirection.enable = true; # USB passthrough
@@ -31,197 +26,13 @@
virt-viewer virt-viewer
qemu qemu
OVMF OVMF
OVMF-cloud-hypervisor
gvfs # Used for shared folders between linux and windows gvfs # Used for shared folders between linux and windows
cloud-hypervisor
]; ];
}; };
services = { # Enable file sharing between OS services = { # Enable file sharing between OS
gvfs.enable = true; gvfs.enable = true;
}; };
#boot ={
# kernelParams = [ "intel_iommu=on" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; # or amd_iommu (cpu)
# kernelModules = [ "vendor-reset" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd"];
# extraModulePackages = [ config.boot.kernelPackages.vendor-reset ]; # Presumably fix for GPU Reset Bug
# extraModprobeConfig = "options vfio-pci ids=1002:67DF,1002:AAF0"; # grep PCI_ID /sys/bus/pci/devices/*/uevent
# kernelPatches = [
# {
# name = "vendor-reset-reqs-and-other-stuff";
# patch = null;
# extraConfig = ''
# FTRACE y
# KPROBES y
# FUNCTION_TRACER y
# HWLAT_TRACER y
# TIMERLAT_TRACER y
# IRQSOFF_TRACER y
# OSNOISE_TRACER y
# PCI_QUIRKS y
# KALLSYMS y
# KALLSYMS_ALL y
# '';
# }
# ];
#};
} }
#SHARED FOLDER
#FOR WINDOWS
# 3 options:
#
# 1. Make use of host samba server
# 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
# 1.1 On host, set a password for the autentication of the samba server
# 1.2 $ smbpasswd -a <user>
# 1.3 Give password twice
# 1.4 On windows, open file explorer, right click "This PC", Map network drive...
# 1.5 fill in address: \\<ip-address>\share
# 1.6 Log in with details entered beforehand
#
# 2. Since this setup make use of iommu, you can pass through external usb hard drives or a specific PCI storage devices
# 2.1 Open details of virtual desktop in virt-manager
# 2.2 Add hardware
# 2.3 USB Host Device
# 2.4 Select device and launch virtual desktop
#
# 3. Set up shared folders in windows guest that can be accessed by host
# 3.0. Enable above service gvfs (this is used in the file manager to actually connect to the windows directory)
# 3.1. Log in to Windows
# 3.2. Go to "Network and Sharing Center"
# 3.3. Click "Change advanced sharing settings" and enable all settings for Private, Guest or Public and All Networks
# 3.3.1. Under "All Networks" you can disable "Password protected sharing" but it seems for optimal use, it's better to still give the password in the file manager
# 3.4. (possibly optional), select a folder and click "Properties", "Sharing", "Advanced Sharing"
# 3.4.1. Enable "Share this file"
# 3.4.2. Under "Permissions", allow full control. Apply
# 3.5. Click "Share" and use de drop down to add "Everyone" and change "Permission Level" to "Read/Write". Share, Done
# 3.6. Search for services and open menu
# 3.6.1. Search for below serices. Right click and select "Properties". "Startup type" = Automatic
# 3.6.1.1. SSDP Discovery
# 3.6.1.2. uPnPDevice Host
# 3.6.1.3. Functions Discovery Provider Host
# 3.6.1.4. Functions Discovery Resource Publication
# 3.7. Find IP of virtual device and make sure you can ping it.
# 3.8. In file manager add connection
# 3.8.1. For example in PCManFM
# 3.8.2. Search for smb://*ip*/
# 3.8.3. You can even specify specific folder smb://*ip*/users/Matthias/Desktop/share
# 3.8.4. If prompted to log in, do it, otherwise it might close on its own.
# 3.9. If there are any issues, maybe disable firewall on guest
# 3.10. Recommended to bookmark location for later
# Note:
# There is no passthrough, its recommended to install the windows kvm guest drivers.
# Can be found on github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md
# Add this as CD storage in virt manager
# It can than be accest in the windows and the guest driver exe's can be run.
# Also, change video in virt-manager to virtio. This will fix the resolution
#FOR LINUX
# 2 options
#
# 1. Make use of host samba server
# 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
# 1.1 On host, set a password for the autentication of the samba server
# 1.2 $ smbpasswd -a <user>
# 1.3 Give password twice
# 1.4 On virtual machine open file manager
# 1.5 Search for smb://<ip-address>/share
# 1.6 Log in with details entered beforehand
#
# 2. Passing through a filesystem
# 2.1 Open details of virtual desktop on virt-manager
# 2.2 Add hardware
# 2.3 Select Filesystem: Type = mount / Mode = mapped / Source path = /home/<user>/share / Target path = /sharepoint
# 2.4 Boot into virtual machine
# 2.5 Create a directory to mount /sharepoint
# 2.6 $ sudo mount -t 9p -o trans=virtio /sharepoint /<mountpoint>
#SINGLE GPU PASSTHROUGH
# General Guide: gitlab.com/risingprismtv/single-gpu-passthrough/-/wikis/home
# 1. Download ISO
# 2. Download latest Video BIOS from techpowerup.com/vgabios (Sapphire RX580 8Gb)
# 2.1. $ Sudo mkdir /var/lib/libvirt/vbios/
# 2.2. $ Sudo mv ~/Downloads/*.rom /var/lib/libvirt/vbios/GPU.rom
# 2.3. $ Cd /var/lib/libvirt/vbios/
# 2.4. $ Sudo chmod -R 660 GPU.rom
# 3. Launch virt-manager
# 4. File - Add Connection
# 5. Create Virtual Machine
# 5.1 Select ISO and mark it as win10
# 5.2 Give temporary RAM
# 5.3 Customize configuration before install
# 5.4 Overview - Firmware - UEFI x86_64: /usr/*/OVMF_CODE.fd
# 5.5 Allow XML Editing via Edit - Preferences
# 5.6 Edit XML - Remove rtc & pit line. Change hpet to "yes"
# 6. Start Installation (let it run without interference and do steps below)
# 6.1 Press Esc, type exit, select boot-manager DVD ROM
# 6.2 Do installation, select Pro version.
# 6.3 Install hooks (Step 7 in guide)
# 7. Close VM
# 8. Edit VM
# 8.1 Remove everything spice (Display, Video QXL, Serial, Channel Spice)
# 8.2 Remove CD Rom
# 8.3 Add PCI hardware (GPU: 01:00:0 & 01:00:1 (most likely))
# 8.3 Add Mouse, Keyboard (PCI USB Controller in PCI Host Device or USB Host Device)
# 9. Select GPU and open XML
# 9.1 Add line "<rom file='/var/lib/libvirt/vbios/GPU.rom'/>" under "</source>"
# 9.2 Do for both 01:00:0 and 01:00:1
# 10. Edit CPU
# 10.1 Disable "Copy host CPU configuration" and select "host-passthrough"
# 10.2 Edit topology: Sockets=1 Cores=Total/2 Threads=2
# 10.3 Edit XML cpu under topology
# 10.3.1 Add "<feature policy='require' name='topoext'/>" for AMDCPU
# 10.3.2 Add "<feature policy='disable' name='smep'/>" for Intel CPU
# 11 Change memory to prefered (12GB for 16GB Total)
# 12 Start VM
# 13 Install correct video drivers
#MACOS ON VIRT-MANAGER
# General Guide: nixos.wiki/wiki/OSX-KVM
# Repository: github.com/kholia/OSX-KVM
# IMPORTANT: if you wish to start the virtual machine with virt-manager gui, clone to /home/<user>/.
# 1. git clone https://github.com/kholia/OSX-KVM
# 2. create a shell.nix (maybe best to store inside cloned directory)
# 3. shell.nix content:
# with import <nixpkgs> {};
# mkShell {
# buildInputs = [
# qemu
# python3
# iproute2
# ];
# }
# 4. In nixos configuration add:
# virtualisation.libvirtd.enable = true;
# users.extraUsers.<user>.extraGroups = [ "libvirtd" ];
# boot.extraModprobeConfig = ''
# options kvm_intel nested=1
# options kvm_intel emulate_invalid_guest_state=0
# options kvm ignore_msrs=1
# '';
# 5. Run the shell: $ nix-shell
# 6. As mentioned in the README, run ./fetch-macOS.py
# 6.1 Can be a specific version
# 7. Create base image for the macOs installer
# 8. $ qemu-img convert BaseSystem.dmg -O raw BaseSystem.img
# 9. Create disk for macOS
# 9.1 $ qemu-img create -f qcow2 mac_hdd_ng.img 128G
# 10. Set up networking. If something like virbr0 does not get detected start virt-manager. Commands:
# $ sudo ip tuntap add dev tap0 mode tap
# $ sudo ip link set tap0 up promisc on
# $ sudo ip link set dev virbr0 up
# $ sudo ip link set dev tap0 master virbr0
# 11. Boot the system
# 11.1 $ ./OpenCore-Boot.sh
# 12. Choose the first option to start the MacOS installer: macOS Base Systen
# 12.1 Use Disk Utility to esase the correct drive.
# 13. Go back and select the option to reinstall macOS
# 13.1 After the initial installation, a reboot will happen. Do nothing and wait or select the second option 'MacOs install'.
# 13.2 This will finalize the installaton but it will probably reboot multiple times. The second option will now have changed to the name of your drive. Use this as the boot option
# 14. To add the installation to virt-manager:
# 14.1 $ sed "s/CHANGEME/$USER/g" macOS-libvirt-Catalina.xml > macOS.xml
# 14.2 Inside macOS.xml change the emulator from /usr/bin/qemu-system-x86_64 to /run/libvirt/nix-emulators/qemu-system-x86_64
# 14.3 $ virt-xml-validate macOS.xml
# 15. $ virsh --connect qemu:///system define macOS.xml
# 16.(optional if permission is needed to the libvirt-qemu user)
# 16.1 $ sudo setfacl -m u:libvirt-qemu:rx /home/$USER
# 16.2 $ sudo setfacl -R -m u:libvirt-qemu:rx /home/$USER/OSX-KVM

19
overlays/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{inputs, ...}: {
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ../pkgs {pkgs = final;};
modifications = final: prev: {
mealie = final.unstable.mealie;
};
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

2
packages/build.sh Normal file
View File

@@ -0,0 +1,2 @@
➜ nix-build -j16 -E 'with import <nixpkgs> {}; callPackage ./corosync-qdevice.nix {}'

49
packages/corosync-qdevice.nix Normal file
View File

@@ -0,0 +1,49 @@
{
lib,
pkgs,
stdenv
} :
stdenv.mkDerivation rec {
pname = "corosync-qdevice";
version = "3.0.3";
src = pkgs.fetchFromGitHub {
owner = "corosync";
repo = "corosync-qdevice";
rev = "v${version}";
sha256 = "sha256-9FyLhcGHNW73Xao7JiODzgyDKIynEAHJUlNppX+nPfw=";
};
enableParallelBuilding = true;
nativeBuildInputs = with pkgs; [
autoconf
automake
libtool
pkg-config
libqb
systemd
];
buildInputs = with pkgs; [
corosync
nss
];
configurePhase = ''
./autogen.sh
./configure \
--prefix=$out \
--enable-systemd \
--disable-upstart
'';
buildPhase = ''
make
'';
meta = {
description = "daemon for quorum on clusters";
homepage = "https://github.com/corosync/corosync-qdevice";
platforms = lib.platforms.linux;
license = lib.licenses.gpl3;
};
}

4
packages/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ pkgs, ... }:
{
# corosync-qdevice = pkgs.callPackage ./corosync-qdevice.nix {};
}

1
packages/result Symbolic link
View File

@@ -0,0 +1 @@
/nix/store/7azph9v0lqnb3imkgvdlb0p8j98wy5vy-corosync-qdevice

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

16
secrets/secrets.nix
View File

@@ -18,9 +18,7 @@ let
yubia yubia
]; ];
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah"; dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz"; nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
@@ -31,7 +29,6 @@ let
serverrunner="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfLhlJX2VlZE4myreojQ0hqCSL28kE9Y3F65uumgrSK"; serverrunner="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfLhlJX2VlZE4myreojQ0hqCSL28kE9Y3F65uumgrSK";
systems = [ systems = [
server server
server2
dmz dmz
hades hades
nasbak nasbak
@@ -43,7 +40,6 @@ let
]; ];
servers = [ servers = [
server server
server2
]; ];
homerunners = [ homerunners = [
homerunner homerunner
@@ -58,9 +54,9 @@ let
laptop laptop
]; ];
buildServer = [ buildServer = [
hades server
kabtopci
dmz dmz
hades
]; ];
homeServices = [ homeServices = [
jupiter jupiter
@@ -72,17 +68,13 @@ in
"services/coturn/static-auth.age".publicKeys = servers ++ users; "services/coturn/static-auth.age".publicKeys = servers ++ users;
"services/matrix/synapse.age".publicKeys = servers ++ users; "services/matrix/synapse.age".publicKeys = servers ++ users;
"services/matrix/mautrix-telegram.age".publicKeys = servers ++ users; "services/matrix/mautrix-telegram.age".publicKeys = servers ++ users;
"services/matrix/telegram-registration.age".publicKeys = servers ++ users;
"services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users; "services/matrix/mautrix-whatsapp.age".publicKeys = servers ++ users;
"services/matrix/whatsapp-registration.age".publicKeys = servers ++ users;
"services/matrix/mautrix-signal.age".publicKeys = servers ++ users; "services/matrix/mautrix-signal.age".publicKeys = servers ++ users;
"services/matrix/signal-registration.age".publicKeys = servers ++ users;
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficejwt.age".publicKeys = servers ++ users;
"services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users;
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/mealie/credentialsFile.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/vaultwarden/environment.age".publicKeys = homeServices ++ users; "services/vaultwarden/environment.age".publicKeys = homeServices ++ users;

BIN
secrets/services/acme/opel-online.age
View File

Binary file not shown.

40
secrets/services/coturn/static-auth.age
View File

@@ -1,23 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ yMHHDZg+ZqoX3BGPI9Ruqbj051Ewsyxc207Ne0EJ6k0 -> ssh-ed25519 WiIaQQ 0L6Q7RQJaJTeeKDVSr6VxGonGkUdyF8mKx05C17uOjo
LD+wq4I8s/Fc6znNE6WRMba0u1BU5Mi6VKcyBk6xTZo pn3vf/e7nLWfzzrGd2NCyp+xBLY7EEMrVi5Yqzv329o
-> ssh-ed25519 WiIaQQ KmHrRHx9vaSMaHUWcMZKRApR9KWntU07umf1mZekRQk
/wumFHGj1am02zQ4g4EaEEk2sCoWTkjSARTIUnPnFD8
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
GBUmtcnkZ4tlQbsWArXcBEX+p7RAwFUeZ7QOteJ61/lDaKYOcYZPC298AI4eE5cE DwlLrPYOnIHzAm+wY9T1Oc8jW86RgDm6w9M2KA8C7XWoMSheiKpB1S/Ii3kPVkOz
jejlIO1Jh72eQCQ+ZniAdPO8caUWOXyAfXsk8Et8RCaodK0pt14JB/Ez+qHpZR2j 5L9QfJVYrz+9yApL8akUTS+UkKWj5rLKHrEXgdfzGxqt3T16Si/zvQgMR9fOO5mx
V9LC3xrlvWbyY21pnokQudSsu966Kmh27gAd1vyw+rAFpYSLhY6cL3oyiYNtZ0Nf +cDXBnyD8ufkUCdDZvIaH0fyU94q0HaNgkjd0juDOaYd3hE6usF3l4IWAqhZwfT0
AgsGrCIJhWOKA7+PJPSxbPPosqB9nteRRxl7Hi3XIhu7oE0YCqVVihA908vdaq7G Sm54OCH+Y0YSIAA9AVscx3qopU5ZJjXFsRXzvOhQGMm6u1jIsiyHrcu13+hYo+wJ
pOIubfd6S7Aptj7xiXb/8oojhsglgISPyFHIPOZaIVXVtNqFxXhjFiJjdZuZ4gRS jkHbDNFWV6PGtVmQNDDRPpprnAaFvDyXhDXZKx4tMxIgw7trfDh4+1b9khSavvOl
hmaxAXd8UblKzYWIKDUnAwdn5tdixC+GrqdNit2s946Di7s5oe7BptP707XQK0WA GkMrhyrjpgY1L6Mv5eM9z3jprAutVrNaM4IzINkKijNE0aQMId7hi7V2OIvYS/dH
HXJuc/h3+8JAkQsPW0B9+XbeNtRAh9Uqcq3tadGqjwfgLKepebOoG3K0F3+simcr dEoQkN1ZzpkwK4vuFvCAIaErkdNiLU76APpnjhnKy+SPQqASrhKPK+yeEu4Ri49o
bS3fgd1R92v8KyyXpKvgbilJQ2GBoxEqHTeMzqksp/6t/3s64tLEnrRhqcxyYz7P bht3bpJ9qMGLpi8hk7Af2ICBbHnrJ05yt9Q5S0S+I4459xkbFpjsA7g0z9MPiE0z
fDs0IgezPFQ6ZKU2KMnheRiQrRD//9JINPnj+0PPL5PggyaDh4PwA67INrHwANl6 KnSx+OxyUsQTsiZJMlwfzXOLMlzK/kwJ8QE0kp4rxIMItmklz23qU4i6gG99jnI1
Rgh8QNBvom3E8gdYuBuCM75PewMZF9mSksLDYrYz9M9LB4YIvBxHKiW6PhugtTwM 5C2o9EujZ0GSsbvZNJ4ucOOCC/J1BcoPHxU9cQz51DU+a0vFsK77UbzAC0mqQl8O
fd3uSuaTfTEFgPtEuJUsQk3Q8+lZQpY4BtEDP27NqFI wODT219ZFC9GzP91qHtAlVxpoIVi7OhVw8d8ma11N7o
-> piv-p256 grR75w A2dfNFLZpwdWZ4PkmeHpUdalrhHYehriPn23TC8V3mSW -> piv-p256 grR75w Awk7/Q4K6PnOx1VWmtxWQgJfGkPVHIbwk3oc2Dk6wcym
N8IfOhaZdWspJ2GCJ8de0Yhe3Jv1BBA8Ep+Tpp/IFyk oeWbEXfuOxHseJ9W+oKKqJiyGaE2a3w7nsF/AKY3pS8
-> piv-p256 RQguQQ As/Vu7wq9Y3gW8gJfxyi2b31e3A2ZswBPZ3KfShjDR5T -> piv-p256 RQguQQ AwdHD65+4PZUT4F8t6qU1GiXL6ETjScnFlLIcVSWuOk+
sE4kxCyTMm2fEvs/I3KpDt61S2vFv89/MgALO3RVsuQ POglZeYjAzYb/81gK8CDUDtl8eM6xE+z3YxcaOxK2/4
--- GnBuK/AhHklZlnoQXH6HGNZa/rqLWAOKpvbFK3IQnmU --- juEnuBaZ4x58VXzlmSgEu2TAQWGEie7zgaoa0phxJBI
Ümp9/ýÜŽ™µ·XŠ“'HnÉd´Òvdý ÅA[W8A;ê2¦uªqQT`,%]ï~íu<C3AD>¼.5<EFBFBD>Ía= Ž‡FÛÐnrc3ÿ&ô³!h·$ÔýJ2,iß'5îIJ™ §ńҤŔę­ŃśRěר ?H ňŁg» ďŰ4 ł &1«2CÖ+ě۱1¶rÍ­¦)ÇLV±Ŕá.P®ĺu±) )BÄ…8žňîň)eî¶ë2†úP¦zf€lT“M

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

BIN
secrets/services/gitea/homerunner-token.age
View File

Binary file not shown.

BIN
secrets/services/gitea/mailerPassword.age
View File

Binary file not shown.

38
secrets/services/gitea/serverrunner-token.age
View File

@@ -1,21 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 0qfOZA iyct51e862F5HcUHrV6HJfocfqWvyu5dcCG9vchvlzk -> ssh-ed25519 0qfOZA 2w9FxathvqTuN8TEnxHVFgr/O2dAy72owqK5Dfpl234
1GbQPF2QRdXA1/XlsovvS6RDvXGeUykYuBf1o9md9NU ArxI39jUSbHAW1E9oVmTwkVWKIF4kZRhl26deteony4
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
V2ezCm2vmn6TYu25I4FDrXtQoMQSWobixzKO1z2HgD/fU5tk6XOwD5Ha/Q1MqTZf PxnpVXjlneM5kJS3ThHQOtA5BCzruLTkNRI/QB5mBQFWTeqlOrUeR6VdIyKWckpp
JgNrMCChh6xWrcd/dDBjuCRNQlcvWH7DFqu1AH2dg6AvRnEBFJKg5agFjYnQQz4d 4ZSNoXTi/ub28uGY1y2wA77xPWzwYokFr6tWiJvEfgtvaO6HXhCVEY/g0H60bu++
cLGXAMSRRIIZg55yeMwawm6co7f3/8nw6DEWOtaB+WnXek44cdHGXIDn7jVY10IJ r6rpiJxycFEpRtJqZZRZ+/1S77AdTstkBzFFg1cJygHZjtJ5nlhcVIeh7rngrNEU
4PwykvCIhZsmBW/f38OH6qvdAdAXJMJqDTyAzSjXH+fVFy8pYuFpALJzOXnk6OFB ypRzgl87zh3ZvG+9wVjBbnrIVF8ICm/rzSv//n2Lq+Q2DmIB5VYIiMErh/S0Xat5
EMwFnFgt+Du4VybJEsxg93xFNh6CGga/7scjfdulWmakHSKh/LYVowsjPKlV7LIO t4a6Ch4KdyjvQxqDn15zWmkEMWasBM6BsrcZ0v67DA/q5Ue0KkMu8qomYoitH6dT
L+06RHFiBCsi6dxRMUEztwzXWhvHNL1DUix5BJv1v+vCS4DGAiQ+nqntg6sBZgyD LyJwm2skAug8c3p53mPFOOZlyHrUgx4zuUx34lRHwmZrQm0Deag//KkKsbA5DsIB
A1yR2JblEWND/TeGC7fFI+lPH27608QgNeOqQrHKm5Sk9j4b4ClNhxEQRTquMxM5 T1RCkSIldG11vRc92sg24rWBmyDkJuzU94/Seivf3fuWpI0bjwZJUJlShvxTgk8E
PAgNpdwyXP2mKi/XeN2v4GnJ9OBUEj3yzZ1YNwOCajI1t9IPChPc2eR9O8AjUT5v SJrkKljDeYE+nBfcCU6pVSx3zMRXEDHn/1O2lY6PV9xSiJ55NbYyBJTDmv4GLJTM
C1isvdmcqegtqP7P0SM7xqx/gxUA7QQx7kRr+QALbECbsSzrSycXowp9OvsewQ/3 AUDZc7ZBSiVHfti3MkyzCO00X1HBKGZmRjfw/PDA0FaTy7h+3g/YIaKR1JCQDgDb
6ZfSAsXTu+voXEv5E59NpUUhIIcEq6BByBbcdBKt0G1FLmIaL8PG2Lwk3/EAaUY6 g7w/LM2XoaNA4vsZONLlc9LmczGJcno4bGzDafr+R/n91+2s+PXfcLy0JnrjnhcS
Wx4ieA0ZXK5btRAr947ZM71o5Zag3OBnZ1MKxDCAq2c Uo20lgvdRdC7JhQUYEhGchhuDv18qWz86YGLZtXiDyI
-> piv-p256 grR75w A9ZmUbec4JRZGWMjnqBTQGCf6GimNyNDmllWB4uBHJFq -> piv-p256 grR75w Atv6Qx+Kox3yaIg3GlBcjl/jOqB1c+jQZjXjd9QjKG93
mN/spixDcTc6UZSLe4vc879uOUxOw9Qh9VDRK2YrTGM jCGiPNAhf/dv/u7+gMqyk0/Llg91j5V+eveseRDju2E
-> piv-p256 RQguQQ Ap+H8uhWf+iaeyTIBziLgulUiF0wYOPFizC17xhzWtxj -> piv-p256 RQguQQ AuFA9C0hg7/lDHEz4ot81oDorONklwhktdbcV28GlZNq
lbgpzytkMbtmlRT67GhwBBMzbTCD8M/1vuobnUhUNlM Ddl+GdZ+bd884HoRd8hYaMkzJVW1w9Jl09ZSJ5cr0LI
--- NQ1zWWCImu0ugkcWJW645DMva4rngFMNDagT74Yku6Q --- EXQY07ioUVXZngCW4Fj8TWYtPcxKd33tsA2aSJJLGFU
ÜU•U?É×Q}<7D>Þe.+õ³Þ„3kÏa?9ù<39>\¡;C¬é_ öÌ)•önᜭ38>ôóC®{tv»1ÆåÓˆàLUq#b+c} ì'F¢¿Ó­å 

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

BIN
secrets/services/mealie/credentialsFile.age Normal file
View File

Binary file not shown.

40
secrets/services/nextcloud/adminpassFile.age
View File

@@ -1,23 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ slNwdPIgpsABv0SgU39pUoudBMs7UAsCbdE3aDxCNh0 -> ssh-ed25519 WiIaQQ axhKLacpJTDu8bKQnGqJc9FX1nthnXS+B98NkIKOfkg
/HXJ6yQkBPp6bFY8B72f9gpQpele3wFmwZsMaFBE8uk hMUlU4+cARDtDSw82HBP++1y64uNui4Nn4RJmTc1Mbo
-> ssh-ed25519 WiIaQQ OUv7lcCQDvJo7fpchdQRwIbXQ4nG16gWgJWMSdSMMxM
rD2lYHGo4CQjJOqpD/n9pgPjsbIvGRNFiuWO0QFtyOE
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QgN54J0Py+EdO2LAup0PI3f1lDsuJHrxMCLt5+dfnCjSmPrWtGxOGf9Nw6SQWg0p J0vpMK/d/QLPKDFrsuZGjWWcLY58r8wqrqSTO40BTGYAbCkwpH/N9A4AiUnfGXj4
3TQ5Rew0jhedXJ/h/c0c95h9OYsnEjYqz14CRYAohngaSbFWiaLFrklg7hGcvTvb VD+4qkdP5Cdn9lpQVHZb7MRVTmz1nIqgWbLcime6jm2/Z0oQhw2qR3KrxrwFpNHT
9+MB0c+HtHoNtYVKYdgmzPXMPYBx/99Lc8Q24xvfSlGlGhl72S2CTu8us0daAZ1z pb1q7TD6Rhz1U5aOeUnH8JMg8KXpr34GNWV83+pV5g4MzPivKMzq636zA5XXLGg2
TnMLXZ9TKw/QtSS3+Wa5j6jrLyPD0M0biCBdRPR+4ho/t0AR/qQfXmCGZOf0kfe/ oiKL3sCy06QxyoCnvqdHj8ssYvIb6v0xROqHJSA27x0oHq8fgwk/jfx3A7CIcWbj
XtBRs/QQT+HAHOUo9wPR332yuUxu03jHpPrlhuP88ydcAjUccYvEndAnRyOv9sea kYIVXwfW1kQPBbEtV8QPVkI8wMvu2/mtt4l//A6EvFEBcTLFV8jqzFOw9fb1kQr0
RuM8e0GDYRwpRNjPbAorG6PG+oJx7/t6z1OkVxRpRJQHTWJ6ntnMAd6ZhGNgRp8F nOFFQQb+pUJz1K7DV/Yki9rkihHpeFCcXBnGoW53EM+7lizg7BWw4golqi2aDo/f
xIiXzPwGTEnyiRFOSTzxwX8XP25c9ft2Bpx2uYxUgS7af51NWZIorqJmWgQN49oJ TQU6YVYUUUCV18ymNydQTmEFUqpZyAjJ8U1x9dqC6GnAvbEckoWQO2rvaC3d3+Kd
5DA8uBan3qQkr0jJzFwVKYYt4roIYEtrnH/snl5uNbpIhPfTy5/rg+Xrf0aRunpP I1x+MfRf0cKmr8v05cEjnA0jXsYVz5GoGbW07rSFfzehUql03UIWoCBjFe+jOit8
U9bpuJtBVgIAUXk5zLxhnMh43o2YYxCHN0cArU1wNLHcdaKogPGpT1sLCckwZ/3L dHGEgemX0oBK+3hKVGA2jgjjJuQSyJAohC0PB6N+FJg896ft1Qul0nIUBGsYxc0F
O/hxutVOmkJyNOAp9k0jV6zedWjhru/4v4Imov6BxDyLf3Hz2vnvwogYVgyl3TIr J1p2ANQCS5LYibl3RjzU84oVJ7tQRGxTm/ifV72ABLr51lQUQ/Xm7ejGc2W2DBf0
Ir98D/CIp3i74VsUvVrZmo7joZcDhnAXlLPsb51I6qM hQFr8bsq/rUbyJSUlYd72m1+AIWkzNNnUzh4ZYZoKX4
-> piv-p256 grR75w Ax4mmj6z8SvPKdHRz7H8O/he2R4f4tql+NXSMTvr9rZ4 -> piv-p256 grR75w A3S2V7f+gRKz0atGirP3XFwqcLUSwyyrwvXJn9N71GsK
EPyI4xcY1Nt/zZ/+XXVhUAt+aq3qEEk+kuuA1PbOPI4 mHdPCL/r7/4lI62DVetgtQNz382RNVbYjjWJa7CY1+g
-> piv-p256 RQguQQ A6ST+jiJS1R0QV1lw+IlMYnxXnTOLxyDfxpQZ/AWCKHB -> piv-p256 RQguQQ A8TZ/IJp06b3fyQW5v5eW4zvdTXt39vNcEoRKDFvFEuU
henkAsW+enG7nY5Y7egcw6RezC0gdakjZGwH+KP6idA 5P//fq21JtVKc4kibrUzAizJSbuDPWvfpmKHTJOh+pQ
--- Dlhmc48gY+BCXUhKQDRnlprdONlHDQ4tZf8BmZPsFKo --- GCvDKrJ38F1lOQuj+4728qfgP5Kuh6pdrrtoCR9bW28
Ë ¼ú~ã]Äèzø‡O†ßífg*ëûB«v²€+iL¢!Ô K…û0µèL yçü p2Wþ` Õæsì8܉xOTÅ-J#~ $

BIN
secrets/services/nextcloud/dbpassFile.age
View File

Binary file not shown.

23
secrets/services/nextcloud/onlyofficedb.age
View File

@@ -1,23 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ TvH9o4N8RCyhpFMQdT3WjKWP9MtCerGMv9ecz9Do7gc
pU14wjxyWBT1bywg7N2HRmohZKlgVgmCMuhnKkvjmh4
-> ssh-ed25519 WiIaQQ nsIrxNgkZ/R+WmAaWGnAIaQi4HYOhWRySeoXPY7P7AM
5uHCObppGzaXRmUBl5J1Ms2fglE9ZPWnsHjZRhGhUw0
-> ssh-rsa VtjGpQ
V8SprtOmsQc9/7cyNw/fdz0KURXaxdODfH6UeYiQMdExmLwZGJbZCeJh/8ubRG+7
Jf/kdbHcWBEPjdCBhfK8Rt6aNd+Jy+VdRW+E4D2pkW9lxY4xDf8RtoFnTvx4tEI1
oB3NWQdVQMnWczwUMQ6ssJhZuvNW9LHRVUpptgsPJ9P12ueZXoGhHDc3eE3Lp4Cy
c9Fxn2u7IzN+MDHqrLAniI+m/m1WCSWgaOQlcsyrFFPgXj+BNvpUQ8wVi9aYaArT
jTIot6TOFJNLT60CRlBMrg7/2rUMMrahDTx9WARVCzYLDykC9kU+sjVys0wMlx6t
dkKgIWbhfqi5w3XU1YfDQ29jduamJu/+04GptNHN+PjyjGboaHMFmC2wmGV3G5VS
QAO1hdST3JfeLb2wyYuP1xD6DHtkKtAfl81jpyrP8Bq/l4Nfsrb90cmdNDRww/H0
dZJh1hNex9hxrwj4GAWpnqXoWGqIR/5hwbQtcH2Bt345tx7DLFH7mh18xGOud2qc
1o2YT7By4/QkWA/g8tPSjr/1jZp8Ylv6Y9MkTwNWjHSFCDfHu8TPaT3Mw5kPsQkk
dt1XMX+CaUQrBrCTooaXluiktRIXQdwG0oPzpIm6R735ijv/rwnQM7WpQ5HQQ2OD
rMSBWi0ArmyjVMFXePsLW0d23glBaMpGZIirIm/UU28
-> piv-p256 grR75w AwR6wTkB015k3gyUmEBc9DXhz+PFiNUZ7KMA8Kqq05lY
fhxJgG8c/m50NdET7Y+9KhC8znmouVBh6n61OL+KfRE
-> piv-p256 RQguQQ AiDuXGyWoNU4TkwGa6QBozFZh+3PYl8y1FHVyN1eUyz8
ieuAZyJ2CEZeCNFFXcWEf0vyI7NI94xkQDXjpzd+NLc
--- 7DUMPdjVfmKuN+3lGN7JsLHt0HoayDd6yk7li2sSRwE
"ÿÙ_K!àÇŸoÍÞB$åc®‡ðÄÀ\ˆú”˜cr5l} 4Ž(X!“UµÊa™W…¡ÿZñwJûx

23
secrets/services/nextcloud/onlyofficejwt.age
View File

@@ -1,23 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ heR67WtUWEMq/A6BRfIkPMcb+hzVZabpWu8uukmuBFw
wTSODQfOvRcG33/y/dqEiJ4RNRsTYGXJtxBUQ6C+seo
-> ssh-ed25519 WiIaQQ QshckqSrByAPJIK5pDhVvLBQ16sGLTAAAYylhtlH4lU
1j3qPx/5yTFIxAmNjvD4gGFfp3HNUFO0jh57l+SV4kQ
-> ssh-rsa VtjGpQ
G7DGz5AGsyy4qgRTvaSQNKJSsJkLayNzmhMjSVI2aXCVWZuVJy0r/IC8cmXvcbFd
ejjTf6Qh1tsFnotoR5whgrhmkG/0IcAokLSFXNyYj4NlW/CwsYEVDoEt09KmnIRA
X6wPqxpDAqs36rcUBQJC4jj/HIgAJwswaVgcoC9S6UBs3H/skFkjczbNM2HKoxzF
UtUUxaXZ3UFF78/rpk5h7lYWteN1FFjeZyOKwSbtYloq5eMlAe0yHnGFo5SPuHZu
QG9O7RJi9y/TnZy9G86HIpIQjZQ9dYW4r139Pb51Fxun3D3nV9eeC7y0RMS3YSAU
0kK22ZjhTq7ZiiRqjM8KjyNMOLTXmzUHdKA7B7JLuYCfDyxj/wszXZuAfC+PXP+D
1YRUErQogn0lPCPXPclwEcYea7Cd6R+2OIpd2TQ5ROIV2FXrpA4EY7Up6ICk7eZf
HoFqbDLD98JjLCMGyEjfG6/UHckBjAeQSR+7k1f/L+NO3IWfH5ud7TWzJNrlqDWJ
Y6zvtQ31kkZNfQNgPHL9l/c7/1IWQFtcJ3fzDwE/hd+93OA5RoYutZw7lG3q6EGk
wPH6pZt+O7/7CtWJz9J4YvT6zE1DYmEobHYRrKzo7II9mdlWSIsu9KjFFt4qdsDN
HtVQJwFwiL9YPw8y7Z1Aalmo/0zTdwosjzBzl0eU9vQ
-> piv-p256 grR75w A3alWLHjgQN2quTfwIXc5xN+5jZowaN2Jkuf666CZt5P
gz0a64iDAI5Y3gpjra2zUIAqGgNh2IJQU4u10TxfOIU
-> piv-p256 RQguQQ AoJJolmpdp0pEYduyAT5YHiLu3a5yELTvHCb2B1gK+RW
/HF293f3uch4lwcHvc0U86BpkUdrDot5GWy6XmSEfnY
--- i0ABQSL1xJRh+baGUX/gfuvwM45jfHK7OP9uKReNwX4
aÖ°gÓÌï>Ä莠Å&<26>ñ”{4¤/˜œ#¨Öœq¾Öãƒ"Ð8RÇmÐÍÀ¬œ{¦$; ¢6#øÂû

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/vaultwarden/environment.age
View File

Binary file not shown.