Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: Kabbone:dev
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
...
pull from: Kabbone:main
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

171 Commits
dev ... main

Author SHA1 Message Date
Kabbone
58f1133657
flake update 2025-01-03 19:46:06 +01:00
Kabbone
85eec3b7a5
flake update 2024-12-31 15:58:14 +01:00
Kabbone
fc852aee67
server: nextcloud: disable onlyoffice and set maxUploadSize 2024-12-31 15:57:49 +01:00
Kabbone
e590739346
server: mautrix-signal: update config 2024-12-31 13:48:35 +01:00
Kabbone
7ce839e653
server: disable ollama 2024-12-31 13:16:22 +01:00
Kabbone
97454dac5b
server: mautrix-signal: update config 2024-12-31 13:02:31 +01:00
Kabbone
67ae6e5e23
server: mautrix-signal: update config 2024-12-31 10:58:05 +01:00
Kabbone
dcb7ac9aa0
server: mautrix-whatsapp: enable encryption for now 2024-12-31 08:47:22 +01:00
Kabbone
12b581674b
server: btrbk: add var 2024-12-30 22:30:31 +01:00
Kabbone
ab205e1a98
server: mautrix-whatsapp: disable encryption for now 2024-12-30 18:29:03 +01:00
Kabbone
90f07ad8bd
server: matrix: update mautrix-whatsapp config 2024-12-30 14:28:06 +01:00
Kabbone
3d3b5c9a5f
server: matrix: update mautrix-whatsapp config 2024-12-30 14:17:19 +01:00
Kabbone
7e814bc276
server: matrix: update mautrix-whatsapp config, disable relay 2024-12-30 12:35:16 +01:00
Kabbone
25a2475b65
server: matrix: update mautrix-whatsapp config 2024-12-30 12:21:35 +01:00
Kabbone
4d890c44c3
server: matrix: update mautrix-whatsapp config 2024-12-30 12:19:12 +01:00
Kabbone
d0ba393447
server: matrix: update mautrix-whatsapp config 2024-12-30 12:14:19 +01:00
Kabbone
5a33c0ee3f
server: matrix: update mautrix-whatsapp config 2024-12-30 11:58:27 +01:00
Kabbone
9d03e1167f
server: postgresql: update to 16 2024-12-30 10:27:01 +01:00
Kabbone
d2d72a383a
update nextcloud to 30 2024-12-30 09:03:00 +01:00
Kabbone
2969562349
remove deprecated opengl option 2024-12-30 09:02:42 +01:00
Kabbone
ba60a3c637
update flake to 24.11 2024-12-30 08:56:20 +01:00
Kabbone
b25260b71e
add cachix for steamdeck 2024-12-30 08:21:33 +01:00
Kabbone
29cc48d499
flake update 2024-12-29 09:00:46 +01:00
Kabbone
1ef405296a
lifebook: change path of SSDT4 2024-12-29 09:00:31 +01:00
Kabbone
16c6d9e907
lifebook: make suspend work, DSDT override 2024-12-29 08:48:59 +01:00
Kabbone
3060cbfb77
flake update 2024-12-19 13:16:52 +01:00
Kabbone
1776697f9b
remove catppucin module 2024-12-19 13:16:40 +01:00
Kabbone
dd8159d6a4
flake update 2024-12-15 21:48:36 +01:00
Kabbone
756801607d
desktop: add module for sensors 2024-12-07 22:52:18 +01:00
Kabbone
ccabef6ed7
flake update 2024-12-07 22:51:47 +01:00
Kabbone
3b39a9d744
flake update 2024-12-03 20:51:52 +01:00
Kabbone
a631a5731a
font: remove nerdfonts 2024-12-02 19:53:59 +01:00
Kabbone
e858004e48
flake update 2024-12-02 19:16:09 +01:00
Kabbone
b587b948ef
flake update 2024-11-29 20:20:20 +01:00
Kabbone
09beb0eab5
remove nbf5 from ci 2024-11-25 19:20:31 +01:00
Kabbone
2f7ecf092b
flake update 2024-11-23 11:19:48 +01:00
Kabbone
443187fab3
flake update 2024-11-15 12:44:48 +01:00
Kabbone
e738917d07
update flake 
clean up kanshi from profile to settings
 2024-11-04 20:20:59 +01:00
Kabbone
bca8c6343a
flake update 2024-11-03 15:48:22 +01:00
Kabbone
c99d5a620e
flake update 2024-10-29 21:39:19 +01:00
Kabbone
b8434f4d45
flake update 2024-10-29 20:35:51 +01:00
Kabbone
e34f886e6c
flake update 2024-10-25 21:21:28 +02:00
Kabbone
39f9c40dbc
flake update 2024-10-22 20:46:16 +02:00
Kabbone
c4d3591ee7
services: vault: open website 2024-10-22 15:38:51 +02:00
Kabbone
da1bcdd116
services: vault: change database path 2024-10-22 15:19:06 +02:00
Kabbone
c7b183d9b1
services: acme: increase propagation 2024-10-22 14:17:51 +02:00
Kabbone
03ae8cee2e
server: postgresql: remove vault 2024-10-22 13:12:31 +02:00
Kabbone
c436a8e2b9
services: move vault to local 2024-10-22 12:43:09 +02:00
Kabbone
efc049e739
services: move vault to local 2024-10-22 12:32:41 +02:00
Kabbone
c3df4c714e
flake update 2024-10-21 15:28:32 +02:00
Kabbone
82a880286d
services: vault: specify postgresql auth 2024-10-21 15:09:52 +02:00
Kabbone
c57a18e787
services: vault: specify postgresql auth 2024-10-21 14:45:39 +02:00
Kabbone
000cb57e65
services: vault: postgresql: add missing user 2024-10-21 14:39:49 +02:00
Kabbone
b8d14243f9
services: vault: postgresql: add missing user 2024-10-21 14:36:28 +02:00
Kabbone
fcbae86056
services: vault: set virtual host 2024-10-21 14:28:12 +02:00
Kabbone
ff1bdbe8ff
services: vault: remove backupdir 2024-10-21 14:24:13 +02:00
Kabbone
1bf18208d9
services: enable vault 2024-10-21 14:11:56 +02:00
Kabbone
431d9cd4a9
services: vault poc 2024-10-21 14:07:47 +02:00
Kabbone
8eb9b3952a
services: vault poc 2024-10-21 12:17:54 +02:00
Kabbone
419d2e8cd7
flake update 2024-10-20 11:05:34 +02:00
Kabbone
5c4e09f773
backup: fix timers after boot, prepare steamdeck 2024-10-20 11:00:40 +02:00
Kabbone
2e4f1d5dfa
backup: run bak only after network 2024-10-19 08:51:01 +02:00
Kabbone
3bef5b8830
backup: run bak only after network 2024-10-19 08:47:31 +02:00
Kabbone
c59f1165be
backup: minor fixups 2024-10-19 08:43:49 +02:00
Kabbone
3adb782cba
flake update 2024-10-18 17:48:50 +02:00
Kabbone
17816805d2
apps: add maliit framework 2024-10-15 18:56:15 +02:00
Kabbone
ff0ff7fb2c
add lifebook to backup 2024-10-14 20:18:48 +02:00
Kabbone
d9a20013b9
add lifebook to backup 2024-10-14 20:08:16 +02:00
Kabbone
032ebaa2a4
fix hades backup archive 2024-10-14 19:53:29 +02:00
Kabbone
6dbe100036
add buffer to btrbk 2024-10-14 17:46:26 +02:00
Kabbone
f0768984c6
add hades home to backup 2024-10-14 12:43:53 +02:00
Kabbone
2b4769cae6
setup backup pipeline 2024-10-14 12:17:17 +02:00
Kabbone
fb7688baf3
desktop: disable global catppuccin 2024-10-14 12:16:47 +02:00
Kabbone
92d6ff4898
flake.lock: Update 
Flake lock file updates:

• Updated input 'catppuccin':
    'github:catppuccin/nix/bad96d3fabf8d2e8f0bf0c2cb899a9fccf01ea03' (2024-10-02)
  → 'github:catppuccin/nix/96cf8b4a05fb23a53c027621b1147b5cf9e5439f' (2024-10-08)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e' (2024-10-04)
  → 'github:nix-community/home-manager/d47d33254fbf4fdbdee9f1f14095f689662e479d' (2024-10-10)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/cb63dc934ba512b2d56d89b94c5da7894f6a7809' (2024-10-04)
  → 'github:Jovian-Experiments/Jovian-NixOS/a25f915ec05196d15e3f7f8555ffb612d4f1045d' (2024-10-08)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/e2365a1d8dccdcf4bca5111672e80df67d90957d' (2024-10-01)
  → 'github:nix-community/lanzaboote/0bc127c631999c9555cae2b0cdad2128ff058259' (2024-10-06)
• Updated input 'microvm':
    'github:astro/microvm.nix/e832ffc16b09b1b5c7c1224532d03ed3ce68afd0' (2024-10-02)
  → 'github:astro/microvm.nix/470537e671d743f40812b9c071a4130eabdb3deb' (2024-10-08)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28' (2024-10-04)
  → 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5966581aa04be7eff830b9e1457d56dc70a0b798' (2024-10-02)
  → 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
  → 'github:nixos/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09)
 2024-10-10 21:01:48 +02:00
Kabbone
da9db371af
server: hydra: allowed-uris 2024-10-06 10:10:05 +02:00
Kabbone
c8b8305146
server: services: onlyoffice changes 2024-10-05 12:16:13 +02:00
Kabbone
57f56146d2
hydra: allowUris 2024-10-05 11:26:22 +02:00
Kabbone
272971cefd
flake update 2024-10-05 10:32:14 +02:00
Kabbone
3505e611c1
desktop: enable catppuccin module 2024-10-05 10:32:00 +02:00
Kabbone
fd09e597c1
server: services: onlyoffice changes 2024-10-05 10:31:29 +02:00
Kabbone
255c8ca4d0
prototype fuji 2024-10-05 10:30:57 +02:00
Kabbone
dd79f25336
fix themes 2024-09-30 20:59:37 +02:00
Kabbone
929fa949b2
flake update 2024-09-30 20:57:48 +02:00
Kabbone
fd5bd6a88d
flake update 2024-09-23 20:23:51 +02:00
Kabbone
6a34b81910
home: add gimp and freecad 2024-09-14 15:03:30 +02:00
Kabbone
8d27f5e73d
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/be47a2bdf278c57c2d05e747a13ed31cef54a037' (2024-09-09)
  → 'github:nix-community/home-manager/6c1a461a444e6ccb3f3e42bb627b510c3a722a57' (2024-09-14)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/2d050e65a71e02a1f19d1a35c086bd2e3dfb2cdb' (2024-09-06)
  → 'github:Jovian-Experiments/Jovian-NixOS/02cf60ce20b6034fc0459e5116cec7016aaff6e4' (2024-09-12)
• Updated input 'microvm':
    'github:astro/microvm.nix/caac7808d1e31f8a0fa408338cd3736947cb226d' (2024-09-06)
  → 'github:astro/microvm.nix/af604aa08ac9a4ae585beaf1a3482897a27ab67e' (2024-09-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/aac7c50858a21636ddfd39831ccc221cf9d59827' (2024-09-09)
  → 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/68e7dce0a6532e876980764167ad158174402c6f' (2024-09-07)
  → 'github:NixOS/nixpkgs/e65aa8301ba4f0ab8cb98f944c14aa9da07394f8' (2024-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
  → 'github:nixos/nixpkgs/4f807e8940284ad7925ebd0a0993d2a1791acb2f' (2024-09-11)
 2024-09-14 15:01:15 +02:00
Kabbone
d2abc23417
flake update allow olm 2024-09-09 16:43:34 +02:00
Kabbone
263d10dbdd
flake update corrections 2024-09-09 12:40:27 +02:00
Kabbone
406cb190e9
flake update 2024-09-09 12:05:20 +02:00
Kabbone
f4b8db1022
flake update 2024-08-30 22:32:39 +02:00
Kabbone
ea282c6237
lifebook: set suspend-then-hibernate with delaytime 1h 2024-08-25 22:47:35 +02:00
Kabbone
0f3a2e0e52
lifebook: fix s0 suspend 2024-08-25 20:15:26 +02:00
Kabbone
aaaa3f108f
hosts: nasbak: switch to systemd-networkd 2024-08-22 19:42:25 +02:00
Kabbone
0b566c81be
flake update 
switch jupiter to systemd-networkd
disable jitsi
 2024-08-22 19:08:19 +02:00
Kabbone
183a280402
hosts: kabtopci: some changes for hydra space 2024-08-16 14:56:56 +02:00
Kabbone
eae9aa6d62
flake update 2024-08-16 14:29:44 +02:00
Kabbone
5ddf51f572
wm: sway: rot8 invert y-Axis and disable keyboard 2024-08-11 21:17:25 +02:00
Kabbone
1787103cec
wm: sway: switch to rofi 
add rot8
 2024-08-11 19:44:14 +02:00
Kabbone
a6c6cb699a
hosts: small fixes on lifebook init config 2024-08-10 06:20:26 +02:00
Kabbone
d83a55d62d
flake update 
remove sound config due to update
fix hydraJobs after adding lifebook
 2024-08-10 06:20:23 +02:00
Kabbone
1405ee7eee
apps: install android-studio 2024-08-10 06:20:20 +02:00
Kabbone
66cdd05f41
sway: add german layout 2024-08-10 06:20:16 +02:00
Kabbone
b05a692b47
hosts: fixes for initial lifebook 
add lanzaboote lifebook
 2024-08-10 06:20:09 +02:00
Kabbone
e5db869b82
lifebook: smaller fixes 2024-07-17 21:17:50 +02:00
Kabbone
cb84afaaec
shell: add ssh-agent again 2024-07-15 21:31:44 +02:00
Kabbone
05b0762421
disko: add opt 2024-07-15 21:29:57 +02:00
Kabbone
0a1e17995f
rename laptop to nbf5 
add lifebook
 2024-07-15 21:24:50 +02:00
Kabbone
dba8ac1eb0
flake update 2024-07-14 14:19:34 +02:00
Kabbone
dce3035653
git: add cache 2024-07-14 14:14:43 +02:00
Kabbone
9f8e15d135
add git difftastic 2024-07-14 12:59:51 +02:00
Kabbone
d5f3aa3885
restructure common sshagent 
cleanups of commented out things
move non desktop to server config
 2024-07-14 12:06:47 +02:00
Kabbone
0a775adbdc
fix unstable with moving powerline to python311 2024-07-14 09:56:40 +02:00
Kabbone
8459516c95
add new wallpapers 2024-07-13 13:41:50 +02:00
Kabbone
d16898adf8
flake update 
comment out freecad because pyside is broken
set python311 to fix nose dependency in unstable
 2024-07-13 12:01:05 +02:00
Kabbone
d518e9ffe4
flake update and move all back to nixos-hardware master 2024-07-02 22:22:26 +02:00
Kabbone
4882bca4c9
flake update 2024-07-02 18:29:13 +02:00
Kabbone
3cb4ae7c50
apps: install ausweisapp 2024-06-29 07:20:28 +02:00
Kabbone
904e5a88c6
hosts: steamdeck: update to plasma6 change defaultSession 2024-06-22 11:46:35 +02:00
Kabbone
430858fb11
hosts: steamdeck: update to plasma6 typo 2024-06-22 09:15:32 +02:00
Kabbone
4fec51506d
hosts: steamdeck: update to plasma6 2024-06-22 08:57:56 +02:00
Kabbone
1a76923e77
flake: fix commit for nixos-hardware and remove from steamdeck 2024-06-21 23:40:53 +02:00
Kabbone
19487f6b79
hosts: steamdeck: rename for nixpkgs option updates 2024-06-21 23:15:02 +02:00
Kabbone
daee0533d5
flake.lock: Update 
Flake lock file updates:

• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
  → 'github:Jovian-Experiments/Jovian-NixOS/a7a9774538612c75324f785ab1300e67abc039d3' (2024-06-21)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
  → 'github:NixOS/nixos-hardware/cc634b69c8312c4e88469d3c7e8fb5ecc72e7dc6' (2024-06-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
  → 'github:NixOS/nixpkgs/dd457de7e08c6d06789b1f5b88fc9327f4d96309' (2024-06-19)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
  → 'github:nixos/nixpkgs/d603719ec6e294f034936c0d0dc06f689d91b6c3' (2024-06-20)
 2024-06-21 20:43:44 +02:00
Kabbone
3484124ab4
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
  → 'github:nix-community/home-manager/d7830d05421d0ced83a0f007900898bdcaf2a2ca' (2024-06-19)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
  → 'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
  → 'github:nix-community/lanzaboote/6fa7bc0522f71d3906a3788bbd80c344cd9c4523' (2024-06-19)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
  → 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
  → 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
  → 'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
 2024-06-20 18:59:21 +02:00
Kabbone
c89ea890d1
hosts: add hydra cache to all 
fix kabtop defintion (missing ;)
remove scsi power option on jupiter vm
 2024-06-17 20:47:42 +02:00
Kabbone
9b22d5c1ba
flake: add hydraJobs 2024-06-17 20:31:44 +02:00
Kabbone
801468970b
flake: add hydraJobs 2024-06-17 20:02:41 +02:00
Kabbone
f30860cb34
hosts: hades: move to 2.5 Nic and change name to hostname 2024-06-17 17:56:41 +02:00
Kabbone
d754a5b1d5
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04)
  → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
  → 'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
  → 'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
  → 'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
  → 'github:ipetkov/crane/0095fd8ea00ae0a9e6014f39c375e40c2fbd3386' (2024-06-15)
• Updated input 'lanzaboote/rust-overlay':
    'github:oxalica/rust-overlay/6dc3e45fe4aee36efeed24d64fc68b1f989d5465' (2024-06-08)
  → 'github:oxalica/rust-overlay/0043c3f92304823cc2c0a4354b0feaa61dfb4cd9' (2024-06-16)
• Updated input 'microvm':
    'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
  → 'github:astro/microvm.nix/b11f00056e11a802809935b0675176a2429593d9' (2024-06-15)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
  → 'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
  → 'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
  → 'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
 2024-06-17 17:55:45 +02:00
Kabbone
8352d5c0ba
flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
  → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/3d65009effd77cb0d6e7520b68b039836a7606cf' (2024-06-09)
  → 'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f27db3a9a8c21a65c1ef50cacca3ef2bfff04cb9' (2024-06-11)
  → 'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/56ed078dc92baf72813d55dcfe399715a632bc41' (2024-06-09)
  → 'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/55e7754ec31dac78980c8be45f8a28e80e370946' (2024-06-04)
  → 'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
• Updated input 'microvm':
    'github:astro/microvm.nix/e3a4dd5b381fb580804105594cc9c71dc45abdb5' (2024-06-03)
  → 'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10)
  → 'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/47b604b07d1e8146d5398b42d3306fdebd343986' (2024-06-11)
  → 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c7b821ba2e1e635ba5a76d299af62821cbcb09f3' (2024-06-09)
  → 'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
 2024-06-14 17:23:57 +02:00
Kabbone
0cc0c7003a
flake update 2024-06-11 21:50:11 +02:00
Kabbone
939f5d9433
hydra: change hydraCache URL 2024-06-11 19:54:49 +02:00
Kabbone
2cab296188
hosts: kabtop: remove hardware module 2024-06-11 17:56:04 +02:00
Kabbone
9751a6bf52
secrets: rekey 2024-06-11 17:55:44 +02:00
Kabbone
5c7d579c44
hosts: kabtopci: fix path and add mount script 2024-06-11 17:14:24 +02:00
Kabbone
998c9aa54d
hosts: small fixes on kabtopci prototype 2024-06-09 15:40:51 +02:00
Kabbone
8c59339b50
hosts: small fixes on kabtopci prototype 2024-06-09 15:17:55 +02:00
Kabbone
8617ddbd3a
hosts: add kabtopci prototype 2024-06-09 11:01:05 +02:00
Kabbone
b4c7b1762b
hydra: fix jobs 2024-06-08 19:32:33 +02:00
Kabbone
a119ae47f0
server: services: nextcloud add maintenance window 2024-06-08 16:04:00 +02:00
Kabbone
60118fc7f7
server: services: update mautrix-signal 2024-06-08 15:47:37 +02:00
Kabbone
64a5c3e34f
server: services: update mautrix-signal 2024-06-08 15:43:47 +02:00
Kabbone
a5886eb6d0
server: services: nextcloud: rework for new structure 2024-06-08 14:48:57 +02:00
Kabbone
ca8c0c8a17
services: hydra: add allowed uris 2024-06-08 14:47:20 +02:00
Kabbone
1d4a80ff86
hosts: laptop: hardware: intel-cpu already imports gpu 2024-06-08 14:30:43 +02:00
Kabbone
e32635ebb7
flake update 2024-06-08 14:07:29 +02:00
Kabbone
964379114f
hosts: correct avahi 2024-06-04 21:11:04 +02:00
Kabbone
6b5f86c9ab
dmz: services: nginx: add recommendedSettings and fix Hydra 2024-06-04 21:06:44 +02:00
Kabbone
d7c142e2ab
apps: alacritty: remove offset 2024-06-04 19:42:43 +02:00
Kabbone
90201b355c
hydra: add desktop job 2024-06-04 19:01:29 +02:00
Kabbone
2ee496c5e9
hydra: add desktop job 2024-06-03 21:35:31 +02:00
Kabbone
a901a661f9
services: hydraCache: add substituter and remove rocm from steamdeck 2024-06-03 21:29:23 +02:00
Kabbone
3500f3d3a8
flake update with code adjustments 2024-06-03 20:24:22 +02:00
Kabbone
7fe7eeabf9
apps: desktop: add orca-slicer 2024-06-03 18:31:33 +02:00
Kabbone
b952606f1f
flake remove nixvim and update to 24.05 2024-06-03 18:31:00 +02:00
Kabbone
2e7b1499cb
services: hydraCache: typo 2024-06-02 21:32:33 +02:00
Kabbone
8b07092084
services: hydraCache: update address 2024-06-02 21:30:27 +02:00
Kabbone
c8b76b289a
hosts: dmz: acme: use quad9 2024-06-02 18:36:56 +02:00
Kabbone
54aeb48839
hosts: dmz: acme: increase propagation timeout, use wildcard 2024-06-02 12:27:03 +02:00
Kabbone
5824207566
hosts: dmz: acme: increase propagation timeout 2024-05-31 21:40:26 +02:00
Kabbone
9d795ae38e
hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:56:09 +02:00
Kabbone
2b30c68a54
hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:42:16 +02:00
Kabbone
cb7412e749
hosts: dmz: acme: set timeouts 2024-05-31 20:02:54 +02:00
Kabbone
e8f6f4e96f
services: hydra: fix reverse proxy and firewall 2024-05-31 19:46:43 +02:00
Kabbone
40fdd49224
services: hydra: create acme and reverse proxy -- fix api 2024-05-31 18:31:12 +02:00
Kabbone
b1cf3d2399
services: hydra: create acme and reverse proxy -- fix path and api 2024-05-31 18:27:51 +02:00
Kabbone
01091ff377
services: hydra: create acme and reverse proxy 2024-05-31 18:07:39 +02:00
Kabbone
b20dc93d47
hosts: desktops: disable auto upgrade 2024-05-29 10:01:06 +02:00
Kabbone
fa914bce1d
test hydra jobs 
test hydra jobs

test hydra jobs

test hydra jobs

test hydra jobs

hydra add signing key

flake restructure

secrets: rekey

secrets: rekey

hydra fix key path

hydra fix key path

services: hydra: typo in nix.conf
 2024-05-29 09:58:44 +02:00
Kabbone
9f9d8e3a3b
flake update 2024-05-26 09:30:09 +02:00
Kabbone
e02e66a4bb
hosts: steamdeck: add hydraCache 2024-05-26 09:14:01 +02:00
95 changed files with 2172 additions and 972 deletions
Show Stats Expand all files Collapse all files

4
disko/btrfs_luks.nix
View File

@ -47,6 +47,10 @@
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@opt" = {
mountpoint = "/opt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = {
mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];

11
disko/mount.sh Normal file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
disk="/dev/vda"
mountpoint="/mnt"
mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap

430
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1715290355,
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@ -24,18 +24,12 @@
}
},
"crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711299236,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "880573f80d09e18a11713f402b9e6172a085449f",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
@ -66,28 +60,6 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -104,36 +76,6 @@
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -142,11 +84,11 @@
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
@ -155,88 +97,16 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -267,28 +137,6 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -317,11 +165,11 @@
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"lastModified": 1735925111,
"narHash": "sha256-/NptDI4njO5hH0ZVQ2yzbvTXmBOabZaGYkjhnMJ37TY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"rev": "ef64efdbaca99f9960f75efab991e4c49e79a5f1",
"type": "github"
},
"original": {
@ -337,48 +185,27 @@
]
},
"locked": {
"lastModified": 1715381426,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"lastModified": 1735344290,
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1708968331,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"lastModified": 1734945620,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
"type": "github"
},
"original": {
@ -395,11 +222,11 @@
]
},
"locked": {
"lastModified": 1716107076,
"narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=",
"lastModified": 1735330405,
"narHash": "sha256-MhXgu1oymyjhhZGY9yewNonJknNAjilzMGPY1FfMR7s=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f",
"rev": "a86d9cf841eff8b33a05d2bf25788abd8e018dbd",
"type": "github"
},
"original": {
@ -413,7 +240,6 @@
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
@ -421,11 +247,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1713369831,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"lastModified": 1734994463,
"narHash": "sha256-S9MgfQjNt4J3I7obdLOVY23h+Yl/hnyibwGfOl+1uOE=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"rev": "93e6f0d77548be8757c11ebda5c4235ef4f3bc67",
"type": "github"
},
"original": {
@ -437,18 +263,18 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1715787097,
"narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=",
"lastModified": 1735074045,
"narHash": "sha256-CeYsC8J2dNiV2FCQOxK1oZ/jNpOF2io7aCEFHmfi95U=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "fa673bf8656fe6f28253b83971a36999bc9995d2",
"rev": "2ae08de8e8068b00193b9cfbc0acc9dfdda03181",
"type": "github"
},
"original": {
@ -457,27 +283,6 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715901937,
"narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@ -486,11 +291,11 @@
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"lastModified": 1729697500,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
@ -502,11 +307,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1716034089,
"narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"lastModified": 1735388221,
"narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
"type": "github"
},
"original": {
@ -518,43 +323,43 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1716061101,
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"lastModified": 1735669367,
"narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1715961556,
"narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
"lastModified": 1735834308,
"narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
"rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github"
},
"original": {
@ -564,71 +369,12 @@
"type": "github"
}
},
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1716125991,
"narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715870890,
"narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
@ -637,11 +383,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
@ -661,27 +407,22 @@
"microvm": "microvm",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim"
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711246447,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
@ -693,11 +434,11 @@
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1708358594,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"lastModified": 1733308308,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 614,
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 792,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
@ -735,57 +476,6 @@
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

54
flake.nix
View File

@ -12,7 +12,7 @@
inputs = # All flake references used to build my NixOS setup. These are dependencies.
{
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = {
@ -23,7 +23,7 @@
impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -38,37 +38,37 @@
};
jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
let # Variables that can be used in the config files
user = "kabbone";
userdmz = "diablo";
userserver = "mephisto";
location = "$HOME/.setup";
in # Use above variables in ...
{
nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true;
}
);
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
rec {
nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true;
}
);
hydraJobs = {
"steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = nixosConfigurations.hades.config.system.build.toplevel;
"nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
"jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
"lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
"kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
};
};
}

54
hosts/configuration_desktop.nix
View File

@ -58,12 +58,12 @@
# };
};
sound = { # ALSA sound enable
#enable = true;
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
enable = true;
};
};
#sound = { # ALSA sound enable
## #enable = true;
# mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
# enable = true;
# };
#};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
@ -74,11 +74,6 @@
corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
];
environment = {
@ -95,6 +90,7 @@
pciutils
usbutils
wget
file
powertop
cpufrequtils
lm_sensors
@ -108,14 +104,17 @@
age-plugin-yubikey
pwgen
cryptsetup
powerline
python311Packages.powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
linuxPackages_latest.turbostat
btop
sbctl
ausweisapp
e2fsprogs
];
};
@ -131,23 +130,13 @@
};
openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip>
# public:
# - port forward 22 TCP to server
# - in case you want to use the domain name insted of the ip:
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
# extraConfig = ''
# HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
};
pcscd.enable = true;
yubikey-agent.enable = true;
@ -162,6 +151,17 @@
fwupd.enable = true;
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
};
#xdg.portal = { # Required for flatpak
# enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@ -185,7 +185,7 @@
system = { # NixOS settings
autoUpgrade = { # Allow auto update
enable = true;
enable = false;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;

28
hosts/configuration_server.nix
View File

@ -13,8 +13,6 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{
imports = # Import window or display manager.
[
#../modules/editors/nvim # ! Comment this out on first install !
@ -49,24 +47,22 @@
keyMap = "us"; # or us/azerty/etc
};
security.rtkit.enable = true;
security.pki.certificateFiles = [
security = {
rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem
];
];
};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
vegur # NixOS
source-code-pro
cascadia-code
font-awesome # Icons
hack-font
corefonts # MS
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
intel-one-mono
cascadia-code
];
environment = {
@ -74,6 +70,7 @@
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
@ -90,13 +87,15 @@
agenix.packages.x86_64-linux.default
ffmpeg
smartmontools
powerline
cryptsetup
python311Packages.powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
htop
direnv
];
};
@ -132,6 +131,9 @@
'';
};
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system = { # NixOS settings
autoUpgrade = { # Allow auto update

85
hosts/default.nix
View File

@ -11,9 +11,14 @@
# └─ ./home.nix
#
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
let
user = "kabbone";
userdmz = "diablo";
userserver = "mephisto";
location = "$HOME/.setup";
system = "x86_64-linux"; # System architecture
pkgs = import nixpkgs {
@ -26,16 +31,16 @@ let
in
{
desktop = lib.nixosSystem { # Desktop profile
hades = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
@ -53,16 +58,16 @@ in
];
};
laptop = lib.nixosSystem { # Laptop profile
lifebook = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; };
modules = [
agenix.nixosModules.default
./laptop
lanzaboote.nixosModules.lanzaboote
./lifebook
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
@ -70,7 +75,29 @@ in
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
};
}
];
};
nbf5 = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [
agenix.nixosModules.default
./nbf5
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./nbf5/home.nix)];
};
}
];
@ -85,10 +112,7 @@ in
lanzaboote.nixosModules.lanzaboote
./steamdeck
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
../modules/hardware/hydraCache.nix
home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
@ -109,6 +133,7 @@ in
microvm.nixosModules.host
./server
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
@ -131,6 +156,7 @@ in
microvm.nixosModules.host
./kabtop
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
@ -151,8 +177,8 @@ in
modules = [
agenix.nixosModules.default
./nasbackup
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
@ -173,8 +199,8 @@ in
modules = [
agenix.nixosModules.default
./jupiter
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
@ -189,6 +215,28 @@ in
];
};
kabtopci = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
};
}
];
};
dmz = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
@ -197,6 +245,7 @@ in
microvm.nixosModules.host
./dmz
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {

36
hosts/desktop/default.nix
View File

@ -17,7 +17,7 @@
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, nixvim, ... }:
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
@ -61,17 +61,6 @@
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
@ -79,15 +68,15 @@
enable = true;
drivers = [ pkgs.gutenprint ];
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
hardware.openrgb = {
enable = true;
motherboard = "amd";
@ -95,9 +84,4 @@
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

43
hosts/desktop/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = [ "kvm-amd" "nct6775" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
@ -34,6 +34,7 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
@ -56,6 +57,39 @@
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
@ -121,13 +155,18 @@
networkmanager = {
enable = false;
};
firewall = {
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp34s0";
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {

7
hosts/desktop/home.nix
View File

@ -31,12 +31,11 @@
streamlink
streamlink-twitch-gui-bin
element-desktop
nheko
#nheko
pulsemixer
#yubioath-flutter
nitrokey-app
kicad
yuzu-mainline
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
@ -47,10 +46,6 @@
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network

5
hosts/dmz/default.nix
View File

@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/dmz) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
(import ../../modules/services/dmz); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
@ -48,7 +47,7 @@
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

7
hosts/dmz/hardware-configuration.nix
View File

@ -83,11 +83,14 @@
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.101.1"
];
};
};
};
@ -97,7 +100,7 @@
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};

82
hosts/fuji/default.nix Normal file
View File

@ -0,0 +1,82 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

138
hosts/fuji/hardware-configuration.nix Normal file
View File

@ -0,0 +1,138 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
};
firewall = {
enable = true;
#allowedUDPPorts = [ 24727 ];
#allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

45
hosts/fuji/home.nix Normal file
View File

@ -0,0 +1,45 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
#nheko
pulsemixer
];
};
services = { # Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

31
hosts/home.nix
View File

@ -16,9 +16,10 @@
#
{ config, lib, pkgs, user, ... }:
#{ config, lib, pkgs, user, ... }:
{
imports = # Home Manager Modules
imports =
(import ../modules/editors) ++
(import ../modules/programs) ++
(import ../modules/programs/configs) ++
@ -52,7 +53,6 @@
# VideAudio
mpv # Media Player
youtube-dl
# Apps
galculator
@ -73,14 +73,17 @@
rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files
unrar # Rar files
papirus-icon-theme
epapirus-icon-theme
arc-theme
# Genel configuration
# General configuration
keepassxc
libreoffice
gimp
# Flatpak
prusa-slicer
orca-slicer
#vscodium
(vscode-with-extensions.override {
vscode = vscodium;
@ -90,25 +93,29 @@
#ms-python.python
ms-vscode.cpptools
dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
];
})
sdkmanager
android-tools
];
file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
pointerCursor = { # This will set cursor systemwide so applications can not choose their own
name = "Dracula-cursors";
package = pkgs.dracula-theme;
size = 16;
gtk.enable = true;
};
# pointerCursor = { # This will set cursor systemwide so applications can not choose their own
# name = "Dracula-cursors";
# package = pkgs.dracula-theme;
# size = 16;
# gtk.enable = true;
# };
stateVersion = "23.05";
};
programs = {
home-manager.enable = true;
alacritty = {
settings.font.size = 11;
};
};

4
hosts/jupiter/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
@ -61,7 +61,7 @@
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

44
hosts/jupiter/hardware-configuration.nix
View File

@ -50,6 +50,7 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
@ -188,35 +189,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
hostName = "jupiter";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
@ -228,7 +218,7 @@
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
scsiLinkPolicy = "med_power_with_dipm";
#scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
'';

23
hosts/kabtop/default.nix
View File

@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
(import ../../modules/services/server); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
@ -62,22 +61,22 @@
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
fail2ban = {
enable = true;
maxretry = 5;

1
hosts/kabtop/hardware-configuration.nix
View File

@ -52,6 +52,7 @@
subvolume = {
"@" = {};
"@home" = {};
"@var" = {};
};
};
};

45
hosts/kabtopci/default.nix Normal file
View File

@ -0,0 +1,45 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker
(import ../../modules/services/kabtopci); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
}

108
hosts/kabtopci/hardware-configuration.nix Normal file
View File

@ -0,0 +1,108 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "195.90.221.87";
prefixLength = 22;
} ];
ipv6.addresses = [ {
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "195.90.220.1";
defaultGateway6 = {
address = "2a00:6800:3::1";
interface = "ens3";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtopci/home.nix Normal file
View File

@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

85
hosts/lifebook/default.nix Normal file
View File

@ -0,0 +1,85 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ lib, config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = [ "${./patched-SSDT4}" ];
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
];
};
programs = { # No xbacklight, this is the alterantive
light.enable = true;
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#tailscale.enable = true;
};
}

223
hosts/lifebook/hardware-configuration.nix Normal file
View File

@ -0,0 +1,223 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = ''
options i915 enable_guc=3
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
#checkReversePath = false;
enable = true;
allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
powertop.enable = true;
};
}

53
hosts/lifebook/home.nix Normal file
View File

@ -0,0 +1,53 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

BIN
hosts/lifebook/patched-SSDT4 Executable file
View File

Binary file not shown.

2
hosts/nas/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};

4
hosts/nasbackup/default.nix
View File

@ -45,7 +45,7 @@
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
@ -53,7 +53,7 @@
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

101
hosts/nasbackup/hardware-configuration.nix
View File

@ -51,7 +51,7 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 ];
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
@ -78,6 +78,7 @@
bak = {
onCalendar = "weekly";
settings = {
stream_buffer = "265m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
@ -87,20 +88,35 @@
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk";
volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/Mars";
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
subvolume = {
"@nas" = {};
"@nas" = {
target = "/mnt/nas/Backups/Mars";
};
"@hades/@home" = {
target = "/mnt/nas/Backups/Hades";
snapshot_dir = "@snapshots/@hades";
};
"@lifebook/@home" = {
target = "/mnt/nas/Backups/Lifebook";
snapshot_dir = "@snapshots/@lifebook";
};
# "@steamdeck/@home" = {
# target = "/mnt/nas/Backups/Steamdeck";
# snapshot_dir = "@snapshots/@steamdeck";
# };
};
};
};
volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto";
subvolume = {
"@/Games" = {};
@ -113,36 +129,16 @@
};
};
};
# lf = {
# onCalendar = "daily";
# settings = {
# incremental = "yes";
# snapshot_create = "ondemand";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve = "2m 2w 5d";
# snapshot_preserve_min = "latest";
#
# volume = {
# "/mnt/snapshots/Pluto" = {
# snapshot_create = "always";
# subvolume = {
# "@" = {};
# "@/Backups" = {};
# "@/Games" = {};
# "@/IT" = {};
# "@/Media" = {};
# "@/Pictures" = {};
# "@/Rest" = {};
# };
# };
# };
# };
# };
};
};
systemd.services = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
@ -198,35 +194,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
hostName = "nasbak";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];

10
hosts/laptop/default.nix → hosts/nbf5/default.nix
View File

@ -58,15 +58,7 @@
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
@ -86,7 +78,7 @@
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

0
hosts/laptop/hardware-configuration.nix → hosts/nbf5/hardware-configuration.nix
View File

0
hosts/laptop/home.nix → hosts/nbf5/home.nix
View File

20
hosts/server/default.nix
View File

@ -57,22 +57,22 @@
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
fail2ban = {
enable = true;
maxretry = 5;

8
hosts/steamdeck/default.nix
View File

@ -59,15 +59,7 @@
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryFlavor = "curses";
};
};
services = {

77
hosts/steamdeck/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ];
systemd.enable = true;
luks = {
@ -50,33 +50,66 @@
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
};
};
};
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
fileSystems."/" =
{ device = "/dev/mapper/crypted";
@ -171,9 +204,9 @@
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = "loose";
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
};
};

4
hosts/steamdeck/home.nix
View File

@ -43,10 +43,6 @@
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
};

5
modules/hardware/backup.nix
View File

@ -9,7 +9,10 @@
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ];
}
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = [ "target" "info" "receive" "delete" ];
}
];
extraPackages = [ pkgs.lz4 ];
};
}

21
modules/hardware/hydraCache.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
nix = {
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
];
extra-substituters = [
"https://steamdeck.cachix.org"
"https://cache.ci.kabtop.de"
];
#extra-trusted-substituters = [
# "https://cache.home.opel-online.de"
#];
};
};
}

5
modules/programs/alacritty.nix
View File

@ -15,6 +15,7 @@
enable = true;
package = pkgs.alacritty;
settings = {
env.term = "screen-256color";
font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "FiraCode Nerd Font";
normal.family = "Cascadia Code";
@ -22,10 +23,6 @@
#bold = { style = "Bold"; };
# size = 8;
};
offset = { # Positioning
x = -1;
y = 0;
};
};
};
};

2
modules/programs/default.nix
View File

@ -12,7 +12,7 @@
[
./alacritty.nix
./rofi.nix
# ./rofi.nix
./firefox.nix
#./waybar.nix
#./games.nix

90
modules/services/dmz/hydra.nix
View File

@ -1,11 +1,91 @@
{ lib, config, pkgs, ... }:
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000";
notificationSender = "hydra@localhost";
useSubstitutes = true;
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.home.opel-online.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

19
modules/services/kabtopci/default.nix Normal file
View File

@ -0,0 +1,19 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

59
modules/services/kabtopci/gitea_runner.nix Normal file
View File

@ -0,0 +1,59 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

82
modules/services/kabtopci/hydra.nix Normal file
View File

@ -0,0 +1,82 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

129
modules/services/kabtopci/microvm.nix Normal file
View File

@ -0,0 +1,129 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 3096;
balloonMem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

31
modules/services/kanshi.nix
View File

@ -7,31 +7,34 @@
{
services.kanshi = {
enable = true;
profiles = {
undocked = {
settings = [
{
profile = {
name = "undocked";
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
];
};
#docked_c = {
# outputs = [
# { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
# { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
# ];
#};
docked_c = {
};
}
{
profile = {
name = "docked_c";
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
docked_triple = {
};
}
{
profile = {
name = "docked_triple";
outputs = [
{ criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
{ criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
};
};
}
];
};
}

2
modules/services/nas/default.nix
View File

@ -12,6 +12,8 @@
[
./nfs.nix
./nginx.nix
./vaultwarden.nix
]
# picom, polybar and sxhkd are pulled from desktop module

53
modules/services/nas/nginx.nix Normal file
View File

@ -0,0 +1,53 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
networking.firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

38
modules/services/nas/vaultwarden.nix Normal file
View File

@ -0,0 +1,38 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
environmentFile = config.age.secrets."services/vaultwarden/environment".path;
config = {
DOMAIN = "https://vault.home.opel-online.de";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
services.nginx = {
virtualHosts = {
"vault.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
age.secrets."services/vaultwarden/environment" = {
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
};
}

3
modules/services/server/default.nix
View File

@ -17,8 +17,7 @@
./nextcloud.nix
./matrix.nix
./coturn.nix
./jitsi.nix
./ollama.nix
# ./ollama.nix
]
# picom, polybar and sxhkd are pulled from desktop module

1
modules/services/server/matrix.nix
View File

@ -139,7 +139,6 @@ in {
"/var/log/mautrix-signal"
];
NoNewPrivileges=true;
MemoryDenyWriteExecute=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;

57
modules/services/server/nextcloud.nix
View File

@ -9,15 +9,20 @@
enable = true;
hostName = "cloud.kabtop.de";
https = true;
package = pkgs.nextcloud27;
package = pkgs.nextcloud30;
database.createLocally = false;
logType = "file";
notify_push.enable = false;
maxUploadSize = "512M";
caching = {
redis = true;
apcu = false;
};
extraOptions = {
settings = {
log_type = "file";
logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
redis = {
host = "/run/redis-nextcloud/redis.sock";
port = 0;
@ -25,6 +30,7 @@
"memcache.local" = "\\OC\\Memcache\\Redis";
"memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis";
"maintenance_window_start" = "1";
};
config = {
dbtype = "pgsql";
@ -34,8 +40,6 @@
adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
overwriteProtocol = "https";
defaultPhoneRegion = "DE";
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
@ -43,15 +47,15 @@
#autoUpdateApps.enable = true;
};
services.onlyoffice = {
enable = true;
hostname = "docs.cloud.kabtop.de";
postgresName = "onlyoffice";
postgresHost = "localhost";
postgresUser = "onlyoffice";
postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
};
# services.onlyoffice = {
# enable = true;
# hostname = "docs.cloud.kabtop.de";
# postgresName = "onlyoffice";
# postgresHost = "localhost";
# postgresUser = "onlyoffice";
# postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
# jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
# };
services.redis = {
vmOverCommit = true;
@ -69,10 +73,11 @@
enableACME = true;
forceSSL = true;
};
"${config.services.onlyoffice.hostname}".listen = [ {
addr = "127.0.0.1"; port = 8080;
} ];
};
# "${config.services.onlyoffice.hostname}" = {
# enableACME = true;
# forceSSL = true;
# };
# };
};
age.secrets."services/nextcloud/dbpassFile" = {
@ -83,14 +88,14 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud";
};
age.secrets."services/nextcloud/onlyofficedb" = {
file = ../../../secrets/services/nextcloud/onlyofficedb.age;
owner = "onlyoffice";
};
age.secrets."services/nextcloud/onlyofficejwt" = {
file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
owner = "onlyoffice";
};
# age.secrets."services/nextcloud/onlyofficedb" = {
# file = ../../../secrets/services/nextcloud/onlyofficedb.age;
# owner = "onlyoffice";
# };
# age.secrets."services/nextcloud/onlyofficejwt" = {
# file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
# owner = "onlyoffice";
# };
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];

21
modules/services/server/postgresql.nix
View File

@ -5,9 +5,10 @@
{ config, lib, pkgs, ... }:
{
imports = [ ./postgresql_upgrade.nix ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
package = pkgs.postgresql_16;
settings = {
max_connections = 200;
listen_addresses = "localhost";
@ -20,15 +21,15 @@
timezone = "Europe/Berlin";
};
authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer
host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
local all postgres peer
host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
'';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
};

33
modules/services/server/postgresql_upgrade.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_16.withPackages (pp: [
# pp.plv8
]);
cfg = config.services.postgresql;
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

2
modules/shell/git.nix
View File

@ -16,7 +16,9 @@
};
extraConfig = {
gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
};
difftastic.enable = true;
};
};
}

20
modules/shell/tmux.nix
View File

@ -19,22 +19,22 @@
plugins = with pkgs.tmuxPlugins; [
yank
sidebar
{
# {
# plugin = dracula;
# extraConfig = "
# set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true
# ";
plugin = catppuccin;
extraConfig = "
set -g @catppuccin_flavour 'macchiato'
set -g @catppuccin_window_tabs_enabled 'on'
set -g @catppuccin_host 'on'
set -g @catppuccin_user 'on'
set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
";
}
# plugin = catppuccin;
# extraConfig = "
# set -g @catppuccin_flavour 'macchiato'
# set -g @catppuccin_window_tabs_enabled 'on'
# set -g @catppuccin_host 'on'
# set -g @catppuccin_user 'on'
# set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
# ";
# }
];
extraConfig = ''
set -g mouse on

7
modules/shell/zsh.nix
View File

@ -9,7 +9,7 @@
zsh = {
enable = true;
dotDir = ".config/zsh_nix";
enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true;
history.size = 10000;
@ -27,10 +27,6 @@
'';
initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit
@ -40,6 +36,7 @@
# Swag
pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
'';
};
};

7
modules/themes/.gitattributes vendored Normal file
View File

@ -0,0 +1,7 @@
nixos-wallpaper-catppuccin-mocha.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.src.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.png filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-binary-black.png filter=lfs diff=lfs merge=lfs -text
lockwall.jpg filter=lfs diff=lfs merge=lfs -text
nuka_col.jpg filter=lfs diff=lfs merge=lfs -text
wall.jpg filter=lfs diff=lfs merge=lfs -text

BIN
modules/themes/lockwall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 285 KiB

After

Width:  |  Height:  |  Size: 131 B

BIN
modules/themes/nix-wallpaper-binary-black.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.src.svg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.svg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nuka_col.jpg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/wall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

1
modules/themes/wall.jpg Symbolic link
View File

@ -0,0 +1 @@
nixos-wallpaper-catppuccin-mocha.svg
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

22
modules/wm/kde/default.nix
View File

@ -16,18 +16,20 @@
environment.systemPackages = with pkgs; [
flatpak
rocmPackages.clr.icd
rocmPackages.clr
clinfo
libsForQt5.discover
# rocmPackages.clr.icd
# rocmPackages.clr
# clinfo
kdePackages.discover
maliit-keyboard
maliit-framework
];
services = {
packagekit.enable = true;
xserver = {
enable = true;
desktopManager.plasma5.enable = true;
desktopManager.plasma6.enable = true;
# xserver = {
# enable = true;
# desktopManager.plasma5.enable = true;
# displayManager = {
# gdm.wayland = true;
# gdm.enable = true;
@ -41,8 +43,10 @@
# autoLogin.enable = true;
# autoLogin.user = "kabbone";
# };
};
# };
flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
udev.packages = with pkgs; [ gnome-settings-daemon ];
};
qt.platformTheme = "kde";
}

1
modules/wm/kde/home.nix
View File

@ -13,4 +13,5 @@
{ config, lib, pkgs, ... }:
{
}

9
modules/wm/steam/default.nix
View File

@ -22,7 +22,7 @@
enable = true;
user = "kabbone";
autoStart = true;
desktopSession = "plasmawayland";
desktopSession = "plasma";
};
devices.steamdeck = {
enable = true;
@ -30,10 +30,9 @@
decky-loader.enable = true;
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
environment.systemPackages = with pkgs; [

2
modules/wm/steam/home.nix
View File

@ -18,7 +18,7 @@
steam
jq
appimage-run
gnome.zenity
zenity
unzip
fuse
];

10
modules/wm/sway/default.nix
View File

@ -16,12 +16,6 @@
{
imports = [ ../waybar.nix ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
@ -41,6 +35,8 @@
rocmPackages.clr
clinfo
waybar
rot8
glib
];
};
@ -51,7 +47,7 @@
export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland";
export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland";

125
modules/wm/sway/home.nix
View File

@ -18,8 +18,9 @@
wayland.windowManager.sway = {
enable = true;
checkConfig = false;
config = rec {
menu = "${pkgs.bemenu}/bin/bemenu-run -m -1 --hf '#ffff00' --tf '#888888' --nf '#00ff40' --hb '#424242' | xargs ${pkgs.sway}/bin/swaymsg exec --";
menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons";
left = "m";
down = "n";
up = "e";
@ -30,8 +31,9 @@
input = {
"type:keyboard" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
xkb_layout = "us,de";
xkb_variant = "altgr-intl,";
xkb_options = "grp:win_space_toggle";
};
"type:touchpad" = {
tap = "enabled";
@ -59,7 +61,7 @@
};
"DP-3" = {
mode = "1920x1200";
pos = "2560,120";
pos = "2560,180";
};
#"eDP-1" = {
# mode = "1920x1080";
@ -86,11 +88,11 @@
};
startup = [
#{ command = "$HOME/.config/sway/scripts/2in1screen"; }
{ command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; }
{ command = "xrdb -load ~/.Xresources"; }
{ command = "gsettings set org.gnome.desktop.interface gtk-theme Arc"; }
{ command = "gsettings set org.gnome.desktop.interface icon-theme ePapirus"; }
{ command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
# { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{ command = "${pkgs.thunderbird}/bin/thunderbird"; }
{ command = "${pkgs.firefox}/bin/firefox"; }
@ -117,7 +119,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; }
{ command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; }
];
@ -154,27 +156,28 @@
"${alt}+Shift+${right}" = "move container to workspace next, workspace next";
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5 && ${config.cmds.notifications.volume}";
"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5 && ${config.cmds.notifications.volume}";
"XF86AudioMute" = "exec pulsemixer --toggle-mute && ${config.cmds.notifications.volume}";
#"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5";
#"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5";
#"XF86AudioMute" = "exec pulsemixer --toggle-mute";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5% && ${config.cmds.notifications.brightness}";
"XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5% && ${config.cmds.notifications.brightness}";
"XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop";
#XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
#XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
#XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
#XF86AudioPlay = "exec ~/.config/waybar/scripts/toggle-play";
#XF86AudioNext = "exec playerctl --player=spotify next";
#XF86AudioPrev = "exec playerctl --player=spotify previous";
# Sink volume raise optionally with --device
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
# Sink volume toggle mute
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
# Source volume toggle mute
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down";
"${mod}+${up}" = "focus up";
@ -238,12 +241,13 @@
export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland";
export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland";
export XDG_CURRENT_DESKTOP="sway";
export QT_QPA_PLATFORMTHEME="wayland-egl";
#export QT_QPA_PLATFORMTHEME="wayland-egl";
export QT_QPA_PLATFORMTHEME="qt6ct";
export GST_VAAPI_ALL_DRIVERS="1";
export GTK_THEME="Arc";
export _JAVA_AWT_WM_NONREPARENTING="1";
@ -261,7 +265,8 @@
'';
};
programs.swaylock = {
programs = {
swaylock = {
enable = true;
settings = {
color = "000000";
@ -269,19 +274,59 @@
indicator-caps-lock = true;
show-keyboard-layout = true;
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
};
};
services.swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
services = {
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
};
swayosd.enable = true;
};
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
}

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

11
secrets/secrets.nix
View File

@ -20,7 +20,8 @@ let
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5";
kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
@ -58,6 +59,12 @@ let
];
buildServer = [
hades
kabtopci
dmz
];
homeServices = [
jupiter
dmz
];
in
{
@ -78,6 +85,8 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/vaultwarden/environment.age".publicKeys = homeServices ++ users;
"services/acme/opel-online.age".publicKeys = homeServices ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users;
}

BIN
secrets/services/acme/opel-online.age Normal file
View File

Binary file not shown.

42
secrets/services/coturn/static-auth.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ FMwvw6TmjR3KbTH9UgtlHGmC3ZM9s1+g2Lb2B4oSJWI
l9TBPRZpSM1Wky9J+uNaKSYVI65MlLxTU7Kh2uC9Ijs
-> ssh-ed25519 WiIaQQ J3tqbCwliMu7Hp/diV45LB0z2EWpLAwivGxxNQm1O28
O7EDQl7x7htiIyVOQfSWHQbIxVWEnDJ/rOwE7Jey6go
-> ssh-ed25519 neExcQ yMHHDZg+ZqoX3BGPI9Ruqbj051Ewsyxc207Ne0EJ6k0
LD+wq4I8s/Fc6znNE6WRMba0u1BU5Mi6VKcyBk6xTZo
-> ssh-ed25519 WiIaQQ KmHrRHx9vaSMaHUWcMZKRApR9KWntU07umf1mZekRQk
/wumFHGj1am02zQ4g4EaEEk2sCoWTkjSARTIUnPnFD8
-> ssh-rsa VtjGpQ
BE/OvVUprp821b/gLSDol0R0P65wwtYHKulHt2Y1Ik02w/A/GCJbVX1hAbxkhRnR
5em/iKrbG5J3kabFgV/2VLB21yzcrdip0Cvzbgn0HsZ7I0PS80W+Nz054cdH6QV/
A+iveZxwS0x5VWI1//mmPp6YGeEOw89r/KyIZ7As8gTmVzQoVEeaqUsP9A2/+VuG
J6gbE6vCb5jxJ7OrLZbtBjfJhac3g7KHfy9QcLNRDSR+r0YVYOElUSyYdz3DUbJp
vCkNdm2s00wzAobyK5KLx4k9UB+1kJRPjP52Uxt4A+pEjIviH1vTnHzQb+vL4LuR
qR6spF4vXHj14eGva51+8bxuUBj3kx9zS4XFTLug9B9xe8XgiPJDq109/fzCLkyr
CZwmvAIUbghLzVw5ub4It+79GKxYXH9GjkWmVQX1J1a6ls7Fvy8pW90Fh2N5M+wk
FTQru+OuwfllWUZaUWpE1mUzu65CZ84Kfg5slm3oY/y8E6UEmHiwdpCD1Y7mxGwl
hlQAhOzXyiNDHtWdvRaA66if7+heTvkEoKD5/owUJ0tJTMyvZgah0r2OGbKWluTv
+w6DMlKQFtnnW437t3QZFEWmz6r8UV53CzVIjcOv6Nd8za20RKofmOCeyVJ5GRNk
weL94rH3Mv5YKh3/mJGj4fsYgka3uRO+rV6G7fNZcfQ
-> piv-p256 grR75w AnCspIRjswTZ8aEXA15AQiJDKmUiHQhvKg4Rhfre3kCu
Prp1jHRXIdTXapLZgjWwjy091uc37kCIvGstSOxmNbI
-> piv-p256 RQguQQ AxfKlFTYgyFzB7sxct0s3/QcoVs1AFwSysZTTBhJjwZz
GYuHnz8yk5TsY/y2oibHnkFh+Ah956ZiSKXzbT5Fu+A
--- ++NTK2N0Od5wJsDHGXUg5AbVPNRl2siwehTeRHNMkec
T„ÇrIŤŘ“b4 €tş!5d©C«/w[mA/ýŐÇ\] ŁN!„~岆Ž˘Ż‚ŔrĆÖiéßm`ůŇYéÚ ťŰ¦«ĐoîHňnZâ'(ĽśKJ<4B>~0šôG9ľ
GBUmtcnkZ4tlQbsWArXcBEX+p7RAwFUeZ7QOteJ61/lDaKYOcYZPC298AI4eE5cE
jejlIO1Jh72eQCQ+ZniAdPO8caUWOXyAfXsk8Et8RCaodK0pt14JB/Ez+qHpZR2j
V9LC3xrlvWbyY21pnokQudSsu966Kmh27gAd1vyw+rAFpYSLhY6cL3oyiYNtZ0Nf
AgsGrCIJhWOKA7+PJPSxbPPosqB9nteRRxl7Hi3XIhu7oE0YCqVVihA908vdaq7G
pOIubfd6S7Aptj7xiXb/8oojhsglgISPyFHIPOZaIVXVtNqFxXhjFiJjdZuZ4gRS
hmaxAXd8UblKzYWIKDUnAwdn5tdixC+GrqdNit2s946Di7s5oe7BptP707XQK0WA
HXJuc/h3+8JAkQsPW0B9+XbeNtRAh9Uqcq3tadGqjwfgLKepebOoG3K0F3+simcr
bS3fgd1R92v8KyyXpKvgbilJQ2GBoxEqHTeMzqksp/6t/3s64tLEnrRhqcxyYz7P
fDs0IgezPFQ6ZKU2KMnheRiQrRD//9JINPnj+0PPL5PggyaDh4PwA67INrHwANl6
Rgh8QNBvom3E8gdYuBuCM75PewMZF9mSksLDYrYz9M9LB4YIvBxHKiW6PhugtTwM
fd3uSuaTfTEFgPtEuJUsQk3Q8+lZQpY4BtEDP27NqFI
-> piv-p256 grR75w A2dfNFLZpwdWZ4PkmeHpUdalrhHYehriPn23TC8V3mSW
N8IfOhaZdWspJ2GCJ8de0Yhe3Jv1BBA8Ep+Tpp/IFyk
-> piv-p256 RQguQQ As/Vu7wq9Y3gW8gJfxyi2b31e3A2ZswBPZ3KfShjDR5T
sE4kxCyTMm2fEvs/I3KpDt61S2vFv89/MgALO3RVsuQ
--- GnBuK/AhHklZlnoQXH6HGNZa/rqLWAOKpvbFK3IQnmU
Ümp9/ýÜŽ™µ·XŠ“'HnÉd´Òvdý ÅA[W8A;ê2¦uªqQT`,%]ï~íu<C3AD>¼.5<EFBFBD>Ía= Ž‡FÛÐnrc3ÿ&ô³!h·$ÔýJ2,iß'5îIJ™

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

40
secrets/services/gitea/homerunner-token.age
View File

@ -1,23 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 1fxDZw HPqtOnCf0xv43GQmB6iSSLGK6r/5pCFFZJC37ioMIw0
VjvteDjUqqkBas9FzZKxlA1y5/TwIB44I7yNH3KBDYA
-> ssh-ed25519 1fxDZw hh8ehz1Ku8o+RLbbQU0S9wpdanqZTujlpv56EZkFMyY
380XaylUBWlLEFh1DIi5C1wefShsQu7DjLQmsobh7eQ
-> ssh-rsa VtjGpQ
Xx8tuS0ClpvIEn/diIhCInLuiNym22i0SQZCkFCz5V0FKNM0L9hzlqU2A2wLemgz
iy1So0jNJWGt9ylUCyPI9ucyLUgoXFXiQjaMkI85yj+xuUDHkmereRMW3AQD+2LL
+NHsmQQchtmQg/gCZY0MS7gq++ULDwlakAkwMP0U6T19i299eBSBL4Zoj00rKNlx
KLe0jbNlIe1uhVLYRfyz3S0I9z8gWDSQ8soFoqrJwKVHsO7wmH/3a0dCEWSHRRVm
MRfU/Oy7A8U+iD37z9DxSN2O6hKRLMDu/NyTXUV95ImYwOcA7ya4nShwpB7vZLop
Vu/BtX5HZ7JvBK3kApyR+Da5LYsBhqrDmqXqtykjn8TM0WG65jLKp5XolEcGEfUe
KrqVMhVm+d2AijpRvsbOv13B7UmZkxBP9+6/o7uujv9nV5uSoGwv9tZn9ubeZyXo
U7q3MaURqbgv6YV+h/aJ1X0URmPMyjUgkCLI3HbKJV+ZQH1jbNsn0aiVU0d0MXBb
cE1NIZdfrQ/+Mp14KuiKoY/ycrJPQkg+Au8LANSk/pzH/lvGO1EP50eBRz4hIqEg
RaNII+fQosyr10HPvlgMfEZQnDoG6H+Tvhgt4S6Ex9lyjKASnx/SQyRwhd9SPgDb
bArbSq4lJ59rqw7TX2IrkjDgvv/FMqdcxjW+kIOTWDQ
-> piv-p256 grR75w A1d8pk5Qfx1xq9vApCkKKj6gx1elqSYxLezwoChk3k7Z
AeYO+rslswXdRJK/pwe9m3CNHIKsrRkt1lamyysDNQk
-> piv-p256 RQguQQ AukcSmMTNQQZdr5zDOjMTnsOFZp5H5D5ohuVdIQUpUYM
aJqrWcaXdpfS2vakEu5vi/AMHnoUUrUpm0bRRcCxiE8
--- fNTWHdKIXpbJsZo2WnMAPXTNMtr0hKkgivCIi1qiQps
XƒŽR0jÙebMB7v6“‚Ȧ~ 몀“8<=
2iŸ¾Š2ìJð]L×íp
}aÉ+»1ÿTy™ ]»T<C2BB>þgÌè¡Çó3¢¢¼³"«iÊ
bXqph/p3KcAE6lwE2VHUO2evE1K8gpLUyQdvOCKJGcmxkwlSemgP1bAtpKIBrAh+
9BAIoQf+vt/Pdu11cB3y+egICZDxAj/LG7uzjTSETniItCgKTqTbFOV2yXezLvD1
NyroReGDFD6wofXUt2+1Y4yoMeW85DC6PDDd9Que2QJHPVfVaR1EtyWXEmkS/W+2
yhGxnfIXBSrO465zdlTOBJS0uA6LPi2smEsetHfu/5FrV7AAlb0iIP6ZUcZGpaG3
n9y1t696zCNGPMGOYeDwlyHefaBkweUM+r2lYoyTsk+PqY5+g9Ap3ZkMqVxyV479
IExBTTdCNJouiByR1/o/0L6I8hAdEDyGad9H+PmH8gwtCKRmz4B+on5ljQ9/gwHz
4dU7+zFYU0N8TSzImWmsU+Pomd8aItJlWIE38OZ+yq3/wYWuDVmfrlNklu5N3cb0
GSQPk97tkpxC7oAt2n7TlwYtrlElvKFTNFt2FHQQzLRK9v2cH5aJAASaLk//MXo3
pqmRx2KFDO0f4UMyLWh3dpvu942PLaZN14/fX0u24KmCGUjTa/0KGUeroEF9QXN/
xyWuMddf/Fk0ENIDRI/ScU2b2kB2anmYJ8u0jFjMkubZTNs7BJpQGoRnNeRHYVEp
nK/0GwemAe2b9j3WcNEA3w+qliFSxAIVQK/DlmImHPk
-> piv-p256 grR75w A8m/M9FxN5IPc3jZz9HZEMdN+lqQWKk7wECowIBIJypr
VS76coMWzq3V5fVK7Mi9EJM/aREGkuT5BOc2KRrt+XM
-> piv-p256 RQguQQ AyqzzNEcRsKvojUVTIHSdXd2suP5clAVJN3rZQ5uO8Zh
n7sGAAhLHjeMA95/NRaaE90SLKn3jMduKwL+DnG1Su4
--- Hy7Q73oX1zTn/cO5LDZ4L88cqYN9pm25UtPWgE8Oc5k
~<7E>Ís<> <11>Oòݤ ¼¸€ü°‘æ¼ÌÊÿ†.r§yy-ü¶_®Ì$ù‘ ÿ¹3d*ÐËÐó­ÒKv²Â`YŸKËÚœVá“­^©æ²º-

42
secrets/services/gitea/mailerPassword.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ Qx3NuIC3HnyhLAPB6NGLlO8073iIEXQ3VpVDvsPsLVk
9Cz7AXaP/EorKrdLxMfaWJJsCIv5u6upJIaNbLiDleA
-> ssh-ed25519 WiIaQQ AS+i8m6vO83lj5vZ1lr+FiM1SO1v7BU6OWertpdTXSU
LIitIW7F/8idoKvgHmirFp1V9RlObyqOueDVIdBdRM0
-> ssh-ed25519 neExcQ 23q0cea4QGcuckAJyGJ0s3DJ7Lp6vakxFYdXszDEShs
0GCmRPOWvOnDdY1yyoGy/dvZDgloBz1ILqww5/Riaqk
-> ssh-ed25519 WiIaQQ yVMIknaxSccjm0+OhvBZU4VPR5pAWN8l6WFWt1KlSXQ
G7ZaB4v/x3lB90eG/qlzIasgTdxOl9LNEAfKfkyp3/w
-> ssh-rsa VtjGpQ
FdINMHPfPVgkQk0A5g6uDRQmZxI0h74QkJSdYUtHRfbqBP0R3f4TrqbtO4n6E7pR
5NYLkqyZND7ApC10hoQ2UJF22Ja06ZvWhhM7Zsl0X3u/58NhgXsXWy92I2sniBa4
DF6T3AD4bQOF4Px2A/+lnA++NIWHdroqghojWOAZazvLFaFa6HtIdrTiMb2bojuU
qxepekbRwJBEm9/5bKHZlEmwx3rJsYxrNKEkxPrBvNdPbnwgxrvhOXxeQJghyGGw
vnCRHKDbqvRIWfkmftRjNQMHUSMitDJHUOPsG9z5KBr4M7n7B1bV5ozsLsVyUUmE
6vBvrOPz9+RiE9H61PlAvPFMmKBTQgRf8+mjbU0RGxScqLcUoHCud2x3O+WqlLoP
TMQtye8ayRPgG3PbwP4pO3olcA9ANEdd2Jfo+HG4izbJxdCTbOMfEFTJIEfyGMIo
lo0Hh0EIijFAVfyAH6G/Rv1KggpINr8fTxbWz8i1PXTqzBsjfrqbHWWRrE/VJSYI
x9bjSHeWCOs+IlZ2YEB8dshJe5smrTnKpFYrj3kvLHOiC1jKUJdDZooQex4nkXpW
mMKIOb/VF6/QM3NkmJKLdnMJenIKL1Vqbrv/Lqu1/FaINqRsIGTXCsQs+JjxrcfX
zxpzs7Bk2eV/BaiJxJ7Cjfx1gO37GpL0kzCMuN1xnWs
-> piv-p256 grR75w Azu36XfRZ2Evj79zCs8RA5lwbMe2Je0oBI5JM+3MC/cO
p8nO/p2M3pvEevZLLItNDSz64Ju8yBA2GPBnTWMN25I
-> piv-p256 RQguQQ Av9ILPK7bsPNqgudLMq88MNSWrB+xrBVfxX3bjVCquvj
0iwRR9htchLUk88RRooXsP0H39FfybCPMQC8AMxgu/0
--- puq9s7iYi1A0v+7Qhsqo05Yfxtg5kHJK66RM1TDLtNM
‡![˘Ąëu_Ď(*­0źĹ´8«°ęŠű"úÄFsnď"TęĽ-„<>˝ş˙žÇwťw' Îü˘4ľ„«sd_­!
Gz/gQCuoTNR92KpaW+5maMWbA/Fu/vVLVrLvVfHB/Q+qE7yxCNoIUVf+Nwkqll0N
SIKoDkq5OamxoezagvO9EVA0jyPpAdTP1oljiLjsX54OXLhT1Z25N+hC7lEe9MFj
QrPLXa3WoPJTPzoho2F+/bjGtUui4Dx/rFp950oUQXXYdAQBHn4HlLPTSkT/Gllb
e+nOtElJs9xK9y5lN9LuDXMKO2SBDHsqDzlrua7FCZZxV6BuyXqQtcJV7NAEWzST
fnTBx8g9mbRclcD5KhoPjmS80dNuYYGUa5aWLFkK3ZreMpETWKTaUr5Jmh9HhPod
ShXGCDuf2VlJw3ZerY2Afot3hrZG4+ZnY4gMqRrLaQt8IzmiMmeXtrj4xoI1wRDR
sVCXMloWuHRqsDXX20kP70xJYTpdD7At1TeZBw2TAVfisr3SsuqBm59yx+fS71Uh
xPOwuFvZ5BRaE6hb7oo0zUJjNFCqrPkRoS7SijkhHp/9MYnUyQA7d4E+kYtYqfqp
JSLWTrmbiXp29F56N7emB3ppwKMpTqS6/1BLy2GeztNnEQuJyu6aK0Lviw6q7Cp6
8vPSvtWT+itrQ1SS9IR1IHnoNHTEyYzLzxuqpYVIeOLDfcTasnzae7Q99xVDsaAB
A3G4O2xDkhQwqynXRWeWnVJYKqckJucV3aL7LisgSEU
-> piv-p256 grR75w AxDL4kLN0PD2FiB89JD9F0CLHFhV9QzpdOIxnKE0/Esa
mNQN7lyWhcod+UjaBQqw4n7CcNcNjpO0whbEERIrebQ
-> piv-p256 RQguQQ AzxUAebSDk66RwVBAMThJT8pBu3TpS5AaoGew3GbtfD9
WEgpjyadiul2G0dTusUsINNqZTAxYm3NCPZeOpBaw1A
--- p9jCZfnH8gEsLrgJnZnIcijG1YHBTQArzWCDE7JfYTc
4ÁÝʼñJì'?Åvnî ¹½¾“ú¢ŒBêÓ' !e(÷±©†üØ©I•Áߢo°šÑôû2H6ºú

40
secrets/services/gitea/serverrunner-token.age
View File

@ -1,23 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 0qfOZA UTOzjwhqcVLmpf3P/nzO3aGKzKH0YKq04sUbFvMa/FE
a2MMcZXucDEXmy/uU7JapMsboImCGsUiPA2Pr/wB5yQ
-> ssh-ed25519 0qfOZA iyct51e862F5HcUHrV6HJfocfqWvyu5dcCG9vchvlzk
1GbQPF2QRdXA1/XlsovvS6RDvXGeUykYuBf1o9md9NU
-> ssh-rsa VtjGpQ
Nr2g/ocV0oTbZydmcRnESyI4VOJdMGafozm80EMarbQfmeeRCfi76jxct/gpnL00
P/2d/3pfvqbpuGZRg+Q/BCY0Vm2AujJ1P2UTxpnzC42iZu7qKWd5EY4z0Hok53kg
McPh+pgNhugLr4Yh2KHpT27FfJpD/Pmjajg7G78Q9P5uel6SKXIW4uFO4Lp2yLC/
vC52XMqxLrR9moCTr72dQPzd0IIhQ2vN9EtZkBnxUW6zt3ILAYJ06VLAGvVwXIWl
0Wjs3G5g5v+H2e+Em5vIy1hdub/3orEL4racHO0m0binK/IVRJY7sjZDVDrrerFS
SqPORQ3a7jmuHFeHxwAlRcmh/O1gEgAnCZTZRfQzgXI+nfPEzuL0yENd/ksUPBdm
q2zQSv1rrj/tLMtxk4vpG8FkPp5UctaYignvHAp95xC+TR14aDUdT4x4MGboHIxu
l6Q3evVJzblwIl3JbzpP3yOA2k25Y1KI+nVDrTqAdi+Yy4jtIOA+XancIHrpLzAO
21JO1wwGtAsjUDCdhnYSyMcOiRLRHzPoK7o/BGx6b1Uqk2WmWhZnZft9MHPp2RtX
Gv3PBMVjz2CO+f3d8B4akPSApgQ9fw1Vje5fY0CDWdORV7tHDCKb6fmTua2d73Iz
ANrKYonqWhjf3F9u7zzM8/xd593AH/Y+aJo+z0S+Z6I
-> piv-p256 grR75w Ap4du3RBcNdRvbwjQTpP5PPXtNCRuoQePt6ULYEpNM1r
4Qe4c6j7df/TajuxM5Q1qnC/TCBNNI5K9WCDqD4VM1M
-> piv-p256 RQguQQ AoR+aGTAQ6VELef54cGpukkWjeKz37tDbW93ncGWFsrI
KbF1N14PYEQ28a/MePeq7hW9LAgUaNriFo6UO0eBvt4
--- F8GiyUf87+vhg22ldWuC2j5K8WGAK3y5lRDG6yrzBPQ
að$ß-“¼|h.cr38ÓÉÁéPwú3üÝNhà„†B¬j !z^<5E>² bÄ8cªâ½ms­ç¤
\Ü3û»ÐÕfòx3|ùNeÍ
=:³
V2ezCm2vmn6TYu25I4FDrXtQoMQSWobixzKO1z2HgD/fU5tk6XOwD5Ha/Q1MqTZf
JgNrMCChh6xWrcd/dDBjuCRNQlcvWH7DFqu1AH2dg6AvRnEBFJKg5agFjYnQQz4d
cLGXAMSRRIIZg55yeMwawm6co7f3/8nw6DEWOtaB+WnXek44cdHGXIDn7jVY10IJ
4PwykvCIhZsmBW/f38OH6qvdAdAXJMJqDTyAzSjXH+fVFy8pYuFpALJzOXnk6OFB
EMwFnFgt+Du4VybJEsxg93xFNh6CGga/7scjfdulWmakHSKh/LYVowsjPKlV7LIO
L+06RHFiBCsi6dxRMUEztwzXWhvHNL1DUix5BJv1v+vCS4DGAiQ+nqntg6sBZgyD
A1yR2JblEWND/TeGC7fFI+lPH27608QgNeOqQrHKm5Sk9j4b4ClNhxEQRTquMxM5
PAgNpdwyXP2mKi/XeN2v4GnJ9OBUEj3yzZ1YNwOCajI1t9IPChPc2eR9O8AjUT5v
C1isvdmcqegtqP7P0SM7xqx/gxUA7QQx7kRr+QALbECbsSzrSycXowp9OvsewQ/3
6ZfSAsXTu+voXEv5E59NpUUhIIcEq6BByBbcdBKt0G1FLmIaL8PG2Lwk3/EAaUY6
Wx4ieA0ZXK5btRAr947ZM71o5Zag3OBnZ1MKxDCAq2c
-> piv-p256 grR75w A9ZmUbec4JRZGWMjnqBTQGCf6GimNyNDmllWB4uBHJFq
mN/spixDcTc6UZSLe4vc879uOUxOw9Qh9VDRK2YrTGM
-> piv-p256 RQguQQ Ap+H8uhWf+iaeyTIBziLgulUiF0wYOPFizC17xhzWtxj
lbgpzytkMbtmlRT67GhwBBMzbTCD8M/1vuobnUhUNlM
--- NQ1zWWCImu0ugkcWJW645DMva4rngFMNDagT74Yku6Q
ÜU•U?É×Q}<7D>Þe.+õ³Þ„3kÏa?9ù<39>\¡;C¬é_ öÌ)•önᜭ38>ôóC®{tv»1ÆåÓˆàLUq#b+c}

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

42
secrets/services/nextcloud/adminpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ 8cKmhu5xTxTuvVbBhVZM2W2qzRQRVX9BSojcK6YgCys
kwfUlvEPLVbaq/rjQAu4s2NhGbxFfdEeLyU1eUH2gF0
-> ssh-ed25519 WiIaQQ TvRNnifxg4OPDvwvuUIdJgwrpj8KegqfjVEB/in9UEw
U0iqVaHbZS/SvCH4UAzjJQ9nPiHv779v6s5PwjTxf5k
-> ssh-ed25519 neExcQ slNwdPIgpsABv0SgU39pUoudBMs7UAsCbdE3aDxCNh0
/HXJ6yQkBPp6bFY8B72f9gpQpele3wFmwZsMaFBE8uk
-> ssh-ed25519 WiIaQQ OUv7lcCQDvJo7fpchdQRwIbXQ4nG16gWgJWMSdSMMxM
rD2lYHGo4CQjJOqpD/n9pgPjsbIvGRNFiuWO0QFtyOE
-> ssh-rsa VtjGpQ
QZHM+/KssZmfX436QJGBGbhlx36oxCg4jgdbRwa/acI2s6ppawdnFzyWZBhv/Xzk
wYcT9c2ciuy/aEx6uX7fSAiKQbfq0d9KEp+d2xwlpL02656hJ3Jya3U4RApvEFeC
lNjyWgLKuyxYeC20f3/NMg2AnickMicbw4WCzG+HWnVCnxDe2JW+ZbXPsoBg9IbW
BO05nRKB0jonuA5NDvHZ+a/1xf/4qarj9vmwnsoK7jU6TGK2r+iPHuppC/LTgofm
2kXKDP/gpRpIblHr2QukoGeWmXPGeF5PXXCPC5eor1jAhwrBTBY1hL29mhb6mK5M
qvX5wvayHgIHvX73fn2oexepc3QXjazCKSdVSykj/s0N0//0fbtYJe8qIbgfeNen
Lvn9DgsDvQfC83Iikh3r3V4RtmHiD12gA3qxc3tZSQLftbedTbylGnMmCZr2c9w0
4396ZfUfjXk2Px/XCiy6WBghW62QQ4Q6fGYWBViL1OWCoudNNRCfD72E3jdfj2l2
cScM+huEDU58dxpHM/6yLT+97Tta7JDpgz2ueMUfKFCUnopKNKBPoaZfFzvi+nCw
vRHVdt5CpN4oJc+mokWCGNt4fK5nyvyO6nDe9cHel91sfS2nCiukf8IKmEDlZQGd
jEMLZjAkuEHwa8Powxi14egunANQPgLSM5EuStDmhlU
-> piv-p256 grR75w A2nunTE+4FmZOKWQhinSlizVprH0lX81NKsVEDijzDQK
8+Rdpp1JCxbbxeTVl0WGpQHDlqb5e22zLbBkwBPDYkc
-> piv-p256 RQguQQ Ar8nU9oNd+TEfTsdIM4ka/J4IArbeQKfn2W93TYOkajJ
5YnDAocS0lDBrO/M6sNWyn/Vxa1qLiudf2Via9UOUW4
--- yDdPOHLA10Rxzl+kEyCUx/lmLZaVWucWY1Sj9rdo4hU
Bÿ—ó s”dGÈÿ´m`ÄÎ),NU@þ ˆ³a˜Pv(½®rMôû
QgN54J0Py+EdO2LAup0PI3f1lDsuJHrxMCLt5+dfnCjSmPrWtGxOGf9Nw6SQWg0p
3TQ5Rew0jhedXJ/h/c0c95h9OYsnEjYqz14CRYAohngaSbFWiaLFrklg7hGcvTvb
9+MB0c+HtHoNtYVKYdgmzPXMPYBx/99Lc8Q24xvfSlGlGhl72S2CTu8us0daAZ1z
TnMLXZ9TKw/QtSS3+Wa5j6jrLyPD0M0biCBdRPR+4ho/t0AR/qQfXmCGZOf0kfe/
XtBRs/QQT+HAHOUo9wPR332yuUxu03jHpPrlhuP88ydcAjUccYvEndAnRyOv9sea
RuM8e0GDYRwpRNjPbAorG6PG+oJx7/t6z1OkVxRpRJQHTWJ6ntnMAd6ZhGNgRp8F
xIiXzPwGTEnyiRFOSTzxwX8XP25c9ft2Bpx2uYxUgS7af51NWZIorqJmWgQN49oJ
5DA8uBan3qQkr0jJzFwVKYYt4roIYEtrnH/snl5uNbpIhPfTy5/rg+Xrf0aRunpP
U9bpuJtBVgIAUXk5zLxhnMh43o2YYxCHN0cArU1wNLHcdaKogPGpT1sLCckwZ/3L
O/hxutVOmkJyNOAp9k0jV6zedWjhru/4v4Imov6BxDyLf3Hz2vnvwogYVgyl3TIr
Ir98D/CIp3i74VsUvVrZmo7joZcDhnAXlLPsb51I6qM
-> piv-p256 grR75w Ax4mmj6z8SvPKdHRz7H8O/he2R4f4tql+NXSMTvr9rZ4
EPyI4xcY1Nt/zZ/+XXVhUAt+aq3qEEk+kuuA1PbOPI4
-> piv-p256 RQguQQ A6ST+jiJS1R0QV1lw+IlMYnxXnTOLxyDfxpQZ/AWCKHB
henkAsW+enG7nY5Y7egcw6RezC0gdakjZGwH+KP6idA
--- Dlhmc48gY+BCXUhKQDRnlprdONlHDQ4tZf8BmZPsFKo
Ë ¼ú~ã]Äèzø‡O†ßífg*ëûB«v²€+iL¢!Ô

42
secrets/services/nextcloud/dbpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ VfWt68buOl2UetDKcQWuWRSOeJi4HhQxiZVI4lIfcUU
GTWI83cLyP2Kjd6twRpaWpBq+U/BYcfDJeljQ1CZ1bw
-> ssh-ed25519 WiIaQQ nqwbWtevakrHk3sODtw7l40klSb4cIyi4uSsnpcS8QI
PxfriZ8CdPhPTNtjQL3lsyjfjkpBsnmJc0TRNM1pyHM
-> ssh-ed25519 neExcQ x2yzu3clDgMKxl/uIVR9SYHPEcxJxQIEr12irpOQEjE
pnIlEK0y+8WuBrMv89pHk79ogHUaeEf/hamaF6U4SNw
-> ssh-ed25519 WiIaQQ KMjVolPcPvqAF2Thgjw9taDsEoBjHjR7+VnfoGkczV0
++VgMR0dZKqyyFv72qVa8j3zq6KPWWOFqdyJpmZZNCU
-> ssh-rsa VtjGpQ
QRSdhHdAcGlw2c1hxGNmtAp5tPcjQ7CI+v9JkOyOH9W9KF3uOfshrpkz/psFPd+s
6eqQDAwEAgla4pO6FHj/H2PK9KDHY3j2e8BZyvJ8ZsefUsSAYJ92hcD3fdISL+kc
+FMx4Dlm9LSeGGqElbPotyU69t2O/WLF01HqLDVgHrlyTzWvQMhvATA5Yzcj1Izb
0AlA7IOE174E448/Ovo5a2T+DF0w2vLEPruH90Kvs2lui+i8yC3StgBwB6flmSfc
dSR5qO0XCZ8gK/kkdsz2iZonsBCbEugQayN+EoE8vop6YlPW36EtO8IJnVnKmVEX
vy/Rj3dubm5Wsp2hAyeXSXx3ity5fdSJ3TVY7TiPLPlt1yik3Wggtv0DlgZK0AML
x1OJbrZRrzDZKYzxXw69+lOiV5XfVUfk9PXC+IAj3xf/dEz93b6Pief+PbOQg+tz
INDWkL67/Yx6rEf41iLCsQananBV16IeM2SndRyrmT/1OCcLUR/8xqBHfOg/K0kp
lHL7D7/neqRh2E8KOEciHgWFqWT/tV5XpyZVvA8OiYLoVbmLG55q4pexrDfQ9OgT
ZDIL94VjiBDH5BmPfxLhRZP/58EhLSDH3WziIWnv6Y2Y1bAl5qiRU4tEV0RCHqyJ
xEeLcqI5uFwDmmt881zlyAb38oQCGq/YRXhGygwwn18
-> piv-p256 grR75w Ayt9mI1/BJg96jlkLVjf7xhDoklNuoFe3ZeKLYzFqDPO
S3vFS+S4ZVC2O00P5u5GKaLtbabBPUCuuFNFFxcmmUw
-> piv-p256 RQguQQ AqsDGN35gXkyWaKSRVATyt1Ap5gzLKiAx+UHwhVXdhhG
YUqypxYBQ2RYbnMclNa8PSLV6atbVRCho4wHUCZegkU
--- Bay62OwVx/Q8Nf5MHRu7VOWzwh1LtkWbxQytL16Y5Zg
Én(/GZvÞÑ ç!ï¦ ¾™¡<E284A2>fs×à#…¯Âv5”K_àètûk‰ë³s7PÈÚèßÂÉk
DXcSjBKsmYiWrC1JVaisJRe1lafR/rBcTT0EgD73SXouBqRk11XNiW8DfR1pvy9z
ZL4veUFu4QJjVyPZLOGy5naPD1Qw9FYCArkjmv336QU6DcpZk8LaOAZkmgpqncdX
g9nDp2HeZH7TUtUiYD14x66AQD12bTTjfWKzn7yGzJ+gx+iBTemlPI3pu+xcQ4CX
clTB6xvlPtuF+U9kJwomei9XIWgc/acAcIoYOvvdyjAcUYFuFvuojdzo0hwkxFGu
jlp0FFaigsffVTsO0mp20uiOseMHm1ZGIji2gGOGQBOESKgMn5E9cLibEjigg4hy
hJ6qn9DjNyi45QjGqkOKWJ+nzvKrzz++3sWwJJXuj+Ol+0n0t+RgT/LuSHkyskQT
B27GG07oCLk9iUVja2YQRmC46yts5lHkcZ193N1Ot9kGoK7VNQE29X80KSF2VSbW
+uE/47HwNGTBWb7LdZWRPoOykQu2V1vhcVNO/st+s67VyWZk9vugLSN9l3mldp5X
gvUAv0TZdhi9kwdSiz82l77VASBN3a/VN6XGOMqanaKaRsy2R9WGXxF50gUHn4/K
iRMj+22fJPfWpYBPUIohb2yDHQGRhVoY22Rlz1JYP+xfsORCq3GSHBk56fUCfmwi
H8ptQZHmgSC3dY/KigjH7VHcfrlDWctXrfl4jYgz/hQ
-> piv-p256 grR75w A6yTo6/3g7YB9D30JSCfzpIcloxhgnIFisWFexpfITfN
0nN62XqpQEsMhNnDhYNkXwTanQaaUvSAJZbvTRXxXvo
-> piv-p256 RQguQQ AttfR8uPYcFBqCkF2cvi1YCMMmAbRF6oMSLr5NL5UlbN
fcU5SJ7lwd9jAOwM5M5mC8/F1PW3yuRJMpNFyGQZhLU
--- wuqc2TNmM8N9Ibp4rR6tFKdT2G7E58cBJZ0RCf6nxEM
ŸÔEîöK8Œ±|gƒ KjYn‰Ø^™ßü)ý8£ïQÐÊ™§J lín 7í…,OÿX

43
secrets/services/nextcloud/onlyofficedb.age
View File

@ -1,24 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ XvGpJsiChcxBbL7c5CK2mUvdFHV5ypmx5tpWVfwuESg
1WI2nm5/oPtCqXD0N2WStDOh91UT7IIS4/vFwWL6UA8
-> ssh-ed25519 WiIaQQ SLJfhzdJpYzzzqFqrR67GrAuTWFJYfX10iidobo5xxs
KF+r/AOKKLHqSf1h5AOJd/3IZTKm442ejUnWVhk04/o
-> ssh-ed25519 neExcQ TvH9o4N8RCyhpFMQdT3WjKWP9MtCerGMv9ecz9Do7gc
pU14wjxyWBT1bywg7N2HRmohZKlgVgmCMuhnKkvjmh4
-> ssh-ed25519 WiIaQQ nsIrxNgkZ/R+WmAaWGnAIaQi4HYOhWRySeoXPY7P7AM
5uHCObppGzaXRmUBl5J1Ms2fglE9ZPWnsHjZRhGhUw0
-> ssh-rsa VtjGpQ
AKdJLoXUUX82mhV84R8noG1qLnD/uvArV0gsYxJuS0hTnkZOyxV1XgqgH6UrgaUw
G6Q7aYbiNYMA4+6rhyWOnH8I5QRcCVEK5y8jtiyTEU3QaPAXVhEq1NpfzrsyHd7w
CB8mfSSAG9jE1owvuuubxEqx4YKu1oH9kh37GIeKmJlz67qJGqT6BnRMMxpU46xA
C0+c/3CURj4N4fFtxWNVpxb8v4tUYRmA1Jq/FnqqdAqFIyw466eQVglT8YDQJvHs
ufyR7Gnbk94qvXXg5G878eviQL2T+c/xEtVEyLeHs017dNq5FxeBBzEMwqAKshCh
OtH4AJt+U0Rzq0JTIpRH/0V1exK1PM/9DL1KBQPAlfUBb9iYwKsQo6LieXS+Qowo
qMTPD3xSfOD6uzmKhXCdWKZWZT6S2hwHjeXzXjYjkhErjbwjj5c2v4UpXpwdVlNN
zocqPxVGCplFuiME0vLsuztiWtei2yH9ZgFKxNS/kxm8GfhyelAnAQng3r25YYwZ
nLgGP0bcADAgwgXGTFxlyY2qoM9MKgnbjhtfwImLlF+WbC+IOUwBDklSgq830MKO
ZQVccNwuZoO+jivXpfGM4XApK7pUXlz/0nc8jRE7u2zXpXLqv+fLXxgTXFYlrogT
66dmjeUBrB/kMS2IP52ZdpdO3eGY1a75H5W+DtMeAOU
-> piv-p256 grR75w A4Gic6auHqevWiBh3WizXvYxjX6e6JToxNBXEMM5SZxL
0epbF/vqJyp3Cn4Hr3ay751J1I089Hxus1vn8jgCa8g
-> piv-p256 RQguQQ A12b6QQk3G0/ksYw0D0Rfx0DKMYK5Lnfi2q2tdtMoEfr
zqAf5KbFsPpemu2I9YaBNipQsiz2Lo3JbuxZ1gMNQl4
--- a92cT7ctHL8S0/tTCY/rkfy94THEcoaIEPL3vLrW9Z8
ú u+ Tò®:¦MëäϵOã+tôX'§r…ï ‡£‘?èÜU
àà8¡i#\àwa.,§#%¨
V8SprtOmsQc9/7cyNw/fdz0KURXaxdODfH6UeYiQMdExmLwZGJbZCeJh/8ubRG+7
Jf/kdbHcWBEPjdCBhfK8Rt6aNd+Jy+VdRW+E4D2pkW9lxY4xDf8RtoFnTvx4tEI1
oB3NWQdVQMnWczwUMQ6ssJhZuvNW9LHRVUpptgsPJ9P12ueZXoGhHDc3eE3Lp4Cy
c9Fxn2u7IzN+MDHqrLAniI+m/m1WCSWgaOQlcsyrFFPgXj+BNvpUQ8wVi9aYaArT
jTIot6TOFJNLT60CRlBMrg7/2rUMMrahDTx9WARVCzYLDykC9kU+sjVys0wMlx6t
dkKgIWbhfqi5w3XU1YfDQ29jduamJu/+04GptNHN+PjyjGboaHMFmC2wmGV3G5VS
QAO1hdST3JfeLb2wyYuP1xD6DHtkKtAfl81jpyrP8Bq/l4Nfsrb90cmdNDRww/H0
dZJh1hNex9hxrwj4GAWpnqXoWGqIR/5hwbQtcH2Bt345tx7DLFH7mh18xGOud2qc
1o2YT7By4/QkWA/g8tPSjr/1jZp8Ylv6Y9MkTwNWjHSFCDfHu8TPaT3Mw5kPsQkk
dt1XMX+CaUQrBrCTooaXluiktRIXQdwG0oPzpIm6R735ijv/rwnQM7WpQ5HQQ2OD
rMSBWi0ArmyjVMFXePsLW0d23glBaMpGZIirIm/UU28
-> piv-p256 grR75w AwR6wTkB015k3gyUmEBc9DXhz+PFiNUZ7KMA8Kqq05lY
fhxJgG8c/m50NdET7Y+9KhC8znmouVBh6n61OL+KfRE
-> piv-p256 RQguQQ AiDuXGyWoNU4TkwGa6QBozFZh+3PYl8y1FHVyN1eUyz8
ieuAZyJ2CEZeCNFFXcWEf0vyI7NI94xkQDXjpzd+NLc
--- 7DUMPdjVfmKuN+3lGN7JsLHt0HoayDd6yk7li2sSRwE
"ÿÙ_K!àÇŸoÍÞB$åc®‡ðÄÀ\ˆú”˜cr5l} 4Ž(X!“UµÊa™W…¡ÿZñwJûx

42
secrets/services/nextcloud/onlyofficejwt.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ 39vMfysEahyydxnqENrwNOZi9yWpZSIWsNQxkMFBQik
bvJK5Gya20UhZ/dWKHAQZ7CPa7v/pISwB90WJejYA5k
-> ssh-ed25519 WiIaQQ KZ6RU6kDjHVfy5YwlmjQhH6YBVkJqrRonUl02iYA2m0
GGsCI2D1tN4lGpsHJph6pq9N8UYdG2mfIY3U9urTR08
-> ssh-ed25519 neExcQ heR67WtUWEMq/A6BRfIkPMcb+hzVZabpWu8uukmuBFw
wTSODQfOvRcG33/y/dqEiJ4RNRsTYGXJtxBUQ6C+seo
-> ssh-ed25519 WiIaQQ QshckqSrByAPJIK5pDhVvLBQ16sGLTAAAYylhtlH4lU
1j3qPx/5yTFIxAmNjvD4gGFfp3HNUFO0jh57l+SV4kQ
-> ssh-rsa VtjGpQ
a0oXJCsFZdtpHuZIASZUp5C96ZP1QU1I3RSpIe59hnnpGLbXZE2qntXBfQ9ojkBW
bgNdxvAcWLaYAiCbe6Bo3S9+Q2svJQlEqIZ59o2H9jh+swSoLfWgi0Blo/56B0GQ
UrltI0ftMhM20TaszHwmVhvo3yODcZpNhjAMNVkQuAov9BSQdgGRgivBnt1FfYYI
f6nqfrE5JVoemk72Ip4jQFVWylK7drEU9W2WlwOsF9zkHOJxdNWiaaHpmnsgOEzA
BIdVqYZTtRElqDKM3j4SdE7hL6i4fIb4QAsfX5XI09eUDQLSRGF2o3lqQ4FVx+hb
YE31vr6yQEObTCbrf7zmKIK5UwgQbMf8+WbCxDdxF7FqTKrg7jVhPtu+n6UsJlzv
CXsJkKYZwyESZ5oNjCyqYkkkQP0JChl886OPFY507/Xn3gl3qj/Sh7FZyUuLZ92X
aTHCJ5AHGwQKFnVO1YLXWDcn0F3NIq90YHJ1NsxNvNXZJmcCyBTMtDJGq3q/6Xqz
qXpVoT/9XHHStrKYvi2lut/PFMC6nciixmiNaVbE5Aok5eNhG8wUTsUVRIr8+O/i
07aQBeg7RJ7lW6oQ4/kdfufQbQHuQNchQzkdvQf3azXCXBTJ/+Z6uQuVg32MVsjq
fRO2BtrWjsAVThpeVAdfQb2b43wmL9HBhivqYaBK1gI
-> piv-p256 grR75w A9sg2H7x+75AK9ErkbqMkC06KEDy2Q34seCXCGUguz6H
1TchlkXOzymAT+eDr4bpwugeLQ7gAKRvdYC2xcd9DL8
-> piv-p256 RQguQQ A364N/An/SMqBAp0yrLB0/osdlmz/MgZFG4RB6Os2fLX
V4qtGLbpJrTTFWCfTMcWpuVUiLflDdxXkMqPOtG1R/k
--- O4Xqa0RavBa09l9txN/oIQjAeZIYsur2UsxaSRmhAdE
«à´<>`˜Ñò°DkÚÊ/9¤ÊÀo Qz#fINª¶J<C2B6>ú3•KoÚµ@§>·Zzê²Ip•ÃÚhäû
G7DGz5AGsyy4qgRTvaSQNKJSsJkLayNzmhMjSVI2aXCVWZuVJy0r/IC8cmXvcbFd
ejjTf6Qh1tsFnotoR5whgrhmkG/0IcAokLSFXNyYj4NlW/CwsYEVDoEt09KmnIRA
X6wPqxpDAqs36rcUBQJC4jj/HIgAJwswaVgcoC9S6UBs3H/skFkjczbNM2HKoxzF
UtUUxaXZ3UFF78/rpk5h7lYWteN1FFjeZyOKwSbtYloq5eMlAe0yHnGFo5SPuHZu
QG9O7RJi9y/TnZy9G86HIpIQjZQ9dYW4r139Pb51Fxun3D3nV9eeC7y0RMS3YSAU
0kK22ZjhTq7ZiiRqjM8KjyNMOLTXmzUHdKA7B7JLuYCfDyxj/wszXZuAfC+PXP+D
1YRUErQogn0lPCPXPclwEcYea7Cd6R+2OIpd2TQ5ROIV2FXrpA4EY7Up6ICk7eZf
HoFqbDLD98JjLCMGyEjfG6/UHckBjAeQSR+7k1f/L+NO3IWfH5ud7TWzJNrlqDWJ
Y6zvtQ31kkZNfQNgPHL9l/c7/1IWQFtcJ3fzDwE/hd+93OA5RoYutZw7lG3q6EGk
wPH6pZt+O7/7CtWJz9J4YvT6zE1DYmEobHYRrKzo7II9mdlWSIsu9KjFFt4qdsDN
HtVQJwFwiL9YPw8y7Z1Aalmo/0zTdwosjzBzl0eU9vQ
-> piv-p256 grR75w A3alWLHjgQN2quTfwIXc5xN+5jZowaN2Jkuf666CZt5P
gz0a64iDAI5Y3gpjra2zUIAqGgNh2IJQU4u10TxfOIU
-> piv-p256 RQguQQ AoJJolmpdp0pEYduyAT5YHiLu3a5yELTvHCb2B1gK+RW
/HF293f3uch4lwcHvc0U86BpkUdrDot5GWy6XmSEfnY
--- i0ABQSL1xJRh+baGUX/gfuvwM45jfHK7OP9uKReNwX4
aÖ°gÓÌï>Ä莠Å&<26>ñ”{4¤/˜œ#¨Öœq¾Öãƒ"Ð8RÇmÐÍÀ¬œ{¦$; ¢6#øÂû

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/vaultwarden/environment.age Normal file
View File

Binary file not shown.

18
systemSettings.nix Normal file
View File

@ -0,0 +1,18 @@
# options for systemsettings
{ pkgs, lib, config, ... }:
{
options = {
systemSettings.enable = lib.mkEnableOption "enables standard systemsettings";
};
config = lib.mkIf config.systemSettings.enable {
system = lib.mkDefault "x86_64-linux";
profile = lib.mkDefault "personal";
timezone = "Europe/Berlin";
locale = "en_US.UTF-8";
bootMode = lib.mkDefault "uefi";
bootMountPath = "/boot";
};
}