Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:dev
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
..
compare: Kabbone:main
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

171 Commits
dev ... main

Author SHA1 Message Date
Kabbone
58f1133657
flake update 2025-01-03 19:46:06 +01:00
Kabbone
85eec3b7a5
flake update 2024-12-31 15:58:14 +01:00
Kabbone
fc852aee67
server: nextcloud: disable onlyoffice and set maxUploadSize 2024-12-31 15:57:49 +01:00
Kabbone
e590739346
server: mautrix-signal: update config 2024-12-31 13:48:35 +01:00
Kabbone
7ce839e653
server: disable ollama 2024-12-31 13:16:22 +01:00
Kabbone
97454dac5b
server: mautrix-signal: update config 2024-12-31 13:02:31 +01:00
Kabbone
67ae6e5e23
server: mautrix-signal: update config 2024-12-31 10:58:05 +01:00
Kabbone
dcb7ac9aa0
server: mautrix-whatsapp: enable encryption for now 2024-12-31 08:47:22 +01:00
Kabbone
12b581674b
server: btrbk: add var 2024-12-30 22:30:31 +01:00
Kabbone
ab205e1a98
server: mautrix-whatsapp: disable encryption for now 2024-12-30 18:29:03 +01:00
Kabbone
90f07ad8bd
server: matrix: update mautrix-whatsapp config 2024-12-30 14:28:06 +01:00
Kabbone
3d3b5c9a5f
server: matrix: update mautrix-whatsapp config 2024-12-30 14:17:19 +01:00
Kabbone
7e814bc276
server: matrix: update mautrix-whatsapp config, disable relay 2024-12-30 12:35:16 +01:00
Kabbone
25a2475b65
server: matrix: update mautrix-whatsapp config 2024-12-30 12:21:35 +01:00
Kabbone
4d890c44c3
server: matrix: update mautrix-whatsapp config 2024-12-30 12:19:12 +01:00
Kabbone
d0ba393447
server: matrix: update mautrix-whatsapp config 2024-12-30 12:14:19 +01:00
Kabbone
5a33c0ee3f
server: matrix: update mautrix-whatsapp config 2024-12-30 11:58:27 +01:00
Kabbone
9d03e1167f
server: postgresql: update to 16 2024-12-30 10:27:01 +01:00
Kabbone
d2d72a383a
update nextcloud to 30 2024-12-30 09:03:00 +01:00
Kabbone
2969562349
remove deprecated opengl option 2024-12-30 09:02:42 +01:00
Kabbone
ba60a3c637
update flake to 24.11 2024-12-30 08:56:20 +01:00
Kabbone
b25260b71e
add cachix for steamdeck 2024-12-30 08:21:33 +01:00
Kabbone
29cc48d499
flake update 2024-12-29 09:00:46 +01:00
Kabbone
1ef405296a
lifebook: change path of SSDT4 2024-12-29 09:00:31 +01:00
Kabbone
16c6d9e907
lifebook: make suspend work, DSDT override 2024-12-29 08:48:59 +01:00
Kabbone
3060cbfb77
flake update 2024-12-19 13:16:52 +01:00
Kabbone
1776697f9b
remove catppucin module 2024-12-19 13:16:40 +01:00
Kabbone
dd8159d6a4
flake update 2024-12-15 21:48:36 +01:00
Kabbone
756801607d
desktop: add module for sensors 2024-12-07 22:52:18 +01:00
Kabbone
ccabef6ed7
flake update 2024-12-07 22:51:47 +01:00
Kabbone
3b39a9d744
flake update 2024-12-03 20:51:52 +01:00
Kabbone
a631a5731a
font: remove nerdfonts 2024-12-02 19:53:59 +01:00
Kabbone
e858004e48
flake update 2024-12-02 19:16:09 +01:00
Kabbone
b587b948ef
flake update 2024-11-29 20:20:20 +01:00
Kabbone
09beb0eab5
remove nbf5 from ci 2024-11-25 19:20:31 +01:00
Kabbone
2f7ecf092b
flake update 2024-11-23 11:19:48 +01:00
Kabbone
443187fab3
flake update 2024-11-15 12:44:48 +01:00
Kabbone
e738917d07
update flake 
clean up kanshi from profile to settings
 2024-11-04 20:20:59 +01:00
Kabbone
bca8c6343a
flake update 2024-11-03 15:48:22 +01:00
Kabbone
c99d5a620e
flake update 2024-10-29 21:39:19 +01:00
Kabbone
b8434f4d45
flake update 2024-10-29 20:35:51 +01:00
Kabbone
e34f886e6c
flake update 2024-10-25 21:21:28 +02:00
Kabbone
39f9c40dbc
flake update 2024-10-22 20:46:16 +02:00
Kabbone
c4d3591ee7
services: vault: open website 2024-10-22 15:38:51 +02:00
Kabbone
da1bcdd116
services: vault: change database path 2024-10-22 15:19:06 +02:00
Kabbone
c7b183d9b1
services: acme: increase propagation 2024-10-22 14:17:51 +02:00
Kabbone
03ae8cee2e
server: postgresql: remove vault 2024-10-22 13:12:31 +02:00
Kabbone
c436a8e2b9
services: move vault to local 2024-10-22 12:43:09 +02:00
Kabbone
efc049e739
services: move vault to local 2024-10-22 12:32:41 +02:00
Kabbone
c3df4c714e
flake update 2024-10-21 15:28:32 +02:00
Kabbone
82a880286d
services: vault: specify postgresql auth 2024-10-21 15:09:52 +02:00
Kabbone
c57a18e787
services: vault: specify postgresql auth 2024-10-21 14:45:39 +02:00
Kabbone
000cb57e65
services: vault: postgresql: add missing user 2024-10-21 14:39:49 +02:00
Kabbone
b8d14243f9
services: vault: postgresql: add missing user 2024-10-21 14:36:28 +02:00
Kabbone
fcbae86056
services: vault: set virtual host 2024-10-21 14:28:12 +02:00
Kabbone
ff1bdbe8ff
services: vault: remove backupdir 2024-10-21 14:24:13 +02:00
Kabbone
1bf18208d9
services: enable vault 2024-10-21 14:11:56 +02:00
Kabbone
431d9cd4a9
services: vault poc 2024-10-21 14:07:47 +02:00
Kabbone
8eb9b3952a
services: vault poc 2024-10-21 12:17:54 +02:00
Kabbone
419d2e8cd7
flake update 2024-10-20 11:05:34 +02:00
Kabbone
5c4e09f773
backup: fix timers after boot, prepare steamdeck 2024-10-20 11:00:40 +02:00
Kabbone
2e4f1d5dfa
backup: run bak only after network 2024-10-19 08:51:01 +02:00
Kabbone
3bef5b8830
backup: run bak only after network 2024-10-19 08:47:31 +02:00
Kabbone
c59f1165be
backup: minor fixups 2024-10-19 08:43:49 +02:00
Kabbone
3adb782cba
flake update 2024-10-18 17:48:50 +02:00
Kabbone
17816805d2
apps: add maliit framework 2024-10-15 18:56:15 +02:00
Kabbone
ff0ff7fb2c
add lifebook to backup 2024-10-14 20:18:48 +02:00
Kabbone
d9a20013b9
add lifebook to backup 2024-10-14 20:08:16 +02:00
Kabbone
032ebaa2a4
fix hades backup archive 2024-10-14 19:53:29 +02:00
Kabbone
6dbe100036
add buffer to btrbk 2024-10-14 17:46:26 +02:00
Kabbone
f0768984c6
add hades home to backup 2024-10-14 12:43:53 +02:00
Kabbone
2b4769cae6
setup backup pipeline 2024-10-14 12:17:17 +02:00
Kabbone
fb7688baf3
desktop: disable global catppuccin 2024-10-14 12:16:47 +02:00
Kabbone
92d6ff4898
flake.lock: Update 
Flake lock file updates:

• Updated input 'catppuccin':
    'github:catppuccin/nix/bad96d3fabf8d2e8f0bf0c2cb899a9fccf01ea03' (2024-10-02)
  → 'github:catppuccin/nix/96cf8b4a05fb23a53c027621b1147b5cf9e5439f' (2024-10-08)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e' (2024-10-04)
  → 'github:nix-community/home-manager/d47d33254fbf4fdbdee9f1f14095f689662e479d' (2024-10-10)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/cb63dc934ba512b2d56d89b94c5da7894f6a7809' (2024-10-04)
  → 'github:Jovian-Experiments/Jovian-NixOS/a25f915ec05196d15e3f7f8555ffb612d4f1045d' (2024-10-08)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/e2365a1d8dccdcf4bca5111672e80df67d90957d' (2024-10-01)
  → 'github:nix-community/lanzaboote/0bc127c631999c9555cae2b0cdad2128ff058259' (2024-10-06)
• Updated input 'microvm':
    'github:astro/microvm.nix/e832ffc16b09b1b5c7c1224532d03ed3ce68afd0' (2024-10-02)
  → 'github:astro/microvm.nix/470537e671d743f40812b9c071a4130eabdb3deb' (2024-10-08)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28' (2024-10-04)
  → 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5966581aa04be7eff830b9e1457d56dc70a0b798' (2024-10-02)
  → 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
  → 'github:nixos/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09)
 2024-10-10 21:01:48 +02:00
Kabbone
da9db371af
server: hydra: allowed-uris 2024-10-06 10:10:05 +02:00
Kabbone
c8b8305146
server: services: onlyoffice changes 2024-10-05 12:16:13 +02:00
Kabbone
57f56146d2
hydra: allowUris 2024-10-05 11:26:22 +02:00
Kabbone
272971cefd
flake update 2024-10-05 10:32:14 +02:00
Kabbone
3505e611c1
desktop: enable catppuccin module 2024-10-05 10:32:00 +02:00
Kabbone
fd09e597c1
server: services: onlyoffice changes 2024-10-05 10:31:29 +02:00
Kabbone
255c8ca4d0
prototype fuji 2024-10-05 10:30:57 +02:00
Kabbone
dd79f25336
fix themes 2024-09-30 20:59:37 +02:00
Kabbone
929fa949b2
flake update 2024-09-30 20:57:48 +02:00
Kabbone
fd5bd6a88d
flake update 2024-09-23 20:23:51 +02:00
Kabbone
6a34b81910
home: add gimp and freecad 2024-09-14 15:03:30 +02:00
Kabbone
8d27f5e73d
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/be47a2bdf278c57c2d05e747a13ed31cef54a037' (2024-09-09)
  → 'github:nix-community/home-manager/6c1a461a444e6ccb3f3e42bb627b510c3a722a57' (2024-09-14)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/2d050e65a71e02a1f19d1a35c086bd2e3dfb2cdb' (2024-09-06)
  → 'github:Jovian-Experiments/Jovian-NixOS/02cf60ce20b6034fc0459e5116cec7016aaff6e4' (2024-09-12)
• Updated input 'microvm':
    'github:astro/microvm.nix/caac7808d1e31f8a0fa408338cd3736947cb226d' (2024-09-06)
  → 'github:astro/microvm.nix/af604aa08ac9a4ae585beaf1a3482897a27ab67e' (2024-09-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/aac7c50858a21636ddfd39831ccc221cf9d59827' (2024-09-09)
  → 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/68e7dce0a6532e876980764167ad158174402c6f' (2024-09-07)
  → 'github:NixOS/nixpkgs/e65aa8301ba4f0ab8cb98f944c14aa9da07394f8' (2024-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
  → 'github:nixos/nixpkgs/4f807e8940284ad7925ebd0a0993d2a1791acb2f' (2024-09-11)
 2024-09-14 15:01:15 +02:00
Kabbone
d2abc23417
flake update allow olm 2024-09-09 16:43:34 +02:00
Kabbone
263d10dbdd
flake update corrections 2024-09-09 12:40:27 +02:00
Kabbone
406cb190e9
flake update 2024-09-09 12:05:20 +02:00
Kabbone
f4b8db1022
flake update 2024-08-30 22:32:39 +02:00
Kabbone
ea282c6237
lifebook: set suspend-then-hibernate with delaytime 1h 2024-08-25 22:47:35 +02:00
Kabbone
0f3a2e0e52
lifebook: fix s0 suspend 2024-08-25 20:15:26 +02:00
Kabbone
aaaa3f108f
hosts: nasbak: switch to systemd-networkd 2024-08-22 19:42:25 +02:00
Kabbone
0b566c81be
flake update 
switch jupiter to systemd-networkd
disable jitsi
 2024-08-22 19:08:19 +02:00
Kabbone
183a280402
hosts: kabtopci: some changes for hydra space 2024-08-16 14:56:56 +02:00
Kabbone
eae9aa6d62
flake update 2024-08-16 14:29:44 +02:00
Kabbone
5ddf51f572
wm: sway: rot8 invert y-Axis and disable keyboard 2024-08-11 21:17:25 +02:00
Kabbone
1787103cec
wm: sway: switch to rofi 
add rot8
 2024-08-11 19:44:14 +02:00
Kabbone
a6c6cb699a
hosts: small fixes on lifebook init config 2024-08-10 06:20:26 +02:00
Kabbone
d83a55d62d
flake update 
remove sound config due to update
fix hydraJobs after adding lifebook
 2024-08-10 06:20:23 +02:00
Kabbone
1405ee7eee
apps: install android-studio 2024-08-10 06:20:20 +02:00
Kabbone
66cdd05f41
sway: add german layout 2024-08-10 06:20:16 +02:00
Kabbone
b05a692b47
hosts: fixes for initial lifebook 
add lanzaboote lifebook
 2024-08-10 06:20:09 +02:00
Kabbone
e5db869b82
lifebook: smaller fixes 2024-07-17 21:17:50 +02:00
Kabbone
cb84afaaec
shell: add ssh-agent again 2024-07-15 21:31:44 +02:00
Kabbone
05b0762421
disko: add opt 2024-07-15 21:29:57 +02:00
Kabbone
0a1e17995f
rename laptop to nbf5 
add lifebook
 2024-07-15 21:24:50 +02:00
Kabbone
dba8ac1eb0
flake update 2024-07-14 14:19:34 +02:00
Kabbone
dce3035653
git: add cache 2024-07-14 14:14:43 +02:00
Kabbone
9f8e15d135
add git difftastic 2024-07-14 12:59:51 +02:00
Kabbone
d5f3aa3885
restructure common sshagent 
cleanups of commented out things
move non desktop to server config
 2024-07-14 12:06:47 +02:00
Kabbone
0a775adbdc
fix unstable with moving powerline to python311 2024-07-14 09:56:40 +02:00
Kabbone
8459516c95
add new wallpapers 2024-07-13 13:41:50 +02:00
Kabbone
d16898adf8
flake update 
comment out freecad because pyside is broken
set python311 to fix nose dependency in unstable
 2024-07-13 12:01:05 +02:00
Kabbone
d518e9ffe4
flake update and move all back to nixos-hardware master 2024-07-02 22:22:26 +02:00
Kabbone
4882bca4c9
flake update 2024-07-02 18:29:13 +02:00
Kabbone
3cb4ae7c50
apps: install ausweisapp 2024-06-29 07:20:28 +02:00
Kabbone
904e5a88c6
hosts: steamdeck: update to plasma6 change defaultSession 2024-06-22 11:46:35 +02:00
Kabbone
430858fb11
hosts: steamdeck: update to plasma6 typo 2024-06-22 09:15:32 +02:00
Kabbone
4fec51506d
hosts: steamdeck: update to plasma6 2024-06-22 08:57:56 +02:00
Kabbone
1a76923e77
flake: fix commit for nixos-hardware and remove from steamdeck 2024-06-21 23:40:53 +02:00
Kabbone
19487f6b79
hosts: steamdeck: rename for nixpkgs option updates 2024-06-21 23:15:02 +02:00
Kabbone
daee0533d5
flake.lock: Update 
Flake lock file updates:

• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
  → 'github:Jovian-Experiments/Jovian-NixOS/a7a9774538612c75324f785ab1300e67abc039d3' (2024-06-21)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
  → 'github:NixOS/nixos-hardware/cc634b69c8312c4e88469d3c7e8fb5ecc72e7dc6' (2024-06-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
  → 'github:NixOS/nixpkgs/dd457de7e08c6d06789b1f5b88fc9327f4d96309' (2024-06-19)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
  → 'github:nixos/nixpkgs/d603719ec6e294f034936c0d0dc06f689d91b6c3' (2024-06-20)
 2024-06-21 20:43:44 +02:00
Kabbone
3484124ab4
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
  → 'github:nix-community/home-manager/d7830d05421d0ced83a0f007900898bdcaf2a2ca' (2024-06-19)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
  → 'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
  → 'github:nix-community/lanzaboote/6fa7bc0522f71d3906a3788bbd80c344cd9c4523' (2024-06-19)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
  → 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
  → 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
  → 'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
 2024-06-20 18:59:21 +02:00
Kabbone
c89ea890d1
hosts: add hydra cache to all 
fix kabtop defintion (missing ;)
remove scsi power option on jupiter vm
 2024-06-17 20:47:42 +02:00
Kabbone
9b22d5c1ba
flake: add hydraJobs 2024-06-17 20:31:44 +02:00
Kabbone
801468970b
flake: add hydraJobs 2024-06-17 20:02:41 +02:00
Kabbone
f30860cb34
hosts: hades: move to 2.5 Nic and change name to hostname 2024-06-17 17:56:41 +02:00
Kabbone
d754a5b1d5
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04)
  → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
  → 'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
  → 'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
  → 'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
  → 'github:ipetkov/crane/0095fd8ea00ae0a9e6014f39c375e40c2fbd3386' (2024-06-15)
• Updated input 'lanzaboote/rust-overlay':
    'github:oxalica/rust-overlay/6dc3e45fe4aee36efeed24d64fc68b1f989d5465' (2024-06-08)
  → 'github:oxalica/rust-overlay/0043c3f92304823cc2c0a4354b0feaa61dfb4cd9' (2024-06-16)
• Updated input 'microvm':
    'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
  → 'github:astro/microvm.nix/b11f00056e11a802809935b0675176a2429593d9' (2024-06-15)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
  → 'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
  → 'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
  → 'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
 2024-06-17 17:55:45 +02:00
Kabbone
8352d5c0ba
flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
  → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/3d65009effd77cb0d6e7520b68b039836a7606cf' (2024-06-09)
  → 'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f27db3a9a8c21a65c1ef50cacca3ef2bfff04cb9' (2024-06-11)
  → 'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/56ed078dc92baf72813d55dcfe399715a632bc41' (2024-06-09)
  → 'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/55e7754ec31dac78980c8be45f8a28e80e370946' (2024-06-04)
  → 'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
• Updated input 'microvm':
    'github:astro/microvm.nix/e3a4dd5b381fb580804105594cc9c71dc45abdb5' (2024-06-03)
  → 'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10)
  → 'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/47b604b07d1e8146d5398b42d3306fdebd343986' (2024-06-11)
  → 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c7b821ba2e1e635ba5a76d299af62821cbcb09f3' (2024-06-09)
  → 'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
 2024-06-14 17:23:57 +02:00
Kabbone
0cc0c7003a
flake update 2024-06-11 21:50:11 +02:00
Kabbone
939f5d9433
hydra: change hydraCache URL 2024-06-11 19:54:49 +02:00
Kabbone
2cab296188
hosts: kabtop: remove hardware module 2024-06-11 17:56:04 +02:00
Kabbone
9751a6bf52
secrets: rekey 2024-06-11 17:55:44 +02:00
Kabbone
5c7d579c44
hosts: kabtopci: fix path and add mount script 2024-06-11 17:14:24 +02:00
Kabbone
998c9aa54d
hosts: small fixes on kabtopci prototype 2024-06-09 15:40:51 +02:00
Kabbone
8c59339b50
hosts: small fixes on kabtopci prototype 2024-06-09 15:17:55 +02:00
Kabbone
8617ddbd3a
hosts: add kabtopci prototype 2024-06-09 11:01:05 +02:00
Kabbone
b4c7b1762b
hydra: fix jobs 2024-06-08 19:32:33 +02:00
Kabbone
a119ae47f0
server: services: nextcloud add maintenance window 2024-06-08 16:04:00 +02:00
Kabbone
60118fc7f7
server: services: update mautrix-signal 2024-06-08 15:47:37 +02:00
Kabbone
64a5c3e34f
server: services: update mautrix-signal 2024-06-08 15:43:47 +02:00
Kabbone
a5886eb6d0
server: services: nextcloud: rework for new structure 2024-06-08 14:48:57 +02:00
Kabbone
ca8c0c8a17
services: hydra: add allowed uris 2024-06-08 14:47:20 +02:00
Kabbone
1d4a80ff86
hosts: laptop: hardware: intel-cpu already imports gpu 2024-06-08 14:30:43 +02:00
Kabbone
e32635ebb7
flake update 2024-06-08 14:07:29 +02:00
Kabbone
964379114f
hosts: correct avahi 2024-06-04 21:11:04 +02:00
Kabbone
6b5f86c9ab
dmz: services: nginx: add recommendedSettings and fix Hydra 2024-06-04 21:06:44 +02:00
Kabbone
d7c142e2ab
apps: alacritty: remove offset 2024-06-04 19:42:43 +02:00
Kabbone
90201b355c
hydra: add desktop job 2024-06-04 19:01:29 +02:00
Kabbone
2ee496c5e9
hydra: add desktop job 2024-06-03 21:35:31 +02:00
Kabbone
a901a661f9
services: hydraCache: add substituter and remove rocm from steamdeck 2024-06-03 21:29:23 +02:00
Kabbone
3500f3d3a8
flake update with code adjustments 2024-06-03 20:24:22 +02:00
Kabbone
7fe7eeabf9
apps: desktop: add orca-slicer 2024-06-03 18:31:33 +02:00
Kabbone
b952606f1f
flake remove nixvim and update to 24.05 2024-06-03 18:31:00 +02:00
Kabbone
2e7b1499cb
services: hydraCache: typo 2024-06-02 21:32:33 +02:00
Kabbone
8b07092084
services: hydraCache: update address 2024-06-02 21:30:27 +02:00
Kabbone
c8b76b289a
hosts: dmz: acme: use quad9 2024-06-02 18:36:56 +02:00
Kabbone
54aeb48839
hosts: dmz: acme: increase propagation timeout, use wildcard 2024-06-02 12:27:03 +02:00
Kabbone
5824207566
hosts: dmz: acme: increase propagation timeout 2024-05-31 21:40:26 +02:00
Kabbone
9d795ae38e
hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:56:09 +02:00
Kabbone
2b30c68a54
hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:42:16 +02:00
Kabbone
cb7412e749
hosts: dmz: acme: set timeouts 2024-05-31 20:02:54 +02:00
Kabbone
e8f6f4e96f
services: hydra: fix reverse proxy and firewall 2024-05-31 19:46:43 +02:00
Kabbone
40fdd49224
services: hydra: create acme and reverse proxy -- fix api 2024-05-31 18:31:12 +02:00
Kabbone
b1cf3d2399
services: hydra: create acme and reverse proxy -- fix path and api 2024-05-31 18:27:51 +02:00
Kabbone
01091ff377
services: hydra: create acme and reverse proxy 2024-05-31 18:07:39 +02:00
Kabbone
b20dc93d47
hosts: desktops: disable auto upgrade 2024-05-29 10:01:06 +02:00
Kabbone
fa914bce1d
test hydra jobs 
test hydra jobs

test hydra jobs

test hydra jobs

test hydra jobs

hydra add signing key

flake restructure

secrets: rekey

secrets: rekey

hydra fix key path

hydra fix key path

services: hydra: typo in nix.conf
 2024-05-29 09:58:44 +02:00
Kabbone
9f9d8e3a3b
flake update 2024-05-26 09:30:09 +02:00
Kabbone
e02e66a4bb
hosts: steamdeck: add hydraCache 2024-05-26 09:14:01 +02:00
95 changed files with 2089 additions and 923 deletions
Show Stats Expand all files Collapse all files

4
disko/btrfs_luks.nix
View File

@ -47,6 +47,10 @@
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@opt" = {
mountpoint = "/opt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = {
mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];

11
disko/mount.sh Normal file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
disk="/dev/vda"
mountpoint="/mnt"
mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap

430
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1716561646,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"lastModified": 1723293904,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@ -24,18 +24,12 @@
}
},
"crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711299236,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "880573f80d09e18a11713f402b9e6172a085449f",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
@ -66,28 +60,6 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -104,36 +76,6 @@
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@ -142,11 +84,11 @@
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
@ -155,88 +97,16 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -267,28 +137,6 @@
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -317,11 +165,11 @@
]
},
"locked": {
"lastModified": 1716457508,
"narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=",
"lastModified": 1735925111,
"narHash": "sha256-/NptDI4njO5hH0ZVQ2yzbvTXmBOabZaGYkjhnMJ37TY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "850cb322046ef1a268449cf1ceda5fd24d930b05",
"rev": "ef64efdbaca99f9960f75efab991e4c49e79a5f1",
"type": "github"
},
"original": {
@ -337,48 +185,27 @@
]
},
"locked": {
"lastModified": 1715381426,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"lastModified": 1735344290,
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716448020,
"narHash": "sha256-u1ddoBOILtLVX4NYzqSZ9Qaqusql1M4reLd1fs554hY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "25dedb0d52c20448f6a63cc346df1adbd6ef417e",
"rev": "613691f285dad87694c2ba1c9e6298d04736292d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1708968331,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"lastModified": 1734945620,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
"type": "github"
},
"original": {
@ -395,11 +222,11 @@
]
},
"locked": {
"lastModified": 1716618639,
"narHash": "sha256-H3kcJDVqDmXZ9IfVtqObL3JUx/a0ERn6gWBTn+7vwN4=",
"lastModified": 1735330405,
"narHash": "sha256-MhXgu1oymyjhhZGY9yewNonJknNAjilzMGPY1FfMR7s=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "a358c56a163b3b7d149571e853a8f75b2c1ceb38",
"rev": "a86d9cf841eff8b33a05d2bf25788abd8e018dbd",
"type": "github"
},
"original": {
@ -413,7 +240,6 @@
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
@ -421,11 +247,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1713369831,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"lastModified": 1734994463,
"narHash": "sha256-S9MgfQjNt4J3I7obdLOVY23h+Yl/hnyibwGfOl+1uOE=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"rev": "93e6f0d77548be8757c11ebda5c4235ef4f3bc67",
"type": "github"
},
"original": {
@ -437,18 +263,18 @@
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1716382614,
"narHash": "sha256-dwUYl8jyMNKidPEM9gTafcRe+3pUh2rH3ZlBrUpsvnw=",
"lastModified": 1735074045,
"narHash": "sha256-CeYsC8J2dNiV2FCQOxK1oZ/jNpOF2io7aCEFHmfi95U=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "a59c3167f673ce29b65c674deb2bee73d151a96c",
"rev": "2ae08de8e8068b00193b9cfbc0acc9dfdda03181",
"type": "github"
},
"original": {
@ -457,27 +283,6 @@
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716329735,
"narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
@ -486,11 +291,11 @@
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"lastModified": 1729697500,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
@ -502,11 +307,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1716173274,
"narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
"lastModified": 1735388221,
"narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
"rev": "7c674c6734f61157e321db595dbfcd8523e04e19",
"type": "github"
},
"original": {
@ -518,43 +323,43 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1716361217,
"narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
"lastModified": 1735669367,
"narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
"rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1716330097,
"narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"lastModified": 1735834308,
"narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"rev": "6df24922a1400241dae323af55f30e4318a6ca65",
"type": "github"
},
"original": {
@ -564,71 +369,12 @@
"type": "github"
}
},
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1716566815,
"narHash": "sha256-WO3MF4W1SrSD0lanU1n7dfuHizeSLfDHJNEir9exlcM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "9d858de2e9ab136d1c53d92af62fed8fccf492ab",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716213921,
"narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
@ -637,11 +383,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
@ -661,27 +407,22 @@
"microvm": "microvm",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim"
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711246447,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
@ -693,11 +434,11 @@
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1708358594,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"lastModified": 1733308308,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 614,
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 792,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
@ -735,57 +476,6 @@
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

32
flake.nix
View File

@ -12,7 +12,7 @@
inputs = # All flake references used to build my NixOS setup. These are dependencies.
{
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = {
@ -23,7 +23,7 @@
impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-23.11";
url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -38,32 +38,36 @@
};
jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
rec {
nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here.
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true;
}
);
hydraJobs."steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
hydraJobs = {
"steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = nixosConfigurations.hades.config.system.build.toplevel;
"nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
"jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
"lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
"kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
};
};

54
hosts/configuration_desktop.nix
View File

@ -58,12 +58,12 @@
# };
};
sound = { # ALSA sound enable
#enable = true;
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
enable = true;
};
};
#sound = { # ALSA sound enable
## #enable = true;
# mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
# enable = true;
# };
#};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
@ -74,11 +74,6 @@
corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
];
environment = {
@ -95,6 +90,7 @@
pciutils
usbutils
wget
file
powertop
cpufrequtils
lm_sensors
@ -108,14 +104,17 @@
age-plugin-yubikey
pwgen
cryptsetup
powerline
python311Packages.powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
linuxPackages_latest.turbostat
btop
sbctl
ausweisapp
e2fsprogs
];
};
@ -131,23 +130,13 @@
};
openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip>
# public:
# - port forward 22 TCP to server
# - in case you want to use the domain name insted of the ip:
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
};
# extraConfig = ''
# HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
};
pcscd.enable = true;
yubikey-agent.enable = true;
@ -162,6 +151,17 @@
fwupd.enable = true;
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
};
#xdg.portal = { # Required for flatpak
# enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@ -185,7 +185,7 @@
system = { # NixOS settings
autoUpgrade = { # Allow auto update
enable = true;
enable = false;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m";
allowReboot = true;

28
hosts/configuration_server.nix
View File

@ -13,8 +13,6 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }:
{
imports = # Import window or display manager.
[
#../modules/editors/nvim # ! Comment this out on first install !
@ -49,24 +47,22 @@
keyMap = "us"; # or us/azerty/etc
};
security.rtkit.enable = true;
security.pki.certificateFiles = [
security = {
rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem
];
];
};
fonts.packages = with pkgs; [ # Fonts
carlito # NixOS
vegur # NixOS
source-code-pro
cascadia-code
font-awesome # Icons
hack-font
corefonts # MS
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
intel-one-mono
cascadia-code
];
environment = {
@ -74,6 +70,7 @@
TERMINAL = "alacritty";
EDITOR = "nvim";
VISUAL = "nvim";
BROWSER = "firefox";
};
systemPackages = with pkgs; [ # Default packages install system-wide
vim
@ -90,13 +87,15 @@
agenix.packages.x86_64-linux.default
ffmpeg
smartmontools
powerline
cryptsetup
python311Packages.powerline
powerline-fonts
powerline-symbols
tree
direnv
linuxPackages_latest.cpupower
btop
htop
direnv
];
};
@ -132,6 +131,9 @@
'';
};
nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system = { # NixOS settings
autoUpgrade = { # Allow auto update

78
hosts/default.nix
View File

@ -11,7 +11,7 @@
# └─ ./home.nix
#
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
let
user = "kabbone";
@ -31,16 +31,16 @@ let
in
{
desktop = lib.nixosSystem { # Desktop profile
hades = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
@ -58,16 +58,16 @@ in
];
};
laptop = lib.nixosSystem { # Laptop profile
lifebook = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; };
modules = [
agenix.nixosModules.default
./laptop
lanzaboote.nixosModules.lanzaboote
./lifebook
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
@ -75,7 +75,29 @@ in
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
};
}
];
};
nbf5 = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [
agenix.nixosModules.default
./nbf5
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./nbf5/home.nix)];
};
}
];
@ -91,9 +113,6 @@ in
./steamdeck
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
@ -114,6 +133,7 @@ in
microvm.nixosModules.host
./server
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
@ -136,6 +156,7 @@ in
microvm.nixosModules.host
./kabtop
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
@ -156,8 +177,8 @@ in
modules = [
agenix.nixosModules.default
./nasbackup
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
@ -178,8 +199,8 @@ in
modules = [
agenix.nixosModules.default
./jupiter
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
@ -194,6 +215,28 @@ in
];
};
kabtopci = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
};
}
];
};
dmz = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
@ -202,6 +245,7 @@ in
microvm.nixosModules.host
./dmz
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {

36
hosts/desktop/default.nix
View File

@ -17,7 +17,7 @@
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, nixvim, ... }:
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
@ -61,17 +61,6 @@
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
@ -79,15 +68,15 @@
enable = true;
drivers = [ pkgs.gutenprint ];
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
hardware.openrgb = {
enable = true;
motherboard = "amd";
@ -95,9 +84,4 @@
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

43
hosts/desktop/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = [ "kvm-amd" "nct6775" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
@ -34,6 +34,7 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
@ -56,6 +57,39 @@
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
@ -121,13 +155,18 @@
networkmanager = {
enable = false;
};
firewall = {
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp34s0";
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {

7
hosts/desktop/home.nix
View File

@ -31,12 +31,11 @@
streamlink
streamlink-twitch-gui-bin
element-desktop
nheko
#nheko
pulsemixer
#yubioath-flutter
nitrokey-app
kicad
yuzu-mainline
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
@ -47,10 +46,6 @@
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network

2
hosts/dmz/default.nix
View File

@ -47,7 +47,7 @@
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

7
hosts/dmz/hardware-configuration.nix
View File

@ -83,11 +83,14 @@
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dns = [
"192.168.101.1"
];
};
};
};
@ -97,7 +100,7 @@
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};

82
hosts/fuji/default.nix Normal file
View File

@ -0,0 +1,82 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

138
hosts/fuji/hardware-configuration.nix Normal file
View File

@ -0,0 +1,138 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
};
firewall = {
enable = true;
#allowedUDPPorts = [ 24727 ];
#allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

45
hosts/fuji/home.nix Normal file
View File

@ -0,0 +1,45 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
#nheko
pulsemixer
];
};
services = { # Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

31
hosts/home.nix
View File

@ -16,9 +16,10 @@
#
{ config, lib, pkgs, user, ... }:
#{ config, lib, pkgs, user, ... }:
{
imports = # Home Manager Modules
imports =
(import ../modules/editors) ++
(import ../modules/programs) ++
(import ../modules/programs/configs) ++
@ -52,7 +53,6 @@
# VideAudio
mpv # Media Player
youtube-dl
# Apps
galculator
@ -73,14 +73,17 @@
rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files
unrar # Rar files
papirus-icon-theme
epapirus-icon-theme
arc-theme
# Genel configuration
# General configuration
keepassxc
libreoffice
gimp
# Flatpak
prusa-slicer
orca-slicer
#vscodium
(vscode-with-extensions.override {
vscode = vscodium;
@ -90,25 +93,29 @@
#ms-python.python
ms-vscode.cpptools
dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
];
})
sdkmanager
android-tools
];
file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
pointerCursor = { # This will set cursor systemwide so applications can not choose their own
name = "Dracula-cursors";
package = pkgs.dracula-theme;
size = 16;
gtk.enable = true;
};
# pointerCursor = { # This will set cursor systemwide so applications can not choose their own
# name = "Dracula-cursors";
# package = pkgs.dracula-theme;
# size = 16;
# gtk.enable = true;
# };
stateVersion = "23.05";
};
programs = {
home-manager.enable = true;
alacritty = {
settings.font.size = 11;
};
};

4
hosts/jupiter/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
@ -61,7 +61,7 @@
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

44
hosts/jupiter/hardware-configuration.nix
View File

@ -50,6 +50,7 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
@ -188,35 +189,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
hostName = "jupiter";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
@ -228,7 +218,7 @@
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
scsiLinkPolicy = "med_power_with_dipm";
#scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
'';

23
hosts/kabtop/default.nix
View File

@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
(import ../../modules/services/server); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
@ -62,22 +61,22 @@
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
fail2ban = {
enable = true;
maxretry = 5;

1
hosts/kabtop/hardware-configuration.nix
View File

@ -52,6 +52,7 @@
subvolume = {
"@" = {};
"@home" = {};
"@var" = {};
};
};
};

45
hosts/kabtopci/default.nix Normal file
View File

@ -0,0 +1,45 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker
(import ../../modules/services/kabtopci); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
}

108
hosts/kabtopci/hardware-configuration.nix Normal file
View File

@ -0,0 +1,108 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "195.90.221.87";
prefixLength = 22;
} ];
ipv6.addresses = [ {
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "195.90.220.1";
defaultGateway6 = {
address = "2a00:6800:3::1";
interface = "ens3";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtopci/home.nix Normal file
View File

@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

85
hosts/lifebook/default.nix Normal file
View File

@ -0,0 +1,85 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ lib, config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = [ "${./patched-SSDT4}" ];
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
];
};
programs = { # No xbacklight, this is the alterantive
light.enable = true;
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#tailscale.enable = true;
};
}

223
hosts/lifebook/hardware-configuration.nix Normal file
View File

@ -0,0 +1,223 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = ''
options i915 enable_guc=3
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
#checkReversePath = false;
enable = true;
allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
powertop.enable = true;
};
}

53
hosts/lifebook/home.nix Normal file
View File

@ -0,0 +1,53 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

BIN
hosts/lifebook/patched-SSDT4 Executable file
View File

Binary file not shown.

2
hosts/nas/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};

4
hosts/nasbackup/default.nix
View File

@ -45,7 +45,7 @@
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
@ -53,7 +53,7 @@
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

101
hosts/nasbackup/hardware-configuration.nix
View File

@ -51,7 +51,7 @@
};
services.btrbk = {
extraPackages = [ pkgs.lz4 ];
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
@ -78,6 +78,7 @@
bak = {
onCalendar = "weekly";
settings = {
stream_buffer = "265m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
@ -87,20 +88,35 @@
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk";
volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/Mars";
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
subvolume = {
"@nas" = {};
"@nas" = {
target = "/mnt/nas/Backups/Mars";
};
"@hades/@home" = {
target = "/mnt/nas/Backups/Hades";
snapshot_dir = "@snapshots/@hades";
};
"@lifebook/@home" = {
target = "/mnt/nas/Backups/Lifebook";
snapshot_dir = "@snapshots/@lifebook";
};
# "@steamdeck/@home" = {
# target = "/mnt/nas/Backups/Steamdeck";
# snapshot_dir = "@snapshots/@steamdeck";
# };
};
};
};
volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto";
subvolume = {
"@/Games" = {};
@ -113,36 +129,16 @@
};
};
};
# lf = {
# onCalendar = "daily";
# settings = {
# incremental = "yes";
# snapshot_create = "ondemand";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve = "2m 2w 5d";
# snapshot_preserve_min = "latest";
#
# volume = {
# "/mnt/snapshots/Pluto" = {
# snapshot_create = "always";
# subvolume = {
# "@" = {};
# "@/Backups" = {};
# "@/Games" = {};
# "@/IT" = {};
# "@/Media" = {};
# "@/Pictures" = {};
# "@/Rest" = {};
# };
# };
# };
# };
# };
};
};
systemd.services = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
@ -198,35 +194,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
hostName = "nasbak";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];

10
hosts/laptop/default.nix → hosts/nbf5/default.nix
View File

@ -58,15 +58,7 @@
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
@ -86,7 +78,7 @@
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;

0
hosts/laptop/hardware-configuration.nix → hosts/nbf5/hardware-configuration.nix
View File

0
hosts/laptop/home.nix → hosts/nbf5/home.nix
View File

20
hosts/server/default.nix
View File

@ -57,22 +57,22 @@
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
pinentryPackage = pkgs.pinentry-curses;
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
fail2ban = {
enable = true;
maxretry = 5;

8
hosts/steamdeck/default.nix
View File

@ -59,15 +59,7 @@
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryFlavor = "curses";
};
};
services = {

77
hosts/steamdeck/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ];
systemd.enable = true;
luks = {
@ -50,33 +50,66 @@
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
};
};
};
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
fileSystems."/" =
{ device = "/dev/mapper/crypted";
@ -171,9 +204,9 @@
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = "loose";
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
};
};

4
hosts/steamdeck/home.nix
View File

@ -43,10 +43,6 @@
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
};

5
modules/hardware/backup.nix
View File

@ -9,7 +9,10 @@
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ];
}
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = [ "target" "info" "receive" "delete" ];
}
];
extraPackages = [ pkgs.lz4 ];
};
}

9
modules/hardware/hydraCache.nix
View File

@ -6,10 +6,15 @@
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
];
extra-trusted-substituters = [
"http://dmz.home.opel-online.de:3000/project/jovian/channel/latest"
extra-substituters = [
"https://steamdeck.cachix.org"
"https://cache.ci.kabtop.de"
];
#extra-trusted-substituters = [
# "https://cache.home.opel-online.de"
#];
};
};

5
modules/programs/alacritty.nix
View File

@ -15,6 +15,7 @@
enable = true;
package = pkgs.alacritty;
settings = {
env.term = "screen-256color";
font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "FiraCode Nerd Font";
normal.family = "Cascadia Code";
@ -22,10 +23,6 @@
#bold = { style = "Bold"; };
# size = 8;
};
offset = { # Positioning
x = -1;
y = 0;
};
};
};
};

2
modules/programs/default.nix
View File

@ -12,7 +12,7 @@
[
./alacritty.nix
./rofi.nix
# ./rofi.nix
./firefox.nix
#./waybar.nix
#./games.nix

86
modules/services/dmz/hydra.nix
View File

@ -1,23 +1,77 @@
{ lib, config, pkgs, ... }:
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000";
notificationSender = "hydra@localhost";
useSubstitutes = true;
};
networking.firewall = {
enable = true;
#allowedUDPPorts = [ ];
allowedTCPPorts = [ 3000 ];
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.home.opel-online.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
nix = {
settings.trusted-users = [
"hydra"
];
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
@ -28,6 +82,10 @@
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

19
modules/services/kabtopci/default.nix Normal file
View File

@ -0,0 +1,19 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

59
modules/services/kabtopci/gitea_runner.nix Normal file
View File

@ -0,0 +1,59 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

82
modules/services/kabtopci/hydra.nix Normal file
View File

@ -0,0 +1,82 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

129
modules/services/kabtopci/microvm.nix Normal file
View File

@ -0,0 +1,129 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 3096;
balloonMem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

31
modules/services/kanshi.nix
View File

@ -7,31 +7,34 @@
{
services.kanshi = {
enable = true;
profiles = {
undocked = {
settings = [
{
profile = {
name = "undocked";
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
];
};
#docked_c = {
# outputs = [
# { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
# { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
# ];
#};
docked_c = {
};
}
{
profile = {
name = "docked_c";
outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
docked_triple = {
};
}
{
profile = {
name = "docked_triple";
outputs = [
{ criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
{ criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
];
};
};
};
}
];
};
}

2
modules/services/nas/default.nix
View File

@ -12,6 +12,8 @@
[
./nfs.nix
./nginx.nix
./vaultwarden.nix
]
# picom, polybar and sxhkd are pulled from desktop module

53
modules/services/nas/nginx.nix Normal file
View File

@ -0,0 +1,53 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
networking.firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

38
modules/services/nas/vaultwarden.nix Normal file
View File

@ -0,0 +1,38 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
environmentFile = config.age.secrets."services/vaultwarden/environment".path;
config = {
DOMAIN = "https://vault.home.opel-online.de";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
services.nginx = {
virtualHosts = {
"vault.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
age.secrets."services/vaultwarden/environment" = {
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
};
}

3
modules/services/server/default.nix
View File

@ -17,8 +17,7 @@
./nextcloud.nix
./matrix.nix
./coturn.nix
./jitsi.nix
./ollama.nix
# ./ollama.nix
]
# picom, polybar and sxhkd are pulled from desktop module

1
modules/services/server/matrix.nix
View File

@ -139,7 +139,6 @@ in {
"/var/log/mautrix-signal"
];
NoNewPrivileges=true;
MemoryDenyWriteExecute=true;
PrivateDevices=true;
PrivateTmp=true;
ProtectHome=true;

57
modules/services/server/nextcloud.nix
View File

@ -9,15 +9,20 @@
enable = true;
hostName = "cloud.kabtop.de";
https = true;
package = pkgs.nextcloud27;
package = pkgs.nextcloud30;
database.createLocally = false;
logType = "file";
notify_push.enable = false;
maxUploadSize = "512M";
caching = {
redis = true;
apcu = false;
};
extraOptions = {
settings = {
log_type = "file";
logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
redis = {
host = "/run/redis-nextcloud/redis.sock";
port = 0;
@ -25,6 +30,7 @@
"memcache.local" = "\\OC\\Memcache\\Redis";
"memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis";
"maintenance_window_start" = "1";
};
config = {
dbtype = "pgsql";
@ -34,8 +40,6 @@
adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
overwriteProtocol = "https";
defaultPhoneRegion = "DE";
};
phpOptions = {
"opcache.interned_strings_buffer" = "16";
@ -43,15 +47,15 @@
#autoUpdateApps.enable = true;
};
services.onlyoffice = {
enable = true;
hostname = "docs.cloud.kabtop.de";
postgresName = "onlyoffice";
postgresHost = "localhost";
postgresUser = "onlyoffice";
postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
};
# services.onlyoffice = {
# enable = true;
# hostname = "docs.cloud.kabtop.de";
# postgresName = "onlyoffice";
# postgresHost = "localhost";
# postgresUser = "onlyoffice";
# postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
# jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
# };
services.redis = {
vmOverCommit = true;
@ -69,10 +73,11 @@
enableACME = true;
forceSSL = true;
};
"${config.services.onlyoffice.hostname}".listen = [ {
addr = "127.0.0.1"; port = 8080;
} ];
};
# "${config.services.onlyoffice.hostname}" = {
# enableACME = true;
# forceSSL = true;
# };
# };
};
age.secrets."services/nextcloud/dbpassFile" = {
@ -83,14 +88,14 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud";
};
age.secrets."services/nextcloud/onlyofficedb" = {
file = ../../../secrets/services/nextcloud/onlyofficedb.age;
owner = "onlyoffice";
};
age.secrets."services/nextcloud/onlyofficejwt" = {
file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
owner = "onlyoffice";
};
# age.secrets."services/nextcloud/onlyofficedb" = {
# file = ../../../secrets/services/nextcloud/onlyofficedb.age;
# owner = "onlyoffice";
# };
# age.secrets."services/nextcloud/onlyofficejwt" = {
# file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
# owner = "onlyoffice";
# };
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];

21
modules/services/server/postgresql.nix
View File

@ -5,9 +5,10 @@
{ config, lib, pkgs, ... }:
{
imports = [ ./postgresql_upgrade.nix ];
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
package = pkgs.postgresql_16;
settings = {
max_connections = 200;
listen_addresses = "localhost";
@ -20,15 +21,15 @@
timezone = "Europe/Berlin";
};
authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer
host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
local all postgres peer
host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
'';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
};

33
modules/services/server/postgresql_upgrade.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_16.withPackages (pp: [
# pp.plv8
]);
cfg = config.services.postgresql;
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

2
modules/shell/git.nix
View File

@ -16,7 +16,9 @@
};
extraConfig = {
gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
};
difftastic.enable = true;
};
};
}

20
modules/shell/tmux.nix
View File

@ -19,22 +19,22 @@
plugins = with pkgs.tmuxPlugins; [
yank
sidebar
{
# {
# plugin = dracula;
# extraConfig = "
# set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true
# ";
plugin = catppuccin;
extraConfig = "
set -g @catppuccin_flavour 'macchiato'
set -g @catppuccin_window_tabs_enabled 'on'
set -g @catppuccin_host 'on'
set -g @catppuccin_user 'on'
set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
";
}
# plugin = catppuccin;
# extraConfig = "
# set -g @catppuccin_flavour 'macchiato'
# set -g @catppuccin_window_tabs_enabled 'on'
# set -g @catppuccin_host 'on'
# set -g @catppuccin_user 'on'
# set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
# ";
# }
];
extraConfig = ''
set -g mouse on

7
modules/shell/zsh.nix
View File

@ -9,7 +9,7 @@
zsh = {
enable = true;
dotDir = ".config/zsh_nix";
enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true;
history.size = 10000;
@ -27,10 +27,6 @@
'';
initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit
@ -40,6 +36,7 @@
# Swag
pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
'';
};
};

7
modules/themes/.gitattributes vendored Normal file
View File

@ -0,0 +1,7 @@
nixos-wallpaper-catppuccin-mocha.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.src.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.png filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-binary-black.png filter=lfs diff=lfs merge=lfs -text
lockwall.jpg filter=lfs diff=lfs merge=lfs -text
nuka_col.jpg filter=lfs diff=lfs merge=lfs -text
wall.jpg filter=lfs diff=lfs merge=lfs -text

BIN
modules/themes/lockwall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 285 KiB

After

Width:  |  Height:  |  Size: 131 B

BIN
modules/themes/nix-wallpaper-binary-black.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.src.svg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.svg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nuka_col.jpg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/wall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

1
modules/themes/wall.jpg Symbolic link
View File

@ -0,0 +1 @@
nixos-wallpaper-catppuccin-mocha.svg
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

22
modules/wm/kde/default.nix
View File

@ -16,18 +16,20 @@
environment.systemPackages = with pkgs; [
flatpak
rocmPackages.clr.icd
rocmPackages.clr
clinfo
libsForQt5.discover
# rocmPackages.clr.icd
# rocmPackages.clr
# clinfo
kdePackages.discover
maliit-keyboard
maliit-framework
];
services = {
packagekit.enable = true;
xserver = {
enable = true;
desktopManager.plasma5.enable = true;
desktopManager.plasma6.enable = true;
# xserver = {
# enable = true;
# desktopManager.plasma5.enable = true;
# displayManager = {
# gdm.wayland = true;
# gdm.enable = true;
@ -41,8 +43,10 @@
# autoLogin.enable = true;
# autoLogin.user = "kabbone";
# };
};
# };
flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
udev.packages = with pkgs; [ gnome-settings-daemon ];
};
qt.platformTheme = "kde";
}

1
modules/wm/kde/home.nix
View File

@ -13,4 +13,5 @@
{ config, lib, pkgs, ... }:
{
}

9
modules/wm/steam/default.nix
View File

@ -22,7 +22,7 @@
enable = true;
user = "kabbone";
autoStart = true;
desktopSession = "plasmawayland";
desktopSession = "plasma";
};
devices.steamdeck = {
enable = true;
@ -30,10 +30,9 @@
decky-loader.enable = true;
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
hardware.graphics = {
enable = true;
enable32Bit = true;
};
environment.systemPackages = with pkgs; [

2
modules/wm/steam/home.nix
View File

@ -18,7 +18,7 @@
steam
jq
appimage-run
gnome.zenity
zenity
unzip
fuse
];

10
modules/wm/sway/default.nix
View File

@ -16,12 +16,6 @@
{
imports = [ ../waybar.nix ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment = {
loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
@ -41,6 +35,8 @@
rocmPackages.clr
clinfo
waybar
rot8
glib
];
};
@ -51,7 +47,7 @@
export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland";
export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland";

125
modules/wm/sway/home.nix
View File

@ -18,8 +18,9 @@
wayland.windowManager.sway = {
enable = true;
checkConfig = false;
config = rec {
menu = "${pkgs.bemenu}/bin/bemenu-run -m -1 --hf '#ffff00' --tf '#888888' --nf '#00ff40' --hb '#424242' | xargs ${pkgs.sway}/bin/swaymsg exec --";
menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons";
left = "m";
down = "n";
up = "e";
@ -30,8 +31,9 @@
input = {
"type:keyboard" = {
xkb_layout = "us";
xkb_variant = "altgr-intl";
xkb_layout = "us,de";
xkb_variant = "altgr-intl,";
xkb_options = "grp:win_space_toggle";
};
"type:touchpad" = {
tap = "enabled";
@ -59,7 +61,7 @@
};
"DP-3" = {
mode = "1920x1200";
pos = "2560,120";
pos = "2560,180";
};
#"eDP-1" = {
# mode = "1920x1080";
@ -86,11 +88,11 @@
};
startup = [
#{ command = "$HOME/.config/sway/scripts/2in1screen"; }
{ command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; }
{ command = "xrdb -load ~/.Xresources"; }
{ command = "gsettings set org.gnome.desktop.interface gtk-theme Arc"; }
{ command = "gsettings set org.gnome.desktop.interface icon-theme ePapirus"; }
{ command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
# { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; }
# { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{ command = "${pkgs.thunderbird}/bin/thunderbird"; }
{ command = "${pkgs.firefox}/bin/firefox"; }
@ -117,7 +119,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; }
{ command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; }
];
@ -154,27 +156,28 @@
"${alt}+Shift+${right}" = "move container to workspace next, workspace next";
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5 && ${config.cmds.notifications.volume}";
"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5 && ${config.cmds.notifications.volume}";
"XF86AudioMute" = "exec pulsemixer --toggle-mute && ${config.cmds.notifications.volume}";
#"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5";
#"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5";
#"XF86AudioMute" = "exec pulsemixer --toggle-mute";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5% && ${config.cmds.notifications.brightness}";
"XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5% && ${config.cmds.notifications.brightness}";
"XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop";
#XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
#XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
#XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
#XF86AudioPlay = "exec ~/.config/waybar/scripts/toggle-play";
#XF86AudioNext = "exec playerctl --player=spotify next";
#XF86AudioPrev = "exec playerctl --player=spotify previous";
# Sink volume raise optionally with --device
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
# Sink volume toggle mute
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
# Source volume toggle mute
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down";
"${mod}+${up}" = "focus up";
@ -238,12 +241,13 @@
export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland";
export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland";
export XDG_CURRENT_DESKTOP="sway";
export QT_QPA_PLATFORMTHEME="wayland-egl";
#export QT_QPA_PLATFORMTHEME="wayland-egl";
export QT_QPA_PLATFORMTHEME="qt6ct";
export GST_VAAPI_ALL_DRIVERS="1";
export GTK_THEME="Arc";
export _JAVA_AWT_WM_NONREPARENTING="1";
@ -261,7 +265,8 @@
'';
};
programs.swaylock = {
programs = {
swaylock = {
enable = true;
settings = {
color = "000000";
@ -269,19 +274,59 @@
indicator-caps-lock = true;
show-keyboard-layout = true;
};
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
};
};
services.swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
services = {
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
};
swayosd.enable = true;
};
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
}

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

8
secrets/secrets.nix
View File

@ -20,6 +20,7 @@ let
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
@ -58,6 +59,11 @@ let
];
buildServer = [
hades
kabtopci
dmz
];
homeServices = [
jupiter
dmz
];
in
@ -79,6 +85,8 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/vaultwarden/environment.age".publicKeys = homeServices ++ users;
"services/acme/opel-online.age".publicKeys = homeServices ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users;
}

BIN
secrets/services/acme/opel-online.age Normal file
View File

Binary file not shown.

42
secrets/services/coturn/static-auth.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ zATy64IKJIShLHyKMY1sbnZszJRSeI29TPS4ev5iTUU
2z31wYDfKiNvB1q59+9kDrf/Nz0F+7yrmubZDbvnKHY
-> ssh-ed25519 WiIaQQ 9EF6O0TiYpuUJdA4/G+bNz4KK1AgxP0dzlNYt7CYOmM
aYePtiAih/bctCvYqxCe4yNb1NQiyFhT+ES5N3siiyE
-> ssh-ed25519 neExcQ yMHHDZg+ZqoX3BGPI9Ruqbj051Ewsyxc207Ne0EJ6k0
LD+wq4I8s/Fc6znNE6WRMba0u1BU5Mi6VKcyBk6xTZo
-> ssh-ed25519 WiIaQQ KmHrRHx9vaSMaHUWcMZKRApR9KWntU07umf1mZekRQk
/wumFHGj1am02zQ4g4EaEEk2sCoWTkjSARTIUnPnFD8
-> ssh-rsa VtjGpQ
nohDiJNrLOH/errhtfFLk37ZLJrNI1zSzmJVpvimRw/2BwXxRkIF1VBiraxyKq2h
2rNRaUVnPDr4dlXJ4QA1mENHKUgfxqQuU3/+jeB+u3rFYCwDUDveXTCCkea1YNbr
OUzIewWGl3foSH9c0Plz1I4mltPLKTd0I58vqjwqfgykb1hcbWnKq/HV6J5Xt4sG
pZrp81PcLNSvhHDA3yMJRmStI9LdA9J80DxZUNYTO0PQRvoIHMQm2esSfY3hyTQf
HsKXp6/s2U2yrpNxpz/lAEUnU7nYyXydVRHfSFSoCQ2zZlrq6/r3zxRTHytmku1X
3afVCVtWCUppT3xTsXbuAOp4U5QAbvHTK7nhAoVCqRqbM04YUI1/NPiO71Z5sCv1
hqgjvj5QcG9bVK/s2j1/3G01Cu7nYAXm+CaIP7czVmzO1oEaxc1JIi+T8+qJdkyq
eUBDZr6pz7gMQjiqS5GL1u05Sg8u6sqgAevwK23RlEfI06y39ITOGSrUmGDKhoJS
UtAGC5X3mt38wnvGgdpv615lS60zEj0qalRaO/4qp89oXvPMRFEtj9E8bkh3FhdW
eBWrlUiBsVj1MV4X7zpF5d6pTQ3G3BflqScAtBAQCuRT+v5Uht6mvqMGm2Bm67xG
hSJUbQIguc/lPjivKLktus/VvzfHI+OFstnp/1nEgJI
-> piv-p256 grR75w A0UNAMZPvN+CVfAkfATkng21JIMY2WdEHW84FuelpETA
icFQQONKw8ocG1wbPDNTee6mN8p/zK8iw46pNHCmKfE
-> piv-p256 RQguQQ A6T6gAICcwfwIOalY482dZFo/z5LayDvSA0fU4lSMXNf
R9t1LmZATRTjb6HXOqFRm9bH0Yw/2VtCl3fvgT/B3hk
--- Vkw97f1ikkBGxKCqROgZNEHHsQU3aWbXRkVwnZYV6eg
íz½m[Áh°üäKràç¥iC)Q™²Û·jwh¨²zí/á0pöλ9ä<39>Áß<C381>%TòP©eà„MWŠÍ{<71>äÕ\”Mº#à:œkúÔ ¦$“aHJj• ®#3ì$
GBUmtcnkZ4tlQbsWArXcBEX+p7RAwFUeZ7QOteJ61/lDaKYOcYZPC298AI4eE5cE
jejlIO1Jh72eQCQ+ZniAdPO8caUWOXyAfXsk8Et8RCaodK0pt14JB/Ez+qHpZR2j
V9LC3xrlvWbyY21pnokQudSsu966Kmh27gAd1vyw+rAFpYSLhY6cL3oyiYNtZ0Nf
AgsGrCIJhWOKA7+PJPSxbPPosqB9nteRRxl7Hi3XIhu7oE0YCqVVihA908vdaq7G
pOIubfd6S7Aptj7xiXb/8oojhsglgISPyFHIPOZaIVXVtNqFxXhjFiJjdZuZ4gRS
hmaxAXd8UblKzYWIKDUnAwdn5tdixC+GrqdNit2s946Di7s5oe7BptP707XQK0WA
HXJuc/h3+8JAkQsPW0B9+XbeNtRAh9Uqcq3tadGqjwfgLKepebOoG3K0F3+simcr
bS3fgd1R92v8KyyXpKvgbilJQ2GBoxEqHTeMzqksp/6t/3s64tLEnrRhqcxyYz7P
fDs0IgezPFQ6ZKU2KMnheRiQrRD//9JINPnj+0PPL5PggyaDh4PwA67INrHwANl6
Rgh8QNBvom3E8gdYuBuCM75PewMZF9mSksLDYrYz9M9LB4YIvBxHKiW6PhugtTwM
fd3uSuaTfTEFgPtEuJUsQk3Q8+lZQpY4BtEDP27NqFI
-> piv-p256 grR75w A2dfNFLZpwdWZ4PkmeHpUdalrhHYehriPn23TC8V3mSW
N8IfOhaZdWspJ2GCJ8de0Yhe3Jv1BBA8Ep+Tpp/IFyk
-> piv-p256 RQguQQ As/Vu7wq9Y3gW8gJfxyi2b31e3A2ZswBPZ3KfShjDR5T
sE4kxCyTMm2fEvs/I3KpDt61S2vFv89/MgALO3RVsuQ
--- GnBuK/AhHklZlnoQXH6HGNZa/rqLWAOKpvbFK3IQnmU
Ümp9/ýÜŽ™µ·XŠ“'HnÉd´Òvdý ÅA[W8A;ê2¦uªqQT`,%]ï~íu<C3AD>¼.5<EFBFBD>Ía= Ž‡FÛÐnrc3ÿ&ô³!h·$ÔýJ2,iß'5îIJ™

42
secrets/services/gitea/databasePassword.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ KgT4VBcho24aIM89DkarhSFK7nVzO+RhCeneAy2CpDs
GbqbUKGBIStdJE4c5xiSh2DqZRE79Lamq1GBTCCq4WA
-> ssh-ed25519 WiIaQQ 65uPOBHtdHvEoQU3JuXHjYBJ9VqrcZen08ZtjXp0Lxk
ntWnzZ8MRKFU1oi4IoQ+QM0IAljc7n7jyt8tlq1AmsU
-> ssh-ed25519 neExcQ 0MlXHy8Yj2iYJlJmw6Oe4UOR6BIFU2kIR3BXQO8AKCw
LyPiwpyzO/j2eubVkCek2Z/WiD1H7PHkvQEboiHQVTo
-> ssh-ed25519 WiIaQQ aloTS20pXfbQ7oCsfmBrTYUB72w2I59u87nnhBExUBo
yEE8FnBRBvwhG/SMj5Aw4j4cJI5J4WA5catVpuvCmDw
-> ssh-rsa VtjGpQ
HLRsxvBPuG3is5o7iJSQuKRWLNq5H8kS9lir+vx5xfqA2u1/DLXexXBBhEVku0Oa
6lI2NV38gcJmwq4UHl1S+/3J2GO7Uz1Q8K6CjpwQSXNqaph1ECoal9RgQoW/rRKH
sn06G0RbSifQmLBMrmDcQ++47Q8p/acSABktLrZWG/X9Z+hixERY3USSxzmn1XrR
zu0JczXBpwx6D0a4w8ltCpgLmfeULd9H3NcOxE6TB8gSdquUMAIh4u9rUXmTxxC8
vQENrzFhI8rMt7cxqrwMk/3GznRjLjK8dEEyXEBJ4UF7xYRQgpmDs1mMEzgEaTY3
cgM12gybUHx0STRHmZosZjlMgRCO2OXwn3yHZ45dK79HTssSA5pidYlFkoMzj0Fo
0ci36GTX0yft6EYSaQqgfOYvsKeCrJnLNyz8ICEEywGBPfPl0ZT16EwXjpF01r1a
7ufNkJt5s/zEboVIN+HUs6wv7Lmsn1CJE+bFp8UQb6KBkeCnN6EVg6+DHMbasNsT
/ETB5wxk3G3CY33hwwrjecJcniLeiwdsopfpI9zfM4LbdWglfpzKZdGntH8gL/62
TtuVpGRgPObVTYyEOzYEfcazZ+VaB3ZRiRCjp4qmKQ/QchMmFsfoivhavn6f8uOM
NqItx4F5r8pGcOw8aaQqy43ddoODpw2OZqe/XbLSz4w
-> piv-p256 grR75w A+EFTA8TmAiISwJH0vbFk37aaZA/VNG+ZLZtRZmrgqrt
0yQqj1xWCOqlOsOwqn5wPgXQfBp7AfZ3gP5upaoC5lQ
-> piv-p256 RQguQQ AxrEGIZcdlK0Gpwy2qS/Tms/rbcZKrBV9PpAyIel5Q0/
Pmcu3HWl5j+b0Y3gHpIxhHBa4ONDrIrgUUbkU28wDjc
--- LGjJ7lP+MrLNSSgLvZMpMcuuifltQPChJK67XSDSkoQ
>rBÖ»'×i®;™-ÎÊX-vº"êpÉCsâ,ÔQüÙÒ­|ØôÌX¤¶eÏ2hÛÿ³>
DAW8WMsP0AprUaZsjQj+6hULe6a5yHKWKiqPw48lAG5QlLifVywQWRqQYW6vzqMW
Bym/HBfyuCKld/f1j2zvS1+0R8ytiBgnNSJCxeVUYdZalHZWOaA4oyfhdVDypx0L
B4cAcrwVxXhGj+OveC8U74MIrgiLLIeJl3ehcVjJqn81X+pLs3EtREUP8z3z2ftj
Mewnp8K4u+W+6cP1wosNrgxiQsVJOG1PST8aBhvNgW0wG4zQuA7LrSnvbSfVLL2k
KQx7VSZwMT4ssDa9M99Q2FzBdri7OXg2O2GBC369S0ybwVYuw6e5HD81i/v2BrXH
dv/PtBjBvIGh9lPqdnCgCOQU06M+k7XaUhXk87nYyCR4ED/z00YhABK3zH0t8ak4
nQH3BW30NHJr+GB9oj1EE+C22/BACmO6xAJ1JMMeWw9n8LlHLgOU3VnCyuM8XxEW
xFJ9nNfYV6KKfgNmXjhA2KklbqPylFB529CYe48No+5FiR2zJ4bPtAg9eozAXWqY
z2av829pQcN7UXLXNFvE/yYLyWgSr9N1IEPNHWrTLnxcY632Y2fw5qHNqwoq1mIc
nR2x6eFKBip7gvsflGrNYOFAuGGG387SeIPMCDAXtxNBigcARiqmxY7nZKGu2BjE
Rie9uh2nUyFyjDpZysIbJHv7ytpQynlKJ3QlFsUiqNY
-> piv-p256 grR75w A9t6aY5PQZC7GfUoC/HROg9wVOa//1HP6g6ZYcqZXlyd
5w/iIWI9PksH82frtWDC8Tp9aTb1te8EueKg8yIUrfo
-> piv-p256 RQguQQ A/dORaeED5xFpdFpysOly0X4LNm3xLBnSUZXK7ZzID+L
4xq+NX+dXdCZ8+53rZtQKAPizc8Zj4VT3achOO2cVrg
--- aPeSZYHncfegh3XGQl8hkGcnnLZArY80MyEmnO103oI
©@OÖ˜Ä uûµ:½hçÈøæ(Ð7C¤uçk¾ýw"ˆò°§ÌçÃ׊œ±˜Äy8ízáAº

BIN
secrets/services/gitea/homerunner-token.age
View File

Binary file not shown.

42
secrets/services/gitea/mailerPassword.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ VK6Rv+qIQyE/uui3sIxwHv6AudYA1Wi73pyy+7kZzAQ
5jX71FB1EbjmYsKO2SkcBT+qFg8pWZh95BVfSnhHioI
-> ssh-ed25519 WiIaQQ QWgxfYOT262jN8qOGY3lFX/hRQIbdVzzlgBxbMS0Uic
CndHYqkQ6emzOE9zmxjak6az/ZHPQEwdlZ66t3xlYcI
-> ssh-ed25519 neExcQ 23q0cea4QGcuckAJyGJ0s3DJ7Lp6vakxFYdXszDEShs
0GCmRPOWvOnDdY1yyoGy/dvZDgloBz1ILqww5/Riaqk
-> ssh-ed25519 WiIaQQ yVMIknaxSccjm0+OhvBZU4VPR5pAWN8l6WFWt1KlSXQ
G7ZaB4v/x3lB90eG/qlzIasgTdxOl9LNEAfKfkyp3/w
-> ssh-rsa VtjGpQ
eMKw7oWGIDmGptq793W4aJJgOpNhEf0ZjipbuGuUKfb6WKRlxc9i3ruhaWkTLXVx
efvyb9GxAtMp+jdL3RpyLP/T7SgoyGBPw63tlzCF8lL3Dyke5ahMpZHQEESYE8zS
/3brXwPlqmy/FbWj2/FbtNqvdfGrwCSr5nz0T+Pt9YgKFv1sw2R0M/FkTJzT4nLH
krK6UfXybEAbBzLzOpjKslP9HgPD8FhLDP7oB10Lvl1gSc1ueSId+U9Q+182Vyu9
r6iSVrbwxUpvx51a7i8W50FcE3wyMhH14u/g+Jurip8QJwuvDPFNACLfPptU6npW
ZZuEY/BOLruyjTwmuN+2k1qcfHDj9D8VNyNsBVG+jT8iCCv5PDbJVhpna1pCTn7T
Y5JSAvMvDUHV+XiKMmjbPVCiDbunzK5YVUfBqQIUovxgVhbnTjzzdBvnHbTP6nlk
JI9hZeRgHWllq5PnpOFMAAkZclUbMK/u+L6cnGQHmH1T9HrIwEnhXzH+ItLoQ8BG
CVhRllSGqkaT3Tn+d9qdvjJMuhzzYi2Ucb329tqv0rc2k28ooqo5PsPzdLTxB/Qj
f6vA55c9zPz/3GOkmSxvlnCphAtu2LKNLithjryhNZauQgjYiBPLVhk/2YNBCL3Z
8p89IlZYM35eglVmbjeQIUBW6zqjYypAIPpLeVTNSaA
-> piv-p256 grR75w A5OhROi/MtvU1un5l16VF8VRw0s4aboaj9nHhH3slGXw
NTh8IIXAMSMIw0fG6PlqnUj7bJCUtEDj9tIeHdFtRIY
-> piv-p256 RQguQQ A5wTuyxjwAfv/cayi+W9eIqopghCUXw1so+/k68UuP6u
kRhPizvslbAgcbplTJqCdtkN1srtf+zOm5JkmQPF8UY
--- PPX5yRfkFLr6msSev39e8hfwtw6YZF3GwWlb/ngg8zI
ˇ”úc&3/óńŢĶ÷€¶ŞăÄUŘřR '˶‡Q/%ČI&Ň* ÇŘ@ʲµć?<3F>Ĺ+•ĽśűHŢQ»(
Gz/gQCuoTNR92KpaW+5maMWbA/Fu/vVLVrLvVfHB/Q+qE7yxCNoIUVf+Nwkqll0N
SIKoDkq5OamxoezagvO9EVA0jyPpAdTP1oljiLjsX54OXLhT1Z25N+hC7lEe9MFj
QrPLXa3WoPJTPzoho2F+/bjGtUui4Dx/rFp950oUQXXYdAQBHn4HlLPTSkT/Gllb
e+nOtElJs9xK9y5lN9LuDXMKO2SBDHsqDzlrua7FCZZxV6BuyXqQtcJV7NAEWzST
fnTBx8g9mbRclcD5KhoPjmS80dNuYYGUa5aWLFkK3ZreMpETWKTaUr5Jmh9HhPod
ShXGCDuf2VlJw3ZerY2Afot3hrZG4+ZnY4gMqRrLaQt8IzmiMmeXtrj4xoI1wRDR
sVCXMloWuHRqsDXX20kP70xJYTpdD7At1TeZBw2TAVfisr3SsuqBm59yx+fS71Uh
xPOwuFvZ5BRaE6hb7oo0zUJjNFCqrPkRoS7SijkhHp/9MYnUyQA7d4E+kYtYqfqp
JSLWTrmbiXp29F56N7emB3ppwKMpTqS6/1BLy2GeztNnEQuJyu6aK0Lviw6q7Cp6
8vPSvtWT+itrQ1SS9IR1IHnoNHTEyYzLzxuqpYVIeOLDfcTasnzae7Q99xVDsaAB
A3G4O2xDkhQwqynXRWeWnVJYKqckJucV3aL7LisgSEU
-> piv-p256 grR75w AxDL4kLN0PD2FiB89JD9F0CLHFhV9QzpdOIxnKE0/Esa
mNQN7lyWhcod+UjaBQqw4n7CcNcNjpO0whbEERIrebQ
-> piv-p256 RQguQQ AzxUAebSDk66RwVBAMThJT8pBu3TpS5AaoGew3GbtfD9
WEgpjyadiul2G0dTusUsINNqZTAxYm3NCPZeOpBaw1A
--- p9jCZfnH8gEsLrgJnZnIcijG1YHBTQArzWCDE7JfYTc
4ÁÝʼñJì'?Åvnî ¹½¾“ú¢ŒBêÓ' !e(÷±©†üØ©I•Áߢo°šÑôû2H6ºú

BIN
secrets/services/gitea/serverrunner-token.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

42
secrets/services/nextcloud/adminpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ 1Q36CPPU8mtV8pUVRXwLzpI1TKMm7EOxAxJs1kL2qgA
fmyLUaIUCdtYTwGTrqk2hd7eo76yUHQ4Ibw/MkU97+g
-> ssh-ed25519 WiIaQQ IgScMwM3mciTSNeaDqHrIwwoLujX12deQV0JyY5gzlc
x/jigQ9wPlePVThUKDlRPwiExFcNwhTPC/xPyzNmMQ4
-> ssh-ed25519 neExcQ slNwdPIgpsABv0SgU39pUoudBMs7UAsCbdE3aDxCNh0
/HXJ6yQkBPp6bFY8B72f9gpQpele3wFmwZsMaFBE8uk
-> ssh-ed25519 WiIaQQ OUv7lcCQDvJo7fpchdQRwIbXQ4nG16gWgJWMSdSMMxM
rD2lYHGo4CQjJOqpD/n9pgPjsbIvGRNFiuWO0QFtyOE
-> ssh-rsa VtjGpQ
cPnxrm6WedO5mpFuV+nJrfjShosy+/b6rAJtezvcRX0AL1TvYcrmgb9KP/twl9Zn
4i0/pHNyuIHyfbaSBCwJ4A0BXRFjiGdILCyFYyhyy9vCQ95qSKwB64flC9x4nHjv
1hSKYPB7AORO94ZlglOWB4nfPSdFVjQ/SC9Cg2Mmu2ogBjWJYmKszj4IsFUz+w2o
eGtAwIv2605PewySUh+R4Hq6h81bTVVdLzjSRCUvI+hPl6hnFkLY/2dzS3gB6xns
HE4XJbCxw1ZA7E/isxR0J/saRbwWl3aakSxvCAr0V2kTge7zFeUpMK4gkJ9zMgp7
fE1nXnENjB30F0Bl/ezzwjnWr3CHiAdhIVC2/4+aYvv0jiMfSe1xSC1/4NzCz7SP
7wCKcl+r9nhoYFveNEjuWsA0ewHPSrVp841jXehHaHyCYQGW2LypiimJlRR8clVR
rSChmNCXT2zeOqSNSelnepZTmIYOlClPBTVzgCSKlBPZU4Vk3Q6jo66coMv7M34S
dryVB8W1BZff+sxdJ8g/vADEOXwaeQMa3ouDgfRyyUqzmHCcNPvQ07DiurW7AErH
s+WhlQs4SsmE2NsosCPDXBzQltpWeBXSEXj0RvGed1GDKpfSvJYeJpgfQ4HCrLNL
1Vi1Vays+GDchi3AyyCxf92IDBL5s3hvOSzhe6HAEXQ
-> piv-p256 grR75w AvtaPumdCDd8K9L3VZOusZGk9+3ubsIHMXFmr2RH/rZp
xc/G7gnADT1u/Q39tJxAJzwptyrl37UiMJM+4XDBYkQ
-> piv-p256 RQguQQ AvZ5YIW0l6YqEaJx3yxmppPjL//0JqsVyBh0zXIG2t2g
Ur4fiCVBKVhbYhJR0YyNM9/iia9iC651WJg2nOsU9m0
--- p6VHtNIncJMi5nNMyAg0uQS0fbtwxutG6D59pmOBilA
`×]ƒ@Æ”¡7Àê?Þ¯PP„-i8¯x½öZm2…J¥­gzefó
QgN54J0Py+EdO2LAup0PI3f1lDsuJHrxMCLt5+dfnCjSmPrWtGxOGf9Nw6SQWg0p
3TQ5Rew0jhedXJ/h/c0c95h9OYsnEjYqz14CRYAohngaSbFWiaLFrklg7hGcvTvb
9+MB0c+HtHoNtYVKYdgmzPXMPYBx/99Lc8Q24xvfSlGlGhl72S2CTu8us0daAZ1z
TnMLXZ9TKw/QtSS3+Wa5j6jrLyPD0M0biCBdRPR+4ho/t0AR/qQfXmCGZOf0kfe/
XtBRs/QQT+HAHOUo9wPR332yuUxu03jHpPrlhuP88ydcAjUccYvEndAnRyOv9sea
RuM8e0GDYRwpRNjPbAorG6PG+oJx7/t6z1OkVxRpRJQHTWJ6ntnMAd6ZhGNgRp8F
xIiXzPwGTEnyiRFOSTzxwX8XP25c9ft2Bpx2uYxUgS7af51NWZIorqJmWgQN49oJ
5DA8uBan3qQkr0jJzFwVKYYt4roIYEtrnH/snl5uNbpIhPfTy5/rg+Xrf0aRunpP
U9bpuJtBVgIAUXk5zLxhnMh43o2YYxCHN0cArU1wNLHcdaKogPGpT1sLCckwZ/3L
O/hxutVOmkJyNOAp9k0jV6zedWjhru/4v4Imov6BxDyLf3Hz2vnvwogYVgyl3TIr
Ir98D/CIp3i74VsUvVrZmo7joZcDhnAXlLPsb51I6qM
-> piv-p256 grR75w Ax4mmj6z8SvPKdHRz7H8O/he2R4f4tql+NXSMTvr9rZ4
EPyI4xcY1Nt/zZ/+XXVhUAt+aq3qEEk+kuuA1PbOPI4
-> piv-p256 RQguQQ A6ST+jiJS1R0QV1lw+IlMYnxXnTOLxyDfxpQZ/AWCKHB
henkAsW+enG7nY5Y7egcw6RezC0gdakjZGwH+KP6idA
--- Dlhmc48gY+BCXUhKQDRnlprdONlHDQ4tZf8BmZPsFKo
Ë ¼ú~ã]Äèzø‡O†ßífg*ëûB«v²€+iL¢!Ô

42
secrets/services/nextcloud/dbpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ 2VMKRZ/JdA/nu2wb81o2Q4kkqPBos0kFfYnqXRdOeW4
UdZIth6K27V0728kYE8gIp1amr/vK0RRwtipmfQ5unI
-> ssh-ed25519 WiIaQQ spn4qoX25kusHTZcn7bRwI79fSy2NGan2wjs4Xki71I
dxYbGs3khojyr6JxtyatZwJyNw3QHJQCpC7e8m4jZQU
-> ssh-ed25519 neExcQ x2yzu3clDgMKxl/uIVR9SYHPEcxJxQIEr12irpOQEjE
pnIlEK0y+8WuBrMv89pHk79ogHUaeEf/hamaF6U4SNw
-> ssh-ed25519 WiIaQQ KMjVolPcPvqAF2Thgjw9taDsEoBjHjR7+VnfoGkczV0
++VgMR0dZKqyyFv72qVa8j3zq6KPWWOFqdyJpmZZNCU
-> ssh-rsa VtjGpQ
aymF4Ra3PzP3An3Vvej2rFIbFTMJlxtkwIPlmGHrD7PtFVSODdedWG80uT5w5q5c
CpPCl+Ag+jwRmv5ZsVbfnzrYPJvWKyNWgakqDBtkITb9q8mIXiawlsyJ/5MWeodQ
6a/t3FUB/RShh/GJwrE8wPqzjfTPzGuzbTCLytvgwauJKlBFgMp8zRnVJbOONpky
xa9V8kGOK+vc+HpzuX4X4jQh63TwzD/xC3DPVR5NxwKUqjVAeAkkCiJ+6uGK3hKt
Ysm/Imo7s7ULAM+WZFRsnTec/ajGc2Z8jChJLy9tegi5meWIzEge1AXaDM5BY4cE
I17BjwOl1+/wPwWQtofI0WBj3mi/Fbbeqc1hv/NmMRi7Nm1BoEPRzHtUGHgnwMU9
nlLrjAByMEkjSr1bgCLHjfcA97eCzPnblI7j6k8Hf7kiobMQfQp1bBg9hLGL1vsY
0zVU20r6KPHvb4D0GQ/5r33RNdMHu9embyFQ4bD7UOZggeBRkEQ2cNjBhtP2j8kY
pEo5X+ns2fDaFmj6cqg+WoHGspdNFRRgxOfgo73bppx4IAwb3PWXTLQL/om4k8dq
XlpbfGKq1bFe863PV8IXKe/mRqR375Xlc+r05oRwsLaILYX8TcpMXdsaQFDbu7EG
vq1i9EvLk92/wnJa3GE+41qNYfxGtbMgFY7O6F9Ell8
-> piv-p256 grR75w A8qjnMe//3tjFQvrV2lMDkWncthrm5Iuk8YxIvhSNfE8
+BwFVAtF57xjwiDAxLInoJSnEofM2Ya6pMXdBzM4SUo
-> piv-p256 RQguQQ As1VJZg8Ev2C8QueWeV5Vd6ZUWYpqobQQRzf6F+rRjfw
JjK1lhDUDzZqH9xswbqvWYeQ5Mjw4/0IjIMr8ekzjWI
--- 2cbWkzuPlhE8N9NREMjjLtZJ7XXh9dJWvprgUfUilj0
V/GÝ ä}Ù]$œMzUƼ‰­ƒÈZ…éΤؠYzäÛûDð ;Â4=pÉ—æ°ÛÒÅý§½Œ
DXcSjBKsmYiWrC1JVaisJRe1lafR/rBcTT0EgD73SXouBqRk11XNiW8DfR1pvy9z
ZL4veUFu4QJjVyPZLOGy5naPD1Qw9FYCArkjmv336QU6DcpZk8LaOAZkmgpqncdX
g9nDp2HeZH7TUtUiYD14x66AQD12bTTjfWKzn7yGzJ+gx+iBTemlPI3pu+xcQ4CX
clTB6xvlPtuF+U9kJwomei9XIWgc/acAcIoYOvvdyjAcUYFuFvuojdzo0hwkxFGu
jlp0FFaigsffVTsO0mp20uiOseMHm1ZGIji2gGOGQBOESKgMn5E9cLibEjigg4hy
hJ6qn9DjNyi45QjGqkOKWJ+nzvKrzz++3sWwJJXuj+Ol+0n0t+RgT/LuSHkyskQT
B27GG07oCLk9iUVja2YQRmC46yts5lHkcZ193N1Ot9kGoK7VNQE29X80KSF2VSbW
+uE/47HwNGTBWb7LdZWRPoOykQu2V1vhcVNO/st+s67VyWZk9vugLSN9l3mldp5X
gvUAv0TZdhi9kwdSiz82l77VASBN3a/VN6XGOMqanaKaRsy2R9WGXxF50gUHn4/K
iRMj+22fJPfWpYBPUIohb2yDHQGRhVoY22Rlz1JYP+xfsORCq3GSHBk56fUCfmwi
H8ptQZHmgSC3dY/KigjH7VHcfrlDWctXrfl4jYgz/hQ
-> piv-p256 grR75w A6yTo6/3g7YB9D30JSCfzpIcloxhgnIFisWFexpfITfN
0nN62XqpQEsMhNnDhYNkXwTanQaaUvSAJZbvTRXxXvo
-> piv-p256 RQguQQ AttfR8uPYcFBqCkF2cvi1YCMMmAbRF6oMSLr5NL5UlbN
fcU5SJ7lwd9jAOwM5M5mC8/F1PW3yuRJMpNFyGQZhLU
--- wuqc2TNmM8N9Ibp4rR6tFKdT2G7E58cBJZ0RCf6nxEM
ŸÔEîöK8Œ±|gƒ KjYn‰Ø^™ßü)ý8£ïQÐÊ™§J lín 7í…,OÿX

BIN
secrets/services/nextcloud/onlyofficedb.age
View File

Binary file not shown.

42
secrets/services/nextcloud/onlyofficejwt.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 neExcQ wQihc4OfCtbCsVMxja89FESZRXUTJDE/hvw+AJr+6R4
GU7vl0vgRWBIrqt+JEG6pM+qR3dmvsbMluEA9Rkzt08
-> ssh-ed25519 WiIaQQ XOr2rknILxF4ASnuUwDd2RB0Y3Ejw7/KtVxhH/+WhQk
uTmdcFKgsQzVooHu9G6s0YNxc+bT7cn3a3ACbBuVSmQ
-> ssh-ed25519 neExcQ heR67WtUWEMq/A6BRfIkPMcb+hzVZabpWu8uukmuBFw
wTSODQfOvRcG33/y/dqEiJ4RNRsTYGXJtxBUQ6C+seo
-> ssh-ed25519 WiIaQQ QshckqSrByAPJIK5pDhVvLBQ16sGLTAAAYylhtlH4lU
1j3qPx/5yTFIxAmNjvD4gGFfp3HNUFO0jh57l+SV4kQ
-> ssh-rsa VtjGpQ
htPqO1lLJ8Jj4sQHjFj54IKbKMvjWozBDXAOP6lrHTx/SGw2ZHvii25gpOQqDmyt
mibl4M07h4O9aoUDp567lxsoTj+3daR6mTueJvijuH0wkR5pnW62zYYmrhzclHQc
RLUeHvjB+ahQVAjkiUWpyAZM3Xq+9b3ZwCXcKTbi6/BMygtHrMWghBHlb1xd8aEb
HcGpmmnV8P54li7DRfxUqMNnj6s+DwaXEfOTFcuLLKdFe+r657GUlc5CvrMXLpRb
n15LEViYevuoCoRQrP48ugoup/NjkgtLmeAVUHiLmMKHjdt46aBUfzOYK9LOt0M6
Dxq/HbpheGk03xqbrLKbhlSWazZv/d8aReZOwn9DzYgQl7uBrZBP6JQjDYYD4v1W
KIa4JbePdS3fq0W3eQAmrMaQsIILt9Rx+maiQevSqXC4XfwqL7vJv+f2ALzzraWo
a+CRUCBkLQsUk1mUg7gqYwiXE+CKQTq1Ceybqj55bwRurEms0MXcWbU6qFHqOBwj
qSu1oWADGpkPeOVyIuX9MJ3CyBJdwWjrZZ2LCBt4TRyabOCu59ax/Pe3HrDdFiQl
XKzEWPrW3zof60lwrKge1gbLdlo4WNAWaeAXmn92+4jWMGGZmyJqP/EgtcsgmgOY
sKF3YEwAFxyqDO+HmOYfAGWuHcEqIClPihZo/jjIZJ8
-> piv-p256 grR75w A1IUhaxTkmOz6CRRv3KGmaV4yFrtMx7hsU01K7hgcrja
aQWWXvSRPWH1ox7KO6OBkXkRLhhNS8MlGAsNeC6YkQo
-> piv-p256 RQguQQ A9jxpWPKd3wVyj5/pXJ+/gMI3gyrbSX4Zd6qsn+lnFvb
Xl/OLEjlON/h7PhtxJmiWvXkqQHlb5f04LNhDhwMtU4
--- z7ivhlW080Adr8qVDEUQ9fpBahUiCuFQ8+xEUivoHxk
r<EFBFBD>@£öïG±gð§l6Õu™åÃFC9Òm ”vn½¥'«ª &$ëцÍ{AlÉÉô
G7DGz5AGsyy4qgRTvaSQNKJSsJkLayNzmhMjSVI2aXCVWZuVJy0r/IC8cmXvcbFd
ejjTf6Qh1tsFnotoR5whgrhmkG/0IcAokLSFXNyYj4NlW/CwsYEVDoEt09KmnIRA
X6wPqxpDAqs36rcUBQJC4jj/HIgAJwswaVgcoC9S6UBs3H/skFkjczbNM2HKoxzF
UtUUxaXZ3UFF78/rpk5h7lYWteN1FFjeZyOKwSbtYloq5eMlAe0yHnGFo5SPuHZu
QG9O7RJi9y/TnZy9G86HIpIQjZQ9dYW4r139Pb51Fxun3D3nV9eeC7y0RMS3YSAU
0kK22ZjhTq7ZiiRqjM8KjyNMOLTXmzUHdKA7B7JLuYCfDyxj/wszXZuAfC+PXP+D
1YRUErQogn0lPCPXPclwEcYea7Cd6R+2OIpd2TQ5ROIV2FXrpA4EY7Up6ICk7eZf
HoFqbDLD98JjLCMGyEjfG6/UHckBjAeQSR+7k1f/L+NO3IWfH5ud7TWzJNrlqDWJ
Y6zvtQ31kkZNfQNgPHL9l/c7/1IWQFtcJ3fzDwE/hd+93OA5RoYutZw7lG3q6EGk
wPH6pZt+O7/7CtWJz9J4YvT6zE1DYmEobHYRrKzo7II9mdlWSIsu9KjFFt4qdsDN
HtVQJwFwiL9YPw8y7Z1Aalmo/0zTdwosjzBzl0eU9vQ
-> piv-p256 grR75w A3alWLHjgQN2quTfwIXc5xN+5jZowaN2Jkuf666CZt5P
gz0a64iDAI5Y3gpjra2zUIAqGgNh2IJQU4u10TxfOIU
-> piv-p256 RQguQQ AoJJolmpdp0pEYduyAT5YHiLu3a5yELTvHCb2B1gK+RW
/HF293f3uch4lwcHvc0U86BpkUdrDot5GWy6XmSEfnY
--- i0ABQSL1xJRh+baGUX/gfuvwM45jfHK7OP9uKReNwX4
aÖ°gÓÌï>Ä莠Å&<26>ñ”{4¤/˜œ#¨Öœq¾Öãƒ"Ð8RÇmÐÍÀ¬œ{¦$; ¢6#øÂû

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/vaultwarden/environment.age Normal file
View File

Binary file not shown.

18
systemSettings.nix Normal file
View File

@ -0,0 +1,18 @@
# options for systemsettings
{ pkgs, lib, config, ... }:
{
options = {
systemSettings.enable = lib.mkEnableOption "enables standard systemsettings";
};
config = lib.mkIf config.systemSettings.enable {
system = lib.mkDefault "x86_64-linux";
profile = lib.mkDefault "personal";
timezone = "Europe/Berlin";
locale = "en_US.UTF-8";
bootMode = lib.mkDefault "uefi";
bootMountPath = "/boot";
};
}