Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:f04ac980d982bd3433df6ab5ab8ae5045e0d4234
Branches Tags
Kabbone:main Kabbone:refactor
...
compare: Kabbone:refactor
Branches Tags
Kabbone:main Kabbone:refactor

251 Commits
f04ac980d9 ... refactor

Author SHA1 Message Date
Kabbone
0249d17ac1 restructure desktop/wm and remove nur 2024-05-19 17:57:35 +02:00
Kabbone
a3f253bd53 flake update 2024-05-09 21:28:57 +02:00
Kabbone
034bc1e4e0 flake add hydraJobs 2024-05-05 20:12:39 +02:00
Kabbone
bd07e688fc flake add hydraJobs 2024-05-05 20:09:55 +02:00
Kabbone
32133438d9 flake add hydraJobs 2024-05-05 20:09:02 +02:00
Kabbone
d95cca9908 flake add hydraJobs 2024-05-05 20:05:19 +02:00
Kabbone
6f278377d7 flake add hydraJobs 2024-05-05 20:04:01 +02:00
Kabbone
731e4e33c5 flake add hydraJobs 2024-05-05 20:02:15 +02:00
Kabbone
bca0dddb1f flake add hydraJobs 2024-05-05 20:01:08 +02:00
Kabbone
b88a5b9a2a flake add hydraJobs 2024-05-05 19:58:51 +02:00
Kabbone
f864f543b8 hosts: dmz: enable hydra 2024-05-05 19:39:35 +02:00
Kabbone
941276e83f flake update lanzaboote to master 2024-05-03 14:51:11 +02:00
Kabbone
f54df874d4 flake update, lanzaboote to master 2024-05-02 15:29:56 +02:00
Kabbone
a83c214180 flake update 2024-05-02 14:18:50 +02:00
Kabbone
8e7629da2e font: try cascadia code 2024-05-02 14:16:25 +02:00
Kabbone
941e8a5dca remoteClient enable Client again 2024-05-02 11:38:40 +02:00
Kabbone
522966f808 virtualisation: typo kvm module import 2024-05-02 10:13:43 +02:00
Kabbone
62acac7285 virtualisation: restructure kvm module options and enable libvirt by default 2024-05-02 09:56:41 +02:00
Kabbone
08aa2cd458 hosts: nasbak: add bypass workqueue 2024-05-02 09:46:49 +02:00
Kabbone
d65b9b558d hosts: nasbak: change name to match hostname 2024-05-01 16:16:33 +02:00
Kabbone
64545e3086 flake update 2024-04-30 22:01:00 +02:00
Kabbone
02267d4825 hosts: server: change to kabtop 2024-04-21 15:06:42 +02:00
Kabbone
0a0ba2b5a1 flake update 2024-04-20 19:09:16 +02:00
Kabbone
1f7f453fc3 nvim: initial config 2024-04-20 19:09:03 +02:00
Kabbone
a667691f49 hosts: steamdeck: disable luks workqueue 2024-04-20 14:17:30 +02:00
Kabbone
d296306cb6 hosts: steamdeck: remove wireplumber overwrite 2024-04-20 13:08:38 +02:00
Kabbone
b1574ab9e1 flake update 2024-04-20 13:08:03 +02:00
Kabbone
55b518345b remoteClient change to extra-* 2024-04-20 13:06:33 +02:00
Kabbone
b4892083e8 flake update 2024-04-19 20:49:30 +02:00
Kabbone
8d4d1e4be8 service: ollama + open-webui 2024-04-14 21:04:25 +02:00
Kabbone
653476ec32 service: fail2ban gitea match 2024-04-14 21:03:59 +02:00
Kabbone
949691b4c2 secrets: rekey 2024-04-13 13:58:47 +02:00
Kabbone
ed60b8cc2b hosts: dmz: remove testpassword 2024-04-13 12:01:09 +02:00
Kabbone
9ee26c983e hosts: server: fix gitea runner 2024-04-13 12:00:44 +02:00
Kabbone
21ecad4db0 hosts: dmz: get gitea runner working 2024-04-13 11:45:52 +02:00
Kabbone
a77d2243bf flake update 2024-04-13 09:19:33 +02:00
Kabbone
51b596ea83 service: gitea register 2024-04-07 13:47:49 +02:00
Kabbone
909e2bb494 service: gitea register 2024-04-07 09:32:27 +02:00
Kabbone
ff56f1d4ab service: gitea register 2024-04-07 09:29:48 +02:00
Kabbone
a86dbd6253 service: gitea register 2024-04-06 19:33:10 +02:00
Kabbone
c285b75264 service: gitea register 2024-04-06 18:19:59 +02:00
Kabbone
893d31d52c server: add ollama 2024-04-06 08:39:22 +02:00
Kabbone
7bdc00290e server2: enable virt 2024-04-02 12:01:34 +02:00
Kabbone
b70620ae99 secrets: rekey 2024-04-02 12:01:02 +02:00
Kabbone
62ac639d08 hosts: server: fix initial mistakes and add pub 2024-04-02 11:49:46 +02:00
Kabbone
9de2d29400 hosts: add server_big prototype 2024-04-01 15:45:28 +02:00
Kabbone
a0d72f98b9 hosts: server: add direnv 2024-04-01 14:03:45 +02:00
Kabbone
fa778a6040 hosts: remove channel autoupdate 2024-04-01 13:42:23 +02:00
Kabbone
3b886aa6ad hosts: typo autoupdate 2024-04-01 11:59:22 +02:00
Kabbone
2277c363dd flake update 2024-04-01 11:51:36 +02:00
Kabbone
d31042fef5 steamdeck: override wireplumber to nixpkgs to fix bt headset 2024-04-01 11:51:23 +02:00
Kabbone
edb0ca235e hosts: steamdeck: disable autoupgrade for now and wifi powersave 2024-03-28 22:24:16 +01:00
Kabbone
db3a1d9ee9 hosts: add autoupdate with git flake 2024-03-24 21:28:00 +01:00
Kabbone
f3388b4dbf remoteClient disable distributed builds and remove substituter 2024-03-24 17:17:05 +01:00
Kabbone
5b63ced9e5 steamdeck: remove yuzu, disable remoteClient 2024-03-24 09:51:10 +01:00
Kabbone
2a17f98a00 server: gitea: disable dump 2024-03-24 09:49:51 +01:00
Kabbone
77bba122a5 flake update 2024-03-23 10:55:42 +01:00
Kabbone
e1168e2a77 flake update 2024-03-15 18:24:02 +01:00
Kabbone
df5fecb899 remoteClient uses user@fqdn 2024-03-09 12:08:44 +01:00
Kabbone
a574bcf8fe flake update 2024-03-09 12:08:06 +01:00
Kabbone
f7ef0aff13 steamdeck: add yuzu 2024-03-06 22:52:28 +01:00
Kabbone
b1e9a4fb94 flake update 2024-03-06 18:59:24 +01:00
Kabbone
32e7e7eb02 nix flake stick to default input 2024-03-03 17:01:07 +01:00
Kabbone
438717fdf2 remote Builder with default as backup 2024-03-03 15:17:58 +01:00
Kabbone
e6b35bfc2a flake update 2024-03-02 21:10:11 +01:00
Kabbone
aaff72d9f0 nasbak: correct btrbk target 2024-02-29 12:54:30 +01:00
Kabbone
8c6d79ca6f nasbak: change to 2.5 raid1 2024-02-25 20:36:58 +01:00
Kabbone
d3101d88c9 steamdeck: use valve kernel 2024-02-25 08:12:49 +01:00
Kabbone
80178917bb desktop/steamdeck: enable secureboot 2024-02-25 08:09:17 +01:00
Kabbone
e51e3095a1 add btop globaly 2024-02-25 08:08:48 +01:00
Kabbone
37547460ff flake update 2024-02-24 12:42:18 +01:00
Kabbone
10f2f33cae server: local user for onlyoffice 2024-02-18 13:53:25 +01:00
Kabbone
7b0cfb5dfa add token for onlyoffice 2024-02-18 13:50:50 +01:00
Kabbone
98320fd0bd increase postgresql buffers 2024-02-18 11:26:33 +01:00
Kabbone
e6d6049c08 clean up db's 2024-02-18 10:18:03 +01:00
Kabbone
b4e573b9f2 update postresq to 15 2024-02-18 09:34:50 +01:00
Kabbone
dab2e8b0ac flake update 2024-02-12 19:49:16 +01:00
Kabbone
ef91ffd016 server: typo 2024-02-12 12:40:32 +01:00
Kabbone
10c0d47c79 server: forgot ; 2024-02-12 12:37:31 +01:00
Kabbone
b37e0cdda5 server: tweak postgresql to more caching 2024-02-12 12:34:15 +01:00
Kabbone
f750968224 server: disable jitsi, add acme to nextcloud, add office 2024-02-12 12:25:27 +01:00
Kabbone
88c2a62223 desktop: add docker alias and hotkey for sway next workspace 2024-02-11 19:47:19 +01:00
Kabbone
9ed74e74d2 flake update 2024-02-06 21:13:22 +01:00
Kabbone
ab8ad96c3e flake update 2024-02-01 22:36:50 +01:00
Kabbone
04ae6d8317 hosts: server: make runner persistent 2024-01-21 14:24:41 +01:00
Kabbone
557aa480ee hosts: server: make runner persistent 2024-01-21 14:16:39 +01:00
Kabbone
853ee2a917 hosts: server: switch runner to user networking 2024-01-21 14:01:57 +01:00
Kabbone
4a876f27d3 hosts: server: microvm nat 2024-01-21 09:54:32 +01:00
Kabbone
f4eb08097a hosts: server: serverrunner fixups 2024-01-20 17:28:56 +01:00
Kabbone
1ff3ab8af9 hosts: server: get runner up and running 2024-01-20 17:09:55 +01:00
Kabbone
fc026c4157 hosts: dmz: make microvm host persistant 2024-01-20 12:02:32 +01:00
Kabbone
e2f0c80e31 hosts: dmz: work on microvm 2024-01-18 17:42:23 +01:00
Kabbone
747a9abd01 hosts: remove not used hosts 2024-01-17 17:36:43 +01:00
Kabbone
c3ff05b262 flake: add k900 cachix for steamdeck 2024-01-17 17:35:46 +01:00
Kabbone
9fea252f2c hosts: server: enable postgres for onlyoffice 2024-01-13 12:25:14 +01:00
Kabbone
5f925a20a4 hosts: server: enable onlyoffice 2024-01-13 11:52:57 +01:00
Kabbone
7123d72902 hosts: desktop: fix swaylock config 2024-01-13 11:52:35 +01:00
Kabbone
8a5ad571bc flake update 2024-01-13 11:51:40 +01:00
Kabbone
21386d4a63 hosts: server: redis adjustments fix 2024-01-06 11:37:25 +01:00
Kabbone
ec7c4cc55b hosts: desktop: add freecad and gnvim 2024-01-06 11:19:07 +01:00
Kabbone
fb04e18343 flake update 2024-01-06 11:18:26 +01:00
Kabbone
69c050bef6 hosts: server: turn and redis adjustments 2023-12-29 10:19:20 +01:00
Kabbone
05ac2e175c flake update 2023-12-29 09:46:43 +01:00
Kabbone
89c5878f9f hosts: jupiter: move nas to zeus 2023-12-29 09:45:00 +01:00
Kabbone
ac8178476e flake update 2023-12-27 07:51:05 +01:00
Kabbone
fff7506433 hosts: steamdeck: make sdcard automount with udev 2023-12-27 07:49:24 +01:00
Kabbone
89eb52b102 hosts: steamdeck: disable blueman 2023-12-27 07:43:00 +01:00
Kabbone
5b810ae614 flake update 2023-12-27 07:39:15 +01:00
Kabbone
1466895a1e hosts: steamdeck: fix luks hardware-config 2023-12-21 11:32:23 +01:00
Kabbone
2aa2c10ff2 flake update 2023-12-21 11:31:03 +01:00
Kabbone
2171e29570 secrets: rekey 2023-12-20 19:37:04 +01:00
Kabbone
bc8c07914a hosts: steamdeck: correct nixpkgs to unstable 2023-12-20 17:04:17 +01:00
Kabbone
1cd51d2034 disko: fix labels and config 2023-12-20 14:02:15 +01:00
Kabbone
a965485be6 disko: README fixup 2023-12-20 11:46:24 +01:00
Kabbone
785c95e52c disko: README fixup 2023-12-20 11:45:24 +01:00
Kabbone
ab8c079ef5 disko: README fixup 2023-12-20 11:43:17 +01:00
Kabbone
616b1154a4 disko: add initial config 2023-12-20 11:36:49 +01:00
Kabbone
38c4f44dc5 flake update 2023-12-19 16:05:53 +01:00
Kabbone
3c0089c26f hosts: rearrange order in hosts 2023-12-19 16:05:48 +01:00
Kabbone
b7a5d90616 hosts: laptop: add missing zsh 2023-12-19 16:05:44 +01:00
Kabbone
3bb1e6c8fe hosts: laptop: enable fido unlock 2023-12-18 16:00:19 +01:00
Kabbone
7dece1e338 flake update 2023-12-16 11:59:35 +01:00
Kabbone
883522adf5 hosts: steamdeck: switch to unstable 2023-12-16 11:58:44 +01:00
Kabbone
c018da4b11 remove remoteClient and steamdeck module fix 2023-12-15 22:08:12 +01:00
Kabbone
ba41252e6f flake update 2023-12-12 21:45:05 +01:00
Kabbone
5370c7eaf1 secrets: rekey 2023-12-09 17:12:25 +01:00
Kabbone
09cdbad9ab apps: desktop: switch from superslicer to prusaslicer 2023-12-09 15:04:00 +01:00
Kabbone
100e491bfb tag home manager to 23.11 2023-12-09 15:03:27 +01:00
Kabbone
93bde6beca flake update and move to stable 2023-12-09 10:23:27 +01:00
Kabbone
3168ec01b9 hosts: desktop: disable mdns and set new monitor setup 2023-12-03 09:00:00 +01:00
Kabbone
9aef89016d flake update 2023-12-03 08:59:28 +01:00
Kabbone
cace245e16 flake update 2023-11-23 21:59:31 +01:00
Kabbone
e16d4b5af7 server: fail2ban: use default bantime 2023-11-23 21:56:20 +01:00
Kabbone
0d17cf5cde hosts: server: add qemu agent 2023-11-23 21:54:55 +01:00
Kabbone
f64deda645 flake update 2023-11-22 22:05:14 +01:00
Kabbone
39e710b4d9 desktop: move to ADATA nvme 2023-11-19 14:14:52 +01:00
Kabbone
1f5a4bbebb flake update 2023-11-18 11:26:11 +01:00
Kabbone
b705237cb4 flake update 2023-11-12 10:33:02 +01:00
Kabbone
264ff86a68 flake update 2023-11-05 19:26:49 +01:00
Kabbone
4ca6bd329e hosts: nasbak: add scrub for raid 2023-10-29 11:08:50 +01:00
Kabbone
795ff8a1b1 hosts: nasbak: finish nas remote btrbk 2023-10-29 11:07:01 +01:00
Kabbone
21376db87b hosts: nasbak: add remote btrbk 2023-10-29 09:46:49 +01:00
Kabbone
91f8856a97 hosts: nasbak: mount hdds 2023-10-28 14:24:22 +02:00
Kabbone
771b59ea2d hosts: nasbak: small corrections 2023-10-28 13:46:33 +02:00
Kabbone
4182e1e771 hosts: nasbak: add initial 2023-10-28 11:39:27 +02:00
Kabbone
efbb07a9a4 flake update 2023-10-28 11:39:08 +02:00
Kabbone
c7bfedf54c hosts: dmz: work on microvm 2023-10-22 10:59:34 +02:00
Kabbone
dd4e018dcd apps: server: remove unsafe ciphers on nextcloud 2023-10-22 10:58:54 +02:00
Kabbone
5ba80a058f flake update 2023-10-20 20:10:17 +02:00
Kabbone
eaf2cf1973 hosts: dmz: add gitea-runner in microvm 2023-10-16 17:05:17 +02:00
Kabbone
82bfe68ae4 secrets: rekey and add gitea-runner 2023-10-16 17:04:51 +02:00
Kabbone
9cee80bed2 hosts: add dmz, cleanups 2023-10-16 10:33:47 +02:00
Kabbone
5dc2c8a98b hosts: server: disable swap 2023-10-16 09:29:14 +02:00
Kabbone
0de3dcea8d flake update 2023-10-15 08:47:04 +02:00
Kabbone
ef0dcce895 virtualisation: disable libvirt 2023-10-15 08:40:09 +02:00
Kabbone
c4dc2c17d5 microvm initial try definition 
microvm first running version

microvm first running version
 2023-10-15 08:38:51 +02:00
Kabbone
1186bdfc33 flake update 2023-10-14 23:12:19 +02:00
Kabbone
a71c960ef5 hosts: desktop: move to systemd-networkd 2023-10-09 15:29:24 +02:00
Kabbone
0ecbf4169c hosts: desktop: move to systemd-networkd 2023-10-09 15:18:59 +02:00
Kabbone
7a43ba3cfb flake update 2023-10-09 15:18:35 +02:00
Kabbone
105727bc3e flake update 2023-10-06 21:57:10 +02:00
Kabbone
501f70f730 hosts: *: sign remote builds and serve cache 2023-10-02 16:56:03 +02:00
Kabbone
9d3d9d9a16 hosts: desktop: make gpg keys work again 2023-10-02 16:51:25 +02:00
Kabbone
015f316640 hosts: steamdeck: update Pluto host 2023-10-02 10:25:09 +02:00
Kabbone
baa93638e6 flake update 2023-10-02 10:24:45 +02:00
Kabbone
a54f8fbbaa hosts: jupiter: move all nas to jupiter 2023-10-01 20:24:46 +02:00
Kabbone
405a67f440 agenix: rekey 2023-10-01 12:20:20 +02:00
Kabbone
b6131cd574 hosts: jupiter: smaller fixes after move 2023-10-01 10:33:50 +02:00
Kabbone
b42a36ec8e hosts: jupiter: change to vm 2023-10-01 09:22:19 +02:00
Kabbone
8453d4b06d hosts: desktop: add openrgb 2023-10-01 09:21:34 +02:00
Kabbone
367575f03e flake update 2023-09-29 20:18:55 +02:00
Kabbone
71b0244fb7 hosts: *: fix typos remoteClient/Builder 2023-09-23 21:30:52 +02:00
Kabbone
a4debe09ee hosts: *: intial try remoteBuilder 2023-09-23 21:19:53 +02:00
Kabbone
1402e6a7be hosts: steamdeck: add decky 2023-09-23 09:20:32 +02:00
Kabbone
5153fb8150 hosts: *: remove tmpfs and add swap 2023-09-23 09:19:56 +02:00
Kabbone
00f3044fdd flake update 2023-09-22 19:28:20 +02:00
Kabbone
9be97a42d4 remove nfs patch 2023-09-22 19:28:04 +02:00
Kabbone
afd2b6a63d desktop: update StateVersion 2023-09-22 19:22:54 +02:00
Kabbone
a10dfba82d desktop: no more tmpfs and add swap 2023-09-22 19:22:19 +02:00
Kabbone
b72a3eb24c flake update 2023-09-20 20:50:25 +02:00
Kabbone
8f459e4b4d flake update 2023-09-17 21:51:47 +02:00
Kabbone
33facf56ae server: signal: update config 2023-09-10 10:20:10 +02:00
Kabbone
93242544c1 server: signal: update config 2023-09-10 10:18:16 +02:00
Kabbone
68a33aff9a hosts: jupiter: fix btrbk subvolume 2023-09-10 09:36:07 +02:00
Kabbone
ec712e37b8 hosts: steamdeck: remove wrong packages 2023-09-10 08:55:23 +02:00
Kabbone
7d0f66c92f hosts: nas: fix typo of subvolume 2023-09-10 08:47:37 +02:00
Kabbone
1c3a85a1b6 hosts: desktop add cpupower 2023-09-09 21:41:16 +02:00
Kabbone
ab178ae221 flake update 2023-09-09 21:40:58 +02:00
Kabbone
cc62417941 hosts: nas: move Mars to Jupiter 2023-09-03 19:39:29 +02:00
Kabbone
389d5d8daa hosts: jupiter: update network 2023-09-03 14:07:45 +02:00
Kabbone
db58615f92 flake update 2023-09-03 10:19:10 +02:00
Kabbone
4b4a2016e9 jupiter: add initial config 2023-09-03 10:18:04 +02:00
Kabbone
64b40a0832 desktop: cleanup home.nix 2023-09-03 10:17:38 +02:00
Kabbone
60b7ce48fa desktop: add some fonts 2023-09-03 10:17:20 +02:00
Kabbone
f87d29a23a hosts: steamdeck: add some jovian packages 2023-08-27 19:34:48 +02:00
Kabbone
be3e694fe4 server: nextcloud: add appimage for CODE 2023-08-27 19:04:20 +02:00
Kabbone
299493e0ac hosts: steamdeck: no gdm anymore, all jovian based 2023-08-26 17:19:02 +02:00
Kabbone
2d70998755 flake update 2023-08-26 06:44:11 +02:00
Kabbone
01ef66664d flake update 2023-08-03 21:26:51 +02:00
Kabbone
1333d68bc5 hosts: steamdeck: move some packages from kde module to steam home 2023-08-03 21:18:34 +02:00
Kabbone
7e13e02158 flake update 2023-07-31 21:59:55 +02:00
Kabbone
35d1da3daa apps: add steam 2023-07-31 21:59:41 +02:00
Kabbone
7e3715a646 hosts: steamdeck: move to kde but stick to gdm 2023-07-31 21:51:19 +02:00
Kabbone
ca422d00ea hosts: steamdeck: add microsof-edge for cloud gaming 2023-07-30 10:26:29 +02:00
Kabbone
40f7484491 hosts: steamdeck: change gdm settings and declare gnome dock 2023-07-30 10:11:02 +02:00
Kabbone
c69a0b3a0f flake update config 2023-07-29 16:36:13 +02:00
Kabbone
17968474dd server: nextcloud: update to 27 2023-07-29 16:18:11 +02:00
Kabbone
2eab6afe7d flake update 2023-07-29 16:11:36 +02:00
Kabbone
6ac7e64e2d hosts: steamdeck: working steam autostart 2023-07-29 10:07:50 +02:00
Kabbone
866576959b hosts: steamdeck: prepare gnome gdm 2023-07-29 08:59:44 +02:00
Kabbone
8e61ea6503 hosts: steamdeck: separate gnome and steam config 2023-07-27 21:44:27 +02:00
Kabbone
0b304408b3 flake: restrict nix access 2023-07-27 21:37:38 +02:00
Kabbone
b404639e76 hosts: steamdeck: disable gnome for now 2023-07-27 21:28:57 +02:00
Kabbone
b70dcfb5d0 apps: remove superslicer for now, building error 2023-07-27 21:28:19 +02:00
Kabbone
5e4e2401c8 flake update 2023-07-27 21:27:21 +02:00
Kabbone
3d43581d6b hosts: steamdeck: first running gnome config 2023-07-27 21:26:41 +02:00
Kabbone
f53f2b1265 flake: restrict nix access 2023-07-25 17:26:04 +02:00
Kabbone
3c4d801b71 hosts: steamdeck: add initial config 2023-07-23 20:12:02 +02:00
Kabbone
0df6e3313a flake update 2023-07-23 20:11:48 +02:00
Kabbone
f72a2e8b47 flake update 2023-07-21 22:08:30 +02:00
Kabbone
7442cb7b95 hosts: steamdeck: add initial config 2023-07-21 22:07:21 +02:00
Kabbone
19b91aebd9 flake: remove hyprland since it's in nixpkgs now 2023-07-21 21:27:26 +02:00
Kabbone
e039610163 flake update 2023-07-15 21:13:10 +02:00
Kabbone
22ccf29a23 server: matrix: expose health endpoint 2023-07-08 14:34:53 +02:00
Kabbone
4f2c100a8c apps: add direnv pkg and load in zsh 2023-07-07 10:57:02 +02:00
Kabbone
1a9de5ff26 flake update 2023-07-07 10:56:20 +02:00
Kabbone
29522eb9f6 flake update stable to 2305 2023-07-07 10:56:04 +02:00
Kabbone
09657205b5 server: fail2ban: rename extraSettings 2023-07-05 12:01:25 +02:00
Kabbone
ebd785c400 apps: vscode: add vscodium with extensions 2023-07-05 11:58:10 +02:00
Kabbone
3f9b7f88c0 flake update 2023-07-05 11:57:38 +02:00
Kabbone
eb78dfe62e flake update zsh fix 2023-06-30 13:29:07 +02:00
Kabbone
55c6b8e0f9 flake update 2023-06-30 12:45:34 +02:00
Kabbone
74450d588c flake update sway systemd service 2023-06-23 15:47:12 +02:00
Kabbone
cd43677085 flake update 2023-06-23 15:46:29 +02:00
Kabbone
3d67295fae flake update 2023-06-13 16:54:12 +02:00
Kabbone
dbad76ea28 server: nextcloud: typo fail2ban 2023-06-04 15:05:05 +02:00
Kabbone
c17489376e server: nextcloud: enable fail2ban 2023-06-04 15:03:12 +02:00
Kabbone
6059c3c0ba server: gitea: fail2ban fix 2023-06-04 14:22:57 +02:00
Kabbone
1771fba57b server: gitea: enable fail2ban 2023-06-04 09:55:48 +02:00
Kabbone
0b88c894ed desktop: add superslicer 2023-06-04 09:55:28 +02:00
Kabbone
21879ac0cc flake update 2023-06-03 11:28:10 +02:00
Kabbone
cd1ee31c82 flake update 2023-05-27 09:56:08 +02:00
Kabbone
6fc873f101 server: gitea: remove woodpecker, enable gitea actions, prototype act vm 2023-05-20 13:28:55 +02:00
Kabbone
7ad7712610 server: fail2ban: add gitea 2023-05-19 11:53:18 +02:00
Kabbone
2b15b48678 desktop: enable/add opencl/rocm 2023-05-19 11:42:24 +02:00
Kabbone
63eaee3429 hosts: server: remove grub version 2023-05-19 10:31:54 +02:00
Kabbone
6a5e98e27b flake update 2023-05-19 10:29:46 +02:00
Kabbone
c1ccbc809b hosts: desktop add TPM 2023-05-19 10:03:23 +02:00
Kabbone
c313a73db9 apps: nvim: remove user config for now (using nvchad) 2023-05-19 09:55:30 +02:00
Kabbone
b7ac0bfc5f apps: tmux: switch to catppuchini theme 2023-05-19 09:54:52 +02:00
Kabbone
fe44ec6752 apps: nvim: Nerd Font, nvim kickstart partially 2023-05-16 09:50:42 +02:00
113 changed files with 4121 additions and 734 deletions
Expand all files Collapse all files

32
README.md
View File

@@ -1,2 +1,34 @@
# nixos-config # nixos-config
## Install
### Patitioning
- Easiest is to run [disko](https://git.kabtop.de/Kabbone/nixos-config/src/branch/main/disko)
- **Classic way:**
Partition disk with gdisk:
1. EFI Partition, size 512M, type "EF00", Label "NIXBOOT"
2. Root Partition, size 100%, type "8300", Label "NIXROOT"
### Installing
1. mount all the partitions and subvolumes to /mnt
2. generate initial nixos config
```
# nixos-generate-config --root /mnt
```
3. clone flake and check config
```
# cd /mnt/etc/nixos/
# git clone https://git.kabtop.de/Kabbone/nixos-config.git
```
4. install system
```
# nixos-install --flake .#<host>
```
5. reboot

37
disko/README.md Normal file
View File

@@ -0,0 +1,37 @@
## Step by step
1. Boot the [installer](https://nixos.org/download.html#nixos-iso)
2. Get disk name
```
$ lsblk
```
3. Get disko config
```
$ curl https://git.kabtop.de/Kabbone/nixos-config/raw/branch/main/disko/btrfs_luks.nix -o /tmp/disko-config.nix
```
4. Adjust device name
5. Let disko partition the disk
```
$ sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko -- --mode disko /tmp/disko-config.nix
```
6. Check if it got mounted
```
$ mount | grep /mnt
```
7. Continue with NixOS installation
Filesystem definitions come from disko, hence "--no-filesystems"
```
$ nixos-generate-config --no-filesystems --root /mnt
$ mv /tmp/disko-config.nix /mnt/etc/nixos
```
**Alternative:** continue with normal hardware-config
```
$ nixos-generate-config --root /mnt
```

65
disko/btrfs.nix Normal file
View File

@@ -0,0 +1,65 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
extraArgs = [ "-n NIXBOOT" ];
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [ "-f -L NIXROOT" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = {
mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@srv" = {
mountpoint = "/srv";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@var" = {
mountpoint = "/var";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@swap" = {
mountpoint = "/swap";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
}

75
disko/btrfs_luks.nix Normal file
View File

@@ -0,0 +1,75 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
extraArgs = [ "-n NIXBOOT" ];
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
askPassword = true;
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f -L NIXROOT" ];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = {
mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@srv" = {
mountpoint = "/srv";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@var" = {
mountpoint = "/var";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@swap" = {
mountpoint = "/swap";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
};
}

47
disko/nas_luks.nix Normal file
View File

@@ -0,0 +1,47 @@
{
disko.devices = {
disk = {
sda = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
luks = {
size = "100%";
content = {
type = "luks";
name = "NAS-RAID";
askPassword = true;
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
};
content = {
type = "btrfs";
extraArgs = [ "-f -L NAS-RAID" ];
subvolumes = {
"@" = {
mountpoint = "/mnt/Pluto";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@/Backups";
"@/Media";
"@/Games";
"@/IT";
"@/Rest";
"@snapshots" = {
mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
};
};
};
};
};
};
};
};
};
}

743
flake.lock generated
View File

@@ -6,14 +6,15 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1683866323, "lastModified": 1715290355,
"narHash": "sha256-M2bEuh2jr0Ec13GnP5f8unD8q0AcPt2fHSUynOZJ8No=", "narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "92197270a1eedd142a4aff853e4cc6d1e838c22f", "rev": "8d37c5bdeade12b6479c85acd133063ab53187a0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -22,6 +23,27 @@
"type": "github" "type": "github"
} }
}, },
"crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1711299236,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"owner": "ipetkov",
"repo": "crane",
"rev": "880573f80d09e18a11713f402b9e6172a085449f",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -30,11 +52,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1673295039, "lastModified": 1700795494,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -44,6 +66,229 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -52,11 +297,31 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1682203081, "lastModified": 1703113217,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager-unstable": {
"inputs": {
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -72,70 +337,176 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1683929392, "lastModified": 1715381426,
"narHash": "sha256-qJddrb/bgS58AXAv25iv5xJ+69G5g7FAYCWec1lLnW0=", "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "eec22729990ddf53d1e45e74624ddf667cdbe11b", "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"hyprland": { "home-manager_3": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": [
"nixpkgs"
],
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1683850587,
"narHash": "sha256-ncnstS+f6kgTTqyT0+6Kjnro3PY9KtXh79MBMjRgAnM=",
"owner": "vaxerski",
"repo": "Hyprland",
"rev": "cc01550aff70a0cbee5b62db5f4a08789244998f",
"type": "github"
},
"original": {
"owner": "vaxerski",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"hyprland", "nixvim",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1681065697, "lastModified": 1715930644,
"narHash": "sha256-QPzwwlGKX95tl6ZEshboZbEwwAXww6lNLdVYd6T9Mrc=", "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "hyprwm", "owner": "nix-community",
"repo": "hyprland-protocols", "repo": "home-manager",
"rev": "4d29e48433270a2af06b8bc711ca1fe5109746cd", "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hyprwm", "owner": "nix-community",
"repo": "hyprland-protocols", "repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1708968331,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"jovian-nixos": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1716107076,
"narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1713369831,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "lanzaboote",
"type": "github"
}
},
"microvm": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1715787097,
"narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "fa673bf8656fe6f28253b83971a36999bc9995d2",
"type": "github"
},
"original": {
"owner": "astro",
"repo": "microvm.nix",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715901937,
"narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian-nixos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1690328911,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github" "type": "github"
} }
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1683965003, "lastModified": 1716034089,
"narHash": "sha256-DrzSdOnLv/yFBvS2FqmwBA2xIbN/Lny/WlxHyoLR9zE=", "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "81cd886719e10d4822b2a6caa96e95d56cc915ef", "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -147,11 +518,43 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1683408522, "lastModified": 1716061101,
"narHash": "sha256-9kcPh6Uxo17a3kK3XCHhcWiV1Yu1kYj22RHiymUhMkU=", "narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1715961556,
"narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "897876e4c484f1e8f92009fd11b7d988a121a4e7", "rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -161,34 +564,89 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": { "locked": {
"lastModified": 1683928319, "lastModified": 1716125991,
"narHash": "sha256-maz0DRKixJVcNRMiAMWlJniiF8IuQ+WbfmlJJ8D+jfM=", "narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
"owner": "NixOS", "owner": "nix-community",
"repo": "nIxpkgs", "repo": "nixvim",
"rev": "9656e85a15a0fe67847ee8cdb99a20d8df499962", "rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nix-community",
"ref": "nixos-22.11", "repo": "nixvim",
"repo": "nIxpkgs",
"type": "github" "type": "github"
} }
}, },
"nur": { "pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1683962403, "lastModified": 1715870890,
"narHash": "sha256-wJaQhKet22vmyxA3bPGNUGSmWElqMzCPKEnf8IzIYDQ=", "narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"owner": "nix-community", "owner": "cachix",
"repo": "NUR", "repo": "pre-commit-hooks.nix",
"rev": "2d85d8781e4fa1e793c92763733b6b131e5aabbb", "rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "cachix",
"repo": "NUR", "repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github" "type": "github"
} }
}, },
@@ -196,53 +654,136 @@
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"hyprland": "hyprland", "home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence",
"jovian-nixos": "jovian-nixos",
"lanzaboote": "lanzaboote",
"microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable", "nixpkgs-unstable": "nixpkgs-unstable",
"nur": "nur" "nixvim": "nixvim"
} }
}, },
"wlroots": { "rust-overlay": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1682436395,
"narHash": "sha256-GGEjkQO9m7YLYIXIXM76HWdhjg4Ye+oafOtyaFAYKI4=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "6830bfc17fd94709e2cdd4da0af989f102a26e59",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"type": "gitlab"
}
},
"xdph": {
"inputs": { "inputs": {
"hyprland-protocols": [ "flake-utils": [
"hyprland", "lanzaboote",
"hyprland-protocols" "flake-utils"
], ],
"nixpkgs": [ "nixpkgs": [
"hyprland", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1682439384, "lastModified": 1711246447,
"narHash": "sha256-zHDa8LCZs05TZHQSIZ3ucwyMPglBGHcqTBzfkLjYXTM=", "narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"owner": "hyprwm", "owner": "oxalica",
"repo": "xdg-desktop-portal-hyprland", "repo": "rust-overlay",
"rev": "c0e233955568fbea4e859336f6d3d14d51294d7c", "rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "hyprwm", "owner": "oxalica",
"repo": "xdg-desktop-portal-hyprland", "repo": "rust-overlay",
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1708358594,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 614,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github" "type": "github"
} }
} }

51
flake.nix
View File

@@ -11,41 +11,64 @@
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = # All flake references used to build my NixOS setup. These are dependencies.
{ {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs-stable.url = "github:NixOS/nIxpkgs/nixos-22.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = {
url = "github:astro/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager-unstable = { # User Package Management
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
};
nur = {
url = "github:nix-community/NUR"; # NUR Packages
};
hyprland = { # Official Hyprland flake
url = "github:vaxerski/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
}; };
agenix = { agenix = {
url = "github:ryantm/agenix"; url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-stable, nixos-hardware, home-manager, nur, hyprland, agenix, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
let # Variables that can be used in the config files let # Variables that can be used in the config files
user = "kabbone"; user = "kabbone";
userdmz = "diablo";
userserver = "mephisto";
location = "$HOME/.setup"; location = "$HOME/.setup";
in # Use above variables in ... in # Use above variables in ...
{ {
nixosConfigurations = ( # NixOS configurations nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-stable nixos-hardware home-manager nur user location hyprland agenix; # Also inherit home-manager so it does not need to be defined here. inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true;
} }
); );
}; };
} }

58
hosts/configuration_desktop.nix
View File

@@ -20,7 +20,7 @@
users.users.${user} = { # System User users.users.${user} = { # System User
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" ]; extraGroups = [ "wheel" "video" "audio" "camera" "networkmanager" "lp" "kvm" "libvirtd" "adb" "dialout" "tss" ];
shell = pkgs.zsh; # Default shell shell = pkgs.zsh; # Default shell
uid = 2000; uid = 2000;
# initialPassword = "password95"; # initialPassword = "password95";
@@ -31,7 +31,6 @@
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
]; ];
}; };
#security.sudo.wheelNeedsPassword = true; # User does not need to give password when using sudo.
time.timeZone = "Europe/Berlin"; # Time zone and internationalisation time.timeZone = "Europe/Berlin"; # Time zone and internationalisation
i18n = { i18n = {
@@ -47,26 +46,34 @@
keyMap = "us"; # or us/azerty/etc keyMap = "us"; # or us/azerty/etc
}; };
security.rtkit.enable = true; security = {
security.pki.certificateFiles = [ rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
]; ];
#tpm2 = {
# enable = true;
# pkcs11.enable = true;
# tctiEnvironment.enable = true;
# };
};
sound = { # ALSA sound enable sound = { # ALSA sound enable
enable = true; #enable = true;
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true; mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
enable = true; enable = true;
}; };
}; };
fonts.fonts = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
jetbrains-mono
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override (nerdfonts.override { # Nerdfont Icons override
fonts = [ fonts = [
"FiraCode" "FiraCode"
@@ -105,6 +112,10 @@
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv
linuxPackages_latest.cpupower
btop
sbctl
]; ];
}; };
@@ -136,11 +147,11 @@
# extraConfig = '' # extraConfig = ''
# HostKeyAlgorithms +ssh-rsa # HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole # ''; # Temporary extra config so ssh will work in guacamole
settings.passwordAuthentication = false; settings.PasswordAuthentication = false;
}; };
pcscd.enable = true; pcscd.enable = true;
yubikey-agent.enable = true; yubikey-agent.enable = true;
udev.packages = [ pkgs.yubikey-personalization ]; udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up #flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
# List: # List:
@@ -159,8 +170,6 @@
nix = { # Nix Package Manager settings nix = { # Nix Package Manager settings
settings ={ settings ={
auto-optimise-store = true; # Optimise syslinks auto-optimise-store = true; # Optimise syslinks
substituters = ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
}; };
gc = { # Automatic garbage collection gc = { # Automatic garbage collection
automatic = true; automatic = true;
@@ -168,25 +177,24 @@
options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
}; };
package = pkgs.nixVersions.stable; # Enable nixFlakes on system package = pkgs.nixVersions.stable; # Enable nixFlakes on system
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
system = { # NixOS settings system = { # NixOS settings
# autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
# enable = true; enable = true;
# channel = "https://nixos.org/channels/nixos-unstable"; flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
# }; randomizedDelaySec = "5m";
stateVersion = "22.05"; allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
#channel = "https://nixos.org/channels/nixos-unstable";
};
stateVersion = "23.05";
}; };
} }

38
hosts/configuration_server.nix
View File

@@ -13,6 +13,8 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
[ [
#../modules/editors/nvim # ! Comment this out on first install ! #../modules/editors/nvim # ! Comment this out on first install !
@@ -52,11 +54,11 @@
./rootCA.pem ./rootCA.pem
]; ];
fonts.fonts = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
jetbrains-mono cascadia-code
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
@@ -92,6 +94,9 @@
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
btop
htop
direnv
]; ];
}; };
@@ -99,15 +104,12 @@
openssh = { # SSH: secure shell (remote connection to shell of server) openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip> enable = true; # local: $ ssh <user>@<ip>
settings = { settings = {
passwordAuthentication = false; PasswordAuthentication = false;
permitRootLogin = "no"; PermitRootLogin = "no";
}; };
ports = [ 2220 ]; ports = [ 2220 ];
openFirewall = true; openFirewall = true;
}; };
fail2ban = {
enable = true;
};
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up #flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
@@ -123,7 +125,6 @@
options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
}; };
package = pkgs.nixVersions.stable; # Enable nixFlakes on system package = pkgs.nixVersions.stable; # Enable nixFlakes on system
registry.nixpkgs.flake = inputs.nixpkgs;
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
keep-outputs = true keep-outputs = true
@@ -131,17 +132,18 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.packageOverrides = pkgs: {
nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") {
inherit pkgs;
};
};
system = { # NixOS settings system = { # NixOS settings
# autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
# enable = true; enable = true;
# channel = "https://nixos.org/channels/nixos-unstable"; flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
# }; randomizedDelaySec = "5m";
stateVersion = "22.05"; allowReboot = true;
rebootWindow = {
lower = "02:00";
upper = "05:00";
};
};
stateVersion = "23.05";
}; };
} }

140
hosts/default.nix
View File

@@ -11,7 +11,7 @@
# └─ ./home.nix # └─ ./home.nix
# #
{ lib, inputs, nixpkgs, nixos-hardware, home-manager, nur, user, location, hyprland, agenix, ... }: { lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
let let
system = "x86_64-linux"; # System architecture system = "x86_64-linux"; # System architecture
@@ -22,27 +22,27 @@ let
}; };
lib = nixpkgs.lib; lib = nixpkgs.lib;
users.defaultShell = "pkgs.zsh";
in in
{ {
desktop = lib.nixosSystem { # Desktop profile desktop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location hyprland nixos-hardware nur agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur microvm.nixosModules.host
#hyprland.nixosModules.default lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop ./desktop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -55,21 +55,17 @@ in
laptop = lib.nixosSystem { # Laptop profile laptop = lib.nixosSystem { # Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location hyprland nixos-hardware nur agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur
#hyprland.nixosModules.default
./laptop ./laptop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -80,22 +76,43 @@ in
]; ];
}; };
dmz = lib.nixosSystem { # Desktop profile steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system; inherit system;
#user = "dmz-user"; specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; };
specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./steamdeck
./configuration_desktop.nix
../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)];
};
}
];
};
server = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./server ./server
./configuration_server.nix ./configuration_server.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
@@ -106,67 +123,108 @@ in
]; ];
}; };
nas = lib.nixosSystem { # Desktop profile kabtop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
#user = "dmz-user"; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
specialArgs = { inherit inputs user location nixos-hardware nur agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
nur.nixosModules.nur microvm.nixosModules.host
./nas ./kabtop
./configuration_server.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./server/home.nix)];
};
}
];
};
nasbak = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [
agenix.nixosModules.default
./nasbackup
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
nixpkgs.overlays = [
nur.overlay
];
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./nas/home.nix)]; imports = [(import ./home_server.nix)] ++ [(import ./nasbackup/home.nix)];
}; };
} }
]; ];
}; };
jupiter = lib.nixosSystem { # Desktop profile
q920 = lib.nixosSystem { # Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location hyprland; }; specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [ modules = [
hyprland.nixosModules.default agenix.nixosModules.default
./q920 ./jupiter
./configuration.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./q920/home.nix)]; imports = [(import ./home_server.nix)] ++ [(import ./jupiter/home.nix)];
}; };
} }
]; ];
}; };
vm = lib.nixosSystem { # VM profile dmz = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [ modules = [
./vm agenix.nixosModules.default
./configuration.nix microvm.nixosModules.host
./dmz
./configuration_server.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)]; imports = [(import ./home_server.nix)] ++ [(import ./dmz/home.nix)];
}; };
} }
]; ];
}; };
# vm = lib.nixosSystem { # VM profile
# inherit system;
# specialArgs = { inherit inputs user location; };
# modules = [
# ./vm
# ./configuration.nix
#
# home-manager.nixosModules.home-manager {
# home-manager.useGlobalPkgs = true;
# home-manager.useUserPackages = true;
# home-manager.extraSpecialArgs = { inherit user; };
# home-manager.users.${user} = {
# imports = [(import ./home.nix)] ++ [(import ./vm/home.nix)];
# };
# }
# ];
# };
} }

42
hosts/desktop/default.nix
View File

@@ -17,36 +17,41 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, ... }: { config, nixpkgs, pkgs, user, lib, nixvim, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/desktop/hyprland/default.nix)] ++ # Window Manager [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/sway/default.nix)] ++ # Window Manager (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
(import ../../modules/desktop/virtualisation) ++ # Docker [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = lib.mkForce false;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
}; };
timeout = 1; # Grub auto select time timeout = 1; # Grub auto select time
}; };
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}; };
# hardware.sane = { # Used for scanning with Xsane # hardware.sane = { # Used for scanning with Xsane
# enable = false; # enable = false;
# extraBackends = [ pkgs.sane-airscan ]; # extraBackends = [ pkgs.sane-airscan ];
# }; # };
hardware = { # hardware = {
nitrokey.enable = true; # nitrokey.enable = true;
}; # };
# environment = { # environment = {
# systemPackages = with pkgs; [ # systemPackages = with pkgs; [
@@ -59,7 +64,6 @@
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true; zsh.enable = true;
dconf.enable = true; dconf.enable = true;
light.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
@@ -75,14 +79,18 @@
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; drivers = [ pkgs.gutenprint ];
}; };
avahi = { # Needed to find wireless printer #avahi = { # Needed to find wireless printer
enable = true; # enable = true;
nssmdns = true; # nssmdns = true;
publish = { # Needed for detecting the scanner # publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
hardware.openrgb = {
enable = true; enable = true;
addresses = true; motherboard = "amd";
userServices = true;
};
}; };
}; };

91
hosts/desktop/hardware-configuration.nix
View File

@@ -14,14 +14,15 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")] ++
]; [( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
@@ -59,110 +60,82 @@
}; };
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
}; };
fileSystems."/home" = fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
}; };
fileSystems."/srv" = fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
}; };
fileSystems."/nix" = fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
}; };
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs"; fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT"; { device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" =
{ device = "nas:/Pluto"; { device = "jupiter:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" =
{ device = "nas:/Mars"; { device = "jupiter:/Mars";
fsType = "nfs"; fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
swapDevices = [ ]; swapDevices = [ { device = "/swap/swapfile"; } ];
networking = { networking = {
vswitches = {
vs0 = {
interfaces = {
enp34s0 = { };
lo1 = {
type = "internal";
};
#enp34s0iot = {
# type = "internal";
# vlan = 100;
#};
};
};
};
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "hades"; hostName = "hades";
domain = "home.opel-online.de";
networkmanager = { networkmanager = {
enable = false; enable = false;
}; };
timeServers = [
"192.168.2.1"
];
interfaces = {
#enp34s0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
#};
#enp34s0iot.useDHCP = true;
lo1 = {
useDHCP = true;
macAddress = "1a:20:e9:ce:9c:1a";
};
};
#defaultGateway = "192.168.0.1";
defaultGateway6 = {
address = "fe80::1";
interface = "lo1";
};
#nameservers = [ "192.168.0.4" ];
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
#};
}; };
systemd.services = { systemd.network = {
"ovsdb".partOf = [ "network-setup.service" ]; enable = true;
"ovs-vswitchd".partOf = [ "network-setup.service" ]; networks = {
"network-addresses-lo1".partOf = [ "network-setup.service" ]; "10-lan" = {
matchConfig.Name = "enp34s0";
ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
}; };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

8
hosts/desktop/home.nix
View File

@@ -16,15 +16,15 @@
{ {
imports = imports =
[ [
#../../modules/desktop/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/desktop/sway/home.nix # Window Manager ../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
freecad # Office packages #freecad # Office packages
#firefox #firefox
chromium chromium
thunderbird thunderbird
@@ -35,6 +35,8 @@
pulsemixer pulsemixer
#yubioath-flutter #yubioath-flutter
nitrokey-app nitrokey-app
kicad
yuzu-mainline
# Display # Display
#light # xorg.xbacklight not supported. Other option is just use xrandr. #light # xorg.xbacklight not supported. Other option is just use xrandr.

60
hosts/dmz/default.nix Normal file
View File

@@ -0,0 +1,60 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/dmz) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
services = {
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

104
hosts/dmz/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,104 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
swapDevices = [ ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = {
useDHCP = false; # Deprecated
hostName = "dmz";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
}

15
hosts/q920/home.nix → hosts/dmz/home.nix
View File

@@ -16,19 +16,18 @@
{ {
imports = imports =
[ [
../../modules/desktop/hyprland/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
home = { # Specific packages for laptop home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
# Applications # Applications
libreoffice # Office packages
# Display # Display
#light # xorg.xbacklight not supported. Other option is just use xrandr. #light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management # Power Management
auto-cpufreq # Power management #auto-cpufreq # Power management
#tlp # Power management #tlp # Power management
]; ];
}; };
@@ -37,14 +36,4 @@
alacritty.settings.font.size = 11; alacritty.settings.font.size = 11;
}; };
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
# cbatticon = {
# enable = true;
# criticalLevelPercent = 10;
# lowLevelPercent = 20;
# iconType = null;
# };
};
} }

140
hosts/home.nix
View File

@@ -30,15 +30,16 @@
homeDirectory = "/home/${user}"; homeDirectory = "/home/${user}";
packages = with pkgs; [ packages = with pkgs; [
# Terminal # Terminal
btop # Resource Manager
pfetch # Minimal fetch pfetch # Minimal fetch
ranger # File Manager ranger # File Manager
gnupg # sign and authorize 2nd Fac gnupg # sign and authorize 2nd Fac
xdg-utils xdg-utils
steam
wakelan
# dev tools # dev ols
gcc gcc
gnumake gnumake
gnupatch gnupatch
@@ -49,18 +50,11 @@
tailscale tailscale
wireguard-tools wireguard-tools
# Video/Audio # VideAudio
#feh # Image Viewer
mpv # Media Player mpv # Media Player
youtube-dl youtube-dl
#pavucontrol # Audio control
#stremio # Media Streamer
#libva-utils # vainfo
# Apps # Apps
#firefox # Browser
#google-chrome # Browser
#remmina # XRDP & VNC Client
galculator galculator
tdesktop tdesktop
hdparm hdparm
@@ -69,90 +63,38 @@
calibre calibre
mtpfs mtpfs
vimiv-qt vimiv-qt
#freecad freecad
# File Management # Fileanagement
#okular # PDF viewer #okular # PDF viewer
#gnome.file-roller # Archive Manager #gnome.file-roller # Archive Manager
ark
pcmanfm # File Manager pcmanfm # File Manager
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files unzip # Zip files
unrar # Rar files unrar # Rar files
papirus-icon-theme papirus-icon-theme
# General configuration # Genel configuration
#git # Repositories
#killall # Stop Applications
#nano # Text Editor
#pciutils # Computer utility info
#pipewire # Sound
#usbutils # USB utility info
#wacomtablet # Wacom Tablet
#wget # Downloader
#zsh # Shell
keepassxc keepassxc
libreoffice libreoffice
#
# General home-manager
#alacritty # Terminal Emulator
#dunst # Notifications
#doom emacs # Text Editor
#flameshot # Screenshot
#libnotify # Dep for Dunst
#neovim # Text Editor
#rofi # Menu
#udiskie # Auto Mounting
#vim # Text Editor
#
# Xorg configuration
#xclip # Console Clipboard
#xorg.xev # Input viewer
#xorg.xkill # Kill Applications
#xorg.xrandr # Screen settings
#xterm # Terminal
#
# Xorg home-manager
#picom # Compositer
#polybar # Bar
#sxhkd # Shortcuts
#
# Wayland configuration
#autotiling # Tiling Script
#swayidle # Idle Management Daemon
#wev # Input viewer
#wl-clipboard # Console Clipboard
#
# Wayland home-manager
#pamixer # Pulse Audio Mixer
#swaylock-fancy # Screen Locker
#waybar # Bar
#
# Desktop
#blueman # Bluetooth
#deluge # Torrents
#discord # Chat
#ffmpeg # Video Support (dslr)
#gmtp # Mount MTP (GoPro)
#gphoto2 # Digital Photography
#handbrake # Encoder
#heroic # Game Launcher
#hugo # Static Website Builder
#lutris # Game Launcher
#mkvtoolnix # Matroska Tool
#new-lg4ff # Logitech Drivers
#plex-media-player# Media Player
#polymc # MC Launcher
#steam # Games
#simple-scan # Scanning
#
# Laptop
#blueman # Bluetooth
#light # Display Brightness
#libreoffice # Office Tools
#simple-scan # Scanning
#
# Flatpak # Flatpak
#obs-studio # Recording/Live Streaming prusa-slicer
#vscodium
(vscode-with-extensions.override {
vscode = vscodium;
vscodeExtensions = with vscode-extensions; [
vscodevim.vim
github.copilot
#ms-python.python
ms-vscode.cpptools
dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
];
})
]; ];
file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg; file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
@@ -162,7 +104,7 @@
size = 16; size = 16;
gtk.enable = true; gtk.enable = true;
}; };
stateVersion = "22.05"; stateVersion = "23.05";
}; };
programs = { programs = {
@@ -170,20 +112,20 @@
}; };
gtk = { # Theming # gtk = { # Theming
enable = true; # enable = true;
theme = { # theme = {
name = "Dracula"; # name = "Dracula";
package = pkgs.dracula-theme; # package = pkgs.dracula-theme;
}; # };
iconTheme = { # iconTheme = {
name = "Papirus-Dark"; # name = "Papirus-Dark";
package = pkgs.papirus-icon-theme; # package = pkgs.papirus-icon-theme;
}; # };
font = { # font = {
name = "JetBrains Mono Medium"; # or FiraCode Nerd Font Mono Medium # name = "Cascadia Code"; # or FiraCode Nerd Font Mono Medium
}; # Cursor is declared under home.pointerCursor # }; # Cursor is declared under home.pointerCursor
}; # };
systemd.user.services.mpris-proxy = { systemd.user.services.mpris-proxy = {
Unit.Description = "Mpris proxy"; Unit.Description = "Mpris proxy";
Unit.After = [ "network.target" "sound.target" ]; Unit.After = [ "network.target" "sound.target" ];

3
hosts/home_server.nix
View File

@@ -31,7 +31,6 @@
packages = with pkgs; [ packages = with pkgs; [
# Terminal # Terminal
btop # Resource Manager
pfetch # Minimal fetch pfetch # Minimal fetch
ranger # File Manager ranger # File Manager
gnupg # sign and authorize 2nd Fac gnupg # sign and authorize 2nd Fac
@@ -51,7 +50,7 @@
#unrar # Rar files #unrar # Rar files
]; ];
stateVersion = "22.05"; stateVersion = "23.11";
}; };
programs = { programs = {

74
hosts/jupiter/default.nix Normal file
View File

@@ -0,0 +1,74 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{
imports = # For now, if applying to other ssystem, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#(import ../../modules/wm/virtualisation) ++ # Docker
(import ../../modules/services/nas) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

237
hosts/jupiter/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,237 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[(modulesPath + "/profiles/qemu-guest.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.initrd.secrets = {
"/root/NASKeyfile" =
/root/NASKeyfile;
};
boot.initrd.luks.devices = {
NAS-RAID1 = {
device = "/dev/disk/by-uuid/78c74410-c840-49b0-8a29-456d60c38217";
keyFile = "/root/NASKeyfile";
};
NAS-RAID1_2 = {
device = "/dev/disk/by-uuid/dda6e698-4f0a-4d71-a06c-656b87374ed7";
keyFile = "/root/NASKeyfile";
};
};
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
"/mnt/Mars"
"/mnt/Pluto"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
volume = {
"/mnt/snapshots/Mars" = {
snapshot_create = "always";
subvolume = {
"@nas" = {};
};
};
};
};
};
lf = {
onCalendar = "daily";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/Pluto" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@/Backups" = {};
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Mars" =
{ device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/snapshots/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd:8,noatime,subvolid=5" ];
};
fileSystems."/mnt/Pluto" =
{ device = "/dev/disk/by-label/NAS-RAID";
fsType = "btrfs";
options = [ "compress=zstd:8,noatime,subvol=@" ];
};
fileSystems."/mnt/Mars" =
{ device = "/dev/disk/by-label/MARS";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nas,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/export/Pluto" =
{ device = "/mnt/Pluto";
options = [ "bind" ];
};
fileSystems."/export/Mars" =
{ device = "/mnt/Mars";
options = [ "bind" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
hostName = "jupiter";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
#};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
'';
};
}

39
hosts/jupiter/home.nix Normal file
View File

@@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

112
hosts/kabtop/default.nix Normal file
View File

@@ -0,0 +1,112 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/sda";
};
timeout = 1; # Grub auto select time
};
};
environment = {
etc = {
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
};
"fail2ban/filter.d/gitea.conf" = {
source = ../../modules/services/server/fail2ban/filter/gitea.conf;
mode = "0444";
};
"fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
}

144
hosts/kabtop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,144 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "ahci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
#swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtop";
domain = "kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens18 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "37.44.215.182";
prefixLength = 24;
} ];
ipv6.addresses = [ {
address = "2a13:7e80:0:ef::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "37.44.215.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtop/home.nix Normal file
View File

@@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

8
hosts/laptop/default.nix
View File

@@ -22,9 +22,10 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/desktop/hyprland/default.nix)] ++ # Window Manager #[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/sway/default.nix)] ++ # Window Manager [(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
@@ -57,6 +58,7 @@
}; };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true; dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false; ssh.startAgent = false;

39
hosts/laptop/hardware-configuration.nix
View File

@@ -17,24 +17,29 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ]; boot = {
boot.initrd.kernelModules = [ "i915" "kvm_intel" ]; initrd = {
boot.kernelModules = [ "kvm-intel" ]; availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" "rtsx_usb_sdmmc" ];
boot.extraModprobeConfig = '' kernelModules = [ "i915" "kvm_intel" ];
options i915 enable_guc=3 enable_fbc=1 fastboot=1 systemd.enable = true;
''; luks = {
boot.kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ]; devices."root" = {
boot.tmp.useTmpfs = true; device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5";
zramSwap.enable = true; allowDiscards = true;
};
};
};
boot.initrd.luks = { kernelModules = [ "kvm-intel" ];
fido2Support = true; extraModprobeConfig = ''
devices."root" = { options i915 enable_guc=3 enable_fbc=1 fastboot=1
device = "/dev/disk/by-uuid/75eccc7f-30b0-4fe8-8f82-90edaf284cd5"; '';
allowDiscards = true; kernelParams = [ "mitigations=off" "luks.options=fido2-device=auto" ];
}; tmp.useTmpfs = true;
}; };
zramSwap.enable = true;
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
enable = true; enable = true;
interval = "monthly"; interval = "monthly";
@@ -111,13 +116,13 @@
}; };
fileSystems."/mnt/Pluto" = fileSystems."/mnt/Pluto" =
{ device = "nas:/Pluto"; { device = "jupiter:/Pluto";
fsType = "nfs"; fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };
fileSystems."/mnt/Mars" = fileSystems."/mnt/Mars" =
{ device = "nas:/Mars"; { device = "jupiter:/Mars";
fsType = "nfs"; fsType = "nfs";
options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ]; options = [ "noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
}; };

4
hosts/laptop/home.nix
View File

@@ -16,8 +16,8 @@
{ {
imports = imports =
[ [
#../../modules/desktop/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/desktop/sway/home.nix # Window Manager ../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];

2
hosts/nas/default.nix
View File

@@ -22,7 +22,7 @@
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
(import ../../modules/desktop/virtualisation) ++ # Docker (import ../../modules/wm/virtualisation) ++ # Docker
(import ../../modules/services/nas) ++ # Server Services (import ../../modules/services/nas) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices

13
hosts/nas/hardware-configuration.nix
View File

@@ -35,7 +35,8 @@
}; };
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
@@ -66,7 +67,7 @@
subvolume = { subvolume = {
"@" = {}; "@" = {};
"@home" = {}; "@home" = {};
"@nas/home" = {}; "@nas/Home" = {};
}; };
}; };
}; };
@@ -126,6 +127,12 @@
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
}; };
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
@@ -171,7 +178,7 @@
options = [ "bind" ]; options = [ "bind" ];
}; };
swapDevices = [ ]; swapDevices = [ { device = "/swap/swapfile"; } ];
networking = { networking = {
vswitches = { vswitches = {

66
hosts/nasbackup/default.nix Normal file
View File

@@ -0,0 +1,66 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
(import ../../modules/services/nasbackup) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = false;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = {
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

247
hosts/nasbackup/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,247 @@
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.initrd.secrets = {
"/root/NASKeyfile" =
/root/NASKeyfile;
};
boot.initrd.luks.devices = {
NAS-RAID1 = {
device = "/dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088";
keyFile = "/root/NASKeyfile";
bypassWorkqueues = true;
};
NAS-RAID2 = {
device = "/dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2";
keyFile = "/root/NASKeyfile";
bypassWorkqueues = true;
};
};
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
"/mnt/nas"
];
};
services.btrbk = {
extraPackages = [ pkgs.lz4 ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@" = {};
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "weekly";
settings = {
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk";
volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/Mars";
subvolume = {
"@nas" = {};
};
};
};
volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto";
subvolume = {
"@/Games" = {};
"@/IT" = {};
"@/Media" = {};
"@/Pictures" = {};
"@/Rest" = {};
};
};
};
};
};
# lf = {
# onCalendar = "daily";
# settings = {
# incremental = "yes";
# snapshot_create = "ondemand";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve = "2m 2w 5d";
# snapshot_preserve_min = "latest";
#
# volume = {
# "/mnt/snapshots/Pluto" = {
# snapshot_create = "always";
# subvolume = {
# "@" = {};
# "@/Backups" = {};
# "@/Games" = {};
# "@/IT" = {};
# "@/Media" = {};
# "@/Pictures" = {};
# "@/Rest" = {};
# };
# };
# };
# };
# };
};
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
# fileSystems."/mnt/snapshots/Pluto" =
# { device = "/dev/disk/by-label/NAS-RAID";
# fsType = "btrfs";
# options = [ "compress=zstd,space_cache=v2,noatime,subvolid=5" ];
# };
#
fileSystems."/mnt/nas" =
{ device = "/dev/disk/by-uuid/70523c79-ef5c-40f2-8782-60fc86bb445b";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,noatime,subvol=@nasbak" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
hostName = "nasbak";
domain = "home.opel-online.de";
networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
#};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
# powerUpCommands = ''
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
# ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/b9edc489-ac37-4b28-981d-442722df7ae2
# '';
};
}

39
hosts/nasbackup/home.nix Normal file
View File

@@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

82
hosts/q920/hardware-configuration.nix
View File

@@ -1,82 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/ROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/BOOT";
fsType = "vfat";
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "q920";
networkmanager.enable = true;
interfaces = {
enp0s25 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
#ipv4.addresses = [ {
# address = "192.168.0.51";
# prefixLength = 24;
#} ];
};
# wlo1 = {
# useDHCP = true;
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
};
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
#firewall = {
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
#};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}

47
hosts/server/default.nix
View File

@@ -17,12 +17,12 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, ... }: { config, pkgs, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/desktop/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
(import ../../modules/services/server) ++ # Server Services (import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
@@ -32,20 +32,24 @@
loader = { # EFI Boot loader = { # EFI Boot
grub = { grub = {
enable = true; enable = true;
version = 2;
device = "/dev/sda"; device = "/dev/sda";
}; };
timeout = 1; # Grub auto select time timeout = 1; # Grub auto select time
}; };
}; };
# environment = { environment = {
# systemPackages = with pkgs; [ etc = {
## simple-scan "fail2ban/filter.d/gitea.conf" = {
## intel-media-driver source = ../../modules/services/server/fail2ban/filter/gitea.conf;
## alacritty mode = "0444";
# ]; };
# }; "fail2ban/filter.d/nextcloud.conf" = {
source = ../../modules/services/server/fail2ban/filter/nextcloud.conf;
mode = "0444";
};
};
};
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true; zsh.enable = true;
@@ -59,6 +63,7 @@
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns = true;
@@ -68,6 +73,28 @@
userServices = true; userServices = true;
}; };
}; };
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
}; };

16
hosts/server/hardware-configuration.nix
View File

@@ -21,7 +21,8 @@
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true; zramSwap.enable = true;
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
@@ -83,6 +84,12 @@
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ]; options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
}; };
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" = fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
@@ -90,11 +97,12 @@
}; };
swapDevices = [ ]; #swapDevices = [ { device = "/swap/swapfile"; } ];
swapDevices = [ ];
networking = { networking = {
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "dmz"; hostName = "kabtop";
domain = "kabtop.de"; domain = "kabtop.de";
networkmanager = { networkmanager = {
enable = false; enable = false;
@@ -126,5 +134,5 @@
}; };
}; };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; #hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

67
hosts/q920/default.nix → hosts/steamdeck/default.nix
View File

@@ -17,95 +17,76 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, ... }: { config, pkgs, user, jovian-nixos, lib, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/desktop/hyprland/default.nix)] ++ # Window Manager [(import ../../modules/wm/steam/default.nix)] ++ # jovian steam
[(import ../../modules/desktop/virtualisation/docker.nix)]; # ++ # Docker [(import ../../modules/wm/kde/default.nix)] ++ # Window Manager
#(import ../../modules/hardware); # Hardware devices (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot loader = { # EFI Boot
systemd-boot.enable = true; systemd-boot.enable = lib.mkForce false;
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot"; efiSysMountPoint = "/boot";
}; };
timeout = 1; # Grub auto select time timeout = 1; # Grub auto select time
}; };
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
}; };
# hardware.sane = { # Used for scanning with Xsane # hardware.sane = { # Used for scanning with Xsane
# enable = false; # enable = false;
# extraBackends = [ pkgs.sane-airscan ]; # extraBackends = [ pkgs.sane-airscan ];
# }; # };
hardware = {
nitrokey.enable = true;
};
# environment = { # environment = {
# systemPackages = with pkgs; [ # systemPackages = with pkgs; [
# simple-scan ## alacritty
# ]; # ];
# }; # };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
# dconf.enable = true; zsh.enable = true;
# light.enable = true; dconf.enable = true;
light.enable = true;
ssh.startAgent = false; ssh.startAgent = false;
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; #pinentryFlavor = "curses";
}; };
}; };
services = { services = {
# tlp.enable = true; # TLP and auto-cpufreq for power management # blueman.enable = true;
#logind.lidSwitch = "ignore"; # Laptop does not go to sleep when lid is closed
auto-cpufreq.enable = true;
blueman.enable = true;
pcscd.enable = true;
udev.packages = [
pkgs.nitrokey-udev-rules
];
printing = { # Printing and drivers for TS5300 printing = { # Printing and drivers for TS5300
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; drivers = [ pkgs.gutenprint ];
}; };
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;
userServices = true; userServices = true;
}; };
}; };
tailscale.enable = true;
#xserver = {
# libinput = { # Trackpad support & gestures
# touchpad = {
# tapping = true;
# scrollMethod = "twofinger";
# naturalScrolling = true; # The correct way of scrolling
# accelProfile = "adaptive"; # Speed settings
# #accelSpeed = "-0.5";
# disableWhileTyping = true;
# };
# };
# resolutions = [
# { x = 1600; y = 920; }
# { x = 1280; y = 720; }
# { x = 1920; y = 1080; }
# ];
#};
}; };
security.pam.sshAgentAuth.enable = true;
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
} }

185
hosts/steamdeck/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,185 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-amd" "amdgpu" ];
kernelParams = [ "luks.options=fido2-device=auto" ];
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
# fileSystems."/sdcard" =
# { device = "/dev/disk/by-label/sdcard";
# fsType = "ext4";
# options = [ "nofail,noauto,users,x-systemd.automount" ];
# };
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "steamdeck";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = false;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = "loose";
# enable = false;
# #allowedUDPPorts = [ 53 67 ];
# #allowedTCPPorts = [ 53 80 443 9443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

55
hosts/steamdeck/home.nix Normal file
View File

@@ -0,0 +1,55 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/wm/steam/home.nix # Window Manager
../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
pulsemixer
#yuzu-early-access
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets
};
xsession.preferStatusNotifierItems = true;
}

5
modules/editors/nvim/config/bufferline.nix Normal file
View File

@@ -0,0 +1,5 @@
{
plugins.bufferline = {
enable = true;
};
}

16
modules/editors/nvim/config/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ nvim, ... }:
{
# Import all your configuration modules here
programs.nixvim = {
enable = true;
colorschemes.gruvbox.enable = true;
imports = [
./bufferline.nix
./plugins.nix
./options.nix
./keymaps.nix
./highlight.nix
];
};
}

8
modules/editors/nvim/config/highlight.nix Normal file
View File

@@ -0,0 +1,8 @@
{
highlight = {
Comment.fg = "#ff00ff";
Comment.bg = "#000000";
Comment.underline = true;
Comment.bold = true;
};
}

8
modules/editors/nvim/config/keymaps.nix Normal file
View File

@@ -0,0 +1,8 @@
{
keymaps = [
{
action = "<cmd>Telescope live_grep<CR>";
key = "<leader>g";
}
];
}

14
modules/editors/nvim/config/options.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config = {
globals.mapleader = " ";
viAlias = true;
vimAlias = true;
opts = {
number = true; # Show line numbers
relativenumber = true; # Show relative line numbers
shiftwidth = 2; # Tab width should be 2
};
};
}

51
modules/editors/nvim/config/plugins.nix Normal file
View File

@@ -0,0 +1,51 @@
{
plugins = {
lualine.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{name = "nvim_lsp";}
{name = "path";}
{name = "buffer";}
{name = "luasnip";}
];
mapping = {
"<C-d>" = "cmp.mapping.scroll_docs(-4)";
"<C-f>" = "cmp.mapping.scroll_docs(4)";
"<C-Space>" = "cmp.mapping.complete()";
"<C-e>" = "cmp.mapping.close()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
};
};
};
lsp = {
enable = true;
servers = {
tsserver.enable = true;
lua-ls = {
enable = true;
settings.telemetry.enable = false;
};
# rust-analyzer = {
# enable = true;
# installCargo = true;
# };
};
};
telescope.enable = true;
treesitter.enable = true;
luasnip.enable = true;
};
}

174
modules/editors/nvim/default.nix
View File

@@ -5,51 +5,157 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
home = {
packages = [ pkgs.gnvim ];
};
programs = { programs = {
neovim = { neovim = {
enable = true; enable = true;
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
vimdiffAlias = true; vimdiffAlias = true;
withNodeJs = true;
plugins = with pkgs.vimPlugins; [ # plugins = with pkgs.vimPlugins; [
#
# # Syntax
# #vim-nix
# #vim-markdown
#
# # Quality of life
# vim-lastplace # Opens document where you left it
# auto-pairs # Print double quotes/brackets/etc.
# vim-gitgutter # See uncommitted changes of file :GitGutterEnable
#
# # File Tree
# nerdtree # File Manager - set in extraConfig to F6
#
# # Customization
# wombat256-vim # Color scheme for lightline
# srcery-vim # Color scheme for text
#
# lightline-vim # Info bar at bottom
# indent-blankline-nvim # Indentation lines
#
# # Syntax
# nvim-treesitter.withAllGrammars
# # finder
# telescope-nvim
# # completion
# nvim-cmp
# # status line
# lualine-nvim
# # indent
# indent-blankline-nvim
# ];
# Syntax extraPackages = with pkgs; [
vim-nix ripgrep
vim-markdown fd
nodejs
# Quality of life nodePackages.npm
vim-lastplace # Opens document where you left it
auto-pairs # Print double quotes/brackets/etc.
vim-gitgutter # See uncommitted changes of file :GitGutterEnable
# File Tree
nerdtree # File Manager - set in extraConfig to F6
# Customization
wombat256-vim # Color scheme for lightline
srcery-vim # Color scheme for text
lightline-vim # Info bar at bottom
indent-blankline-nvim # Indentation lines
]; ];
extraConfig = '' # extraConfig = ''
set number relativenumber # set expandtab
syntax enable " Syntax highlighting # set shiftwidth=4
colorscheme srcery " Color scheme text # set tabstop=4
let g:lightline = { # '';
\ 'colorscheme': 'wombat',
\ } " Color scheme lightline
highlight Comment cterm=italic gui=italic " Comments become italic
hi Normal guibg=NONE ctermbg=NONE " Remove background, better for personal theme
set number " Set numbers # extraLuaConfig = ''
nmap <F6> :NERDTreeToggle<CR> " F6 opens NERDTree # vim.g.mapleader = ' '
set expandtab # vim.g.maplocalleader = ' '
set shiftwidth=4 #
set tabstop=4 # -- Set highlight on search
''; # vim.o.hlsearch = false
#
# -- Make line numbers default
# vim.wo.number = true
#
# -- Enable mouse mode
# vim.o.mouse = 'a'
#
# -- Sync clipboard between OS and Neovim.
# -- Remove this option if you want your OS clipboard to remain independent.
# -- See `:help 'clipboard'`
# vim.o.clipboard = 'unnamedplus'
#
# -- Enable break indent
# vim.o.breakindent = true
#
# -- Save undo history
# vim.o.undofile = true
#
# -- Case insensitive searching UNLESS /C or capital in search
# vim.o.ignorecase = true
# vim.o.smartcase = true
#
# -- Keep signcolumn on by default
# vim.wo.signcolumn = 'yes'
#
# -- Decrease update time
# vim.o.updatetime = 250
# vim.o.timeout = true
# vim.o.timeoutlen = 300
#
# -- Set completeopt to have a better completion experience
# vim.o.completeopt = 'menuone,noselect'
#
# -- NOTE: You should make sure your terminal supports this
# vim.o.termguicolors = true
#
# -- [[ Highlight on yank ]]
# -- See `:help vim.highlight.on_yank()`
# local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true })
# vim.api.nvim_create_autocmd('TextYankPost', {
# callback = function()
# vim.highlight.on_yank()
# end,
# group = highlight_group,
# pattern = '*',
# })
#
# -- [[ Configure Telescope ]]
# -- See `:help telescope` and `:help telescope.setup()`
# require('telescope').setup {
# defaults = {
# mappings = {
# i = {
# ['<C-u>'] = false,
# ['<C-d>'] = false,
# },
# },
# },
# }
#
# -- Enable telescope fzf native, if installed
# pcall(require('telescope').load_extension, 'fzf')
#
# -- See `:help telescope.builtin`
# vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' })
# vim.keymap.set('n', '<leader><space>', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' })
# vim.keymap.set('n', '<leader>/', function()
# -- You can pass additional configuration to telescope to change theme, layout, etc.
# require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown {
# winblend = 10,
# previewer = false,
# })
# end, { desc = '[/] Fuzzily search in current buffer' })
#
# vim.keymap.set('n', '<leader>gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' })
# vim.keymap.set('n', '<leader>sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' })
# vim.keymap.set('n', '<leader>sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' })
# vim.keymap.set('n', '<leader>sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' })
# vim.keymap.set('n', '<leader>sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' })
# vim.keymap.set('n', '<leader>sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' })
# require("indent_blankline").setup {
# -- for example, context is off by default, use this to turn it on
# show_current_context = true,
# show_current_context_start = true,
# }
# '';
}; };
}; };
} }

15
modules/hardware/backup.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
services.btrbk = {
sshAccess = [
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ];
}
];
extraPackages = [ pkgs.lz4 ];
};
}

25
modules/hardware/remoteBuilder.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, config, ... }:
{
users.users.nixremote = { # System User
isNormalUser = true;
extraGroups = [ "kvm" ];
shell = pkgs.zsh; # Default shell
uid = 1001;
# initialPassword = "password95";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M nixremote@hades"
];
};
nix.settings.trusted-users = [
"nixremote"
];
services.nix-serve.secretKeyFile = config.age.secrets."keys/nixservepriv".path;
age.secrets."keys/nixservepriv" = {
file = ../../secrets/keys/nixservepriv.age;
owner = "nixremote";
};
}

32
modules/hardware/remoteClient.nix Normal file
View File

@@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
{
nix = {
distributedBuilds = false;
buildMachines = [ {
hostName = "hades";
system = "x86_64-linux";
supportedFeatures = [ "kvm" "big-parallel" ];
sshUser = "nixremote";
sshKey = config.age.secrets."keys/nixremote".path;
maxJobs = 1;
speedFactor = 4;
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUVnbld5UVVVYSt2Y0hBS3g2ZWRiVGdxVzhwaCtNQ2lTNmZVd1lqWWNTK28gcm9vdEBoYWRlcwo=%";
protocol = "ssh-ng";
} ];
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
];
trusted-users = [
"kabbone"
];
};
};
age.secrets."keys/nixremote" = {
file = ../../secrets/keys/nixremote.age;
owner = "root";
};
}

4
modules/home.nix
View File

@@ -5,7 +5,7 @@
cmds = { cmds = {
shell = mkOption { type = types.str; default = "zsh"; }; shell = mkOption { type = types.str; default = "zsh"; };
fetch = mkOption { type = types.str; default = "hyfetch"; }; fetch = mkOption { type = types.str; default = "hyfetch"; };
editor = mkOption { type = types.str; default = "hx"; }; editor = mkOption { type = types.str; default = "nvim"; };
wm = mkOption { type = types.str; default = "sway"; }; wm = mkOption { type = types.str; default = "sway"; };
@@ -24,7 +24,7 @@
theme = { theme = {
theme = mkOption { type = types.str; default = "catppuccin-mocha"; }; theme = mkOption { type = types.str; default = "catppuccin-mocha"; };
icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; }; icon-theme = mkOption { type = types.str; default = "Papirus-Dark"; };
font = mkOption { type = types.str; default = "FiraCode Nerd Font Mono 11"; }; font = mkOption { type = types.str; default = "Cascadia Code 11"; };
wallpaper = mkOption { type = types.str; default = ""; }; wallpaper = mkOption { type = types.str; default = ""; };
}; };
}; };

6
modules/programs/alacritty.nix
View File

@@ -16,8 +16,10 @@
package = pkgs.alacritty; package = pkgs.alacritty;
settings = { settings = {
font = rec { # Font - Laptop has size manually changed at home.nix font = rec { # Font - Laptop has size manually changed at home.nix
normal.family = "Source Code Pro"; #normal.family = "FiraCode Nerd Font";
bold = { style = "Bold"; }; normal.family = "Cascadia Code";
#normal.family = "Intel One Mono";
#bold = { style = "Bold"; };
# size = 8; # size = 8;
}; };
offset = { # Positioning offset = { # Positioning

2
modules/programs/default.nix
View File

@@ -17,5 +17,5 @@
#./waybar.nix #./waybar.nix
#./games.nix #./games.nix
] ]
# Waybar.nix is pulled from modules/desktop/.. # Waybar.nix is pulled from modules/wm/..
# Games.nix is pulled from desktop/default.nix # Games.nix is pulled from desktop/default.nix

19
modules/services/dmz/default.nix Normal file
View File

@@ -0,0 +1,19 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

60
modules/services/dmz/gitea_runner.nix Normal file
View File

@@ -0,0 +1,60 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "192.168.101.1" ];
#containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
homerunner = {
enable = true;
url = "https://git.kabtop.de";
name = "Homerunner";
tokenFile = config.age.secrets."services/gitea/homerunner-token".path;
labels = [
"home"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/homerunner-token" = {
file = ../../../secrets/services/gitea/homerunner-token.age;
owner = "gitea-runner";
};
}

11
modules/services/dmz/hydra.nix Normal file
View File

@@ -0,0 +1,11 @@
{ lib, config, pkgs, ... }:
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000";
notificationSender = "hydra@localhost";
useSubstitutes = true;
};
}

131
modules/services/dmz/microvm.nix Normal file
View File

@@ -0,0 +1,131 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "cloud-hypervisor";
vcpu = 4;
mem = 4096;
interfaces = [
{
type = "macvtap";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
macvtap = {
link = "enp6s18";
mode = "bridge";
};
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

2
modules/services/nas/nfs.nix
View File

@@ -11,7 +11,7 @@
}; };
# open the firewall # open the firewall
networking.firewall = { networking.firewall = {
interfaces.lo1 = { interfaces.enp6s18 = {
allowedTCPPorts = [ 2049 ]; allowedTCPPorts = [ 2049 ];
}; };
}; };

18
modules/services/nasbackup/default.nix Normal file
View File

@@ -0,0 +1,18 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./nfs.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

2
modules/services/server/coturn.nix
View File

@@ -14,7 +14,7 @@
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem"; pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = '' extraConfig = ''
# for debugging # for debugging
verbose #verbose
# ban private IP ranges # ban private IP ranges
no-multicast-peers no-multicast-peers
denied-peer-ip=0.0.0.0-0.255.255.255 denied-peer-ip=0.0.0.0-0.255.255.255

3
modules/services/server/default.nix
View File

@@ -13,11 +13,12 @@
[ [
./postgresql.nix ./postgresql.nix
./gitea.nix ./gitea.nix
./woodpecker.nix ./microvm.nix
./nextcloud.nix ./nextcloud.nix
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./jitsi.nix ./jitsi.nix
./ollama.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

4
modules/services/server/fail2ban/filter/gitea.conf Normal file
View File

@@ -0,0 +1,4 @@
[Definition]
failregex = .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
ignoreregex =
journalmatch = _SYSTEMD_UNIT=gitea.service + _COMM=gitea

6
modules/services/server/fail2ban/filter/nextcloud.conf Normal file
View File

@@ -0,0 +1,6 @@
[Definition]
_groupsre = (?:(?:,?\s*"\w+":(?:"[^"]+"|\w+))*)
failregex = ^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Login failed:
^\{%(_groupsre)s,?\s*"remoteAddr":"<HOST>"%(_groupsre)s,?\s*"message":"Trusted domain error.
datepattern = ,?\s*"time"\s*:\s*"%%Y-%%m-%%d[T ]%%H:%%M:%%S(%%z)?"
journalmatch =

4
modules/services/server/fail2ban/filter/open-webui.conf Normal file
View File

@@ -0,0 +1,4 @@
[Definition]
failregex = <HOST> - .*(401 Unauthorized|invalid credentials|Attempted access of unknown user).*
ignoreregex =
journalmatch = _SYSTEMD_UNIT=podman-open-webui.service + _COMM=podman-open-webui

5
modules/services/server/gitea.nix
View File

@@ -7,7 +7,7 @@
{ {
services.gitea = { services.gitea = {
enable = true; enable = true;
dump.enable = true; dump.enable = false;
lfs.enable = true; lfs.enable = true;
dump.type = "tar.xz"; dump.type = "tar.xz";
database.type = "postgres"; database.type = "postgres";
@@ -61,6 +61,9 @@
REGISTER_EMAIL_CONFIRM = true; REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
}; };
actions = {
ENABLED = true;
};
}; };
}; };

59
modules/services/server/gitea_runner.nix Normal file
View File

@@ -0,0 +1,59 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
serverrunner = {
enable = true;
url = "https://git.kabtop.de";
name = "Server runner";
tokenFile = config.age.secrets."services/gitea/serverrunner-token".path;
labels = [
"server"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/serverrunner-token" = {
file = ../../../secrets/services/gitea/serverrunner-token.age;
owner = "gitea-runner";
};
}

1
modules/services/server/matrix.nix
View File

@@ -40,6 +40,7 @@ in {
"${fqdn}" = { "${fqdn}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/health".proxyPass = "http://localhost:8008";
locations."/_matrix".proxyPass = "http://localhost:8008"; locations."/_matrix".proxyPass = "http://localhost:8008";
locations."/_synapse/client".proxyPass = "http://localhost:8008"; locations."/_synapse/client".proxyPass = "http://localhost:8008";
locations."/".extraConfig = '' locations."/".extraConfig = ''

129
modules/services/server/microvm.nix Normal file
View File

@@ -0,0 +1,129 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 4096;
balloonMem = 4096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:01";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

44
modules/services/server/nextcloud.nix
View File

@@ -1,18 +1,23 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
environment.systemPackages = with pkgs; [ # Default packages install system-wide
appimage-run
];
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
https = true; https = true;
package = pkgs.nextcloud26; package = pkgs.nextcloud27;
enableBrokenCiphersForSSE = false;
database.createLocally = false; database.createLocally = false;
logType = "file";
caching = { caching = {
redis = true; redis = true;
apcu = false; apcu = false;
}; };
extraOptions = { extraOptions = {
logfile = "nextcloud.log";
redis = { redis = {
host = "/run/redis-nextcloud/redis.sock"; host = "/run/redis-nextcloud/redis.sock";
port = 0; port = 0;
@@ -38,10 +43,23 @@
#autoUpdateApps.enable = true; #autoUpdateApps.enable = true;
}; };
services.redis.servers.nextcloud = { services.onlyoffice = {
enable = true; enable = true;
user = "nextcloud"; hostname = "docs.cloud.kabtop.de";
port = 0; postgresName = "onlyoffice";
postgresHost = "localhost";
postgresUser = "onlyoffice";
postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
};
services.redis = {
vmOverCommit = true;
servers.nextcloud = {
enable = true;
user = "nextcloud";
port = 0;
};
}; };
services.nginx = { services.nginx = {
@@ -51,6 +69,9 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
"${config.services.onlyoffice.hostname}".listen = [ {
addr = "127.0.0.1"; port = 8080;
} ];
}; };
}; };
@@ -62,9 +83,22 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age; file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud"; owner = "nextcloud";
}; };
age.secrets."services/nextcloud/onlyofficedb" = {
file = ../../../secrets/services/nextcloud/onlyofficedb.age;
owner = "onlyoffice";
};
age.secrets."services/nextcloud/onlyofficejwt" = {
file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
owner = "onlyoffice";
};
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = ["postgresql.service"];
after = ["postgresql.service"]; after = ["postgresql.service"];
}; };
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
} }

28
modules/services/server/ollama.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
let
ollamahostname = "llm.kabtop.de";
in
{
virtualisation.oci-containers.containers."open-webui" = {
autoStart = true;
image = "ghcr.io/open-webui/open-webui:ollama";
volumes = [
"/var/lib/open-webui:/app/backend/data"
];
hostname = "open-webui";
ports = [ "8081:8080" ];
};
services = {
nginx = {
virtualHosts = {
${ollamahostname} = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:8081";
};
};
};
};
}

12
modules/services/server/postgresql.nix
View File

@@ -7,28 +7,28 @@
{ {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_14; package = pkgs.postgresql_15;
settings = { settings = {
max_connections = 200; max_connections = 200;
listen_addresses = "localhost"; listen_addresses = "localhost";
password_encryption = "scram-sha-256"; password_encryption = "scram-sha-256";
shared_buffers = "512MB"; shared_buffers = "4GB";
work_mem = "8MB"; work_mem = "2GB";
maintenance_work_mem = "500MB";
autovacuum_work_mem = -1; autovacuum_work_mem = -1;
min_wal_size = "1GB";
max_wal_size = "4GB";
log_timezone = "Europe/Berlin"; log_timezone = "Europe/Berlin";
timezone = "Europe/Berlin"; timezone = "Europe/Berlin";
}; };
authentication = pkgs.lib.mkOverride 14 '' authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer local all postgres peer
host giteadb gitea localhost scram-sha-256 host giteadb gitea localhost scram-sha-256
host woodpeckerdb woodpecker localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256 host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256 host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256 host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256 host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256 host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer
''; '';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path; initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
}; };

24
modules/shell/tmux.nix
View File

@@ -8,7 +8,8 @@
programs = { programs = {
tmux = { tmux = {
enable = true; enable = true;
terminal = "xterm-256color"; terminal = "screen-256color";
escapeTime = 300;
newSession = false; newSession = false;
keyMode = "vi"; keyMode = "vi";
historyLimit = 10000; historyLimit = 10000;
@@ -19,16 +20,25 @@
yank yank
sidebar sidebar
{ {
plugin = dracula; # plugin = dracula;
extraConfig = " # extraConfig = "
set -g @dracula-show-powerline true # set -g @dracula-show-powerline true
set -g @dracula-plugins 'git cpu-usage ram-usage battery time' # set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
set -g @dracula-border-contrast true # set -g @dracula-border-contrast true
"; # ";
plugin = catppuccin;
extraConfig = "
set -g @catppuccin_flavour 'macchiato'
set -g @catppuccin_window_tabs_enabled 'on'
set -g @catppuccin_host 'on'
set -g @catppuccin_user 'on'
set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
";
} }
]; ];
extraConfig = '' extraConfig = ''
set -g mouse on set -g mouse on
set-option -sa terminal-features ',alacritty:RGB'
# More friendly split pane # More friendly split pane
bind-key s split-window -h -c "#{pane_current_path}" bind-key s split-window -h -c "#{pane_current_path}"

11
modules/shell/zsh.nix
View File

@@ -10,7 +10,7 @@
enable = true; enable = true;
dotDir = ".config/zsh_nix"; dotDir = ".config/zsh_nix";
enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options
enableSyntaxHighlighting = true; syntaxHighlighting.enable = true;
history.size = 10000; history.size = 10000;
oh-my-zsh = { # Extra plugins for zsh oh-my-zsh = { # Extra plugins for zsh
@@ -27,10 +27,10 @@
''; '';
initExtra = '' # Zsh theme initExtra = '' # Zsh theme
#export GPG_TTY=$(tty) export GPG_TTY=$(tty)
#gpg-connect-agent updatestartuptty /bye >/dev/null gpg-connect-agent updatestartuptty /bye >/dev/null
#unset SSH_AGENT_PID unset SSH_AGENT_PID
#export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit
@@ -39,6 +39,7 @@
# emulate zsh -c "$(direnv hook zsh)" # emulate zsh -c "$(direnv hook zsh)"
# Swag # Swag
pfetch # Show fetch logo on terminal start pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)"
''; '';
}; };
}; };

16
modules/wm/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, lib, config, ... }:
{
options = {
desktop = {
wm = lib.mkOption { type = types.str; default = "sway"; };
taskbar = lib.mkOption { type = types.str; default = "waybar"; };
launcher = lib.mkOption { type = types.str; default = "bemenu"; };
};
};
config = {
imports =
(import ./ + (desktop.wm)) ++
};
}

49
modules/wm/gnome/default.nix Normal file
View File

@@ -0,0 +1,49 @@
#
# Gnome configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ default.nix
# └─ ./modules
# └─ ./desktop
# └─ ./gnome
# └─ default.nix *
#
{ config, lib, user, pkgs, ... }:
{
hardware.pulseaudio.enable = lib.mkForce false;
environment.systemPackages = with pkgs; [
gnome.gnome-terminal
gnomeExtensions.dash-to-dock
gnomeExtensions.appindicator
flatpak
rocmPackages.clr.icd
rocmPackages.clr
clinfo
];
services = {
xserver = {
enable = true;
desktopManager.gnome.enable = true;
displayManager = {
gdm.wayland = true;
gdm.enable = true;
gdm.autoLogin.delay = 5;
gdm.settings = {
security = {
DisallowTCP=true;
};
};
defaultSession = "steam-wayland";
autoLogin.enable = true;
autoLogin.user = "kabbone";
};
};
flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
};
}

53
modules/wm/gnome/home.nix Normal file
View File

@@ -0,0 +1,53 @@
#
# Gnome NixOS & Home manager configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./steamdeck
# │ └─ home.nix
# └─ ./modules
# └─ ./desktop
# └─ ./gnome
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
dconf.settings = {
# Enable on-screen keyboard
"org/gnome/desktop/a11y/applications" = {
screen-keyboard-enabled = true;
};
"org/gnome/shell" = {
enabled-extensions = [
"dash-to-dock@micxgx.gmail.com"
];
favorite-apps = [
"firefox.desktop"
"thunderbird.desktop"
"element-desktop.desktop"
"keepassxc"
"yubioath-flutter.desktop"
"alacritty.desktop"
];
};
# Dash to Dock settings for a better touch screen experience
"org/gnome/shell/extensions/dash-to-dock" = {
background-opacity = 0.80000000000000004;
custom-theme-shrink = true;
dash-max-icon-size = 48;
dock-fixed = true;
dock-position = "LEFT";
extend-height = true;
height-fraction = 0.60999999999999999;
hot-keys = false;
preferred-monitor = -2;
preferred-monitor-by-connector = "eDP-1";
scroll-to-focused-application = true;
show-apps-at-top = true;
show-mounts = true;
show-show-apps-button = true;
show-trash = false;
};
};
}

0
modules/desktop/hyprland/default.nix → modules/wm/hyprland/default.nix
View File

0
modules/desktop/hyprland/home.nix → modules/wm/hyprland/home.nix
View File

48
modules/wm/kde/default.nix Normal file
View File

@@ -0,0 +1,48 @@
#
# Gnome configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ default.nix
# └─ ./modules
# └─ ./desktop
# └─ ./gnome
# └─ default.nix *
#
{ config, lib, user, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
flatpak
rocmPackages.clr.icd
rocmPackages.clr
clinfo
libsForQt5.discover
maliit-keyboard
];
services = {
packagekit.enable = true;
xserver = {
enable = true;
desktopManager.plasma5.enable = true;
# displayManager = {
# gdm.wayland = true;
# gdm.enable = true;
# gdm.autoLogin.delay = 5;
# gdm.settings = {
# security = {
# DisallowTCP=true;
# };
# };
# defaultSession = "steam-wayland";
# autoLogin.enable = true;
# autoLogin.user = "kabbone";
# };
};
flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
};
}

16
modules/wm/kde/home.nix Normal file
View File

@@ -0,0 +1,16 @@
#
# Gnome NixOS & Home manager configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./steamdeck
# │ └─ home.nix
# └─ ./modules
# └─ ./desktop
# └─ ./gnome
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
}

0
modules/desktop/scripts/2in1screen → modules/wm/scripts/2in1screen
View File

43
modules/wm/steam/default.nix Normal file
View File

@@ -0,0 +1,43 @@
#
# Gnome configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ default.nix
# └─ ./modules
# └─ ./desktop
# └─ ./gnome
# └─ default.nix *
#
{ config, lib, user, pkgs, jovian-nixos, ... }:
{
imports = [
(jovian-nixos + "/modules")
];
jovian = {
steam = {
enable = true;
user = "kabbone";
autoStart = true;
desktopSession = "plasmawayland";
};
devices.steamdeck = {
enable = true;
};
decky-loader.enable = true;
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment.systemPackages = with pkgs; [
steamdeck-firmware
];
}

26
modules/wm/steam/home.nix Normal file
View File

@@ -0,0 +1,26 @@
#
# Gnome NixOS & Home manager configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./steamdeck
# │ └─ home.nix
# └─ ./modules
# └─ ./desktop
# └─ ./steam
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
home = {
packages = with pkgs; [
steam
jq
appimage-run
gnome.zenity
unzip
fuse
];
};
}

10
modules/desktop/sway/default.nix → modules/wm/sway/default.nix
View File

@@ -11,13 +11,15 @@
# └─ hyprland.nix * # └─ hyprland.nix *
# #
{ config, lib, user, pkgs, ... }: { config, lib, user, pkgs, desktop, ... }:
{ {
imports = [ ../../programs/waybar.nix ]; imports = [ ../waybar.nix ];
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
driSupport = true;
driSupport32Bit = true;
}; };
environment = { environment = {
@@ -35,6 +37,10 @@
grim grim
bemenu bemenu
lxqt.lxqt-openssh-askpass lxqt.lxqt-openssh-askpass
rocmPackages.clr.icd
rocmPackages.clr
clinfo
waybar
]; ];
}; };

39
modules/desktop/sway/home.nix → modules/wm/sway/home.nix
View File

@@ -48,13 +48,18 @@
"*" = { "*" = {
bg = "$HOME/.config/wall fill"; bg = "$HOME/.config/wall fill";
}; };
"HDMI-A-1" = { #"HDMI-A-1" = {
mode = "1920x1080"; # mode = "2560x1440";
# pos = "0,0";
# #scale = "1.1";
#};
"DP-2" = {
mode = "2560x1440";
pos = "0,0"; pos = "0,0";
}; };
"DP-1" = { "DP-3" = {
mode = "2560x1080"; mode = "1920x1200";
pos = "1920,0"; pos = "2560,120";
}; };
#"eDP-1" = { #"eDP-1" = {
# mode = "1920x1080"; # mode = "1920x1080";
@@ -68,7 +73,7 @@
terminal = "${pkgs.alacritty}/bin/alacritty"; terminal = "${pkgs.alacritty}/bin/alacritty";
fonts = { fonts = {
names = [ "Source Code Pro" ]; names = [ "Cascadia Code" ];
size = 10.0; size = 10.0;
}; };
@@ -207,6 +212,9 @@
"${mod}+Shift+9" = "move container to workspace number 9"; "${mod}+Shift+9" = "move container to workspace number 9";
"${mod}+Shift+0" = "move container to workspace number 10"; "${mod}+Shift+0" = "move container to workspace number 10";
"${mod}+Tab" = "workspace next";
"${mod}+Alt+Tab" = "workspace prev";
"${mod}+k" = "splith"; "${mod}+k" = "splith";
"${mod}+v" = "splitv"; "${mod}+v" = "splitv";
@@ -223,7 +231,7 @@
"${mod}+minus" = "scratchpad show"; "${mod}+minus" = "scratchpad show";
}; };
}; };
systemdIntegration = true; systemd.enable = true;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
extraSessionCommands = '' extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND="1"; export MOZ_ENABLE_WAYLAND="1";
@@ -244,8 +252,8 @@
''; '';
extraConfig = '' extraConfig = ''
set $output-primary DP-1 set $output-primary DP-2
set $output-secondary HDMI-A-1 set $output-secondary DP-3
workspace 1 output $output-secondary workspace 1 output $output-secondary
workspace 2 output $output-primary workspace 2 output $output-primary
@@ -253,11 +261,14 @@
''; '';
}; };
programs.swaylock.settings = { programs.swaylock = {
color = "000000"; enable = true;
image = "$HOME/.config/lockwall"; settings = {
indicator-caps-lock = true; color = "000000";
show-keyboard-layout = true; image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
};
}; };
services.swayidle = { services.swayidle = {

0
modules/desktop/virtualisation/default.nix → modules/wm/virtualisation/default.nix
View File

12
modules/desktop/virtualisation/docker.nix → modules/wm/virtualisation/docker.nix
View File

@@ -6,7 +6,11 @@
{ {
virtualisation = { virtualisation = {
docker.enable = true; podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
}; };
users.groups.docker.members = [ "${user}" ]; users.groups.docker.members = [ "${user}" ];
@@ -17,9 +21,9 @@
# ''; # Alias to easily start container # ''; # Alias to easily start container
#}; #};
environment.systemPackages = with pkgs; [ # environment.systemPackages = with pkgs; [
docker-compose # docker-compose
]; # ];
} }
# USAGE: # USAGE:

12
modules/wm/virtualisation/kvm-amd.nix Normal file
View File

@@ -0,0 +1,12 @@
#
# KVM module options amd
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
''; # Needed to run OSX-KVM
}

13
modules/wm/virtualisation/kvm-intel.nix Normal file
View File

@@ -0,0 +1,13 @@
#
# KVM module options intel
#
{ config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
''; # Needed to run OSX-KVM
}

7
modules/desktop/virtualisation/qemu.nix → modules/wm/virtualisation/qemu.nix
View File

@@ -5,16 +5,9 @@
{ config, pkgs, user, ... }: { config, pkgs, user, ... }:
{ # Add libvirtd and kvm to userGroups { # Add libvirtd and kvm to userGroups
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
''; # Needed to run OSX-KVM
users.groups.libvirtd.members = [ "root" "${user}" ]; users.groups.libvirtd.members = [ "root" "${user}" ];
virtualisation = { virtualisation = {
vswitch.enable = true;
libvirtd = { libvirtd = {
enable = true; # Virtual drivers enable = true; # Virtual drivers
onShutdown = "shutdown"; onShutdown = "shutdown";

8
modules/programs/waybar.nix → modules/wm/waybar.nix
View File

@@ -9,14 +9,6 @@
waybar waybar
]; ];
# nixpkgs.overlays = [ # Waybar needs to be compiled with the experimental flag for wlr/workspaces to work
# (self: super: {
# waybar = super.waybar.overrideAttrs (oldAttrs: {
# mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
# });
# })
# ];
home-manager.users.${user} = { # Home-manager waybar config home-manager.users.${user} = { # Home-manager waybar config
programs.waybar = { programs.waybar = {
enable = true; enable = true;

BIN
secrets/keys/nixremote.age Normal file
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age Normal file
View File

Binary file not shown.

7
secrets/nixremote Normal file
View File

@@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACC3M7I+FtZBUGmpRcGmPkSeCxMzXhSg/orVweNENjufTAAAAJAgCaSVIAmk
lQAAAAtzc2gtZWQyNTUxOQAAACC3M7I+FtZBUGmpRcGmPkSeCxMzXhSg/orVweNENjufTA
AAAEAJPJDPptl9Ljj80G3MNyiAfMBKn6MOfBOT+vF0aBenTLczsj4W1kFQaalFwaY+RJ4L
EzNeFKD+itXB40Q2O59MAAAADWthYmJvbmVAaGFkZXM=
-----END OPENSSH PRIVATE KEY-----

1
secrets/nixremote.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILczsj4W1kFQaalFwaY+RJ4LEzNeFKD+itXB40Q2O59M kabbone@hades

47
secrets/secrets.nix
View File

@@ -18,16 +18,46 @@ let
yubia yubia
]; ];
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nbf5 = ""; nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
steamdeck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcbvtlL9xFq6kcvE6x20/Es5PVWMhbBvra8HjGUm4NB";
laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICLDA3tmyCR4ogX7mgwaEhsceqALQvq9IqXhg8rF0OIi";
homerunner = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP5MASizLhydfxn0AWcG6LfeC4fghLTDVsLbEHDnIAhc";
serverrunner="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfLhlJX2VlZE4myreojQ0hqCSL28kE9Y3F65uumgrSK";
systems = [ systems = [
hades server
nbf5 server2
dmz dmz
hades
nasbak
jupiter
steamdeck
laptop
homerunner
serverrunner
]; ];
servers = [ servers = [
dmz server
server2
];
homerunners = [
homerunner
];
serverrunners = [
serverrunner
];
buildClients = [
nasbak
jupiter
steamdeck
laptop
];
buildServer = [
hades
]; ];
in in
{ {
@@ -42,7 +72,12 @@ in
"services/matrix/signal-registration.age".publicKeys = servers ++ users; "services/matrix/signal-registration.age".publicKeys = servers ++ users;
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficejwt.age".publicKeys = servers ++ users;
"services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users;
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/woodpecker/environment.age".publicKeys = servers ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }

BIN
secrets/services/coturn/static-auth.age
View File

Binary file not shown.

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

23
secrets/services/gitea/homerunner-token.age Normal file
View File

@@ -0,0 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 1fxDZw HPqtOnCf0xv43GQmB6iSSLGK6r/5pCFFZJC37ioMIw0
VjvteDjUqqkBas9FzZKxlA1y5/TwIB44I7yNH3KBDYA
-> ssh-rsa VtjGpQ
Xx8tuS0ClpvIEn/diIhCInLuiNym22i0SQZCkFCz5V0FKNM0L9hzlqU2A2wLemgz
iy1So0jNJWGt9ylUCyPI9ucyLUgoXFXiQjaMkI85yj+xuUDHkmereRMW3AQD+2LL
+NHsmQQchtmQg/gCZY0MS7gq++ULDwlakAkwMP0U6T19i299eBSBL4Zoj00rKNlx
KLe0jbNlIe1uhVLYRfyz3S0I9z8gWDSQ8soFoqrJwKVHsO7wmH/3a0dCEWSHRRVm
MRfU/Oy7A8U+iD37z9DxSN2O6hKRLMDu/NyTXUV95ImYwOcA7ya4nShwpB7vZLop
Vu/BtX5HZ7JvBK3kApyR+Da5LYsBhqrDmqXqtykjn8TM0WG65jLKp5XolEcGEfUe
KrqVMhVm+d2AijpRvsbOv13B7UmZkxBP9+6/o7uujv9nV5uSoGwv9tZn9ubeZyXo
U7q3MaURqbgv6YV+h/aJ1X0URmPMyjUgkCLI3HbKJV+ZQH1jbNsn0aiVU0d0MXBb
cE1NIZdfrQ/+Mp14KuiKoY/ycrJPQkg+Au8LANSk/pzH/lvGO1EP50eBRz4hIqEg
RaNII+fQosyr10HPvlgMfEZQnDoG6H+Tvhgt4S6Ex9lyjKASnx/SQyRwhd9SPgDb
bArbSq4lJ59rqw7TX2IrkjDgvv/FMqdcxjW+kIOTWDQ
-> piv-p256 grR75w A1d8pk5Qfx1xq9vApCkKKj6gx1elqSYxLezwoChk3k7Z
AeYO+rslswXdRJK/pwe9m3CNHIKsrRkt1lamyysDNQk
-> piv-p256 RQguQQ AukcSmMTNQQZdr5zDOjMTnsOFZp5H5D5ohuVdIQUpUYM
aJqrWcaXdpfS2vakEu5vi/AMHnoUUrUpm0bRRcCxiE8
--- fNTWHdKIXpbJsZo2WnMAPXTNMtr0hKkgivCIi1qiQps
X<1E><>R0j<30>ebMB7v6<76><04>Ȧ~
<1E>8<=
2i<1E><><EFBFBD>2<EFBFBD>J<EFBFBD>]L<><4C>p

43
secrets/services/gitea/mailerPassword.age
View File

@@ -1,24 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ S4SkrY0LLBlXsKIyKbJG/0xsdOTMXPRQwWmciJdCGFU -> ssh-ed25519 neExcQ Qx3NuIC3HnyhLAPB6NGLlO8073iIEXQ3VpVDvsPsLVk
OugL59NZJ6fccEJtXbWA7wYoaFflA/wUOzkOSeuoLaM 9Cz7AXaP/EorKrdLxMfaWJJsCIv5u6upJIaNbLiDleA
-> ssh-ed25519 WiIaQQ AS+i8m6vO83lj5vZ1lr+FiM1SO1v7BU6OWertpdTXSU
LIitIW7F/8idoKvgHmirFp1V9RlObyqOueDVIdBdRM0
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
L4dHVMy1Ep/ai3y0cbOjJYcCgFcbzecOdjPow6OASNqBPUOfpcge4hmpWKbITLB4 FdINMHPfPVgkQk0A5g6uDRQmZxI0h74QkJSdYUtHRfbqBP0R3f4TrqbtO4n6E7pR
9FNsBxF0g+Z/gYtyiRmdZpB+61Ns5qsp66V9UDpQouAWnWGOtJhMVju0klXJWQLm 5NYLkqyZND7ApC10hoQ2UJF22Ja06ZvWhhM7Zsl0X3u/58NhgXsXWy92I2sniBa4
W8nL9dWdS3vcFhdD10YO7ErQZAADRn5msN3m79wsFpS8ehq7PSoyGmysvimvOGid DF6T3AD4bQOF4Px2A/+lnA++NIWHdroqghojWOAZazvLFaFa6HtIdrTiMb2bojuU
d3H+NGfBJZOKuFtgPwx3OUel+QekGaCPJNgEMw5BB7BABvtOkSFsngbxSIzQDDgy qxepekbRwJBEm9/5bKHZlEmwx3rJsYxrNKEkxPrBvNdPbnwgxrvhOXxeQJghyGGw
vFfcFWtvpLM/VNNZNkUBr+9esaCj6RJsn7wvktT69bjT12RoFrrMA1M3f/nwBPPW vnCRHKDbqvRIWfkmftRjNQMHUSMitDJHUOPsG9z5KBr4M7n7B1bV5ozsLsVyUUmE
7VEe9DWmYU0KYO/z8oyqW0pv1Jn7CywSkeMhzhZflXrHgSJz8f0sc7RvUDrPe8nU 6vBvrOPz9+RiE9H61PlAvPFMmKBTQgRf8+mjbU0RGxScqLcUoHCud2x3O+WqlLoP
+hZtja23mp8iFLsqT1IDzCtx2AVQ/IEpBhK/e2VAA9x1dD1u8oO63Lqafx5bJj4o TMQtye8ayRPgG3PbwP4pO3olcA9ANEdd2Jfo+HG4izbJxdCTbOMfEFTJIEfyGMIo
fVvqdfqS95Hoj6BYT4R+eaALjlQwo+ZbYkpMs48tMl3FMGB1yWFTf7lef//faRDd lo0Hh0EIijFAVfyAH6G/Rv1KggpINr8fTxbWz8i1PXTqzBsjfrqbHWWRrE/VJSYI
O2qah2bc0B145eBQjSxu+qGV65h1uVVYbzyHztTDtD2VAH3vt3yhXxcrwIEbFmAD x9bjSHeWCOs+IlZ2YEB8dshJe5smrTnKpFYrj3kvLHOiC1jKUJdDZooQex4nkXpW
RhdudA2i5N5R4WYvTSUlqu7W/1IReYLhJGPcAwUwviZMpsLAZXV0J4+kMfY2nlG7 mMKIOb/VF6/QM3NkmJKLdnMJenIKL1Vqbrv/Lqu1/FaINqRsIGTXCsQs+JjxrcfX
QIWAaOjNbCR9uUIzyRBiT8Z7evEhNJGfeoHfWI3YyxE zxpzs7Bk2eV/BaiJxJ7Cjfx1gO37GpL0kzCMuN1xnWs
-> piv-p256 grR75w A4JUNXeQebYxnpxuy/S0nZFuVefAsKoy9AgSqAmIgf+C -> piv-p256 grR75w Azu36XfRZ2Evj79zCs8RA5lwbMe2Je0oBI5JM+3MC/cO
E6W2cZda5/zXAQiVXpuBwyq1vVjkc6oLPRZcxoquhSQ p8nO/p2M3pvEevZLLItNDSz64Ju8yBA2GPBnTWMN25I
-> piv-p256 RQguQQ AtTS4VS0D7XBHhqO4nAilRuUoaL8wN/CKqvsJBDkS2eV -> piv-p256 RQguQQ Av9ILPK7bsPNqgudLMq88MNSWrB+xrBVfxX3bjVCquvj
DNQ7jGW5JaLyTj7s0pcjqYgB8TmSzKAc7uzY6KY/3K0 0iwRR9htchLUk88RRooXsP0H39FfybCPMQC8AMxgu/0
-> dUR*@Go-grease sO --- puq9s7iYi1A0v+7Qhsqo05Yfxtg5kHJK66RM1TDLtNM
kaM21qvzGtRDZOmKY3+RmLO7JNQ2qnbAy7Rhm2jrDwFMZapow7tHdoukwSPPtdqV <1E>![<5B><><EFBFBD>u_<75>(*<2A>0<03>Ŵ8<C5B4><38><EFBFBD><EFBFBD><EFBFBD>"<22><>Fsn<73>"T<><54>-<2D><><EFBFBD><EFBFBD><EFBFBD><05><>w<1B>w' <0C><><EFBFBD>4<EFBFBD><34><EFBFBD>sd_<64>!
zbvcRqVh5eUp2GSpP9L5Md/Rb4zBrB3DQEQX+BDcBq2AoQLgznZu
--- 3gADr/DczM3F+Cvzio9AelnCMVuF9lKba8i82UlSmIs
<EFBFBD>!O~<7E><>a}<7D><>'i|A<><41>b<><62><EFBFBD>V<EFBFBD><56><EFBFBD>rq'N<><4E>_0<1A>L<EFBFBD>fBEnW<6E> <0B>c<EFBFBD><63><EFBFBD>M<><4D><EFBFBD>I<>:Ybb

21
secrets/services/gitea/runner-token.age Normal file
View File

@@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 1fxDZw TDpxzsr/x1p3WR7SKVetYVlKqdIxMI6w98tM5MIHC30
HmWHgsw11pqILyvSl0FjeOokMuxlA9u128aAECK0Qvc
-> ssh-rsa VtjGpQ
XTL+rQuSTsY42cuFi2HKBo/6xRa+5Aw0NJafCDg4PBYbNvZf8Q4EFtrX3k3JzUcE
fgzJI81h/ijl6FzvnAsfB0oMR/RIxHNdheIMxilsiaVGDS6ATnq8Mk7Ca67MtM5Y
Uc9XQ6I4qtL3rdpvnp3BjR3d1KfmwsTBeYJrl03vltLBN8twgD7mBabtjcl38u1A
emcgc8qAhz45n+07yVnqRqdMUY3VntqyL2DzasaPhpQHqV0jwWATNMGJilpvOSpn
it5VGZWGVjjHiGtwEGvuWBRi2+4jt02WwrDmlrqoSZxiqXW42XCa9pPn/X+U1UYE
dBJ1iPNc9EEQhr3sIewDAvjy2m4T/4wzY1gpgfiAY1FzgObZXOM3cv11yIAJU0ZX
nnDTgJmRysxvp/at1dEDbza8krIGcBW0tWYvKQdm2kh3m+nTZWI2Btmm+hT60qYX
4pLNkz0WR1nwdzzw0mSYXbPLlFAb8OrKP8fGJKvC6VM8C/Tofp+gWbfGnAFIq0um
hBcCK3hlg/QDdBV3jrIQyX+Vk+W3xe5QMjI8Oem9Jzy/y4MmMjUV7x8X5hd6KiK9
wc5Dt0VL1KgwomYLvrNnl32TAGK+tOVXPRLaFiR9jwsrJZ3GXlsxJO0W2hFjp3wk
GGX/CFqRy228of9ujc+yPi6r9SO4BNT0eelwEbp0Kfs
-> piv-p256 grR75w A4dwZqBbpqrb3KcacC1mupb7Nka8s7RlHfVcc07L1ApC
5xM0zPEnRoA08LEdQDl3qcsOaNXPHgyDJxfRV3ar8cA
-> piv-p256 RQguQQ AgC34mS9BXHs3UM7Xp7e66oMUKAJ7VASdxRCJuWnzZcz
oOFQFWLUkQyGvHvmq2dZHDiE9J4J/wE3NBT1ASHtKRE
--- fbj8iFIYKQvjNminxZ0TLt7S2RSdozKUhq2ARdI1L9s
<EFBFBD>>H<><48><EFBFBD>&<26>3<>L<EFBFBD><4C><,Dv܍c<><63><EFBFBD><EFBFBD><EFBFBD>BI<42>dJ<64>i%<25>gK׳`<60><19><><EFBFBD>g<>9kN<6B>CP<43><50><EFBFBD><EFBFBD><EFBFBD><EFBFBD>b<EFBFBD><62> <09><><EFBFBD><EFBFBD>a<1A><><EFBFBD>s=<1A><>"S

23
secrets/services/gitea/serverrunner-token.age Normal file
View File

@@ -0,0 +1,23 @@
age-encryption.org/v1
-> ssh-ed25519 0qfOZA UTOzjwhqcVLmpf3P/nzO3aGKzKH0YKq04sUbFvMa/FE
a2MMcZXucDEXmy/uU7JapMsboImCGsUiPA2Pr/wB5yQ
-> ssh-rsa VtjGpQ
Nr2g/ocV0oTbZydmcRnESyI4VOJdMGafozm80EMarbQfmeeRCfi76jxct/gpnL00
P/2d/3pfvqbpuGZRg+Q/BCY0Vm2AujJ1P2UTxpnzC42iZu7qKWd5EY4z0Hok53kg
McPh+pgNhugLr4Yh2KHpT27FfJpD/Pmjajg7G78Q9P5uel6SKXIW4uFO4Lp2yLC/
vC52XMqxLrR9moCTr72dQPzd0IIhQ2vN9EtZkBnxUW6zt3ILAYJ06VLAGvVwXIWl
0Wjs3G5g5v+H2e+Em5vIy1hdub/3orEL4racHO0m0binK/IVRJY7sjZDVDrrerFS
SqPORQ3a7jmuHFeHxwAlRcmh/O1gEgAnCZTZRfQzgXI+nfPEzuL0yENd/ksUPBdm
q2zQSv1rrj/tLMtxk4vpG8FkPp5UctaYignvHAp95xC+TR14aDUdT4x4MGboHIxu
l6Q3evVJzblwIl3JbzpP3yOA2k25Y1KI+nVDrTqAdi+Yy4jtIOA+XancIHrpLzAO
21JO1wwGtAsjUDCdhnYSyMcOiRLRHzPoK7o/BGx6b1Uqk2WmWhZnZft9MHPp2RtX
Gv3PBMVjz2CO+f3d8B4akPSApgQ9fw1Vje5fY0CDWdORV7tHDCKb6fmTua2d73Iz
ANrKYonqWhjf3F9u7zzM8/xd593AH/Y+aJo+z0S+Z6I
-> piv-p256 grR75w Ap4du3RBcNdRvbwjQTpP5PPXtNCRuoQePt6ULYEpNM1r
4Qe4c6j7df/TajuxM5Q1qnC/TCBNNI5K9WCDqD4VM1M
-> piv-p256 RQguQQ AoR+aGTAQ6VELef54cGpukkWjeKz37tDbW93ncGWFsrI
KbF1N14PYEQ28a/MePeq7hW9LAgUaNriFo6UO0eBvt4
--- F8GiyUf87+vhg22ldWuC2j5K8WGAK3y5lRDG6yrzBPQ
a<18>$<24>-<2D><>|<7C>h.cr38<33><38><EFBFBD><EFBFBD>Pw<50>3<EFBFBD><19>Nh<4E><68><EFBFBD>B<EFBFBD>j !z^<5E><> b<>8c<38><63><EFBFBD>m<EFBFBD>s<EFBFBD><03><>
<EFBFBD>\<5C>3<EFBFBD><18><><EFBFBD>f<>x3|<7C>Ne<4E>
=:<3A>

Some files were not shown because too many files have changed in this diff Show More