Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:main
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
..
compare: Kabbone:dev
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

14 Commits
main ... dev

Author SHA1 Message Date
Kabbone
1a9f6536ba
services: hydra: typo in nix.conf 2024-05-26 09:07:19 +02:00
Kabbone
c2192190a9
services: add hydra cache and allowed uri 2024-05-25 13:58:24 +02:00
Kabbone
5524c118a9
hydra fix key path 2024-05-25 13:48:07 +02:00
Kabbone
f0650cc939
hydra fix key path 2024-05-25 12:50:05 +02:00
Kabbone
36536b1688
secrets: rekey 2024-05-25 11:58:38 +02:00
Kabbone
b1f699b591
secrets: rekey 2024-05-25 11:06:11 +02:00
Kabbone
82cf3a3218
flake update 2024-05-25 11:00:55 +02:00
Kabbone
f4db077b33
flake restructure 2024-05-25 11:00:23 +02:00
Kabbone
fde868427a
hydra add signing key 2024-05-25 10:50:37 +02:00
Kabbone
c496cd67cf
test hydra jobs 2024-05-20 10:47:26 +02:00
Kabbone
ff266458cc
test hydra jobs 2024-05-20 10:45:14 +02:00
Kabbone
8b319073bf
test hydra jobs 2024-05-20 10:43:26 +02:00
Kabbone
d8155a1747
test hydra jobs 2024-05-20 10:40:18 +02:00
Kabbone
dddd8b5fe3
test hydra jobs 2024-05-20 10:29:52 +02:00
95 changed files with 922 additions and 2088 deletions
Show Stats Expand all files Collapse all files

4
disko/btrfs_luks.nix
View File

@ -47,10 +47,6 @@
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@opt" = {
mountpoint = "/opt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];

11
disko/mount.sh
View File

@ -1,11 +0,0 @@
#!/usr/bin/env bash
disk="/dev/vda"
mountpoint="/mnt"
mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap

430
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1716561646,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -24,12 +24,18 @@
} }
}, },
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1711299236,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", "narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", "rev": "880573f80d09e18a11713f402b9e6172a085449f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -60,6 +66,28 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -76,6 +104,36 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -84,11 +142,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1730504689, "lastModified": 1709336216,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90", "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -97,16 +155,88 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1710146030,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -137,6 +267,28 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -165,11 +317,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735925111, "lastModified": 1716457508,
"narHash": "sha256-/NptDI4njO5hH0ZVQ2yzbvTXmBOabZaGYkjhnMJ37TY=", "narHash": "sha256-ZxzffLuWRyuMrkVVq7wastNUqeO0HJL9xqfY1QsYaqo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ef64efdbaca99f9960f75efab991e4c49e79a5f1", "rev": "850cb322046ef1a268449cf1ceda5fd24d930b05",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -185,27 +337,48 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735344290, "lastModified": 1715381426,
"narHash": "sha256-oJDtWPH1oJT34RJK1FSWjwX4qcGOBRkcNQPD0EbSfNM=", "narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "613691f285dad87694c2ba1c9e6298d04736292d", "rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716448020,
"narHash": "sha256-u1ddoBOILtLVX4NYzqSZ9Qaqusql1M4reLd1fs554hY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "25dedb0d52c20448f6a63cc346df1adbd6ef417e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1734945620, "lastModified": 1708968331,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -222,11 +395,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735330405, "lastModified": 1716618639,
"narHash": "sha256-MhXgu1oymyjhhZGY9yewNonJknNAjilzMGPY1FfMR7s=", "narHash": "sha256-H3kcJDVqDmXZ9IfVtqObL3JUx/a0ERn6gWBTn+7vwN4=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "a86d9cf841eff8b33a05d2bf25788abd8e018dbd", "rev": "a358c56a163b3b7d149571e853a8f75b2c1ceb38",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -240,6 +413,7 @@
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -247,11 +421,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1734994463, "lastModified": 1713369831,
"narHash": "sha256-S9MgfQjNt4J3I7obdLOVY23h+Yl/hnyibwGfOl+1uOE=", "narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "93e6f0d77548be8757c11ebda5c4235ef4f3bc67", "rev": "850f27322239f8cfa56b122cc9a278ab99a49015",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,18 +437,18 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1735074045, "lastModified": 1716382614,
"narHash": "sha256-CeYsC8J2dNiV2FCQOxK1oZ/jNpOF2io7aCEFHmfi95U=", "narHash": "sha256-dwUYl8jyMNKidPEM9gTafcRe+3pUh2rH3ZlBrUpsvnw=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "2ae08de8e8068b00193b9cfbc0acc9dfdda03181", "rev": "a59c3167f673ce29b65c674deb2bee73d151a96c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -283,6 +457,27 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716329735,
"narHash": "sha256-ap51w+VqG21vuzyQ04WrhI2YbWHd3UGz0e7dc/QQmoA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "eac4f25028c1975a939c8f8fba95c12f8a25e01c",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -291,11 +486,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1729697500, "lastModified": 1690328911,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", "narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "nix-github-actions", "repo": "nix-github-actions",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", "rev": "96df4a39c52f53cb7098b923224d8ce941b64747",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -307,11 +502,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1735388221, "lastModified": 1716173274,
"narHash": "sha256-e5IOgjQf0SZcFCEV/gMGrsI0gCJyqOKShBQU0iiM3Kg=", "narHash": "sha256-FC21Bn4m6ctajMjiUof30awPBH/7WjD0M5yqrWepZbY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "7c674c6734f61157e321db595dbfcd8523e04e19", "rev": "d9e0b26202fd500cf3e79f73653cce7f7d541191",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -323,43 +518,43 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735669367, "lastModified": 1716361217,
"narHash": "sha256-tfYRbFhMOnYaM4ippqqid3BaLOXoFNdImrfBfCp4zn0=", "narHash": "sha256-mzZDr00WUiUXVm1ujBVv6A0qRd8okaITyUp4ezYRgc4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "edf04b75c13c2ac0e54df5ec5c543e300f76f1c9", "rev": "46397778ef1f73414b03ed553a3368f0e7e33c2f",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1710695816,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1735834308, "lastModified": 1716330097,
"narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6df24922a1400241dae323af55f30e4318a6ca65", "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -369,12 +564,71 @@
"type": "github" "type": "github"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1716566815,
"narHash": "sha256-WO3MF4W1SrSD0lanU1n7dfuHizeSLfDHJNEir9exlcM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "9d858de2e9ab136d1c53d92af62fed8fccf492ab",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716213921,
"narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
"lanzaboote", "lanzaboote",
"flake-compat" "flake-compat"
], ],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -383,11 +637,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1731363552, "lastModified": 1710923068,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", "narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", "rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -407,22 +661,27 @@
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1731897198, "lastModified": 1711246447,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", "narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", "rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -434,11 +693,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733308308, "lastModified": 1708358594,
"narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=", "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2", "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c",
"revCount": 792, "revCount": 614,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@ -476,6 +735,57 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

32
flake.nix
View File

@ -12,7 +12,7 @@
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = # All flake references used to build my NixOS setup. These are dependencies.
{ {
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = { microvm = {
@ -23,7 +23,7 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-24.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -38,36 +38,32 @@
}; };
jovian-nixos = { jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS"; url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/master"; url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
rec { rec {
nixosConfigurations = ( # NixOS configurations nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here. inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here.
nix.allowedUsers = [ "@wheel" ]; nix.allowedUsers = [ "@wheel" ];
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
} }
); );
hydraJobs = { hydraJobs."steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
"steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = nixosConfigurations.hades.config.system.build.toplevel;
"nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
"jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
"lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
"kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
};
}; };

54
hosts/configuration_desktop.nix
View File

@ -58,12 +58,12 @@
# }; # };
}; };
#sound = { # ALSA sound enable sound = { # ALSA sound enable
## #enable = true; #enable = true;
# mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true; mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
# enable = true; enable = true;
# }; };
#}; };
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
@ -74,6 +74,11 @@
corefonts # MS corefonts # MS
intel-one-mono intel-one-mono
cascadia-code cascadia-code
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
]; ];
environment = { environment = {
@ -90,7 +95,6 @@
pciutils pciutils
usbutils usbutils
wget wget
file
powertop powertop
cpufrequtils cpufrequtils
lm_sensors lm_sensors
@ -104,17 +108,14 @@
age-plugin-yubikey age-plugin-yubikey
pwgen pwgen
cryptsetup cryptsetup
python311Packages.powerline powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv direnv
linuxPackages_latest.cpupower linuxPackages_latest.cpupower
linuxPackages_latest.turbostat
btop btop
sbctl sbctl
ausweisapp
e2fsprogs
]; ];
}; };
@ -130,13 +131,23 @@
}; };
openssh = { # SSH: secure shell (remote connection to shell of server) openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip> enable = true; # local: $ ssh <user>@<ip>
settings = { # public:
PasswordAuthentication = false; # - port forward 22 TCP to server
PermitRootLogin = "no"; # - in case you want to use the domain name insted of the ip:
}; # - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
# extraConfig = '' # extraConfig = ''
# HostKeyAlgorithms +ssh-rsa # HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole # ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
}; };
pcscd.enable = true; pcscd.enable = true;
yubikey-agent.enable = true; yubikey-agent.enable = true;
@ -151,17 +162,6 @@
fwupd.enable = true; fwupd.enable = true;
}; };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
};
#xdg.portal = { # Required for flatpak #xdg.portal = { # Required for flatpak
# enable = true; # enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; # extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@ -185,7 +185,7 @@
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
enable = false; enable = true;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config"; flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m"; randomizedDelaySec = "5m";
allowReboot = true; allowReboot = true;

28
hosts/configuration_server.nix
View File

@ -13,6 +13,8 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
[ [
#../modules/editors/nvim # ! Comment this out on first install ! #../modules/editors/nvim # ! Comment this out on first install !
@ -47,22 +49,24 @@
keyMap = "us"; # or us/azerty/etc keyMap = "us"; # or us/azerty/etc
}; };
security = { security.rtkit.enable = true;
rtkit.enable = true; security.pki.certificateFiles = [
pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
]; ];
};
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
cascadia-code
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
intel-one-mono (nerdfonts.override { # Nerdfont Icons override
cascadia-code fonts = [
"FiraCode"
];
})
]; ];
environment = { environment = {
@ -70,7 +74,6 @@
TERMINAL = "alacritty"; TERMINAL = "alacritty";
EDITOR = "nvim"; EDITOR = "nvim";
VISUAL = "nvim"; VISUAL = "nvim";
BROWSER = "firefox";
}; };
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [ # Default packages install system-wide
vim vim
@ -87,15 +90,13 @@
agenix.packages.x86_64-linux.default agenix.packages.x86_64-linux.default
ffmpeg ffmpeg
smartmontools smartmontools
cryptsetup powerline
python311Packages.powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv
linuxPackages_latest.cpupower
btop btop
htop htop
direnv
]; ];
}; };
@ -131,9 +132,6 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update

76
hosts/default.nix
View File

@ -11,7 +11,7 @@
# └─ ./home.nix # └─ ./home.nix
# #
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: { lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }:
let let
user = "kabbone"; user = "kabbone";
@ -31,16 +31,16 @@ let
in in
{ {
hades = lib.nixosSystem { # Desktop profile desktop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote; }; specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop ./desktop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix
../modules/hardware/remoteBuilder.nix ../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
@ -58,38 +58,16 @@ in
]; ];
}; };
lifebook = lib.nixosSystem { # Laptop profile laptop = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; };
modules = [
agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./lifebook
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
};
}
];
};
nbf5 = lib.nixosSystem { # Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./nbf5 ./laptop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
@ -97,7 +75,7 @@ in
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./nbf5/home.nix)]; imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)];
}; };
} }
]; ];
@ -113,6 +91,9 @@ in
./steamdeck ./steamdeck
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager { home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
@ -133,7 +114,6 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./server ./server
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -156,7 +136,6 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./kabtop ./kabtop
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -177,8 +156,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./nasbackup ./nasbackup
./configuration_server.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -199,8 +178,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./jupiter ./jupiter
./configuration_server.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix ../modules/hardware/remoteClient.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -215,28 +194,6 @@ in
]; ];
}; };
kabtopci = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
};
}
];
};
dmz = lib.nixosSystem { # Desktop profile dmz = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
@ -245,7 +202,6 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./dmz ./dmz
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {

36
hosts/desktop/default.nix
View File

@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, lib, ... }: { config, nixpkgs, pkgs, user, lib, nixvim, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
@ -61,6 +61,17 @@
# ]; # ];
# }; # };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
@ -68,15 +79,15 @@
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; drivers = [ pkgs.gutenprint ];
}; };
avahi = { # Needed to find wireless printer #avahi = { # Needed to find wireless printer
enable = true; # enable = true;
nssmdns4 = true; # nssmdns = true;
publish = { # Needed for detecting the scanner # publish = { # Needed for detecting the scanner
enable = true; # enable = true;
addresses = true; # addresses = true;
userServices = true; # userServices = true;
}; # };
}; #};
hardware.openrgb = { hardware.openrgb = {
enable = true; enable = true;
motherboard = "amd"; motherboard = "amd";
@ -84,4 +95,9 @@
}; };
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
} }

43
hosts/desktop/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" "nct6775" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
@ -34,7 +34,6 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@ -57,39 +56,6 @@
}; };
}; };
}; };
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
requires = [ "network-online.target" ];
}; };
}; };
@ -155,18 +121,13 @@
networkmanager = { networkmanager = {
enable = false; enable = false;
}; };
firewall = {
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
};
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = "eno1"; matchConfig.Name = "enp34s0";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {

7
hosts/desktop/home.nix
View File

@ -31,11 +31,12 @@
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop element-desktop
#nheko nheko
pulsemixer pulsemixer
#yubioath-flutter #yubioath-flutter
nitrokey-app nitrokey-app
kicad kicad
yuzu-mainline
# Display # Display
#light # xorg.xbacklight not supported. Other option is just use xrandr. #light # xorg.xbacklight not supported. Other option is just use xrandr.
@ -46,6 +47,10 @@
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets services = { # Applets
blueman-applet.enable = true; # Bluetooth blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network network-manager-applet.enable = true; # Network

2
hosts/dmz/default.nix
View File

@ -47,7 +47,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

7
hosts/dmz/hardware-configuration.nix
View File

@ -83,14 +83,11 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
}; };
dns = [
"192.168.101.1"
];
}; };
}; };
}; };
@ -100,7 +97,7 @@
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ ];
}; };
}; };

82
hosts/fuji/default.nix
View File

@ -1,82 +0,0 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

138
hosts/fuji/hardware-configuration.nix
View File

@ -1,138 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
};
firewall = {
enable = true;
#allowedUDPPorts = [ 24727 ];
#allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

45
hosts/fuji/home.nix
View File

@ -1,45 +0,0 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
#nheko
pulsemixer
];
};
services = { # Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

31
hosts/home.nix
View File

@ -16,10 +16,9 @@
# #
{ config, lib, pkgs, user, ... }: { config, lib, pkgs, user, ... }:
#{ config, lib, pkgs, user, ... }:
{ {
imports = imports = # Home Manager Modules
(import ../modules/editors) ++ (import ../modules/editors) ++
(import ../modules/programs) ++ (import ../modules/programs) ++
(import ../modules/programs/configs) ++ (import ../modules/programs/configs) ++
@ -53,6 +52,7 @@
# VideAudio # VideAudio
mpv # Media Player mpv # Media Player
youtube-dl
# Apps # Apps
galculator galculator
@ -73,17 +73,14 @@
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files unzip # Zip files
unrar # Rar files unrar # Rar files
epapirus-icon-theme papirus-icon-theme
arc-theme
# General configuration # Genel configuration
keepassxc keepassxc
libreoffice libreoffice
gimp
# Flatpak # Flatpak
prusa-slicer prusa-slicer
orca-slicer
#vscodium #vscodium
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
@ -93,29 +90,25 @@
#ms-python.python #ms-python.python
ms-vscode.cpptools ms-vscode.cpptools
dracula-theme.theme-dracula dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
]; ];
}) })
sdkmanager
android-tools
]; ];
file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg; file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
# pointerCursor = { # This will set cursor systemwide so applications can not choose their own pointerCursor = { # This will set cursor systemwide so applications can not choose their own
# name = "Dracula-cursors"; name = "Dracula-cursors";
# package = pkgs.dracula-theme; package = pkgs.dracula-theme;
# size = 16; size = 16;
# gtk.enable = true; gtk.enable = true;
# }; };
stateVersion = "23.05"; stateVersion = "23.05";
}; };
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
alacritty = {
settings.font.size = 11;
};
}; };

4
hosts/jupiter/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
@ -61,7 +61,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

44
hosts/jupiter/hardware-configuration.nix
View File

@ -50,7 +50,6 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@ -189,24 +188,35 @@
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = { networking = {
hostName = "jupiter"; hostName = "jupiter";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
useDHCP = false; # For versatility sake, manually edit IP on nm-applet. networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];
@ -218,7 +228,7 @@
powerManagement = { powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave"; cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true; powertop.enable = true;
#scsiLinkPolicy = "med_power_with_dipm"; scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = '' powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
''; '';

23
hosts/kabtop/default.nix
View File

@ -24,7 +24,8 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server); # Server Services (import ../../modules/services/server) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@ -61,22 +62,22 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true; qemuGuest.enable = true;
#avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
# enable = true; enable = true;
# nssmdns = true; nssmdns = true;
# publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
# enable = true; enable = true;
# addresses = true; addresses = true;
# userServices = true; userServices = true;
# }; };
#}; };
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;

1
hosts/kabtop/hardware-configuration.nix
View File

@ -52,7 +52,6 @@
subvolume = { subvolume = {
"@" = {}; "@" = {};
"@home" = {}; "@home" = {};
"@var" = {};
}; };
}; };
}; };

45
hosts/kabtopci/default.nix
View File

@ -1,45 +0,0 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker
(import ../../modules/services/kabtopci); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
}

108
hosts/kabtopci/hardware-configuration.nix
View File

@ -1,108 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "195.90.221.87";
prefixLength = 22;
} ];
ipv6.addresses = [ {
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "195.90.220.1";
defaultGateway6 = {
address = "2a00:6800:3::1";
interface = "ens3";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtopci/home.nix
View File

@ -1,39 +0,0 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

10
hosts/nbf5/default.nix → hosts/laptop/default.nix
View File

@ -58,7 +58,15 @@
}; };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
}; };
services = { services = {
@ -78,7 +86,7 @@
}; };
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

0
hosts/nbf5/hardware-configuration.nix → hosts/laptop/hardware-configuration.nix
View File

0
hosts/nbf5/home.nix → hosts/laptop/home.nix
View File

85
hosts/lifebook/default.nix
View File

@ -1,85 +0,0 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ lib, config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = [ "${./patched-SSDT4}" ];
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
];
};
programs = { # No xbacklight, this is the alterantive
light.enable = true;
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#tailscale.enable = true;
};
}

223
hosts/lifebook/hardware-configuration.nix
View File

@ -1,223 +0,0 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = ''
options i915 enable_guc=3
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
#checkReversePath = false;
enable = true;
allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
powertop.enable = true;
};
}

53
hosts/lifebook/home.nix
View File

@ -1,53 +0,0 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

BIN
hosts/lifebook/patched-SSDT4
View File

Binary file not shown.

2
hosts/nas/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };

4
hosts/nasbackup/default.nix
View File

@ -45,7 +45,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
@ -53,7 +53,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns4 = true; nssmdns = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

101
hosts/nasbackup/hardware-configuration.nix
View File

@ -51,7 +51,7 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ]; extraPackages = [ pkgs.lz4 ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@ -78,7 +78,6 @@
bak = { bak = {
onCalendar = "weekly"; onCalendar = "weekly";
settings = { settings = {
stream_buffer = "265m";
stream_compress = "lz4"; stream_compress = "lz4";
incremental = "yes"; incremental = "yes";
snapshot_create = "no"; snapshot_create = "no";
@ -88,35 +87,20 @@
snapshot_preserve_min = "all"; snapshot_preserve_min = "all";
target_preserve_min = "no"; target_preserve_min = "no";
target_preserve = "4w 2m"; target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk"; ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk"; ssh_user = "btrbk";
volume = { volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = { "ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/Mars";
subvolume = { subvolume = {
"@nas" = { "@nas" = {};
target = "/mnt/nas/Backups/Mars";
};
"@hades/@home" = {
target = "/mnt/nas/Backups/Hades";
snapshot_dir = "@snapshots/@hades";
};
"@lifebook/@home" = {
target = "/mnt/nas/Backups/Lifebook";
snapshot_dir = "@snapshots/@lifebook";
};
# "@steamdeck/@home" = {
# target = "/mnt/nas/Backups/Steamdeck";
# snapshot_dir = "@snapshots/@steamdeck";
# };
}; };
}; };
}; };
volume = { volume = {
"ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = { "ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto"; target = "/mnt/nas/Backups/Pluto";
subvolume = { subvolume = {
"@/Games" = {}; "@/Games" = {};
@ -129,16 +113,36 @@
}; };
}; };
}; };
# lf = {
# onCalendar = "daily";
# settings = {
# incremental = "yes";
# snapshot_create = "ondemand";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve = "2m 2w 5d";
# snapshot_preserve_min = "latest";
#
# volume = {
# "/mnt/snapshots/Pluto" = {
# snapshot_create = "always";
# subvolume = {
# "@" = {};
# "@/Backups" = {};
# "@/Games" = {};
# "@/IT" = {};
# "@/Media" = {};
# "@/Pictures" = {};
# "@/Rest" = {};
# };
# };
# };
# };
# };
}; };
}; };
systemd.services = {
btrbk-bak = {
requires = [ "network-online.target" ];
};
};
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
@ -194,24 +198,35 @@
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = { networking = {
hostName = "nasbak"; hostName = "nasbak";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
useDHCP = false; # For versatility sake, manually edit IP on nm-applet. networkmanager = {
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];

20
hosts/server/default.nix
View File

@ -57,22 +57,22 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-curses; pinentryFlavor = "curses";
}; };
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true; qemuGuest.enable = true;
#avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
# enable = true; enable = true;
# nssmdns = true; nssmdns = true;
# publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
# enable = true; enable = true;
# addresses = true; addresses = true;
# userServices = true; userServices = true;
# }; };
#}; };
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;

8
hosts/steamdeck/default.nix
View File

@ -59,7 +59,15 @@
# }; # };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryFlavor = "curses";
};
}; };
services = { services = {

77
hosts/steamdeck/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ]; kernelModules = [ ];
systemd.enable = true; systemd.enable = true;
luks = { luks = {
@ -50,66 +50,33 @@
udev.extraRules = '' udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
''; '';
};
btrbk = { services.btrbk = {
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
settings = { settings = {
incremental = "yes"; incremental = "yes";
snapshot_create = "ondemand"; snapshot_create = "ondemand";
snapshot_dir = "@snapshots"; snapshot_dir = "@snapshots";
timestamp_format = "long"; timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = { volume = {
"/mnt/snapshots/root" = { "/mnt/snapshots/root" = {
snapshot_create = "always"; snapshot_create = "always";
subvolume = { subvolume = {
"@home" = {}; "@home" = {};
};
}; };
}; };
}; };
}; };
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
}; };
}; };
}; };
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
fileSystems."/" = fileSystems."/" =
{ device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
@ -204,9 +171,9 @@
#nameservers = [ "192.168.0.4" ]; #nameservers = [ "192.168.0.4" ];
firewall = { firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
enable = true; # enable = false;
allowedUDPPorts = [ 24727 ]; # #allowedUDPPorts = [ 53 67 ];
allowedTCPPorts = [ 24727 ]; # #allowedTCPPorts = [ 53 80 443 9443 ];
}; };
}; };

4
hosts/steamdeck/home.nix
View File

@ -43,6 +43,10 @@
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets services = { # Applets
}; };

5
modules/hardware/backup.nix
View File

@ -9,10 +9,7 @@
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ]; roles = [ "source" "info" "send" ];
} }
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = [ "target" "info" "receive" "delete" ];
}
]; ];
extraPackages = [ pkgs.lz4 ];
}; };
} }

9
modules/hardware/hydraCache.nix
View File

@ -6,15 +6,10 @@
settings = { settings = {
extra-trusted-public-keys = [ extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII=" "hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
]; ];
extra-substituters = [ extra-trusted-substituters = [
"https://steamdeck.cachix.org" "http://dmz.home.opel-online.de:3000/project/jovian/channel/latest"
"https://cache.ci.kabtop.de"
]; ];
#extra-trusted-substituters = [
# "https://cache.home.opel-online.de"
#];
}; };
}; };

5
modules/programs/alacritty.nix
View File

@ -15,7 +15,6 @@
enable = true; enable = true;
package = pkgs.alacritty; package = pkgs.alacritty;
settings = { settings = {
env.term = "screen-256color";
font = rec { # Font - Laptop has size manually changed at home.nix font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "FiraCode Nerd Font"; #normal.family = "FiraCode Nerd Font";
normal.family = "Cascadia Code"; normal.family = "Cascadia Code";
@ -23,6 +22,10 @@
#bold = { style = "Bold"; }; #bold = { style = "Bold"; };
# size = 8; # size = 8;
}; };
offset = { # Positioning
x = -1;
y = 0;
};
}; };
}; };
}; };

2
modules/programs/default.nix
View File

@ -12,7 +12,7 @@
[ [
./alacritty.nix ./alacritty.nix
# ./rofi.nix ./rofi.nix
./firefox.nix ./firefox.nix
#./waybar.nix #./waybar.nix
#./games.nix #./games.nix

86
modules/services/dmz/hydra.nix
View File

@ -1,77 +1,23 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
{ {
services = { services.hydra = {
hydra = { enable = true;
enable = true; hydraURL = "http://localhost:3000";
hydraURL = "https://hydra.home.opel-online.de"; notificationSender = "hydra@localhost";
listenHost = "127.0.0.1"; useSubstitutes = true;
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
}; };
networking.firewall = {
enable = true;
#allowedUDPPorts = [ ];
allowedTCPPorts = [ 3000 ];
};
nix = { nix = {
settings = { settings.trusted-users = [
trusted-users = [ "hydra"
"hydra" ];
];
allowed-uris = "http:// https://";
};
extraOptions = '' extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path} secret-key-files = ${config.age.secrets."keys/nixsign".path}
@ -82,10 +28,6 @@
file = ../../../secrets/keys/nixservepriv.age; file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra"; owner = "hydra";
}; };
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
} }

19
modules/services/kabtopci/default.nix
View File

@ -1,19 +0,0 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

59
modules/services/kabtopci/gitea_runner.nix
View File

@ -1,59 +0,0 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

82
modules/services/kabtopci/hydra.nix
View File

@ -1,82 +0,0 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

129
modules/services/kabtopci/microvm.nix
View File

@ -1,129 +0,0 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 3096;
balloonMem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

31
modules/services/kanshi.nix
View File

@ -7,34 +7,31 @@
{ {
services.kanshi = { services.kanshi = {
enable = true; enable = true;
settings = [ profiles = {
{ undocked = {
profile = {
name = "undocked";
outputs = [ outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; } { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
]; ];
}; };
} #docked_c = {
{ # outputs = [
profile = { # { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; }
name = "docked_c"; # { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; }
# ];
#};
docked_c = {
outputs = [ outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; } { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; } { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
]; ];
}; };
} docked_triple = {
{
profile = {
name = "docked_triple";
outputs = [ outputs = [
{ criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; } { criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
{ criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; } { criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; } { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
]; ];
}; };
} };
];
}; };
} }

2
modules/services/nas/default.nix
View File

@ -12,8 +12,6 @@
[ [
./nfs.nix ./nfs.nix
./nginx.nix
./vaultwarden.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

53
modules/services/nas/nginx.nix
View File

@ -1,53 +0,0 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
networking.firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

38
modules/services/nas/vaultwarden.nix
View File

@ -1,38 +0,0 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
environmentFile = config.age.secrets."services/vaultwarden/environment".path;
config = {
DOMAIN = "https://vault.home.opel-online.de";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
services.nginx = {
virtualHosts = {
"vault.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
age.secrets."services/vaultwarden/environment" = {
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
};
}

3
modules/services/server/default.nix
View File

@ -17,7 +17,8 @@
./nextcloud.nix ./nextcloud.nix
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
# ./ollama.nix ./jitsi.nix
./ollama.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

1
modules/services/server/matrix.nix
View File

@ -139,6 +139,7 @@ in {
"/var/log/mautrix-signal" "/var/log/mautrix-signal"
]; ];
NoNewPrivileges=true; NoNewPrivileges=true;
MemoryDenyWriteExecute=true;
PrivateDevices=true; PrivateDevices=true;
PrivateTmp=true; PrivateTmp=true;
ProtectHome=true; ProtectHome=true;

57
modules/services/server/nextcloud.nix
View File

@ -9,20 +9,15 @@
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
https = true; https = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud27;
database.createLocally = false; database.createLocally = false;
notify_push.enable = false; logType = "file";
maxUploadSize = "512M";
caching = { caching = {
redis = true; redis = true;
apcu = false; apcu = false;
}; };
settings = { extraOptions = {
log_type = "file";
logfile = "nextcloud.log"; logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
redis = { redis = {
host = "/run/redis-nextcloud/redis.sock"; host = "/run/redis-nextcloud/redis.sock";
port = 0; port = 0;
@ -30,7 +25,6 @@
"memcache.local" = "\\OC\\Memcache\\Redis"; "memcache.local" = "\\OC\\Memcache\\Redis";
"memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis";
"maintenance_window_start" = "1";
}; };
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
@ -40,6 +34,8 @@
adminuser = "kabbone"; adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path; adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path; dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
overwriteProtocol = "https";
defaultPhoneRegion = "DE";
}; };
phpOptions = { phpOptions = {
"opcache.interned_strings_buffer" = "16"; "opcache.interned_strings_buffer" = "16";
@ -47,15 +43,15 @@
#autoUpdateApps.enable = true; #autoUpdateApps.enable = true;
}; };
# services.onlyoffice = { services.onlyoffice = {
# enable = true; enable = true;
# hostname = "docs.cloud.kabtop.de"; hostname = "docs.cloud.kabtop.de";
# postgresName = "onlyoffice"; postgresName = "onlyoffice";
# postgresHost = "localhost"; postgresHost = "localhost";
# postgresUser = "onlyoffice"; postgresUser = "onlyoffice";
# postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path; postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
# jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path; jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
# }; };
services.redis = { services.redis = {
vmOverCommit = true; vmOverCommit = true;
@ -73,11 +69,10 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
# "${config.services.onlyoffice.hostname}" = { "${config.services.onlyoffice.hostname}".listen = [ {
# enableACME = true; addr = "127.0.0.1"; port = 8080;
# forceSSL = true; } ];
# }; };
# };
}; };
age.secrets."services/nextcloud/dbpassFile" = { age.secrets."services/nextcloud/dbpassFile" = {
@ -88,14 +83,14 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age; file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud"; owner = "nextcloud";
}; };
# age.secrets."services/nextcloud/onlyofficedb" = { age.secrets."services/nextcloud/onlyofficedb" = {
# file = ../../../secrets/services/nextcloud/onlyofficedb.age; file = ../../../secrets/services/nextcloud/onlyofficedb.age;
# owner = "onlyoffice"; owner = "onlyoffice";
# }; };
# age.secrets."services/nextcloud/onlyofficejwt" = { age.secrets."services/nextcloud/onlyofficejwt" = {
# file = ../../../secrets/services/nextcloud/onlyofficejwt.age; file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
# owner = "onlyoffice"; owner = "onlyoffice";
# }; };
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = ["postgresql.service"];

21
modules/services/server/postgresql.nix
View File

@ -5,10 +5,9 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ ./postgresql_upgrade.nix ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_16; package = pkgs.postgresql_15;
settings = { settings = {
max_connections = 200; max_connections = 200;
listen_addresses = "localhost"; listen_addresses = "localhost";
@ -21,15 +20,15 @@
timezone = "Europe/Berlin"; timezone = "Europe/Berlin";
}; };
authentication = pkgs.lib.mkOverride 14 '' authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer local all postgres peer
host giteadb gitea localhost scram-sha-256 host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256 host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256 host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256 host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256 host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256 host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256 host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer local onlyoffice onlyoffice peer
''; '';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path; initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
}; };

33
modules/services/server/postgresql_upgrade.nix
View File

@ -1,33 +0,0 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_16.withPackages (pp: [
# pp.plv8
]);
cfg = config.services.postgresql;
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

2
modules/shell/git.nix
View File

@ -16,9 +16,7 @@
}; };
extraConfig = { extraConfig = {
gpg = { format = "ssh"; }; gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
}; };
difftastic.enable = true;
}; };
}; };
} }

20
modules/shell/tmux.nix
View File

@ -19,22 +19,22 @@
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; [
yank yank
sidebar sidebar
# { {
# plugin = dracula; # plugin = dracula;
# extraConfig = " # extraConfig = "
# set -g @dracula-show-powerline true # set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time' # set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true # set -g @dracula-border-contrast true
# "; # ";
# plugin = catppuccin; plugin = catppuccin;
# extraConfig = " extraConfig = "
# set -g @catppuccin_flavour 'macchiato' set -g @catppuccin_flavour 'macchiato'
# set -g @catppuccin_window_tabs_enabled 'on' set -g @catppuccin_window_tabs_enabled 'on'
# set -g @catppuccin_host 'on' set -g @catppuccin_host 'on'
# set -g @catppuccin_user 'on' set -g @catppuccin_user 'on'
# set -g @catppuccin_date_time '%Y-%m-%d %H:%M' set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
# "; ";
# } }
]; ];
extraConfig = '' extraConfig = ''
set -g mouse on set -g mouse on

7
modules/shell/zsh.nix
View File

@ -9,7 +9,7 @@
zsh = { zsh = {
enable = true; enable = true;
dotDir = ".config/zsh_nix"; dotDir = ".config/zsh_nix";
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
history.size = 10000; history.size = 10000;
@ -27,6 +27,10 @@
''; '';
initExtra = '' # Zsh theme initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit
@ -36,7 +40,6 @@
# Swag # Swag
pfetch # Show fetch logo on terminal start pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
''; '';
}; };
}; };

7
modules/themes/.gitattributes vendored
View File

@ -1,7 +0,0 @@
nixos-wallpaper-catppuccin-mocha.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.src.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.png filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-binary-black.png filter=lfs diff=lfs merge=lfs -text
lockwall.jpg filter=lfs diff=lfs merge=lfs -text
nuka_col.jpg filter=lfs diff=lfs merge=lfs -text
wall.jpg filter=lfs diff=lfs merge=lfs -text

BIN
modules/themes/lockwall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 131 B

After

Width:  |  Height:  |  Size: 285 KiB

BIN
modules/themes/nix-wallpaper-binary-black.png (Stored with Git LFS)
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.png (Stored with Git LFS)
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.src.svg (Stored with Git LFS)
View File

Binary file not shown.

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.svg (Stored with Git LFS)
View File

Binary file not shown.

BIN
modules/themes/nuka_col.jpg (Stored with Git LFS)
View File

Binary file not shown.

1
modules/themes/wall.jpg
View File

@ -1 +0,0 @@
nixos-wallpaper-catppuccin-mocha.svg
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 B

After

Width:  |  Height:  |  Size: 242 KiB

BIN
modules/themes/wall.jpg Normal file
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 B

After

Width:  |  Height:  |  Size: 242 KiB

22
modules/wm/kde/default.nix
View File

@ -16,20 +16,18 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
flatpak flatpak
# rocmPackages.clr.icd rocmPackages.clr.icd
# rocmPackages.clr rocmPackages.clr
# clinfo clinfo
kdePackages.discover libsForQt5.discover
maliit-keyboard maliit-keyboard
maliit-framework
]; ];
services = { services = {
packagekit.enable = true; packagekit.enable = true;
desktopManager.plasma6.enable = true; xserver = {
# xserver = { enable = true;
# enable = true; desktopManager.plasma5.enable = true;
# desktopManager.plasma5.enable = true;
# displayManager = { # displayManager = {
# gdm.wayland = true; # gdm.wayland = true;
# gdm.enable = true; # gdm.enable = true;
@ -43,10 +41,8 @@
# autoLogin.enable = true; # autoLogin.enable = true;
# autoLogin.user = "kabbone"; # autoLogin.user = "kabbone";
# }; # };
# }; };
flatpak.enable = true; flatpak.enable = true;
udev.packages = with pkgs; [ gnome-settings-daemon ]; udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
}; };
qt.platformTheme = "kde";
} }

1
modules/wm/kde/home.nix
View File

@ -13,5 +13,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
} }

9
modules/wm/steam/default.nix
View File

@ -22,7 +22,7 @@
enable = true; enable = true;
user = "kabbone"; user = "kabbone";
autoStart = true; autoStart = true;
desktopSession = "plasma"; desktopSession = "plasmawayland";
}; };
devices.steamdeck = { devices.steamdeck = {
enable = true; enable = true;
@ -30,9 +30,10 @@
decky-loader.enable = true; decky-loader.enable = true;
}; };
hardware.graphics = { hardware.opengl = {
enable = true; enable = true;
enable32Bit = true; driSupport = true;
driSupport32Bit = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

2
modules/wm/steam/home.nix
View File

@ -18,7 +18,7 @@
steam steam
jq jq
appimage-run appimage-run
zenity gnome.zenity
unzip unzip
fuse fuse
]; ];

10
modules/wm/sway/default.nix
View File

@ -16,6 +16,12 @@
{ {
imports = [ ../waybar.nix ]; imports = [ ../waybar.nix ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment = { environment = {
loginShellInit = '' loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
@ -35,8 +41,6 @@
rocmPackages.clr rocmPackages.clr
clinfo clinfo
waybar waybar
rot8
glib
]; ];
}; };
@ -47,7 +51,7 @@
export MOZ_WEBRENDER="1"; export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2"; export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1"; export MOZ_DBUS_REMOTE="1";
export WLR_RENDERER="vulkan"; #export GDK_BACKEND="wayland";
export LIBVA_DRIVER_NAME="iHD"; export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD"; export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland"; export XDG_SESSION_TYPE="wayland";

125
modules/wm/sway/home.nix
View File

@ -18,9 +18,8 @@
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false;
config = rec { config = rec {
menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons"; menu = "${pkgs.bemenu}/bin/bemenu-run -m -1 --hf '#ffff00' --tf '#888888' --nf '#00ff40' --hb '#424242' | xargs ${pkgs.sway}/bin/swaymsg exec --";
left = "m"; left = "m";
down = "n"; down = "n";
up = "e"; up = "e";
@ -31,9 +30,8 @@
input = { input = {
"type:keyboard" = { "type:keyboard" = {
xkb_layout = "us,de"; xkb_layout = "us";
xkb_variant = "altgr-intl,"; xkb_variant = "altgr-intl";
xkb_options = "grp:win_space_toggle";
}; };
"type:touchpad" = { "type:touchpad" = {
tap = "enabled"; tap = "enabled";
@ -61,7 +59,7 @@
}; };
"DP-3" = { "DP-3" = {
mode = "1920x1200"; mode = "1920x1200";
pos = "2560,180"; pos = "2560,120";
}; };
#"eDP-1" = { #"eDP-1" = {
# mode = "1920x1080"; # mode = "1920x1080";
@ -88,11 +86,11 @@
}; };
startup = [ startup = [
{ command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; } #{ command = "$HOME/.config/sway/scripts/2in1screen"; }
{ command = "xrdb -load ~/.Xresources"; } { command = "xrdb -load ~/.Xresources"; }
# { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; } { command = "gsettings set org.gnome.desktop.interface gtk-theme Arc"; }
# { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; } { command = "gsettings set org.gnome.desktop.interface icon-theme ePapirus"; }
# { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; } { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; } #{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{ command = "${pkgs.thunderbird}/bin/thunderbird"; } { command = "${pkgs.thunderbird}/bin/thunderbird"; }
{ command = "${pkgs.firefox}/bin/firefox"; } { command = "${pkgs.firefox}/bin/firefox"; }
@ -119,7 +117,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; } { command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; } { command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; } { command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; } { command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; } { command = "floating enable"; criteria = { class = "pop-up"; }; }
]; ];
@ -156,28 +154,27 @@
"${alt}+Shift+${right}" = "move container to workspace next, workspace next"; "${alt}+Shift+${right}" = "move container to workspace next, workspace next";
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled"; "XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5 && ${config.cmds.notifications.volume}";
"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5 && ${config.cmds.notifications.volume}";
"XF86AudioMute" = "exec pulsemixer --toggle-mute && ${config.cmds.notifications.volume}";
#"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5";
#"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5";
#"XF86AudioMute" = "exec pulsemixer --toggle-mute";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5% && ${config.cmds.notifications.brightness}";
"XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5% && ${config.cmds.notifications.brightness}";
"XF86AudioPlay" = "exec playerctl play-pause"; "XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next"; "XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous"; "XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop"; "XF86AudioStop" = "exec playerctl stop";
# Sink volume raise optionally with --device #XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise"; #XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower"; #XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
# Sink volume toggle mute #XF86AudioPlay = "exec ~/.config/waybar/scripts/toggle-play";
"XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle"; #XF86AudioNext = "exec playerctl --player=spotify next";
# Source volume toggle mute #XF86AudioPrev = "exec playerctl --player=spotify previous";
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"${mod}+${left}" = "focus left"; "${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down"; "${mod}+${down}" = "focus down";
"${mod}+${up}" = "focus up"; "${mod}+${up}" = "focus up";
@ -241,13 +238,12 @@
export MOZ_WEBRENDER="1"; export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2"; export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1"; export MOZ_DBUS_REMOTE="1";
export WLR_RENDERER="vulkan"; #export GDK_BACKEND="wayland";
export LIBVA_DRIVER_NAME="iHD"; export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD"; export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland"; export XDG_SESSION_TYPE="wayland";
export XDG_CURRENT_DESKTOP="sway"; export XDG_CURRENT_DESKTOP="sway";
#export QT_QPA_PLATFORMTHEME="wayland-egl"; export QT_QPA_PLATFORMTHEME="wayland-egl";
export QT_QPA_PLATFORMTHEME="qt6ct";
export GST_VAAPI_ALL_DRIVERS="1"; export GST_VAAPI_ALL_DRIVERS="1";
export GTK_THEME="Arc"; export GTK_THEME="Arc";
export _JAVA_AWT_WM_NONREPARENTING="1"; export _JAVA_AWT_WM_NONREPARENTING="1";
@ -265,8 +261,7 @@
''; '';
}; };
programs = { programs.swaylock = {
swaylock = {
enable = true; enable = true;
settings = { settings = {
color = "000000"; color = "000000";
@ -274,59 +269,19 @@
indicator-caps-lock = true; indicator-caps-lock = true;
show-keyboard-layout = true; show-keyboard-layout = true;
}; };
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
};
}; };
services = { services.swayidle = {
swayidle = { enable = true;
enable = true; events = [
events = [ { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; } { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; } { event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } ];
]; timeouts = [
timeouts = [ { timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; } { timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } ];
];
};
swayosd.enable = true;
}; };
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
} }

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

8
secrets/secrets.nix
View File

@ -20,7 +20,6 @@ let
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+"; server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah"; dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz"; nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
@ -59,11 +58,6 @@ let
]; ];
buildServer = [ buildServer = [
hades hades
kabtopci
dmz
];
homeServices = [
jupiter
dmz dmz
]; ];
in in
@ -85,8 +79,6 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/vaultwarden/environment.age".publicKeys = homeServices ++ users;
"services/acme/opel-online.age".publicKeys = homeServices ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users; "keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }

BIN
secrets/services/acme/opel-online.age
View File

Binary file not shown.

42
secrets/services/coturn/static-auth.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ yMHHDZg+ZqoX3BGPI9Ruqbj051Ewsyxc207Ne0EJ6k0 -> ssh-ed25519 neExcQ zATy64IKJIShLHyKMY1sbnZszJRSeI29TPS4ev5iTUU
LD+wq4I8s/Fc6znNE6WRMba0u1BU5Mi6VKcyBk6xTZo 2z31wYDfKiNvB1q59+9kDrf/Nz0F+7yrmubZDbvnKHY
-> ssh-ed25519 WiIaQQ KmHrRHx9vaSMaHUWcMZKRApR9KWntU07umf1mZekRQk -> ssh-ed25519 WiIaQQ 9EF6O0TiYpuUJdA4/G+bNz4KK1AgxP0dzlNYt7CYOmM
/wumFHGj1am02zQ4g4EaEEk2sCoWTkjSARTIUnPnFD8 aYePtiAih/bctCvYqxCe4yNb1NQiyFhT+ES5N3siiyE
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
GBUmtcnkZ4tlQbsWArXcBEX+p7RAwFUeZ7QOteJ61/lDaKYOcYZPC298AI4eE5cE nohDiJNrLOH/errhtfFLk37ZLJrNI1zSzmJVpvimRw/2BwXxRkIF1VBiraxyKq2h
jejlIO1Jh72eQCQ+ZniAdPO8caUWOXyAfXsk8Et8RCaodK0pt14JB/Ez+qHpZR2j 2rNRaUVnPDr4dlXJ4QA1mENHKUgfxqQuU3/+jeB+u3rFYCwDUDveXTCCkea1YNbr
V9LC3xrlvWbyY21pnokQudSsu966Kmh27gAd1vyw+rAFpYSLhY6cL3oyiYNtZ0Nf OUzIewWGl3foSH9c0Plz1I4mltPLKTd0I58vqjwqfgykb1hcbWnKq/HV6J5Xt4sG
AgsGrCIJhWOKA7+PJPSxbPPosqB9nteRRxl7Hi3XIhu7oE0YCqVVihA908vdaq7G pZrp81PcLNSvhHDA3yMJRmStI9LdA9J80DxZUNYTO0PQRvoIHMQm2esSfY3hyTQf
pOIubfd6S7Aptj7xiXb/8oojhsglgISPyFHIPOZaIVXVtNqFxXhjFiJjdZuZ4gRS HsKXp6/s2U2yrpNxpz/lAEUnU7nYyXydVRHfSFSoCQ2zZlrq6/r3zxRTHytmku1X
hmaxAXd8UblKzYWIKDUnAwdn5tdixC+GrqdNit2s946Di7s5oe7BptP707XQK0WA 3afVCVtWCUppT3xTsXbuAOp4U5QAbvHTK7nhAoVCqRqbM04YUI1/NPiO71Z5sCv1
HXJuc/h3+8JAkQsPW0B9+XbeNtRAh9Uqcq3tadGqjwfgLKepebOoG3K0F3+simcr hqgjvj5QcG9bVK/s2j1/3G01Cu7nYAXm+CaIP7czVmzO1oEaxc1JIi+T8+qJdkyq
bS3fgd1R92v8KyyXpKvgbilJQ2GBoxEqHTeMzqksp/6t/3s64tLEnrRhqcxyYz7P eUBDZr6pz7gMQjiqS5GL1u05Sg8u6sqgAevwK23RlEfI06y39ITOGSrUmGDKhoJS
fDs0IgezPFQ6ZKU2KMnheRiQrRD//9JINPnj+0PPL5PggyaDh4PwA67INrHwANl6 UtAGC5X3mt38wnvGgdpv615lS60zEj0qalRaO/4qp89oXvPMRFEtj9E8bkh3FhdW
Rgh8QNBvom3E8gdYuBuCM75PewMZF9mSksLDYrYz9M9LB4YIvBxHKiW6PhugtTwM eBWrlUiBsVj1MV4X7zpF5d6pTQ3G3BflqScAtBAQCuRT+v5Uht6mvqMGm2Bm67xG
fd3uSuaTfTEFgPtEuJUsQk3Q8+lZQpY4BtEDP27NqFI hSJUbQIguc/lPjivKLktus/VvzfHI+OFstnp/1nEgJI
-> piv-p256 grR75w A2dfNFLZpwdWZ4PkmeHpUdalrhHYehriPn23TC8V3mSW -> piv-p256 grR75w A0UNAMZPvN+CVfAkfATkng21JIMY2WdEHW84FuelpETA
N8IfOhaZdWspJ2GCJ8de0Yhe3Jv1BBA8Ep+Tpp/IFyk icFQQONKw8ocG1wbPDNTee6mN8p/zK8iw46pNHCmKfE
-> piv-p256 RQguQQ As/Vu7wq9Y3gW8gJfxyi2b31e3A2ZswBPZ3KfShjDR5T -> piv-p256 RQguQQ A6T6gAICcwfwIOalY482dZFo/z5LayDvSA0fU4lSMXNf
sE4kxCyTMm2fEvs/I3KpDt61S2vFv89/MgALO3RVsuQ R9t1LmZATRTjb6HXOqFRm9bH0Yw/2VtCl3fvgT/B3hk
--- GnBuK/AhHklZlnoQXH6HGNZa/rqLWAOKpvbFK3IQnmU --- Vkw97f1ikkBGxKCqROgZNEHHsQU3aWbXRkVwnZYV6eg
Ümp9/ýÜŽ™µ·XŠ“'HnÉd´Òvdý ÅA[W8A;ê2¦uªqQT`,%]ï~íu<C3AD>¼.5<EFBFBD>Ía= Ž‡FÛÐnrc3ÿ&ô³!h·$ÔýJ2,iß'5îIJ™ íz½m[Áh°üäKràç¥iC)Q™²Û·jwh¨²zí/á0pöλ9ä<39>Áß<C381>%TòP©eà„MWŠÍ{<71>äÕ\”Mº#à:œkúÔ ¦$“aHJj• ®#3ì$

42
secrets/services/gitea/databasePassword.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 0MlXHy8Yj2iYJlJmw6Oe4UOR6BIFU2kIR3BXQO8AKCw -> ssh-ed25519 neExcQ KgT4VBcho24aIM89DkarhSFK7nVzO+RhCeneAy2CpDs
LyPiwpyzO/j2eubVkCek2Z/WiD1H7PHkvQEboiHQVTo GbqbUKGBIStdJE4c5xiSh2DqZRE79Lamq1GBTCCq4WA
-> ssh-ed25519 WiIaQQ aloTS20pXfbQ7oCsfmBrTYUB72w2I59u87nnhBExUBo -> ssh-ed25519 WiIaQQ 65uPOBHtdHvEoQU3JuXHjYBJ9VqrcZen08ZtjXp0Lxk
yEE8FnBRBvwhG/SMj5Aw4j4cJI5J4WA5catVpuvCmDw ntWnzZ8MRKFU1oi4IoQ+QM0IAljc7n7jyt8tlq1AmsU
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
DAW8WMsP0AprUaZsjQj+6hULe6a5yHKWKiqPw48lAG5QlLifVywQWRqQYW6vzqMW HLRsxvBPuG3is5o7iJSQuKRWLNq5H8kS9lir+vx5xfqA2u1/DLXexXBBhEVku0Oa
Bym/HBfyuCKld/f1j2zvS1+0R8ytiBgnNSJCxeVUYdZalHZWOaA4oyfhdVDypx0L 6lI2NV38gcJmwq4UHl1S+/3J2GO7Uz1Q8K6CjpwQSXNqaph1ECoal9RgQoW/rRKH
B4cAcrwVxXhGj+OveC8U74MIrgiLLIeJl3ehcVjJqn81X+pLs3EtREUP8z3z2ftj sn06G0RbSifQmLBMrmDcQ++47Q8p/acSABktLrZWG/X9Z+hixERY3USSxzmn1XrR
Mewnp8K4u+W+6cP1wosNrgxiQsVJOG1PST8aBhvNgW0wG4zQuA7LrSnvbSfVLL2k zu0JczXBpwx6D0a4w8ltCpgLmfeULd9H3NcOxE6TB8gSdquUMAIh4u9rUXmTxxC8
KQx7VSZwMT4ssDa9M99Q2FzBdri7OXg2O2GBC369S0ybwVYuw6e5HD81i/v2BrXH vQENrzFhI8rMt7cxqrwMk/3GznRjLjK8dEEyXEBJ4UF7xYRQgpmDs1mMEzgEaTY3
dv/PtBjBvIGh9lPqdnCgCOQU06M+k7XaUhXk87nYyCR4ED/z00YhABK3zH0t8ak4 cgM12gybUHx0STRHmZosZjlMgRCO2OXwn3yHZ45dK79HTssSA5pidYlFkoMzj0Fo
nQH3BW30NHJr+GB9oj1EE+C22/BACmO6xAJ1JMMeWw9n8LlHLgOU3VnCyuM8XxEW 0ci36GTX0yft6EYSaQqgfOYvsKeCrJnLNyz8ICEEywGBPfPl0ZT16EwXjpF01r1a
xFJ9nNfYV6KKfgNmXjhA2KklbqPylFB529CYe48No+5FiR2zJ4bPtAg9eozAXWqY 7ufNkJt5s/zEboVIN+HUs6wv7Lmsn1CJE+bFp8UQb6KBkeCnN6EVg6+DHMbasNsT
z2av829pQcN7UXLXNFvE/yYLyWgSr9N1IEPNHWrTLnxcY632Y2fw5qHNqwoq1mIc /ETB5wxk3G3CY33hwwrjecJcniLeiwdsopfpI9zfM4LbdWglfpzKZdGntH8gL/62
nR2x6eFKBip7gvsflGrNYOFAuGGG387SeIPMCDAXtxNBigcARiqmxY7nZKGu2BjE TtuVpGRgPObVTYyEOzYEfcazZ+VaB3ZRiRCjp4qmKQ/QchMmFsfoivhavn6f8uOM
Rie9uh2nUyFyjDpZysIbJHv7ytpQynlKJ3QlFsUiqNY NqItx4F5r8pGcOw8aaQqy43ddoODpw2OZqe/XbLSz4w
-> piv-p256 grR75w A9t6aY5PQZC7GfUoC/HROg9wVOa//1HP6g6ZYcqZXlyd -> piv-p256 grR75w A+EFTA8TmAiISwJH0vbFk37aaZA/VNG+ZLZtRZmrgqrt
5w/iIWI9PksH82frtWDC8Tp9aTb1te8EueKg8yIUrfo 0yQqj1xWCOqlOsOwqn5wPgXQfBp7AfZ3gP5upaoC5lQ
-> piv-p256 RQguQQ A/dORaeED5xFpdFpysOly0X4LNm3xLBnSUZXK7ZzID+L -> piv-p256 RQguQQ AxrEGIZcdlK0Gpwy2qS/Tms/rbcZKrBV9PpAyIel5Q0/
4xq+NX+dXdCZ8+53rZtQKAPizc8Zj4VT3achOO2cVrg Pmcu3HWl5j+b0Y3gHpIxhHBa4ONDrIrgUUbkU28wDjc
--- aPeSZYHncfegh3XGQl8hkGcnnLZArY80MyEmnO103oI --- LGjJ7lP+MrLNSSgLvZMpMcuuifltQPChJK67XSDSkoQ
©@OÖ˜Ä uûµ:½hçÈøæ(Ð7C¤uçk¾ýw"ˆò°§ÌçÃ׊œ±˜Äy8ízáAº >rBÖ»'×i®;™-ÎÊX-vº"êpÉCsâ,ÔQüÙÒ­|ØôÌX¤¶eÏ2hÛÿ³>

BIN
secrets/services/gitea/homerunner-token.age
View File

Binary file not shown.

42
secrets/services/gitea/mailerPassword.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 23q0cea4QGcuckAJyGJ0s3DJ7Lp6vakxFYdXszDEShs -> ssh-ed25519 neExcQ VK6Rv+qIQyE/uui3sIxwHv6AudYA1Wi73pyy+7kZzAQ
0GCmRPOWvOnDdY1yyoGy/dvZDgloBz1ILqww5/Riaqk 5jX71FB1EbjmYsKO2SkcBT+qFg8pWZh95BVfSnhHioI
-> ssh-ed25519 WiIaQQ yVMIknaxSccjm0+OhvBZU4VPR5pAWN8l6WFWt1KlSXQ -> ssh-ed25519 WiIaQQ QWgxfYOT262jN8qOGY3lFX/hRQIbdVzzlgBxbMS0Uic
G7ZaB4v/x3lB90eG/qlzIasgTdxOl9LNEAfKfkyp3/w CndHYqkQ6emzOE9zmxjak6az/ZHPQEwdlZ66t3xlYcI
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Gz/gQCuoTNR92KpaW+5maMWbA/Fu/vVLVrLvVfHB/Q+qE7yxCNoIUVf+Nwkqll0N eMKw7oWGIDmGptq793W4aJJgOpNhEf0ZjipbuGuUKfb6WKRlxc9i3ruhaWkTLXVx
SIKoDkq5OamxoezagvO9EVA0jyPpAdTP1oljiLjsX54OXLhT1Z25N+hC7lEe9MFj efvyb9GxAtMp+jdL3RpyLP/T7SgoyGBPw63tlzCF8lL3Dyke5ahMpZHQEESYE8zS
QrPLXa3WoPJTPzoho2F+/bjGtUui4Dx/rFp950oUQXXYdAQBHn4HlLPTSkT/Gllb /3brXwPlqmy/FbWj2/FbtNqvdfGrwCSr5nz0T+Pt9YgKFv1sw2R0M/FkTJzT4nLH
e+nOtElJs9xK9y5lN9LuDXMKO2SBDHsqDzlrua7FCZZxV6BuyXqQtcJV7NAEWzST krK6UfXybEAbBzLzOpjKslP9HgPD8FhLDP7oB10Lvl1gSc1ueSId+U9Q+182Vyu9
fnTBx8g9mbRclcD5KhoPjmS80dNuYYGUa5aWLFkK3ZreMpETWKTaUr5Jmh9HhPod r6iSVrbwxUpvx51a7i8W50FcE3wyMhH14u/g+Jurip8QJwuvDPFNACLfPptU6npW
ShXGCDuf2VlJw3ZerY2Afot3hrZG4+ZnY4gMqRrLaQt8IzmiMmeXtrj4xoI1wRDR ZZuEY/BOLruyjTwmuN+2k1qcfHDj9D8VNyNsBVG+jT8iCCv5PDbJVhpna1pCTn7T
sVCXMloWuHRqsDXX20kP70xJYTpdD7At1TeZBw2TAVfisr3SsuqBm59yx+fS71Uh Y5JSAvMvDUHV+XiKMmjbPVCiDbunzK5YVUfBqQIUovxgVhbnTjzzdBvnHbTP6nlk
xPOwuFvZ5BRaE6hb7oo0zUJjNFCqrPkRoS7SijkhHp/9MYnUyQA7d4E+kYtYqfqp JI9hZeRgHWllq5PnpOFMAAkZclUbMK/u+L6cnGQHmH1T9HrIwEnhXzH+ItLoQ8BG
JSLWTrmbiXp29F56N7emB3ppwKMpTqS6/1BLy2GeztNnEQuJyu6aK0Lviw6q7Cp6 CVhRllSGqkaT3Tn+d9qdvjJMuhzzYi2Ucb329tqv0rc2k28ooqo5PsPzdLTxB/Qj
8vPSvtWT+itrQ1SS9IR1IHnoNHTEyYzLzxuqpYVIeOLDfcTasnzae7Q99xVDsaAB f6vA55c9zPz/3GOkmSxvlnCphAtu2LKNLithjryhNZauQgjYiBPLVhk/2YNBCL3Z
A3G4O2xDkhQwqynXRWeWnVJYKqckJucV3aL7LisgSEU 8p89IlZYM35eglVmbjeQIUBW6zqjYypAIPpLeVTNSaA
-> piv-p256 grR75w AxDL4kLN0PD2FiB89JD9F0CLHFhV9QzpdOIxnKE0/Esa -> piv-p256 grR75w A5OhROi/MtvU1un5l16VF8VRw0s4aboaj9nHhH3slGXw
mNQN7lyWhcod+UjaBQqw4n7CcNcNjpO0whbEERIrebQ NTh8IIXAMSMIw0fG6PlqnUj7bJCUtEDj9tIeHdFtRIY
-> piv-p256 RQguQQ AzxUAebSDk66RwVBAMThJT8pBu3TpS5AaoGew3GbtfD9 -> piv-p256 RQguQQ A5wTuyxjwAfv/cayi+W9eIqopghCUXw1so+/k68UuP6u
WEgpjyadiul2G0dTusUsINNqZTAxYm3NCPZeOpBaw1A kRhPizvslbAgcbplTJqCdtkN1srtf+zOm5JkmQPF8UY
--- p9jCZfnH8gEsLrgJnZnIcijG1YHBTQArzWCDE7JfYTc --- PPX5yRfkFLr6msSev39e8hfwtw6YZF3GwWlb/ngg8zI
4ÁÝʼñJì'?Åvnî ¹½¾“ú¢ŒBêÓ' !e(÷±©†üØ©I•Áߢo°šÑôû2H6ºú ˇ”úc&3/óńŢĶ÷€¶ŞăÄUŘřR '˶‡Q/%ČI&Ň* ÇŘ@ʲµć?<3F>Ĺ+•ĽśűHŢQ»(

BIN
secrets/services/gitea/serverrunner-token.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

42
secrets/services/nextcloud/adminpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ slNwdPIgpsABv0SgU39pUoudBMs7UAsCbdE3aDxCNh0 -> ssh-ed25519 neExcQ 1Q36CPPU8mtV8pUVRXwLzpI1TKMm7EOxAxJs1kL2qgA
/HXJ6yQkBPp6bFY8B72f9gpQpele3wFmwZsMaFBE8uk fmyLUaIUCdtYTwGTrqk2hd7eo76yUHQ4Ibw/MkU97+g
-> ssh-ed25519 WiIaQQ OUv7lcCQDvJo7fpchdQRwIbXQ4nG16gWgJWMSdSMMxM -> ssh-ed25519 WiIaQQ IgScMwM3mciTSNeaDqHrIwwoLujX12deQV0JyY5gzlc
rD2lYHGo4CQjJOqpD/n9pgPjsbIvGRNFiuWO0QFtyOE x/jigQ9wPlePVThUKDlRPwiExFcNwhTPC/xPyzNmMQ4
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QgN54J0Py+EdO2LAup0PI3f1lDsuJHrxMCLt5+dfnCjSmPrWtGxOGf9Nw6SQWg0p cPnxrm6WedO5mpFuV+nJrfjShosy+/b6rAJtezvcRX0AL1TvYcrmgb9KP/twl9Zn
3TQ5Rew0jhedXJ/h/c0c95h9OYsnEjYqz14CRYAohngaSbFWiaLFrklg7hGcvTvb 4i0/pHNyuIHyfbaSBCwJ4A0BXRFjiGdILCyFYyhyy9vCQ95qSKwB64flC9x4nHjv
9+MB0c+HtHoNtYVKYdgmzPXMPYBx/99Lc8Q24xvfSlGlGhl72S2CTu8us0daAZ1z 1hSKYPB7AORO94ZlglOWB4nfPSdFVjQ/SC9Cg2Mmu2ogBjWJYmKszj4IsFUz+w2o
TnMLXZ9TKw/QtSS3+Wa5j6jrLyPD0M0biCBdRPR+4ho/t0AR/qQfXmCGZOf0kfe/ eGtAwIv2605PewySUh+R4Hq6h81bTVVdLzjSRCUvI+hPl6hnFkLY/2dzS3gB6xns
XtBRs/QQT+HAHOUo9wPR332yuUxu03jHpPrlhuP88ydcAjUccYvEndAnRyOv9sea HE4XJbCxw1ZA7E/isxR0J/saRbwWl3aakSxvCAr0V2kTge7zFeUpMK4gkJ9zMgp7
RuM8e0GDYRwpRNjPbAorG6PG+oJx7/t6z1OkVxRpRJQHTWJ6ntnMAd6ZhGNgRp8F fE1nXnENjB30F0Bl/ezzwjnWr3CHiAdhIVC2/4+aYvv0jiMfSe1xSC1/4NzCz7SP
xIiXzPwGTEnyiRFOSTzxwX8XP25c9ft2Bpx2uYxUgS7af51NWZIorqJmWgQN49oJ 7wCKcl+r9nhoYFveNEjuWsA0ewHPSrVp841jXehHaHyCYQGW2LypiimJlRR8clVR
5DA8uBan3qQkr0jJzFwVKYYt4roIYEtrnH/snl5uNbpIhPfTy5/rg+Xrf0aRunpP rSChmNCXT2zeOqSNSelnepZTmIYOlClPBTVzgCSKlBPZU4Vk3Q6jo66coMv7M34S
U9bpuJtBVgIAUXk5zLxhnMh43o2YYxCHN0cArU1wNLHcdaKogPGpT1sLCckwZ/3L dryVB8W1BZff+sxdJ8g/vADEOXwaeQMa3ouDgfRyyUqzmHCcNPvQ07DiurW7AErH
O/hxutVOmkJyNOAp9k0jV6zedWjhru/4v4Imov6BxDyLf3Hz2vnvwogYVgyl3TIr s+WhlQs4SsmE2NsosCPDXBzQltpWeBXSEXj0RvGed1GDKpfSvJYeJpgfQ4HCrLNL
Ir98D/CIp3i74VsUvVrZmo7joZcDhnAXlLPsb51I6qM 1Vi1Vays+GDchi3AyyCxf92IDBL5s3hvOSzhe6HAEXQ
-> piv-p256 grR75w Ax4mmj6z8SvPKdHRz7H8O/he2R4f4tql+NXSMTvr9rZ4 -> piv-p256 grR75w AvtaPumdCDd8K9L3VZOusZGk9+3ubsIHMXFmr2RH/rZp
EPyI4xcY1Nt/zZ/+XXVhUAt+aq3qEEk+kuuA1PbOPI4 xc/G7gnADT1u/Q39tJxAJzwptyrl37UiMJM+4XDBYkQ
-> piv-p256 RQguQQ A6ST+jiJS1R0QV1lw+IlMYnxXnTOLxyDfxpQZ/AWCKHB -> piv-p256 RQguQQ AvZ5YIW0l6YqEaJx3yxmppPjL//0JqsVyBh0zXIG2t2g
henkAsW+enG7nY5Y7egcw6RezC0gdakjZGwH+KP6idA Ur4fiCVBKVhbYhJR0YyNM9/iia9iC651WJg2nOsU9m0
--- Dlhmc48gY+BCXUhKQDRnlprdONlHDQ4tZf8BmZPsFKo --- p6VHtNIncJMi5nNMyAg0uQS0fbtwxutG6D59pmOBilA
Ë ¼ú~ã]Äèzø‡O†ßífg*ëûB«v²€+iL¢!Ô `×]ƒ@Æ”¡7Àê?Þ¯PP„-i8¯x½öZm2…J¥­gzefó

42
secrets/services/nextcloud/dbpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ x2yzu3clDgMKxl/uIVR9SYHPEcxJxQIEr12irpOQEjE -> ssh-ed25519 neExcQ 2VMKRZ/JdA/nu2wb81o2Q4kkqPBos0kFfYnqXRdOeW4
pnIlEK0y+8WuBrMv89pHk79ogHUaeEf/hamaF6U4SNw UdZIth6K27V0728kYE8gIp1amr/vK0RRwtipmfQ5unI
-> ssh-ed25519 WiIaQQ KMjVolPcPvqAF2Thgjw9taDsEoBjHjR7+VnfoGkczV0 -> ssh-ed25519 WiIaQQ spn4qoX25kusHTZcn7bRwI79fSy2NGan2wjs4Xki71I
++VgMR0dZKqyyFv72qVa8j3zq6KPWWOFqdyJpmZZNCU dxYbGs3khojyr6JxtyatZwJyNw3QHJQCpC7e8m4jZQU
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
DXcSjBKsmYiWrC1JVaisJRe1lafR/rBcTT0EgD73SXouBqRk11XNiW8DfR1pvy9z aymF4Ra3PzP3An3Vvej2rFIbFTMJlxtkwIPlmGHrD7PtFVSODdedWG80uT5w5q5c
ZL4veUFu4QJjVyPZLOGy5naPD1Qw9FYCArkjmv336QU6DcpZk8LaOAZkmgpqncdX CpPCl+Ag+jwRmv5ZsVbfnzrYPJvWKyNWgakqDBtkITb9q8mIXiawlsyJ/5MWeodQ
g9nDp2HeZH7TUtUiYD14x66AQD12bTTjfWKzn7yGzJ+gx+iBTemlPI3pu+xcQ4CX 6a/t3FUB/RShh/GJwrE8wPqzjfTPzGuzbTCLytvgwauJKlBFgMp8zRnVJbOONpky
clTB6xvlPtuF+U9kJwomei9XIWgc/acAcIoYOvvdyjAcUYFuFvuojdzo0hwkxFGu xa9V8kGOK+vc+HpzuX4X4jQh63TwzD/xC3DPVR5NxwKUqjVAeAkkCiJ+6uGK3hKt
jlp0FFaigsffVTsO0mp20uiOseMHm1ZGIji2gGOGQBOESKgMn5E9cLibEjigg4hy Ysm/Imo7s7ULAM+WZFRsnTec/ajGc2Z8jChJLy9tegi5meWIzEge1AXaDM5BY4cE
hJ6qn9DjNyi45QjGqkOKWJ+nzvKrzz++3sWwJJXuj+Ol+0n0t+RgT/LuSHkyskQT I17BjwOl1+/wPwWQtofI0WBj3mi/Fbbeqc1hv/NmMRi7Nm1BoEPRzHtUGHgnwMU9
B27GG07oCLk9iUVja2YQRmC46yts5lHkcZ193N1Ot9kGoK7VNQE29X80KSF2VSbW nlLrjAByMEkjSr1bgCLHjfcA97eCzPnblI7j6k8Hf7kiobMQfQp1bBg9hLGL1vsY
+uE/47HwNGTBWb7LdZWRPoOykQu2V1vhcVNO/st+s67VyWZk9vugLSN9l3mldp5X 0zVU20r6KPHvb4D0GQ/5r33RNdMHu9embyFQ4bD7UOZggeBRkEQ2cNjBhtP2j8kY
gvUAv0TZdhi9kwdSiz82l77VASBN3a/VN6XGOMqanaKaRsy2R9WGXxF50gUHn4/K pEo5X+ns2fDaFmj6cqg+WoHGspdNFRRgxOfgo73bppx4IAwb3PWXTLQL/om4k8dq
iRMj+22fJPfWpYBPUIohb2yDHQGRhVoY22Rlz1JYP+xfsORCq3GSHBk56fUCfmwi XlpbfGKq1bFe863PV8IXKe/mRqR375Xlc+r05oRwsLaILYX8TcpMXdsaQFDbu7EG
H8ptQZHmgSC3dY/KigjH7VHcfrlDWctXrfl4jYgz/hQ vq1i9EvLk92/wnJa3GE+41qNYfxGtbMgFY7O6F9Ell8
-> piv-p256 grR75w A6yTo6/3g7YB9D30JSCfzpIcloxhgnIFisWFexpfITfN -> piv-p256 grR75w A8qjnMe//3tjFQvrV2lMDkWncthrm5Iuk8YxIvhSNfE8
0nN62XqpQEsMhNnDhYNkXwTanQaaUvSAJZbvTRXxXvo +BwFVAtF57xjwiDAxLInoJSnEofM2Ya6pMXdBzM4SUo
-> piv-p256 RQguQQ AttfR8uPYcFBqCkF2cvi1YCMMmAbRF6oMSLr5NL5UlbN -> piv-p256 RQguQQ As1VJZg8Ev2C8QueWeV5Vd6ZUWYpqobQQRzf6F+rRjfw
fcU5SJ7lwd9jAOwM5M5mC8/F1PW3yuRJMpNFyGQZhLU JjK1lhDUDzZqH9xswbqvWYeQ5Mjw4/0IjIMr8ekzjWI
--- wuqc2TNmM8N9Ibp4rR6tFKdT2G7E58cBJZ0RCf6nxEM --- 2cbWkzuPlhE8N9NREMjjLtZJ7XXh9dJWvprgUfUilj0
ŸÔEîöK8Œ±|gƒ KjYn‰Ø^™ßü)ý8£ïQÐÊ™§J lín 7í…,OÿX V/GÝ ä}Ù]$œMzUƼ‰­ƒÈZ…éΤؠYzäÛûDð ;Â4=pÉ—æ°ÛÒÅý§½Œ

BIN
secrets/services/nextcloud/onlyofficedb.age
View File

Binary file not shown.

42
secrets/services/nextcloud/onlyofficejwt.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ heR67WtUWEMq/A6BRfIkPMcb+hzVZabpWu8uukmuBFw -> ssh-ed25519 neExcQ wQihc4OfCtbCsVMxja89FESZRXUTJDE/hvw+AJr+6R4
wTSODQfOvRcG33/y/dqEiJ4RNRsTYGXJtxBUQ6C+seo GU7vl0vgRWBIrqt+JEG6pM+qR3dmvsbMluEA9Rkzt08
-> ssh-ed25519 WiIaQQ QshckqSrByAPJIK5pDhVvLBQ16sGLTAAAYylhtlH4lU -> ssh-ed25519 WiIaQQ XOr2rknILxF4ASnuUwDd2RB0Y3Ejw7/KtVxhH/+WhQk
1j3qPx/5yTFIxAmNjvD4gGFfp3HNUFO0jh57l+SV4kQ uTmdcFKgsQzVooHu9G6s0YNxc+bT7cn3a3ACbBuVSmQ
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
G7DGz5AGsyy4qgRTvaSQNKJSsJkLayNzmhMjSVI2aXCVWZuVJy0r/IC8cmXvcbFd htPqO1lLJ8Jj4sQHjFj54IKbKMvjWozBDXAOP6lrHTx/SGw2ZHvii25gpOQqDmyt
ejjTf6Qh1tsFnotoR5whgrhmkG/0IcAokLSFXNyYj4NlW/CwsYEVDoEt09KmnIRA mibl4M07h4O9aoUDp567lxsoTj+3daR6mTueJvijuH0wkR5pnW62zYYmrhzclHQc
X6wPqxpDAqs36rcUBQJC4jj/HIgAJwswaVgcoC9S6UBs3H/skFkjczbNM2HKoxzF RLUeHvjB+ahQVAjkiUWpyAZM3Xq+9b3ZwCXcKTbi6/BMygtHrMWghBHlb1xd8aEb
UtUUxaXZ3UFF78/rpk5h7lYWteN1FFjeZyOKwSbtYloq5eMlAe0yHnGFo5SPuHZu HcGpmmnV8P54li7DRfxUqMNnj6s+DwaXEfOTFcuLLKdFe+r657GUlc5CvrMXLpRb
QG9O7RJi9y/TnZy9G86HIpIQjZQ9dYW4r139Pb51Fxun3D3nV9eeC7y0RMS3YSAU n15LEViYevuoCoRQrP48ugoup/NjkgtLmeAVUHiLmMKHjdt46aBUfzOYK9LOt0M6
0kK22ZjhTq7ZiiRqjM8KjyNMOLTXmzUHdKA7B7JLuYCfDyxj/wszXZuAfC+PXP+D Dxq/HbpheGk03xqbrLKbhlSWazZv/d8aReZOwn9DzYgQl7uBrZBP6JQjDYYD4v1W
1YRUErQogn0lPCPXPclwEcYea7Cd6R+2OIpd2TQ5ROIV2FXrpA4EY7Up6ICk7eZf KIa4JbePdS3fq0W3eQAmrMaQsIILt9Rx+maiQevSqXC4XfwqL7vJv+f2ALzzraWo
HoFqbDLD98JjLCMGyEjfG6/UHckBjAeQSR+7k1f/L+NO3IWfH5ud7TWzJNrlqDWJ a+CRUCBkLQsUk1mUg7gqYwiXE+CKQTq1Ceybqj55bwRurEms0MXcWbU6qFHqOBwj
Y6zvtQ31kkZNfQNgPHL9l/c7/1IWQFtcJ3fzDwE/hd+93OA5RoYutZw7lG3q6EGk qSu1oWADGpkPeOVyIuX9MJ3CyBJdwWjrZZ2LCBt4TRyabOCu59ax/Pe3HrDdFiQl
wPH6pZt+O7/7CtWJz9J4YvT6zE1DYmEobHYRrKzo7II9mdlWSIsu9KjFFt4qdsDN XKzEWPrW3zof60lwrKge1gbLdlo4WNAWaeAXmn92+4jWMGGZmyJqP/EgtcsgmgOY
HtVQJwFwiL9YPw8y7Z1Aalmo/0zTdwosjzBzl0eU9vQ sKF3YEwAFxyqDO+HmOYfAGWuHcEqIClPihZo/jjIZJ8
-> piv-p256 grR75w A3alWLHjgQN2quTfwIXc5xN+5jZowaN2Jkuf666CZt5P -> piv-p256 grR75w A1IUhaxTkmOz6CRRv3KGmaV4yFrtMx7hsU01K7hgcrja
gz0a64iDAI5Y3gpjra2zUIAqGgNh2IJQU4u10TxfOIU aQWWXvSRPWH1ox7KO6OBkXkRLhhNS8MlGAsNeC6YkQo
-> piv-p256 RQguQQ AoJJolmpdp0pEYduyAT5YHiLu3a5yELTvHCb2B1gK+RW -> piv-p256 RQguQQ A9jxpWPKd3wVyj5/pXJ+/gMI3gyrbSX4Zd6qsn+lnFvb
/HF293f3uch4lwcHvc0U86BpkUdrDot5GWy6XmSEfnY Xl/OLEjlON/h7PhtxJmiWvXkqQHlb5f04LNhDhwMtU4
--- i0ABQSL1xJRh+baGUX/gfuvwM45jfHK7OP9uKReNwX4 --- z7ivhlW080Adr8qVDEUQ9fpBahUiCuFQ8+xEUivoHxk
aÖ°gÓÌï>Ä莠Å&<26>ñ”{4¤/˜œ#¨Öœq¾Öãƒ"Ð8RÇmÐÍÀ¬œ{¦$; ¢6#øÂû r<EFBFBD>@£öïG±gð§l6Õu™åÃFC9Òm ”vn½¥'«ª &$ëцÍ{AlÉÉô

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/vaultwarden/environment.age
View File

Binary file not shown.

18
systemSettings.nix
View File

@ -1,18 +0,0 @@
# options for systemsettings
{ pkgs, lib, config, ... }:
{
options = {
systemSettings.enable = lib.mkEnableOption "enables standard systemsettings";
};
config = lib.mkIf config.systemSettings.enable {
system = lib.mkDefault "x86_64-linux";
profile = lib.mkDefault "personal";
timezone = "Europe/Berlin";
locale = "en_US.UTF-8";
bootMode = lib.mkDefault "uefi";
bootMountPath = "/boot";
};
}