Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:refactor
Branches Tags
Kabbone:main Kabbone:refactor
...
compare: Kabbone:2b4769cae68ca00990747c3ba30338d7576bf1c9
Branches Tags
Kabbone:main Kabbone:refactor

100 Commits
refactor ... 2b4769cae6

Author SHA1 Message Date
Kabbone
2b4769cae6 setup backup pipeline 2024-10-14 12:17:17 +02:00
Kabbone
fb7688baf3 desktop: disable global catppuccin 2024-10-14 12:16:47 +02:00
Kabbone
92d6ff4898 flake.lock: Update 
Flake lock file updates:

• Updated input 'catppuccin':
    'github:catppuccin/nix/bad96d3fabf8d2e8f0bf0c2cb899a9fccf01ea03' (2024-10-02)
  → 'github:catppuccin/nix/96cf8b4a05fb23a53c027621b1147b5cf9e5439f' (2024-10-08)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e' (2024-10-04)
  → 'github:nix-community/home-manager/d47d33254fbf4fdbdee9f1f14095f689662e479d' (2024-10-10)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/cb63dc934ba512b2d56d89b94c5da7894f6a7809' (2024-10-04)
  → 'github:Jovian-Experiments/Jovian-NixOS/a25f915ec05196d15e3f7f8555ffb612d4f1045d' (2024-10-08)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/e2365a1d8dccdcf4bca5111672e80df67d90957d' (2024-10-01)
  → 'github:nix-community/lanzaboote/0bc127c631999c9555cae2b0cdad2128ff058259' (2024-10-06)
• Updated input 'microvm':
    'github:astro/microvm.nix/e832ffc16b09b1b5c7c1224532d03ed3ce68afd0' (2024-10-02)
  → 'github:astro/microvm.nix/470537e671d743f40812b9c071a4130eabdb3deb' (2024-10-08)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28' (2024-10-04)
  → 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5966581aa04be7eff830b9e1457d56dc70a0b798' (2024-10-02)
  → 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
  → 'github:nixos/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09)
 2024-10-10 21:01:48 +02:00
Kabbone
da9db371af server: hydra: allowed-uris 2024-10-06 10:10:05 +02:00
Kabbone
c8b8305146 server: services: onlyoffice changes 2024-10-05 12:16:13 +02:00
Kabbone
57f56146d2 hydra: allowUris 2024-10-05 11:26:22 +02:00
Kabbone
272971cefd flake update 2024-10-05 10:32:14 +02:00
Kabbone
3505e611c1 desktop: enable catppuccin module 2024-10-05 10:32:00 +02:00
Kabbone
fd09e597c1 server: services: onlyoffice changes 2024-10-05 10:31:29 +02:00
Kabbone
255c8ca4d0 prototype fuji 2024-10-05 10:30:57 +02:00
Kabbone
dd79f25336 fix themes 2024-09-30 20:59:37 +02:00
Kabbone
929fa949b2 flake update 2024-09-30 20:57:48 +02:00
Kabbone
fd5bd6a88d flake update 2024-09-23 20:23:51 +02:00
Kabbone
6a34b81910 home: add gimp and freecad 2024-09-14 15:03:30 +02:00
Kabbone
8d27f5e73d flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/be47a2bdf278c57c2d05e747a13ed31cef54a037' (2024-09-09)
  → 'github:nix-community/home-manager/6c1a461a444e6ccb3f3e42bb627b510c3a722a57' (2024-09-14)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/2d050e65a71e02a1f19d1a35c086bd2e3dfb2cdb' (2024-09-06)
  → 'github:Jovian-Experiments/Jovian-NixOS/02cf60ce20b6034fc0459e5116cec7016aaff6e4' (2024-09-12)
• Updated input 'microvm':
    'github:astro/microvm.nix/caac7808d1e31f8a0fa408338cd3736947cb226d' (2024-09-06)
  → 'github:astro/microvm.nix/af604aa08ac9a4ae585beaf1a3482897a27ab67e' (2024-09-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/aac7c50858a21636ddfd39831ccc221cf9d59827' (2024-09-09)
  → 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/68e7dce0a6532e876980764167ad158174402c6f' (2024-09-07)
  → 'github:NixOS/nixpkgs/e65aa8301ba4f0ab8cb98f944c14aa9da07394f8' (2024-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
  → 'github:nixos/nixpkgs/4f807e8940284ad7925ebd0a0993d2a1791acb2f' (2024-09-11)
 2024-09-14 15:01:15 +02:00
Kabbone
d2abc23417 flake update allow olm 2024-09-09 16:43:34 +02:00
Kabbone
263d10dbdd flake update corrections 2024-09-09 12:40:27 +02:00
Kabbone
406cb190e9 flake update 2024-09-09 12:05:20 +02:00
Kabbone
f4b8db1022 flake update 2024-08-30 22:32:39 +02:00
Kabbone
ea282c6237 lifebook: set suspend-then-hibernate with delaytime 1h 2024-08-25 22:47:35 +02:00
Kabbone
0f3a2e0e52 lifebook: fix s0 suspend 2024-08-25 20:15:26 +02:00
Kabbone
aaaa3f108f hosts: nasbak: switch to systemd-networkd 2024-08-22 19:42:25 +02:00
Kabbone
0b566c81be flake update 
switch jupiter to systemd-networkd
disable jitsi
 2024-08-22 19:08:19 +02:00
Kabbone
183a280402 hosts: kabtopci: some changes for hydra space 2024-08-16 14:56:56 +02:00
Kabbone
eae9aa6d62 flake update 2024-08-16 14:29:44 +02:00
Kabbone
5ddf51f572 wm: sway: rot8 invert y-Axis and disable keyboard 2024-08-11 21:17:25 +02:00
Kabbone
1787103cec wm: sway: switch to rofi 
add rot8
 2024-08-11 19:44:14 +02:00
Kabbone
a6c6cb699a hosts: small fixes on lifebook init config 2024-08-10 06:20:26 +02:00
Kabbone
d83a55d62d flake update 
remove sound config due to update
fix hydraJobs after adding lifebook
 2024-08-10 06:20:23 +02:00
Kabbone
1405ee7eee apps: install android-studio 2024-08-10 06:20:20 +02:00
Kabbone
66cdd05f41 sway: add german layout 2024-08-10 06:20:16 +02:00
Kabbone
b05a692b47 hosts: fixes for initial lifebook 
add lanzaboote lifebook
 2024-08-10 06:20:09 +02:00
Kabbone
e5db869b82 lifebook: smaller fixes 2024-07-17 21:17:50 +02:00
Kabbone
cb84afaaec shell: add ssh-agent again 2024-07-15 21:31:44 +02:00
Kabbone
05b0762421 disko: add opt 2024-07-15 21:29:57 +02:00
Kabbone
0a1e17995f rename laptop to nbf5 
add lifebook
 2024-07-15 21:24:50 +02:00
Kabbone
dba8ac1eb0 flake update 2024-07-14 14:19:34 +02:00
Kabbone
dce3035653 git: add cache 2024-07-14 14:14:43 +02:00
Kabbone
9f8e15d135 add git difftastic 2024-07-14 12:59:51 +02:00
Kabbone
d5f3aa3885 restructure common sshagent 
cleanups of commented out things
move non desktop to server config
 2024-07-14 12:06:47 +02:00
Kabbone
0a775adbdc fix unstable with moving powerline to python311 2024-07-14 09:56:40 +02:00
Kabbone
8459516c95 add new wallpapers 2024-07-13 13:41:50 +02:00
Kabbone
d16898adf8 flake update 
comment out freecad because pyside is broken
set python311 to fix nose dependency in unstable
 2024-07-13 12:01:05 +02:00
Kabbone
d518e9ffe4 flake update and move all back to nixos-hardware master 2024-07-02 22:22:26 +02:00
Kabbone
4882bca4c9 flake update 2024-07-02 18:29:13 +02:00
Kabbone
3cb4ae7c50 apps: install ausweisapp 2024-06-29 07:20:28 +02:00
Kabbone
904e5a88c6 hosts: steamdeck: update to plasma6 change defaultSession 2024-06-22 11:46:35 +02:00
Kabbone
430858fb11 hosts: steamdeck: update to plasma6 typo 2024-06-22 09:15:32 +02:00
Kabbone
4fec51506d hosts: steamdeck: update to plasma6 2024-06-22 08:57:56 +02:00
Kabbone
1a76923e77 flake: fix commit for nixos-hardware and remove from steamdeck 2024-06-21 23:40:53 +02:00
Kabbone
19487f6b79 hosts: steamdeck: rename for nixpkgs option updates 2024-06-21 23:15:02 +02:00
Kabbone
daee0533d5 flake.lock: Update 
Flake lock file updates:

• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
  → 'github:Jovian-Experiments/Jovian-NixOS/a7a9774538612c75324f785ab1300e67abc039d3' (2024-06-21)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
  → 'github:NixOS/nixos-hardware/cc634b69c8312c4e88469d3c7e8fb5ecc72e7dc6' (2024-06-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
  → 'github:NixOS/nixpkgs/dd457de7e08c6d06789b1f5b88fc9327f4d96309' (2024-06-19)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
  → 'github:nixos/nixpkgs/d603719ec6e294f034936c0d0dc06f689d91b6c3' (2024-06-20)
 2024-06-21 20:43:44 +02:00
Kabbone
3484124ab4 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
  → 'github:nix-community/home-manager/d7830d05421d0ced83a0f007900898bdcaf2a2ca' (2024-06-19)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
  → 'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
  → 'github:nix-community/lanzaboote/6fa7bc0522f71d3906a3788bbd80c344cd9c4523' (2024-06-19)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
  → 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
  → 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
  → 'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
 2024-06-20 18:59:21 +02:00
Kabbone
c89ea890d1 hosts: add hydra cache to all 
fix kabtop defintion (missing ;)
remove scsi power option on jupiter vm
 2024-06-17 20:47:42 +02:00
Kabbone
9b22d5c1ba flake: add hydraJobs 2024-06-17 20:31:44 +02:00
Kabbone
801468970b flake: add hydraJobs 2024-06-17 20:02:41 +02:00
Kabbone
f30860cb34 hosts: hades: move to 2.5 Nic and change name to hostname 2024-06-17 17:56:41 +02:00
Kabbone
d754a5b1d5 flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04)
  → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
  → 'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
  → 'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
  → 'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
  → 'github:ipetkov/crane/0095fd8ea00ae0a9e6014f39c375e40c2fbd3386' (2024-06-15)
• Updated input 'lanzaboote/rust-overlay':
    'github:oxalica/rust-overlay/6dc3e45fe4aee36efeed24d64fc68b1f989d5465' (2024-06-08)
  → 'github:oxalica/rust-overlay/0043c3f92304823cc2c0a4354b0feaa61dfb4cd9' (2024-06-16)
• Updated input 'microvm':
    'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
  → 'github:astro/microvm.nix/b11f00056e11a802809935b0675176a2429593d9' (2024-06-15)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
  → 'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
  → 'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
  → 'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
 2024-06-17 17:55:45 +02:00
Kabbone
8352d5c0ba flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
  → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/3d65009effd77cb0d6e7520b68b039836a7606cf' (2024-06-09)
  → 'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f27db3a9a8c21a65c1ef50cacca3ef2bfff04cb9' (2024-06-11)
  → 'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/56ed078dc92baf72813d55dcfe399715a632bc41' (2024-06-09)
  → 'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/55e7754ec31dac78980c8be45f8a28e80e370946' (2024-06-04)
  → 'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
• Updated input 'microvm':
    'github:astro/microvm.nix/e3a4dd5b381fb580804105594cc9c71dc45abdb5' (2024-06-03)
  → 'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10)
  → 'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/47b604b07d1e8146d5398b42d3306fdebd343986' (2024-06-11)
  → 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c7b821ba2e1e635ba5a76d299af62821cbcb09f3' (2024-06-09)
  → 'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
 2024-06-14 17:23:57 +02:00
Kabbone
0cc0c7003a flake update 2024-06-11 21:50:11 +02:00
Kabbone
939f5d9433 hydra: change hydraCache URL 2024-06-11 19:54:49 +02:00
Kabbone
2cab296188 hosts: kabtop: remove hardware module 2024-06-11 17:56:04 +02:00
Kabbone
9751a6bf52 secrets: rekey 2024-06-11 17:55:44 +02:00
Kabbone
5c7d579c44 hosts: kabtopci: fix path and add mount script 2024-06-11 17:14:24 +02:00
Kabbone
998c9aa54d hosts: small fixes on kabtopci prototype 2024-06-09 15:40:51 +02:00
Kabbone
8c59339b50 hosts: small fixes on kabtopci prototype 2024-06-09 15:17:55 +02:00
Kabbone
8617ddbd3a hosts: add kabtopci prototype 2024-06-09 11:01:05 +02:00
Kabbone
b4c7b1762b hydra: fix jobs 2024-06-08 19:32:33 +02:00
Kabbone
a119ae47f0 server: services: nextcloud add maintenance window 2024-06-08 16:04:00 +02:00
Kabbone
60118fc7f7 server: services: update mautrix-signal 2024-06-08 15:47:37 +02:00
Kabbone
64a5c3e34f server: services: update mautrix-signal 2024-06-08 15:43:47 +02:00
Kabbone
a5886eb6d0 server: services: nextcloud: rework for new structure 2024-06-08 14:48:57 +02:00
Kabbone
ca8c0c8a17 services: hydra: add allowed uris 2024-06-08 14:47:20 +02:00
Kabbone
1d4a80ff86 hosts: laptop: hardware: intel-cpu already imports gpu 2024-06-08 14:30:43 +02:00
Kabbone
e32635ebb7 flake update 2024-06-08 14:07:29 +02:00
Kabbone
964379114f hosts: correct avahi 2024-06-04 21:11:04 +02:00
Kabbone
6b5f86c9ab dmz: services: nginx: add recommendedSettings and fix Hydra 2024-06-04 21:06:44 +02:00
Kabbone
d7c142e2ab apps: alacritty: remove offset 2024-06-04 19:42:43 +02:00
Kabbone
90201b355c hydra: add desktop job 2024-06-04 19:01:29 +02:00
Kabbone
2ee496c5e9 hydra: add desktop job 2024-06-03 21:35:31 +02:00
Kabbone
a901a661f9 services: hydraCache: add substituter and remove rocm from steamdeck 2024-06-03 21:29:23 +02:00
Kabbone
3500f3d3a8 flake update with code adjustments 2024-06-03 20:24:22 +02:00
Kabbone
7fe7eeabf9 apps: desktop: add orca-slicer 2024-06-03 18:31:33 +02:00
Kabbone
b952606f1f flake remove nixvim and update to 24.05 2024-06-03 18:31:00 +02:00
Kabbone
2e7b1499cb services: hydraCache: typo 2024-06-02 21:32:33 +02:00
Kabbone
8b07092084 services: hydraCache: update address 2024-06-02 21:30:27 +02:00
Kabbone
c8b76b289a hosts: dmz: acme: use quad9 2024-06-02 18:36:56 +02:00
Kabbone
54aeb48839 hosts: dmz: acme: increase propagation timeout, use wildcard 2024-06-02 12:27:03 +02:00
Kabbone
5824207566 hosts: dmz: acme: increase propagation timeout 2024-05-31 21:40:26 +02:00
Kabbone
9d795ae38e hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:56:09 +02:00
Kabbone
2b30c68a54 hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:42:16 +02:00
Kabbone
cb7412e749 hosts: dmz: acme: set timeouts 2024-05-31 20:02:54 +02:00
Kabbone
e8f6f4e96f services: hydra: fix reverse proxy and firewall 2024-05-31 19:46:43 +02:00
Kabbone
40fdd49224 services: hydra: create acme and reverse proxy -- fix api 2024-05-31 18:31:12 +02:00
Kabbone
b1cf3d2399 services: hydra: create acme and reverse proxy -- fix path and api 2024-05-31 18:27:51 +02:00
Kabbone
01091ff377 services: hydra: create acme and reverse proxy 2024-05-31 18:07:39 +02:00
Kabbone
b20dc93d47 hosts: desktops: disable auto upgrade 2024-05-29 10:01:06 +02:00
Kabbone
fa914bce1d test hydra jobs 
test hydra jobs

test hydra jobs

test hydra jobs

test hydra jobs

hydra add signing key

flake restructure

secrets: rekey

secrets: rekey

hydra fix key path

hydra fix key path

services: hydra: typo in nix.conf
 2024-05-29 09:58:44 +02:00
Kabbone
9f9d8e3a3b flake update 2024-05-26 09:30:09 +02:00
Kabbone
e02e66a4bb hosts: steamdeck: add hydraCache 2024-05-26 09:14:01 +02:00
85 changed files with 1908 additions and 832 deletions
Expand all files Collapse all files

4
disko/btrfs_luks.nix
View File

@@ -47,6 +47,10 @@
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@opt" = {
mountpoint = "/opt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];

11
disko/mount.sh Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
disk="/dev/vda"
mountpoint="/mnt"
mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap

428
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1715290355, "lastModified": 1723293904,
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,6 +23,21 @@
"type": "github" "type": "github"
} }
}, },
"catppuccin": {
"locked": {
"lastModified": 1728407414,
"narHash": "sha256-B8LaxUP93eh+it8RW1pGq4SsU2kj7f0ipzFuhBvpON8=",
"owner": "catppuccin",
"repo": "nix",
"rev": "96cf8b4a05fb23a53c027621b1147b5cf9e5439f",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"crane": { "crane": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -31,11 +46,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711299236, "lastModified": 1721842668,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=", "narHash": "sha256-k3oiD2z2AAwBFLa4+xfU+7G5fisRXfkvrMTCJrjZzXo=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "880573f80d09e18a11713f402b9e6172a085449f", "rev": "529c1a0b1f29f0d78fa3086b8f6a134c71ef3aaf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -66,28 +81,6 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -104,36 +97,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@@ -142,11 +105,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709336216, "lastModified": 1719994518,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -155,42 +118,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@@ -209,42 +136,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -267,28 +158,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -317,11 +186,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1715930644, "lastModified": 1728584964,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", "narHash": "sha256-40093uJyc+pf0CaOtbj5dDiyL0PQ7c5pmnGkfO6Q/hw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", "rev": "d47d33254fbf4fdbdee9f1f14095f689662e479d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -337,48 +206,27 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1715381426, "lastModified": 1726989464,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1708968331, "lastModified": 1727649413,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=", "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30", "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -395,11 +243,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716107076, "lastModified": 1728410210,
"narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=", "narHash": "sha256-vn6qupt1U0M6Hf3eXhK3/K4Du0Z7A60qYS1G14QsRY8=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f", "rev": "a25f915ec05196d15e3f7f8555ffb612d4f1045d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -413,7 +261,6 @@
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -421,11 +268,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1713369831, "lastModified": 1728199407,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=", "narHash": "sha256-x4G0ja//3pT/epOvwxKR1XB7GAW7Yuwiy6RYCOgRjuQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015", "rev": "0bc127c631999c9555cae2b0cdad2128ff058259",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -437,18 +284,18 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1715787097, "lastModified": 1728349983,
"narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=", "narHash": "sha256-VRQm46/W29z87IeITfvxIrS6LUEItgDtEDzqVX59q0E=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "fa673bf8656fe6f28253b83971a36999bc9995d2", "rev": "470537e671d743f40812b9c071a4130eabdb3deb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -457,27 +304,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715901937,
"narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -502,11 +328,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1716034089, "lastModified": 1728269138,
"narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=", "narHash": "sha256-oKxDImsOvgUZMY4NwXVyUc/c1HiU2qInX+b5BU0yXls=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "b55712de78725c8fcde422ee0a0fe682046e73c3", "rev": "ecfcd787f373f43307d764762e139a7cdeb9c22b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -518,43 +344,43 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1716061101, "lastModified": 1728500571,
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1710695816, "lastModified": 1720386169,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3", "rev": "194846768975b7ad2c4988bdb82572c00222c0d7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1715961556, "lastModified": 1728492678,
"narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -564,71 +390,12 @@
"type": "github" "type": "github"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1716125991,
"narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715870890,
"narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
"lanzaboote", "lanzaboote",
"flake-compat" "flake-compat"
], ],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@@ -637,11 +404,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1710923068, "lastModified": 1721042469,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=", "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673", "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -653,6 +420,7 @@
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"catppuccin": "catppuccin",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"home-manager-unstable": "home-manager-unstable", "home-manager-unstable": "home-manager-unstable",
"impermanence": "impermanence", "impermanence": "impermanence",
@@ -661,27 +429,22 @@
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable"
"nixvim": "nixvim"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1711246447, "lastModified": 1722219664,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=", "narHash": "sha256-xMOJ+HW4yj6e69PvieohUJ3dBSdgCfvI0nnCEe6/yVc=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4", "rev": "a6fbda5d9a14fb5f7c69b8489d24afeb349c7bb4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -693,11 +456,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1708358594, "lastModified": 1720264467,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", "narHash": "sha256-xzM92n3Q9L90faJIJrkrTtTx+JqCGRHMkHWztkV4PuY=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", "rev": "fb59d42542049f586c84b0f8bb86ff3be338e9d3",
"revCount": 614, "revCount": 674,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@@ -735,57 +498,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

59
flake.nix
View File

@@ -12,7 +12,7 @@
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = # All flake references used to build my NixOS setup. These are dependencies.
{ {
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = { microvm = {
@@ -23,7 +23,7 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -38,37 +38,42 @@
}; };
jovian-nixos = { jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS"; url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/master"; url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
catppuccin = {
url = "github:catppuccin/nix";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, catppuccin, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
let # Variables that can be used in the config files rec {
user = "kabbone"; nixosConfigurations = ( # NixOS configurations
userdmz = "diablo"; import ./hosts { # Imports ./hosts/default.nix
userserver = "mephisto"; inherit (nixpkgs) lib;
location = "$HOME/.setup"; inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote catppuccin; # Also inherit home-manager so it does not need to be defined here.
in # Use above variables in ... nix.allowedUsers = [ "@wheel" ];
{ security.sudo.execWheelOnly = true;
nixosConfigurations = ( # NixOS configurations }
import ./hosts { # Imports ./hosts/default.nix );
inherit (nixpkgs) lib; hydraJobs = {
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here. "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
nix.allowedUsers = [ "@wheel" ]; "hades" = nixosConfigurations.hades.config.system.build.toplevel;
security.sudo.execWheelOnly = true; "nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
} "jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
); "lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
"nbf5" = nixosConfigurations.nbf5.config.system.build.toplevel;
"kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
};
}; };
} }

48
hosts/configuration_desktop.nix
View File

@@ -58,12 +58,12 @@
# }; # };
}; };
sound = { # ALSA sound enable #sound = { # ALSA sound enable
#enable = true; # #enable = true;
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true; # mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
enable = true; # enable = true;
}; # };
}; #};
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
@@ -95,6 +95,7 @@
pciutils pciutils
usbutils usbutils
wget wget
file
powertop powertop
cpufrequtils cpufrequtils
lm_sensors lm_sensors
@@ -108,7 +109,7 @@
age-plugin-yubikey age-plugin-yubikey
pwgen pwgen
cryptsetup cryptsetup
powerline python311Packages.powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
@@ -116,6 +117,8 @@
linuxPackages_latest.cpupower linuxPackages_latest.cpupower
btop btop
sbctl sbctl
ausweisapp
e2fsprogs
]; ];
}; };
@@ -131,23 +134,13 @@
}; };
openssh = { # SSH: secure shell (remote connection to shell of server) openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip> enable = true; # local: $ ssh <user>@<ip>
# public: settings = {
# - port forward 22 TCP to server PasswordAuthentication = false;
# - in case you want to use the domain name insted of the ip: PermitRootLogin = "no";
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy };
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
# extraConfig = '' # extraConfig = ''
# HostKeyAlgorithms +ssh-rsa # HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole # ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
}; };
pcscd.enable = true; pcscd.enable = true;
yubikey-agent.enable = true; yubikey-agent.enable = true;
@@ -162,6 +155,17 @@
fwupd.enable = true; fwupd.enable = true;
}; };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
};
#xdg.portal = { # Required for flatpak #xdg.portal = { # Required for flatpak
# enable = true; # enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; # extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@@ -185,7 +189,7 @@
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
enable = true; enable = false;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config"; flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m"; randomizedDelaySec = "5m";
allowReboot = true; allowReboot = true;

23
hosts/configuration_server.nix
View File

@@ -13,8 +13,6 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
[ [
#../modules/editors/nvim # ! Comment this out on first install ! #../modules/editors/nvim # ! Comment this out on first install !
@@ -49,19 +47,22 @@
keyMap = "us"; # or us/azerty/etc keyMap = "us"; # or us/azerty/etc
}; };
security.rtkit.enable = true; security = {
security.pki.certificateFiles = [ rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
]; ];
};
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
cascadia-code
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
intel-one-mono
cascadia-code
(nerdfonts.override { # Nerdfont Icons override (nerdfonts.override { # Nerdfont Icons override
fonts = [ fonts = [
"FiraCode" "FiraCode"
@@ -74,6 +75,7 @@
TERMINAL = "alacritty"; TERMINAL = "alacritty";
EDITOR = "nvim"; EDITOR = "nvim";
VISUAL = "nvim"; VISUAL = "nvim";
BROWSER = "firefox";
}; };
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [ # Default packages install system-wide
vim vim
@@ -90,13 +92,15 @@
agenix.packages.x86_64-linux.default agenix.packages.x86_64-linux.default
ffmpeg ffmpeg
smartmontools smartmontools
powerline cryptsetup
python311Packages.powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv
linuxPackages_latest.cpupower
btop btop
htop htop
direnv
]; ];
}; };
@@ -132,6 +136,9 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update

97
hosts/default.nix
View File

@@ -11,9 +11,14 @@
# └─ ./home.nix # └─ ./home.nix
# #
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: { lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, catppuccin, ... }:
let let
user = "kabbone";
userdmz = "diablo";
userserver = "mephisto";
location = "$HOME/.setup";
system = "x86_64-linux"; # System architecture system = "x86_64-linux"; # System architecture
pkgs = import nixpkgs { pkgs = import nixpkgs {
@@ -26,26 +31,27 @@ let
in in
{ {
desktop = lib.nixosSystem { # Desktop profile hades = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; }; specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote catppuccin; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop ./desktop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix
../modules/hardware/remoteBuilder.nix ../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
catppuccin.nixosModules.catppuccin
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user catppuccin; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./desktop/home.nix)]; imports = [(import ./home.nix)] ++ [(import ./desktop/home.nix)];
}; };
@@ -53,24 +59,48 @@ in
]; ];
}; };
laptop = lib.nixosSystem { # Laptop profile lifebook = lib.nixosSystem { # Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; }; specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote catppuccin; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./laptop lanzaboote.nixosModules.lanzaboote
./lifebook
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
catppuccin.nixosModules.catppuccin
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user catppuccin; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)]; imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
};
}
];
};
nbf5 = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix catppuccin; };
modules = [
agenix.nixosModules.default
./nbf5
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
catppuccin.nixosModules.catppuccin
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user catppuccin; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./nbf5/home.nix)];
}; };
} }
]; ];
@@ -78,22 +108,20 @@ in
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; }; specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote catppuccin; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
jovian-nixos.nixosModules.default jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./steamdeck ./steamdeck
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd catppuccin.nixosModules.catppuccin
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager { home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user catppuccin; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)]; imports = [(import ./home.nix)] ++ [(import ./steamdeck/home.nix)];
}; };
@@ -109,6 +137,7 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./server ./server
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@@ -131,6 +160,7 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./kabtop ./kabtop
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@@ -151,8 +181,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./nasbackup ./nasbackup
./configuration_desktop.nix ./configuration_server.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@@ -173,8 +203,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./jupiter ./jupiter
./configuration_desktop.nix ./configuration_server.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@@ -189,6 +219,28 @@ in
]; ];
}; };
kabtopci = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
};
}
];
};
dmz = lib.nixosSystem { # Desktop profile dmz = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
@@ -197,6 +249,7 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./dmz ./dmz
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {

36
hosts/desktop/default.nix
View File

@@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, lib, nixvim, ... }: { config, nixpkgs, pkgs, user, lib, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
@@ -61,17 +61,6 @@
# ]; # ];
# }; # };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
};
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
@@ -79,15 +68,15 @@
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; drivers = [ pkgs.gutenprint ];
}; };
#avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
# enable = true; enable = true;
# nssmdns = true; nssmdns4 = true;
# publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
# enable = true; enable = true;
# addresses = true; addresses = true;
# userServices = true; userServices = true;
# }; };
#}; };
hardware.openrgb = { hardware.openrgb = {
enable = true; enable = true;
motherboard = "amd"; motherboard = "amd";
@@ -95,9 +84,4 @@
}; };
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
} }

34
hosts/desktop/hardware-configuration.nix
View File

@@ -34,6 +34,7 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@@ -56,6 +57,32 @@
}; };
}; };
}; };
bak = {
onCalendar = "daily";
settings = {
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
}; };
}; };
@@ -121,13 +148,18 @@
networkmanager = { networkmanager = {
enable = false; enable = false;
}; };
firewall = {
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
};
}; };
systemd.network = { systemd.network = {
enable = true; enable = true;
networks = { networks = {
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp34s0"; matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {

7
hosts/desktop/home.nix
View File

@@ -31,12 +31,11 @@
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop element-desktop
nheko #nheko
pulsemixer pulsemixer
#yubioath-flutter #yubioath-flutter
nitrokey-app nitrokey-app
kicad kicad
yuzu-mainline
# Display # Display
#light # xorg.xbacklight not supported. Other option is just use xrandr. #light # xorg.xbacklight not supported. Other option is just use xrandr.
@@ -47,10 +46,6 @@
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets services = { # Applets
blueman-applet.enable = true; # Bluetooth blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network network-manager-applet.enable = true; # Network

5
hosts/dmz/default.nix
View File

@@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/dmz) ++ # Server Services (import ../../modules/services/dmz); # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@@ -48,7 +47,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

7
hosts/dmz/hardware-configuration.nix
View File

@@ -83,11 +83,14 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ]; #domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
}; };
dns = [
"192.168.101.1"
];
}; };
}; };
}; };
@@ -97,7 +100,7 @@
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
allowedTCPPorts = [ ]; allowedTCPPorts = [ 80 443 ];
}; };
}; };

82
hosts/fuji/default.nix Normal file
View File

@@ -0,0 +1,82 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

138
hosts/fuji/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,138 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
};
firewall = {
enable = true;
#allowedUDPPorts = [ 24727 ];
#allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

45
hosts/fuji/home.nix Normal file
View File

@@ -0,0 +1,45 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
#nheko
pulsemixer
];
};
services = { # Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

72
hosts/home.nix
View File

@@ -15,10 +15,12 @@
# └─ default.nix # └─ default.nix
# #
{ config, lib, pkgs, user, ... }: { config, lib, pkgs, user, catppuccin, ... }:
#{ config, lib, pkgs, user, ... }:
{ {
imports = # Home Manager Modules imports =
[ catppuccin.homeManagerModules.catppuccin ] ++
(import ../modules/editors) ++ (import ../modules/editors) ++
(import ../modules/programs) ++ (import ../modules/programs) ++
(import ../modules/programs/configs) ++ (import ../modules/programs/configs) ++
@@ -52,7 +54,6 @@
# VideAudio # VideAudio
mpv # Media Player mpv # Media Player
youtube-dl
# Apps # Apps
galculator galculator
@@ -73,14 +74,17 @@
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files unzip # Zip files
unrar # Rar files unrar # Rar files
papirus-icon-theme epapirus-icon-theme
arc-theme
# Genel configuration # General configuration
keepassxc keepassxc
libreoffice libreoffice
gimp
# Flatpak # Flatpak
prusa-slicer prusa-slicer
orca-slicer
#vscodium #vscodium
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
@@ -90,25 +94,67 @@
#ms-python.python #ms-python.python
ms-vscode.cpptools ms-vscode.cpptools
dracula-theme.theme-dracula dracula-theme.theme-dracula
catppuccin.catppuccin-vsc #catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons #catppuccin.catppuccin-vsc-icons
]; ];
}) })
sdkmanager
android-tools
]; ];
file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg; file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
pointerCursor = { # This will set cursor systemwide so applications can not choose their own # pointerCursor = { # This will set cursor systemwide so applications can not choose their own
name = "Dracula-cursors"; # name = "Dracula-cursors";
package = pkgs.dracula-theme; # package = pkgs.dracula-theme;
size = 16; # size = 16;
gtk.enable = true; # gtk.enable = true;
}; # };
stateVersion = "23.05"; stateVersion = "23.05";
}; };
catppuccin = {
enable = false;
accent = "lavender";
flavor = "mocha";
pointerCursor.enable = true;
};
gtk.catppuccin = {
enable = true;
accent = "lavender";
flavor = "mocha";
icon = {
enable = true;
accent = "lavender";
flavor = "mocha";
};
};
qt.style.catppuccin = {
enable = true;
accent = "lavender";
flavor = "mocha";
apply = true;
};
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
alacritty = {
settings.font.size = 11;
catppuccin = {
enable = true;
flavor = "mocha";
};
};
btop = {
catppuccin = {
enable = true;
flavor = "mocha";
};
};
swaylock.catppuccin.enable = false;
}; };

4
hosts/jupiter/default.nix
View File

@@ -53,7 +53,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
@@ -61,7 +61,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

44
hosts/jupiter/hardware-configuration.nix
View File

@@ -50,6 +50,7 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@@ -188,35 +189,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = { networking = {
hostName = "jupiter"; hostName = "jupiter";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
networkmanager = { useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];
@@ -228,7 +218,7 @@
powerManagement = { powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave"; cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true; powertop.enable = true;
scsiLinkPolicy = "med_power_with_dipm"; #scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = '' powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
''; '';

23
hosts/kabtop/default.nix
View File

@@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server) ++ # Server Services (import ../../modules/services/server); # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@@ -62,22 +61,22 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer #avahi = { # Needed to find wireless printer
enable = true; # enable = true;
nssmdns = true; # nssmdns = true;
publish = { # Needed for detecting the scanner # publish = { # Needed for detecting the scanner
enable = true; # enable = true;
addresses = true; # addresses = true;
userServices = true; # userServices = true;
}; # };
}; #};
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;

45
hosts/kabtopci/default.nix Normal file
View File

@@ -0,0 +1,45 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker
(import ../../modules/services/kabtopci); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
}

108
hosts/kabtopci/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,108 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "195.90.221.87";
prefixLength = 22;
} ];
ipv6.addresses = [ {
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "195.90.220.1";
defaultGateway6 = {
address = "2a00:6800:3::1";
interface = "ens3";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtopci/home.nix Normal file
View File

@@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

94
hosts/lifebook/default.nix Normal file
View File

@@ -0,0 +1,94 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ lib, config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
];
};
programs = { # No xbacklight, this is the alterantive
light.enable = true;
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
tailscale.enable = true;
};
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
}

194
hosts/lifebook/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,194 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" ];
extraModprobeConfig = ''
options i915 enable_guc=3
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
powerManagement = {
powerDownCommands = "${pkgs.kmod}/bin/rmmod intel_lpss_pci";
resumeCommands = "${pkgs.kmod}/bin/modprobe intel_lpss_pci";
};
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
checkReversePath = false;
enable = true;
allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
powertop.enable = true;
};
}

53
hosts/lifebook/home.nix Normal file
View File

@@ -0,0 +1,53 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

2
hosts/nas/default.nix
View File

@@ -53,7 +53,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };

4
hosts/nasbackup/default.nix
View File

@@ -45,7 +45,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
@@ -53,7 +53,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

45
hosts/nasbackup/hardware-configuration.nix
View File

@@ -92,7 +92,7 @@
ssh_user = "btrbk"; ssh_user = "btrbk";
volume = { volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = { "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/Mars"; target = "/mnt/nas/Backups/Mars";
subvolume = { subvolume = {
"@nas" = {}; "@nas" = {};
@@ -100,7 +100,7 @@
}; };
}; };
volume = { volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = { "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto"; target = "/mnt/nas/Backups/Pluto";
subvolume = { subvolume = {
"@/Games" = {}; "@/Games" = {};
@@ -198,35 +198,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = { networking = {
hostName = "nasbak"; hostName = "nasbak";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
networkmanager = { useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];

10
hosts/laptop/default.nix → hosts/nbf5/default.nix
View File

@@ -58,15 +58,7 @@
}; };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
}; };
services = { services = {
@@ -86,7 +78,7 @@
}; };
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

0
hosts/laptop/hardware-configuration.nix → hosts/nbf5/hardware-configuration.nix
View File

0
hosts/laptop/home.nix → hosts/nbf5/home.nix
View File

20
hosts/server/default.nix
View File

@@ -57,22 +57,22 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer #avahi = { # Needed to find wireless printer
enable = true; # enable = true;
nssmdns = true; # nssmdns = true;
publish = { # Needed for detecting the scanner # publish = { # Needed for detecting the scanner
enable = true; # enable = true;
addresses = true; # addresses = true;
userServices = true; # userServices = true;
}; # };
}; #};
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;

8
hosts/steamdeck/default.nix
View File

@@ -59,15 +59,7 @@
# }; # };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryFlavor = "curses";
};
}; };
services = { services = {

42
hosts/steamdeck/hardware-configuration.nix
View File

@@ -19,7 +19,7 @@
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ]; kernelModules = [ ];
systemd.enable = true; systemd.enable = true;
luks = { luks = {
@@ -50,26 +50,26 @@
udev.extraRules = '' udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
''; '';
};
services.btrbk = { btrbk = {
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
settings = { settings = {
incremental = "yes"; incremental = "yes";
snapshot_create = "ondemand"; snapshot_create = "ondemand";
snapshot_dir = "@snapshots"; snapshot_dir = "@snapshots";
timestamp_format = "long"; timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = { volume = {
"/mnt/snapshots/root" = { "/mnt/snapshots/root" = {
snapshot_create = "always"; snapshot_create = "always";
subvolume = { subvolume = {
"@home" = {}; "@home" = {};
};
}; };
}; };
}; };
@@ -171,9 +171,9 @@
#nameservers = [ "192.168.0.4" ]; #nameservers = [ "192.168.0.4" ];
firewall = { firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
# enable = false; enable = true;
# #allowedUDPPorts = [ 53 67 ]; allowedUDPPorts = [ 24727 ];
# #allowedTCPPorts = [ 53 80 443 9443 ]; allowedTCPPorts = [ 24727 ];
}; };
}; };

4
hosts/steamdeck/home.nix
View File

@@ -43,10 +43,6 @@
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets services = { # Applets
}; };

5
modules/hardware/backup.nix
View File

@@ -9,7 +9,10 @@
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ]; roles = [ "source" "info" "send" ];
} }
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = [ "target" "info" "receive" ];
}
]; ];
extraPackages = [ pkgs.lz4 ];
}; };
} }

19
modules/hardware/hydraCache.nix Normal file
View File

@@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
nix = {
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
];
extra-substituters = [
"https://cache.ci.kabtop.de"
];
#extra-trusted-substituters = [
# "https://cache.home.opel-online.de"
#];
};
};
}

5
modules/programs/alacritty.nix
View File

@@ -15,6 +15,7 @@
enable = true; enable = true;
package = pkgs.alacritty; package = pkgs.alacritty;
settings = { settings = {
env.term = "screen-256color";
font = rec { # Font - Laptop has size manually changed at home.nix font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "FiraCode Nerd Font"; #normal.family = "FiraCode Nerd Font";
normal.family = "Cascadia Code"; normal.family = "Cascadia Code";
@@ -22,10 +23,6 @@
#bold = { style = "Bold"; }; #bold = { style = "Bold"; };
# size = 8; # size = 8;
}; };
offset = { # Positioning
x = -1;
y = 0;
};
}; };
}; };
}; };

2
modules/programs/default.nix
View File

@@ -12,7 +12,7 @@
[ [
./alacritty.nix ./alacritty.nix
./rofi.nix # ./rofi.nix
./firefox.nix ./firefox.nix
#./waybar.nix #./waybar.nix
#./games.nix #./games.nix

90
modules/services/dmz/hydra.nix
View File

@@ -1,11 +1,91 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
{ {
services.hydra = { services = {
enable = true; hydra = {
hydraURL = "http://localhost:3000"; enable = true;
notificationSender = "hydra@localhost"; hydraURL = "https://hydra.home.opel-online.de";
useSubstitutes = true; listenHost = "127.0.0.1";
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
}; };
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
} }

1
modules/services/dunst.nix
View File

@@ -27,6 +27,7 @@ in
services.dunst = { services.dunst = {
enable = true; enable = true;
catppuccin.enable = true;
settings = { settings = {
global = { global = {
monitor = 0; monitor = 0;

19
modules/services/kabtopci/default.nix Normal file
View File

@@ -0,0 +1,19 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

59
modules/services/kabtopci/gitea_runner.nix Normal file
View File

@@ -0,0 +1,59 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

82
modules/services/kabtopci/hydra.nix Normal file
View File

@@ -0,0 +1,82 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

129
modules/services/kabtopci/microvm.nix Normal file
View File

@@ -0,0 +1,129 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 3096;
balloonMem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

1
modules/services/server/default.nix
View File

@@ -17,7 +17,6 @@
./nextcloud.nix ./nextcloud.nix
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./jitsi.nix
./ollama.nix ./ollama.nix
] ]

20
modules/services/server/nextcloud.nix
View File

@@ -9,15 +9,19 @@
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
https = true; https = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud29;
database.createLocally = false; database.createLocally = false;
logType = "file"; notify_push.enable = true;
caching = { caching = {
redis = true; redis = true;
apcu = false; apcu = false;
}; };
extraOptions = { settings = {
log_type = "file";
logfile = "nextcloud.log"; logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
redis = { redis = {
host = "/run/redis-nextcloud/redis.sock"; host = "/run/redis-nextcloud/redis.sock";
port = 0; port = 0;
@@ -25,6 +29,7 @@
"memcache.local" = "\\OC\\Memcache\\Redis"; "memcache.local" = "\\OC\\Memcache\\Redis";
"memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis";
"maintenance_window_start" = "1";
}; };
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
@@ -34,8 +39,6 @@
adminuser = "kabbone"; adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path; adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path; dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
overwriteProtocol = "https";
defaultPhoneRegion = "DE";
}; };
phpOptions = { phpOptions = {
"opcache.interned_strings_buffer" = "16"; "opcache.interned_strings_buffer" = "16";
@@ -69,9 +72,10 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
"${config.services.onlyoffice.hostname}".listen = [ { "${config.services.onlyoffice.hostname}" = {
addr = "127.0.0.1"; port = 8080; enableACME = true;
} ]; forceSSL = true;
};
}; };
}; };

2
modules/shell/git.nix
View File

@@ -16,7 +16,9 @@
}; };
extraConfig = { extraConfig = {
gpg = { format = "ssh"; }; gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
}; };
difftastic.enable = true;
}; };
}; };
} }

20
modules/shell/tmux.nix
View File

@@ -19,22 +19,22 @@
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; [
yank yank
sidebar sidebar
{ # {
# plugin = dracula; # plugin = dracula;
# extraConfig = " # extraConfig = "
# set -g @dracula-show-powerline true # set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time' # set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true # set -g @dracula-border-contrast true
# "; # ";
plugin = catppuccin; # plugin = catppuccin;
extraConfig = " # extraConfig = "
set -g @catppuccin_flavour 'macchiato' # set -g @catppuccin_flavour 'macchiato'
set -g @catppuccin_window_tabs_enabled 'on' # set -g @catppuccin_window_tabs_enabled 'on'
set -g @catppuccin_host 'on' # set -g @catppuccin_host 'on'
set -g @catppuccin_user 'on' # set -g @catppuccin_user 'on'
set -g @catppuccin_date_time '%Y-%m-%d %H:%M' # set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
"; # ";
} # }
]; ];
extraConfig = '' extraConfig = ''
set -g mouse on set -g mouse on

7
modules/shell/zsh.nix
View File

@@ -9,7 +9,7 @@
zsh = { zsh = {
enable = true; enable = true;
dotDir = ".config/zsh_nix"; dotDir = ".config/zsh_nix";
enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
history.size = 10000; history.size = 10000;
@@ -27,10 +27,6 @@
''; '';
initExtra = '' # Zsh theme initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit
@@ -40,6 +36,7 @@
# Swag # Swag
pfetch # Show fetch logo on terminal start pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
''; '';
}; };
}; };

7
modules/themes/.gitattributes vendored Normal file
View File

@@ -0,0 +1,7 @@
nixos-wallpaper-catppuccin-mocha.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.src.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.png filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-binary-black.png filter=lfs diff=lfs merge=lfs -text
lockwall.jpg filter=lfs diff=lfs merge=lfs -text
nuka_col.jpg filter=lfs diff=lfs merge=lfs -text
wall.jpg filter=lfs diff=lfs merge=lfs -text

BIN
modules/themes/lockwall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 285 KiB

After

Width:  |  Height:  |  Size: 131 B

BIN
modules/themes/nix-wallpaper-binary-black.png LFS Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.png LFS Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.src.svg LFS Normal file
View File

Binary file not shown.

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.svg LFS Normal file
View File

Binary file not shown.

BIN
modules/themes/nuka_col.jpg LFS Normal file
View File

Binary file not shown.

BIN
modules/themes/wall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

1
modules/themes/wall.jpg Symbolic link
View File

@@ -0,0 +1 @@
nixos-wallpaper-catppuccin-mocha.svg
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

21
modules/wm/kde/default.nix
View File

@@ -16,18 +16,19 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
flatpak flatpak
rocmPackages.clr.icd # rocmPackages.clr.icd
rocmPackages.clr # rocmPackages.clr
clinfo # clinfo
libsForQt5.discover kdePackages.discover
maliit-keyboard maliit-keyboard
]; ];
services = { services = {
packagekit.enable = true; packagekit.enable = true;
xserver = { desktopManager.plasma6.enable = true;
enable = true; # xserver = {
desktopManager.plasma5.enable = true; # enable = true;
# desktopManager.plasma5.enable = true;
# displayManager = { # displayManager = {
# gdm.wayland = true; # gdm.wayland = true;
# gdm.enable = true; # gdm.enable = true;
@@ -41,8 +42,10 @@
# autoLogin.enable = true; # autoLogin.enable = true;
# autoLogin.user = "kabbone"; # autoLogin.user = "kabbone";
# }; # };
}; # };
flatpak.enable = true; flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; udev.packages = with pkgs; [ gnome-settings-daemon ];
}; };
qt.platformTheme = "kde";
} }

1
modules/wm/kde/home.nix
View File

@@ -13,4 +13,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
} }

9
modules/wm/steam/default.nix
View File

@@ -22,7 +22,7 @@
enable = true; enable = true;
user = "kabbone"; user = "kabbone";
autoStart = true; autoStart = true;
desktopSession = "plasmawayland"; desktopSession = "plasma";
}; };
devices.steamdeck = { devices.steamdeck = {
enable = true; enable = true;
@@ -30,10 +30,9 @@
decky-loader.enable = true; decky-loader.enable = true;
}; };
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
driSupport = true; enable32Bit = true;
driSupport32Bit = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

2
modules/wm/steam/home.nix
View File

@@ -18,7 +18,7 @@
steam steam
jq jq
appimage-run appimage-run
gnome.zenity zenity
unzip unzip
fuse fuse
]; ];

4
modules/wm/sway/default.nix
View File

@@ -41,6 +41,8 @@
rocmPackages.clr rocmPackages.clr
clinfo clinfo
waybar waybar
rot8
glib
]; ];
}; };
@@ -51,7 +53,7 @@
export MOZ_WEBRENDER="1"; export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2"; export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1"; export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland"; export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD"; export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD"; export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland"; export XDG_SESSION_TYPE="wayland";

124
modules/wm/sway/home.nix
View File

@@ -18,8 +18,10 @@
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
catppuccin.enable = true;
checkConfig = false;
config = rec { config = rec {
menu = "${pkgs.bemenu}/bin/bemenu-run -m -1 --hf '#ffff00' --tf '#888888' --nf '#00ff40' --hb '#424242' | xargs ${pkgs.sway}/bin/swaymsg exec --"; menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons";
left = "m"; left = "m";
down = "n"; down = "n";
up = "e"; up = "e";
@@ -30,8 +32,9 @@
input = { input = {
"type:keyboard" = { "type:keyboard" = {
xkb_layout = "us"; xkb_layout = "us,de";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl,";
xkb_options = "grp:win_space_toggle";
}; };
"type:touchpad" = { "type:touchpad" = {
tap = "enabled"; tap = "enabled";
@@ -59,7 +62,7 @@
}; };
"DP-3" = { "DP-3" = {
mode = "1920x1200"; mode = "1920x1200";
pos = "2560,120"; pos = "2560,180";
}; };
#"eDP-1" = { #"eDP-1" = {
# mode = "1920x1080"; # mode = "1920x1080";
@@ -86,11 +89,11 @@
}; };
startup = [ startup = [
#{ command = "$HOME/.config/sway/scripts/2in1screen"; } { command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; }
{ command = "xrdb -load ~/.Xresources"; } { command = "xrdb -load ~/.Xresources"; }
{ command = "gsettings set org.gnome.desktop.interface gtk-theme Arc"; } # { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; }
{ command = "gsettings set org.gnome.desktop.interface icon-theme ePapirus"; } # { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; }
{ command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; } # { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; } #{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{ command = "${pkgs.thunderbird}/bin/thunderbird"; } { command = "${pkgs.thunderbird}/bin/thunderbird"; }
{ command = "${pkgs.firefox}/bin/firefox"; } { command = "${pkgs.firefox}/bin/firefox"; }
@@ -117,7 +120,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; } { command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; } { command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; } { command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; } { command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; } { command = "floating enable"; criteria = { class = "pop-up"; }; }
]; ];
@@ -154,26 +157,27 @@
"${alt}+Shift+${right}" = "move container to workspace next, workspace next"; "${alt}+Shift+${right}" = "move container to workspace next, workspace next";
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled"; "XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5 && ${config.cmds.notifications.volume}";
"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5 && ${config.cmds.notifications.volume}";
"XF86AudioMute" = "exec pulsemixer --toggle-mute && ${config.cmds.notifications.volume}";
#"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5";
#"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5";
#"XF86AudioMute" = "exec pulsemixer --toggle-mute";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5% && ${config.cmds.notifications.brightness}";
"XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5% && ${config.cmds.notifications.brightness}";
"XF86AudioPlay" = "exec playerctl play-pause"; "XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next"; "XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous"; "XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop"; "XF86AudioStop" = "exec playerctl stop";
#XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; # Sink volume raise optionally with --device
#XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
#XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
#XF86AudioPlay = "exec ~/.config/waybar/scripts/toggle-play"; # Sink volume toggle mute
#XF86AudioNext = "exec playerctl --player=spotify next"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
#XF86AudioPrev = "exec playerctl --player=spotify previous"; # Source volume toggle mute
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"${mod}+${left}" = "focus left"; "${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down"; "${mod}+${down}" = "focus down";
@@ -238,12 +242,13 @@
export MOZ_WEBRENDER="1"; export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2"; export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1"; export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland"; export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD"; export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD"; export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland"; export XDG_SESSION_TYPE="wayland";
export XDG_CURRENT_DESKTOP="sway"; export XDG_CURRENT_DESKTOP="sway";
export QT_QPA_PLATFORMTHEME="wayland-egl"; #export QT_QPA_PLATFORMTHEME="wayland-egl";
export QT_QPA_PLATFORMTHEME="qt6ct";
export GST_VAAPI_ALL_DRIVERS="1"; export GST_VAAPI_ALL_DRIVERS="1";
export GTK_THEME="Arc"; export GTK_THEME="Arc";
export _JAVA_AWT_WM_NONREPARENTING="1"; export _JAVA_AWT_WM_NONREPARENTING="1";
@@ -261,7 +266,8 @@
''; '';
}; };
programs.swaylock = { programs = {
swaylock = {
enable = true; enable = true;
settings = { settings = {
color = "000000"; color = "000000";
@@ -269,19 +275,59 @@
indicator-caps-lock = true; indicator-caps-lock = true;
show-keyboard-layout = true; show-keyboard-layout = true;
}; };
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
};
}; };
services.swayidle = { services = {
enable = true; swayidle = {
events = [ enable = true;
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; } events = [
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; } { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
]; { event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
timeouts = [ ];
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; } timeouts = [
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
]; { timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
};
swayosd.enable = true;
}; };
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
} }

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

6
secrets/secrets.nix
View File

@@ -20,7 +20,8 @@ let
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+"; server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5"; kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz"; nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/"; jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
@@ -58,6 +59,8 @@ let
]; ];
buildServer = [ buildServer = [
hades hades
kabtopci
dmz
]; ];
in in
{ {
@@ -78,6 +81,7 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/acme/opel-online.age".publicKeys = buildServer ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users; "keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }

BIN
secrets/services/acme/opel-online.age Normal file
View File

Binary file not shown.

BIN
secrets/services/coturn/static-auth.age
View File

Binary file not shown.

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

40
secrets/services/gitea/homerunner-token.age
View File

@@ -1,23 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 1fxDZw HPqtOnCf0xv43GQmB6iSSLGK6r/5pCFFZJC37ioMIw0 -> ssh-ed25519 1fxDZw 0HUT1Iujai7TJCCdN2X80080tfrGaW6Uko+zX1Pabhc
VjvteDjUqqkBas9FzZKxlA1y5/TwIB44I7yNH3KBDYA jcpujkInglyeqvUmlA7BTvlAWDLqxwZm19zCitOoXno
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Xx8tuS0ClpvIEn/diIhCInLuiNym22i0SQZCkFCz5V0FKNM0L9hzlqU2A2wLemgz L7a5HmNRuZ/tcwSLUOk5Lu6tSkHYr6UFh9eM6KY8frcfQ8RNOuNhUD5xyEwAVGXf
iy1So0jNJWGt9ylUCyPI9ucyLUgoXFXiQjaMkI85yj+xuUDHkmereRMW3AQD+2LL KyLr23tmRj/h3M/EfGCxHIWaxyr6ZhsdAOmgkTvoh2TrjdXjEuzANqBk/uMKslp1
+NHsmQQchtmQg/gCZY0MS7gq++ULDwlakAkwMP0U6T19i299eBSBL4Zoj00rKNlx EI25+MrQjxjBPXjIZLRkl+VF3sBz6lEOz4Vy5YZhG99bXJK66HfWFZSmYoKIvzNb
KLe0jbNlIe1uhVLYRfyz3S0I9z8gWDSQ8soFoqrJwKVHsO7wmH/3a0dCEWSHRRVm S/JCizrmgzF6D8It8KCz5hY4jDMT1Qkij4B14DP8fDm7XD81ugCB/hGHkkRxS3P5
MRfU/Oy7A8U+iD37z9DxSN2O6hKRLMDu/NyTXUV95ImYwOcA7ya4nShwpB7vZLop J3vGmxPFV6iDFhNlY2BXsZuXecLLzZN31u1Md44aBjjryy2og49IRn7w6UtqHgm6
Vu/BtX5HZ7JvBK3kApyR+Da5LYsBhqrDmqXqtykjn8TM0WG65jLKp5XolEcGEfUe 3Iwl322Si/cCyOmS6BjI7RNxhmuJmz5T9JqsfNahGOLFlEoBfrq5cWc55rjyOGal
KrqVMhVm+d2AijpRvsbOv13B7UmZkxBP9+6/o7uujv9nV5uSoGwv9tZn9ubeZyXo cfCsp4I4/3FhtFlULmfPXgUyPQXBvwKLvFzkMrnPeqnKAo3ydNCgR0TIYNOND5xx
U7q3MaURqbgv6YV+h/aJ1X0URmPMyjUgkCLI3HbKJV+ZQH1jbNsn0aiVU0d0MXBb mLegC4NLaZGKLg5n6HZXtdbX2EZU3MqLcki8sXjx6n1yDSrpnKABIQ+nhp3SQ7ex
cE1NIZdfrQ/+Mp14KuiKoY/ycrJPQkg+Au8LANSk/pzH/lvGO1EP50eBRz4hIqEg UXB2y2mh6runbC8FD5Wwlhl2EYpalynAMCkLwMMprsS/wkQqxiaCHMzQj6PDDt+k
RaNII+fQosyr10HPvlgMfEZQnDoG6H+Tvhgt4S6Ex9lyjKASnx/SQyRwhd9SPgDb GpRnfzzYJbqUhcPJH+YGB91v7kxBSWCORAl1fB9nmogznnz2fPHgpO810KPsVYyE
bArbSq4lJ59rqw7TX2IrkjDgvv/FMqdcxjW+kIOTWDQ 6Yj7eqPacItj1neJ5aFrD89P5fSJKL7w9Q1eoXUIUYY
-> piv-p256 grR75w A1d8pk5Qfx1xq9vApCkKKj6gx1elqSYxLezwoChk3k7Z -> piv-p256 grR75w A/YBwM0ZYXI5Hzg5GRi6sKuBGoqNbvpX4uZoOPuUa2zk
AeYO+rslswXdRJK/pwe9m3CNHIKsrRkt1lamyysDNQk 415g/yPYDj7k+K5BOBQyrqLNKEbXbRJqHDZzzYlc//g
-> piv-p256 RQguQQ AukcSmMTNQQZdr5zDOjMTnsOFZp5H5D5ohuVdIQUpUYM -> piv-p256 RQguQQ Akiqc7MtjraJ7l98dNAfc+mKcjq0fC98XuP3lFQezAab
aJqrWcaXdpfS2vakEu5vi/AMHnoUUrUpm0bRRcCxiE8 PpASEk/Zr+1CPZ+SibwGISbskcmArmz61W8bYD3JR4Y
--- fNTWHdKIXpbJsZo2WnMAPXTNMtr0hKkgivCIi1qiQps --- 5wcfHfcO0ifZvrhm6BlZ2tz5oTN8YUr5GjFqQXnVwC4
XƒŽR0jÙebMB7v6“‚Ȧ~ <EFBFBD>ºÔe÷õ%³4NBĪWíPµM
몀“8<=
2iŸ¾Š2ìJð]L×íp

BIN
secrets/services/gitea/mailerPassword.age
View File

Binary file not shown.

40
secrets/services/gitea/serverrunner-token.age
View File

@@ -1,23 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 0qfOZA UTOzjwhqcVLmpf3P/nzO3aGKzKH0YKq04sUbFvMa/FE -> ssh-ed25519 0qfOZA enugxksioeFkWvLRKcDyPrbUEt9LXsASTKOBqKgsnw0
a2MMcZXucDEXmy/uU7JapMsboImCGsUiPA2Pr/wB5yQ s3WdVVIIXBse+EZO607sqVRRejLgzFwXMdjgLZzdVDA
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Nr2g/ocV0oTbZydmcRnESyI4VOJdMGafozm80EMarbQfmeeRCfi76jxct/gpnL00 mTUJr92J0ZSEDFiuEYbMjyEY2bNIErlvqR1BfUsq4qnQxwFbIxDhlKGybiIhrBJb
P/2d/3pfvqbpuGZRg+Q/BCY0Vm2AujJ1P2UTxpnzC42iZu7qKWd5EY4z0Hok53kg xm/Pk3TUjkh/KxFWNV3ZuCsLd5mNgvPvvJ+aOnaeXQ1+rRXsPZwgWxpU3ZELND4C
McPh+pgNhugLr4Yh2KHpT27FfJpD/Pmjajg7G78Q9P5uel6SKXIW4uFO4Lp2yLC/ kD5P4F3gmBinYFbm9sJHaYhdh9WKLVhE7fKwT6X4KbPGcTnycBiQsTCyxhLA98bj
vC52XMqxLrR9moCTr72dQPzd0IIhQ2vN9EtZkBnxUW6zt3ILAYJ06VLAGvVwXIWl ZgWvmMF08YOgoAacgFHgZzA/DXAV5VcsnhFjLOOBHCTfXI+MGcXLRYQWBSIrjQHJ
0Wjs3G5g5v+H2e+Em5vIy1hdub/3orEL4racHO0m0binK/IVRJY7sjZDVDrrerFS X0RDr0W4B8LiNQ2iiW2ASYK5olQs93VZio8sRBLrJqHjCNYkBGiSIYwv2UFdOSB7
SqPORQ3a7jmuHFeHxwAlRcmh/O1gEgAnCZTZRfQzgXI+nfPEzuL0yENd/ksUPBdm igcW++FtBz9c7g5JbtU0JRoCCeyID6yG/t6MCm/wOgL/caKlNxUmPsM5bNQwExwW
q2zQSv1rrj/tLMtxk4vpG8FkPp5UctaYignvHAp95xC+TR14aDUdT4x4MGboHIxu bmXFYwzx5hM6uG0+8hUvyrbqVGMAgN9SHmnRUy/2WPs6YBVKTHyvGu/oVnify5xZ
l6Q3evVJzblwIl3JbzpP3yOA2k25Y1KI+nVDrTqAdi+Yy4jtIOA+XancIHrpLzAO 7M2kQxwx6nOKT4a70u63DrDbvd3UrwIn/2jukiwY06P+uwps2lVnf+p3B3RrzYsE
21JO1wwGtAsjUDCdhnYSyMcOiRLRHzPoK7o/BGx6b1Uqk2WmWhZnZft9MHPp2RtX He0xPwR56y8lXff5HAEA+S7KqnbIzZ0aAr0TC/COQ8nnT/PTr1cPWr0zB0yYWOJW
Gv3PBMVjz2CO+f3d8B4akPSApgQ9fw1Vje5fY0CDWdORV7tHDCKb6fmTua2d73Iz QAp63f6JqTDUb5ODje6zrGPPekDAZtkNsdgq6qKoHzM2ZHXxb5NMSbVMpXH0TCty
ANrKYonqWhjf3F9u7zzM8/xd593AH/Y+aJo+z0S+Z6I dBi55sMWfK41c27KziVSHC8buF/0ZtnBF2NFVIqXu0A
-> piv-p256 grR75w Ap4du3RBcNdRvbwjQTpP5PPXtNCRuoQePt6ULYEpNM1r -> piv-p256 grR75w A1Qb1JBvzfhB02mUokGs8UZT10vB12RHr8VrS8Rs6nOl
4Qe4c6j7df/TajuxM5Q1qnC/TCBNNI5K9WCDqD4VM1M WMXfauWrrswhgnEjSL8r2bIieDJGshHULd0l30iuzOk
-> piv-p256 RQguQQ AoR+aGTAQ6VELef54cGpukkWjeKz37tDbW93ncGWFsrI -> piv-p256 RQguQQ AkCto6VAvKVFWUPRRp3M0iQtLL6s9yIYUYjpBQecjCml
KbF1N14PYEQ28a/MePeq7hW9LAgUaNriFo6UO0eBvt4 4LoTQ0Y5j5dyPYFrS+UvPCuJWzZJ5OVQBQWFIZU36ek
--- F8GiyUf87+vhg22ldWuC2j5K8WGAK3y5lRDG6yrzBPQ --- HdU/eWJvqLOhNdj63ZRmaXfTgi4R0usp3FsbERETe88
að$ß-“¼|h.cr38ÓÉÁéPwú3üÝNhà„†B¬j !z^<5E>² bÄ8cªâ½ms­ç¤ µdåhˆælâˆNß;îöýVH£'ê-2g­/giµIlè¹Lë¡Ê¢ìAäžI3OÌ»Äòé‡7 ìÚ]û™<¬=ûÏ)Ó C@©‰<C2A9>ë{É<C389>
\Ü3û»ÐÕfòx3|ùNeÍ
=:³

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

42
secrets/services/nextcloud/adminpassFile.age
View File

@@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 8cKmhu5xTxTuvVbBhVZM2W2qzRQRVX9BSojcK6YgCys -> ssh-ed25519 neExcQ En4r80Zjlg1ClqZgn6ZrB2P1QFl+DFp9gf6KWEIJdkc
kwfUlvEPLVbaq/rjQAu4s2NhGbxFfdEeLyU1eUH2gF0 Y+w3sTwCu456QP4kwfiA2hWAiCeh90FmMTXyIrdMHFQ
-> ssh-ed25519 WiIaQQ TvRNnifxg4OPDvwvuUIdJgwrpj8KegqfjVEB/in9UEw -> ssh-ed25519 WiIaQQ QLCHeNwzAGGXAB3kkjQAUchnUu4pon8js9gwlEcSC0Q
U0iqVaHbZS/SvCH4UAzjJQ9nPiHv779v6s5PwjTxf5k htCKqKAdOzZHAHe1hssvD0MTmthMpRB8hNx+I6M+gfk
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QZHM+/KssZmfX436QJGBGbhlx36oxCg4jgdbRwa/acI2s6ppawdnFzyWZBhv/Xzk eZ0KT3qWmlANpmjWboJca4T3CAPNSl0QFK0thKZArL6MIr9Yn/a+Wvr81SlYhc8k
wYcT9c2ciuy/aEx6uX7fSAiKQbfq0d9KEp+d2xwlpL02656hJ3Jya3U4RApvEFeC ftnYOSTTq6XsRDxQ6DrN66+x1/zJSOBygw3/2IEjDyarMacV3YiiNaGMQC7OUmma
lNjyWgLKuyxYeC20f3/NMg2AnickMicbw4WCzG+HWnVCnxDe2JW+ZbXPsoBg9IbW SCwXdmw5PAwWqcyzBzb9rlZLdTjYmqVEaSC0ReaVF3qQOnFmVvSaLDOZwYcvl2qK
BO05nRKB0jonuA5NDvHZ+a/1xf/4qarj9vmwnsoK7jU6TGK2r+iPHuppC/LTgofm xhfIrWhp/csvMm7/fU2WOqVNkkx/7zn0qAT8crKhdx2SC52LmOjpa5heARfkpD2+
2kXKDP/gpRpIblHr2QukoGeWmXPGeF5PXXCPC5eor1jAhwrBTBY1hL29mhb6mK5M rvbzMmDkDAbQk2MEtRyxUhi0kYY791dLMn9Wv9S3Hsv3+wZB5YtLUeFrsGl+4koS
qvX5wvayHgIHvX73fn2oexepc3QXjazCKSdVSykj/s0N0//0fbtYJe8qIbgfeNen 7SMeAOIhBn+TLX9w8M2ydPnD1Jp0PRWndpxZoqOCOnp393Avv31Q+ohF4V5JghwR
Lvn9DgsDvQfC83Iikh3r3V4RtmHiD12gA3qxc3tZSQLftbedTbylGnMmCZr2c9w0 PHK6sJiczVsaZeeHLY6TC35unVtmPMHmIjbVwG6amPCXNzuw8eF4SpZnDPI0ifMr
4396ZfUfjXk2Px/XCiy6WBghW62QQ4Q6fGYWBViL1OWCoudNNRCfD72E3jdfj2l2 uw3nNr02rPQC0lPEdltBXgRj5EiR8OymeS/FFJ4sCpx5G3ZjS0SakbK6F0Y+dcQz
cScM+huEDU58dxpHM/6yLT+97Tta7JDpgz2ueMUfKFCUnopKNKBPoaZfFzvi+nCw QLprpFm5w4EwnuinzwpK+WQRikowuLaF2gP3Nt3rT2bcoGYV1XjehJaTTm037YGW
vRHVdt5CpN4oJc+mokWCGNt4fK5nyvyO6nDe9cHel91sfS2nCiukf8IKmEDlZQGd 0Gv7N54wt1tI0AZWCQU+hFrNennzpJHeMwZ4qjiEbrd1mO7YPoJaNvIcMbQfnxMK
jEMLZjAkuEHwa8Powxi14egunANQPgLSM5EuStDmhlU WQUWd6N2x+wlcoG5CoOOlFp6W3oaiKuEZxDrRAQ/RO4
-> piv-p256 grR75w A2nunTE+4FmZOKWQhinSlizVprH0lX81NKsVEDijzDQK -> piv-p256 grR75w AqMFmmDlrvEGlcUU78ik0tBPIvPv0HqZHAGEo7hEDhQZ
8+Rdpp1JCxbbxeTVl0WGpQHDlqb5e22zLbBkwBPDYkc 3ag//Rv9l3XG3fUkjEnZeIJbwrfv7jUacclhx3d3KrM
-> piv-p256 RQguQQ Ar8nU9oNd+TEfTsdIM4ka/J4IArbeQKfn2W93TYOkajJ -> piv-p256 RQguQQ A8lVXDBZqjbRPeCzfKm+UGEBzd1e+NIlHgWsfBTir3v1
5YnDAocS0lDBrO/M6sNWyn/Vxa1qLiudf2Via9UOUW4 Wc/PFCooD9is8CNwADtiEZYsn4A+qks5mBnPi/x6jKM
--- yDdPOHLA10Rxzl+kEyCUx/lmLZaVWucWY1Sj9rdo4hU --- MOjlIMMtopwq0writNAt2sTH+xO5erY9Y0+oV1DZLt8
Bÿ—ó s”dGÈÿ´m`ÄÎ),NU@þ ˆ³a˜Pv(½®rMôû 憫阘朻留6すW民妨堫溅戱)頴鏡隑\鲳>德bj机<05>

43
secrets/services/nextcloud/dbpassFile.age
View File

@@ -1,23 +1,24 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ VfWt68buOl2UetDKcQWuWRSOeJi4HhQxiZVI4lIfcUU -> ssh-ed25519 neExcQ UMc/GuY30kFauSyPWxxYDNXT34thxHxaxKkPAorjdlo
GTWI83cLyP2Kjd6twRpaWpBq+U/BYcfDJeljQ1CZ1bw CTYKrDC5rIHYmF3jo+0YBua+Nbqj4EAG7GvgA4Sf6so
-> ssh-ed25519 WiIaQQ nqwbWtevakrHk3sODtw7l40klSb4cIyi4uSsnpcS8QI -> ssh-ed25519 WiIaQQ OmuyNeMkttBmrX0/r0uXB8ztD0IVVgT6x9s3j6ae01g
PxfriZ8CdPhPTNtjQL3lsyjfjkpBsnmJc0TRNM1pyHM PjkPRMbGvliVSygR2/wuy/gIeWODXJ2CXioIF0khDZU
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QRSdhHdAcGlw2c1hxGNmtAp5tPcjQ7CI+v9JkOyOH9W9KF3uOfshrpkz/psFPd+s YIAz7QEZ4LNTmvAS50LgoFfXbr/6OVV1WH31AGSd53oVSmv+Q+yFrdv8tPORv83P
6eqQDAwEAgla4pO6FHj/H2PK9KDHY3j2e8BZyvJ8ZsefUsSAYJ92hcD3fdISL+kc 0+UxaiRMSrhvK82BMzISCSxVkd+LQUXI9C94Nc/ojxX93l0qneBwN8+UZ6AO3Seh
+FMx4Dlm9LSeGGqElbPotyU69t2O/WLF01HqLDVgHrlyTzWvQMhvATA5Yzcj1Izb qGoh3Kz6J58DmOr4EbX+wM3b/2uuu1AlVO5kKc1bnPYEL1iTB+xkawfARUqa7zzr
0AlA7IOE174E448/Ovo5a2T+DF0w2vLEPruH90Kvs2lui+i8yC3StgBwB6flmSfc fDhjksQUj0aHyRnla6c1olq9FO9oac+GuuALKpiVTK+rKo91cxhzrMdsWB3y3ZFp
dSR5qO0XCZ8gK/kkdsz2iZonsBCbEugQayN+EoE8vop6YlPW36EtO8IJnVnKmVEX BT1u4Abow8hsNc9OEktRr+EIScng7WQJ0eLQ9L3YheEwQJ/yLcZ7o48j0ABFpVIr
vy/Rj3dubm5Wsp2hAyeXSXx3ity5fdSJ3TVY7TiPLPlt1yik3Wggtv0DlgZK0AML VoQOwmYCah2tsVvime3je0Q5e5gIsuHXAKWBlXsLk7ypFt+bpGyybBKSc9HJkpiG
x1OJbrZRrzDZKYzxXw69+lOiV5XfVUfk9PXC+IAj3xf/dEz93b6Pief+PbOQg+tz 4Dx+0cOjdSOQMLBIziIJg/gRDEFTRPIfNOupHn4s4n7JT4W3qK4/3ZenEONYe+m5
INDWkL67/Yx6rEf41iLCsQananBV16IeM2SndRyrmT/1OCcLUR/8xqBHfOg/K0kp 39FtKlol1Cae2J7a3O+Nen7uctaEPMQ5IszF8ACKyOYtKKra5dNxF0TwWwnVZl1T
lHL7D7/neqRh2E8KOEciHgWFqWT/tV5XpyZVvA8OiYLoVbmLG55q4pexrDfQ9OgT 5noGRCCO/JTuwfs9pioNUTSPU9lZPqbnI55DiZzukH8g/0SsIOri+8iw7XAVgdel
ZDIL94VjiBDH5BmPfxLhRZP/58EhLSDH3WziIWnv6Y2Y1bAl5qiRU4tEV0RCHqyJ gNbY2d1mSTjjQ/Mx63U40fgC7YKqYRGY1VeKCEvVTnP+Ue0qLTHmiRflxLv9ZwLZ
xEeLcqI5uFwDmmt881zlyAb38oQCGq/YRXhGygwwn18 AlQQXxLmBl1PZiXCJMitppcVx11e04fevz31c1XBa58
-> piv-p256 grR75w Ayt9mI1/BJg96jlkLVjf7xhDoklNuoFe3ZeKLYzFqDPO -> piv-p256 grR75w A72KoqK+771SubG5cSFdavf38YqrlbKdr+wHcM1q+EjF
S3vFS+S4ZVC2O00P5u5GKaLtbabBPUCuuFNFFxcmmUw 5AzV1VNLpqVuyOu805GK35+ysaHuq2vrKRU7K9YeTUU
-> piv-p256 RQguQQ AqsDGN35gXkyWaKSRVATyt1Ap5gzLKiAx+UHwhVXdhhG -> piv-p256 RQguQQ A8llvet0yt0L+Alp9vauictZ5J8d8xrMUnJC4D2NEbqq
YUqypxYBQ2RYbnMclNa8PSLV6atbVRCho4wHUCZegkU X2B0Qyb1A+d1K5h0fgasyKiGJeM60eYfgwKuNBi2wWw
--- Bay62OwVx/Q8Nf5MHRu7VOWzwh1LtkWbxQytL16Y5Zg --- rqgiOhrzshOYM+kjspQnZ1bIDMVE6fsVI5W8+LvvlyE
Én(/GZvÞÑ ç!ï¦ ¾™¡<E284A2>fs×à#…¯Âv5”K_àètûk‰ë³s7PÈÚèßÂÉk ]~G<E28093>y<EFBFBD>šN!¾¨´éèºÂã`cv½¬nð.<2E>Á£¡¬*C
å<>

43
secrets/services/nextcloud/onlyofficedb.age
View File

@@ -1,24 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ XvGpJsiChcxBbL7c5CK2mUvdFHV5ypmx5tpWVfwuESg -> ssh-ed25519 neExcQ syhT5cOvQjaovEzuwtp72bIoWxOzgVCYJPJ5c7NlOCs
1WI2nm5/oPtCqXD0N2WStDOh91UT7IIS4/vFwWL6UA8 eHgYoVUbbNL3Mag3T+d/+55CEPtkUo8Rjn5TOOC52hg
-> ssh-ed25519 WiIaQQ SLJfhzdJpYzzzqFqrR67GrAuTWFJYfX10iidobo5xxs -> ssh-ed25519 WiIaQQ PvORdbqvGQY1+P7hWyEdxJfWGDBgpRzn94IRQ0BqXmQ
KF+r/AOKKLHqSf1h5AOJd/3IZTKm442ejUnWVhk04/o 90E0HvRPdOQMrNFSBXribQegGBL/55agX6vq/RvLSXY
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
AKdJLoXUUX82mhV84R8noG1qLnD/uvArV0gsYxJuS0hTnkZOyxV1XgqgH6UrgaUw LPybYGkzAp6tYx0irERxyenucSAsPW69TUEPy2CMsGlEgjOTvjPG+Vbvg+Y2+jVC
G6Q7aYbiNYMA4+6rhyWOnH8I5QRcCVEK5y8jtiyTEU3QaPAXVhEq1NpfzrsyHd7w mnE25fuz81hsfpXKbvzwY9/7EqTlZUd9oKFkHg6Qvza9hP9erue/nPNCpFwXcEE5
CB8mfSSAG9jE1owvuuubxEqx4YKu1oH9kh37GIeKmJlz67qJGqT6BnRMMxpU46xA tU4SeLt2l8TsgS3x0Z2x6TkLby1kO/cKYo/F5s+SFYl4XsAXTxRckvGt6rkGZbYD
C0+c/3CURj4N4fFtxWNVpxb8v4tUYRmA1Jq/FnqqdAqFIyw466eQVglT8YDQJvHs v+PXhpBHstImS73gFPnooMpvVE2ECpF+c7SCOzjnvREP3Cl39WX66FpJSlOGg42R
ufyR7Gnbk94qvXXg5G878eviQL2T+c/xEtVEyLeHs017dNq5FxeBBzEMwqAKshCh 7YlO1STJ39PE5A/uF6QsnXb3ZXIxG6Xq6fZysjsBF5I5AAumswGXx2d4AthRmrJ2
OtH4AJt+U0Rzq0JTIpRH/0V1exK1PM/9DL1KBQPAlfUBb9iYwKsQo6LieXS+Qowo CDgHZvIeaCFnYT5QamzTOoi0RlvS1jzazHsETI53+tDPkm2STWCVnqUJNvjxCqSK
qMTPD3xSfOD6uzmKhXCdWKZWZT6S2hwHjeXzXjYjkhErjbwjj5c2v4UpXpwdVlNN iBeAwJ0qzLZAy0RhaCh4Y7G6iKohMRJffFSGURT06Q80G/bck7lSeXdENe/OHayE
zocqPxVGCplFuiME0vLsuztiWtei2yH9ZgFKxNS/kxm8GfhyelAnAQng3r25YYwZ sqgEuOEfo4StcGm37ng8tXvbliBGwS387DNhIceBgtBSSdMcv9RgtS49ZwGW9vFM
nLgGP0bcADAgwgXGTFxlyY2qoM9MKgnbjhtfwImLlF+WbC+IOUwBDklSgq830MKO cE9Uo0bq90O9aetlsVDezr8+eB+CPVYKlLf4aeCZsvXp2M+BSeg1S0HXJXtV91/B
ZQVccNwuZoO+jivXpfGM4XApK7pUXlz/0nc8jRE7u2zXpXLqv+fLXxgTXFYlrogT nMW9oVKY78ZlyNVfcVqI232aew31gL2x+0fogGR2f35Ifj1DRX16VsKrntqtz+bY
66dmjeUBrB/kMS2IP52ZdpdO3eGY1a75H5W+DtMeAOU EQNjnD9V+FBervR0Ktd2Z8MWerLSFDpgCkai7J9FnJo
-> piv-p256 grR75w A4Gic6auHqevWiBh3WizXvYxjX6e6JToxNBXEMM5SZxL -> piv-p256 grR75w A0qVHsKtbCez6OnEWxxPl3rnNAt+K7Pm59l9x+3eD+NX
0epbF/vqJyp3Cn4Hr3ay751J1I089Hxus1vn8jgCa8g 22mZm4Nh5shFCMnOg53b6MmtgRodBoQ9vWKq/syaBZw
-> piv-p256 RQguQQ A12b6QQk3G0/ksYw0D0Rfx0DKMYK5Lnfi2q2tdtMoEfr -> piv-p256 RQguQQ AwarzhuRha8S+NAbX60sEcqy+UVI0r3bH96ZjEUX0q1Z
zqAf5KbFsPpemu2I9YaBNipQsiz2Lo3JbuxZ1gMNQl4 8lV1GXuYBr5KAAv0/e3rE9S2GIY9dTh6eNgKZ+2ML78
--- a92cT7ctHL8S0/tTCY/rkfy94THEcoaIEPL3vLrW9Z8 --- R1CnHKU/ARtD8dNqspcDwaOPXdtjgbgpuWRwOJa4swg
ú €BÐ=@ ŠA.)²õßD]hÄ·Õx!Ô¦š1ðÎZãp~ÜE|¢…†¹ ¢Úû—Ù8
u+ Tò®:¦MëäϵOã+tôX'§r…ï

43
secrets/services/nextcloud/onlyofficejwt.age
View File

@@ -1,23 +1,24 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 39vMfysEahyydxnqENrwNOZi9yWpZSIWsNQxkMFBQik -> ssh-ed25519 neExcQ PzqM1FMh0onFfVSTQq8GW0xmctrZQtnZzdofvCbYvQM
bvJK5Gya20UhZ/dWKHAQZ7CPa7v/pISwB90WJejYA5k ilNa/YO8rfztqW51dguTMSkkFITGPiFtrollMqjqxAU
-> ssh-ed25519 WiIaQQ KZ6RU6kDjHVfy5YwlmjQhH6YBVkJqrRonUl02iYA2m0 -> ssh-ed25519 WiIaQQ moFaxjs1DieJuu9tUeT6zpkbI1zTyKvDo8DiaqvHY0s
GGsCI2D1tN4lGpsHJph6pq9N8UYdG2mfIY3U9urTR08 YMeeYW+E50SEuCBr0ggsbZSMGIrbK0FGe8VmZBKs76s
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
a0oXJCsFZdtpHuZIASZUp5C96ZP1QU1I3RSpIe59hnnpGLbXZE2qntXBfQ9ojkBW EVsNggfyDRuslqwmv/gImlGV9mdSUgqNxaxQqQGGIeOJ0YyJHcWZByczJwsc6xxj
bgNdxvAcWLaYAiCbe6Bo3S9+Q2svJQlEqIZ59o2H9jh+swSoLfWgi0Blo/56B0GQ nXMCyj5BpzHmCcTnRG4EiPe5ZzAtp85AkgphiSSzZUyxcoYQdDJvOYShwjO2zIIf
UrltI0ftMhM20TaszHwmVhvo3yODcZpNhjAMNVkQuAov9BSQdgGRgivBnt1FfYYI +cvy2eNi2KnwGozylu0C2e4wUjvXV401Y5/c4qnYDiFID/Xb9uHHdOw11CKd7LNA
f6nqfrE5JVoemk72Ip4jQFVWylK7drEU9W2WlwOsF9zkHOJxdNWiaaHpmnsgOEzA fJhhX4Vo0HA1IiiDnDtDDLi6HiLxz5tYHUiwpGswi+PVnjkyWUQCZy/xHF0PmuhI
BIdVqYZTtRElqDKM3j4SdE7hL6i4fIb4QAsfX5XI09eUDQLSRGF2o3lqQ4FVx+hb Z+v9CVrz1lwJL68n1roTCkIuqw/rK9rAdiGcG6/Vs1ZNHtDH3OEOQqt7kQ/NcvnI
YE31vr6yQEObTCbrf7zmKIK5UwgQbMf8+WbCxDdxF7FqTKrg7jVhPtu+n6UsJlzv OCfl6+x5NH5jOfvMgCzvZ0gAOfNLIp5ucmKd2mBqjvH88uYXunbS3thElDk9JpPA
CXsJkKYZwyESZ5oNjCyqYkkkQP0JChl886OPFY507/Xn3gl3qj/Sh7FZyUuLZ92X Et0/ul7NH1qpOf2M8WmTw2bGbSu4WOTyyje+onLMUBuP1VhgvKBBEAWLUiDLFYUg
aTHCJ5AHGwQKFnVO1YLXWDcn0F3NIq90YHJ1NsxNvNXZJmcCyBTMtDJGq3q/6Xqz qfKYWUtYBtsVyWyNZ0SsyASE/erTmHrG3rsDF6zigaVkR5eLp08Ihtd082e+2rej
qXpVoT/9XHHStrKYvi2lut/PFMC6nciixmiNaVbE5Aok5eNhG8wUTsUVRIr8+O/i eBZIvVpxqYx2qLeUZQ7WbGxSzMr/8gupGoSz02xijU1RoLHpkkWg1L6jQ6Kn1CV1
07aQBeg7RJ7lW6oQ4/kdfufQbQHuQNchQzkdvQf3azXCXBTJ/+Z6uQuVg32MVsjq NnIVDAcainxqONWb/Lie8slyHA0JlQ/OwuxTmEpnWCkntpcjfI+7jRGMOkafizZw
fRO2BtrWjsAVThpeVAdfQb2b43wmL9HBhivqYaBK1gI h6AJ93Zzaf+DgdRDrDI/hJLv8+KFu3b7MAi5igBnREk
-> piv-p256 grR75w A9sg2H7x+75AK9ErkbqMkC06KEDy2Q34seCXCGUguz6H -> piv-p256 grR75w Ah9G0uCSRD274KZuWP5BTXXXnG3kHqscqzxfdQHvjdf2
1TchlkXOzymAT+eDr4bpwugeLQ7gAKRvdYC2xcd9DL8 GFVKRjelHN91KJ2D0k4VIaCFdYMvld7WftnoQzlLxTY
-> piv-p256 RQguQQ A364N/An/SMqBAp0yrLB0/osdlmz/MgZFG4RB6Os2fLX -> piv-p256 RQguQQ AzTeCht0CzL9Ri6iNYQ7YnCBMz6cdzIDF4RWfWOGyrIE
V4qtGLbpJrTTFWCfTMcWpuVUiLflDdxXkMqPOtG1R/k L5zwoQXxBhYWANjvIEr8lWZn2h7VLrtwq1x2X8oSitg
--- O4Xqa0RavBa09l9txN/oIQjAeZIYsur2UsxaSRmhAdE --- dKa6XX5q0nhCjTaNRCLuKYogM7roKgNNe7l5oQl2VnM
«à´<>`˜Ñò°DkÚÊ/9¤ÊÀo Qz#fINª¶J<C2B6>ú3•KoÚµ@§>·Zzê²Ip•ÃÚhäû é=w×<07>ä˜Hܲ¹»FÇìǼA'»¦§
UÃyO

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.