Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:refactor
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor
..
compare: Kabbone:main
Branches Tags
Kabbone:main
Kabbone:dev
Kabbone:refactor

209 Commits
refactor ... main

Author SHA1 Message Date
Kabbone
f68c0e2daf
flake update 2025-03-11 20:07:49 +01:00
Kabbone
141a9cd704
fix key exchange 2025-03-03 16:55:53 +01:00
Kabbone
8a31f33087
flake update 2025-03-02 20:03:41 +01:00
Kabbone
f365a09d38
desktop: remove orac-slicer for flatpak version 2025-02-21 19:14:51 +01:00
Kabbone
a5585a90e6
desktop: enable flatpak everywhere 2025-02-21 19:14:22 +01:00
Kabbone
ca12ea728f
flake update 2025-02-21 17:54:12 +01:00
Kabbone
06bf555d1d
flake update 2025-02-13 18:33:28 +01:00
Kabbone
a4ce109c3d
desktop: switch to networkmanager 2025-02-13 18:31:48 +01:00
Kabbone
5e5ff474a6
sway: change monitor setup 2025-02-13 18:30:48 +01:00
Kabbone
0292b3add3
desktop: add linux-firmware 2025-02-10 12:28:53 +01:00
Kabbone
362d705679
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/18fa9f323d8adbb0b7b8b98a8488db308210ed93?narHash=sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg%3D' (2025-02-01)
  → 'github:nix-community/home-manager/433799271274c9f2ab520a49527ebfe2992dcfbd?narHash=sha256-fmhq8B3MvQLawLbMO%2BLWLcdC2ftLMmwSk%2BP29icJ3tE%3D' (2025-02-06)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/77fb0818cb42ca0db98839d47bbc6a317c286282?narHash=sha256-it7lc%2BHRSQiLV%2B3CcA%2Bc6fkr2355HyT2GGUowHdfa/E%3D' (2025-02-02)
  → 'github:Jovian-Experiments/Jovian-NixOS/4642ec1073a7417e6303484d8f2e7d29dc24a50f?narHash=sha256-P3VbO2IkEW%2B0d0pJU7CuX8e%2BobSoiDw/YCVL1mnA26w%3D' (2025-02-06)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/537286c3c59b40311e5418a180b38034661d2536?narHash=sha256-cgXDFrplNGs7bCVzXhRofjD8oJYqqXGcmUzXjHmip6Y%3D' (2025-02-02)
  → 'github:NixOS/nixos-hardware/2eccff41bab80839b1d25b303b53d339fbb07087?narHash=sha256-5yRlg48XmpcX5b5HesdGMOte%2BYuCy9rzQkJz%2Bimcu6I%3D' (2025-02-06)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f6687779bf4c396250831aa5a32cbfeb85bb07a3?narHash=sha256-5%2BHmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo%3D' (2025-02-01)
  → 'github:NixOS/nixpkgs/f5a32fa27df91dfc4b762671a0e0a859a8a0058f?narHash=sha256-7x%2BQ4xgFj9UxZZO9aUDCR8h4vyYut4zPUvfj3i%2BjBHE%3D' (2025-02-06)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/3a228057f5b619feb3186e986dbe76278d707b6e?narHash=sha256-xvTo0Aw0%2Bveek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc%3D' (2025-02-01)
  → 'github:nixos/nixpkgs/799ba5bffed04ced7067a91798353d360788b30d?narHash=sha256-ooLh%2BXW8jfa%2B91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U%3D' (2025-02-04)
 2025-02-07 18:09:38 +01:00
Kabbone
c64fa5ec25
steamdeck: sway specialication 2025-02-03 20:42:30 +01:00
Kabbone
9f3ceb8b9e
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/dae6d3460c8bab3ac9f38a86affe45b32818e764?narHash=sha256-OUoEgorFHBVnqQ2lITqs6MGN7MH4t/8hLEO29OKu6CM%3D' (2025-02-01)
  → 'github:nix-community/home-manager/18fa9f323d8adbb0b7b8b98a8488db308210ed93?narHash=sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg%3D' (2025-02-01)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/ad8f92168ff7aa442d9ca860879127251e348b2b?narHash=sha256-LHGAJW3e%2BAALTAm2W3Vw7HwBx35ioDr/PykGSSIF6JI%3D' (2025-01-31)
  → 'github:Jovian-Experiments/Jovian-NixOS/77fb0818cb42ca0db98839d47bbc6a317c286282?narHash=sha256-it7lc%2BHRSQiLV%2B3CcA%2Bc6fkr2355HyT2GGUowHdfa/E%3D' (2025-02-02)
• Updated input 'microvm':
    'github:astro/microvm.nix/bcabdfff46d3bb7806e6e358982ad457ee650fb7?narHash=sha256-kahtA02X2kRRJh0okEsIHrzxpb6NhMn4DX9orqwTCjo%3D' (2025-02-01)
  → 'github:astro/microvm.nix/f71f275bfad1a4e46d8171de00b0a834efa3d118?narHash=sha256-OX6MnQzR0t/3LDlLKTpSLE7/T3vVKrJOn00OKwXsj04%3D' (2025-02-01)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/34b64e4e1ddb14e3ffc7db8d4a781396dbbab773?narHash=sha256-6HI58PKjddsC0RA0gBQlt6ox47oH//jLUHwx05RO8g0%3D' (2025-02-01)
  → 'github:NixOS/nixos-hardware/537286c3c59b40311e5418a180b38034661d2536?narHash=sha256-cgXDFrplNGs7bCVzXhRofjD8oJYqqXGcmUzXjHmip6Y%3D' (2025-02-02)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/666e1b3f09c267afd66addebe80fb05a5ef2b554?narHash=sha256-6L%2BWXKCw5mqnUIExvqkD99pJQ41xgyCk6z/H9snClwk%3D' (2025-01-30)
  → 'github:NixOS/nixpkgs/f6687779bf4c396250831aa5a32cbfeb85bb07a3?narHash=sha256-5%2BHmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo%3D' (2025-02-01)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/9d3ae807ebd2981d593cddd0080856873139aa40?narHash=sha256-NGqpVVxNAHwIicXpgaVqJEJWeyqzoQJ9oc8lnK9%2BWC4%3D' (2025-01-29)
  → 'github:nixos/nixpkgs/3a228057f5b619feb3186e986dbe76278d707b6e?narHash=sha256-xvTo0Aw0%2Bveek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc%3D' (2025-02-01)
 2025-02-03 13:40:04 +01:00
Kabbone
95048298ad
steamdeck: add specialisation for sway 2025-02-02 20:56:24 +01:00
Kabbone
c3a45f7984
steamdeck: move orca-slicer to stable 2025-02-02 20:56:19 +01:00
Kabbone
f77140e3f5
steamdeck: move home-manager to stable 2025-02-02 19:44:55 +01:00
Kabbone
2874a9096d
remove printer 2025-02-02 19:16:44 +01:00
Kabbone
716743cdcc
flake update 2025-02-01 18:25:38 +01:00
Kabbone
3740e3401e
server: gitea: enable again 2025-01-28 11:32:20 +01:00
Kabbone
348f67244e
server: disable gitea 2025-01-26 23:16:42 +01:00
Kabbone
4032b5d7a0
Revert "server: enable onlyoffice again" 
This reverts commit 978f0a537c.
 2025-01-26 20:58:23 +01:00
Kabbone
a074ac551d
flake update 2025-01-26 20:53:22 +01:00
Kabbone
978f0a537c
server: enable onlyoffice again 2025-01-26 20:53:09 +01:00
Kabbone
42214c869c
server: fix weird dns problems in nextcloud by switching to systemd-networkd 2025-01-26 20:48:12 +01:00
Kabbone
de75077730
flake update 2025-01-26 08:38:26 +01:00
Kabbone
34570a1ecb
server: disable git indexer 2025-01-25 20:08:06 +01:00
Kabbone
d4dee15c15
desktop: put ssh askHelper to matching wm 2025-01-25 09:28:07 +01:00
Kabbone
54dac319db
flake update 2025-01-25 09:28:00 +01:00
Kabbone
820466201f
flake update and remove orca override 2025-01-19 13:52:08 +01:00
Kabbone
f2127568e0
flake update 
Signed-off-by: Kabbone <tobias@opel-online.de>
 2025-01-16 16:53:19 +01:00
Kabbone
b3729ed82b
flake update 2025-01-15 19:01:21 +01:00
Kabbone
e0687bcc28
backup: fix timers for nasback after boot 2025-01-13 17:45:09 +01:00
Kabbone
7a57d2cfec
fix backup service 2025-01-13 17:17:18 +01:00
Kabbone
fa0d427240
flake update 2025-01-12 20:23:48 +01:00
Kabbone
8f34d20c65
flake update 2025-01-12 12:22:14 +01:00
Kabbone
02272d9ec5
steamdeck: use orca-slicer fix 2025-01-12 12:21:59 +01:00
Kabbone
9440a4c6fa
flake update 2025-01-08 17:10:53 +01:00
Kabbone
37ace64728
server: nextcloud: fix typo 2025-01-08 17:10:43 +01:00
Kabbone
58f1133657
flake update 2025-01-03 19:46:06 +01:00
Kabbone
85eec3b7a5
flake update 2024-12-31 15:58:14 +01:00
Kabbone
fc852aee67
server: nextcloud: disable onlyoffice and set maxUploadSize 2024-12-31 15:57:49 +01:00
Kabbone
e590739346
server: mautrix-signal: update config 2024-12-31 13:48:35 +01:00
Kabbone
7ce839e653
server: disable ollama 2024-12-31 13:16:22 +01:00
Kabbone
97454dac5b
server: mautrix-signal: update config 2024-12-31 13:02:31 +01:00
Kabbone
67ae6e5e23
server: mautrix-signal: update config 2024-12-31 10:58:05 +01:00
Kabbone
dcb7ac9aa0
server: mautrix-whatsapp: enable encryption for now 2024-12-31 08:47:22 +01:00
Kabbone
12b581674b
server: btrbk: add var 2024-12-30 22:30:31 +01:00
Kabbone
ab205e1a98
server: mautrix-whatsapp: disable encryption for now 2024-12-30 18:29:03 +01:00
Kabbone
90f07ad8bd
server: matrix: update mautrix-whatsapp config 2024-12-30 14:28:06 +01:00
Kabbone
3d3b5c9a5f
server: matrix: update mautrix-whatsapp config 2024-12-30 14:17:19 +01:00
Kabbone
7e814bc276
server: matrix: update mautrix-whatsapp config, disable relay 2024-12-30 12:35:16 +01:00
Kabbone
25a2475b65
server: matrix: update mautrix-whatsapp config 2024-12-30 12:21:35 +01:00
Kabbone
4d890c44c3
server: matrix: update mautrix-whatsapp config 2024-12-30 12:19:12 +01:00
Kabbone
d0ba393447
server: matrix: update mautrix-whatsapp config 2024-12-30 12:14:19 +01:00
Kabbone
5a33c0ee3f
server: matrix: update mautrix-whatsapp config 2024-12-30 11:58:27 +01:00
Kabbone
9d03e1167f
server: postgresql: update to 16 2024-12-30 10:27:01 +01:00
Kabbone
d2d72a383a
update nextcloud to 30 2024-12-30 09:03:00 +01:00
Kabbone
2969562349
remove deprecated opengl option 2024-12-30 09:02:42 +01:00
Kabbone
ba60a3c637
update flake to 24.11 2024-12-30 08:56:20 +01:00
Kabbone
b25260b71e
add cachix for steamdeck 2024-12-30 08:21:33 +01:00
Kabbone
29cc48d499
flake update 2024-12-29 09:00:46 +01:00
Kabbone
1ef405296a
lifebook: change path of SSDT4 2024-12-29 09:00:31 +01:00
Kabbone
16c6d9e907
lifebook: make suspend work, DSDT override 2024-12-29 08:48:59 +01:00
Kabbone
3060cbfb77
flake update 2024-12-19 13:16:52 +01:00
Kabbone
1776697f9b
remove catppucin module 2024-12-19 13:16:40 +01:00
Kabbone
dd8159d6a4
flake update 2024-12-15 21:48:36 +01:00
Kabbone
756801607d
desktop: add module for sensors 2024-12-07 22:52:18 +01:00
Kabbone
ccabef6ed7
flake update 2024-12-07 22:51:47 +01:00
Kabbone
3b39a9d744
flake update 2024-12-03 20:51:52 +01:00
Kabbone
a631a5731a
font: remove nerdfonts 2024-12-02 19:53:59 +01:00
Kabbone
e858004e48
flake update 2024-12-02 19:16:09 +01:00
Kabbone
b587b948ef
flake update 2024-11-29 20:20:20 +01:00
Kabbone
09beb0eab5
remove nbf5 from ci 2024-11-25 19:20:31 +01:00
Kabbone
2f7ecf092b
flake update 2024-11-23 11:19:48 +01:00
Kabbone
443187fab3
flake update 2024-11-15 12:44:48 +01:00
Kabbone
e738917d07
update flake 
clean up kanshi from profile to settings
 2024-11-04 20:20:59 +01:00
Kabbone
bca8c6343a
flake update 2024-11-03 15:48:22 +01:00
Kabbone
c99d5a620e
flake update 2024-10-29 21:39:19 +01:00
Kabbone
b8434f4d45
flake update 2024-10-29 20:35:51 +01:00
Kabbone
e34f886e6c
flake update 2024-10-25 21:21:28 +02:00
Kabbone
39f9c40dbc
flake update 2024-10-22 20:46:16 +02:00
Kabbone
c4d3591ee7
services: vault: open website 2024-10-22 15:38:51 +02:00
Kabbone
da1bcdd116
services: vault: change database path 2024-10-22 15:19:06 +02:00
Kabbone
c7b183d9b1
services: acme: increase propagation 2024-10-22 14:17:51 +02:00
Kabbone
03ae8cee2e
server: postgresql: remove vault 2024-10-22 13:12:31 +02:00
Kabbone
c436a8e2b9
services: move vault to local 2024-10-22 12:43:09 +02:00
Kabbone
efc049e739
services: move vault to local 2024-10-22 12:32:41 +02:00
Kabbone
c3df4c714e
flake update 2024-10-21 15:28:32 +02:00
Kabbone
82a880286d
services: vault: specify postgresql auth 2024-10-21 15:09:52 +02:00
Kabbone
c57a18e787
services: vault: specify postgresql auth 2024-10-21 14:45:39 +02:00
Kabbone
000cb57e65
services: vault: postgresql: add missing user 2024-10-21 14:39:49 +02:00
Kabbone
b8d14243f9
services: vault: postgresql: add missing user 2024-10-21 14:36:28 +02:00
Kabbone
fcbae86056
services: vault: set virtual host 2024-10-21 14:28:12 +02:00
Kabbone
ff1bdbe8ff
services: vault: remove backupdir 2024-10-21 14:24:13 +02:00
Kabbone
1bf18208d9
services: enable vault 2024-10-21 14:11:56 +02:00
Kabbone
431d9cd4a9
services: vault poc 2024-10-21 14:07:47 +02:00
Kabbone
8eb9b3952a
services: vault poc 2024-10-21 12:17:54 +02:00
Kabbone
419d2e8cd7
flake update 2024-10-20 11:05:34 +02:00
Kabbone
5c4e09f773
backup: fix timers after boot, prepare steamdeck 2024-10-20 11:00:40 +02:00
Kabbone
2e4f1d5dfa
backup: run bak only after network 2024-10-19 08:51:01 +02:00
Kabbone
3bef5b8830
backup: run bak only after network 2024-10-19 08:47:31 +02:00
Kabbone
c59f1165be
backup: minor fixups 2024-10-19 08:43:49 +02:00
Kabbone
3adb782cba
flake update 2024-10-18 17:48:50 +02:00
Kabbone
17816805d2
apps: add maliit framework 2024-10-15 18:56:15 +02:00
Kabbone
ff0ff7fb2c
add lifebook to backup 2024-10-14 20:18:48 +02:00
Kabbone
d9a20013b9
add lifebook to backup 2024-10-14 20:08:16 +02:00
Kabbone
032ebaa2a4
fix hades backup archive 2024-10-14 19:53:29 +02:00
Kabbone
6dbe100036
add buffer to btrbk 2024-10-14 17:46:26 +02:00
Kabbone
f0768984c6
add hades home to backup 2024-10-14 12:43:53 +02:00
Kabbone
2b4769cae6
setup backup pipeline 2024-10-14 12:17:17 +02:00
Kabbone
fb7688baf3
desktop: disable global catppuccin 2024-10-14 12:16:47 +02:00
Kabbone
92d6ff4898
flake.lock: Update 
Flake lock file updates:

• Updated input 'catppuccin':
    'github:catppuccin/nix/bad96d3fabf8d2e8f0bf0c2cb899a9fccf01ea03' (2024-10-02)
  → 'github:catppuccin/nix/96cf8b4a05fb23a53c027621b1147b5cf9e5439f' (2024-10-08)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/509dbf8d45606b618e9ec3bbe4e936b7c5bc6c1e' (2024-10-04)
  → 'github:nix-community/home-manager/d47d33254fbf4fdbdee9f1f14095f689662e479d' (2024-10-10)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/cb63dc934ba512b2d56d89b94c5da7894f6a7809' (2024-10-04)
  → 'github:Jovian-Experiments/Jovian-NixOS/a25f915ec05196d15e3f7f8555ffb612d4f1045d' (2024-10-08)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/e2365a1d8dccdcf4bca5111672e80df67d90957d' (2024-10-01)
  → 'github:nix-community/lanzaboote/0bc127c631999c9555cae2b0cdad2128ff058259' (2024-10-06)
• Updated input 'microvm':
    'github:astro/microvm.nix/e832ffc16b09b1b5c7c1224532d03ed3ce68afd0' (2024-10-02)
  → 'github:astro/microvm.nix/470537e671d743f40812b9c071a4130eabdb3deb' (2024-10-08)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/b7ca02c7565fbf6d27ff20dd6dbd49c5b82eef28' (2024-10-04)
  → 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/5966581aa04be7eff830b9e1457d56dc70a0b798' (2024-10-02)
  → 'github:NixOS/nixpkgs/d51c28603def282a24fa034bcb007e2bcb5b5dd0' (2024-10-09)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/bc947f541ae55e999ffdb4013441347d83b00feb' (2024-10-04)
  → 'github:nixos/nixpkgs/5633bcff0c6162b9e4b5f1264264611e950c8ec7' (2024-10-09)
 2024-10-10 21:01:48 +02:00
Kabbone
da9db371af
server: hydra: allowed-uris 2024-10-06 10:10:05 +02:00
Kabbone
c8b8305146
server: services: onlyoffice changes 2024-10-05 12:16:13 +02:00
Kabbone
57f56146d2
hydra: allowUris 2024-10-05 11:26:22 +02:00
Kabbone
272971cefd
flake update 2024-10-05 10:32:14 +02:00
Kabbone
3505e611c1
desktop: enable catppuccin module 2024-10-05 10:32:00 +02:00
Kabbone
fd09e597c1
server: services: onlyoffice changes 2024-10-05 10:31:29 +02:00
Kabbone
255c8ca4d0
prototype fuji 2024-10-05 10:30:57 +02:00
Kabbone
dd79f25336
fix themes 2024-09-30 20:59:37 +02:00
Kabbone
929fa949b2
flake update 2024-09-30 20:57:48 +02:00
Kabbone
fd5bd6a88d
flake update 2024-09-23 20:23:51 +02:00
Kabbone
6a34b81910
home: add gimp and freecad 2024-09-14 15:03:30 +02:00
Kabbone
8d27f5e73d
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/be47a2bdf278c57c2d05e747a13ed31cef54a037' (2024-09-09)
  → 'github:nix-community/home-manager/6c1a461a444e6ccb3f3e42bb627b510c3a722a57' (2024-09-14)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/2d050e65a71e02a1f19d1a35c086bd2e3dfb2cdb' (2024-09-06)
  → 'github:Jovian-Experiments/Jovian-NixOS/02cf60ce20b6034fc0459e5116cec7016aaff6e4' (2024-09-12)
• Updated input 'microvm':
    'github:astro/microvm.nix/caac7808d1e31f8a0fa408338cd3736947cb226d' (2024-09-06)
  → 'github:astro/microvm.nix/af604aa08ac9a4ae585beaf1a3482897a27ab67e' (2024-09-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/aac7c50858a21636ddfd39831ccc221cf9d59827' (2024-09-09)
  → 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/68e7dce0a6532e876980764167ad158174402c6f' (2024-09-07)
  → 'github:NixOS/nixpkgs/e65aa8301ba4f0ab8cb98f944c14aa9da07394f8' (2024-09-11)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/574d1eac1c200690e27b8eb4e24887f8df7ac27c' (2024-09-06)
  → 'github:nixos/nixpkgs/4f807e8940284ad7925ebd0a0993d2a1791acb2f' (2024-09-11)
 2024-09-14 15:01:15 +02:00
Kabbone
d2abc23417
flake update allow olm 2024-09-09 16:43:34 +02:00
Kabbone
263d10dbdd
flake update corrections 2024-09-09 12:40:27 +02:00
Kabbone
406cb190e9
flake update 2024-09-09 12:05:20 +02:00
Kabbone
f4b8db1022
flake update 2024-08-30 22:32:39 +02:00
Kabbone
ea282c6237
lifebook: set suspend-then-hibernate with delaytime 1h 2024-08-25 22:47:35 +02:00
Kabbone
0f3a2e0e52
lifebook: fix s0 suspend 2024-08-25 20:15:26 +02:00
Kabbone
aaaa3f108f
hosts: nasbak: switch to systemd-networkd 2024-08-22 19:42:25 +02:00
Kabbone
0b566c81be
flake update 
switch jupiter to systemd-networkd
disable jitsi
 2024-08-22 19:08:19 +02:00
Kabbone
183a280402
hosts: kabtopci: some changes for hydra space 2024-08-16 14:56:56 +02:00
Kabbone
eae9aa6d62
flake update 2024-08-16 14:29:44 +02:00
Kabbone
5ddf51f572
wm: sway: rot8 invert y-Axis and disable keyboard 2024-08-11 21:17:25 +02:00
Kabbone
1787103cec
wm: sway: switch to rofi 
add rot8
 2024-08-11 19:44:14 +02:00
Kabbone
a6c6cb699a
hosts: small fixes on lifebook init config 2024-08-10 06:20:26 +02:00
Kabbone
d83a55d62d
flake update 
remove sound config due to update
fix hydraJobs after adding lifebook
 2024-08-10 06:20:23 +02:00
Kabbone
1405ee7eee
apps: install android-studio 2024-08-10 06:20:20 +02:00
Kabbone
66cdd05f41
sway: add german layout 2024-08-10 06:20:16 +02:00
Kabbone
b05a692b47
hosts: fixes for initial lifebook 
add lanzaboote lifebook
 2024-08-10 06:20:09 +02:00
Kabbone
e5db869b82
lifebook: smaller fixes 2024-07-17 21:17:50 +02:00
Kabbone
cb84afaaec
shell: add ssh-agent again 2024-07-15 21:31:44 +02:00
Kabbone
05b0762421
disko: add opt 2024-07-15 21:29:57 +02:00
Kabbone
0a1e17995f
rename laptop to nbf5 
add lifebook
 2024-07-15 21:24:50 +02:00
Kabbone
dba8ac1eb0
flake update 2024-07-14 14:19:34 +02:00
Kabbone
dce3035653
git: add cache 2024-07-14 14:14:43 +02:00
Kabbone
9f8e15d135
add git difftastic 2024-07-14 12:59:51 +02:00
Kabbone
d5f3aa3885
restructure common sshagent 
cleanups of commented out things
move non desktop to server config
 2024-07-14 12:06:47 +02:00
Kabbone
0a775adbdc
fix unstable with moving powerline to python311 2024-07-14 09:56:40 +02:00
Kabbone
8459516c95
add new wallpapers 2024-07-13 13:41:50 +02:00
Kabbone
d16898adf8
flake update 
comment out freecad because pyside is broken
set python311 to fix nose dependency in unstable
 2024-07-13 12:01:05 +02:00
Kabbone
d518e9ffe4
flake update and move all back to nixos-hardware master 2024-07-02 22:22:26 +02:00
Kabbone
4882bca4c9
flake update 2024-07-02 18:29:13 +02:00
Kabbone
3cb4ae7c50
apps: install ausweisapp 2024-06-29 07:20:28 +02:00
Kabbone
904e5a88c6
hosts: steamdeck: update to plasma6 change defaultSession 2024-06-22 11:46:35 +02:00
Kabbone
430858fb11
hosts: steamdeck: update to plasma6 typo 2024-06-22 09:15:32 +02:00
Kabbone
4fec51506d
hosts: steamdeck: update to plasma6 2024-06-22 08:57:56 +02:00
Kabbone
1a76923e77
flake: fix commit for nixos-hardware and remove from steamdeck 2024-06-21 23:40:53 +02:00
Kabbone
19487f6b79
hosts: steamdeck: rename for nixpkgs option updates 2024-06-21 23:15:02 +02:00
Kabbone
daee0533d5
flake.lock: Update 
Flake lock file updates:

• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
  → 'github:Jovian-Experiments/Jovian-NixOS/a7a9774538612c75324f785ab1300e67abc039d3' (2024-06-21)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
  → 'github:NixOS/nixos-hardware/cc634b69c8312c4e88469d3c7e8fb5ecc72e7dc6' (2024-06-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
  → 'github:NixOS/nixpkgs/dd457de7e08c6d06789b1f5b88fc9327f4d96309' (2024-06-19)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
  → 'github:nixos/nixpkgs/d603719ec6e294f034936c0d0dc06f689d91b6c3' (2024-06-20)
 2024-06-21 20:43:44 +02:00
Kabbone
3484124ab4
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
  → 'github:nix-community/home-manager/d7830d05421d0ced83a0f007900898bdcaf2a2ca' (2024-06-19)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
  → 'github:Jovian-Experiments/Jovian-NixOS/d723a7e3962d683acdcd5658b351fdefe16bf04f' (2024-06-18)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
  → 'github:nix-community/lanzaboote/6fa7bc0522f71d3906a3788bbd80c344cd9c4523' (2024-06-19)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
  → 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
  → 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
  → 'github:nixos/nixpkgs/c00d587b1a1afbf200b1d8f0b0e4ba9deb1c7f0e' (2024-06-18)
 2024-06-20 18:59:21 +02:00
Kabbone
c89ea890d1
hosts: add hydra cache to all 
fix kabtop defintion (missing ;)
remove scsi power option on jupiter vm
 2024-06-17 20:47:42 +02:00
Kabbone
9b22d5c1ba
flake: add hydraJobs 2024-06-17 20:31:44 +02:00
Kabbone
801468970b
flake: add hydraJobs 2024-06-17 20:02:41 +02:00
Kabbone
f30860cb34
hosts: hades: move to 2.5 Nic and change name to hostname 2024-06-17 17:56:41 +02:00
Kabbone
d754a5b1d5
flake.lock: Update 
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04)
  → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
  → 'github:nix-community/home-manager/0a7ffb28e5df5844d0e8039c9833d7075cdee792' (2024-06-16)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
  → 'github:Jovian-Experiments/Jovian-NixOS/f02a01aab60c68b7898043c2e7f5bc97c93fb07b' (2024-06-15)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
  → 'github:nix-community/lanzaboote/93dd69a5b683deb8ab7d6dbb91771a2487745e8c' (2024-06-17)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
  → 'github:ipetkov/crane/0095fd8ea00ae0a9e6014f39c375e40c2fbd3386' (2024-06-15)
• Updated input 'lanzaboote/rust-overlay':
    'github:oxalica/rust-overlay/6dc3e45fe4aee36efeed24d64fc68b1f989d5465' (2024-06-08)
  → 'github:oxalica/rust-overlay/0043c3f92304823cc2c0a4354b0feaa61dfb4cd9' (2024-06-16)
• Updated input 'microvm':
    'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
  → 'github:astro/microvm.nix/b11f00056e11a802809935b0675176a2429593d9' (2024-06-15)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
  → 'github:NixOS/nixos-hardware/cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06' (2024-06-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
  → 'github:NixOS/nixpkgs/752c634c09ceb50c45e751f8791cb45cb3d46c9e' (2024-06-15)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
  → 'github:nixos/nixpkgs/e9ee548d90ff586a6471b4ae80ae9cfcbceb3420' (2024-06-13)
 2024-06-17 17:55:45 +02:00
Kabbone
8352d5c0ba
flake.lock: Update 
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
  → 'github:ryantm/agenix/3a56735779db467538fb2e577eda28a9daacaca6' (2024-06-14)
• Updated input 'home-manager-unstable':
    'github:nix-community/home-manager/3d65009effd77cb0d6e7520b68b039836a7606cf' (2024-06-09)
  → 'github:nix-community/home-manager/8d5e27b4807d25308dfe369d5a923d87e7dbfda3' (2024-06-13)
• Updated input 'jovian-nixos':
    'github:Jovian-Experiments/Jovian-NixOS/f27db3a9a8c21a65c1ef50cacca3ef2bfff04cb9' (2024-06-11)
  → 'github:Jovian-Experiments/Jovian-NixOS/326c1ab2b816f520d298b7a4319a0b50cde01c48' (2024-06-12)
• Updated input 'lanzaboote':
    'github:nix-community/lanzaboote/56ed078dc92baf72813d55dcfe399715a632bc41' (2024-06-09)
  → 'github:nix-community/lanzaboote/7cb05fab896bd542c0ca4260d74d9d664cd7b56e' (2024-06-12)
• Updated input 'lanzaboote/crane':
    'github:ipetkov/crane/55e7754ec31dac78980c8be45f8a28e80e370946' (2024-06-04)
  → 'github:ipetkov/crane/a3f0c63eed74a516298932b9b1627dd80b9c3892' (2024-06-11)
• Updated input 'microvm':
    'github:astro/microvm.nix/e3a4dd5b381fb580804105594cc9c71dc45abdb5' (2024-06-03)
  → 'github:astro/microvm.nix/02a1fe9237a6539ff83d15443d328e4b0b49a117' (2024-06-12)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/58b52b0dd191af70f538c707c66c682331cfdffc' (2024-06-10)
  → 'github:NixOS/nixos-hardware/ae5c8dcc4d0182d07d75df2dc97112de822cb9d6' (2024-06-14)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/47b604b07d1e8146d5398b42d3306fdebd343986' (2024-06-11)
  → 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
• Updated input 'nixpkgs-unstable':
    'github:nixos/nixpkgs/c7b821ba2e1e635ba5a76d299af62821cbcb09f3' (2024-06-09)
  → 'github:nixos/nixpkgs/57d6973abba7ea108bac64ae7629e7431e0199b6' (2024-06-12)
 2024-06-14 17:23:57 +02:00
Kabbone
0cc0c7003a
flake update 2024-06-11 21:50:11 +02:00
Kabbone
939f5d9433
hydra: change hydraCache URL 2024-06-11 19:54:49 +02:00
Kabbone
2cab296188
hosts: kabtop: remove hardware module 2024-06-11 17:56:04 +02:00
Kabbone
9751a6bf52
secrets: rekey 2024-06-11 17:55:44 +02:00
Kabbone
5c7d579c44
hosts: kabtopci: fix path and add mount script 2024-06-11 17:14:24 +02:00
Kabbone
998c9aa54d
hosts: small fixes on kabtopci prototype 2024-06-09 15:40:51 +02:00
Kabbone
8c59339b50
hosts: small fixes on kabtopci prototype 2024-06-09 15:17:55 +02:00
Kabbone
8617ddbd3a
hosts: add kabtopci prototype 2024-06-09 11:01:05 +02:00
Kabbone
b4c7b1762b
hydra: fix jobs 2024-06-08 19:32:33 +02:00
Kabbone
a119ae47f0
server: services: nextcloud add maintenance window 2024-06-08 16:04:00 +02:00
Kabbone
60118fc7f7
server: services: update mautrix-signal 2024-06-08 15:47:37 +02:00
Kabbone
64a5c3e34f
server: services: update mautrix-signal 2024-06-08 15:43:47 +02:00
Kabbone
a5886eb6d0
server: services: nextcloud: rework for new structure 2024-06-08 14:48:57 +02:00
Kabbone
ca8c0c8a17
services: hydra: add allowed uris 2024-06-08 14:47:20 +02:00
Kabbone
1d4a80ff86
hosts: laptop: hardware: intel-cpu already imports gpu 2024-06-08 14:30:43 +02:00
Kabbone
e32635ebb7
flake update 2024-06-08 14:07:29 +02:00
Kabbone
964379114f
hosts: correct avahi 2024-06-04 21:11:04 +02:00
Kabbone
6b5f86c9ab
dmz: services: nginx: add recommendedSettings and fix Hydra 2024-06-04 21:06:44 +02:00
Kabbone
d7c142e2ab
apps: alacritty: remove offset 2024-06-04 19:42:43 +02:00
Kabbone
90201b355c
hydra: add desktop job 2024-06-04 19:01:29 +02:00
Kabbone
2ee496c5e9
hydra: add desktop job 2024-06-03 21:35:31 +02:00
Kabbone
a901a661f9
services: hydraCache: add substituter and remove rocm from steamdeck 2024-06-03 21:29:23 +02:00
Kabbone
3500f3d3a8
flake update with code adjustments 2024-06-03 20:24:22 +02:00
Kabbone
7fe7eeabf9
apps: desktop: add orca-slicer 2024-06-03 18:31:33 +02:00
Kabbone
b952606f1f
flake remove nixvim and update to 24.05 2024-06-03 18:31:00 +02:00
Kabbone
2e7b1499cb
services: hydraCache: typo 2024-06-02 21:32:33 +02:00
Kabbone
8b07092084
services: hydraCache: update address 2024-06-02 21:30:27 +02:00
Kabbone
c8b76b289a
hosts: dmz: acme: use quad9 2024-06-02 18:36:56 +02:00
Kabbone
54aeb48839
hosts: dmz: acme: increase propagation timeout, use wildcard 2024-06-02 12:27:03 +02:00
Kabbone
5824207566
hosts: dmz: acme: increase propagation timeout 2024-05-31 21:40:26 +02:00
Kabbone
9d795ae38e
hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:56:09 +02:00
Kabbone
2b30c68a54
hosts: dmz: nix-serve: add reverse proxy 2024-05-31 20:42:16 +02:00
Kabbone
cb7412e749
hosts: dmz: acme: set timeouts 2024-05-31 20:02:54 +02:00
Kabbone
e8f6f4e96f
services: hydra: fix reverse proxy and firewall 2024-05-31 19:46:43 +02:00
Kabbone
40fdd49224
services: hydra: create acme and reverse proxy -- fix api 2024-05-31 18:31:12 +02:00
Kabbone
b1cf3d2399
services: hydra: create acme and reverse proxy -- fix path and api 2024-05-31 18:27:51 +02:00
Kabbone
01091ff377
services: hydra: create acme and reverse proxy 2024-05-31 18:07:39 +02:00
Kabbone
b20dc93d47
hosts: desktops: disable auto upgrade 2024-05-29 10:01:06 +02:00
Kabbone
fa914bce1d
test hydra jobs 
test hydra jobs

test hydra jobs

test hydra jobs

test hydra jobs

hydra add signing key

flake restructure

secrets: rekey

secrets: rekey

hydra fix key path

hydra fix key path

services: hydra: typo in nix.conf
 2024-05-29 09:58:44 +02:00
Kabbone
9f9d8e3a3b
flake update 2024-05-26 09:30:09 +02:00
Kabbone
e02e66a4bb
hosts: steamdeck: add hydraCache 2024-05-26 09:14:01 +02:00
97 changed files with 2265 additions and 1066 deletions
Show Stats Expand all files Collapse all files

4
disko/btrfs_luks.nix
View File

@ -47,6 +47,10 @@
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
}; };
"@opt" = {
mountpoint = "/opt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];
};
"@snapshots" = { "@snapshots" = {
mountpoint = "/mnt"; mountpoint = "/mnt";
mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ]; mountOptions = [ "compress=zstd" "noatime" "ssd" "discard=async" ];

11
disko/mount.sh Normal file
View File

@ -0,0 +1,11 @@
#!/usr/bin/env bash
disk="/dev/vda"
mountpoint="/mnt"
mount $disk $mountpoint -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@
mount $disk $mountpoint/home -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@home
mount $disk $mountpoint/var -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@var
mount $disk $mountpoint/srv -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@srv
mount $disk $mountpoint/nix -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@nix
mount $disk $mountpoint/swap -o compress=zstd,noatime,ssd,space_cache=v2,subvol=@swap

447
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1715290355, "lastModified": 1736955230,
"narHash": "sha256-2T7CHTqBXJJ3ZC6R/4TXTcKoXWHcvubKNj9SfomURnw=", "narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8d37c5bdeade12b6479c85acd133063ab53187a0", "rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -24,18 +24,12 @@
} }
}, },
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1711299236, "lastModified": 1741148495,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=", "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "880573f80d09e18a11713f402b9e6172a085449f", "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -66,66 +60,14 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1733328505,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -142,11 +84,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709336216, "lastModified": 1740872218,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -155,88 +97,16 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1731533236,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -267,28 +137,6 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": {
"inputs": {
"nixpkgs": [
"nixvim",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -317,11 +165,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1715930644, "lastModified": 1741701235,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=", "narHash": "sha256-gBlb8R9gnjUAT5XabJeel3C2iEUiBHx3+91651y3Sqo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d", "rev": "c630dfa8abcc65984cc1e47fb25d4552c81dd37e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -337,48 +185,27 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1715381426, "lastModified": 1739757849,
"narHash": "sha256-wPuqrAQGdv3ISs74nJfGb+Yprm23U/rFpcHFFNWgM94=", "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ab5542e9dbd13d0100f8baae2bc2d68af901f4b4", "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1708968331, "lastModified": 1737831083,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -395,11 +222,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716107076, "lastModified": 1741673443,
"narHash": "sha256-aB15oIMUv6N/UFsLHzgcGRUvU4YfOjE3gEirIP/k82s=", "narHash": "sha256-GsiWbJqN87Y+8BQl55O/Tlr5syhLzt8kUAPJ7kWMgSA=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "e8de93b7b4c384650977a20c1f192e23c6e7a12f", "rev": "8c44f7f637f85a60cec8affb5ce1a75549c010f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -413,7 +240,6 @@
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -421,11 +247,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1713369831, "lastModified": 1741442524,
"narHash": "sha256-G4OGxvlIIjphpkxcRAkf1QInYsAeqbfNh6Yl1JLy2uM=", "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "850f27322239f8cfa56b122cc9a278ab99a49015", "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -437,18 +263,18 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1715787097, "lastModified": 1741275356,
"narHash": "sha256-TPp2j0ttvBvkk4oXidvo8Y071zEab0BtcNsC3ZEkluI=", "narHash": "sha256-VMeqnLv2O6Lg3/pka1tUzzbOjSmEb6RQOp9OuJRcx0A=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "fa673bf8656fe6f28253b83971a36999bc9995d2", "rev": "5e1b3dba5b52405dab79412392b9c799d49bd8c0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -457,27 +283,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715901937,
"narHash": "sha256-eMyvWP56ZOdraC2IOvZo0/RTDcrrsqJ0oJWDC76JTak=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "ffc01182f90118119930bdfc528c1ee9a39ecef8",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-github-actions": { "nix-github-actions": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -486,11 +291,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690328911, "lastModified": 1729697500,
"narHash": "sha256-fxtExYk+aGf2YbjeWQ8JY9/n9dwuEt+ma1eUFzF8Jeo=", "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "nix-github-actions", "repo": "nix-github-actions",
"rev": "96df4a39c52f53cb7098b923224d8ce941b64747", "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -502,11 +307,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1716034089, "lastModified": 1741325094,
"narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=", "narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "b55712de78725c8fcde422ee0a0fe682046e73c3", "rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -518,43 +323,27 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1716061101, "lastModified": 1741600792,
"narHash": "sha256-H0eCta7ahEgloGIwE/ihkyGstOGu+kQwAiHvwVoXaA0=", "narHash": "sha256-yfDy6chHcM7pXpMF4wycuuV+ILSTG486Z/vLx/Bdi6Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e7cc61784ddf51c81487637b3031a6dd2d6673a2", "rev": "ebe2788eafd539477f83775ef93c3c7e244421d3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1715961556, "lastModified": 1741513245,
"narHash": "sha256-+NpbZRCRisUHKQJZF3CT+xn14ZZQO+KjxIIanH3Pvn4=", "narHash": "sha256-7rTAMNTY1xoBwz0h7ZMtEcd8LELk9R5TzBPoHuhNSCk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4a6b83b05df1a8bd7d99095ec4b4d271f2956b64", "rev": "e3e32b642a31e6714ec1b712de8c91a3352ce7e1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -564,84 +353,24 @@
"type": "github" "type": "github"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs-unstable"
],
"pre-commit-hooks": "pre-commit-hooks",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1716125991,
"narHash": "sha256-PmB9vmp383foiVi64RawbnkC+6SiYiWUjdzw2xgl3eM=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "88ade1dfaa017499326103a078c66dd5d4d0606e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715870890,
"narHash": "sha256-nacSOeXtUEM77Gn0G4bTdEOeFIrkCBXiyyFZtdGwuH0=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "fa606cccd7b0ccebe2880051208e4a0f61bfc8c1",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
"lanzaboote", "lanzaboote",
"flake-compat" "flake-compat"
], ],
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
], ]
"nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1710923068, "lastModified": 1740915799,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=", "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673", "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -661,27 +390,22 @@
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable"
"nixvim": "nixvim"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1711246447, "lastModified": 1741228283,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=", "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4", "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -693,11 +417,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1708358594, "lastModified": 1733308308,
"narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", "narHash": "sha256-+RcbMAjSxV1wW5UpS9abIG1lFZC8bITPiFIKNnE7RLs=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", "rev": "80c9e9830d460c944c8f730065f18bb733bc7ee2",
"revCount": 614, "revCount": 792,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@ -735,57 +459,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

54
flake.nix
View File

@ -12,7 +12,7 @@
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = # All flake references used to build my NixOS setup. These are dependencies.
{ {
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = { microvm = {
@ -23,7 +23,7 @@
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-24.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -38,37 +38,37 @@
}; };
jovian-nixos = { jovian-nixos = {
url = "github:Jovian-Experiments/Jovian-NixOS"; url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/master"; url = "github:nix-community/lanzaboote/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: # Function that tells my flake which to use and what do what to do with the dependencies.
let # Variables that can be used in the config files rec {
user = "kabbone"; nixosConfigurations = ( # NixOS configurations
userdmz = "diablo"; import ./hosts { # Imports ./hosts/default.nix
userserver = "mephisto"; inherit (nixpkgs) lib;
location = "$HOME/.setup"; inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable agenix jovian-nixos microvm impermanence lanzaboote; # Also inherit home-manager so it does not need to be defined here.
in # Use above variables in ... nix.allowedUsers = [ "@wheel" ];
{ security.sudo.execWheelOnly = true;
nixosConfigurations = ( # NixOS configurations }
import ./hosts { # Imports ./hosts/default.nix );
inherit (nixpkgs) lib; hydraJobs = {
inherit inputs nixpkgs nixpkgs-unstable nixos-hardware home-manager home-manager-unstable user userdmz userserver location agenix jovian-nixos microvm impermanence lanzaboote nixvim; # Also inherit home-manager so it does not need to be defined here. "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
nix.allowedUsers = [ "@wheel" ]; "hades" = nixosConfigurations.hades.config.system.build.toplevel;
security.sudo.execWheelOnly = true; "nasbak" = nixosConfigurations.nasbak.config.system.build.toplevel;
} "jupiter" = nixosConfigurations.jupiter.config.system.build.toplevel;
); "lifebook" = nixosConfigurations.lifebook.config.system.build.toplevel;
"kabtop" = nixosConfigurations.kabtop.config.system.build.toplevel;
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
};
}; };
} }

67
hosts/configuration_desktop.nix
View File

@ -10,7 +10,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, pkgs-stable, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
@ -58,12 +58,12 @@
# }; # };
}; };
sound = { # ALSA sound enable #sound = { # ALSA sound enable
#enable = true; ## #enable = true;
mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true; # mediaKeys = { # Keyboard Media Keys (for minimal desktop) enable = true;
enable = true; # enable = true;
}; # };
}; #};
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
@ -74,11 +74,6 @@
corefonts # MS corefonts # MS
intel-one-mono intel-one-mono
cascadia-code cascadia-code
(nerdfonts.override { # Nerdfont Icons override
fonts = [
"FiraCode"
];
})
]; ];
environment = { environment = {
@ -88,13 +83,14 @@
VISUAL = "nvim"; VISUAL = "nvim";
BROWSER = "firefox"; BROWSER = "firefox";
}; };
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = (with pkgs; [ # Default packages install system-wide
vim vim
git git
killall killall
pciutils pciutils
usbutils usbutils
wget wget
file
powertop powertop
cpufrequtils cpufrequtils
lm_sensors lm_sensors
@ -108,15 +104,24 @@
age-plugin-yubikey age-plugin-yubikey
pwgen pwgen
cryptsetup cryptsetup
powerline python311Packages.powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv direnv
linuxPackages_latest.cpupower linuxPackages_latest.cpupower
linuxPackages_latest.turbostat
btop btop
sbctl sbctl
]; ausweisapp
e2fsprogs
]);
##++
#(with pkgs-stable; [
# orca-slicer
#]);
}; };
services = { services = {
@ -131,28 +136,18 @@
}; };
openssh = { # SSH: secure shell (remote connection to shell of server) openssh = { # SSH: secure shell (remote connection to shell of server)
enable = true; # local: $ ssh <user>@<ip> enable = true; # local: $ ssh <user>@<ip>
# public: settings = {
# - port forward 22 TCP to server PasswordAuthentication = false;
# - in case you want to use the domain name insted of the ip: PermitRootLogin = "no";
# - for me, via cloudflare, create an A record with name "ssh" to the correct ip without proxy };
# - connect via ssh <user>@<ip or ssh.domain>
# generating a key:
# - $ ssh-keygen | ssh-copy-id <ip/domain> | ssh-add
# - if ssh-add does not work: $ eval `ssh-agent -s`
# allowSFTP = true; # SFTP: secure file transfer protocol (send file to server)
# connect: $ sftp <user>@<ip/domain>
# commands:
# - lpwd & pwd = print (local) parent working directory
# - put/get <filename> = send or receive file
# extraConfig = '' # extraConfig = ''
# HostKeyAlgorithms +ssh-rsa # HostKeyAlgorithms +ssh-rsa
# ''; # Temporary extra config so ssh will work in guacamole # ''; # Temporary extra config so ssh will work in guacamole
settings.PasswordAuthentication = false;
}; };
pcscd.enable = true; pcscd.enable = true;
yubikey-agent.enable = true; yubikey-agent.enable = true;
udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ]; udev.packages = [ pkgs.yubikey-personalization pkgs.nitrokey-udev-rules ];
#flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up flatpak.enable = true; # download flatpak file from website - sudo flatpak install <path> - reboot if not showing up
# sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused # sudo flatpak uninstall --delete-data <app-id> (> flatpak list --app) - flatpak uninstall --unused
# List: # List:
# com.obsproject.Studio # com.obsproject.Studio
@ -162,6 +157,16 @@
fwupd.enable = true; fwupd.enable = true;
}; };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
};
};
#xdg.portal = { # Required for flatpak #xdg.portal = { # Required for flatpak
# enable = true; # enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; # extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
@ -185,7 +190,7 @@
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update
enable = true; enable = false;
flake = "git+https://git.kabtop.de/Kabbone/nixos-config"; flake = "git+https://git.kabtop.de/Kabbone/nixos-config";
randomizedDelaySec = "5m"; randomizedDelaySec = "5m";
allowReboot = true; allowReboot = true;

28
hosts/configuration_server.nix
View File

@ -13,8 +13,6 @@
{ config, lib, pkgs, inputs, user, location, agenix, ... }: { config, lib, pkgs, inputs, user, location, agenix, ... }:
{ {
imports = # Import window or display manager. imports = # Import window or display manager.
[ [
#../modules/editors/nvim # ! Comment this out on first install ! #../modules/editors/nvim # ! Comment this out on first install !
@ -49,24 +47,22 @@
keyMap = "us"; # or us/azerty/etc keyMap = "us"; # or us/azerty/etc
}; };
security.rtkit.enable = true; security = {
security.pki.certificateFiles = [ rtkit.enable = true;
pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
]; ];
};
fonts.packages = with pkgs; [ # Fonts fonts.packages = with pkgs; [ # Fonts
carlito # NixOS carlito # NixOS
vegur # NixOS vegur # NixOS
source-code-pro source-code-pro
cascadia-code
font-awesome # Icons font-awesome # Icons
hack-font hack-font
corefonts # MS corefonts # MS
(nerdfonts.override { # Nerdfont Icons override intel-one-mono
fonts = [ cascadia-code
"FiraCode"
];
})
]; ];
environment = { environment = {
@ -74,6 +70,7 @@
TERMINAL = "alacritty"; TERMINAL = "alacritty";
EDITOR = "nvim"; EDITOR = "nvim";
VISUAL = "nvim"; VISUAL = "nvim";
BROWSER = "firefox";
}; };
systemPackages = with pkgs; [ # Default packages install system-wide systemPackages = with pkgs; [ # Default packages install system-wide
vim vim
@ -90,13 +87,15 @@
agenix.packages.x86_64-linux.default agenix.packages.x86_64-linux.default
ffmpeg ffmpeg
smartmontools smartmontools
powerline cryptsetup
python311Packages.powerline
powerline-fonts powerline-fonts
powerline-symbols powerline-symbols
tree tree
direnv
linuxPackages_latest.cpupower
btop btop
htop htop
direnv
]; ];
}; };
@ -132,6 +131,9 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
];
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update

97
hosts/default.nix
View File

@ -11,9 +11,14 @@
# └─ ./home.nix # └─ ./home.nix
# #
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, user, userdmz, userserver, location, agenix, jovian-nixos, microvm, impermanence, lanzaboote, nixvim, ... }: { lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
let let
user = "kabbone";
userdmz = "diablo";
userserver = "mephisto";
location = "$HOME/.setup";
system = "x86_64-linux"; # System architecture system = "x86_64-linux"; # System architecture
pkgs = import nixpkgs { pkgs = import nixpkgs {
@ -21,21 +26,31 @@ let
config.allowUnfree = true; # Allow proprietary software config.allowUnfree = true; # Allow proprietary software
}; };
pkgs-unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true; # Allow proprietary software
};
pkgs-stable = import nixpkgs {
inherit system;
config.allowUnfree = true; # Allow proprietary software
};
lib = nixpkgs.lib; lib = nixpkgs.lib;
users.defaultShell = "pkgs.zsh"; users.defaultShell = "pkgs.zsh";
in in
{ {
desktop = lib.nixosSystem { # Desktop profile hades = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote nixvim; }; specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix microvm nixpkgs lanzaboote; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
#nixvim.nixosModules.nixvim
./desktop ./desktop
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/hydraCache.nix
../modules/hardware/remoteBuilder.nix ../modules/hardware/remoteBuilder.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd nixos-hardware.nixosModules.common-gpu-amd
@ -53,16 +68,16 @@ in
]; ];
}; };
laptop = lib.nixosSystem { # Laptop profile lifebook = lib.nixosSystem { # Laptop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; }; specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix lanzaboote; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./laptop lanzaboote.nixosModules.lanzaboote
./lifebook
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-gpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {
@ -70,7 +85,29 @@ in
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; }; home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = { home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./laptop/home.nix)]; imports = [(import ./home.nix)] ++ [(import ./lifebook/home.nix)];
};
}
];
};
nbf5 = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix; };
modules = [
agenix.nixosModules.default
./nbf5
./configuration_desktop.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home.nix)] ++ [(import ./nbf5/home.nix)];
}; };
} }
]; ];
@ -78,17 +115,14 @@ in
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; }; specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
jovian-nixos.nixosModules.default jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
./steamdeck ./steamdeck
./configuration_desktop.nix ./configuration_desktop.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
home-manager-unstable.nixosModules.home-manager { home-manager-unstable.nixosModules.home-manager {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
@ -109,6 +143,7 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./server ./server
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -131,6 +166,7 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./kabtop ./kabtop
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-amd nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -151,8 +187,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./nasbackup ./nasbackup
./configuration_desktop.nix ./configuration_server.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -173,8 +209,8 @@ in
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
./jupiter ./jupiter
./configuration_desktop.nix ./configuration_server.nix
../modules/hardware/remoteClient.nix ../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
@ -189,6 +225,28 @@ in
]; ];
}; };
kabtopci = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./kabtopci/home.nix)];
};
}
];
};
dmz = lib.nixosSystem { # Desktop profile dmz = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; };
@ -197,6 +255,7 @@ in
microvm.nixosModules.host microvm.nixosModules.host
./dmz ./dmz
./configuration_server.nix ./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-pc-ssd nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager { home-manager.nixosModules.home-manager {

46
hosts/desktop/default.nix
View File

@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, lib, nixvim, ... }: { config, nixpkgs, pkgs, user, lib, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
@ -53,41 +53,24 @@
# nitrokey.enable = true; # nitrokey.enable = true;
# }; # };
# environment = { environment = {
# systemPackages = with pkgs; [ systemPackages = with pkgs; [
## simple-scan linux-firmware
## intel-media-driver ];
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
printing = { # Printing and drivers for TS5300 avahi = { # Needed to find wireless printer
enable = true; enable = true;
drivers = [ pkgs.gutenprint ]; nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
}; };
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
hardware.openrgb = { hardware.openrgb = {
enable = true; enable = true;
motherboard = "amd"; motherboard = "amd";
@ -95,9 +78,4 @@
}; };
#temporary bluetooth fix
# systemd.tmpfiles.rules = [
# "d /var/lib/bluetooth 700 root root - -"
# ];
# systemd.targets."bluetooth".after = ["systemd-tmpfiles-setup.service"];
} }

72
hosts/desktop/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ]; boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" "nct6775" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false; boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
@ -34,6 +34,7 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@ -56,6 +57,40 @@
}; };
}; };
}; };
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@hades";
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
}; };
}; };
@ -119,24 +154,29 @@
useDHCP = false; # Deprecated useDHCP = false; # Deprecated
hostName = "hades"; hostName = "hades";
networkmanager = { networkmanager = {
enable = false; enable = true;
};
firewall = {
enable = true;
allowedUDPPorts = [ 24727 ];
allowedTCPPorts = [ 24727 ];
}; };
}; };
systemd.network = { # systemd.network = {
enable = true; # enable = true;
networks = { # networks = {
"10-lan" = { # "10-lan" = {
matchConfig.Name = "enp34s0"; # matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ]; # ntp = [ "192.168.2.1" ];
domains = [ "home.opel-online.de" ]; # domains = [ "home.opel-online.de" ];
networkConfig = { # networkConfig = {
DHCP = "yes"; # DHCP = "yes";
IPv6AcceptRA = true; # IPv6AcceptRA = true;
}; # };
}; # };
}; # };
}; # };
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true; #powerManagement.powertop.enable = true;

7
hosts/desktop/home.nix
View File

@ -31,12 +31,11 @@
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop element-desktop
nheko #nheko
pulsemixer pulsemixer
#yubioath-flutter #yubioath-flutter
nitrokey-app nitrokey-app
kicad kicad
yuzu-mainline
# Display # Display
#light # xorg.xbacklight not supported. Other option is just use xrandr. #light # xorg.xbacklight not supported. Other option is just use xrandr.
@ -47,10 +46,6 @@
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets services = { # Applets
blueman-applet.enable = true; # Bluetooth blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network network-manager-applet.enable = true; # Network

5
hosts/dmz/default.nix
View File

@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/dmz) ++ # Server Services (import ../../modules/services/dmz); # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@ -48,7 +47,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

7
hosts/dmz/hardware-configuration.nix
View File

@ -83,11 +83,14 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp6s18"; matchConfig.Name = "enp6s18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
domains = [ "home.opel-online.de" ]; #domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
}; };
dns = [
"192.168.101.1"
];
}; };
}; };
}; };
@ -97,7 +100,7 @@
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
allowedTCPPorts = [ ]; allowedTCPPorts = [ 80 443 ];
}; };
}; };

78
hosts/fuji/default.nix Normal file
View File

@ -0,0 +1,78 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, nixpkgs, pkgs, user, lib, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
# hardware = {
# nitrokey.enable = true;
# };
# environment = {
# systemPackages = with pkgs; [
## simple-scan
## intel-media-driver
## alacritty
# ];
# };
services = {
#auto-cpufreq.enable = true;
blueman.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
};
}

138
hosts/fuji/hardware-configuration.nix Normal file
View File

@ -0,0 +1,138 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
services.btrbk = {
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
};
};
fileSystems."/" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part2";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-id/nvme-ADATA_SX8200PNP_2J3320119186-part1";
fsType = "vfat";
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "fuji";
networkmanager = {
enable = false;
};
firewall = {
enable = true;
#allowedUDPPorts = [ 24727 ];
#allowedTCPPorts = [ 24727 ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "eno1";
ntp = [ "192.168.2.1" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
#powerManagement.powertop.enable = true;
powerManagement = {
scsiLinkPolicy = "med_power_with_dipm";
};
}

45
hosts/fuji/home.nix Normal file
View File

@ -0,0 +1,45 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
#../../modules/wm/kde/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
#nheko
pulsemixer
];
};
services = { # Applets
#blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

36
hosts/home.nix
View File

@ -15,10 +15,10 @@
# └─ default.nix # └─ default.nix
# #
{ config, lib, pkgs, user, ... }: { config, lib, pkgs, user, pkgs-stable, ... }:
{ {
imports = # Home Manager Modules imports =
(import ../modules/editors) ++ (import ../modules/editors) ++
(import ../modules/programs) ++ (import ../modules/programs) ++
(import ../modules/programs/configs) ++ (import ../modules/programs/configs) ++
@ -52,7 +52,6 @@
# VideAudio # VideAudio
mpv # Media Player mpv # Media Player
youtube-dl
# Apps # Apps
galculator galculator
@ -66,18 +65,18 @@
freecad freecad
# Fileanagement # Fileanagement
#okular # PDF viewer kdePackages.ark
#gnome.file-roller # Archive Manager
ark
pcmanfm # File Manager pcmanfm # File Manager
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/
unzip # Zip files unzip # Zip files
unrar # Rar files unrar # Rar files
papirus-icon-theme epapirus-icon-theme
arc-theme
# Genel configuration # General configuration
keepassxc keepassxc
libreoffice libreoffice
gimp
# Flatpak # Flatpak
prusa-slicer prusa-slicer
@ -90,25 +89,30 @@
#ms-python.python #ms-python.python
ms-vscode.cpptools ms-vscode.cpptools
dracula-theme.theme-dracula dracula-theme.theme-dracula
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
]; ];
}) })
sdkmanager
android-tools
]; ];
file.".config/wall".source = ../modules/themes/wall.jpg; file.".config/wall".source = ../modules/themes/wall.jpg;
file.".config/lockwall".source = ../modules/themes/lockwall.jpg; file.".config/lockwall".source = ../modules/themes/lockwall.jpg;
pointerCursor = { # This will set cursor systemwide so applications can not choose their own # pointerCursor = { # This will set cursor systemwide so applications can not choose their own
name = "Dracula-cursors"; # name = "Dracula-cursors";
package = pkgs.dracula-theme; # package = pkgs.dracula-theme;
size = 16; # size = 16;
gtk.enable = true; # gtk.enable = true;
}; # };
stateVersion = "23.05"; stateVersion = "23.05";
}; };
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
alacritty = {
settings.font.size = 11;
};
}; };

4
hosts/jupiter/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
@ -61,7 +61,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

44
hosts/jupiter/hardware-configuration.nix
View File

@ -50,6 +50,7 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@ -188,35 +189,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = { networking = {
hostName = "jupiter"; hostName = "jupiter";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
networkmanager = { useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];
@ -228,7 +218,7 @@
powerManagement = { powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave"; cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true; powertop.enable = true;
scsiLinkPolicy = "med_power_with_dipm"; #scsiLinkPolicy = "med_power_with_dipm";
powerUpCommands = '' powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088 ${pkgs.hdparm}/sbin/hdparm -S 150 /dev/disk/by-uuid/57e6446d-faca-4b67-9063-e8d9afb80088
''; '';

23
hosts/kabtop/default.nix
View File

@ -24,8 +24,7 @@
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker [(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server) ++ # Server Services (import ../../modules/services/server); # Server Services
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
@ -62,22 +61,22 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer #avahi = { # Needed to find wireless printer
enable = true; # enable = true;
nssmdns = true; # nssmdns = true;
publish = { # Needed for detecting the scanner # publish = { # Needed for detecting the scanner
enable = true; # enable = true;
addresses = true; # addresses = true;
userServices = true; # userServices = true;
}; # };
}; #};
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;

45
hosts/kabtop/hardware-configuration.nix
View File

@ -52,6 +52,7 @@
subvolume = { subvolume = {
"@" = {}; "@" = {};
"@home" = {}; "@home" = {};
"@var" = {};
}; };
}; };
}; };
@ -113,32 +114,36 @@
networkmanager = { networkmanager = {
enable = false; enable = false;
}; };
interfaces = {
ens18 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "37.44.215.182";
prefixLength = 24;
} ];
ipv6.addresses = [ {
address = "2a13:7e80:0:ef::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "37.44.215.1";
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPorts = [ ]; allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [ 80 443 ];
}; };
}; };
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "ens18";
address = [
"37.44.215.182/24"
"2a13:7e80:0:ef::2/64"
];
routes = [
{ Gateway = "37.44.215.1"; }
{ Gateway = "fe80::1"; }
];
dns = [
"9.9.9.9"
"2620:fe::fe"
];
};
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

45
hosts/kabtopci/default.nix Normal file
View File

@ -0,0 +1,45 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker
(import ../../modules/services/kabtopci); # Server Services
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1; # Grub auto select time
};
};
programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
};
}

108
hosts/kabtopci/hardware-configuration.nix Normal file
View File

@ -0,0 +1,108 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ "vfio_pci" "vfio" "vfio_iommu_type1" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = false;
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
services.btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd:9,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
swapDevices = [ ];
networking = {
useDHCP = false; # Deprecated
hostName = "kabtopci";
domain = "ci.kabtop.de";
networkmanager = {
enable = false;
};
interfaces = {
ens3 = {
useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
ipv4.addresses = [ {
address = "195.90.221.87";
prefixLength = 22;
} ];
ipv6.addresses = [ {
address = "2a00:6800:3:d5b::2";
prefixLength = 64;
} ];
};
};
defaultGateway = "195.90.220.1";
defaultGateway6 = {
address = "2a00:6800:3::1";
interface = "ens3";
};
nameservers = [ "9.9.9.9" "2620:fe::fe" ];
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
};
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

39
hosts/kabtopci/home.nix Normal file
View File

@ -0,0 +1,39 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
# Display
#light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
programs = {
alacritty.settings.font.size = 11;
};
}

81
hosts/lifebook/default.nix Normal file
View File

@ -0,0 +1,81 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
#
{ lib, config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
initrd.prepend = [ "${./patched-SSDT4}" ];
loader = { # EFI Boot
systemd-boot.enable = lib.mkForce false;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
hardware = {
nitrokey.enable = true;
};
environment = {
systemPackages = with pkgs; [
linux-firmware
intel-media-driver
];
};
programs = { # No xbacklight, this is the alterantive
light.enable = true;
};
systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true;
avahi = { # Needed to find wireless printer
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
enable = true;
addresses = true;
userServices = true;
};
};
#tailscale.enable = true;
};
}

224
hosts/lifebook/hardware-configuration.nix Normal file
View File

@ -0,0 +1,224 @@
#
# Hardware settings for Teclast F5 10" Laptop
# NixOS @ sda2
#
# flake.nix
# └─ ./hosts
# └─ ./laptop
# └─ hardware-configuration.nix *
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")] ++
[( import ../../modules/hardware/backup.nix )];
boot = {
initrd = {
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
kernelModules = [ "i915" "kvm_intel" "vfio_pci" "vfio" "vfio_iommu_type1" ];
systemd.enable = true;
luks = {
devices."crypted" = {
device = "/dev/disk/by-partlabel/disk-nvme0n1-luks";
allowDiscards = true;
bypassWorkqueues = true;
};
};
};
kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = ''
options i915 enable_guc=3
'';
tmp.useTmpfs = false;
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
services = {
btrfs.autoScrub = {
enable = true;
interval = "monthly";
fileSystems = [
"/"
];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
'';
btrbk = {
extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = {
hf = {
onCalendar = "hourly";
settings = {
incremental = "yes";
snapshot_create = "ondemand";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest";
volume = {
"/mnt/snapshots/root" = {
snapshot_create = "always";
subvolume = {
"@home" = {};
};
};
};
};
};
bak = {
onCalendar = "daily";
settings = {
stream_buffer = "256m";
stream_compress = "lz4";
incremental = "yes";
snapshot_create = "no";
snapshot_dir = "@snapshots";
timestamp_format = "long";
snapshot_preserve_min = "all";
target_preserve_min = "no";
target_preserve = "2m 4w 3d";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
ssh_user = "btrbk";
volume = {
"/mnt/snapshots/root" = {
subvolume = {
"@home" = {};
};
target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@lifebook";
};
};
};
};
};
};
};
systemd.timers = {
btrbk-bak = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
};
};
fileSystems."/" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@,discard=async" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
};
fileSystems."/home" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@home,discard=async" ];
};
fileSystems."/nix" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@nix,discard=async" ];
};
fileSystems."/srv" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@srv,discard=async" ];
};
fileSystems."/swap" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@swap,discard=async" ];
};
fileSystems."/opt" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@opt,discard=async" ];
};
fileSystems."/var" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvol=@var,discard=async" ];
};
fileSystems."/mnt/snapshots/root" =
{ device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "compress=zstd,space_cache=v2,ssd,noatime,subvolid=5,discard=async" ];
};
fileSystems."/mnt/Pluto" =
{ device = "jupiter:/Pluto";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
fileSystems."/mnt/Mars" =
{ device = "jupiter:/Mars";
fsType = "nfs";
options = [ "nofail,noauto,users,x-systemd.automount,x-systemd.device-timeout=10,soft,timeo=14,x-systemd.idle-timeout=1min,sec=sys,exec,nfsvers=4.2" ];
};
swapDevices = [ { device = "/swap/swapfile"; } ];
networking = {
useDHCP = false; # Deprecated
hostName = "lifebook";
wireless.iwd.enable = true;
networkmanager = {
enable = true;
wifi = {
backend = "iwd";
powersave = true;
};
};
# interfaces = {
# wlan0 = {
# useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# #ipv4.addresses = [ {
# # address = "192.168.0.51";
# # prefixLength = 24;
# #} ];
# };
# };
#defaultGateway = "192.168.0.1";
#nameservers = [ "192.168.0.4" ];
firewall = {
#checkReversePath = false;
enable = true;
allowedUDPPorts = [ 24727 51820 ];
allowedTCPPorts = [ 24727 ];
};
};
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement = {
powertop.enable = true;
};
}

53
hosts/lifebook/home.nix Normal file
View File

@ -0,0 +1,53 @@
#
# Home-manager configuration for laptop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix *
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix
#
{ pkgs, ... }:
{
imports =
[
#../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop
packages = with pkgs; [
# Applications
libreoffice # Office packages
#firefox
chromium
thunderbird
streamlink
streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools
pulsemixer
# Display
light # xorg.xbacklight not supported. Other option is just use xrandr.
# Power Management
#auto-cpufreq # Power management
#tlp # Power management
];
};
services = { # Applets
blueman-applet.enable = true; # Bluetooth
network-manager-applet.enable = true; # Network
};
xsession.preferStatusNotifierItems = true;
}

BIN
hosts/lifebook/patched-SSDT4 Executable file
View File

Binary file not shown.

2
hosts/nas/default.nix
View File

@ -53,7 +53,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };

4
hosts/nasbackup/default.nix
View File

@ -45,7 +45,7 @@
gnupg.agent = { gnupg.agent = {
enable = false; enable = false;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
@ -53,7 +53,7 @@
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

102
hosts/nasbackup/hardware-configuration.nix
View File

@ -51,7 +51,7 @@
}; };
services.btrbk = { services.btrbk = {
extraPackages = [ pkgs.lz4 ]; extraPackages = [ pkgs.lz4 pkgs.mbuffer ];
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
@ -78,6 +78,7 @@
bak = { bak = {
onCalendar = "weekly"; onCalendar = "weekly";
settings = { settings = {
stream_buffer = "265m";
stream_compress = "lz4"; stream_compress = "lz4";
incremental = "yes"; incremental = "yes";
snapshot_create = "no"; snapshot_create = "no";
@ -87,20 +88,35 @@
snapshot_preserve_min = "all"; snapshot_preserve_min = "all";
target_preserve_min = "no"; target_preserve_min = "no";
target_preserve = "4w 2m"; target_preserve = "4w 2m";
archive_preserve_min = "no";
archive_preserve = "4w 2m";
ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk"; ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk";
ssh_user = "btrbk"; ssh_user = "btrbk";
volume = { volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Mars" = { "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars" = {
target = "/mnt/nas/Backups/Mars";
subvolume = { subvolume = {
"@nas" = {}; "@nas" = {
target = "/mnt/nas/Backups/Mars";
};
"@hades/@home" = {
target = "/mnt/nas/Backups/Hades";
snapshot_dir = "@snapshots/@hades";
};
"@lifebook/@home" = {
target = "/mnt/nas/Backups/Lifebook";
snapshot_dir = "@snapshots/@lifebook";
};
# "@steamdeck/@home" = {
# target = "/mnt/nas/Backups/Steamdeck";
# snapshot_dir = "@snapshots/@steamdeck";
# };
}; };
}; };
}; };
volume = { volume = {
"ssh://jupiter.home.opel-online.de/mnt/snapshots/Pluto" = { "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Pluto" = {
target = "/mnt/nas/Backups/Pluto"; target = "/mnt/nas/Backups/Pluto";
subvolume = { subvolume = {
"@/Games" = {}; "@/Games" = {};
@ -113,36 +129,17 @@
}; };
}; };
}; };
# lf = {
# onCalendar = "daily";
# settings = {
# incremental = "yes";
# snapshot_create = "ondemand";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve = "2m 2w 5d";
# snapshot_preserve_min = "latest";
#
# volume = {
# "/mnt/snapshots/Pluto" = {
# snapshot_create = "always";
# subvolume = {
# "@" = {};
# "@/Backups" = {};
# "@/Games" = {};
# "@/IT" = {};
# "@/Media" = {};
# "@/Pictures" = {};
# "@/Rest" = {};
# };
# };
# };
# };
# };
}; };
}; };
systemd.services = {
btrbk-bak = {
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
};
};
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-label/NIXROOT"; { device = "/dev/disk/by-label/NIXROOT";
fsType = "btrfs"; fsType = "btrfs";
@ -198,35 +195,24 @@
swapDevices = [ { device = "/swap/swapfile"; } ]; swapDevices = [ { device = "/swap/swapfile"; } ];
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "enp6s18";
ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ];
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
networking = { networking = {
hostName = "nasbak"; hostName = "nasbak";
domain = "home.opel-online.de"; domain = "home.opel-online.de";
networkmanager = { useDHCP = false; # For versatility sake, manually edit IP on nm-applet.
enable = false;
};
timeServers = [
"192.168.2.1"
];
interfaces = {
enp6s18 = {
useDHCP = true; # For versatility sake, manually edit IP on nm-applet.
# ipv4.addresses = [ {
# address = "45.142.114.153";
# prefixLength = 24;
# } ];
# ipv6.addresses = [ {
# address = "2a00:ccc1:101:19D::2";
# prefixLength = 64;
# } ];
# };
};
};
# defaultGateway = "45.142.114.1";
defaultGateway6 = {
address = "fe80::1";
interface = "enp6s18";
};
# nameservers = [ "9.9.9.9" "2620:fe::fe" ];
#firewall = { #firewall = {
# enable = false; # enable = false;
# #allowedUDPPorts = [ 53 67 ]; # #allowedUDPPorts = [ 53 67 ];

14
hosts/laptop/default.nix → hosts/nbf5/default.nix
View File

@ -58,15 +58,7 @@
}; };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "curses";
};
}; };
services = { services = {
@ -80,13 +72,9 @@
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
blueman.enable = true; blueman.enable = true;
printing = { # Printing and drivers for TS5300
enable = true;
drivers = [ pkgs.gutenprint ];
};
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
nssmdns = true; nssmdns4 = true;
publish = { # Needed for detecting the scanner publish = { # Needed for detecting the scanner
enable = true; enable = true;
addresses = true; addresses = true;

0
hosts/laptop/hardware-configuration.nix → hosts/nbf5/hardware-configuration.nix
View File

0
hosts/laptop/home.nix → hosts/nbf5/home.nix
View File

20
hosts/server/default.nix
View File

@ -57,22 +57,22 @@
gnupg.agent = { gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "curses"; pinentryPackage = pkgs.pinentry-curses;
}; };
}; };
services = { services = {
#auto-cpufreq.enable = true; #auto-cpufreq.enable = true;
qemuGuest.enable = true; qemuGuest.enable = true;
avahi = { # Needed to find wireless printer #avahi = { # Needed to find wireless printer
enable = true; # enable = true;
nssmdns = true; # nssmdns = true;
publish = { # Needed for detecting the scanner # publish = { # Needed for detecting the scanner
enable = true; # enable = true;
addresses = true; # addresses = true;
userServices = true; # userServices = true;
}; # };
}; #};
fail2ban = { fail2ban = {
enable = true; enable = true;
maxretry = 5; maxretry = 5;

32
hosts/steamdeck/default.nix
View File

@ -20,12 +20,22 @@
{ config, pkgs, user, jovian-nixos, lib, ... }: { config, pkgs, user, jovian-nixos, lib, ... }:
{ {
specialisation = {
sway.configuration = {
imports =
[(import ../../modules/wm/sway)];
jovian.steam.enable = lib.mkForce false;
services.desktopManager.plasma6.enable = lib.mkForce false;
};
};
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/steam/default.nix)] ++ # jovian steam
[(import ../../modules/wm/kde/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
[(import ../../modules/wm/steam)] ++
[(import ../../modules/wm/kde)] ++
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
boot = { # Boot options boot = { # Boot options
@ -44,30 +54,12 @@
}; };
}; };
# hardware.sane = { # Used for scanning with Xsane
# enable = false;
# extraBackends = [ pkgs.sane-airscan ];
# };
hardware = { hardware = {
nitrokey.enable = true; nitrokey.enable = true;
}; };
# environment = {
# systemPackages = with pkgs; [
## alacritty
# ];
# };
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true;
dconf.enable = true;
light.enable = true; light.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
enableSSHSupport = true;
#pinentryFlavor = "curses";
};
}; };
services = { services = {

77
hosts/steamdeck/hardware-configuration.nix
View File

@ -19,7 +19,7 @@
boot = { boot = {
initrd = { initrd = {
availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ]; availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sdhci_pci" ];
kernelModules = [ ]; kernelModules = [ ];
systemd.enable = true; systemd.enable = true;
luks = { luks = {
@ -50,33 +50,66 @@
udev.extraRules = '' udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1" ACTION=="add", SUBSYSTEM=="block", KERNEL=="mmcblk[0-9]p[0-9]", ENV{ID_FS_USAGE}=="filesystem", RUN{program}+="${pkgs.systemd}/bin/systemd-mount -o noatime,compress-force=zstd:15,ssd_spread,commit=120 --no-block --automount=yes --collect $devnode /run/media/mmcblk0p1"
''; '';
};
services.btrbk = { btrbk = {
instances = { instances = {
hf = { hf = {
onCalendar = "hourly"; onCalendar = "hourly";
settings = { settings = {
incremental = "yes"; incremental = "yes";
snapshot_create = "ondemand"; snapshot_create = "ondemand";
snapshot_dir = "@snapshots"; snapshot_dir = "@snapshots";
timestamp_format = "long"; timestamp_format = "long";
snapshot_preserve = "2m 2w 5d 5h"; snapshot_preserve = "2m 2w 5d 5h";
snapshot_preserve_min = "latest"; snapshot_preserve_min = "latest";
volume = { volume = {
"/mnt/snapshots/root" = { "/mnt/snapshots/root" = {
snapshot_create = "always"; snapshot_create = "always";
subvolume = { subvolume = {
"@home" = {}; "@home" = {};
};
}; };
}; };
}; };
}; };
# bak = {
# onCalendar = "daily";
# settings = {
# stream_buffer = "256m";
# stream_compress = "lz4";
# incremental = "yes";
# snapshot_create = "no";
# snapshot_dir = "@snapshots";
# timestamp_format = "long";
#
# snapshot_preserve_min = "all";
# target_preserve_min = "no";
# target_preserve = "2m 4w 3d";
#
# ssh_identity = "/etc/btrbk/ssh/id_ed25519_btrbk_nas";
# ssh_user = "btrbk";
#
# volume = {
# "/mnt/snapshots/root" = {
# subvolume = {
# "@home" = {};
# };
# target = "ssh://jupiter.home.opel-online.de:2220/mnt/snapshots/Mars/@snapshots/@steamdeck";
# };
# };
# };
# };
}; };
}; };
}; };
#
# systemd.timers = {
# btrbk-bak = {
# requires = [ "network-online.target" ];
# };
# };
fileSystems."/" = fileSystems."/" =
{ device = "/dev/mapper/crypted"; { device = "/dev/mapper/crypted";
@ -171,9 +204,9 @@
#nameservers = [ "192.168.0.4" ]; #nameservers = [ "192.168.0.4" ];
firewall = { firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
# enable = false; enable = true;
# #allowedUDPPorts = [ 53 67 ]; allowedUDPPorts = [ 24727 ];
# #allowedTCPPorts = [ 53 80 443 9443 ]; allowedTCPPorts = [ 24727 ];
}; };
}; };

19
hosts/steamdeck/home.nix
View File

@ -14,12 +14,17 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
specialisation = {
sway.configuration = {
imports =
[(import ../../modules/wm/sway/home.nix)];
};
};
imports = imports =
[ [(import ../../modules/home.nix)] ++ # Window Manager
../../modules/wm/steam/home.nix # Window Manager [(import ../../modules/wm/steam/home.nix)] ++
../../modules/wm/kde/home.nix # Window Manager [(import ../../modules/wm/kde/home.nix)];
../../modules/home.nix # Window Manager
];
home = { # Specific packages for laptop home = { # Specific packages for laptop
packages = with pkgs; [ packages = with pkgs; [
@ -43,10 +48,6 @@
]; ];
}; };
programs = {
alacritty.settings.font.size = 11;
};
services = { # Applets services = { # Applets
}; };

5
modules/hardware/backup.nix
View File

@ -9,7 +9,10 @@
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq"; key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU2NJ9xwYnp6/frIOv96ih8psiFcC2eOQeT+ZEMW5rq";
roles = [ "source" "info" "send" ]; roles = [ "source" "info" "send" ];
} }
{
key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIma7jNVQZM+lFMOKUex0+cyDpeUA3Wo4SEJ7P9YnHPG";
roles = [ "target" "info" "receive" "delete" ];
}
]; ];
extraPackages = [ pkgs.lz4 ];
}; };
} }

21
modules/hardware/hydraCache.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
nix = {
settings = {
extra-trusted-public-keys = [
"hades-builder:AFdPgi6Qq/yKqc2V2imgzMikEkVEFCrDaHyAmOJ3MII="
"steamdeck.cachix.org-1:BVoP4TEu3ECgotaO+3J3r9SSn62GkUDBwizOFU/q4Bc="
];
extra-substituters = [
"https://steamdeck.cachix.org"
"https://cache.ci.kabtop.de"
];
#extra-trusted-substituters = [
# "https://cache.home.opel-online.de"
#];
};
};
}

5
modules/programs/alacritty.nix
View File

@ -15,6 +15,7 @@
enable = true; enable = true;
package = pkgs.alacritty; package = pkgs.alacritty;
settings = { settings = {
env.term = "screen-256color";
font = rec { # Font - Laptop has size manually changed at home.nix font = rec { # Font - Laptop has size manually changed at home.nix
#normal.family = "FiraCode Nerd Font"; #normal.family = "FiraCode Nerd Font";
normal.family = "Cascadia Code"; normal.family = "Cascadia Code";
@ -22,10 +23,6 @@
#bold = { style = "Bold"; }; #bold = { style = "Bold"; };
# size = 8; # size = 8;
}; };
offset = { # Positioning
x = -1;
y = 0;
};
}; };
}; };
}; };

2
modules/programs/default.nix
View File

@ -12,7 +12,7 @@
[ [
./alacritty.nix ./alacritty.nix
./rofi.nix # ./rofi.nix
./firefox.nix ./firefox.nix
#./waybar.nix #./waybar.nix
#./games.nix #./games.nix

90
modules/services/dmz/hydra.nix
View File

@ -1,11 +1,91 @@
{ lib, config, pkgs, ... }: { lib, config, pkgs, ... }:
{ {
services.hydra = { services = {
enable = true; hydra = {
hydraURL = "http://localhost:3000"; enable = true;
notificationSender = "hydra@localhost"; hydraURL = "https://hydra.home.opel-online.de";
useSubstitutes = true; listenHost = "127.0.0.1";
notificationSender = "hydra@localhost";
useSubstitutes = true;
minimumDiskFree = 30;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
}; };
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = "http:// https://";
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
} }

19
modules/services/kabtopci/default.nix Normal file
View File

@ -0,0 +1,19 @@
#
# Services
#
# flake.nix
# ├─ ./hosts
# │ └─ home.nix
# └─ ./modules
# └─ ./services
# └─ default.nix *
# └─ ...
#
[
# ./microvm.nix
./hydra.nix
]
# picom, polybar and sxhkd are pulled from desktop module
# redshift temporarely disables

59
modules/services/kabtopci/gitea_runner.nix Normal file
View File

@ -0,0 +1,59 @@
{ lib, config, pkgs, ... }:
{
virtualisation = {
podman ={
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
containers.containersConf.settings = {
# podman seems to not work with systemd-resolved
containers.dns_servers = [ "8.8.8.8" "8.8.4.4" ];
};
};
services.gitea-actions-runner.instances = {
cirunner = {
enable = true;
url = "https://git.kabtop.de";
name = "CI Kabtop runner";
tokenFile = config.age.secrets."services/gitea/cirunner-token".path;
labels = [
"ci"
"debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:16-bullseye"
"ubuntu-22.04:docker://node:16-bullseye"
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
settings = {
# container.options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nixuser --device=/dev/kvm";
# the default network that also respects our dns server settings
container.network = "host";
container.privileged = false;
# container.valid_volumes = [
# "/nix"
# "${storeDeps}/bin"
# "${storeDeps}/etc/ssl"
# ];
};
};
};
age.secrets."services/gitea/cirunner-token" = {
file = ../../../secrets/services/gitea/cirunner-token.age;
owner = "gitea-runner";
};
}

82
modules/services/kabtopci/hydra.nix Normal file
View File

@ -0,0 +1,82 @@
{ lib, config, pkgs, ... }:
{
services = {
hydra = {
enable = true;
hydraURL = "https://hydra.ci.kabtop.de";
listenHost = "127.0.0.1";
notificationSender = "hydra@kabtop.de";
useSubstitutes = true;
minimumDiskFree = 8;
};
nix-serve = {
enable = true;
port = 5001;
bindAddress = "127.0.0.1";
secretKeyFile = config.age.secrets."keys/nixsign".path;
};
nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
"hydra.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Port 443;
'';
};
};
"cache.ci.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@kabtop.de";
webroot = "/var/lib/acme/acme-challenge";
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
nix = {
settings = {
trusted-users = [
"hydra"
];
allowed-uris = [
"github:"
"https://github.com/"
"git+ssh://github.com/"
];
};
extraOptions = ''
secret-key-files = ${config.age.secrets."keys/nixsign".path}
'';
};
age.secrets."keys/nixsign" = {
file = ../../../secrets/keys/nixservepriv.age;
owner = "hydra";
};
}

129
modules/services/kabtopci/microvm.nix Normal file
View File

@ -0,0 +1,129 @@
{ config, microvm, lib, pkgs, user, agenix, impermanence, ... }:
let
name = "gitea-runner";
in
{
microvm = {
autostart = [
name
];
vms = {
${name} = {
inherit pkgs;
config = {
imports =
[ agenix.nixosModules.default ] ++
[ impermanence.nixosModules.impermanence ] ++
[( ./gitea_runner.nix )];
networking = {
hostName = "${name}";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
};
};
systemd.network = {
enable = true;
networks = {
"10-lan" = {
matchConfig.Name = "*";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
};
users.users.${user} = { # System User
isNormalUser = true;
extraGroups = [ "wheel" ];
uid = 2000;
openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIANmaraVJ/o20c4dqVnGLp/wGck9QNHFPvO9jcEbKS29AAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIgo4IP8ISUohyAMiDc3zEe6ESUE3un7eN5FhVtxZHmcAAAABHNzaDo= kabbone@kabc"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKVDApb3vZ+i97V4xLJh8rUF6z5OVYfORlXYbLhdQO15AAAABHNzaDo= kabbone@hades.home.opel-online.de"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB0q++epdX7feQxvmC2m/CJEoJbkqtAJy6Ml6WKHxryZAAAABHNzaDo= kabbone@hades.home.opel-online.de"
];
};
services = {
openssh = {
enable = true;
settings.PasswordAuthentication = false;
hostKeys = [
{
path = "/persist/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/etc/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}];
};
};
fileSystems."/persist".neededForBoot = lib.mkForce true;
environment = {
systemPackages = with pkgs; [ # Default packages install system-wide
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/private"
];
files = [
"/etc/machine-id"
];
};
};
microvm = {
hypervisor = "qemu";
vcpu = 4;
mem = 3096;
balloonMem = 3096;
#kernel = pkgs.linuxKernel.packages.linux_latest;
interfaces = [
{
type = "user";
id = "vm-${name}";
mac = "04:00:00:00:00:02";
} ];
shares = [{
source = "/nix/store";
mountPoint = "/nix/.ro-store";
tag = "ro-store";
proto = "virtiofs";
}
{
source = "/etc/vm-persist/${name}";
mountPoint = "/persist";
tag = "persist";
proto = "virtiofs";
}];
#writableStoreOverlay = "/nix/.rw-store";
#storeOnDisk = true;
};
system.stateVersion = "23.05";
};
};
};
};
}

31
modules/services/kanshi.nix
View File

@ -7,31 +7,34 @@
{ {
services.kanshi = { services.kanshi = {
enable = true; enable = true;
profiles = { settings = [
undocked = { {
profile = {
name = "undocked";
outputs = [ outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; } { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
]; ];
}; };
#docked_c = { }
# outputs = [ {
# { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "2560,0"; } profile = {
# { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "0,0"; } name = "docked_c";
# ];
#};
docked_c = {
outputs = [ outputs = [
{ criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; } { criteria = "eDP-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; scale = 1.5; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; } { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
]; ];
}; };
docked_triple = { }
{
profile = {
name = "docked_triple";
outputs = [ outputs = [
{ criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; } { criteria = "eDP-1"; status = "disable"; mode = "1920x1080"; position = "4480,0"; }
{ criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; } { criteria = "HDMI-A-1"; status = "enable"; mode = "1920x1080"; position = "0,0"; }
{ criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; } { criteria = "DP-1"; status = "enable"; mode = "2560x1080"; position = "1920,0"; }
]; ];
}; };
}; }
];
}; };
} }

2
modules/services/nas/default.nix
View File

@ -12,6 +12,8 @@
[ [
./nfs.nix ./nfs.nix
./nginx.nix
./vaultwarden.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

53
modules/services/nas/nginx.nix Normal file
View File

@ -0,0 +1,53 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
virtualHosts = {
"home.opel-online.de" = {
enableACME = true;
forceSSL = true;
default = true;
locations."/".return = "503";
};
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "webmaster@opel-online.de";
# server = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsResolver = "9.9.9.9:53";
};
certs = {
"home.opel-online.de" = {
domain = "*.home.opel-online.de";
dnsProvider = "netcup";
environmentFile = config.age.secrets."services/acme/opel-online".path;
webroot = null;
};
};
};
networking.firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ 80 443 ];
};
age.secrets."services/acme/opel-online" = {
file = ../../../secrets/services/acme/opel-online.age;
owner = "acme";
};
}

38
modules/services/nas/vaultwarden.nix Normal file
View File

@ -0,0 +1,38 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
environmentFile = config.age.secrets."services/vaultwarden/environment".path;
config = {
DOMAIN = "https://vault.home.opel-online.de";
SIGNUPS_ALLOWED = false;
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 8222;
ROCKET_LOG = "critical";
};
};
services.nginx = {
virtualHosts = {
"vault.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
};
};
};
age.secrets."services/vaultwarden/environment" = {
file = ../../../secrets/services/vaultwarden/environment.age;
owner = "vaultwarden";
};
}

3
modules/services/server/default.nix
View File

@ -17,8 +17,7 @@
./nextcloud.nix ./nextcloud.nix
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./jitsi.nix # ./ollama.nix
./ollama.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

7
modules/services/server/gitea.nix
View File

@ -25,6 +25,8 @@
DOMAIN = "git.kabtop.de"; DOMAIN = "git.kabtop.de";
SSH_PORT = 2220; SSH_PORT = 2220;
ENABLE_GZIP = true; ENABLE_GZIP = true;
LFS_START_SERVER = true;
LFS_ALLOW_PURE_SSH = true;
}; };
security = { security = {
MIN_PASSWORD_LENGTH = 8; MIN_PASSWORD_LENGTH = 8;
@ -40,7 +42,7 @@
}; };
ui = { ui = {
SHOW_USER_EMAIL = false; SHOW_USER_EMAIL = false;
DEFAULT_THEME = "arc-green"; DEFAULT_THEME = "gitea-dark";
}; };
# openid = { # openid = {
# ENABLE_OPENID_SIGNIN = true; # ENABLE_OPENID_SIGNIN = true;
@ -64,6 +66,9 @@
actions = { actions = {
ENABLED = true; ENABLED = true;
}; };
indexer = {
REPO_INDEXER_ENABLED = false;
};
}; };
}; };

1
modules/services/server/matrix.nix
View File

@ -139,7 +139,6 @@ in {
"/var/log/mautrix-signal" "/var/log/mautrix-signal"
]; ];
NoNewPrivileges=true; NoNewPrivileges=true;
MemoryDenyWriteExecute=true;
PrivateDevices=true; PrivateDevices=true;
PrivateTmp=true; PrivateTmp=true;
ProtectHome=true; ProtectHome=true;

55
modules/services/server/nextcloud.nix
View File

@ -9,15 +9,20 @@
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
https = true; https = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud30;
database.createLocally = false; database.createLocally = false;
logType = "file"; notify_push.enable = false;
maxUploadSize = "512M";
caching = { caching = {
redis = true; redis = true;
apcu = false; apcu = false;
}; };
extraOptions = { settings = {
log_type = "file";
logfile = "nextcloud.log"; logfile = "nextcloud.log";
overwriteprotocol = "https";
default_phone_region = "DE";
redis = { redis = {
host = "/run/redis-nextcloud/redis.sock"; host = "/run/redis-nextcloud/redis.sock";
port = 0; port = 0;
@ -25,6 +30,7 @@
"memcache.local" = "\\OC\\Memcache\\Redis"; "memcache.local" = "\\OC\\Memcache\\Redis";
"memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis";
"maintenance_window_start" = "1";
}; };
config = { config = {
dbtype = "pgsql"; dbtype = "pgsql";
@ -34,8 +40,6 @@
adminuser = "kabbone"; adminuser = "kabbone";
adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path; adminpassFile = config.age.secrets."services/nextcloud/adminpassFile".path;
dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path; dbpassFile = config.age.secrets."services/nextcloud/dbpassFile".path;
overwriteProtocol = "https";
defaultPhoneRegion = "DE";
}; };
phpOptions = { phpOptions = {
"opcache.interned_strings_buffer" = "16"; "opcache.interned_strings_buffer" = "16";
@ -43,15 +47,15 @@
#autoUpdateApps.enable = true; #autoUpdateApps.enable = true;
}; };
services.onlyoffice = { # services.onlyoffice = {
enable = true; # enable = true;
hostname = "docs.cloud.kabtop.de"; # hostname = "docs.cloud.kabtop.de";
postgresName = "onlyoffice"; # postgresName = "onlyoffice";
postgresHost = "localhost"; # postgresHost = "localhost";
postgresUser = "onlyoffice"; # postgresUser = "onlyoffice";
postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path; # postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path; # jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
}; # };
services.redis = { services.redis = {
vmOverCommit = true; vmOverCommit = true;
@ -69,9 +73,10 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
"${config.services.onlyoffice.hostname}".listen = [ { # "${config.services.onlyoffice.hostname}" = {
addr = "127.0.0.1"; port = 8080; # enableACME = true;
} ]; # forceSSL = true;
# };
}; };
}; };
@ -83,14 +88,14 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age; file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud"; owner = "nextcloud";
}; };
age.secrets."services/nextcloud/onlyofficedb" = { # age.secrets."services/nextcloud/onlyofficedb" = {
file = ../../../secrets/services/nextcloud/onlyofficedb.age; # file = ../../../secrets/services/nextcloud/onlyofficedb.age;
owner = "onlyoffice"; # owner = "onlyoffice";
}; # };
age.secrets."services/nextcloud/onlyofficejwt" = { # age.secrets."services/nextcloud/onlyofficejwt" = {
file = ../../../secrets/services/nextcloud/onlyofficejwt.age; # file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
owner = "onlyoffice"; # owner = "onlyoffice";
}; # };
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = ["postgresql.service"];

21
modules/services/server/postgresql.nix
View File

@ -5,9 +5,10 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
imports = [ ./postgresql_upgrade.nix ];
services.postgresql = { services.postgresql = {
enable = true; enable = true;
package = pkgs.postgresql_15; package = pkgs.postgresql_16;
settings = { settings = {
max_connections = 200; max_connections = 200;
listen_addresses = "localhost"; listen_addresses = "localhost";
@ -20,15 +21,15 @@
timezone = "Europe/Berlin"; timezone = "Europe/Berlin";
}; };
authentication = pkgs.lib.mkOverride 14 '' authentication = pkgs.lib.mkOverride 14 ''
local all postgres peer local all postgres peer
host giteadb gitea localhost scram-sha-256 host giteadb gitea localhost scram-sha-256
host nextclouddb nextcloud localhost scram-sha-256 host nextclouddb nextcloud localhost scram-sha-256
host synapsedb synapse localhost scram-sha-256 host synapsedb synapse localhost scram-sha-256
host whatsappdb mautrixwa localhost scram-sha-256 host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256 host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256 host signaldb mautrixsignal localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256 host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer local onlyoffice onlyoffice peer
''; '';
initialScript = config.age.secrets."services/postgresql/initScript.sql".path; initialScript = config.age.secrets."services/postgresql/initScript.sql".path;
}; };

33
modules/services/server/postgresql_upgrade.nix Normal file
View File

@ -0,0 +1,33 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
(let
# XXX specify the postgresql package you'd like to upgrade to.
# Do not forget to list the extensions you need.
newPostgres = pkgs.postgresql_16.withPackages (pp: [
# pp.plv8
]);
cfg = config.services.postgresql;
in pkgs.writeScriptBin "upgrade-pg-cluster" ''
set -eux
# XXX it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
export NEWDATA="/var/lib/postgresql/${newPostgres.psqlSchema}"
export NEWBIN="${newPostgres}/bin"
export OLDDATA="${cfg.dataDir}"
export OLDBIN="${cfg.package}/bin"
install -d -m 0700 -o postgres -g postgres "$NEWDATA"
cd "$NEWDATA"
sudo -u postgres $NEWBIN/initdb -D "$NEWDATA" ${lib.escapeShellArgs cfg.initdbArgs}
sudo -u postgres $NEWBIN/pg_upgrade \
--old-datadir "$OLDDATA" --new-datadir "$NEWDATA" \
--old-bindir $OLDBIN --new-bindir $NEWBIN \
"$@"
'')
];
}

2
modules/shell/git.nix
View File

@ -16,7 +16,9 @@
}; };
extraConfig = { extraConfig = {
gpg = { format = "ssh"; }; gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
}; };
difftastic.enable = true;
}; };
}; };
} }

20
modules/shell/tmux.nix
View File

@ -19,22 +19,22 @@
plugins = with pkgs.tmuxPlugins; [ plugins = with pkgs.tmuxPlugins; [
yank yank
sidebar sidebar
{ # {
# plugin = dracula; # plugin = dracula;
# extraConfig = " # extraConfig = "
# set -g @dracula-show-powerline true # set -g @dracula-show-powerline true
# set -g @dracula-plugins 'git cpu-usage ram-usage battery time' # set -g @dracula-plugins 'git cpu-usage ram-usage battery time'
# set -g @dracula-border-contrast true # set -g @dracula-border-contrast true
# "; # ";
plugin = catppuccin; # plugin = catppuccin;
extraConfig = " # extraConfig = "
set -g @catppuccin_flavour 'macchiato' # set -g @catppuccin_flavour 'macchiato'
set -g @catppuccin_window_tabs_enabled 'on' # set -g @catppuccin_window_tabs_enabled 'on'
set -g @catppuccin_host 'on' # set -g @catppuccin_host 'on'
set -g @catppuccin_user 'on' # set -g @catppuccin_user 'on'
set -g @catppuccin_date_time '%Y-%m-%d %H:%M' # set -g @catppuccin_date_time '%Y-%m-%d %H:%M'
"; # ";
} # }
]; ];
extraConfig = '' extraConfig = ''
set -g mouse on set -g mouse on

7
modules/shell/zsh.nix
View File

@ -9,7 +9,7 @@
zsh = { zsh = {
enable = true; enable = true;
dotDir = ".config/zsh_nix"; dotDir = ".config/zsh_nix";
enableAutosuggestions = true; # Auto suggest options and highlights syntact, searches in history for options autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
history.size = 10000; history.size = 10000;
@ -27,10 +27,6 @@
''; '';
initExtra = '' # Zsh theme initExtra = '' # Zsh theme
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
unset SSH_AGENT_PID
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh"
# Spaceship # Spaceship
source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup source ${pkgs.spaceship-prompt}/share/zsh/site-functions/prompt_spaceship_setup
autoload -U promptinit; promptinit autoload -U promptinit; promptinit
@ -40,6 +36,7 @@
# Swag # Swag
pfetch # Show fetch logo on terminal start pfetch # Show fetch logo on terminal start
eval "$(direnv hook zsh)" eval "$(direnv hook zsh)"
eval "$(ssh-agent)"
''; '';
}; };
}; };

7
modules/themes/.gitattributes vendored Normal file
View File

@ -0,0 +1,7 @@
nixos-wallpaper-catppuccin-mocha.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.src.svg filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-nineish-solarized-dark.png filter=lfs diff=lfs merge=lfs -text
nix-wallpaper-binary-black.png filter=lfs diff=lfs merge=lfs -text
lockwall.jpg filter=lfs diff=lfs merge=lfs -text
nuka_col.jpg filter=lfs diff=lfs merge=lfs -text
wall.jpg filter=lfs diff=lfs merge=lfs -text

BIN
modules/themes/lockwall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 285 KiB

After

Width:  |  Height:  |  Size: 131 B

BIN
modules/themes/nix-wallpaper-binary-black.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.png (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nix-wallpaper-nineish-solarized-dark.src.svg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.svg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/nuka_col.jpg (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
modules/themes/wall.jpg
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

1
modules/themes/wall.jpg Symbolic link
View File

@ -0,0 +1 @@
nixos-wallpaper-catppuccin-mocha.svg
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 242 KiB

After

Width:  |  Height:  |  Size: 36 B

3
modules/wm/gnome/default.nix
View File

@ -19,7 +19,6 @@
gnome.gnome-terminal gnome.gnome-terminal
gnomeExtensions.dash-to-dock gnomeExtensions.dash-to-dock
gnomeExtensions.appindicator gnomeExtensions.appindicator
flatpak
rocmPackages.clr.icd rocmPackages.clr.icd
rocmPackages.clr rocmPackages.clr
clinfo clinfo
@ -43,7 +42,7 @@
autoLogin.user = "kabbone"; autoLogin.user = "kabbone";
}; };
}; };
flatpak.enable = true; #flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
}; };
} }

31
modules/wm/kde/default.nix
View File

@ -15,19 +15,26 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
flatpak # rocmPackages.clr.icd
rocmPackages.clr.icd # rocmPackages.clr
rocmPackages.clr # clinfo
clinfo kdePackages.discover
libsForQt5.discover
maliit-keyboard maliit-keyboard
maliit-framework
kdePackages.ksshaskpass
]; ];
programs = {
ssh.enableAskPassword = true;
ssh.askPassword = lib.mkDefault "${pkgs.kdePackages.ksshaskpass}/bin/ksshaskpass";
};
services = { services = {
packagekit.enable = true; packagekit.enable = true;
xserver = { desktopManager.plasma6.enable = true;
enable = true; # xserver = {
desktopManager.plasma5.enable = true; # enable = true;
# desktopManager.plasma5.enable = true;
# displayManager = { # displayManager = {
# gdm.wayland = true; # gdm.wayland = true;
# gdm.enable = true; # gdm.enable = true;
@ -41,8 +48,10 @@
# autoLogin.enable = true; # autoLogin.enable = true;
# autoLogin.user = "kabbone"; # autoLogin.user = "kabbone";
# }; # };
}; # };
flatpak.enable = true; #flatpak.enable = true;
udev.packages = with pkgs; [ gnome.gnome-settings-daemon ]; udev.packages = with pkgs; [ gnome-settings-daemon ];
}; };
qt.platformTheme = "kde";
} }

1
modules/wm/kde/home.nix
View File

@ -13,4 +13,5 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
{ {
} }

9
modules/wm/steam/default.nix
View File

@ -22,7 +22,7 @@
enable = true; enable = true;
user = "kabbone"; user = "kabbone";
autoStart = true; autoStart = true;
desktopSession = "plasmawayland"; desktopSession = "plasma";
}; };
devices.steamdeck = { devices.steamdeck = {
enable = true; enable = true;
@ -30,10 +30,9 @@
decky-loader.enable = true; decky-loader.enable = true;
}; };
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
driSupport = true; enable32Bit = true;
driSupport32Bit = true;
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

2
modules/wm/steam/home.nix
View File

@ -18,7 +18,7 @@
steam steam
jq jq
appimage-run appimage-run
gnome.zenity zenity
unzip unzip
fuse fuse
]; ];

10
modules/wm/sway/default.nix
View File

@ -16,12 +16,6 @@
{ {
imports = [ ../waybar.nix ]; imports = [ ../waybar.nix ];
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
};
environment = { environment = {
loginShellInit = '' loginShellInit = ''
if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then if [ -z $DISPLAY ] && [ $UID != 0 ] && [ "$(tty)" = "/dev/tty1" ]; then
@ -41,6 +35,8 @@
rocmPackages.clr rocmPackages.clr
clinfo clinfo
waybar waybar
rot8
glib
]; ];
}; };
@ -51,7 +47,7 @@
export MOZ_WEBRENDER="1"; export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2"; export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1"; export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland"; export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD"; export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD"; export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland"; export XDG_SESSION_TYPE="wayland";

128
modules/wm/sway/home.nix
View File

@ -18,8 +18,9 @@
wayland.windowManager.sway = { wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false;
config = rec { config = rec {
menu = "${pkgs.bemenu}/bin/bemenu-run -m -1 --hf '#ffff00' --tf '#888888' --nf '#00ff40' --hb '#424242' | xargs ${pkgs.sway}/bin/swaymsg exec --"; menu = "${pkgs.rofi}/bin/rofi -show combi -show-icons";
left = "m"; left = "m";
down = "n"; down = "n";
up = "e"; up = "e";
@ -30,8 +31,9 @@
input = { input = {
"type:keyboard" = { "type:keyboard" = {
xkb_layout = "us"; xkb_layout = "us,de";
xkb_variant = "altgr-intl"; xkb_variant = "altgr-intl,";
xkb_options = "grp:win_space_toggle";
}; };
"type:touchpad" = { "type:touchpad" = {
tap = "enabled"; tap = "enabled";
@ -55,11 +57,12 @@
#}; #};
"DP-2" = { "DP-2" = {
mode = "2560x1440"; mode = "2560x1440";
pos = "0,0"; pos = "0,250";
}; };
"DP-3" = { "DP-3" = {
mode = "1920x1200"; mode = "1920x1200";
pos = "2560,120"; pos = "2560,0";
transform = "90";
}; };
#"eDP-1" = { #"eDP-1" = {
# mode = "1920x1080"; # mode = "1920x1080";
@ -86,11 +89,11 @@
}; };
startup = [ startup = [
#{ command = "$HOME/.config/sway/scripts/2in1screen"; } { command = "exec ${pkgs.rot8}/bin/rot8 -Y -k"; }
{ command = "xrdb -load ~/.Xresources"; } { command = "xrdb -load ~/.Xresources"; }
{ command = "gsettings set org.gnome.desktop.interface gtk-theme Arc"; } # { command = "gsettings set org.gnome.desktop.interface gtk-theme Dracula"; }
{ command = "gsettings set org.gnome.desktop.interface icon-theme ePapirus"; } # { command = "gsettings set org.gnome.desktop.interface icon-theme Dracula"; }
{ command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; } # { command = "gsettings set org.gnome.desktop.interface cursor-theme Adwaita"; }
#{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; } #{ command = "exec ${pkgs.networkmanagerapplet}/bin/nm-applet --indicator"; }
{ command = "${pkgs.thunderbird}/bin/thunderbird"; } { command = "${pkgs.thunderbird}/bin/thunderbird"; }
{ command = "${pkgs.firefox}/bin/firefox"; } { command = "${pkgs.firefox}/bin/firefox"; }
@ -117,7 +120,7 @@
{ command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; } { command = "floating enable"; criteria = { app_id = "com.nitrokey."; }; }
{ command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; } { command = "floating enable"; criteria = { app_id = "org.keepassxc.KeePassXC."; }; }
{ command = "floating enable"; criteria = { app_id = "virt-manager"; }; } { command = "floating enable"; criteria = { app_id = "virt-manager"; }; }
{ command = "floating enable"; criteria = { class = "lxqt-openssh-askpass"; }; } { command = "floating enable"; criteria = { title = "^OpenSSH Authentication"; }; }
{ command = "floating enable"; criteria = { class = "pop-up"; }; } { command = "floating enable"; criteria = { class = "pop-up"; }; }
]; ];
@ -154,27 +157,28 @@
"${alt}+Shift+${right}" = "move container to workspace next, workspace next"; "${alt}+Shift+${right}" = "move container to workspace next, workspace next";
"XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled"; "XF86TouchpadToggle" = "input type:touchpad events toggle enabled disabled";
"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5 && ${config.cmds.notifications.volume}";
"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5 && ${config.cmds.notifications.volume}";
"XF86AudioMute" = "exec pulsemixer --toggle-mute && ${config.cmds.notifications.volume}";
#"XF86AudioRaiseVolume" = "exec pulsemixer --change-volume +5";
#"XF86AudioLowerVolume" = "exec pulsemixer --change-volume -5";
#"XF86AudioMute" = "exec pulsemixer --toggle-mute";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86MonBrightnessDown" = "exec light -s sysfs/backlight/intel_backlight -U 5% && ${config.cmds.notifications.brightness}";
"XF86MonBrightnessUp" = "exec light -s sysfs/backlight/intel_backlight -A 5% && ${config.cmds.notifications.brightness}";
"XF86AudioPlay" = "exec playerctl play-pause"; "XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next"; "XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous"; "XF86AudioPrev" = "exec playerctl previous";
"XF86AudioStop" = "exec playerctl stop"; "XF86AudioStop" = "exec playerctl stop";
#XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle"; # Sink volume raise optionally with --device
#XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; "XF86AudioRaiseVolume" = "exec swayosd-client --output-volume raise";
#XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; "XF86AudioLowerVolume" = "exec swayosd-client --output-volume lower";
#XF86AudioPlay = "exec ~/.config/waybar/scripts/toggle-play"; # Sink volume toggle mute
#XF86AudioNext = "exec playerctl --player=spotify next"; "XF86AudioMute" = "exec swayosd-client --output-volume mute-toggle";
#XF86AudioPrev = "exec playerctl --player=spotify previous"; # Source volume toggle mute
"XF86AudioMicMute" = "exec swayosd-client --input-volume mute-toggle";
# Capslock (If you don't want to use the backend)
#bindsym --release Caps_Lock exec swayosd-client --caps-lock;
# Brightness raise
"XF86MonBrightnessUp" = "exec swayosd-client --brightness raise";
# Brightness lower
"XF86MonBrightnessDown" = "exec swayosd-client --brightness lower";
"${mod}+${left}" = "focus left"; "${mod}+${left}" = "focus left";
"${mod}+${down}" = "focus down"; "${mod}+${down}" = "focus down";
"${mod}+${up}" = "focus up"; "${mod}+${up}" = "focus up";
@ -238,12 +242,13 @@
export MOZ_WEBRENDER="1"; export MOZ_WEBRENDER="1";
export MOZ_USE_XINPUT2="2"; export MOZ_USE_XINPUT2="2";
export MOZ_DBUS_REMOTE="1"; export MOZ_DBUS_REMOTE="1";
#export GDK_BACKEND="wayland"; export WLR_RENDERER="vulkan";
export LIBVA_DRIVER_NAME="iHD"; export LIBVA_DRIVER_NAME="iHD";
export VDPAU_DRIVER="iHD"; export VDPAU_DRIVER="iHD";
export XDG_SESSION_TYPE="wayland"; export XDG_SESSION_TYPE="wayland";
export XDG_CURRENT_DESKTOP="sway"; export XDG_CURRENT_DESKTOP="sway";
export QT_QPA_PLATFORMTHEME="wayland-egl"; #export QT_QPA_PLATFORMTHEME="wayland-egl";
export QT_QPA_PLATFORMTHEME="qt6ct";
export GST_VAAPI_ALL_DRIVERS="1"; export GST_VAAPI_ALL_DRIVERS="1";
export GTK_THEME="Arc"; export GTK_THEME="Arc";
export _JAVA_AWT_WM_NONREPARENTING="1"; export _JAVA_AWT_WM_NONREPARENTING="1";
@ -261,7 +266,8 @@
''; '';
}; };
programs.swaylock = { programs = {
swaylock = {
enable = true; enable = true;
settings = { settings = {
color = "000000"; color = "000000";
@ -269,19 +275,59 @@
indicator-caps-lock = true; indicator-caps-lock = true;
show-keyboard-layout = true; show-keyboard-layout = true;
}; };
};
rofi = {
enable = true;
package = pkgs.rofi-wayland;
extraConfig = {
modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
font = "Cascadia Code";
location = "top-left";
plugins = [
pkgs.rofi-calc
pkgs.rofi-bluetooth
pkgs.pinentry-rofi
];
terminal = "${pkgs.alacritty}/bin/alacritty";
theme = "arthur";
};
}; };
services.swayidle = { services = {
enable = true; swayidle = {
events = [ enable = true;
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; } events = [
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; } { event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { event = "after-resume"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
]; { event = "unlock"; command = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
timeouts = [ ];
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; } timeouts = [
{ timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; } { timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
]; { timeout = 600; command = "${pkgs.sway}/bin/swaymsg 'output * dpms off'"; resumeCommand = "${pkgs.sway}/bin/swaymsg 'output * dpms on'"; }
];
};
swayosd.enable = true;
}; };
# qt = {
# enable = true;
# style.package = [
# pkgs.dracula-theme
# pkgs.dracula-icon-theme
# pkgs.catppuccin-kvantum
# pkgs.catppuccin-kde
# pkgs.catppuccin-gtk
# pkgs.qt6Packages.qtstyleplugin-kvantum
# ];
# style.name = "kvantum";
# platformTheme.name = "qtct";
# };
# xdg.configFile = {
# "Kvantum/Catppuccin".source = "${pkgs.catppuccin-kvantum}/share/Kvantum/Catppuccin-Frappe-Blue";
# "Kvantum/kvantum.kvconfig".text = "[General]\ntheme=Catppuccin-Frappe-Blue";
# };
} }

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

11
secrets/secrets.nix
View File

@ -20,7 +20,8 @@ let
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDwN8p78OncPIRUfV64PLHOem4LtlQ3opOJwLEYqdGVx";
server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+"; server2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPm3epi3v+yuskxQZgmPdkVDET8IGeYA6LbTCqPWqkz+";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmivVLbkJJ1anwQ8CeNT7rv0Qxinp1LIQIjVWZpnIE5"; kabtopci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdvPKu0XJXpxiZYxwHdt0UzzSXxQqZIbHzVvjySR82w";
dmz = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAq5OMVTx1IkzFvDgDRwiv+ruYTCBlJ+D1hx+BS8Roah";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgnWyQUUa+vcHAKx6edbTgqW8ph+MCiS6fUwYjYcS+o";
nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz"; nasbak = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdoxslkKn3ouadPOHmDN7e5AtoJmnllnUmhl1j9qfzz";
jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/"; jupiter = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDBQr9/TIeAd25h0gfOPjoHs6JMeye4V04LuFufbe1S/";
@ -58,6 +59,12 @@ let
]; ];
buildServer = [ buildServer = [
hades hades
kabtopci
dmz
];
homeServices = [
jupiter
dmz
]; ];
in in
{ {
@ -78,6 +85,8 @@ in
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/vaultwarden/environment.age".publicKeys = homeServices ++ users;
"services/acme/opel-online.age".publicKeys = homeServices ++ users;
"keys/nixremote.age".publicKeys = buildClients ++ users; "keys/nixremote.age".publicKeys = buildClients ++ users;
"keys/nixservepriv.age".publicKeys = buildServer ++ users; "keys/nixservepriv.age".publicKeys = buildServer ++ users;
} }

BIN
secrets/services/acme/opel-online.age Normal file
View File

Binary file not shown.

42
secrets/services/coturn/static-auth.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ FMwvw6TmjR3KbTH9UgtlHGmC3ZM9s1+g2Lb2B4oSJWI -> ssh-ed25519 neExcQ yMHHDZg+ZqoX3BGPI9Ruqbj051Ewsyxc207Ne0EJ6k0
l9TBPRZpSM1Wky9J+uNaKSYVI65MlLxTU7Kh2uC9Ijs LD+wq4I8s/Fc6znNE6WRMba0u1BU5Mi6VKcyBk6xTZo
-> ssh-ed25519 WiIaQQ J3tqbCwliMu7Hp/diV45LB0z2EWpLAwivGxxNQm1O28 -> ssh-ed25519 WiIaQQ KmHrRHx9vaSMaHUWcMZKRApR9KWntU07umf1mZekRQk
O7EDQl7x7htiIyVOQfSWHQbIxVWEnDJ/rOwE7Jey6go /wumFHGj1am02zQ4g4EaEEk2sCoWTkjSARTIUnPnFD8
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
BE/OvVUprp821b/gLSDol0R0P65wwtYHKulHt2Y1Ik02w/A/GCJbVX1hAbxkhRnR GBUmtcnkZ4tlQbsWArXcBEX+p7RAwFUeZ7QOteJ61/lDaKYOcYZPC298AI4eE5cE
5em/iKrbG5J3kabFgV/2VLB21yzcrdip0Cvzbgn0HsZ7I0PS80W+Nz054cdH6QV/ jejlIO1Jh72eQCQ+ZniAdPO8caUWOXyAfXsk8Et8RCaodK0pt14JB/Ez+qHpZR2j
A+iveZxwS0x5VWI1//mmPp6YGeEOw89r/KyIZ7As8gTmVzQoVEeaqUsP9A2/+VuG V9LC3xrlvWbyY21pnokQudSsu966Kmh27gAd1vyw+rAFpYSLhY6cL3oyiYNtZ0Nf
J6gbE6vCb5jxJ7OrLZbtBjfJhac3g7KHfy9QcLNRDSR+r0YVYOElUSyYdz3DUbJp AgsGrCIJhWOKA7+PJPSxbPPosqB9nteRRxl7Hi3XIhu7oE0YCqVVihA908vdaq7G
vCkNdm2s00wzAobyK5KLx4k9UB+1kJRPjP52Uxt4A+pEjIviH1vTnHzQb+vL4LuR pOIubfd6S7Aptj7xiXb/8oojhsglgISPyFHIPOZaIVXVtNqFxXhjFiJjdZuZ4gRS
qR6spF4vXHj14eGva51+8bxuUBj3kx9zS4XFTLug9B9xe8XgiPJDq109/fzCLkyr hmaxAXd8UblKzYWIKDUnAwdn5tdixC+GrqdNit2s946Di7s5oe7BptP707XQK0WA
CZwmvAIUbghLzVw5ub4It+79GKxYXH9GjkWmVQX1J1a6ls7Fvy8pW90Fh2N5M+wk HXJuc/h3+8JAkQsPW0B9+XbeNtRAh9Uqcq3tadGqjwfgLKepebOoG3K0F3+simcr
FTQru+OuwfllWUZaUWpE1mUzu65CZ84Kfg5slm3oY/y8E6UEmHiwdpCD1Y7mxGwl bS3fgd1R92v8KyyXpKvgbilJQ2GBoxEqHTeMzqksp/6t/3s64tLEnrRhqcxyYz7P
hlQAhOzXyiNDHtWdvRaA66if7+heTvkEoKD5/owUJ0tJTMyvZgah0r2OGbKWluTv fDs0IgezPFQ6ZKU2KMnheRiQrRD//9JINPnj+0PPL5PggyaDh4PwA67INrHwANl6
+w6DMlKQFtnnW437t3QZFEWmz6r8UV53CzVIjcOv6Nd8za20RKofmOCeyVJ5GRNk Rgh8QNBvom3E8gdYuBuCM75PewMZF9mSksLDYrYz9M9LB4YIvBxHKiW6PhugtTwM
weL94rH3Mv5YKh3/mJGj4fsYgka3uRO+rV6G7fNZcfQ fd3uSuaTfTEFgPtEuJUsQk3Q8+lZQpY4BtEDP27NqFI
-> piv-p256 grR75w AnCspIRjswTZ8aEXA15AQiJDKmUiHQhvKg4Rhfre3kCu -> piv-p256 grR75w A2dfNFLZpwdWZ4PkmeHpUdalrhHYehriPn23TC8V3mSW
Prp1jHRXIdTXapLZgjWwjy091uc37kCIvGstSOxmNbI N8IfOhaZdWspJ2GCJ8de0Yhe3Jv1BBA8Ep+Tpp/IFyk
-> piv-p256 RQguQQ AxfKlFTYgyFzB7sxct0s3/QcoVs1AFwSysZTTBhJjwZz -> piv-p256 RQguQQ As/Vu7wq9Y3gW8gJfxyi2b31e3A2ZswBPZ3KfShjDR5T
GYuHnz8yk5TsY/y2oibHnkFh+Ah956ZiSKXzbT5Fu+A sE4kxCyTMm2fEvs/I3KpDt61S2vFv89/MgALO3RVsuQ
--- ++NTK2N0Od5wJsDHGXUg5AbVPNRl2siwehTeRHNMkec --- GnBuK/AhHklZlnoQXH6HGNZa/rqLWAOKpvbFK3IQnmU
T„ÇrIŤŘ“b4 €tş!5d©C«/w[mA/ýŐÇ\] ŁN!„~岆Ž˘Ż‚ŔrĆÖiéßm`ůŇYéÚ ťŰ¦«ĐoîHňnZâ'(ĽśKJ<4B>~0šôG9ľ Ümp9/ýÜŽ™µ·XŠ“'HnÉd´Òvdý ÅA[W8A;ê2¦uªqQT`,%]ï~íu<C3AD>¼.5<EFBFBD>Ía= Ž‡FÛÐnrc3ÿ&ô³!h·$ÔýJ2,iß'5îIJ™

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

40
secrets/services/gitea/homerunner-token.age
View File

@ -1,23 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 1fxDZw HPqtOnCf0xv43GQmB6iSSLGK6r/5pCFFZJC37ioMIw0 -> ssh-ed25519 1fxDZw hh8ehz1Ku8o+RLbbQU0S9wpdanqZTujlpv56EZkFMyY
VjvteDjUqqkBas9FzZKxlA1y5/TwIB44I7yNH3KBDYA 380XaylUBWlLEFh1DIi5C1wefShsQu7DjLQmsobh7eQ
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Xx8tuS0ClpvIEn/diIhCInLuiNym22i0SQZCkFCz5V0FKNM0L9hzlqU2A2wLemgz bXqph/p3KcAE6lwE2VHUO2evE1K8gpLUyQdvOCKJGcmxkwlSemgP1bAtpKIBrAh+
iy1So0jNJWGt9ylUCyPI9ucyLUgoXFXiQjaMkI85yj+xuUDHkmereRMW3AQD+2LL 9BAIoQf+vt/Pdu11cB3y+egICZDxAj/LG7uzjTSETniItCgKTqTbFOV2yXezLvD1
+NHsmQQchtmQg/gCZY0MS7gq++ULDwlakAkwMP0U6T19i299eBSBL4Zoj00rKNlx NyroReGDFD6wofXUt2+1Y4yoMeW85DC6PDDd9Que2QJHPVfVaR1EtyWXEmkS/W+2
KLe0jbNlIe1uhVLYRfyz3S0I9z8gWDSQ8soFoqrJwKVHsO7wmH/3a0dCEWSHRRVm yhGxnfIXBSrO465zdlTOBJS0uA6LPi2smEsetHfu/5FrV7AAlb0iIP6ZUcZGpaG3
MRfU/Oy7A8U+iD37z9DxSN2O6hKRLMDu/NyTXUV95ImYwOcA7ya4nShwpB7vZLop n9y1t696zCNGPMGOYeDwlyHefaBkweUM+r2lYoyTsk+PqY5+g9Ap3ZkMqVxyV479
Vu/BtX5HZ7JvBK3kApyR+Da5LYsBhqrDmqXqtykjn8TM0WG65jLKp5XolEcGEfUe IExBTTdCNJouiByR1/o/0L6I8hAdEDyGad9H+PmH8gwtCKRmz4B+on5ljQ9/gwHz
KrqVMhVm+d2AijpRvsbOv13B7UmZkxBP9+6/o7uujv9nV5uSoGwv9tZn9ubeZyXo 4dU7+zFYU0N8TSzImWmsU+Pomd8aItJlWIE38OZ+yq3/wYWuDVmfrlNklu5N3cb0
U7q3MaURqbgv6YV+h/aJ1X0URmPMyjUgkCLI3HbKJV+ZQH1jbNsn0aiVU0d0MXBb GSQPk97tkpxC7oAt2n7TlwYtrlElvKFTNFt2FHQQzLRK9v2cH5aJAASaLk//MXo3
cE1NIZdfrQ/+Mp14KuiKoY/ycrJPQkg+Au8LANSk/pzH/lvGO1EP50eBRz4hIqEg pqmRx2KFDO0f4UMyLWh3dpvu942PLaZN14/fX0u24KmCGUjTa/0KGUeroEF9QXN/
RaNII+fQosyr10HPvlgMfEZQnDoG6H+Tvhgt4S6Ex9lyjKASnx/SQyRwhd9SPgDb xyWuMddf/Fk0ENIDRI/ScU2b2kB2anmYJ8u0jFjMkubZTNs7BJpQGoRnNeRHYVEp
bArbSq4lJ59rqw7TX2IrkjDgvv/FMqdcxjW+kIOTWDQ nK/0GwemAe2b9j3WcNEA3w+qliFSxAIVQK/DlmImHPk
-> piv-p256 grR75w A1d8pk5Qfx1xq9vApCkKKj6gx1elqSYxLezwoChk3k7Z -> piv-p256 grR75w A8m/M9FxN5IPc3jZz9HZEMdN+lqQWKk7wECowIBIJypr
AeYO+rslswXdRJK/pwe9m3CNHIKsrRkt1lamyysDNQk VS76coMWzq3V5fVK7Mi9EJM/aREGkuT5BOc2KRrt+XM
-> piv-p256 RQguQQ AukcSmMTNQQZdr5zDOjMTnsOFZp5H5D5ohuVdIQUpUYM -> piv-p256 RQguQQ AyqzzNEcRsKvojUVTIHSdXd2suP5clAVJN3rZQ5uO8Zh
aJqrWcaXdpfS2vakEu5vi/AMHnoUUrUpm0bRRcCxiE8 n7sGAAhLHjeMA95/NRaaE90SLKn3jMduKwL+DnG1Su4
--- fNTWHdKIXpbJsZo2WnMAPXTNMtr0hKkgivCIi1qiQps --- Hy7Q73oX1zTn/cO5LDZ4L88cqYN9pm25UtPWgE8Oc5k
XƒŽR0jÙebMB7v6“‚Ȧ~ 몀“8<= ~<7E>Ís<> <11>Oòݤ ¼¸€ü°‘æ¼ÌÊÿ†.r§yy-ü¶_®Ì$ù‘ ÿ¹3d*ÐËÐó­ÒKv²Â`YŸKËÚœVá“­^©æ²º-
2iŸ¾Š2ìJð]L×íp
}aÉ+»1ÿTy™ ]»T<C2BB>þgÌè¡Çó3¢¢¼³"«iÊ

42
secrets/services/gitea/mailerPassword.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ Qx3NuIC3HnyhLAPB6NGLlO8073iIEXQ3VpVDvsPsLVk -> ssh-ed25519 neExcQ 23q0cea4QGcuckAJyGJ0s3DJ7Lp6vakxFYdXszDEShs
9Cz7AXaP/EorKrdLxMfaWJJsCIv5u6upJIaNbLiDleA 0GCmRPOWvOnDdY1yyoGy/dvZDgloBz1ILqww5/Riaqk
-> ssh-ed25519 WiIaQQ AS+i8m6vO83lj5vZ1lr+FiM1SO1v7BU6OWertpdTXSU -> ssh-ed25519 WiIaQQ yVMIknaxSccjm0+OhvBZU4VPR5pAWN8l6WFWt1KlSXQ
LIitIW7F/8idoKvgHmirFp1V9RlObyqOueDVIdBdRM0 G7ZaB4v/x3lB90eG/qlzIasgTdxOl9LNEAfKfkyp3/w
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
FdINMHPfPVgkQk0A5g6uDRQmZxI0h74QkJSdYUtHRfbqBP0R3f4TrqbtO4n6E7pR Gz/gQCuoTNR92KpaW+5maMWbA/Fu/vVLVrLvVfHB/Q+qE7yxCNoIUVf+Nwkqll0N
5NYLkqyZND7ApC10hoQ2UJF22Ja06ZvWhhM7Zsl0X3u/58NhgXsXWy92I2sniBa4 SIKoDkq5OamxoezagvO9EVA0jyPpAdTP1oljiLjsX54OXLhT1Z25N+hC7lEe9MFj
DF6T3AD4bQOF4Px2A/+lnA++NIWHdroqghojWOAZazvLFaFa6HtIdrTiMb2bojuU QrPLXa3WoPJTPzoho2F+/bjGtUui4Dx/rFp950oUQXXYdAQBHn4HlLPTSkT/Gllb
qxepekbRwJBEm9/5bKHZlEmwx3rJsYxrNKEkxPrBvNdPbnwgxrvhOXxeQJghyGGw e+nOtElJs9xK9y5lN9LuDXMKO2SBDHsqDzlrua7FCZZxV6BuyXqQtcJV7NAEWzST
vnCRHKDbqvRIWfkmftRjNQMHUSMitDJHUOPsG9z5KBr4M7n7B1bV5ozsLsVyUUmE fnTBx8g9mbRclcD5KhoPjmS80dNuYYGUa5aWLFkK3ZreMpETWKTaUr5Jmh9HhPod
6vBvrOPz9+RiE9H61PlAvPFMmKBTQgRf8+mjbU0RGxScqLcUoHCud2x3O+WqlLoP ShXGCDuf2VlJw3ZerY2Afot3hrZG4+ZnY4gMqRrLaQt8IzmiMmeXtrj4xoI1wRDR
TMQtye8ayRPgG3PbwP4pO3olcA9ANEdd2Jfo+HG4izbJxdCTbOMfEFTJIEfyGMIo sVCXMloWuHRqsDXX20kP70xJYTpdD7At1TeZBw2TAVfisr3SsuqBm59yx+fS71Uh
lo0Hh0EIijFAVfyAH6G/Rv1KggpINr8fTxbWz8i1PXTqzBsjfrqbHWWRrE/VJSYI xPOwuFvZ5BRaE6hb7oo0zUJjNFCqrPkRoS7SijkhHp/9MYnUyQA7d4E+kYtYqfqp
x9bjSHeWCOs+IlZ2YEB8dshJe5smrTnKpFYrj3kvLHOiC1jKUJdDZooQex4nkXpW JSLWTrmbiXp29F56N7emB3ppwKMpTqS6/1BLy2GeztNnEQuJyu6aK0Lviw6q7Cp6
mMKIOb/VF6/QM3NkmJKLdnMJenIKL1Vqbrv/Lqu1/FaINqRsIGTXCsQs+JjxrcfX 8vPSvtWT+itrQ1SS9IR1IHnoNHTEyYzLzxuqpYVIeOLDfcTasnzae7Q99xVDsaAB
zxpzs7Bk2eV/BaiJxJ7Cjfx1gO37GpL0kzCMuN1xnWs A3G4O2xDkhQwqynXRWeWnVJYKqckJucV3aL7LisgSEU
-> piv-p256 grR75w Azu36XfRZ2Evj79zCs8RA5lwbMe2Je0oBI5JM+3MC/cO -> piv-p256 grR75w AxDL4kLN0PD2FiB89JD9F0CLHFhV9QzpdOIxnKE0/Esa
p8nO/p2M3pvEevZLLItNDSz64Ju8yBA2GPBnTWMN25I mNQN7lyWhcod+UjaBQqw4n7CcNcNjpO0whbEERIrebQ
-> piv-p256 RQguQQ Av9ILPK7bsPNqgudLMq88MNSWrB+xrBVfxX3bjVCquvj -> piv-p256 RQguQQ AzxUAebSDk66RwVBAMThJT8pBu3TpS5AaoGew3GbtfD9
0iwRR9htchLUk88RRooXsP0H39FfybCPMQC8AMxgu/0 WEgpjyadiul2G0dTusUsINNqZTAxYm3NCPZeOpBaw1A
--- puq9s7iYi1A0v+7Qhsqo05Yfxtg5kHJK66RM1TDLtNM --- p9jCZfnH8gEsLrgJnZnIcijG1YHBTQArzWCDE7JfYTc
‡![˘Ąëu_Ď(*­0źĹ´8«°ęŠű"úÄFsnď"TęĽ-„<>˝ş˙žÇwťw' Îü˘4ľ„«sd_­! 4ÁÝʼñJì'?Åvnî ¹½¾“ú¢ŒBêÓ' !e(÷±©†üØ©I•Áߢo°šÑôû2H6ºú

40
secrets/services/gitea/serverrunner-token.age
View File

@ -1,23 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 0qfOZA UTOzjwhqcVLmpf3P/nzO3aGKzKH0YKq04sUbFvMa/FE -> ssh-ed25519 0qfOZA iyct51e862F5HcUHrV6HJfocfqWvyu5dcCG9vchvlzk
a2MMcZXucDEXmy/uU7JapMsboImCGsUiPA2Pr/wB5yQ 1GbQPF2QRdXA1/XlsovvS6RDvXGeUykYuBf1o9md9NU
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
Nr2g/ocV0oTbZydmcRnESyI4VOJdMGafozm80EMarbQfmeeRCfi76jxct/gpnL00 V2ezCm2vmn6TYu25I4FDrXtQoMQSWobixzKO1z2HgD/fU5tk6XOwD5Ha/Q1MqTZf
P/2d/3pfvqbpuGZRg+Q/BCY0Vm2AujJ1P2UTxpnzC42iZu7qKWd5EY4z0Hok53kg JgNrMCChh6xWrcd/dDBjuCRNQlcvWH7DFqu1AH2dg6AvRnEBFJKg5agFjYnQQz4d
McPh+pgNhugLr4Yh2KHpT27FfJpD/Pmjajg7G78Q9P5uel6SKXIW4uFO4Lp2yLC/ cLGXAMSRRIIZg55yeMwawm6co7f3/8nw6DEWOtaB+WnXek44cdHGXIDn7jVY10IJ
vC52XMqxLrR9moCTr72dQPzd0IIhQ2vN9EtZkBnxUW6zt3ILAYJ06VLAGvVwXIWl 4PwykvCIhZsmBW/f38OH6qvdAdAXJMJqDTyAzSjXH+fVFy8pYuFpALJzOXnk6OFB
0Wjs3G5g5v+H2e+Em5vIy1hdub/3orEL4racHO0m0binK/IVRJY7sjZDVDrrerFS EMwFnFgt+Du4VybJEsxg93xFNh6CGga/7scjfdulWmakHSKh/LYVowsjPKlV7LIO
SqPORQ3a7jmuHFeHxwAlRcmh/O1gEgAnCZTZRfQzgXI+nfPEzuL0yENd/ksUPBdm L+06RHFiBCsi6dxRMUEztwzXWhvHNL1DUix5BJv1v+vCS4DGAiQ+nqntg6sBZgyD
q2zQSv1rrj/tLMtxk4vpG8FkPp5UctaYignvHAp95xC+TR14aDUdT4x4MGboHIxu A1yR2JblEWND/TeGC7fFI+lPH27608QgNeOqQrHKm5Sk9j4b4ClNhxEQRTquMxM5
l6Q3evVJzblwIl3JbzpP3yOA2k25Y1KI+nVDrTqAdi+Yy4jtIOA+XancIHrpLzAO PAgNpdwyXP2mKi/XeN2v4GnJ9OBUEj3yzZ1YNwOCajI1t9IPChPc2eR9O8AjUT5v
21JO1wwGtAsjUDCdhnYSyMcOiRLRHzPoK7o/BGx6b1Uqk2WmWhZnZft9MHPp2RtX C1isvdmcqegtqP7P0SM7xqx/gxUA7QQx7kRr+QALbECbsSzrSycXowp9OvsewQ/3
Gv3PBMVjz2CO+f3d8B4akPSApgQ9fw1Vje5fY0CDWdORV7tHDCKb6fmTua2d73Iz 6ZfSAsXTu+voXEv5E59NpUUhIIcEq6BByBbcdBKt0G1FLmIaL8PG2Lwk3/EAaUY6
ANrKYonqWhjf3F9u7zzM8/xd593AH/Y+aJo+z0S+Z6I Wx4ieA0ZXK5btRAr947ZM71o5Zag3OBnZ1MKxDCAq2c
-> piv-p256 grR75w Ap4du3RBcNdRvbwjQTpP5PPXtNCRuoQePt6ULYEpNM1r -> piv-p256 grR75w A9ZmUbec4JRZGWMjnqBTQGCf6GimNyNDmllWB4uBHJFq
4Qe4c6j7df/TajuxM5Q1qnC/TCBNNI5K9WCDqD4VM1M mN/spixDcTc6UZSLe4vc879uOUxOw9Qh9VDRK2YrTGM
-> piv-p256 RQguQQ AoR+aGTAQ6VELef54cGpukkWjeKz37tDbW93ncGWFsrI -> piv-p256 RQguQQ Ap+H8uhWf+iaeyTIBziLgulUiF0wYOPFizC17xhzWtxj
KbF1N14PYEQ28a/MePeq7hW9LAgUaNriFo6UO0eBvt4 lbgpzytkMbtmlRT67GhwBBMzbTCD8M/1vuobnUhUNlM
--- F8GiyUf87+vhg22ldWuC2j5K8WGAK3y5lRDG6yrzBPQ --- NQ1zWWCImu0ugkcWJW645DMva4rngFMNDagT74Yku6Q
að$ß-“¼|h.cr38ÓÉÁéPwú3üÝNhà„†B¬j !z^<5E>² bÄ8cªâ½ms­ç¤ ÜU•U?É×Q}<7D>Þe.+õ³Þ„3kÏa?9ù<39>\¡;C¬é_ öÌ)•önᜭ38>ôóC®{tv»1ÆåÓˆàLUq#b+c}
\Ü3û»ÐÕfòx3|ùNeÍ
=:³

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/signal-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/matrix/telegram-registration.age
View File

Binary file not shown.

BIN
secrets/services/matrix/whatsapp-registration.age
View File

Binary file not shown.

42
secrets/services/nextcloud/adminpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 8cKmhu5xTxTuvVbBhVZM2W2qzRQRVX9BSojcK6YgCys -> ssh-ed25519 neExcQ slNwdPIgpsABv0SgU39pUoudBMs7UAsCbdE3aDxCNh0
kwfUlvEPLVbaq/rjQAu4s2NhGbxFfdEeLyU1eUH2gF0 /HXJ6yQkBPp6bFY8B72f9gpQpele3wFmwZsMaFBE8uk
-> ssh-ed25519 WiIaQQ TvRNnifxg4OPDvwvuUIdJgwrpj8KegqfjVEB/in9UEw -> ssh-ed25519 WiIaQQ OUv7lcCQDvJo7fpchdQRwIbXQ4nG16gWgJWMSdSMMxM
U0iqVaHbZS/SvCH4UAzjJQ9nPiHv779v6s5PwjTxf5k rD2lYHGo4CQjJOqpD/n9pgPjsbIvGRNFiuWO0QFtyOE
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QZHM+/KssZmfX436QJGBGbhlx36oxCg4jgdbRwa/acI2s6ppawdnFzyWZBhv/Xzk QgN54J0Py+EdO2LAup0PI3f1lDsuJHrxMCLt5+dfnCjSmPrWtGxOGf9Nw6SQWg0p
wYcT9c2ciuy/aEx6uX7fSAiKQbfq0d9KEp+d2xwlpL02656hJ3Jya3U4RApvEFeC 3TQ5Rew0jhedXJ/h/c0c95h9OYsnEjYqz14CRYAohngaSbFWiaLFrklg7hGcvTvb
lNjyWgLKuyxYeC20f3/NMg2AnickMicbw4WCzG+HWnVCnxDe2JW+ZbXPsoBg9IbW 9+MB0c+HtHoNtYVKYdgmzPXMPYBx/99Lc8Q24xvfSlGlGhl72S2CTu8us0daAZ1z
BO05nRKB0jonuA5NDvHZ+a/1xf/4qarj9vmwnsoK7jU6TGK2r+iPHuppC/LTgofm TnMLXZ9TKw/QtSS3+Wa5j6jrLyPD0M0biCBdRPR+4ho/t0AR/qQfXmCGZOf0kfe/
2kXKDP/gpRpIblHr2QukoGeWmXPGeF5PXXCPC5eor1jAhwrBTBY1hL29mhb6mK5M XtBRs/QQT+HAHOUo9wPR332yuUxu03jHpPrlhuP88ydcAjUccYvEndAnRyOv9sea
qvX5wvayHgIHvX73fn2oexepc3QXjazCKSdVSykj/s0N0//0fbtYJe8qIbgfeNen RuM8e0GDYRwpRNjPbAorG6PG+oJx7/t6z1OkVxRpRJQHTWJ6ntnMAd6ZhGNgRp8F
Lvn9DgsDvQfC83Iikh3r3V4RtmHiD12gA3qxc3tZSQLftbedTbylGnMmCZr2c9w0 xIiXzPwGTEnyiRFOSTzxwX8XP25c9ft2Bpx2uYxUgS7af51NWZIorqJmWgQN49oJ
4396ZfUfjXk2Px/XCiy6WBghW62QQ4Q6fGYWBViL1OWCoudNNRCfD72E3jdfj2l2 5DA8uBan3qQkr0jJzFwVKYYt4roIYEtrnH/snl5uNbpIhPfTy5/rg+Xrf0aRunpP
cScM+huEDU58dxpHM/6yLT+97Tta7JDpgz2ueMUfKFCUnopKNKBPoaZfFzvi+nCw U9bpuJtBVgIAUXk5zLxhnMh43o2YYxCHN0cArU1wNLHcdaKogPGpT1sLCckwZ/3L
vRHVdt5CpN4oJc+mokWCGNt4fK5nyvyO6nDe9cHel91sfS2nCiukf8IKmEDlZQGd O/hxutVOmkJyNOAp9k0jV6zedWjhru/4v4Imov6BxDyLf3Hz2vnvwogYVgyl3TIr
jEMLZjAkuEHwa8Powxi14egunANQPgLSM5EuStDmhlU Ir98D/CIp3i74VsUvVrZmo7joZcDhnAXlLPsb51I6qM
-> piv-p256 grR75w A2nunTE+4FmZOKWQhinSlizVprH0lX81NKsVEDijzDQK -> piv-p256 grR75w Ax4mmj6z8SvPKdHRz7H8O/he2R4f4tql+NXSMTvr9rZ4
8+Rdpp1JCxbbxeTVl0WGpQHDlqb5e22zLbBkwBPDYkc EPyI4xcY1Nt/zZ/+XXVhUAt+aq3qEEk+kuuA1PbOPI4
-> piv-p256 RQguQQ Ar8nU9oNd+TEfTsdIM4ka/J4IArbeQKfn2W93TYOkajJ -> piv-p256 RQguQQ A6ST+jiJS1R0QV1lw+IlMYnxXnTOLxyDfxpQZ/AWCKHB
5YnDAocS0lDBrO/M6sNWyn/Vxa1qLiudf2Via9UOUW4 henkAsW+enG7nY5Y7egcw6RezC0gdakjZGwH+KP6idA
--- yDdPOHLA10Rxzl+kEyCUx/lmLZaVWucWY1Sj9rdo4hU --- Dlhmc48gY+BCXUhKQDRnlprdONlHDQ4tZf8BmZPsFKo
Bÿ—ó s”dGÈÿ´m`ÄÎ),NU@þ ˆ³a˜Pv(½®rMôû Ë ¼ú~ã]Äèzø‡O†ßífg*ëûB«v²€+iL¢!Ô

42
secrets/services/nextcloud/dbpassFile.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ VfWt68buOl2UetDKcQWuWRSOeJi4HhQxiZVI4lIfcUU -> ssh-ed25519 neExcQ x2yzu3clDgMKxl/uIVR9SYHPEcxJxQIEr12irpOQEjE
GTWI83cLyP2Kjd6twRpaWpBq+U/BYcfDJeljQ1CZ1bw pnIlEK0y+8WuBrMv89pHk79ogHUaeEf/hamaF6U4SNw
-> ssh-ed25519 WiIaQQ nqwbWtevakrHk3sODtw7l40klSb4cIyi4uSsnpcS8QI -> ssh-ed25519 WiIaQQ KMjVolPcPvqAF2Thgjw9taDsEoBjHjR7+VnfoGkczV0
PxfriZ8CdPhPTNtjQL3lsyjfjkpBsnmJc0TRNM1pyHM ++VgMR0dZKqyyFv72qVa8j3zq6KPWWOFqdyJpmZZNCU
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QRSdhHdAcGlw2c1hxGNmtAp5tPcjQ7CI+v9JkOyOH9W9KF3uOfshrpkz/psFPd+s DXcSjBKsmYiWrC1JVaisJRe1lafR/rBcTT0EgD73SXouBqRk11XNiW8DfR1pvy9z
6eqQDAwEAgla4pO6FHj/H2PK9KDHY3j2e8BZyvJ8ZsefUsSAYJ92hcD3fdISL+kc ZL4veUFu4QJjVyPZLOGy5naPD1Qw9FYCArkjmv336QU6DcpZk8LaOAZkmgpqncdX
+FMx4Dlm9LSeGGqElbPotyU69t2O/WLF01HqLDVgHrlyTzWvQMhvATA5Yzcj1Izb g9nDp2HeZH7TUtUiYD14x66AQD12bTTjfWKzn7yGzJ+gx+iBTemlPI3pu+xcQ4CX
0AlA7IOE174E448/Ovo5a2T+DF0w2vLEPruH90Kvs2lui+i8yC3StgBwB6flmSfc clTB6xvlPtuF+U9kJwomei9XIWgc/acAcIoYOvvdyjAcUYFuFvuojdzo0hwkxFGu
dSR5qO0XCZ8gK/kkdsz2iZonsBCbEugQayN+EoE8vop6YlPW36EtO8IJnVnKmVEX jlp0FFaigsffVTsO0mp20uiOseMHm1ZGIji2gGOGQBOESKgMn5E9cLibEjigg4hy
vy/Rj3dubm5Wsp2hAyeXSXx3ity5fdSJ3TVY7TiPLPlt1yik3Wggtv0DlgZK0AML hJ6qn9DjNyi45QjGqkOKWJ+nzvKrzz++3sWwJJXuj+Ol+0n0t+RgT/LuSHkyskQT
x1OJbrZRrzDZKYzxXw69+lOiV5XfVUfk9PXC+IAj3xf/dEz93b6Pief+PbOQg+tz B27GG07oCLk9iUVja2YQRmC46yts5lHkcZ193N1Ot9kGoK7VNQE29X80KSF2VSbW
INDWkL67/Yx6rEf41iLCsQananBV16IeM2SndRyrmT/1OCcLUR/8xqBHfOg/K0kp +uE/47HwNGTBWb7LdZWRPoOykQu2V1vhcVNO/st+s67VyWZk9vugLSN9l3mldp5X
lHL7D7/neqRh2E8KOEciHgWFqWT/tV5XpyZVvA8OiYLoVbmLG55q4pexrDfQ9OgT gvUAv0TZdhi9kwdSiz82l77VASBN3a/VN6XGOMqanaKaRsy2R9WGXxF50gUHn4/K
ZDIL94VjiBDH5BmPfxLhRZP/58EhLSDH3WziIWnv6Y2Y1bAl5qiRU4tEV0RCHqyJ iRMj+22fJPfWpYBPUIohb2yDHQGRhVoY22Rlz1JYP+xfsORCq3GSHBk56fUCfmwi
xEeLcqI5uFwDmmt881zlyAb38oQCGq/YRXhGygwwn18 H8ptQZHmgSC3dY/KigjH7VHcfrlDWctXrfl4jYgz/hQ
-> piv-p256 grR75w Ayt9mI1/BJg96jlkLVjf7xhDoklNuoFe3ZeKLYzFqDPO -> piv-p256 grR75w A6yTo6/3g7YB9D30JSCfzpIcloxhgnIFisWFexpfITfN
S3vFS+S4ZVC2O00P5u5GKaLtbabBPUCuuFNFFxcmmUw 0nN62XqpQEsMhNnDhYNkXwTanQaaUvSAJZbvTRXxXvo
-> piv-p256 RQguQQ AqsDGN35gXkyWaKSRVATyt1Ap5gzLKiAx+UHwhVXdhhG -> piv-p256 RQguQQ AttfR8uPYcFBqCkF2cvi1YCMMmAbRF6oMSLr5NL5UlbN
YUqypxYBQ2RYbnMclNa8PSLV6atbVRCho4wHUCZegkU fcU5SJ7lwd9jAOwM5M5mC8/F1PW3yuRJMpNFyGQZhLU
--- Bay62OwVx/Q8Nf5MHRu7VOWzwh1LtkWbxQytL16Y5Zg --- wuqc2TNmM8N9Ibp4rR6tFKdT2G7E58cBJZ0RCf6nxEM
Én(/GZvÞÑ ç!ï¦ ¾™¡<E284A2>fs×à#…¯Âv5”K_àètûk‰ë³s7PÈÚèßÂÉk ŸÔEîöK8Œ±|gƒ KjYn‰Ø^™ßü)ý8£ïQÐÊ™§J lín 7í…,OÿX

43
secrets/services/nextcloud/onlyofficedb.age
View File

@ -1,24 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ XvGpJsiChcxBbL7c5CK2mUvdFHV5ypmx5tpWVfwuESg -> ssh-ed25519 neExcQ TvH9o4N8RCyhpFMQdT3WjKWP9MtCerGMv9ecz9Do7gc
1WI2nm5/oPtCqXD0N2WStDOh91UT7IIS4/vFwWL6UA8 pU14wjxyWBT1bywg7N2HRmohZKlgVgmCMuhnKkvjmh4
-> ssh-ed25519 WiIaQQ SLJfhzdJpYzzzqFqrR67GrAuTWFJYfX10iidobo5xxs -> ssh-ed25519 WiIaQQ nsIrxNgkZ/R+WmAaWGnAIaQi4HYOhWRySeoXPY7P7AM
KF+r/AOKKLHqSf1h5AOJd/3IZTKm442ejUnWVhk04/o 5uHCObppGzaXRmUBl5J1Ms2fglE9ZPWnsHjZRhGhUw0
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
AKdJLoXUUX82mhV84R8noG1qLnD/uvArV0gsYxJuS0hTnkZOyxV1XgqgH6UrgaUw V8SprtOmsQc9/7cyNw/fdz0KURXaxdODfH6UeYiQMdExmLwZGJbZCeJh/8ubRG+7
G6Q7aYbiNYMA4+6rhyWOnH8I5QRcCVEK5y8jtiyTEU3QaPAXVhEq1NpfzrsyHd7w Jf/kdbHcWBEPjdCBhfK8Rt6aNd+Jy+VdRW+E4D2pkW9lxY4xDf8RtoFnTvx4tEI1
CB8mfSSAG9jE1owvuuubxEqx4YKu1oH9kh37GIeKmJlz67qJGqT6BnRMMxpU46xA oB3NWQdVQMnWczwUMQ6ssJhZuvNW9LHRVUpptgsPJ9P12ueZXoGhHDc3eE3Lp4Cy
C0+c/3CURj4N4fFtxWNVpxb8v4tUYRmA1Jq/FnqqdAqFIyw466eQVglT8YDQJvHs c9Fxn2u7IzN+MDHqrLAniI+m/m1WCSWgaOQlcsyrFFPgXj+BNvpUQ8wVi9aYaArT
ufyR7Gnbk94qvXXg5G878eviQL2T+c/xEtVEyLeHs017dNq5FxeBBzEMwqAKshCh jTIot6TOFJNLT60CRlBMrg7/2rUMMrahDTx9WARVCzYLDykC9kU+sjVys0wMlx6t
OtH4AJt+U0Rzq0JTIpRH/0V1exK1PM/9DL1KBQPAlfUBb9iYwKsQo6LieXS+Qowo dkKgIWbhfqi5w3XU1YfDQ29jduamJu/+04GptNHN+PjyjGboaHMFmC2wmGV3G5VS
qMTPD3xSfOD6uzmKhXCdWKZWZT6S2hwHjeXzXjYjkhErjbwjj5c2v4UpXpwdVlNN QAO1hdST3JfeLb2wyYuP1xD6DHtkKtAfl81jpyrP8Bq/l4Nfsrb90cmdNDRww/H0
zocqPxVGCplFuiME0vLsuztiWtei2yH9ZgFKxNS/kxm8GfhyelAnAQng3r25YYwZ dZJh1hNex9hxrwj4GAWpnqXoWGqIR/5hwbQtcH2Bt345tx7DLFH7mh18xGOud2qc
nLgGP0bcADAgwgXGTFxlyY2qoM9MKgnbjhtfwImLlF+WbC+IOUwBDklSgq830MKO 1o2YT7By4/QkWA/g8tPSjr/1jZp8Ylv6Y9MkTwNWjHSFCDfHu8TPaT3Mw5kPsQkk
ZQVccNwuZoO+jivXpfGM4XApK7pUXlz/0nc8jRE7u2zXpXLqv+fLXxgTXFYlrogT dt1XMX+CaUQrBrCTooaXluiktRIXQdwG0oPzpIm6R735ijv/rwnQM7WpQ5HQQ2OD
66dmjeUBrB/kMS2IP52ZdpdO3eGY1a75H5W+DtMeAOU rMSBWi0ArmyjVMFXePsLW0d23glBaMpGZIirIm/UU28
-> piv-p256 grR75w A4Gic6auHqevWiBh3WizXvYxjX6e6JToxNBXEMM5SZxL -> piv-p256 grR75w AwR6wTkB015k3gyUmEBc9DXhz+PFiNUZ7KMA8Kqq05lY
0epbF/vqJyp3Cn4Hr3ay751J1I089Hxus1vn8jgCa8g fhxJgG8c/m50NdET7Y+9KhC8znmouVBh6n61OL+KfRE
-> piv-p256 RQguQQ A12b6QQk3G0/ksYw0D0Rfx0DKMYK5Lnfi2q2tdtMoEfr -> piv-p256 RQguQQ AiDuXGyWoNU4TkwGa6QBozFZh+3PYl8y1FHVyN1eUyz8
zqAf5KbFsPpemu2I9YaBNipQsiz2Lo3JbuxZ1gMNQl4 ieuAZyJ2CEZeCNFFXcWEf0vyI7NI94xkQDXjpzd+NLc
--- a92cT7ctHL8S0/tTCY/rkfy94THEcoaIEPL3vLrW9Z8 --- 7DUMPdjVfmKuN+3lGN7JsLHt0HoayDd6yk7li2sSRwE
ú u+ Tò®:¦MëäϵOã+tôX'§r…ï ‡£‘?èÜU "ÿÙ_K!àÇŸoÍÞB$åc®‡ðÄÀ\ˆú”˜cr5l} 4Ž(X!“UµÊa™W…¡ÿZñwJûx
àà8¡i#\àwa.,§#%¨

42
secrets/services/nextcloud/onlyofficejwt.age
View File

@ -1,23 +1,23 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 neExcQ 39vMfysEahyydxnqENrwNOZi9yWpZSIWsNQxkMFBQik -> ssh-ed25519 neExcQ heR67WtUWEMq/A6BRfIkPMcb+hzVZabpWu8uukmuBFw
bvJK5Gya20UhZ/dWKHAQZ7CPa7v/pISwB90WJejYA5k wTSODQfOvRcG33/y/dqEiJ4RNRsTYGXJtxBUQ6C+seo
-> ssh-ed25519 WiIaQQ KZ6RU6kDjHVfy5YwlmjQhH6YBVkJqrRonUl02iYA2m0 -> ssh-ed25519 WiIaQQ QshckqSrByAPJIK5pDhVvLBQ16sGLTAAAYylhtlH4lU
GGsCI2D1tN4lGpsHJph6pq9N8UYdG2mfIY3U9urTR08 1j3qPx/5yTFIxAmNjvD4gGFfp3HNUFO0jh57l+SV4kQ
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
a0oXJCsFZdtpHuZIASZUp5C96ZP1QU1I3RSpIe59hnnpGLbXZE2qntXBfQ9ojkBW G7DGz5AGsyy4qgRTvaSQNKJSsJkLayNzmhMjSVI2aXCVWZuVJy0r/IC8cmXvcbFd
bgNdxvAcWLaYAiCbe6Bo3S9+Q2svJQlEqIZ59o2H9jh+swSoLfWgi0Blo/56B0GQ ejjTf6Qh1tsFnotoR5whgrhmkG/0IcAokLSFXNyYj4NlW/CwsYEVDoEt09KmnIRA
UrltI0ftMhM20TaszHwmVhvo3yODcZpNhjAMNVkQuAov9BSQdgGRgivBnt1FfYYI X6wPqxpDAqs36rcUBQJC4jj/HIgAJwswaVgcoC9S6UBs3H/skFkjczbNM2HKoxzF
f6nqfrE5JVoemk72Ip4jQFVWylK7drEU9W2WlwOsF9zkHOJxdNWiaaHpmnsgOEzA UtUUxaXZ3UFF78/rpk5h7lYWteN1FFjeZyOKwSbtYloq5eMlAe0yHnGFo5SPuHZu
BIdVqYZTtRElqDKM3j4SdE7hL6i4fIb4QAsfX5XI09eUDQLSRGF2o3lqQ4FVx+hb QG9O7RJi9y/TnZy9G86HIpIQjZQ9dYW4r139Pb51Fxun3D3nV9eeC7y0RMS3YSAU
YE31vr6yQEObTCbrf7zmKIK5UwgQbMf8+WbCxDdxF7FqTKrg7jVhPtu+n6UsJlzv 0kK22ZjhTq7ZiiRqjM8KjyNMOLTXmzUHdKA7B7JLuYCfDyxj/wszXZuAfC+PXP+D
CXsJkKYZwyESZ5oNjCyqYkkkQP0JChl886OPFY507/Xn3gl3qj/Sh7FZyUuLZ92X 1YRUErQogn0lPCPXPclwEcYea7Cd6R+2OIpd2TQ5ROIV2FXrpA4EY7Up6ICk7eZf
aTHCJ5AHGwQKFnVO1YLXWDcn0F3NIq90YHJ1NsxNvNXZJmcCyBTMtDJGq3q/6Xqz HoFqbDLD98JjLCMGyEjfG6/UHckBjAeQSR+7k1f/L+NO3IWfH5ud7TWzJNrlqDWJ
qXpVoT/9XHHStrKYvi2lut/PFMC6nciixmiNaVbE5Aok5eNhG8wUTsUVRIr8+O/i Y6zvtQ31kkZNfQNgPHL9l/c7/1IWQFtcJ3fzDwE/hd+93OA5RoYutZw7lG3q6EGk
07aQBeg7RJ7lW6oQ4/kdfufQbQHuQNchQzkdvQf3azXCXBTJ/+Z6uQuVg32MVsjq wPH6pZt+O7/7CtWJz9J4YvT6zE1DYmEobHYRrKzo7II9mdlWSIsu9KjFFt4qdsDN
fRO2BtrWjsAVThpeVAdfQb2b43wmL9HBhivqYaBK1gI HtVQJwFwiL9YPw8y7Z1Aalmo/0zTdwosjzBzl0eU9vQ
-> piv-p256 grR75w A9sg2H7x+75AK9ErkbqMkC06KEDy2Q34seCXCGUguz6H -> piv-p256 grR75w A3alWLHjgQN2quTfwIXc5xN+5jZowaN2Jkuf666CZt5P
1TchlkXOzymAT+eDr4bpwugeLQ7gAKRvdYC2xcd9DL8 gz0a64iDAI5Y3gpjra2zUIAqGgNh2IJQU4u10TxfOIU
-> piv-p256 RQguQQ A364N/An/SMqBAp0yrLB0/osdlmz/MgZFG4RB6Os2fLX -> piv-p256 RQguQQ AoJJolmpdp0pEYduyAT5YHiLu3a5yELTvHCb2B1gK+RW
V4qtGLbpJrTTFWCfTMcWpuVUiLflDdxXkMqPOtG1R/k /HF293f3uch4lwcHvc0U86BpkUdrDot5GWy6XmSEfnY
--- O4Xqa0RavBa09l9txN/oIQjAeZIYsur2UsxaSRmhAdE --- i0ABQSL1xJRh+baGUX/gfuvwM45jfHK7OP9uKReNwX4
«à´<>`˜Ñò°DkÚÊ/9¤ÊÀo Qz#fINª¶J<C2B6>ú3•KoÚµ@§>·Zzê²Ip•ÃÚhäû aÖ°gÓÌï>Ä莠Å&<26>ñ”{4¤/˜œ#¨Öœq¾Öãƒ"Ð8RÇmÐÍÀ¬œ{¦$; ¢6#øÂû

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/vaultwarden/environment.age Normal file
View File

Binary file not shown.

18
systemSettings.nix Normal file
View File

@ -0,0 +1,18 @@
# options for systemsettings
{ pkgs, lib, config, ... }:
{
options = {
systemSettings.enable = lib.mkEnableOption "enables standard systemsettings";
};
config = lib.mkIf config.systemSettings.enable {
system = lib.mkDefault "x86_64-linux";
profile = lib.mkDefault "personal";
timezone = "Europe/Berlin";
locale = "en_US.UTF-8";
bootMode = lib.mkDefault "uefi";
bootMountPath = "/boot";
};
}