felixalb/nixos-config
felixalb
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: felixalb:024e67f6cfd0fabdccac1dfcc15cc396946e1990
Branches Tags
felixalb:main
...
compare: felixalb:f80d75db7a8c26f9bf2d127eaf0f1e4b967389c8
Branches Tags
felixalb:main

75 Commits
024e67f6cf ... f80d75db7a

Author SHA1 Message Date
Felix Albrigtsen f80d75db7a worf: add prismlauncher 2024-01-05 13:42:12 +01:00
Felix Albrigtsen 582f336b79 nextcloud: move out of container 2024-01-03 18:34:33 +01:00
Felix Albrigtsen e465dc9970 nextcloud: fix reverse proxy 2024-01-03 03:05:47 +01:00
Felix Albrigtsen 118c4a15c3 voyager: add nextcloud 2024-01-03 02:35:57 +01:00
Felix Albrigtsen 72f404dba1 voyager: move snappymail 2024-01-02 21:43:04 +01:00
Felix Albrigtsen deeb9d6d9d defiant: More minecraft 2024-01-02 17:10:38 +01:00
Felix Albrigtsen c5071291c2 defiant: replace minecraft server 2023-12-29 23:44:37 +01:00
Felix Albrigtsen f1e913ed04 Update flake, add minecraft 2023-12-29 15:56:47 +01:00
Felix Albrigtsen 1517723254 worf: add nvim-emmet 2023-12-28 23:38:24 +01:00
Felix Albrigtsen e3bf9306c4 neovim: add peristant undo file 2023-12-28 16:23:44 +01:00
Felix Albrigtsen c755f46162 edison: enable flatpak 2023-12-26 16:45:25 +01:00
Felix Albrigtsen d657c42e73 edison: install steam 2023-12-25 13:31:43 +01:00
Felix Albrigtsen 6f6ff80ad8 defiant/metrics: Remove zfs exporter, fix snmp exporter 2023-12-26 15:46:41 +01:00
Felix Albrigtsen b3dccf7213 metrics: fix iptables rules 2023-12-26 12:21:30 +01:00
Felix Albrigtsen 75009c127f voyager: cleanup secrets 2023-12-26 11:48:13 +01:00
Felix Albrigtsen a0efb86dd9 Move metrics,gitea,vaultwarden from voyager to defiant 2023-12-26 11:45:12 +01:00
Felix Albrigtsen f20c42d899 Update DNS, add wackattack proxy 2023-12-25 02:08:15 +01:00
Felix Albrigtsen cd8f480282 Move more services to defiant. Remove sarek. 2023-12-25 01:37:05 +01:00
Felix Albrigtsen e679fe079c update readme 2023-12-25 00:10:00 +01:00
Felix Albrigtsen 9643dddc45 defiant: Configure matrix-synapse. Remove janeway. 2023-12-25 00:06:26 +01:00
Felix Albrigtsen 0b133701a6 defiant: add hardware config 2023-12-24 17:40:47 +01:00
Felix Albrigtsen b16d768b01 Initialize defiant 2023-12-24 17:14:10 +01:00
Felix Albrigtsen 4891bd7537 voyager: add home-manager 2023-12-18 23:52:17 +01:00
Felix Albrigtsen 7c2d7a434b voyager: Upgrade to nixos-23.11 2023-12-18 23:38:15 +01:00
Felix Albrigtsen 16cc6ee085 janeway: move postgres abckup 2023-12-18 22:29:55 +01:00
Felix Albrigtsen 99f3a415b4 worf: update to nixos-23.11 2023-12-17 01:05:34 +01:00
Felix Albrigtsen cb2d4c5db2 Flake -> 23.05. Patch/update sarek 2023-12-16 17:38:22 +01:00
Felix Albrigtsen 2545ec2f36 sarek: remove jupyter 2023-12-16 16:45:59 +01:00
Felix Albrigtsen d029fcabf5 voyager: various cleanups 2023-12-18 23:17:57 +01:00
Felix Albrigtsen df220efff3 Worf: various updates: nvim-telescope, yabai, sketchybar, builders 2023-12-07 10:22:35 +01:00
Felix Albrigtsen 57062782a0 voyager: add time machine, cleanup 2023-11-16 15:54:54 +01:00
Felix Albrigtsen 8838b0ecf7 worf: Add yabai/skhd. Add sarek as builder 2023-11-16 14:37:23 +01:00
Felix Albrigtsen 4da7b08cd4 worf: Add texlive, remove gs, ++ 2023-11-02 11:14:28 +01:00
Felix Albrigtsen 17e317b59e voyager: move addons 2023-10-15 03:51:20 +02:00
Felix Albrigtsen 475ee691e0 voyager: remove synapse 2023-10-15 03:54:17 +02:00
Felix Albrigtsen 31ff1c1c43 janeway: add/fix synapse 2023-10-15 03:50:59 +02:00
Felix Albrigtsen eef3988051 janeway: add keys 2023-10-14 01:43:51 +02:00
Felix Albrigtsen 7375fc3569 add host: janeway 2023-10-14 01:22:32 +02:00
Felix Albrigtsen 303033630c remove host: chapel 2023-10-14 00:11:53 +02:00
Felix Albrigtsen 701b671d48 worf: minor updates 2023-10-14 00:09:22 +02:00
Felix Albrigtsen 519cf5bac7 sarek: docker -> podman 2023-10-06 00:33:00 +02:00
Felix Albrigtsen f0749acfc0 hedgedoc: move from voyaer to sarek 2023-10-06 00:19:04 +02:00
Felix Albrigtsen 5fb2307cd9 voyager: remove flame. Move DNS to base.nix 2023-10-05 23:46:22 +02:00
Felix Albrigtsen efbaf1ffed sarek: intialize service config. Move firewall to base.nix 2023-10-05 23:44:58 +02:00
Felix Albrigtsen ef3cc3097e sarek: initialize postgresql 2023-10-05 22:14:29 +02:00
Felix Albrigtsen 9c1ef59a22 voyager/sarek: Fix NFS export 2023-10-05 22:04:10 +02:00
Felix Albrigtsen ec318f7f9d sarek: Manually configure networking 2023-10-05 22:05:09 +02:00
Felix Albrigtsen 82d60072a7 zsh: add unstable nix-shell 2023-10-05 17:32:21 +02:00
Felix Albrigtsen 5809dcc3fb zsh: add zoxide. worf: remove vscode, add alacritty 2023-10-03 01:26:14 +02:00
Felix Albrigtsen 3215030c6d Add sarek and related NFS shares 2023-10-03 01:25:33 +02:00
Felix Albrigtsen 9d22b16f45 Update jupyter server 2023-10-03 01:23:45 +02:00
Felix Albrigtsen bdb2ba523b Enable xrdp, replace exa with eza 2023-09-22 12:32:13 +02:00
Felix Albrigtsen d0fdcf212b Minor update; fix DHCP 2023-09-18 14:00:45 +02:00
Felix Albrigtsen 4e49dc393a Add jupyter 2023-09-18 13:59:48 +02:00
Felix Albrigtsen 62eef1ab58 edison: add pipewire 2023-09-15 17:12:47 +02:00
Felix Albrigtsen c921b06d99 Update flake, update edison-gui 2023-09-15 17:04:17 +02:00
Felix Albrigtsen 5c0749c36e Develop edison, standardize home-manager 2023-09-15 00:21:07 +02:00
Felix Albrigtsen c293e91a79 Add edison 2023-09-13 23:40:50 +02:00
Felix Albrigtsen 28b690c50e Prepare remote building, add searx 2023-09-13 23:21:28 +02:00
Felix Albrigtsen 36bd5c6460 Update worf, ctf-shell and flake.lock 2023-09-13 23:20:31 +02:00
Felix Albrigtsen 5a94663e2e Cleanup ctf-shell, add linux-only packages 2023-08-24 15:47:43 +02:00
Felix Albrigtsen cf150bba83 Add ctf-shell, minor worf fixes 2023-08-21 23:54:18 +02:00
Felix Albrigtsen 6f87add17b Minor worf updates 2023-08-18 19:06:07 +02:00
Felix Albrigtsen b3bf98d396 Update flake, fix gitea 2023-08-18 19:02:07 +02:00
Felix Albrigtsen c266d7f1db Add workers with matrix-synapse-next, various fixes and updates 2023-08-14 08:37:20 +02:00
Felix Albrigtsen 85ed4119f9 Switch channel, update flake 2023-08-13 10:33:41 +02:00
Felix Albrigtsen e5d4bc2c1e Added snappymail test config 2023-08-12 22:00:15 +02:00
Felix Albrigtsen 45b65458a4 Minor worf updates 2023-08-08 08:51:20 +02:00
Felix Albrigtsen 714907374e Worf: git+vim 2023-07-27 13:13:03 +02:00
Felix Albrigtsen 095af4edbe Configure zsh, cleanup worf 2023-07-27 11:33:44 +02:00
Felix Albrigtsen a3abe31539 More worf-config 2023-07-26 15:22:24 +02:00
Felix Albrigtsen 934b4ed1af Add home-manager and fix worf 2023-07-26 10:48:52 +02:00
Felix Albrigtsen e150b77290 Add worf 2023-07-26 09:06:51 +02:00
Felix Albrigtsen e0b6859414 Add worf keys and zfs-exporter 2023-07-25 19:15:19 +02:00
Felix Albrigtsen 372022c000 Add stash, adjust gitea 2023-06-29 23:31:55 +02:00
74 changed files with 2481 additions and 38161 deletions
Show Stats Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
result result
/secrets_tmp/ /secrets_tmp/
*.drv

12
.sops.yaml
View File

@ -1,12 +1,15 @@
keys: keys:
- &user_felixalb age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw - &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
- &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
- &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
creation_rules: creation_rules:
# Global secrets # Global secrets
- path_regex: secrets/[^/]+\.yaml$ - path_regex: secrets/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
- *user_felixalb_old
- *user_felixalb - *user_felixalb
# Host specific secrets # Host specific secrets
@ -14,4 +17,11 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *host_voyager - *host_voyager
- *user_felixalb_old
- *user_felixalb
- path_regex: secrets/defiant/[^/]+\.yaml$
key_groups:
- age:
- *host_defiant
- *user_felixalb - *user_felixalb

15
README.md
View File

@ -1,15 +1,14 @@
# Work In Progress! ## Felixalbs nixos config
Notice, these things might be missing:
- Functionality Contains configurations for some nixos servers, some nixos desktops and a [nix-darwin](https://github.com/LnL7/nix-darwin) host.
- Style Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix).
- Safety
### Build: ### Build:
- Build locally on another machine (verify) - Build locally on another machine:
``` ```
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.chapel.config.system.build.toplevel" nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.sarek.config.system.build.toplevel"
``` ```
(replace "chapel" with the hostname) (replace "sarek" with the hostname)
- Build, install and switch on the actual target - Build, install and switch on the actual target
``` ```

36
base.nix
View File

@ -1,13 +1,13 @@
{ config, lib, pkgs, inputs, values, ... }: { config, lib, pkgs, inputs, values, ... }:
{ {
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
networking = { networking = {
domain = "home.feal.no"; domain = "home.feal.no";
useDHCP = false; nameservers = [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ];
useDHCP = lib.mkDefault false;
}; };
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
@ -15,7 +15,7 @@
console = { console = {
font = "Lat2-Terminus16"; font = "Lat2-Terminus16";
keyMap = "no"; keyMap = lib.mkDefault "no";
}; };
nix = { nix = {
@ -24,7 +24,11 @@
options = "--delete-older-than 2d"; options = "--delete-older-than 2d";
}; };
settings.experimental-features = ["nix-command" "flakes"]; settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = [ "felixalb" ];
builders-use-substitutes = true;
};
registry= { registry= {
nixpkgs.flake = inputs.nixpkgs; nixpkgs.flake = inputs.nixpkgs;
@ -36,12 +40,16 @@
programs.zsh.enable = true; programs.zsh.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget bat
git
tree
rsync
bottom bottom
git
gnugrep
gnutar
ripgrep ripgrep
rsync
tree
eza
wget
]; ];
services.openssh = { services.openssh = {
@ -60,14 +68,22 @@
''; '';
}; };
networking.firewall.allowedTCPPorts = [ 22 ];
users.users.felixalb = { users.users.felixalb = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; extraGroups = [
"wheel"
"docker"
];
uid = 1000; uid = 1000;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiPHhj0YbklJnJNcxD0IlzPxLTGfv095H5zyS/1Wb64 felixalb@edison.home.feal.no"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-worf"
]; ];
shell = pkgs.zsh;
}; };
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
} }

16
common/metrics-exporters.nix
View File

@ -7,13 +7,13 @@
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
}; };
systemd.services.prometheus-node-exporter.serviceConfig = { networking.firewall = {
# TODO: Define allowed IPs # TODO: Move this into the node-exporter systemd service
# IPAddressDeny = "any"; allowedTCPPorts = [ 9100 ];
# IPAddressAllow = [ extraCommands = ''
# values.chapel.ipv4 iptables -A INPUT -p tcp -m tcp --source 192.168.10.175/32 --dport 9100 -j ACCEPT
# values.chapel.ipv6 iptables -A INPUT -p tcp -m tcp --dport 9100 -j DROP
# ]; '';
}; };
services.promtail = { services.promtail = {
@ -25,7 +25,7 @@
}; };
clients = [ clients = [
{ {
url = "http://voyager.home.feal.no:3100/loki/api/v1/push"; url = "http://grafana.home.feal.no:3100/loki/api/v1/push";
} }
]; ];
scrape_configs = [ scrape_configs = [

14
common/sketchybar-app-font.nix Normal file
View File

@ -0,0 +1,14 @@
{ lib, stdenvNoCC, fetchurl }:
stdenvNoCC.mkDerivation rec {
name = "sketchybar-app-font";
version = "1.0.20";
src = fetchurl {
url = "https://github.com/kvndrsslr/sketchybar-app-font/releases/download/v${version}/sketchybar-app-font.ttf";
hash = "sha256-pf3SSxzlNIdbXXHfRauFCnrVUMOd5J9sSUE9MsfWrwo=";
};
phases = [ "installPhase" ];
installPhase = ''
install -Dm644 $src $out/share/fonts/sketchybar-app-font/Regular.ttf
'';
}

220
flake.lock
View File

@ -1,28 +1,157 @@
{ {
"nodes": { "nodes": {
"nixpkgs": { "flake-compat": {
"flake": false,
"locked": { "locked": {
"lastModified": 1687573514, "lastModified": 1673956053,
"narHash": "sha256-jek0ezqxfiFPALhimRDBzgGOSgDv7ExZFhPDmAXoIsw=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "NixOS", "owner": "edolstra",
"repo": "nixpkgs", "repo": "flake-compat",
"rev": "3ef8b37f59cf2e0b57371df726f3c0ecacfa0e73", "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "edolstra",
"ref": "nixos-23.05-small", "repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703367386,
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"matrix-synapse-next": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701507532,
"narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
"type": "github"
},
"original": {
"owner": "dali99",
"repo": "nixos-matrix-modules",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703649338,
"narHash": "sha256-n2MkBotGgTQsfB+wH09R+otBwYCvGCsnHX7eUMGkKL0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "8a8321271f0835fae2cb195e1137cb381fdbcc8e",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1703812100,
"narHash": "sha256-JN8qbWz6OPEEPwP+AmfAmlhPE19RqUqND6hGAeK2Od0=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "7d23e6f5635499a34d09950981cf42bb072f4fa2",
"type": "github"
},
"original": {
"owner": "Infinidoge",
"repo": "nix-minecraft",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1698318101,
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
"owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "63678e9f3d3afecfeafa0acead6239cdb447574c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1673743903,
"narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1687031877, "lastModified": 1703351344,
"narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=", "narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99", "rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -32,11 +161,32 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_2": {
"locked": {
"lastModified": 1703467016,
"narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d02d818f22c777aa4e854efc3242ec451e5d462a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs", "home-manager": "home-manager",
"matrix-synapse-next": "matrix-synapse-next",
"nix-darwin": "nix-darwin",
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"unstable": "unstable" "unstable": "unstable",
"voyager-addons": "voyager-addons"
} }
}, },
"sops-nix": { "sops-nix": {
@ -47,11 +197,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1687398569, "lastModified": 1703387502,
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=", "narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "2ff6973350682f8d16371f8c071a304b8067f192", "rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -60,21 +210,51 @@
"type": "github" "type": "github"
} }
}, },
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1687639213, "lastModified": 1703438236,
"narHash": "sha256-m/jb2D62UXMPy8LeiF39/qGbDBpNpix/h7ne1EXRl9M=", "narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8eef75145e6c3beada369aee48bd9c2c3a4dee88", "rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable-small", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
},
"voyager-addons": {
"locked": {
"lastModified": 1704460893,
"narHash": "sha256-rK+GBsfkua1Ou4YHcpQciDOdeS3q23GfTit2SddgTv0=",
"ref": "refs/heads/main",
"rev": "238bcd33b3e2562fcf76f86348909990ddc3d6cc",
"revCount": 3,
"type": "git",
"url": "ssh://git@git.feal.no:2222/felixalb/voyager-addons.git"
},
"original": {
"type": "git",
"url": "ssh://git@git.feal.no:2222/felixalb/voyager-addons.git"
}
} }
}, },
"root": "root", "root": "root",

92
flake.nix
View File

@ -2,16 +2,36 @@
description = "Felixalb System flake"; description = "Felixalb System flake";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05-small"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nix-darwin.url = "github:lnl7/nix-darwin/master";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
voyager-addons.url = "git+ssh://git@git.feal.no:2222/felixalb/voyager-addons.git";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs: outputs = {
self
, home-manager
, matrix-synapse-next
, nix-minecraft
, nix-darwin
, nixpkgs
, sops-nix
, unstable
, voyager-addons
, ... }@inputs:
let let
system = "x86_64-linux";
overlay-unstable = final: prev: { overlay-unstable = final: prev: {
unstable = unstable.legacyPackages.${prev.system}; unstable = unstable.legacyPackages.${prev.system};
}; };
@ -19,7 +39,7 @@
{ {
nixosConfigurations = { nixosConfigurations = {
voyager = nixpkgs.lib.nixosSystem { voyager = nixpkgs.lib.nixosSystem {
inherit system; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
@ -28,21 +48,54 @@
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/voyager/configuration.nix ./hosts/voyager/configuration.nix
voyager-addons.nixosModules.default
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/voyager/home.nix;
}
]; ];
}; };
chapel = nixpkgs.lib.nixosSystem { defiant = nixpkgs.lib.nixosSystem {
inherit system; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
modules = [ modules = [
./hosts/chapel/configuration.nix # Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/defiant/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
matrix-synapse-next.nixosModules.default
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/defiant/home.nix;
}
];
};
edison = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
# Overlays-module makes "pkgs.unstable" available in configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./hosts/edison/configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/edison/home.nix;
}
]; ];
}; };
redshirt = nixpkgs.lib.nixosSystem { redshirt = nixpkgs.lib.nixosSystem {
inherit system; system = "x86_64-linux";
specialArgs = { specialArgs = {
inherit inputs; inherit inputs;
}; };
@ -54,8 +107,29 @@
}; };
}; };
darwinConfigurations.worf = nix-darwin.lib.darwinSystem {
system = "aarch64-darwin";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/worf/configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
home-manager.darwinModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users."felixalb" = import ./hosts/worf/home.nix;
}
# sops-nix.nixosModules.sops
];
};
devShells.x86_64-linux = { devShells.x86_64-linux = {
default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./shell.nix { }; default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./shell.nix { };
}; };
devShells.aarch64-darwin = {
default = nixpkgs.legacyPackages.aarch64-darwin.callPackage ./shell.nix { };
};
}; };
} }

334
home/alacritty.nix Normal file
View File

@ -0,0 +1,334 @@
{ pkgs, lib, inputs, config, ...}:
{
programs.alacritty = {
enable = true;
settings = {
env = {
TERM = "xterm-256color";
};
window = {
padding = {
x = 4;
y = 4;
};
decorations = "none"; # full/none/transparent/buttonless
# Transparency:
# opacity = 0.95;
};
scrolling = {
history = 9999;
multiplier = 3;
};
# Font configuration (changes require restart)
font = {
normal = {
family = "Hack Nerd Font Mono";
style = "Regular";
};
bold = {
family = "Hack Nerd Font Mono";
style = "Bold";
};
italic = {
family = "Hack Nerd Font Mono";
style = "Italic";
};
size = 14;
};
draw_bold_text_with_bright_colors = true;
colors = {
# # Tomorrow Night Bright
# primary = {
# background = "0x141414";
# foreground = "0xeaeaea";
# };
# cursor = {
# text = "0x000000";
# cursor = "0xffffff";
# };
# normal = {
# black = "0x000000";
# red = "0xd54e53";
# green = "0x82de37";
# yellow = "0xe6c547";
# blue = "0x7aa6da";
# magenta = "0xc397d8";
# cyan = "0x70c0ba";
# white = "0xffffff";
# };
# bright = {
# black = "0x666666";
# red = "0xff3334";
# green = "0x8bd45d";
# yellow = "0xe7c547";
# blue = "0x7aa6da";
# magenta = "0xb77ee0";
# cyan = "0x54ced6";
# white = "0xffffff";
# };
# Nord:
primary = {
background = "0x2e3440";
foreground = "0xd8dee9";
dim_foreground = "0xa5abb6";
};
cursor = {
text = "0x2e3440";
cursor = "0xd8dee9";
};
vi_mode_cursor = {
text = "0x2e3440";
cursor = "0xd8dee9";
};
selection = {
text = "CellForeground";
background = "0x4c566a";
};
normal = {
black = "0x3b4252";
red = "0xbf616a";
green = "0xa3be8c";
yellow = "0xebcb8b";
blue = "0x81a1c1";
magenta = "0xb48ead";
cyan = "0x88c0d0";
white = "0xe5e9f0";
};
bright = {
black = "0x4c566a";
red = "0xbf616a";
green = "0xa3be8c";
yellow = "0xebcb8b";
blue = "0x81a1c1";
magenta = "0xb48ead";
cyan = "0x8fbcbb";
white = "0xeceff4";
};
dim = {
black = "0x373e4d";
red = "0x94545d";
green = "0x809575";
yellow = "0xb29e75";
blue = "0x68809a";
magenta = "0x8c738c";
cyan = "0x6d96a5";
white = "0xaeb3bb";
};
# Indexed Colors
#
# The indexed colors include all colors from 16 to 256.
# When these are not set, they're filled with sensible defaults.
#
# Example:
# `- { index: 16, color: '0xff00ff' }`
#
# indexed_colors: []
};
visual_bell = {
animation = "EaseOutExpo";
color = "0xffffff";
duration = 200;
};
# Key bindings
#
# Key bindings are specified as a list of objects. Each binding will specify a
# key and modifiers required to trigger it, terminal modes where the binding is
# applicable, and what should be done when the key binding fires. It can either
# send a byte sequence to the running application (`chars`), execute a
# predefined action (`action`) or fork and execute a specified command plus
# arguments (`command`).
#
# Bindings are always filled by default, but will be replaced when a new binding
# with the same triggers is defined. To unset a default binding, it can be
# mapped to the `None` action.
#
# Example:
# `- { key: V, mods: Control|Shift, action: Paste }`
#
# Available fields:
# - key
# - mods (optional)
# - chars | action | command (exactly one required)
# - mode (optional)
#
# Values for `key`:
# - `A` -> `Z`
# - `F1` -> `F12`
# - `Key1` -> `Key0`
#
# A full list with available key codes can be found here:
# https://docs.rs/glutin/*/glutin/enum.VirtualKeyCode.html#variants
#
# Instead of using the name of the keys, the `key` field also supports using
# the scancode of the desired key. Scancodes have to be specified as a
# decimal number.
# This command will allow you to display the hex scancodes for certain keys:
# `showkey --scancodes`
#
# Values for `mods`:
# - Command
# - Control
# - Option
# - Super
# - Shift
# - Alt
#
# Multiple `mods` can be combined using `|` like this: `mods: Control|Shift`.
# Whitespace and capitalization is relevant and must match the example.
#
# Values for `chars`:
# The `chars` field writes the specified string to the terminal. This makes
# it possible to pass escape sequences.
# To find escape codes for bindings like `PageUp` ("\x1b[5~"), you can run
# the command `showkey -a` outside of tmux.
# Note that applications use terminfo to map escape sequences back to
# keys. It is therefore required to update the terminfo when
# changing an escape sequence.
#
# Values for `action`:
# - Paste
# - PasteSelection
# - Copy
# - IncreaseFontSize
# - DecreaseFontSize
# - ResetFontSize
# - ScrollPageUp
# - ScrollPageDown
# - ScrollLineUp
# - ScrollLineDown
# - ScrollToTop
# - ScrollToBottom
# - ClearHistory
# - Hide
# - Quit
# - ClearLogNotice
# - SpawnNewInstance
# - ToggleFullscreen
# - None
#
# Values for `action` (macOS only):
# - ToggleSimpleFullscreen: Enters fullscreen without occupying another space
#
# Values for `command`:
# The `command` field must be a map containing a `program` string and
# an `args` array of command line parameter strings.
#
# Example:
# `command: { program: "alacritty", args: ["-e", "vttest"] }`
#
# Values for `mode`:
# - ~AppCursor
# - AppCursor
# - ~AppKeypad
# - AppKeypad
#
# key_bindings:
# - { key: V, mods: Alt, action: Paste }
# - { key: C, mods: Alt, action: Copy }
# - { key: Q, mods: Alt, action: Quit }
# - { key: N, mods: Alt, action: SpawnNewInstance }
# - { key: Return, mods: Alt, action: ToggleFullscreen }
# - { key: Home, chars: "\x1bOH", mode: AppCursor }
# - { key: Home, chars: "\x1b[H", mode: ~AppCursor }
# - { key: End, chars: "\x1bOF", mode: AppCursor }
# - { key: End, chars: "\x1b[F", mode: ~AppCursor }
# - { key: Equals, mods: Alt, action: IncreaseFontSize }
# - { key: Minus, mods: Alt, action: DecreaseFontSize }
# - { key: Minus, mods: Alt|Shift, action: ResetFontSize }
# - { key: PageUp, mods: Shift, chars: "\x1b[5;2~" }
# - { key: PageUp, mods: Control, chars: "\x1b[5;5~" }
# - { key: PageUp, chars: "\x1b[5~" }
# - { key: PageDown, mods: Shift, chars: "\x1b[6;2~" }
# - { key: PageDown, mods: Control, chars: "\x1b[6;5~" }
# - { key: PageDown, chars: "\x1b[6~" }
# - { key: Left, mods: Shift, chars: "\x1b[1;2D" }
# - { key: Left, mods: Control, chars: "\x1b[1;5D" }
# - { key: Left, mods: Alt, chars: "\x1b[1;3D" }
# - { key: Left, chars: "\x1b[D", mode: ~AppCursor }
# - { key: Left, chars: "\x1bOD", mode: AppCursor }
# - { key: Right, mods: Shift, chars: "\x1b[1;2C" }
# - { key: Right, mods: Control, chars: "\x1b[1;5C" }
# - { key: Right, mods: Alt, chars: "\x1b[1;3C" }
# - { key: Right, chars: "\x1b[C", mode: ~AppCursor }
# - { key: Right, chars: "\x1bOC", mode: AppCursor }
# - { key: Up, mods: Shift, chars: "\x1b[1;2A" }
# - { key: Up, mods: Control, chars: "\x1b[1;5A" }
# - { key: Up, mods: Alt, chars: "\x1b[1;3A" }
# - { key: Up, chars: "\x1b[A", mode: ~AppCursor }
# - { key: Up, chars: "\x1bOA", mode: AppCursor }
# - { key: Down, mods: Shift, chars: "\x1b[1;2B" }
# - { key: Down, mods: Control, chars: "\x1b[1;5B" }
# - { key: Down, mods: Alt, chars: "\x1b[1;3B" }
# - { key: Down, chars: "\x1b[B", mode: ~AppCursor }
# - { key: Down, chars: "\x1bOB", mode: AppCursor }
# - { key: Tab, mods: Shift, chars: "\x1b[Z" }
# - { key: F1, chars: "\x1bOP" }
# - { key: F2, chars: "\x1bOQ" }
# - { key: F3, chars: "\x1bOR" }
# - { key: F4, chars: "\x1bOS" }
# - { key: F5, chars: "\x1b[15~" }
# - { key: F6, chars: "\x1b[17~" }
# - { key: F7, chars: "\x1b[18~" }
# - { key: F8, chars: "\x1b[19~" }
# - { key: F9, chars: "\x1b[20~" }
# - { key: F10, chars: "\x1b[21~" }
# - { key: F11, chars: "\x1b[23~" }
# - { key: F12, chars: "\x1b[24~" }
# - { key: Back, chars: "\x7f" }
# - { key: Back, mods: Alt, chars: "\x1b\x7f" }
# - { key: Insert, chars: "\x1b[2~" }
# - { key: Delete, chars: "\x1b[3~" }
mouse = {
double_click = { threshold = 300; };
triple_click = { threshold = 300; };
hide_when_typing = false;
};
selection = {
semantic_escape_chars = ",`|:\"' ()[]{}<>";
save_to_clipboard = false;
};
mouse_bindings = [
{ mouse = "Middle"; action = "PasteSelection"; }
];
cursor = {
style = "Block";
blinking = true;
unfocused_hollow = true;
};
dynamic_title = true;
};
};
}

36
home/base.nix Normal file
View File

@ -0,0 +1,36 @@
{ pkgs, ... }:
{
imports = [
./neovim.nix
./zsh.nix
];
programs.nix-index = {
enable = true;
enableZshIntegration = true;
};
programs.git = {
enable = true;
extraConfig = {
pull.rebase = true;
push.autoSetupRemote = true;
color.ui = "auto";
init.defaultBranch = "main";
lfs.enable = true;
user = {
name = "Felix Albrigtsen";
email = "felix@albrigtsen.it";
};
};
ignores = [
"*~"
"*.swp"
".DS_Store"
".vscode"
];
};
}

46
home/felixalb/home.nix
View File

@ -1,46 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./nvim.nix
];
home.username = "felixalb";
home.homeDirectory = "/home/felixalb";
home.stateVersion = "22.11";
programs = {
home-manager.enable = true;
alacritty = {
enable = true;
};
firefox.enable = true;
rofi.enable = true;
zsh = {
enable = true;
enableAutosuggestions = true;
enableSyntaxHighlighting = true;
prezto = {
enable = true;
prompt.theme = "paradox";
};
# initExtra = ''
# bindkey "''${key[Up]}" up-line-or-search
# bindkey "''${key[Down]}" down-line-or-search
# '';
};
git = {
enable = true;
userName = "Felix Albrigtsen";
userEmail = "felixalbrigtsen@gmail.com";
};
};
services = {
redshift = {
enable = true;
tray = true;
duskTime = "19:30-20:30";
dawnTime = "7:30-8:30";
};
};
}

69
home/felixalb/nvim.nix
View File

@ -1,69 +0,0 @@
{ pkgs, config, ... }
{
programs.neovim = {
enable = true;
vimAlias = true;
extraConfig = ''
set number " Show line numbers
set number relativenumber " Enable hybrid line numbers
set nu rnu
set signcolumn=number
set showmatch " Highlight matching brace
set errorbells " Beep or flash screen on errors
set hlsearch " Highlight all search results
set smartcase " Enable smart-case search
set incsearch " Searches for strings incrementally
set autoindent " Auto-indent new lines
set expandtab " Use spaces instead of tabs
set shiftwidth=2 " Number of auto-indent spaces
set smartindent " Enable smart-indent
set smarttab " Enable smart-tabs
set softtabstop=0 " Number of spaces per Tab, auto
set updatetime=300 " Time interval for updating buffers
set ruler " Show row and column ruler information
set undolevels=1000 " Number of undo levels
set backspace=indent,eol,start " Backspace behaviour
'';
plugins = with pkgs.vimPlugins; [
vim-nix
vim-commentary
vim-devicons
{ plugin = nerdtree;
config = "
nmap <silent> <C-t> :NERDTreeToggle<CR>
autocmd VimEnter * NERDTree \" Autostart nerdtree on vim startup
autocmd VimEnter * wincmd p \" Unselect nerdtree window
\" Close vim if Nerdtree is the only buffer left
autocmd bufenter * if (winnr(\"$\") == 1 && exists(\"b:NERDTree\") && b:NERDTree.isTabTree()) | q | endif
";
}
];
withNodeJs = true;
coc = {
enable = true;
settings = {
"suggest.enablePreview" = true;
"suggest.enablePreselect" = true;
};
package = pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "coc.nvim";
version = "2022-05-21";
src = pkgs.fetchFromGitHub {
owner = "neoclide";
repo = "coc.nvim";
rev = "791c9f673b882768486450e73d8bda10e391401d";
sha256 = "sha256-MobgwhFQ1Ld7pFknsurSFAsN5v+vGbEFojTAYD/kI9c=";
};
meta.homepage = "https://github.com/neoclide/coc.nvim/";
};
};
};
}

130
home/neovim.nix Normal file
View File

@ -0,0 +1,130 @@
{ pkgs, lib, inputs, config, ...}:
let
undoDir = "${config.home.homeDirectory}/.vim/undo";
in {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
vimdiffAlias = true;
plugins = with pkgs.vimPlugins; [
lightline-vim
vim-lightline-coc
vim-commentary
vim-fugitive
nerdtree
nerdtree-git-plugin
vim-devicons
telescope-nvim
nvim-lspconfig
copilot-vim
nvim-treesitter
coc-css
coc-go
coc-html
coc-json
coc-nvim
coc-pyright
vim-nix
];
withNodeJs = true;
extraConfig = ''
let mapleader = ','
set number
set shiftwidth=2
set tabstop=2
set expandtab
set undofile
set undodir=${undoDir}
set undolevels=1000
set undoreload=10000
" Integrate status with lightline
let g:lightline = {
\ 'active': {
\ 'left': [[ 'coc_info', 'coc_hints', 'coc_errors', 'coc_warnings', 'coc_ok' ], [ 'coc_status' ]]
\ }
\ }
" register components:
call lightline#coc#register()
" GoTo code navigation.
nmap <silent> gd <Plug>(coc-definition)
nmap <silent> gy <Plug>(coc-type-definition)
nmap <silent> gi <Plug>(coc-implementation)
nmap <silent> gr <Plug>(coc-references)
" Use K to show documentation in preview window.
nnoremap <silent> K :call ShowDocumentation()<CR>
function! ShowDocumentation()
if CocAction('hasProvider', 'hover')
call CocActionAsync('doHover')
else
call feedkeys('K', 'in')
endif
endfunction
" Enable syntax folding with coc
command! -nargs=* Fold :call CocAction('fold', <f-args>)
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
" Highlight the symbol and its references when holding the cursor.
autocmd CursorHold * silent call CocActionAsync('highlight')
" Symbol renaming.
nmap <leader>rn <Plug>(coc-rename)
" Use CTRL-S for selections ranges.
" Requires 'textDocument/selectionRange' support of language server.
nmap <silent> <C-s> <Plug>(coc-range-select)
xmap <silent> <C-s> <Plug>(coc-range-select)
" Step through diagnostics
nmap <silent> <g <Plug>(coc-diagnostic-prev)
nmap <silent> >g <Plug>(coc-diagnostic-next)
" Nerdtree-settings
" Toggle nerdtree on Ctrl+t
nmap <silent> <C-t> :NERDTreeToggle<CR>
autocmd VimEnter * NERDTree " Autostart nerdtree on vim startup
autocmd VimEnter * wincmd p " Unselect nerdtree window
" Close vim is Nerdtree is the only buffer left
autocmd bufenter * if (winnr("$") == 1 && exists("b:NERDTree") && b:NERDTree.isTabTree()) | q | endif
" List and switch buffers on Ctrl+k
" nnoremap <C-k> :set nomore <Bar> :ls <Bar> :set more <CR>:b<Space>
nnoremap <silent> <C-k> !echo "Did you mean C-a?"<CR>
" Telescope-settings
nnoremap <leader>ff <cmd>Telescope find_files<cr>
nnoremap <leader>fg <cmd>Telescope live_grep<cr>
nnoremap <leader>fb <cmd>Telescope buffers<cr>
nnoremap <leader>fh <cmd>Telescope help_tags<cr>
nnoremap <C-a> <cmd>Telescope buffers<cr>
nnoremap <C-s> <cmd>Telescope find_files<cr>
nnoremap <C-g> <cmd>Telescope live_grep<cr>
" Show trailing whitespace
highlight ExtraWhitespace ctermbg=red guibg=red
match ExtraWhitespace /\s\+$/
" Disable search highlights
map <Leader><Space> :noh<CR>
'';
};
# Create undo directory
home.activation.vimUndoDir = lib.hm.dag.entryAfter ["writeBoundary"] "mkdir -p ${undoDir}";
}

65
home/zsh.nix Normal file
View File

@ -0,0 +1,65 @@
{ pkgs, lib, inputs, config, ... }: {
programs = {
zsh = {
enable = true;
prezto = {
enable = true;
editor = {
keymap = "vi";
dotExpansion = true;
};
prompt = {
theme = "paradox";
pwdLength = "long";
showReturnVal = true;
};
terminal.autoTitle = true;
pmodules = [
"environment"
"terminal"
"editor"
"history"
# "directory"
"spectrum"
# "utility"
# "completion"
"git"
"autosuggestions"
"syntax-highlighting"
"history-substring-search"
"prompt"
];
};
initExtra = ''
# Autocomplete ../
zstyle ':completion:*' special-dirs true
export PATH="$HOME/.config/emacs/bin:$PATH"
unalias "gs"
'';
shellAliases = {
l = "exa -l";
c = "z";
tree = "exa --tree --icons";
s = "nix-shell --run zsh";
sp = "nix-shell --run zsh -p";
spu = "nix-shell -I nixpkgs=channel:nixos-unstable --run zsh -p";
em = "emacsclient -c";
emnw = "emacsclient -nw";
gst = "git status -sb";
gcm = "git commit -m";
gps = "git push";
gpl = "git pull";
"git clone git clone" = "git clone";
};
};
zoxide = {
enable = true;
enableZshIntegration = true;
};
};
}

80
hosts/chapel/configuration.nix
View File

@ -1,80 +0,0 @@
{ config, pkgs, ... }:
{
imports =
[
../../base.nix
../../common/metrics-exporters.nix
./hardware-configuration.nix
./services/nginx.nix
./services/metrics
./services/cloudflared.nix
];
networking = {
hostName = "chapel";
defaultGateway = "192.168.10.1";
nameservers = [ "192.168.10.1" ];
interfaces.eth0.ipv4 = {
addresses = [
{ address = "192.168.10.100"; prefixLength = 24; }
];
};
};
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
((vim_configurable.override { }).customize{
name = "vim";
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
start = [ vim-nix vim-lastplace ];
opt = [];
};
vimrcConfig.customRC = ''
" your custom vimrc
set number
set relativenumber
set nu rnu
set signcolumn=number
set hlsearch
set smartcase
set incsearch
set autoindent
set expandtab
set shiftwidth=2
set tabstop=2
set smartindent
set smarttab
set ruler
set undolevels=1000
set nocompatible
set backspace=indent,eol,start
" Turn on syntax highlighting by default
syntax on
" ...
'';
}
)
];
networking.firewall.allowedTCPPorts = [ 80 22 3100 ];
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

24
hosts/chapel/services/cloudflared.nix
View File

@ -1,24 +0,0 @@
{ config, pkgs, ... }:
{
users.users.cloudflared = {
group = "cloudflared";
isSystemUser = true;
};
users.groups.cloudflared = { };
environment.systemPackages = [
pkgs.cloudflared
];
systemd.services.cloudflared_tunnel = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=TODO_FIXSECRETS";
Restart = "always";
User = "cloudflared";
Group = "cloudflared";
};
};
}

22
hosts/chapel/services/hedgedoc.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
{
services.hedgedoc = {
enable = true;
settings = {
port = 3031;
allowFreeURL = true;
};
config = {
domain = "md.feal.no";
db = {
dialect = "mysql";
host = "mysql.home.feal.no";
port = 3306;
database = "hedgedoc";
username = "hedgedoc";
password = "DummyPasswordPlzSops";
};
};
};
}

23147
hosts/chapel/services/metrics/dashboards/node-exporter-full.json
View File

File diff suppressed because it is too large Load Diff

7019
hosts/chapel/services/metrics/dashboards/openwrt.json
View File

File diff suppressed because it is too large Load Diff

7114
hosts/chapel/services/metrics/dashboards/synology-nas-details.json
View File

File diff suppressed because it is too large Load Diff

64
hosts/chapel/services/metrics/grafana.nix
View File

@ -1,64 +0,0 @@
{ config, pkgs, ... }:
let
cfg = config.services.grafana;
in {
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.feal.no";
http_port = 2342;
http_addr = "127.0.0.1";
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = ("http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}");
isDefault = true;
}
{
name = "Loki";
type = "loki";
url = ("http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}");
}
];
dashboards.settings.providers = [
{
name = "Node Exporter Full";
type = "file";
url = "https://grafana.com/api/dashboards/1860/revisions/29/download";
options.path = dashboards/node-exporter-full.json;
}
{
name = "Synology NAS Details";
type = "file";
url = "https://grafana.com/api/dashboards/14284/revisions/9/download";
options.path = dashboards/synology-nas-details.json;
}
{
name = "OpenWRT";
type = "file";
url = "https://grafana.com/api/dashboards/11147/revisions/1/download";
options.path = dashboards/openwrt.json;
}
];
};
};
services.nginx.virtualHosts.${cfg.settings.server.domain} = {
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${toString cfg.settings.server.http_port}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffers 8 1024k;
proxy_buffer_size 1024k;
'';
};
};
};
}

75
hosts/chapel/services/metrics/loki.nix
View File

@ -1,75 +0,0 @@
{ config, pkgs, ... }:
let
cfg = config.services.loki;
in {
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
http_listen_address = "0.0.0.0";
grpc_listen_port = 9096;
};
ingester = {
wal = {
enabled = true;
dir = "/var/lib/loki/wal";
};
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
final_sleep = "0s";
};
chunk_idle_period = "1h";
};
schema_config = {
configs = [
{
from = "2022-12-01";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-index";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
shared_store = "filesystem";
cache_ttl = "24h";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
enforce_metric_name = false;
reject_old_samples = true;
reject_old_samples_max_age = "72h";
};
compactor = {
working_directory = "/var/lib/loki/compactor";
shared_store = "filesystem";
};
};
};
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
}

60
hosts/chapel/services/metrics/prometheus.nix
View File

@ -1,60 +0,0 @@
{ config, pkgs, ... }:
let
cfg = config.services.prometheus;
in {
services.prometheus = {
enable = true;
listenAddress = "127.0.0.1";
port = 9001;
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"chapel.home.feal.no:${toString cfg.exporters.node.port}"
"sulu.home.feal.no:9100"
"mccoy.home.feal.no:9100"
"borg.home.feal.no:9100"
"troi.home.feal.no:9100"
"dlink-feal.home.feal.no:9100"
];
}
];
}
{
job_name = "openwrt";
static_configs = [
{ targets = ["dlink-feal.home.feal.no:9100"]; }
];
}
{
job_name = "snmp";
static_configs = [{
targets = [
"feal-syn1.home.feal.no"
"feal-syn2.home.feal.no"
];
}];
metrics_path = "/snmp";
params.module = ["synology"];
relabel_configs = [
{
source_labels = ["__address__"];
target_label = "__param_target";
}
{
source_labels = ["__param_target"];
target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9116";
}
];
}
];
};
}

20
hosts/chapel/services/metrics/snmp-exporter.nix
View File

@ -1,20 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
pkgs.prometheus-snmp-exporter
];
systemd.services.prometheus-snmp-exporter = {
enable = true;
description = "Gather data from SNMP devices and expose them as Prometheus metrics";
unitConfig = {
Type = "simple";
};
serviceConfig = {
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/var/prometheus/snmp.yml'";
# TODO: Fix this conf file!
};
wantedBy = [ "multi-user.target" ];
};
}

11
hosts/chapel/services/nginx.nix
View File

@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}

53
hosts/defiant/configuration.nix Normal file
View File

@ -0,0 +1,53 @@
{ config, pkgs, ... }:
{
imports =
[
../../base.nix
../../common/metrics-exporters.nix
./hardware-configuration.nix
./services/nginx.nix
./services/pihole.nix
./services/postgresql.nix
./services/flame.nix
./services/gitea.nix
./services/hedgedoc.nix
./services/matrix-synapse.nix
./services/metrics
./services/minecraft.nix
./services/vaultwarden.nix
];
networking = {
hostName = "defiant";
defaultGateway = "192.168.10.1";
interfaces.enp3s0.ipv4 = {
addresses = [
{ address = "192.168.10.175"; prefixLength = 24; } # Main IP for defiant, internal
];
};
hostId = "8e84f235";
};
sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
zfs
];
boot = {
zfs.extraPools = [ "tank" ];
supportedFilesystems = [ "zfs" ];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
};
services.prometheus.exporters.zfs.enable = true;
virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker";
system.stateVersion = "23.11";
}

36
hosts/defiant/hardware-configuration.nix Normal file
View File

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/45ceae6b-cf6d-42d6-9694-d14c1d42b49f";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/DDDC-5C0C";
fsType = "vfat";
};
swapDevices = [ {
device = "/swapfile";
size = 8*1024;
} ];
networking.useDHCP = lib.mkDefault false;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
hosts/defiant/home.nix Normal file
View File

@ -0,0 +1,19 @@
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
bat
bottom
ncdu
neofetch
];
imports = [
./../../home/base.nix
];
programs = {
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
};
home.stateVersion = "23.05";
}

22
hosts/defiant/services/flame.nix Normal file
View File

@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
let
domain = "flame.home.feal.no";
host = "127.0.1.2";
port = "5005";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
flame = {
image = "pawelmalak/flame";
ports = [ "${host}:${port}:5005" ];
volumes = [
"/var/lib/flame/data:/app/data/"
];
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/".proxyPass = "http://${host}:${port}";
};
}

28
hosts/voyager/services/gitea.nix → hosts/defiant/services/gitea.nix
View File

@ -1,29 +1,35 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git.feal.no"; domain = "git.feal.no";
httpPort = 3004; httpPort = 3004;
sshPort = 2222;
in { in {
services.gitea = { services.gitea = {
enable = true; enable = true;
package = pkgs.unstable.gitea;
appName = "felixalbs Gitea"; appName = "felixalbs Gitea";
database = { database.type = "postgres";
type = "postgres"; stateDir = "/tank/services/gitea";
};
settings = { settings = {
server = { server = {
LANDING_PAGE=''"/felixalb"''; # Serve on local unix socket, exposed in hosts/defiant/services/nginx.nix
HTTP_PORT = httpPort; PROTOCOL = "http+unix";
DOMAIN = domain; DOMAIN = domain;
ROOT_URL = "https://${domain}"; ROOT_URL = "https://${domain}";
LANDING_PAGE=''"/felixalb"'';
SSH_PORT = sshPort;
SSH_LISTEN_PORT = sshPort;
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
packages.ENABLED = false; packages.ENABLED = false;
packages.CHUNKED_UPLOAD_PATH = "${cfg.stateDir}/tmp/package-upload";
oauth2_client = { oauth2_client = {
ENABLE_AUTO_REGISTRATION = true; ENABLE_AUTO_REGISTRATION = true;
@ -44,9 +50,13 @@ in {
}; };
# TODO: # TODO:
# - dump (automatic backups) # - Backup
# - services.gitea.dump?
# - ZFS snapshots?
# - configure mailer # - configure mailer
}; };
networking.firewall.allowedTCPPorts = [ httpPort ]; systemd.services.gitea.serviceConfig.WorkingDirectory = lib.mkForce "${cfg.stateDir}/work";
networking.firewall.allowedTCPPorts = [ sshPort ];
} }

117
hosts/defiant/services/hedgedoc.nix Normal file
View File

@ -0,0 +1,117 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.hedgedoc.settings;
domain = "md.feal.no";
port = 3300;
host = "127.0.1.2";
authServerUrl = "https://auth.feal.no";
in {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
restartUnits = [ "hedgedoc.service" ];
};
services.hedgedoc = {
enable = true;
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
inherit domain port host;
protocolUseSSL = true;
sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true;
allowAnonymous = false;
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
# dbURL = "postgres://hedgedoc@localhost/hedgedoc";
db = {
username = "hedgedoc";
database = "hedgedoc";
host = "/run/postgresql";
dialect = "postgresql";
};
email = false;
oauth2 = {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
scope = "openid email profile";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM";
};
};
};
systemd.services.hedgedoc = {
requires = [
"postgresql.service"
# "kanidm.service"
];
serviceConfig = let
workDir = "/var/lib/hedgedoc";
in {
WorkingDirectory = lib.mkForce workDir;
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
# Better safe than sorry :)
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [ workDir ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native";
# SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
};
};
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensureDBOwnership = true;
}];
};
services.nginx.virtualHosts."${domain}" = {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
enableACME = true;
forceSSL = true;
locations = {
"/" = {
proxyPass = "http://${host}:${toString port}";
};
"/socket.io" = {
proxyPass = "http://${host}:${toString port}";
proxyWebsockets = true;
};
};
};
}

62
hosts/voyager/services/matrix/synapse.nix → hosts/defiant/services/matrix-synapse.nix
View File

@ -1,7 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let
main_ip = "127.0.1.2";
in
{ {
sops.secrets."matrix/synapse/registrationsecret" = { sops.secrets."matrix/synapse/registrationsecret" = {
restartUnits = [ "matrix-synapse.service" ]; restartUnits = [ "matrix-synapse.service" ];
@ -9,9 +6,18 @@ in
group = "matrix-synapse"; group = "matrix-synapse";
}; };
services.matrix-synapse = { services.matrix-synapse-next = {
enable = true; enable = true;
package = pkgs.matrix-synapse; enableNginx = true;
workers = {
federationSenders = 1;
federationReceivers = 2;
initialSyncers = 1;
normalSyncers = 1;
eventPersisters = 1;
useUserDirectoryWorker = true;
};
extraConfigFiles = [ extraConfigFiles = [
config.sops.secrets."matrix/synapse/registrationsecret".path config.sops.secrets."matrix/synapse/registrationsecret".path
@ -63,42 +69,16 @@ in
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt"; tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key"; tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
listeners = [ };
{ port = 8008; };
bind_addresses = [ main_ip ];
type = "http"; services.redis.servers."".enable = true;
tls = false;
x_forwarded = true; services.nginx.virtualHosts."matrix.feal.no" = {
resources = [ listen = [
{ names = [ "client" ]; compress = true; } { addr = "192.168.10.175"; port = 43443; ssl = true; }
{ names = [ "federation" ]; compress = true; } { addr = "192.168.10.175"; port = 43080; ssl = false; }
];
}
]; ];
}; };
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
enableReload = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts."matrix.feal.no" = {
locations."/_matrix" = {
proxyPass = "http://${main_ip}:8008";
extraConfig = ''
client_max_body_size 50M;
'';
};
# locations."/_synapse/client".proxyPass = "http://${main_ip}:8008";
locations."/" = {
proxyPass = "http://${main_ip}:8008";
};
};
};
} }

0
hosts/voyager/services/metrics/dashboards/node-exporter-full.json → hosts/defiant/services/metrics/dashboards/node-exporter-full.json
View File

0
hosts/voyager/services/metrics/dashboards/openwrt.json → hosts/defiant/services/metrics/dashboards/openwrt.json
View File

0
hosts/voyager/services/metrics/dashboards/synology-nas-details.json → hosts/defiant/services/metrics/dashboards/synology-nas-details.json
View File

0
hosts/chapel/services/metrics/default.nix → hosts/defiant/services/metrics/default.nix
View File

4
hosts/voyager/services/metrics/grafana.nix → hosts/defiant/services/metrics/grafana.nix
View File

@ -5,6 +5,10 @@ let
in { in {
services.grafana = { services.grafana = {
enable = true; enable = true;
dataDir = "/tank/services/metrics/grafana";
# TODO: Migrate sqlite to postgres
settings.server = { settings.server = {
domain = "grafana.home.feal.no"; domain = "grafana.home.feal.no";
http_port = 2342; http_port = 2342;

5
hosts/voyager/services/metrics/loki.nix → hosts/defiant/services/metrics/loki.nix
View File

@ -1,10 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
cfg = config.services.loki; cfg = config.services.loki;
saveDirectory = "/tank/var/lib/loki"; saveDirectory = "/tank/services/metrics/loki";
in { in {
services.loki = { services.loki = {
enable = true; enable = true;
dataDir = saveDirectory;
configuration = { configuration = {
auth_enabled = false; auth_enabled = false;
server = { server = {
@ -70,6 +71,4 @@ in {
}; };
}; };
}; };
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
} }

10
hosts/voyager/services/metrics/prometheus.nix → hosts/defiant/services/metrics/prometheus.nix
View File

@ -8,18 +8,22 @@ in {
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9001; port = 9001;
# StateDirectory must be under /var/lib.
# TODO: Back up to /tank/services/metrics/prometheus
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ {
targets = [ targets = [
"voyager.home.feal.no:${toString cfg.exporters.node.port}" "voyager.home.feal.no:9100"
"sulu.home.feal.no:9100" "sulu.home.feal.no:9100"
"mccoy.home.feal.no:9100" "mccoy.home.feal.no:9100"
"borg.home.feal.no:9100"
"troi.home.feal.no:9100"
"dlink-feal.home.feal.no:9100" "dlink-feal.home.feal.no:9100"
"edison.home.feal.no:9100"
"defiant.home.feal.no:9100"
"scotty.home.feal.no:9100"
]; ];
} }
]; ];

4
hosts/voyager/services/metrics/snmp-exporter.nix → hosts/defiant/services/metrics/snmp-exporter.nix
View File

@ -12,8 +12,8 @@
Type = "simple"; Type = "simple";
}; };
serviceConfig = { serviceConfig = {
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/var/prometheus/snmp.yml'"; ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/tank/services/metrics/prometheus/snmp.yml'";
# TODO: Fix this conf file! # snmp.yml = https://github.com/prometheus/snmp_exporter/blob/main/snmp.yml + https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_MIB_Guide.pdf
}; };
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };

70
hosts/defiant/services/minecraft.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, pkgs, lib, inputs, ... }:
{
imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services.minecraft-servers = {
enable = true;
eula = true;
openFirewall = true;
dataDir = "/var/lib/minecraft-wack";
servers.wack = {
enable = true;
jvmOpts = "-Xms4G -Xmx4G";
package = pkgs.fabricServers.fabric-1_20_4;
serverProperties = {
motd = "WackAttack M1n3cr4f7";
white-list = true;
difficulty = "normal";
view-distance = 16;
simulation-distance = 16;
enable-command-block = true;
enable-rcon = true;
"rcon.password" = "wack";
};
symlinks = {
mods = pkgs.linkFarmFromDrvs "mods" (builtins.attrValues {
FabricAPI = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/JMCwDuki/fabric-api-0.92.0%2B1.20.4.jar";
sha256 = "sha256-7U0BK5CBENWY4s3t+dXTASprIeY4Tdeyzc06lNGkc/Q=";
};
Lithium = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/nMhjKWVE/lithium-fabric-mc1.20.4-0.12.1.jar";
sha256 = "sha256-as1JWV7mnhJkz8eYmPVpRS5BvWaYVGf8s40oBBka880=";
};
MCDiscordChat = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/D0sHdnXY/versions/tldGNWOW/MC-Discord-Chat-2.2.5.jar";
sha256 = "sha256-WK02gRNbTjbjQSIlWHP4aBSeGTZxtXwwbqt9fa7AJTA=";
};
SimpleVoiceChat = pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/UIZXn9t1/voicechat-fabric-1.20.4-2.4.32.jar";
sha256 = "sha256-BZMK7Y8uaw1MvtQC1MXblsaaHy100a59KxSs4P0fjXE=";
};
});
};
whitelist = {
"_Oblivion" = "289be565-d73e-4cb1-a047-dcc319acdc80";
Crisju = "8b77dc43-27ba-4710-bbfd-4e01e6ec7461";
Dandellion = "f393413b-59fc-49d7-a5c4-83a5d177132c";
Taschmex = "a3a258b0-901f-43d9-b130-dad3b29cd7ee";
guy_montag = "cb8aa890-a5a3-41f2-9bb7-1edb20c5a31f";
koppern = "3450494c-b945-4fa2-938c-5519adec005f";
krloer = "ab3029e2-76b6-4219-854e-16091fe5e421";
};
};
};
# TODO: Automated backup job (https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/57d1dfd121fdb23fcef54e0632f6f6278c6bb753/hosts/greddost/services/minecraft/default.nix#L144)
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"minecraft-server"
];
networking.firewall.allowedUDPPorts = [ 24454 ];
}

73
hosts/defiant/services/nginx.nix Normal file
View File

@ -0,0 +1,73 @@
{ config, values, ... }:
{
services.nginx = {
enable = true;
enableReload = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
defaultListen = [
{
addr = "192.168.10.175";
port = 80;
ssl = false;
}
];
};
networking.firewall.allowedTCPPorts = [
80 443 # Internal / Default
43080 43443 # External / Publicly exposed
];
security.acme = {
acceptTerms = true;
defaults.email = "felix@albrigtsen.it";
};
# Publicly exposed services:
services.nginx.virtualHosts = let
publicProxy = upstream: {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "${upstream}";
};
in {
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
"git.feal.no" = publicProxy "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
"wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
"cloud.feal.no" = {
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
enableACME = true;
forceSSL = true;
extraConfig = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
server_tokens off;
# HSTS settings
# WARNING: Only add the preload option once you read about
# the consequences in https://hstspreload.org/. This option
# will add the domain to a hardcoded list that is shipped
# in all major browsers and getting removed from this list
# could take several months.
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
'';
locations."/".proxyPass = "http://voyager.home.feal.no/";
};
};
}

35
hosts/defiant/services/pihole.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }:
let
domain = "pihole.home.feal.no";
dnsHost = "192.168.10.175";
webuiListen = "127.0.1.2:5053";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
pihole = {
image = "pihole/pihole";
ports = [
"${dnsHost}:53:53/tcp"
"${dnsHost}:53:53/udp"
"${webuiListen}:80"
];
environment.TZ = "Europe/Oslo";
volumes = [
"/var/lib/pihole/etc:/etc/pihole"
"/var/lib/pihole/dnsmasq:/etc/dnsmasq.d"
];
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/" = {
proxyPass = "http://${webuiListen}";
extraConfig = ''
rewrite /(.*) /admin/$1 break;
'';
};
};
}

16
hosts/defiant/services/postgresql.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
{
services.postgresql = {
enable = true;
enableTCPIP = false;
};
services.postgresqlBackup = {
# enable = true;
location = "/data/backup/postgresql/";
startAt = "*-*-* 03:15:00";
backupAll = true;
};
environment.systemPackages = [ config.services.postgresql.package ];
}

42
hosts/voyager/services/vaultwarden.nix → hosts/defiant/services/vaultwarden.nix
View File

@ -3,7 +3,7 @@ let
cfg = config.services.vaultwarden; cfg = config.services.vaultwarden;
domain = "pw.feal.no"; domain = "pw.feal.no";
address = "127.0.0.1"; address = "127.0.0.1";
port = 3011; # Note! The websocket port is left as default port = 3011; # Note: The websocket port is left as default(3012)
in { in {
sops.secrets."vaultwarden/admintoken" = { sops.secrets."vaultwarden/admintoken" = {
owner = "vaultwarden"; owner = "vaultwarden";
@ -20,27 +20,30 @@ in {
rocketAddress = address; rocketAddress = address;
rocketPort = port; rocketPort = port;
websocketEnabled = true; websocketEnabled = true;
databaseUrl = "postgresql://vaultwarden@localhost/vaultwarden?sslmode=disable"; # databaseUrl = "postgresql://vaultwarden:@localhost/vaultwarden?sslmode=disable";
databaseUrl = "postgresql://vaultwarden@/vaultwarden";
signupsAllowed = false; signupsAllowed = false;
rocketLog = "critical";
# This example assumes a mailserver running on localhost,
# thus without transport encryption.
# If you use an external mail server, follow:
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
/* SMTP_HOST = "127.0.0.1"; */
/* SMTP_PORT = 25; */
/* SMTP_SSL = false; */
/* SMTP_FROM = "admin@bitwarden.example.com"; */
/* SMTP_FROM_NAME = "example.com Bitwarden server"; */
}; };
}; };
services.postgresql = {
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
}];
};
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
listen = [
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
];
extraConfig = '' extraConfig = ''
client_max_body_size 128M; client_max_body_size 128M;
''; '';
@ -57,13 +60,4 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
services.postgresql = {
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensurePermissions = {
"DATABASE \"vaultwarden\"" = "ALL PRIVILEGES";
};
}];
};
} }

43
hosts/edison/configuration.nix Normal file
View File

@ -0,0 +1,43 @@
{ config, pkgs, lib, ... }:
{
imports =
[
../../base.nix
../../common/metrics-exporters.nix
./hardware-configuration.nix
./desktop.nix
];
virtualisation.docker.enable = true;
networking = {
hostName = "edison";
defaultGateway = "192.168.10.1";
# Networking / Wi-Fi is configured with NM for now. TODO
networkmanager.enable = true;
};
console.keyMap = "us";
# sops.defaultSopsFile = ../../secrets/edison/edison.yaml;
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
pavucontrol
];
programs.steam.enable = true;
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"steam"
"steam-original"
"steam-run"
];
system.stateVersion = "23.05";
}

55
hosts/edison/desktop.nix Normal file
View File

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
{
services.xserver = {
enable = true;
desktopManager.xfce.enable = true;
videoDrivers = [ "nvidia" ];
layout = "us,no";
xkbVariant = "intl";
};
environment.systemPackages = with pkgs; [
xfce.xfce4-pulseaudio-plugin
];
services.picom.enable = true;
hardware.opengl.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
pulse.enable = true;
jack.enable = true;
};
fonts = {
fontDir.enable = true;
packages = with pkgs; [
noto-fonts
noto-fonts-emoji
noto-fonts-cjk-sans
font-awesome
fira-code
hack-font
(nerdfonts.override {
fonts = [
"Hack"
];
})
];
};
# Remote:
services.xrdp = {
enable = true;
defaultWindowManager = "xfce4-session";
openFirewall = true;
};
services.flatpak.enable = true;
users.users."felixalb".packages = [ pkgs.flatpak ];
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
};
}

19
hosts/chapel/hardware-configuration.nix → hosts/edison/hardware-configuration.nix
View File

@ -5,32 +5,37 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/f7086b7c-581e-40d4-90c0-47cb767395c7"; { device = "/dev/disk/by-uuid/14b254e1-d94f-4b9b-a910-7fcf7e33af46";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4303-A70F"; { device = "/dev/disk/by-uuid/A197-7913";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ ]; swapDevices =
[ { device = "/dev/disk/by-uuid/d56040a0-3009-4899-95fa-1b82e60e32e4"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true; # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

24
hosts/edison/home.nix Normal file
View File

@ -0,0 +1,24 @@
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
bat
bottom
mumble
ncdu
neofetch
nix-index
];
imports = [
./../../home/base.nix
];
programs = {
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
alacritty.enable = true;
firefox.enable = true;
rofi.enable = true;
};
home.stateVersion = "23.05";
}

78
hosts/voyager/configuration.nix
View File

@ -10,94 +10,40 @@
./wireguard.nix ./wireguard.nix
./exports.nix ./exports.nix
#./vms.nix ./services/snappymail.nix
./services/calibre.nix
./services/fancontrol.nix
./services/jellyfin.nix
./services/kanidm.nix
./services/nextcloud.nix
./services/nginx ./services/nginx
./services/postgres.nix ./services/postgres.nix
./services/kanidm.nix ./services/timemachine.nix
./services/matrix
./services/jellyfin.nix
./services/transmission.nix ./services/transmission.nix
./services/metrics
./services/flame.nix
./services/gitea.nix
./services/hedgedoc.nix
./services/vaultwarden.nix
./services/calibre.nix
# ./services/code-server.nix
]; ];
networking = { networking = {
hostName = "voyager"; hostName = "voyager";
defaultGateway = "192.168.10.1"; bridges.br0.interfaces = [ "eno1" ];
nameservers = [ "192.168.11.100" "1.1.1.1" ]; interfaces.br0.useDHCP = false;
interfaces.eno1.ipv4 = { interfaces.br0.ipv4.addresses = [
addresses = [
{ address = "192.168.10.165"; prefixLength = 24; } { address = "192.168.10.165"; prefixLength = 24; }
]; ];
};
hostId = "8e84b235"; hostId = "8e84b235";
defaultGateway = "192.168.10.1";
}; };
sops.defaultSopsFile = ../../secrets/voyager/voyager.yaml; sops.defaultSopsFile = ../../secrets/voyager/voyager.yaml;
environment.variables = { EDITOR = "vim"; }; environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
((vim_configurable.override { }).customize{
name = "vim";
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
start = [ vim-nix vim-lastplace vim-commentary ];
opt = [];
};
vimrcConfig.customRC = ''
" your custom vimrc
set number
set relativenumber
set nu rnu
set signcolumn=number
set hlsearch
set smartcase
set incsearch
set autoindent
set expandtab
set shiftwidth=2
set tabstop=2
set smartindent
set smarttab
set ruler
set undolevels=1000
set nocompatible
set backspace=indent,eol,start
" Turn on syntax highlighting by default
syntax on
" ...
'';
}
)
zfs zfs
screen
exa
]; ];
/* virtualisation.podman = { */
/* enable = true; */
/* dockerCompat = true; # Make `docker` shell alias */
/* defaultNetwork.settings.dns_enabled = true; */
/* }; */
/* virtualisation.oci-containers.backend = "podman"; */
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
networking.firewall.allowedTCPPorts = [ 22 ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
} }

10
hosts/voyager/exports.nix
View File

@ -5,17 +5,23 @@
device = "/tank/backup/riker"; device = "/tank/backup/riker";
options = [ "bind" ]; options = [ "bind" ];
}; };
"/export/defiant-backup" = {
device = "/tank/backup/defiant";
options = [ "bind" ];
};
}; };
# Enable nfs4 only # Enable nfs4 only
services.nfs.server = { services.nfs.server = {
enable = true; enable = true;
exports = '' exports = ''
/export 192.168.10.4(rw,fsid=0,no_subtree_check) 192.168.10.5(rw,fsid=0,no_subtree_check) 192.168.10.2(rw,fsid=0,no_subtree_check) /export 192.168.10.4(rw,fsid=0,no_subtree_check) 192.168.10.5(rw,fsid=0,no_subtree_check) 192.168.10.2(rw,fsid=0,no_subtree_check) 192.168.10.175(rw,fsid=0,no_subtree_check)
/export/riker-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash) /export/riker-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash)
/export/doyle-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash) /export/doyle-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash)
/export/defiant-backup 192.168.10.175(rw,nohide,no_subtree_check,async,no_root_squash)
''; '';
}; };
networking.firewall.allowedTCPPorts = [ 2049 ]; networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
networking.firewall.allowedUDPPorts = [ 111 20048];
} }

2
hosts/voyager/filesystems.nix
View File

@ -36,6 +36,4 @@
}; };
}; };
# Network mounts (export)
} }

1
hosts/voyager/hardware-configuration.nix
View File

@ -29,7 +29,6 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.eno2.useDHCP = lib.mkDefault true; # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
# networking.interfaces.idrac.useDHCP = lib.mkDefault true; # networking.interfaces.idrac.useDHCP = lib.mkDefault true;

19
hosts/voyager/home.nix Normal file
View File

@ -0,0 +1,19 @@
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
bat
bottom
ncdu
neofetch
];
imports = [
./../../home/base.nix
];
programs = {
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
};
home.stateVersion = "23.05";
}

108
hosts/voyager/modules/snappymail.nix Normal file
View File

@ -0,0 +1,108 @@
{ config, pkgs, lib, ... }:
let
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption mkPackageOption generators types;
cfg = config.services.snappymail;
maxUploadSize = "256M";
in {
options.services.snappymail = {
enable = mkEnableOption (lib.mdDoc "Snappymail");
package = mkOption {
type = types.package;
default = pkgs.snappymail;
defaultText = lib.mdDoc "pkgs.snappymail";
description = lib.mdDoc "Which snappymail package to use.";
};
dataDir = mkOption {
type = types.str;
default = "/var/lib/snappymail";
description = "State directory for snappymail";
};
hostname = mkOption {
type = types.str;
/* default = null; */
example = "mail.example.com";
description = "Enable nginx with this hostname, null disables nginx";
};
user = mkOption {
type = types.str;
default = "snappymail";
description = lib.mdDoc "System user under which snappymail runs";
};
group = mkOption {
type = types.str;
default = "snappymail";
description = lib.mdDoc "System group under which snappymail runs";
};
};
config = mkIf cfg.enable {
users.users = mkIf (cfg.user == "snappymail") {
snappymail = {
description = "Snappymail service";
group = cfg.group;
home = cfg.dataDir;
useDefaultShell = true;
createHome = true;
isSystemUser = true;
};
};
users.groups = mkIf (cfg.group == "snappymail") {
snappymail = {};
};
services.phpfpm.pools.snappymail = {
user = cfg.user;
group = cfg.group;
phpOptions = generators.toKeyValue {} {
upload_max_filesize = maxUploadSize;
post_max_size = maxUploadSize;
memory_limit = maxUploadSize;
};
settings = {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
"pm" = "ondemand";
"pm.max_children" = 32;
"pm.process_idle_timeout" = "10s";
"pm.max_requests" = 500;
};
};
services.nginx = mkIf (cfg.hostname != null) {
virtualHosts."${cfg.hostname}" = {
locations."/".extraConfig = ''
index index.php;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
'';
locations."^~ /data".extraConfig = ''
deny all;
'';
locations."~ \.php$".extraConfig = ''
include ${pkgs.nginx}/conf/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket};
'';
extraConfig = ''
client_max_body_size ${maxUploadSize};
'';
root = if (cfg.package == pkgs.snappymail) then
pkgs.snappymail.override {
dataPath = cfg.dataDir;
}
else cfg.package;
};
};
};
}

1
hosts/voyager/services/calibre.nix
View File

@ -1,5 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
domain = "books.home.feal.no"; domain = "books.home.feal.no";
storage = "/tank/media/books"; storage = "/tank/media/books";

63
hosts/voyager/services/fancontrol.nix Normal file
View File

@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
{
systemd.timers."fancontrol" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar="*:0/3";
Unit = "fancontrol.service";
};
};
systemd.services."fancontrol" = {
environment = {
TEMP_MIN_FALLING = "50";
TEMP_MAX_RISING = "56";
TEMP_CRIT = "70";
LOW_FAN_SPEED = "0x10";
};
script = ''
SET_FAN_MANUAL="0x30 0x30 0x01 0x00" # Enable manual control
SET_FAN_AUTO="0x30 0x30 0x01 0x01" # Disable manual control
SET_FAN_LOW="0x30 0x30 0x02 0xff $LOW_FAN_SPEED"
SET_FAN_MAX="0x30 0x30 0x02 0xff 0x64" # force 100%
# Get all temperatures readings starting with "Temp ", find all two digit numbers followed by spaces, find the largest one, trim the trailing space
maxcoretemp=$(${pkgs.ipmitool}/bin/ipmitool sdr type temperature | grep '^Temp ' | grep -Po '\d{2} ' | sort -nr | head -n1 | xargs)
# Verify that we read a valid number
ISNUMBER='^[0-9]+$'
if ! [[ $maxcoretemp =~ $ISNUMBER ]] ; then
echo "Error: could not read temperature" >&2
exit 2
fi
echo "Highest measured CPU temperature: '$maxcoretemp'"
if [ "$maxcoretemp" -gt "$TEMP_CRIT" ]; then
echo "TOO HOT, CRITICAL CPU TEMP"
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MAX
exit 1
fi
if [ "$maxcoretemp" -gt "$TEMP_MAX_RISING" ]; then
echo "TOO HOT, switching to IDRAC fan controL"
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_AUTO
exit 0
fi
if [ "$maxcoretemp" -lt "$TEMP_MIN_FALLING" ]; then
echo "Sufficiently cooled, stepping down fans"
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_LOW
exit 0
fi
echo "Temperature is between limits, doing nothing..."
'';
};
}

22
hosts/voyager/services/flame.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, lib, ... }:
let
host = "127.0.1.2";
port = "5005";
in {
# Flame - Homelab dashboard/linktree
virtualisation.oci-containers.containers = {
flame = {
image = "pawelmalak/flame";
ports = [ "${host}:${port}:5005" ];
volumes = [
"/var/lib/flame/data:/app/data/"
];
};
};
services.nginx.virtualHosts."flame.home.feal.no" = {
locations."/" = {
proxyPass = "http://${host}:${port}";
};
};
}

97
hosts/voyager/services/hedgedoc.nix
View File

@ -1,97 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.hedgedoc.settings;
domain = "md.feal.no";
port = 3300;
host = "0.0.0.0";
authServerUrl = config.services.kanidm.serverSettings.origin;
in {
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
sops.secrets."hedgedoc/env" = {
restartUnits = [ "hedgedoc.service" ];
};
services.hedgedoc = {
enable = true;
environmentFile = config.sops.secrets."hedgedoc/env".path;
settings = {
inherit domain port host;
protocolUseSSL = true;
sessionSecret = "$CMD_SESSION_SECRET";
allowFreeURL = true;
allowAnonymous = false;
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
email = false;
oauth2 = {
baseURL = "${authServerUrl}/oauth2";
tokenURL = "${authServerUrl}/oauth2/token";
authorizationURL = "${authServerUrl}/ui/oauth2";
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
clientID = "hedgedoc";
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
scope = "openid email profile";
userProfileUsernameAttr = "name";
userProfileEmailAttr = "email";
userProfileDisplayNameAttr = "displayname";
providerName = "KaniDM";
};
};
};
systemd.services.hedgedoc = {
requires = [
"postgresql.service"
"kanidm.service"
];
serviceConfig = let
workDir = "/var/lib/hedgedoc";
in {
WorkingDirectory = lib.mkForce workDir;
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
# Better safe than sorry :)
CapabilityBoundingSet = "";
LockPersonality = true;
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ProtectSystem = "strict";
ReadWritePaths = [ workDir ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
SystemCallArchitectures = "native";
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
};
};
networking.firewall.allowedTCPPorts = [ port ];
services.postgresql = {
ensureDatabases = [ "hedgedoc" ];
ensureUsers = [{
name = "hedgedoc";
ensurePermissions = {
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
};
}];
};
}

33
hosts/voyager/services/matrix/bridge-discord.nix
View File

@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
services.mx-puppet-discord = {
enable = true;
serviceDependencies = [
"matrix-synapse.service"
"postgresql.service"
];
settings = {
bridge = {
bindAddress = "localhost";
domain = "feal.no";
homeserverUrl = "https://matrix.feal.no";
# homeserverUrl = "http://127.0.1.2:8008";
port = 8434;
enableGroupSync = true;
};
database.connString = "postgresql://mx-puppet-discord@localhost/mx-puppet-discord?sslmode=disable";
provisioning.whitelist = [ "@felixalb:feal\\.no" ];
relay.whitelist = [ ".*" ];
selfService.whitelist = [ "@felixalb:feal\\.no" ];
};
};
services.matrix-synapse.settings.app_service_config_files = [ /var/lib/mx-puppet-discord/discord-registration.yaml ];
}

12
hosts/voyager/services/matrix/default.nix
View File

@ -1,12 +0,0 @@
{ config, ... }:
{
imports = [
./synapse.nix
# ./bridge-facebook.nix
# ./bridge-discord.nix
# ./element.nix
# ./coturn.nix
# ./discord.nix
];
}

10
hosts/voyager/services/metrics/default.nix
View File

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./prometheus.nix
./grafana.nix
./loki.nix
#./snmp-exporter.nix
];
}

88
hosts/voyager/services/nextcloud.nix Normal file
View File

@ -0,0 +1,88 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.nextcloud;
hostName = "cloud.feal.no";
in {
services.nextcloud = {
enable = true;
package = pkgs.nextcloud28;
inherit hostName;
home = "/var/lib/nextcloud";
https = true;
webfinger = true;
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminuser = "ncadmin";
adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
trustedProxies = [ "192.168.10.175" ]; # defiant
defaultPhoneRegion = "NO";
};
# phpOptions = {
# "opcache.interned_strings_buffer" = "16";
# "upload_max_filesize" = "4G";
# "post_max_size" = "4G";
# "memory_limit" = "4G";
# };
poolSettings = {
"pm" = "ondemand";
"pm.max_children" = 32;
"pm.process_idle_timeout" = "10s";
"pm.max_requests" = 500;
};
};
environment.systemPackages = [ cfg.occ ];
sops.secrets."nextcloud/adminpass" = {
mode = "0440";
owner = "nextcloud";
group = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ];
};
services.postgresql = {
ensureDatabases = [ "nextcloud" ];
ensureUsers = [ {
name = "nextcloud";
ensureDBOwnership = true;
} ];
};
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
systemd.services."phpfpm-nextcloud".serviceConfig = {
WorkingDirectory = "/var/lib/nextcloud";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectClock = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
RemoveIPC = true;
RestrictSUIDSGID = true;
UMask = "0007";
SystemCallArchitectures = "native";
SystemCallFilter = "@system-service";
CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
};
fileSystems."/var/lib/nextcloud" = {
device = "/tank/nextcloud";
options = [ "bind "];
};
}

7
hosts/voyager/services/nginx/default.nix
View File

@ -4,6 +4,8 @@
enable = true; enable = true;
enableReload = true; enableReload = true;
clientMaxBodySize = "100m";
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
@ -11,5 +13,10 @@
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
/* security.acme = { */
/* acceptTerms = true; */
/* email = "felix@albrigtsen.it"; */
/* }; */
} }

17
hosts/voyager/services/snappymail.nix Normal file
View File

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
{
imports = [ ../modules/snappymail.nix ];
services.snappymail = {
enable = true;
hostname = "mail.home.feal.no";
};
services.nginx.virtualHosts."${config.services.snappymail.hostname}" = let
certPath = "/etc/ssl-snakeoil/mail_home_feal_no";
in {
addSSL = true;
sslCertificate = "${certPath}.crt";
sslCertificateKey = "${certPath}.key";
};
}

42
hosts/voyager/services/timemachine.nix Normal file
View File

@ -0,0 +1,42 @@
{ config, pkgs, ... }:
let
timeMachineDir = "/tank/backup/worf";
user = "worf-backup";
sizeLimit = "800000"; # MiB
allowedIPs = "192.168.10.2 192.168.10.5"; #TODO
in {
services.avahi = {
enable = true;
publish = {
enable = true;
userServices = true;
};
};
services.netatalk = {
enable = true;
settings = {
Global = {
"mimic model" = "TimeCapsule6,106"; # show the icon for the first gen TC
"hosts allow" = allowedIPs;
};
"worf-time-machine" = {
"time machine" = "yes";
"path" = timeMachineDir;
"valid users" = user;
"vol size limit" = sizeLimit;
};
};
};
users.extraUsers.worf-backup = {
isSystemUser = true;
name = user;
group = user;
};
users.groups."${user}" = {};
networking.firewall.allowedTCPPorts = [ 548 636 ];
}

142
hosts/worf/configuration.nix Normal file
View File

@ -0,0 +1,142 @@
{ pkgs, ... }:
{
# Many settings should be handled by home manager. System-wide settings are however managed here.
imports = [
./yabai.nix
];
nixpkgs.config.allowUnfree = true;
nix = {
# gc = {
# automatic = true;
# options = "--delete-older-than 2d";
# };
settings = {
allow-dirty = true;
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
auto-optimise-store = true;
builders-use-substitutes = true;
log-lines = 50;
};
buildMachines = [
{
hostName = "voyager.home.feal.no";
system = "x86_64-linux";
maxJobs = 4;
supportedFeatures = [ "kvm" "big-parallel" "benchmark" "nixos-test" ];
mandatoryFeatures = [ ];
sshUser = "felixalb";
sshKey = "/var/root/.ssh/nix-builder";
}
{
hostName = "defiant.home.feal.no";
system = "x86_64-linux";
maxJobs = 6;
supportedFeatures = [ "big-parallel" "benchmark" "nixos-test" ];
mandatoryFeatures = [ ];
sshUser = "felixalb";
sshKey = "/var/root/.ssh/nix-builder";
}
];
distributedBuilds = true;
extraOptions = "builders-use-substitutes = true";
};
# System packages for all users
environment = {
systemPackages = with pkgs; [
findutils
gnugrep
jq
ripgrep
sshfs
wget
];
variables = {
EDITOR = "nvim";
VISUAL = "nvim";
};
};
users.users.felixalb = {
home = "/Users/felixalb";
shell = pkgs.zsh;
};
programs.zsh.enable = true;
system.activationScripts.postActivation.text = ''sudo chsh -s ${pkgs.zsh}/bin/zsh''; # Since it's not possible to declare default shell, run this command after build
fonts = {
fontDir.enable = true;
fonts = with pkgs; [
noto-fonts
font-awesome
fira-code
hack-font
(nerdfonts.override {
fonts = [
"Hack"
];
})
];
};
system.defaults = {
# login window settings
loginwindow = {
# disable guest account
GuestEnabled = false;
# show name instead of username
SHOWFULLNAME = false;
};
finder = {
AppleShowAllExtensions = true;
FXEnableExtensionChangeWarning = true;
_FXShowPosixPathInTitle = true;
};
# firewall settings
alf = {
# 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
globalstate = 1;
loggingenabled = 0;
stealthenabled = 1;
};
# dock settings
dock = {
autohide = true;
autohide-delay = 0.0;
autohide-time-modifier = 1.0;
tilesize = 45;
static-only = false;
showhidden = false;
show-recents = false;
show-process-indicators = true;
orientation = "bottom";
mru-spaces = false;
};
};
system.keyboard = {
enableKeyMapping = true;
remapCapsLockToControl = true;
};
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
nix.package = pkgs.nix;
}

82
hosts/worf/home.nix Normal file
View File

@ -0,0 +1,82 @@
{ pkgs
, lib
, inputs
, config
, ...
}: {
imports = [
./../../home/base.nix
./../../home/alacritty.nix
];
home.packages = with pkgs; [
# alacritty
emacs
iterm2
spotify
ripes
prismlauncher
bat
bottom
cocoapods
gnutar
ncdu
neofetch
nix-index
nodejs
tldr
eza
zellij
pandoc
texlive.combined.scheme-full
(python311.withPackages (ps: with ps; [
pygments
jupyter
numpy
scipy
pwntools
pycryptodome
requests
]))
];
programs.zsh = {
shellAliases."rebuild" = "darwin-rebuild switch --flake /Users/felixalb/nix";
prezto.pmodules = [ "ssh" ];
};
# Ctrl+y + ,
programs.neovim.plugins = with pkgs.vimPlugins; [ coc-emmet emmet-vim ];
# Copy Applications to ~/Applications to allow them to be launched from Spotlight
disabledModules = [ "targets/darwin/linkapps.nix" ];
home.activation = lib.mkIf pkgs.stdenv.isDarwin {
copyApplications =
let
apps = pkgs.buildEnv {
name = "home-manager-applications";
paths = config.home.packages;
pathsToLink = "/Applications";
};
in
lib.hm.dag.entryAfter [ "writeBoundary" ] ''
baseDir="$HOME/Applications/Home Manager Apps"
if [ -d "$baseDir" ]; then
rm -rf "$baseDir"
fi
mkdir -p "$baseDir"
for appFile in ${apps}/Applications/*; do
target="$baseDir/$(basename "$appFile")"
$DRY_RUN_CMD cp ''${VERBOSE_ARG:+-v} -fHRL "$appFile" "$baseDir"
$DRY_RUN_CMD chmod ''${VERBOSE_ARG:+-v} -R +w "$target"
done
'';
};
home.stateVersion = "23.05";
}

129
hosts/worf/yabai.nix Normal file
View File

@ -0,0 +1,129 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.yabai;
sketchybar-app-font = pkgs.callPackage ./../../common/sketchybar-app-font.nix {};
in {
services.yabai = {
enable = true;
package = pkgs.yabai;
enableScriptingAddition = true;
config = {
layout = "bsp";
debug_output = "on";
focus_follows_mouse = "autoraise";
mouse_follows_focus = "off";
window_placement = "second_child";
window_opacity = "off";
window_border = "on";
window_border_width = 1;
window_border_blur = "off";
normal_window_border_color = "0xff404066";
active_window_border_color = "0xffff2020";
window_border_radius = 0;
# top_padding = 10;
# bottom_padding = 10;
# left_padding = 10;
# right_padding = 10;
window_gap = 0;
external_bar = "all:40:0";
};
};
services.skhd = {
enable = true;
skhdConfig = let
mod = "alt";
mod2 = "alt + ctrl";
mod3 = "alt + shift";
mod4 = "alt + cmd";
in ''
# Move window focus
${mod} - j : yabai -m window --focus south
${mod} - k : yabai -m window --focus north
${mod} - h : yabai -m window --focus west
${mod} - l : yabai -m window --focus east
${mod} - down : yabai -m window --focus south
${mod} - up : yabai -m window --focus north
${mod} - left : yabai -m window --focus west
${mod} - right : yabai -m window --focus east
# Move windows
${mod3} - j : yabai -m window --warp south
${mod3} - k : yabai -m window --warp north
${mod3} - h : yabai -m window --warp west
${mod3} - l : yabai -m window --warp east
${mod3} - down : yabai -m window --warp south
${mod3} - up : yabai -m window --warp north
${mod3} - left : yabai -m window --warp west
${mod3} - right : yabai -m window --warp east
# Move windows to different spaces
${mod2} - 1 : yabai -m window --space 1
${mod2} - 2 : yabai -m window --space 2
${mod2} - 3 : yabai -m window --space 3
${mod2} - 4 : yabai -m window --space 4
${mod2} - 5 : yabai -m window --space 5
${mod2} - 6 : yabai -m window --space 6
${mod2} - 7 : yabai -m window --space 7
# Switch spaces
ctrl - left : yabai -m space --focus prev
ctrl - right : yabai -m space --focus next
ctrl - 1 : yabai -m space --focus 1
ctrl - 2 : yabai -m space --focus 2
ctrl - 3 : yabai -m space --focus 3
ctrl - 4 : yabai -m space --focus 4
ctrl - 5 : yabai -m space --focus 5
ctrl - 6 : yabai -m space --focus 6
ctrl - 7 : yabai -m space --focus 7
# Resize windows
${mod2} - j : yabai -m window --resize bottom:0:20
${mod2} - k : yabai -m window --resize bottom:0:-20
${mod2} - h : yabai -m window --resize right:-20:0
${mod2} - l : yabai -m window --resize right:20:0
${mod2} - down : yabai -m window --resize bottom:0:20
${mod2} - up : yabai -m window --resize bottom:0:-20
${mod2} - left : yabai -m window --resize right:-20:0
${mod2} - right : yabai -m window --resize right:20:0
# Move windows to different displays
${mod2} + cmd - 1 : yabai -m window --display 1
${mod2} + cmd - 2 : yabai -m window --display 2
${mod2} + cmd - 3 : yabai -m window --display 3
# Fullscreen
${mod2} - f : yabai -m window --toggle zoom-fullscreen
${mod2} + shift - f : yabai -m window --toggle native-fullscreen
# Mirror layout
${mod2} - m : yabai -m space --mirror y-axis
# Misc.
${mod2} - b : yabai -m space --balance
${mod2} - space : yabai -m window --toggle float --grid 4:4:1:1:2:2
${mod2} - return : yabai -m window --toggle split
# Launch terminal
cmd - return : open -n -a ${pkgs.alacritty}/Applications/Alacritty.app
'';
};
services.sketchybar = {
enable = true;
package = pkgs.sketchybar;
# The config is handled outside of nix, and is placed in ~/.config/sketchybar
};
fonts.fonts = [
sketchybar-app-font
];
}

36
secrets/defiant/defiant.yaml Normal file
View File

@ -0,0 +1,36 @@
matrix:
synapse:
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
hedgedoc:
env: ENC[AES256_GCM,data:7UU8MNo3AEpG1L0lpbfow4mGsIj7qMgtldCxv2T8rimintl1PN+avb2yxXz2P+1MqxNhacYYfBn5AkVqUJvAvo/HaQmsu+M1iFuMG6vEQuMGZZ1bjcslKxjVFWe9Rxzb9O33jqielsBiUmkP7f0MoGzfdyncpRuGjge+ADL7YXdRdH2zyDLW0txM3P593MQYiGo9wzwb7ZpycX4NsuE=,iv:4QE4RwD6c7KQS/w15YP/P2u7iOTWd36/YhpA2Jtdu0U=,tag:QBvO3q5C9TK0oSeso367/Q==,type:str]
vaultwarden:
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQXEzMHQzaTU2YW85Yjhh
eDZ1eG15UytULzhYaTBZemlRak5USmVrMlhRCmtOUmNqYS9xa0VHU2J1V0E0NjN0
ZDRhek9xNXJNY0FhZUJCVjJpYW1ZNHcKLS0tIER3OFlyV2Q3b2l0RkkzVkZMaHdt
MHI3WEV0RnZvWGw5a3BIV21kMlJxdU0Kpa1mjuwYoyk8Qfsst1k/pGGONYQf/sdZ
kfTZV2btleBISsP5aBDTF+I4AJZesumJuNVA0gPsI88GaQuf3rqb8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRi9mRDMvcDhBN3RVcG90
Q2Y5NGhTVmVOaW9VRTl0R25QQXJsb2FQOTFrCnNsL0M2OTQ1KzJKSXJaVlVrL01v
R1RnOURGcDU3V2JldTdlRitQeDBIZE0KLS0tIHB2T3ZGQjZZRUlUL0FUSzhoZ1Ez
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-29T22:35:52Z"
mac: ENC[AES256_GCM,data:wLuNSHMesuGxoYH4km/NkX58JcZgXCoQW5veh+wL8A3vmWg+HGkcnWLxhGPetG4fhdORkurr+/l803Y3Fq79C5C3JyMSZEI5ba9LL9SLnJsTu9B+sro6DRp0xCX8kvY/Hfl23jsg8NcJ2QoiE0eHMJ5LftSydSNPefnkzSz70UU=,iv:r8Cv2kOf2T3WwXLpDyTVDG+O6RcIhv+juIteCgR+Zlc=,tag:EoaPXCOprA5yBtnyORmXvA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

41
secrets/janeway/janeway.yaml Normal file
View File

@ -0,0 +1,41 @@
matrix:
synapse:
registrationsecret: ENC[AES256_GCM,data:hXLNFkvMe21RlT1wgQvsBeyxtn+0yLK5bYUeMQbV/1bVtl6nvoInZ1qP7wz8MoWhFiAq1ZwxE2bjDfxXdkL8YSvNHlhdbFD1nJBP51mci9SQE/xLaMh7Aqtos0swdKw=,iv:uIxuhhaTpCRQQ/fP16J50cKCSbAD+KYO3a2kb70BX2M=,tag:EqD5jeZvCcJJCrBcG0YjsA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sjk38fy5dk2nn0q0rmxuvr9uw3ttgz7mq4632f8jllzqryft0y3s46j65k
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNHA3eFNxWjd4a2tOcEl3
Q3N3YXNSd0IrNm53QUtJWmFlNlRqb1ZsQ0VFCkZCanRYdEZZZWY4SFNWNDlBUEth
Umk0UkxReWhrTmw5RkxzTzhDdzQ5WTQKLS0tIDMyK2t6dTVPaWlGUjRRT3ZHSUJC
VjBsbEFiakZKL1BGMlp3TXM3SUhuRFUKEppZj9LpW2axFg6yN0R8i/GV8OywK9ha
NDDFqw1x+8e++Mec7uN737oYo3nsFZJG7pMxFbuXBol2RUfZ0GLuwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RGFnVE1Va2hYUWt4L0dk
QjY0cFl6Z2JjK0ZtNzRhZVNpQkRrOG9JKzE4CmhXZ0xiZkp3K3VXQnhSOExxTXZq
NjBVQlVBKzhJaFRKeFZ5OE13VVhlc1EKLS0tIFdaaFZ6ZnZZQkl1dW5sT0hkdjlN
M0F4TmtTeXVTeWdpUVdNNlNGTmZMOFUKCsULF8MXQ7DkTGpXVbiJtmErHK6ve08N
av/z7DlzdGeUhlL5Jk/jonGr0Ixhtlvn+MqrVFGBIB+6OqOi2eDX/Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWUNlOGZmZnRWMXprV2hV
OTNZdU02aVJBUlMwQTFFTnUzekFXTVBlYWs0CmtOYmhJRDlTSm42NFZoSEZlclhR
bFN6NEUwUG9jQ3d3Z2JzcWNIandOa1UKLS0tIDlwZVBIdi9LVjVsaFhNeEplNk4v
SzRrQ0hZMnZFWHRuTWErWDQ3M2NJOG8KDphp0PenVKK6cZ4V4VUHL5A64wNF0vi7
gkvXBWSakJX5ONssN2aaXTfoHY5QrRJG4Rj4ZM0Bdm7WrIPdBFONrw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-13T22:50:20Z"
mac: ENC[AES256_GCM,data:ktGFV+oNBMIKNCVLXZtrxn8HbvgjmXTRmAWuDQaNyMIIWvnTvd5IQBivG1kCimVr96RFl6RWTMWH4nqHVFlo0jxQfx8KUVXmaO7dfp4Ri+ZKMLu33HmLfwHiStnYRwPCAtwG/AXx9SXl0SAL5S+xHSl4mnShbyYfLAHibccYros=,iv:JeMtQ5uxYzpqr1eHZrLTNqhizjOCaixNg8VFcwjY2Y8=,tag:gHfRDBezAwzCqmEhayVYEg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

40
secrets/sarek/sarek.yaml Normal file
View File

@ -0,0 +1,40 @@
hedgedoc:
env: ENC[AES256_GCM,data:IE1Lp1Lx0ctKIyV9z0rJWIouaHvstEyhcFO6KLNliN2FHKYNlfggrXEwxT+UwNUvEyuN6p+nCOLc48pAxODLHdl+DuTtwmqb14lbiwS6s/CPxlkJvcUnkauFOhuk45qXOhu4rz9sdtA7vSjMXEGmi55bJNAB+AD+oIVgtDEYa/cNkAaGJltxClx3KjCyfmOnN69ZuL81ewOnk5dq8ms=,iv:HBdiT0I9vKgs0es3jluYP0j8lr0YS4seLQmZvj7Bs40=,tag:pqEjkBWeSMtA4QDXpYDKSg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc3lUVW1PNTNoRm4xbzBI
OTlBK1MzaHE1cU1UTEN2TkNlU3dVVXZSUXpBCjhISjdBSnZVSnhyckFoVXdJK3N1
cE9GanNRcExpckRJbEtPWkFvVFgwZ3MKLS0tIHhhb1A2dU5BbFpmK0d5Yi9yMDZY
c1lwVWNibW1PVTFEYlVkYzNKL2pmR3MK0WEvII7d3VUr53uFf/leic1JsALinG4G
PSXfzvhywVf+C1/YgE5HJH9pPhIDigLFins09UWt1RDVuwfdmXPJwA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMYkdUMmpDTmtzZHExT3RM
d3UxZy9DTzRjcHVrNHB6OTBNOHFkV25GV1JjCk1BU1poZ090U3ZJV0xuMEdIcDE0
MHYrbk9VYWlsdWg0bmpVY1pVUmJFTm8KLS0tIExoUG9aMy8rWlBvUXNZcGhUd0FC
dEpEWEJZdTMrOTZxVU1JcFN6Nlo5QzQKdo4cKvw7fBmGqsi2ALOEbdRVngzPGhte
5AC1PAX85a8r6DA/8etSKjXVh/wEdEs85+qKDgKKJSNqNG+nlzF+wQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxYU05cHJOUkZib3B3UHc3
dDdDTUlFK1pudHFubTNLMTQ3WDZKeERCRld3ClhCOVpEcjhDQWt6NGxDMXNVSlk0
QVhSdnFRc2hqZmZQUEFVR25BNWdYMDQKLS0tICt0bXp6SXpqbFlTdkxWMGlGK0Nw
enQ5UjA2ZVBGcUFCenhYckVjanVOeE0KT0NPv0yGmreBQzozp9z5tOtY9Awo5ajs
y00uxfBVUgQkhNYCUQ5j9vzMv2U5vDncHox07rEl7YqdlzjJzbuupA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-05T21:56:24Z"
mac: ENC[AES256_GCM,data:7n8WFY6fWEwEeF91CNzDbqJm/hx+Nm+A+uKmHN5r9zbwgkKNPuf+aX3bACkGDyI/B2XN6TxEGl3Gc2MnF3ZTazbRkaZE06gS3bPmosHIZkw1CCkJdgD5KM5y8Nffj4Dzdmu86Z1W74FkV29aAFF1BtYSRalBCJ+2kxWabSPTT2Y=,iv:mfpwBmI11ysnIK+xPt8J3n7FEWedRS1WW5HxTmGxCas=,tag:X8gUuKw+tRTm82NvhC5grw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

44
secrets/voyager/voyager.yaml
View File

@ -8,19 +8,14 @@
#ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment] #ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment]
#ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment] #ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment]
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment] #ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
hedgedoc:
env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
transmission: transmission:
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str] vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
matrix:
synapse:
registrationsecret: ENC[AES256_GCM,data:lrj4itbDdfwSJYlvgYbWy2bcgNj69DJA2gzLUiN2AINRfoprsZI7kbNvJO0E2FVPWrfcB6HSHqomgIi6G+77NoyPOSTzzI6aHMvt4Ups6/KpQFpR2QV3VykzADoagWs=,iv:GiuT4lAD8/ZPgTVwXUaHmjSvzHqnGPzAuwxFBlzU8O0=,tag:79tuTluST8E6gigm9Z7nEQ==,type:str]
wireguard: wireguard:
wg0: wg0:
public: ENC[AES256_GCM,data:jKkYH9giZJ09/hFWF0UgM8TSvQ/qrkSbhCOhHG5Ze2WI8MLZaNzZMQSgWHM=,iv:VI48j/DzQez+L4oW2vUHj8FqDpTAd5P/71ih4D/3I54=,tag:9m23ruMSkFsTbxj9dAD9eg==,type:str] public: ENC[AES256_GCM,data:jKkYH9giZJ09/hFWF0UgM8TSvQ/qrkSbhCOhHG5Ze2WI8MLZaNzZMQSgWHM=,iv:VI48j/DzQez+L4oW2vUHj8FqDpTAd5P/71ih4D/3I54=,tag:9m23ruMSkFsTbxj9dAD9eg==,type:str]
private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str] private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str]
vaultwarden: nextcloud:
admintoken: ENC[AES256_GCM,data:mJDiu0tgJQmvmJcJMULmctJvPN6/uM9VaoigHOMFkve9Vd3IMrpDmyJq+ibLpul+hw4PlLARjRzOxdZVcX7AB+uOOOrypppOIfvYC6U=,iv:YcyYLEHeIsCchcEy+fOMiQi8Cgf24AwQDpL7fhogNEU=,tag:1SqpNvuPhfjYIjvvRV34/Q==,type:str] adminpass: ENC[AES256_GCM,data:r2Z6KsQ1hP90/Bf8J804a5D7BTS7,iv:f3TkiPVxw8lAPcyStWqOZuhF4p/5nUPkzL2j/yjsnyg=,tag:c2JWdxZUjkHQWNWDILBrRQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -30,23 +25,32 @@ sops:
- recipient: age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu - recipient: age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZml2bXBjSUYrMW5RcnFl YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOUxoemtPaURCdGdhSmc4
MTRzM1p2L1JMTGJCamk1RHczOStQUjlFSDFzCmdGTDYrYUhJUjAyYWdkclgwazNt RWZKNlduSVQxTmJPQ29YVDFIUHQ0bTkvdVJJCjgySTFKd1kvVk1pbnJCbi9JWENW
UWVqY0JxYXh3cXVyNjlSZ2h6c0R4REEKLS0tIDZHY0F6M0lOZ1JRelp3Umx0aW4x MmxhVGVtanNWNGppZ1dPcjJSdmhYdXcKLS0tIGRTSGxvelZwbE9sR0JpeExSaStE
cjRUa2szZGZuSnhjd3hCNmYvV0tXTmMKlYuaUIvwTv8NpaoBYVva4jbRemkFTdfU dytwYnN5bkt5b0lla0ljcW15bU1NMWsKimYSeyPLuqVE2hTh8PNZwI1+Rq/cR10i
yP4J5RyUry83aVlHFQ2f7neBpWc6A2rePl3XuEQxSggl13hh71H+nw== nJuRRCuL01ACJVypn57k6/wakLO84/+dyjazrjleUsEpQB2K3wBAkg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw - recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOG5GSDd4R09mZ2QvT0dy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1RDeDE3UytQWlhJcStD
YnIxMWNBL3huMXNmcjV0a1VlS0FxS1JtSFVjCmthenVlYytjZklxNk43YlR5NExG djVTM09UK3FBQThhc1BvWVhBeEVPU2RTdUcwCnNQcnlScnhUUmpSV2tnWGZSam1H
aVQ2K1ZsbHdWTm91d1JvNDVsYW1FSEkKLS0tIFpTeG1zcVRpWWlWUE1abllKR1BW cTdIZ0tiR3lvaWUzSVE2OUI0Q1FGYVEKLS0tIDlRdkpmSGk2UFRxclQ5b2lJRG5y
THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh b3BLS0o4WXQxdW1PR0dPa0NLamJOTEEKY66UiTF6+hJtfMB8tPge8Xaz9riB2veK
u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g== WEsq72StufeZDjGxkhAGOTZHg9poG6YgBFnt+PMbe9DACfVbAfPP2Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-08T21:22:10Z" - recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str] enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NXBlZk5DbW1VSHBPZVBq
UmVDNU9tMkdHMW04aloyQlpCUHdCS1JYcWpzCmRXNnFzSnFNZ2ZIVXJRMGJvaVV6
WitBeGorNU5Mb2VWRE5WTkx6dzQ5QUkKLS0tIHhVM1lmbkNBWXExUlBXd0pzTHVD
NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-03T11:58:32Z"
mac: ENC[AES256_GCM,data:17G+wUFH0yV9dQo7kLoMiI7UMBVfj8HbqE0p26/LZ5N0wbLyXKt5YdXQPG8rC22fgHdgePFgIl6qxI2KWgy0bwgBtg9kTxjaKDHkdEs8KKTxbjUXYeIp2JonIH9j3GgN/wa7kABr4QyhDmKhlLupi0ea2A51fDSuhYZDN2kl5As=,iv:XNhmnQJEww6PfHI80bl8LKoiiJdJQcezy71kQZx4oys=,tag:02+GjhSRxw4+qNNjlxPbqA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1

61
shells/ctf.nix Normal file
View File

@ -0,0 +1,61 @@
let
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
in { pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
nativeBuildInputs = with pkgs; [
python3
(with python3Packages; [
beautifulsoup4
numpy
pillow
pwntools
pycryptodome
requests
])
nodejs
php
bat
binwalk
coreutils
gnugrep
gnutar
ripgrep
curl
#sxiv
feh
ghidra
pwninit
metasploit
sqlmap
exiftool
steghide
# stegsolve
dig
nmap
rustscan
thc-hydra
# davtest
# cadaver
httpie
john
hashcat
] ++ lib.optionals (pkgs.stdenv.isLinux) [
sage
gdb
pwndbg
ropgadget
ropper
wireshark
tcpdump
];
}