Compare commits
75 Commits
f80d75db7a
...
024e67f6cf
Author | SHA1 | Date |
---|---|---|
Felix Albrigtsen | 024e67f6cf | |
Felix Albrigtsen | 48a03b9af3 | |
Felix Albrigtsen | 2ad5c53abd | |
Felix Albrigtsen | 2957af19b5 | |
Felix Albrigtsen | 3c2ca93725 | |
Felix Albrigtsen | de481fadbd | |
Felix Albrigtsen | 65588566ec | |
Felix Albrigtsen | b5fbacf353 | |
Felix Albrigtsen | 08c34c2b99 | |
Felix Albrigtsen | 7a55c25add | |
Felix Albrigtsen | 1395285184 | |
Felix Albrigtsen | 2b78818dd1 | |
Felix Albrigtsen | 187e61a942 | |
Felix Albrigtsen | 6f0c449648 | |
Felix Albrigtsen | 8f4dfe7251 | |
Felix Albrigtsen | 6b22ce630f | |
Felix Albrigtsen | 35a2f1f4fd | |
Felix Albrigtsen | 6137e829b4 | |
Felix Albrigtsen | f8e9d5b20a | |
Felix Albrigtsen | d7141187a0 | |
Felix Albrigtsen | a1a5ca0466 | |
Felix Albrigtsen | 7af1688fb7 | |
Felix Albrigtsen | 0c6923bae6 | |
Felix Albrigtsen | becd1f7a77 | |
Felix Albrigtsen | ef0865e42c | |
Felix Albrigtsen | fd76930f3b | |
Felix Albrigtsen | 7764ba6abb | |
Felix Albrigtsen | 554dded213 | |
Felix Albrigtsen | aad746338a | |
Felix Albrigtsen | 8b577024a0 | |
Felix Albrigtsen | c3e09c0b7c | |
Felix Albrigtsen | fc1aa2468f | |
Felix Albrigtsen | f108b0cad2 | |
Felix Albrigtsen | d321a40cbc | |
Felix Albrigtsen | 1496eadc02 | |
Felix Albrigtsen | 1161ce68f3 | |
Felix Albrigtsen | de9a701f7d | |
Felix Albrigtsen | b69e3f7352 | |
Felix Albrigtsen | 621dfaf8cc | |
Felix Albrigtsen | 29af401712 | |
Felix Albrigtsen | 84fcb581eb | |
Felix Albrigtsen | 130cf2454a | |
Felix Albrigtsen | a12250f9e6 | |
Felix Albrigtsen | 5a55fa3bb1 | |
Felix Albrigtsen | 14a9479482 | |
Felix Albrigtsen | 25b4755227 | |
Felix Albrigtsen | e67906aa47 | |
Felix Albrigtsen | b01e7aa19c | |
Felix Albrigtsen | 78ea6488c8 | |
Felix Albrigtsen | 54dfb01236 | |
Felix Albrigtsen | aee4ce0099 | |
Felix Albrigtsen | 73e4b0a658 | |
Felix Albrigtsen | 5e03fd3019 | |
Felix Albrigtsen | 29e3e5413a | |
Felix Albrigtsen | 251dd42b27 | |
Felix Albrigtsen | 57f5808ed2 | |
Felix Albrigtsen | 59a24b2043 | |
Felix Albrigtsen | cd90d88972 | |
Felix Albrigtsen | c43b1c1bf6 | |
Felix Albrigtsen | a367bcea17 | |
Felix Albrigtsen | 040e088a60 | |
Felix Albrigtsen | 31c4e373b9 | |
Felix Albrigtsen | 23ffa63687 | |
Felix Albrigtsen | c1dfb2d09a | |
Felix Albrigtsen | 0257578e50 | |
Felix Albrigtsen | 86fbd85038 | |
Felix Albrigtsen | 17dc3d9e67 | |
Felix Albrigtsen | ff36b3de6d | |
Felix Albrigtsen | f09ffaff15 | |
Felix Albrigtsen | 7b6131a114 | |
Felix Albrigtsen | 80c4f39bd8 | |
Felix Albrigtsen | 7f76b412dd | |
Felix Albrigtsen | eb118745a2 | |
Felix Albrigtsen | 344d447b8e | |
Felix Albrigtsen | 0f7361260c |
|
@ -1,2 +1,3 @@
|
||||||
result
|
result
|
||||||
/secrets_tmp/
|
/secrets_tmp/
|
||||||
|
*.drv
|
||||||
|
|
12
.sops.yaml
12
.sops.yaml
|
@ -1,12 +1,15 @@
|
||||||
keys:
|
keys:
|
||||||
- &user_felixalb age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
- &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
||||||
|
- &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||||
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
||||||
|
- &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
# Global secrets
|
# Global secrets
|
||||||
- path_regex: secrets/[^/]+\.yaml$
|
- path_regex: secrets/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
- *user_felixalb_old
|
||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
|
|
||||||
# Host specific secrets
|
# Host specific secrets
|
||||||
|
@ -14,4 +17,11 @@ creation_rules:
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *host_voyager
|
- *host_voyager
|
||||||
|
- *user_felixalb_old
|
||||||
|
- *user_felixalb
|
||||||
|
|
||||||
|
- path_regex: secrets/defiant/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *host_defiant
|
||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
|
|
15
README.md
15
README.md
|
@ -1,15 +1,14 @@
|
||||||
# Work In Progress!
|
## Felixalbs nixos config
|
||||||
Notice, these things might be missing:
|
|
||||||
- Functionality
|
Contains configurations for some nixos servers, some nixos desktops and a [nix-darwin](https://github.com/LnL7/nix-darwin) host.
|
||||||
- Style
|
Secrets are managed with [sops-nix](https://github.com/Mic92/sops-nix).
|
||||||
- Safety
|
|
||||||
|
|
||||||
### Build:
|
### Build:
|
||||||
- Build locally on another machine (verify)
|
- Build locally on another machine:
|
||||||
```
|
```
|
||||||
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.chapel.config.system.build.toplevel"
|
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.sarek.config.system.build.toplevel"
|
||||||
```
|
```
|
||||||
(replace "chapel" with the hostname)
|
(replace "sarek" with the hostname)
|
||||||
|
|
||||||
- Build, install and switch on the actual target
|
- Build, install and switch on the actual target
|
||||||
```
|
```
|
||||||
|
|
36
base.nix
36
base.nix
|
@ -1,13 +1,13 @@
|
||||||
{ config, lib, pkgs, inputs, values, ... }:
|
{ config, lib, pkgs, inputs, values, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
domain = "home.feal.no";
|
domain = "home.feal.no";
|
||||||
useDHCP = false;
|
nameservers = [ "192.168.10.175" "192.168.10.1" "1.1.1.1" ];
|
||||||
|
useDHCP = lib.mkDefault false;
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/Oslo";
|
time.timeZone = "Europe/Oslo";
|
||||||
|
@ -15,7 +15,7 @@
|
||||||
|
|
||||||
console = {
|
console = {
|
||||||
font = "Lat2-Terminus16";
|
font = "Lat2-Terminus16";
|
||||||
keyMap = "no";
|
keyMap = lib.mkDefault "no";
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
@ -24,7 +24,11 @@
|
||||||
options = "--delete-older-than 2d";
|
options = "--delete-older-than 2d";
|
||||||
};
|
};
|
||||||
|
|
||||||
settings.experimental-features = ["nix-command" "flakes"];
|
settings = {
|
||||||
|
experimental-features = ["nix-command" "flakes"];
|
||||||
|
trusted-users = [ "felixalb" ];
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
};
|
||||||
|
|
||||||
registry= {
|
registry= {
|
||||||
nixpkgs.flake = inputs.nixpkgs;
|
nixpkgs.flake = inputs.nixpkgs;
|
||||||
|
@ -36,12 +40,16 @@
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
wget
|
bat
|
||||||
git
|
|
||||||
tree
|
|
||||||
rsync
|
|
||||||
bottom
|
bottom
|
||||||
|
git
|
||||||
|
gnugrep
|
||||||
|
gnutar
|
||||||
ripgrep
|
ripgrep
|
||||||
|
rsync
|
||||||
|
tree
|
||||||
|
eza
|
||||||
|
wget
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -60,14 +68,22 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
|
||||||
users.users.felixalb = {
|
users.users.felixalb = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = [ "wheel" ];
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"docker"
|
||||||
|
];
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiPHhj0YbklJnJNcxD0IlzPxLTGfv095H5zyS/1Wb64 felixalb@edison.home.feal.no"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5M7hYl3saBNMAo6sczgfUvASEJWFHuERB7xvf4gxst nix-builder-worf"
|
||||||
];
|
];
|
||||||
|
shell = pkgs.zsh;
|
||||||
};
|
};
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,13 +7,13 @@
|
||||||
enabledCollectors = [ "systemd" ];
|
enabledCollectors = [ "systemd" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.prometheus-node-exporter.serviceConfig = {
|
networking.firewall = {
|
||||||
# TODO: Define allowed IPs
|
# TODO: Move this into the node-exporter systemd service
|
||||||
# IPAddressDeny = "any";
|
allowedTCPPorts = [ 9100 ];
|
||||||
# IPAddressAllow = [
|
extraCommands = ''
|
||||||
# values.chapel.ipv4
|
iptables -A INPUT -p tcp -m tcp --source 192.168.10.175/32 --dport 9100 -j ACCEPT
|
||||||
# values.chapel.ipv6
|
iptables -A INPUT -p tcp -m tcp --dport 9100 -j DROP
|
||||||
# ];
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
services.promtail = {
|
services.promtail = {
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
};
|
};
|
||||||
clients = [
|
clients = [
|
||||||
{
|
{
|
||||||
url = "http://voyager.home.feal.no:3100/loki/api/v1/push";
|
url = "http://grafana.home.feal.no:3100/loki/api/v1/push";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
scrape_configs = [
|
scrape_configs = [
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
{ lib, stdenvNoCC, fetchurl }:
|
||||||
|
|
||||||
|
stdenvNoCC.mkDerivation rec {
|
||||||
|
name = "sketchybar-app-font";
|
||||||
|
version = "1.0.20";
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://github.com/kvndrsslr/sketchybar-app-font/releases/download/v${version}/sketchybar-app-font.ttf";
|
||||||
|
hash = "sha256-pf3SSxzlNIdbXXHfRauFCnrVUMOd5J9sSUE9MsfWrwo=";
|
||||||
|
};
|
||||||
|
phases = [ "installPhase" ];
|
||||||
|
installPhase = ''
|
||||||
|
install -Dm644 $src $out/share/fonts/sketchybar-app-font/Regular.ttf
|
||||||
|
'';
|
||||||
|
}
|
220
flake.lock
220
flake.lock
|
@ -1,28 +1,157 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"nixpkgs": {
|
"flake-compat": {
|
||||||
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687573514,
|
"lastModified": 1673956053,
|
||||||
"narHash": "sha256-jek0ezqxfiFPALhimRDBzgGOSgDv7ExZFhPDmAXoIsw=",
|
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||||
"owner": "NixOS",
|
"owner": "edolstra",
|
||||||
"repo": "nixpkgs",
|
"repo": "flake-compat",
|
||||||
"rev": "3ef8b37f59cf2e0b57371df726f3c0ecacfa0e73",
|
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "edolstra",
|
||||||
"ref": "nixos-23.05-small",
|
"repo": "flake-compat",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681202837,
|
||||||
|
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"home-manager": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703367386,
|
||||||
|
"narHash": "sha256-FMbm48UGrBfOWGt8+opuS+uLBLQlRfhiYXhHNcYMS5k=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"rev": "d5824a76bc6bb93d1dce9ebbbcb09a9b6abcc224",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"ref": "release-23.11",
|
||||||
|
"repo": "home-manager",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"matrix-synapse-next": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1701507532,
|
||||||
|
"narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
|
||||||
|
"owner": "dali99",
|
||||||
|
"repo": "nixos-matrix-modules",
|
||||||
|
"rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "dali99",
|
||||||
|
"repo": "nixos-matrix-modules",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-darwin": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703649338,
|
||||||
|
"narHash": "sha256-n2MkBotGgTQsfB+wH09R+otBwYCvGCsnHX7eUMGkKL0=",
|
||||||
|
"owner": "lnl7",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"rev": "8a8321271f0835fae2cb195e1137cb381fdbcc8e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "lnl7",
|
||||||
|
"ref": "master",
|
||||||
|
"repo": "nix-darwin",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-minecraft": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": "flake-compat",
|
||||||
|
"flake-utils": "flake-utils",
|
||||||
|
"nixpkgs": "nixpkgs"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703812100,
|
||||||
|
"narHash": "sha256-JN8qbWz6OPEEPwP+AmfAmlhPE19RqUqND6hGAeK2Od0=",
|
||||||
|
"owner": "Infinidoge",
|
||||||
|
"repo": "nix-minecraft",
|
||||||
|
"rev": "7d23e6f5635499a34d09950981cf42bb072f4fa2",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Infinidoge",
|
||||||
|
"repo": "nix-minecraft",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1698318101,
|
||||||
|
"narHash": "sha256-gUihHt3yPD7bVqg+k/UVHgngyaJ3DMEBchbymBMvK1E=",
|
||||||
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
|
"rev": "63678e9f3d3afecfeafa0acead6239cdb447574c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nixos",
|
||||||
|
"ref": "nixos-unstable",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-lib": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1673743903,
|
||||||
|
"narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixpkgs.lib",
|
||||||
|
"rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nixpkgs.lib",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687031877,
|
"lastModified": 1703351344,
|
||||||
"narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
|
"narHash": "sha256-9FEelzftkE9UaJ5nqxidaJJPEhe9TPhbypLHmc2Mysc=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99",
|
"rev": "7790e078f8979a9fcd543f9a47427eeaba38f268",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -32,11 +161,32 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1703467016,
|
||||||
|
"narHash": "sha256-/5A/dNPhbQx/Oa2d+Get174eNI3LERQ7u6WTWOlR1eQ=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "d02d818f22c777aa4e854efc3242ec451e5d462a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "NixOS",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs",
|
"home-manager": "home-manager",
|
||||||
|
"matrix-synapse-next": "matrix-synapse-next",
|
||||||
|
"nix-darwin": "nix-darwin",
|
||||||
|
"nix-minecraft": "nix-minecraft",
|
||||||
|
"nixpkgs": "nixpkgs_2",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"unstable": "unstable"
|
"unstable": "unstable",
|
||||||
|
"voyager-addons": "voyager-addons"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"sops-nix": {
|
"sops-nix": {
|
||||||
|
@ -47,11 +197,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687398569,
|
"lastModified": 1703387502,
|
||||||
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
|
"narHash": "sha256-JnWuQmyanPtF8c5yAEFXVWzaIlMxA3EAZCh8XNvnVqE=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "2ff6973350682f8d16371f8c071a304b8067f192",
|
"rev": "e523e89763ff45f0a6cf15bcb1092636b1da9ed3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -60,21 +210,51 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1687639213,
|
"lastModified": 1703438236,
|
||||||
"narHash": "sha256-m/jb2D62UXMPy8LeiF39/qGbDBpNpix/h7ne1EXRl9M=",
|
"narHash": "sha256-aqVBq1u09yFhL7bj1/xyUeJjzr92fXVvQSSEx6AdB1M=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8eef75145e6c3beada369aee48bd9c2c3a4dee88",
|
"rev": "5f64a12a728902226210bf01d25ec6cbb9d9265b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-unstable-small",
|
"ref": "nixos-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
"voyager-addons": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1704460893,
|
||||||
|
"narHash": "sha256-rK+GBsfkua1Ou4YHcpQciDOdeS3q23GfTit2SddgTv0=",
|
||||||
|
"ref": "refs/heads/main",
|
||||||
|
"rev": "238bcd33b3e2562fcf76f86348909990ddc3d6cc",
|
||||||
|
"revCount": 3,
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@git.feal.no:2222/felixalb/voyager-addons.git"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "ssh://git@git.feal.no:2222/felixalb/voyager-addons.git"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
92
flake.nix
92
flake.nix
|
@ -2,16 +2,36 @@
|
||||||
description = "Felixalb System flake";
|
description = "Felixalb System flake";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05-small";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||||
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
|
nix-darwin.url = "github:lnl7/nix-darwin/master";
|
||||||
|
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
home-manager.url = "github:nix-community/home-manager/release-23.11";
|
||||||
|
home-manager.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
|
matrix-synapse-next.url = "github:dali99/nixos-matrix-modules";
|
||||||
|
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
|
||||||
|
|
||||||
|
voyager-addons.url = "git+ssh://git@git.feal.no:2222/felixalb/voyager-addons.git";
|
||||||
|
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, unstable, sops-nix, ... }@inputs:
|
outputs = {
|
||||||
|
self
|
||||||
|
, home-manager
|
||||||
|
, matrix-synapse-next
|
||||||
|
, nix-minecraft
|
||||||
|
, nix-darwin
|
||||||
|
, nixpkgs
|
||||||
|
, sops-nix
|
||||||
|
, unstable
|
||||||
|
, voyager-addons
|
||||||
|
, ... }@inputs:
|
||||||
let
|
let
|
||||||
system = "x86_64-linux";
|
|
||||||
overlay-unstable = final: prev: {
|
overlay-unstable = final: prev: {
|
||||||
unstable = unstable.legacyPackages.${prev.system};
|
unstable = unstable.legacyPackages.${prev.system};
|
||||||
};
|
};
|
||||||
|
@ -19,7 +39,7 @@
|
||||||
{
|
{
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
voyager = nixpkgs.lib.nixosSystem {
|
voyager = nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
system = "x86_64-linux";
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
|
@ -28,21 +48,54 @@
|
||||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||||
|
|
||||||
./hosts/voyager/configuration.nix
|
./hosts/voyager/configuration.nix
|
||||||
|
voyager-addons.nixosModules.default
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
|
home-manager.nixosModules.home-manager {
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users."felixalb" = import ./hosts/voyager/home.nix;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
chapel = nixpkgs.lib.nixosSystem {
|
defiant = nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
system = "x86_64-linux";
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/chapel/configuration.nix
|
# Overlays-module makes "pkgs.unstable" available in configuration.nix
|
||||||
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||||
|
|
||||||
|
./hosts/defiant/configuration.nix
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
|
matrix-synapse-next.nixosModules.default
|
||||||
|
home-manager.nixosModules.home-manager {
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users."felixalb" = import ./hosts/defiant/home.nix;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
edison = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs;
|
||||||
|
};
|
||||||
|
modules = [
|
||||||
|
# Overlays-module makes "pkgs.unstable" available in configuration.nix
|
||||||
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||||
|
|
||||||
|
./hosts/edison/configuration.nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
home-manager.nixosModules.home-manager {
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users."felixalb" = import ./hosts/edison/home.nix;
|
||||||
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
redshirt = nixpkgs.lib.nixosSystem {
|
redshirt = nixpkgs.lib.nixosSystem {
|
||||||
inherit system;
|
system = "x86_64-linux";
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
};
|
};
|
||||||
|
@ -54,8 +107,29 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
darwinConfigurations.worf = nix-darwin.lib.darwinSystem {
|
||||||
|
system = "aarch64-darwin";
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs;
|
||||||
|
};
|
||||||
|
modules = [
|
||||||
|
./hosts/worf/configuration.nix
|
||||||
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
|
||||||
|
home-manager.darwinModules.home-manager {
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
|
home-manager.useUserPackages = true;
|
||||||
|
home-manager.users."felixalb" = import ./hosts/worf/home.nix;
|
||||||
|
}
|
||||||
|
# sops-nix.nixosModules.sops
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
devShells.x86_64-linux = {
|
devShells.x86_64-linux = {
|
||||||
default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./shell.nix { };
|
default = nixpkgs.legacyPackages.x86_64-linux.callPackage ./shell.nix { };
|
||||||
};
|
};
|
||||||
|
|
||||||
|
devShells.aarch64-darwin = {
|
||||||
|
default = nixpkgs.legacyPackages.aarch64-darwin.callPackage ./shell.nix { };
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,334 @@
|
||||||
|
{ pkgs, lib, inputs, config, ...}:
|
||||||
|
{
|
||||||
|
programs.alacritty = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
env = {
|
||||||
|
TERM = "xterm-256color";
|
||||||
|
};
|
||||||
|
|
||||||
|
window = {
|
||||||
|
padding = {
|
||||||
|
x = 4;
|
||||||
|
y = 4;
|
||||||
|
};
|
||||||
|
|
||||||
|
decorations = "none"; # full/none/transparent/buttonless
|
||||||
|
|
||||||
|
# Transparency:
|
||||||
|
# opacity = 0.95;
|
||||||
|
};
|
||||||
|
|
||||||
|
scrolling = {
|
||||||
|
history = 9999;
|
||||||
|
multiplier = 3;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Font configuration (changes require restart)
|
||||||
|
font = {
|
||||||
|
normal = {
|
||||||
|
family = "Hack Nerd Font Mono";
|
||||||
|
style = "Regular";
|
||||||
|
};
|
||||||
|
|
||||||
|
bold = {
|
||||||
|
family = "Hack Nerd Font Mono";
|
||||||
|
style = "Bold";
|
||||||
|
};
|
||||||
|
|
||||||
|
italic = {
|
||||||
|
family = "Hack Nerd Font Mono";
|
||||||
|
style = "Italic";
|
||||||
|
};
|
||||||
|
|
||||||
|
size = 14;
|
||||||
|
};
|
||||||
|
|
||||||
|
draw_bold_text_with_bright_colors = true;
|
||||||
|
|
||||||
|
colors = {
|
||||||
|
# # Tomorrow Night Bright
|
||||||
|
# primary = {
|
||||||
|
# background = "0x141414";
|
||||||
|
# foreground = "0xeaeaea";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# cursor = {
|
||||||
|
# text = "0x000000";
|
||||||
|
# cursor = "0xffffff";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# normal = {
|
||||||
|
# black = "0x000000";
|
||||||
|
# red = "0xd54e53";
|
||||||
|
# green = "0x82de37";
|
||||||
|
# yellow = "0xe6c547";
|
||||||
|
# blue = "0x7aa6da";
|
||||||
|
# magenta = "0xc397d8";
|
||||||
|
# cyan = "0x70c0ba";
|
||||||
|
# white = "0xffffff";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# bright = {
|
||||||
|
# black = "0x666666";
|
||||||
|
# red = "0xff3334";
|
||||||
|
# green = "0x8bd45d";
|
||||||
|
# yellow = "0xe7c547";
|
||||||
|
# blue = "0x7aa6da";
|
||||||
|
# magenta = "0xb77ee0";
|
||||||
|
# cyan = "0x54ced6";
|
||||||
|
# white = "0xffffff";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# Nord:
|
||||||
|
primary = {
|
||||||
|
background = "0x2e3440";
|
||||||
|
foreground = "0xd8dee9";
|
||||||
|
dim_foreground = "0xa5abb6";
|
||||||
|
};
|
||||||
|
|
||||||
|
cursor = {
|
||||||
|
text = "0x2e3440";
|
||||||
|
cursor = "0xd8dee9";
|
||||||
|
};
|
||||||
|
|
||||||
|
vi_mode_cursor = {
|
||||||
|
text = "0x2e3440";
|
||||||
|
cursor = "0xd8dee9";
|
||||||
|
};
|
||||||
|
|
||||||
|
selection = {
|
||||||
|
text = "CellForeground";
|
||||||
|
background = "0x4c566a";
|
||||||
|
};
|
||||||
|
|
||||||
|
normal = {
|
||||||
|
black = "0x3b4252";
|
||||||
|
red = "0xbf616a";
|
||||||
|
green = "0xa3be8c";
|
||||||
|
yellow = "0xebcb8b";
|
||||||
|
blue = "0x81a1c1";
|
||||||
|
magenta = "0xb48ead";
|
||||||
|
cyan = "0x88c0d0";
|
||||||
|
white = "0xe5e9f0";
|
||||||
|
};
|
||||||
|
|
||||||
|
bright = {
|
||||||
|
black = "0x4c566a";
|
||||||
|
red = "0xbf616a";
|
||||||
|
green = "0xa3be8c";
|
||||||
|
yellow = "0xebcb8b";
|
||||||
|
blue = "0x81a1c1";
|
||||||
|
magenta = "0xb48ead";
|
||||||
|
cyan = "0x8fbcbb";
|
||||||
|
white = "0xeceff4";
|
||||||
|
};
|
||||||
|
|
||||||
|
dim = {
|
||||||
|
black = "0x373e4d";
|
||||||
|
red = "0x94545d";
|
||||||
|
green = "0x809575";
|
||||||
|
yellow = "0xb29e75";
|
||||||
|
blue = "0x68809a";
|
||||||
|
magenta = "0x8c738c";
|
||||||
|
cyan = "0x6d96a5";
|
||||||
|
white = "0xaeb3bb";
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Indexed Colors
|
||||||
|
#
|
||||||
|
# The indexed colors include all colors from 16 to 256.
|
||||||
|
# When these are not set, they're filled with sensible defaults.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# `- { index: 16, color: '0xff00ff' }`
|
||||||
|
#
|
||||||
|
# indexed_colors: []
|
||||||
|
};
|
||||||
|
|
||||||
|
visual_bell = {
|
||||||
|
animation = "EaseOutExpo";
|
||||||
|
color = "0xffffff";
|
||||||
|
duration = 200;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Key bindings
|
||||||
|
#
|
||||||
|
# Key bindings are specified as a list of objects. Each binding will specify a
|
||||||
|
# key and modifiers required to trigger it, terminal modes where the binding is
|
||||||
|
# applicable, and what should be done when the key binding fires. It can either
|
||||||
|
# send a byte sequence to the running application (`chars`), execute a
|
||||||
|
# predefined action (`action`) or fork and execute a specified command plus
|
||||||
|
# arguments (`command`).
|
||||||
|
#
|
||||||
|
# Bindings are always filled by default, but will be replaced when a new binding
|
||||||
|
# with the same triggers is defined. To unset a default binding, it can be
|
||||||
|
# mapped to the `None` action.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# `- { key: V, mods: Control|Shift, action: Paste }`
|
||||||
|
#
|
||||||
|
# Available fields:
|
||||||
|
# - key
|
||||||
|
# - mods (optional)
|
||||||
|
# - chars | action | command (exactly one required)
|
||||||
|
# - mode (optional)
|
||||||
|
#
|
||||||
|
# Values for `key`:
|
||||||
|
# - `A` -> `Z`
|
||||||
|
# - `F1` -> `F12`
|
||||||
|
# - `Key1` -> `Key0`
|
||||||
|
#
|
||||||
|
# A full list with available key codes can be found here:
|
||||||
|
# https://docs.rs/glutin/*/glutin/enum.VirtualKeyCode.html#variants
|
||||||
|
#
|
||||||
|
# Instead of using the name of the keys, the `key` field also supports using
|
||||||
|
# the scancode of the desired key. Scancodes have to be specified as a
|
||||||
|
# decimal number.
|
||||||
|
# This command will allow you to display the hex scancodes for certain keys:
|
||||||
|
# `showkey --scancodes`
|
||||||
|
#
|
||||||
|
# Values for `mods`:
|
||||||
|
# - Command
|
||||||
|
# - Control
|
||||||
|
# - Option
|
||||||
|
# - Super
|
||||||
|
# - Shift
|
||||||
|
# - Alt
|
||||||
|
#
|
||||||
|
# Multiple `mods` can be combined using `|` like this: `mods: Control|Shift`.
|
||||||
|
# Whitespace and capitalization is relevant and must match the example.
|
||||||
|
#
|
||||||
|
# Values for `chars`:
|
||||||
|
# The `chars` field writes the specified string to the terminal. This makes
|
||||||
|
# it possible to pass escape sequences.
|
||||||
|
# To find escape codes for bindings like `PageUp` ("\x1b[5~"), you can run
|
||||||
|
# the command `showkey -a` outside of tmux.
|
||||||
|
# Note that applications use terminfo to map escape sequences back to
|
||||||
|
# keys. It is therefore required to update the terminfo when
|
||||||
|
# changing an escape sequence.
|
||||||
|
#
|
||||||
|
# Values for `action`:
|
||||||
|
# - Paste
|
||||||
|
# - PasteSelection
|
||||||
|
# - Copy
|
||||||
|
# - IncreaseFontSize
|
||||||
|
# - DecreaseFontSize
|
||||||
|
# - ResetFontSize
|
||||||
|
# - ScrollPageUp
|
||||||
|
# - ScrollPageDown
|
||||||
|
# - ScrollLineUp
|
||||||
|
# - ScrollLineDown
|
||||||
|
# - ScrollToTop
|
||||||
|
# - ScrollToBottom
|
||||||
|
# - ClearHistory
|
||||||
|
# - Hide
|
||||||
|
# - Quit
|
||||||
|
# - ClearLogNotice
|
||||||
|
# - SpawnNewInstance
|
||||||
|
# - ToggleFullscreen
|
||||||
|
# - None
|
||||||
|
#
|
||||||
|
# Values for `action` (macOS only):
|
||||||
|
# - ToggleSimpleFullscreen: Enters fullscreen without occupying another space
|
||||||
|
#
|
||||||
|
# Values for `command`:
|
||||||
|
# The `command` field must be a map containing a `program` string and
|
||||||
|
# an `args` array of command line parameter strings.
|
||||||
|
#
|
||||||
|
# Example:
|
||||||
|
# `command: { program: "alacritty", args: ["-e", "vttest"] }`
|
||||||
|
#
|
||||||
|
# Values for `mode`:
|
||||||
|
# - ~AppCursor
|
||||||
|
# - AppCursor
|
||||||
|
# - ~AppKeypad
|
||||||
|
# - AppKeypad
|
||||||
|
#
|
||||||
|
# key_bindings:
|
||||||
|
# - { key: V, mods: Alt, action: Paste }
|
||||||
|
# - { key: C, mods: Alt, action: Copy }
|
||||||
|
# - { key: Q, mods: Alt, action: Quit }
|
||||||
|
# - { key: N, mods: Alt, action: SpawnNewInstance }
|
||||||
|
# - { key: Return, mods: Alt, action: ToggleFullscreen }
|
||||||
|
|
||||||
|
# - { key: Home, chars: "\x1bOH", mode: AppCursor }
|
||||||
|
# - { key: Home, chars: "\x1b[H", mode: ~AppCursor }
|
||||||
|
# - { key: End, chars: "\x1bOF", mode: AppCursor }
|
||||||
|
# - { key: End, chars: "\x1b[F", mode: ~AppCursor }
|
||||||
|
# - { key: Equals, mods: Alt, action: IncreaseFontSize }
|
||||||
|
# - { key: Minus, mods: Alt, action: DecreaseFontSize }
|
||||||
|
# - { key: Minus, mods: Alt|Shift, action: ResetFontSize }
|
||||||
|
# - { key: PageUp, mods: Shift, chars: "\x1b[5;2~" }
|
||||||
|
# - { key: PageUp, mods: Control, chars: "\x1b[5;5~" }
|
||||||
|
# - { key: PageUp, chars: "\x1b[5~" }
|
||||||
|
# - { key: PageDown, mods: Shift, chars: "\x1b[6;2~" }
|
||||||
|
# - { key: PageDown, mods: Control, chars: "\x1b[6;5~" }
|
||||||
|
# - { key: PageDown, chars: "\x1b[6~" }
|
||||||
|
# - { key: Left, mods: Shift, chars: "\x1b[1;2D" }
|
||||||
|
# - { key: Left, mods: Control, chars: "\x1b[1;5D" }
|
||||||
|
# - { key: Left, mods: Alt, chars: "\x1b[1;3D" }
|
||||||
|
# - { key: Left, chars: "\x1b[D", mode: ~AppCursor }
|
||||||
|
# - { key: Left, chars: "\x1bOD", mode: AppCursor }
|
||||||
|
# - { key: Right, mods: Shift, chars: "\x1b[1;2C" }
|
||||||
|
# - { key: Right, mods: Control, chars: "\x1b[1;5C" }
|
||||||
|
# - { key: Right, mods: Alt, chars: "\x1b[1;3C" }
|
||||||
|
# - { key: Right, chars: "\x1b[C", mode: ~AppCursor }
|
||||||
|
# - { key: Right, chars: "\x1bOC", mode: AppCursor }
|
||||||
|
# - { key: Up, mods: Shift, chars: "\x1b[1;2A" }
|
||||||
|
# - { key: Up, mods: Control, chars: "\x1b[1;5A" }
|
||||||
|
# - { key: Up, mods: Alt, chars: "\x1b[1;3A" }
|
||||||
|
# - { key: Up, chars: "\x1b[A", mode: ~AppCursor }
|
||||||
|
# - { key: Up, chars: "\x1bOA", mode: AppCursor }
|
||||||
|
# - { key: Down, mods: Shift, chars: "\x1b[1;2B" }
|
||||||
|
# - { key: Down, mods: Control, chars: "\x1b[1;5B" }
|
||||||
|
# - { key: Down, mods: Alt, chars: "\x1b[1;3B" }
|
||||||
|
# - { key: Down, chars: "\x1b[B", mode: ~AppCursor }
|
||||||
|
# - { key: Down, chars: "\x1bOB", mode: AppCursor }
|
||||||
|
# - { key: Tab, mods: Shift, chars: "\x1b[Z" }
|
||||||
|
# - { key: F1, chars: "\x1bOP" }
|
||||||
|
# - { key: F2, chars: "\x1bOQ" }
|
||||||
|
# - { key: F3, chars: "\x1bOR" }
|
||||||
|
# - { key: F4, chars: "\x1bOS" }
|
||||||
|
# - { key: F5, chars: "\x1b[15~" }
|
||||||
|
# - { key: F6, chars: "\x1b[17~" }
|
||||||
|
# - { key: F7, chars: "\x1b[18~" }
|
||||||
|
# - { key: F8, chars: "\x1b[19~" }
|
||||||
|
# - { key: F9, chars: "\x1b[20~" }
|
||||||
|
# - { key: F10, chars: "\x1b[21~" }
|
||||||
|
# - { key: F11, chars: "\x1b[23~" }
|
||||||
|
# - { key: F12, chars: "\x1b[24~" }
|
||||||
|
# - { key: Back, chars: "\x7f" }
|
||||||
|
# - { key: Back, mods: Alt, chars: "\x1b\x7f" }
|
||||||
|
# - { key: Insert, chars: "\x1b[2~" }
|
||||||
|
# - { key: Delete, chars: "\x1b[3~" }
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
mouse = {
|
||||||
|
double_click = { threshold = 300; };
|
||||||
|
triple_click = { threshold = 300; };
|
||||||
|
hide_when_typing = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
selection = {
|
||||||
|
semantic_escape_chars = ",│`|:\"' ()[]{}<>";
|
||||||
|
save_to_clipboard = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
mouse_bindings = [
|
||||||
|
{ mouse = "Middle"; action = "PasteSelection"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
cursor = {
|
||||||
|
style = "Block";
|
||||||
|
blinking = true;
|
||||||
|
unfocused_hollow = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
dynamic_title = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./neovim.nix
|
||||||
|
./zsh.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.nix-index = {
|
||||||
|
enable = true;
|
||||||
|
enableZshIntegration = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.git = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
extraConfig = {
|
||||||
|
pull.rebase = true;
|
||||||
|
push.autoSetupRemote = true;
|
||||||
|
color.ui = "auto";
|
||||||
|
init.defaultBranch = "main";
|
||||||
|
lfs.enable = true;
|
||||||
|
|
||||||
|
user = {
|
||||||
|
name = "Felix Albrigtsen";
|
||||||
|
email = "felix@albrigtsen.it";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
ignores = [
|
||||||
|
"*~"
|
||||||
|
"*.swp"
|
||||||
|
".DS_Store"
|
||||||
|
".vscode"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -1,46 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./nvim.nix
|
|
||||||
];
|
|
||||||
home.username = "felixalb";
|
|
||||||
home.homeDirectory = "/home/felixalb";
|
|
||||||
home.stateVersion = "22.11";
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
home-manager.enable = true;
|
|
||||||
alacritty = {
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
firefox.enable = true;
|
|
||||||
rofi.enable = true;
|
|
||||||
zsh = {
|
|
||||||
enable = true;
|
|
||||||
enableAutosuggestions = true;
|
|
||||||
enableSyntaxHighlighting = true;
|
|
||||||
prezto = {
|
|
||||||
enable = true;
|
|
||||||
prompt.theme = "paradox";
|
|
||||||
};
|
|
||||||
# initExtra = ''
|
|
||||||
# bindkey "''${key[Up]}" up-line-or-search
|
|
||||||
# bindkey "''${key[Down]}" down-line-or-search
|
|
||||||
# '';
|
|
||||||
};
|
|
||||||
git = {
|
|
||||||
enable = true;
|
|
||||||
userName = "Felix Albrigtsen";
|
|
||||||
userEmail = "felixalbrigtsen@gmail.com";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services = {
|
|
||||||
redshift = {
|
|
||||||
enable = true;
|
|
||||||
tray = true;
|
|
||||||
|
|
||||||
duskTime = "19:30-20:30";
|
|
||||||
dawnTime = "7:30-8:30";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,69 +0,0 @@
|
||||||
{ pkgs, config, ... }
|
|
||||||
{
|
|
||||||
programs.neovim = {
|
|
||||||
enable = true;
|
|
||||||
vimAlias = true;
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
set number " Show line numbers
|
|
||||||
set number relativenumber " Enable hybrid line numbers
|
|
||||||
set nu rnu
|
|
||||||
set signcolumn=number
|
|
||||||
set showmatch " Highlight matching brace
|
|
||||||
set errorbells " Beep or flash screen on errors
|
|
||||||
|
|
||||||
set hlsearch " Highlight all search results
|
|
||||||
set smartcase " Enable smart-case search
|
|
||||||
set incsearch " Searches for strings incrementally
|
|
||||||
|
|
||||||
set autoindent " Auto-indent new lines
|
|
||||||
set expandtab " Use spaces instead of tabs
|
|
||||||
set shiftwidth=2 " Number of auto-indent spaces
|
|
||||||
set smartindent " Enable smart-indent
|
|
||||||
set smarttab " Enable smart-tabs
|
|
||||||
set softtabstop=0 " Number of spaces per Tab, auto
|
|
||||||
|
|
||||||
set updatetime=300 " Time interval for updating buffers
|
|
||||||
|
|
||||||
set ruler " Show row and column ruler information
|
|
||||||
|
|
||||||
set undolevels=1000 " Number of undo levels
|
|
||||||
set backspace=indent,eol,start " Backspace behaviour
|
|
||||||
'';
|
|
||||||
|
|
||||||
plugins = with pkgs.vimPlugins; [
|
|
||||||
vim-nix
|
|
||||||
vim-commentary
|
|
||||||
vim-devicons
|
|
||||||
{ plugin = nerdtree;
|
|
||||||
config = "
|
|
||||||
nmap <silent> <C-t> :NERDTreeToggle<CR>
|
|
||||||
autocmd VimEnter * NERDTree \" Autostart nerdtree on vim startup
|
|
||||||
autocmd VimEnter * wincmd p \" Unselect nerdtree window
|
|
||||||
\" Close vim if Nerdtree is the only buffer left
|
|
||||||
autocmd bufenter * if (winnr(\"$\") == 1 && exists(\"b:NERDTree\") && b:NERDTree.isTabTree()) | q | endif
|
|
||||||
";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
withNodeJs = true;
|
|
||||||
coc = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
"suggest.enablePreview" = true;
|
|
||||||
"suggest.enablePreselect" = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
package = pkgs.vimUtils.buildVimPluginFrom2Nix {
|
|
||||||
pname = "coc.nvim";
|
|
||||||
version = "2022-05-21";
|
|
||||||
src = pkgs.fetchFromGitHub {
|
|
||||||
owner = "neoclide";
|
|
||||||
repo = "coc.nvim";
|
|
||||||
rev = "791c9f673b882768486450e73d8bda10e391401d";
|
|
||||||
sha256 = "sha256-MobgwhFQ1Ld7pFknsurSFAsN5v+vGbEFojTAYD/kI9c=";
|
|
||||||
};
|
|
||||||
meta.homepage = "https://github.com/neoclide/coc.nvim/";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -0,0 +1,130 @@
|
||||||
|
{ pkgs, lib, inputs, config, ...}:
|
||||||
|
let
|
||||||
|
undoDir = "${config.home.homeDirectory}/.vim/undo";
|
||||||
|
in {
|
||||||
|
programs.neovim = {
|
||||||
|
enable = true;
|
||||||
|
defaultEditor = true;
|
||||||
|
viAlias = true;
|
||||||
|
vimAlias = true;
|
||||||
|
vimdiffAlias = true;
|
||||||
|
plugins = with pkgs.vimPlugins; [
|
||||||
|
lightline-vim
|
||||||
|
vim-lightline-coc
|
||||||
|
|
||||||
|
vim-commentary
|
||||||
|
vim-fugitive
|
||||||
|
|
||||||
|
nerdtree
|
||||||
|
nerdtree-git-plugin
|
||||||
|
vim-devicons
|
||||||
|
telescope-nvim
|
||||||
|
|
||||||
|
nvim-lspconfig
|
||||||
|
copilot-vim
|
||||||
|
nvim-treesitter
|
||||||
|
|
||||||
|
coc-css
|
||||||
|
coc-go
|
||||||
|
coc-html
|
||||||
|
coc-json
|
||||||
|
coc-nvim
|
||||||
|
coc-pyright
|
||||||
|
|
||||||
|
vim-nix
|
||||||
|
];
|
||||||
|
|
||||||
|
withNodeJs = true;
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
let mapleader = ','
|
||||||
|
set number
|
||||||
|
set shiftwidth=2
|
||||||
|
set tabstop=2
|
||||||
|
set expandtab
|
||||||
|
|
||||||
|
set undofile
|
||||||
|
set undodir=${undoDir}
|
||||||
|
set undolevels=1000
|
||||||
|
set undoreload=10000
|
||||||
|
|
||||||
|
" Integrate status with lightline
|
||||||
|
let g:lightline = {
|
||||||
|
\ 'active': {
|
||||||
|
\ 'left': [[ 'coc_info', 'coc_hints', 'coc_errors', 'coc_warnings', 'coc_ok' ], [ 'coc_status' ]]
|
||||||
|
\ }
|
||||||
|
\ }
|
||||||
|
|
||||||
|
" register components:
|
||||||
|
call lightline#coc#register()
|
||||||
|
|
||||||
|
" GoTo code navigation.
|
||||||
|
nmap <silent> gd <Plug>(coc-definition)
|
||||||
|
nmap <silent> gy <Plug>(coc-type-definition)
|
||||||
|
nmap <silent> gi <Plug>(coc-implementation)
|
||||||
|
nmap <silent> gr <Plug>(coc-references)
|
||||||
|
|
||||||
|
" Use K to show documentation in preview window.
|
||||||
|
nnoremap <silent> K :call ShowDocumentation()<CR>
|
||||||
|
function! ShowDocumentation()
|
||||||
|
if CocAction('hasProvider', 'hover')
|
||||||
|
call CocActionAsync('doHover')
|
||||||
|
else
|
||||||
|
call feedkeys('K', 'in')
|
||||||
|
endif
|
||||||
|
endfunction
|
||||||
|
|
||||||
|
" Enable syntax folding with coc
|
||||||
|
command! -nargs=* Fold :call CocAction('fold', <f-args>)
|
||||||
|
|
||||||
|
inoremap <silent><expr> <CR> coc#pum#visible() ? coc#pum#confirm()
|
||||||
|
\: "\<C-g>u\<CR>\<c-r>=coc#on_enter()\<CR>"
|
||||||
|
|
||||||
|
" Highlight the symbol and its references when holding the cursor.
|
||||||
|
autocmd CursorHold * silent call CocActionAsync('highlight')
|
||||||
|
|
||||||
|
" Symbol renaming.
|
||||||
|
nmap <leader>rn <Plug>(coc-rename)
|
||||||
|
|
||||||
|
" Use CTRL-S for selections ranges.
|
||||||
|
" Requires 'textDocument/selectionRange' support of language server.
|
||||||
|
nmap <silent> <C-s> <Plug>(coc-range-select)
|
||||||
|
xmap <silent> <C-s> <Plug>(coc-range-select)
|
||||||
|
|
||||||
|
" Step through diagnostics
|
||||||
|
nmap <silent> <g <Plug>(coc-diagnostic-prev)
|
||||||
|
nmap <silent> >g <Plug>(coc-diagnostic-next)
|
||||||
|
|
||||||
|
" Nerdtree-settings
|
||||||
|
" Toggle nerdtree on Ctrl+t
|
||||||
|
nmap <silent> <C-t> :NERDTreeToggle<CR>
|
||||||
|
autocmd VimEnter * NERDTree " Autostart nerdtree on vim startup
|
||||||
|
autocmd VimEnter * wincmd p " Unselect nerdtree window
|
||||||
|
" Close vim is Nerdtree is the only buffer left
|
||||||
|
autocmd bufenter * if (winnr("$") == 1 && exists("b:NERDTree") && b:NERDTree.isTabTree()) | q | endif
|
||||||
|
|
||||||
|
" List and switch buffers on Ctrl+k
|
||||||
|
" nnoremap <C-k> :set nomore <Bar> :ls <Bar> :set more <CR>:b<Space>
|
||||||
|
nnoremap <silent> <C-k> !echo "Did you mean C-a?"<CR>
|
||||||
|
|
||||||
|
" Telescope-settings
|
||||||
|
nnoremap <leader>ff <cmd>Telescope find_files<cr>
|
||||||
|
nnoremap <leader>fg <cmd>Telescope live_grep<cr>
|
||||||
|
nnoremap <leader>fb <cmd>Telescope buffers<cr>
|
||||||
|
nnoremap <leader>fh <cmd>Telescope help_tags<cr>
|
||||||
|
nnoremap <C-a> <cmd>Telescope buffers<cr>
|
||||||
|
nnoremap <C-s> <cmd>Telescope find_files<cr>
|
||||||
|
nnoremap <C-g> <cmd>Telescope live_grep<cr>
|
||||||
|
|
||||||
|
" Show trailing whitespace
|
||||||
|
highlight ExtraWhitespace ctermbg=red guibg=red
|
||||||
|
match ExtraWhitespace /\s\+$/
|
||||||
|
|
||||||
|
" Disable search highlights
|
||||||
|
map <Leader><Space> :noh<CR>
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
# Create undo directory
|
||||||
|
home.activation.vimUndoDir = lib.hm.dag.entryAfter ["writeBoundary"] "mkdir -p ${undoDir}";
|
||||||
|
}
|
|
@ -0,0 +1,65 @@
|
||||||
|
{ pkgs, lib, inputs, config, ... }: {
|
||||||
|
programs = {
|
||||||
|
zsh = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
prezto = {
|
||||||
|
enable = true;
|
||||||
|
editor = {
|
||||||
|
keymap = "vi";
|
||||||
|
dotExpansion = true;
|
||||||
|
};
|
||||||
|
prompt = {
|
||||||
|
theme = "paradox";
|
||||||
|
pwdLength = "long";
|
||||||
|
showReturnVal = true;
|
||||||
|
};
|
||||||
|
terminal.autoTitle = true;
|
||||||
|
|
||||||
|
pmodules = [
|
||||||
|
"environment"
|
||||||
|
"terminal"
|
||||||
|
"editor"
|
||||||
|
"history"
|
||||||
|
# "directory"
|
||||||
|
"spectrum"
|
||||||
|
# "utility"
|
||||||
|
# "completion"
|
||||||
|
"git"
|
||||||
|
"autosuggestions"
|
||||||
|
"syntax-highlighting"
|
||||||
|
"history-substring-search"
|
||||||
|
"prompt"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
initExtra = ''
|
||||||
|
# Autocomplete ../
|
||||||
|
zstyle ':completion:*' special-dirs true
|
||||||
|
export PATH="$HOME/.config/emacs/bin:$PATH"
|
||||||
|
unalias "gs"
|
||||||
|
'';
|
||||||
|
|
||||||
|
shellAliases = {
|
||||||
|
l = "exa -l";
|
||||||
|
c = "z";
|
||||||
|
tree = "exa --tree --icons";
|
||||||
|
s = "nix-shell --run zsh";
|
||||||
|
sp = "nix-shell --run zsh -p";
|
||||||
|
spu = "nix-shell -I nixpkgs=channel:nixos-unstable --run zsh -p";
|
||||||
|
em = "emacsclient -c";
|
||||||
|
emnw = "emacsclient -nw";
|
||||||
|
gst = "git status -sb";
|
||||||
|
gcm = "git commit -m";
|
||||||
|
gps = "git push";
|
||||||
|
gpl = "git pull";
|
||||||
|
"git clone git clone" = "git clone";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
zoxide = {
|
||||||
|
enable = true;
|
||||||
|
enableZshIntegration = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,80 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[
|
|
||||||
../../base.nix
|
|
||||||
../../common/metrics-exporters.nix
|
|
||||||
|
|
||||||
./hardware-configuration.nix
|
|
||||||
|
|
||||||
./services/nginx.nix
|
|
||||||
./services/metrics
|
|
||||||
./services/cloudflared.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "chapel";
|
|
||||||
defaultGateway = "192.168.10.1";
|
|
||||||
nameservers = [ "192.168.10.1" ];
|
|
||||||
interfaces.eth0.ipv4 = {
|
|
||||||
addresses = [
|
|
||||||
{ address = "192.168.10.100"; prefixLength = 24; }
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.variables = { EDITOR = "vim"; };
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
((vim_configurable.override { }).customize{
|
|
||||||
name = "vim";
|
|
||||||
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
|
|
||||||
start = [ vim-nix vim-lastplace ];
|
|
||||||
opt = [];
|
|
||||||
};
|
|
||||||
vimrcConfig.customRC = ''
|
|
||||||
" your custom vimrc
|
|
||||||
set number
|
|
||||||
set relativenumber
|
|
||||||
set nu rnu
|
|
||||||
set signcolumn=number
|
|
||||||
|
|
||||||
set hlsearch
|
|
||||||
set smartcase
|
|
||||||
set incsearch
|
|
||||||
|
|
||||||
set autoindent
|
|
||||||
set expandtab
|
|
||||||
set shiftwidth=2
|
|
||||||
set tabstop=2
|
|
||||||
set smartindent
|
|
||||||
set smarttab
|
|
||||||
|
|
||||||
set ruler
|
|
||||||
|
|
||||||
set undolevels=1000
|
|
||||||
|
|
||||||
set nocompatible
|
|
||||||
set backspace=indent,eol,start
|
|
||||||
" Turn on syntax highlighting by default
|
|
||||||
syntax on
|
|
||||||
" ...
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
)
|
|
||||||
];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 22 3100 ];
|
|
||||||
|
|
||||||
# system.copySystemConfiguration = true;
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "22.05"; # Did you read the comment?
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
users.users.cloudflared = {
|
|
||||||
group = "cloudflared";
|
|
||||||
isSystemUser = true;
|
|
||||||
};
|
|
||||||
users.groups.cloudflared = { };
|
|
||||||
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.cloudflared
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.cloudflared_tunnel = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=TODO_FIXSECRETS";
|
|
||||||
Restart = "always";
|
|
||||||
User = "cloudflared";
|
|
||||||
Group = "cloudflared";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.hedgedoc = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
port = 3031;
|
|
||||||
allowFreeURL = true;
|
|
||||||
};
|
|
||||||
config = {
|
|
||||||
domain = "md.feal.no";
|
|
||||||
db = {
|
|
||||||
dialect = "mysql";
|
|
||||||
host = "mysql.home.feal.no";
|
|
||||||
port = 3306;
|
|
||||||
database = "hedgedoc";
|
|
||||||
username = "hedgedoc";
|
|
||||||
password = "DummyPasswordPlzSops";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
@ -1,64 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.grafana;
|
|
||||||
in {
|
|
||||||
services.grafana = {
|
|
||||||
enable = true;
|
|
||||||
settings.server = {
|
|
||||||
domain = "grafana.feal.no";
|
|
||||||
http_port = 2342;
|
|
||||||
http_addr = "127.0.0.1";
|
|
||||||
};
|
|
||||||
|
|
||||||
provision = {
|
|
||||||
enable = true;
|
|
||||||
datasources.settings.datasources = [
|
|
||||||
{
|
|
||||||
name = "Prometheus";
|
|
||||||
type = "prometheus";
|
|
||||||
url = ("http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}");
|
|
||||||
isDefault = true;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "Loki";
|
|
||||||
type = "loki";
|
|
||||||
url = ("http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}");
|
|
||||||
}
|
|
||||||
];
|
|
||||||
dashboards.settings.providers = [
|
|
||||||
{
|
|
||||||
name = "Node Exporter Full";
|
|
||||||
type = "file";
|
|
||||||
url = "https://grafana.com/api/dashboards/1860/revisions/29/download";
|
|
||||||
options.path = dashboards/node-exporter-full.json;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "Synology NAS Details";
|
|
||||||
type = "file";
|
|
||||||
url = "https://grafana.com/api/dashboards/14284/revisions/9/download";
|
|
||||||
options.path = dashboards/synology-nas-details.json;
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "OpenWRT";
|
|
||||||
type = "file";
|
|
||||||
url = "https://grafana.com/api/dashboards/11147/revisions/1/download";
|
|
||||||
options.path = dashboards/openwrt.json;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts.${cfg.settings.server.domain} = {
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.settings.server.http_port}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_buffers 8 1024k;
|
|
||||||
proxy_buffer_size 1024k;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,75 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.loki;
|
|
||||||
in {
|
|
||||||
services.loki = {
|
|
||||||
enable = true;
|
|
||||||
configuration = {
|
|
||||||
auth_enabled = false;
|
|
||||||
server = {
|
|
||||||
http_listen_port = 3100;
|
|
||||||
http_listen_address = "0.0.0.0";
|
|
||||||
grpc_listen_port = 9096;
|
|
||||||
};
|
|
||||||
|
|
||||||
ingester = {
|
|
||||||
wal = {
|
|
||||||
enabled = true;
|
|
||||||
dir = "/var/lib/loki/wal";
|
|
||||||
};
|
|
||||||
lifecycler = {
|
|
||||||
address = "127.0.0.1";
|
|
||||||
ring = {
|
|
||||||
kvstore = {
|
|
||||||
store = "inmemory";
|
|
||||||
};
|
|
||||||
replication_factor = 1;
|
|
||||||
};
|
|
||||||
final_sleep = "0s";
|
|
||||||
};
|
|
||||||
chunk_idle_period = "1h";
|
|
||||||
};
|
|
||||||
|
|
||||||
schema_config = {
|
|
||||||
configs = [
|
|
||||||
{
|
|
||||||
from = "2022-12-01";
|
|
||||||
store = "boltdb-shipper";
|
|
||||||
object_store = "filesystem";
|
|
||||||
schema = "v11";
|
|
||||||
index = {
|
|
||||||
prefix = "index_";
|
|
||||||
period = "24h";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
storage_config = {
|
|
||||||
boltdb_shipper = {
|
|
||||||
active_index_directory = "/var/lib/loki/boltdb-shipper-index";
|
|
||||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
|
||||||
shared_store = "filesystem";
|
|
||||||
cache_ttl = "24h";
|
|
||||||
};
|
|
||||||
filesystem = {
|
|
||||||
directory = "/var/lib/loki/chunks";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
limits_config = {
|
|
||||||
enforce_metric_name = false;
|
|
||||||
reject_old_samples = true;
|
|
||||||
reject_old_samples_max_age = "72h";
|
|
||||||
};
|
|
||||||
|
|
||||||
compactor = {
|
|
||||||
working_directory = "/var/lib/loki/compactor";
|
|
||||||
shared_store = "filesystem";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
|
|
||||||
}
|
|
|
@ -1,60 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.prometheus;
|
|
||||||
in {
|
|
||||||
services.prometheus = {
|
|
||||||
enable = true;
|
|
||||||
listenAddress = "127.0.0.1";
|
|
||||||
port = 9001;
|
|
||||||
|
|
||||||
scrapeConfigs = [
|
|
||||||
{
|
|
||||||
job_name = "node";
|
|
||||||
static_configs = [
|
|
||||||
{
|
|
||||||
targets = [
|
|
||||||
"chapel.home.feal.no:${toString cfg.exporters.node.port}"
|
|
||||||
"sulu.home.feal.no:9100"
|
|
||||||
"mccoy.home.feal.no:9100"
|
|
||||||
"borg.home.feal.no:9100"
|
|
||||||
"troi.home.feal.no:9100"
|
|
||||||
"dlink-feal.home.feal.no:9100"
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
job_name = "openwrt";
|
|
||||||
static_configs = [
|
|
||||||
{ targets = ["dlink-feal.home.feal.no:9100"]; }
|
|
||||||
];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
job_name = "snmp";
|
|
||||||
static_configs = [{
|
|
||||||
targets = [
|
|
||||||
"feal-syn1.home.feal.no"
|
|
||||||
"feal-syn2.home.feal.no"
|
|
||||||
];
|
|
||||||
}];
|
|
||||||
metrics_path = "/snmp";
|
|
||||||
params.module = ["synology"];
|
|
||||||
relabel_configs = [
|
|
||||||
{
|
|
||||||
source_labels = ["__address__"];
|
|
||||||
target_label = "__param_target";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
source_labels = ["__param_target"];
|
|
||||||
target_label = "instance";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
target_label = "__address__";
|
|
||||||
replacement = "127.0.0.1:9116";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
environment.systemPackages = [
|
|
||||||
pkgs.prometheus-snmp-exporter
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.services.prometheus-snmp-exporter = {
|
|
||||||
enable = true;
|
|
||||||
description = "Gather data from SNMP devices and expose them as Prometheus metrics";
|
|
||||||
unitConfig = {
|
|
||||||
Type = "simple";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/var/prometheus/snmp.yml'";
|
|
||||||
# TODO: Fix this conf file!
|
|
||||||
};
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,11 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -0,0 +1,53 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
../../base.nix
|
||||||
|
../../common/metrics-exporters.nix
|
||||||
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
./services/nginx.nix
|
||||||
|
./services/pihole.nix
|
||||||
|
./services/postgresql.nix
|
||||||
|
|
||||||
|
./services/flame.nix
|
||||||
|
./services/gitea.nix
|
||||||
|
./services/hedgedoc.nix
|
||||||
|
./services/matrix-synapse.nix
|
||||||
|
./services/metrics
|
||||||
|
./services/minecraft.nix
|
||||||
|
./services/vaultwarden.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "defiant";
|
||||||
|
defaultGateway = "192.168.10.1";
|
||||||
|
interfaces.enp3s0.ipv4 = {
|
||||||
|
addresses = [
|
||||||
|
{ address = "192.168.10.175"; prefixLength = 24; } # Main IP for defiant, internal
|
||||||
|
];
|
||||||
|
};
|
||||||
|
hostId = "8e84f235";
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ../../secrets/defiant/defiant.yaml;
|
||||||
|
|
||||||
|
environment.variables = { EDITOR = "vim"; };
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
zfs
|
||||||
|
];
|
||||||
|
|
||||||
|
boot = {
|
||||||
|
zfs.extraPools = [ "tank" ];
|
||||||
|
supportedFilesystems = [ "zfs" ];
|
||||||
|
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||||
|
};
|
||||||
|
services.prometheus.exporters.zfs.enable = true;
|
||||||
|
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
system.stateVersion = "23.11";
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-amd" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/45ceae6b-cf6d-42d6-9694-d14c1d42b49f";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/DDDC-5C0C";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ {
|
||||||
|
device = "/swapfile";
|
||||||
|
size = 8*1024;
|
||||||
|
} ];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -0,0 +1,19 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
bat
|
||||||
|
bottom
|
||||||
|
ncdu
|
||||||
|
neofetch
|
||||||
|
];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./../../home/base.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
|
||||||
|
};
|
||||||
|
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
}
|
|
@ -0,0 +1,22 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
domain = "flame.home.feal.no";
|
||||||
|
host = "127.0.1.2";
|
||||||
|
port = "5005";
|
||||||
|
in {
|
||||||
|
# Flame - Homelab dashboard/linktree
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
flame = {
|
||||||
|
image = "pawelmalak/flame";
|
||||||
|
ports = [ "${host}:${port}:5005" ];
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/flame/data:/app/data/"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
locations."/".proxyPass = "http://${host}:${port}";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -1,29 +1,35 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.gitea;
|
cfg = config.services.gitea;
|
||||||
domain = "git.feal.no";
|
domain = "git.feal.no";
|
||||||
httpPort = 3004;
|
httpPort = 3004;
|
||||||
|
sshPort = 2222;
|
||||||
in {
|
in {
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.unstable.gitea;
|
|
||||||
appName = "felixalbs Gitea";
|
appName = "felixalbs Gitea";
|
||||||
database = {
|
database.type = "postgres";
|
||||||
type = "postgres";
|
stateDir = "/tank/services/gitea";
|
||||||
};
|
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
LANDING_PAGE=''"/felixalb"'';
|
# Serve on local unix socket, exposed in hosts/defiant/services/nginx.nix
|
||||||
HTTP_PORT = httpPort;
|
PROTOCOL = "http+unix";
|
||||||
DOMAIN = domain;
|
DOMAIN = domain;
|
||||||
ROOT_URL = "https://${domain}";
|
ROOT_URL = "https://${domain}";
|
||||||
|
LANDING_PAGE=''"/felixalb"'';
|
||||||
|
|
||||||
|
SSH_PORT = sshPort;
|
||||||
|
SSH_LISTEN_PORT = sshPort;
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
BUILTIN_SSH_SERVER_USER = "git";
|
||||||
};
|
};
|
||||||
|
|
||||||
service.DISABLE_REGISTRATION = true;
|
service.DISABLE_REGISTRATION = true;
|
||||||
session.COOKIE_SECURE = true;
|
session.COOKIE_SECURE = true;
|
||||||
|
|
||||||
packages.ENABLED = false;
|
packages.ENABLED = false;
|
||||||
|
packages.CHUNKED_UPLOAD_PATH = "${cfg.stateDir}/tmp/package-upload";
|
||||||
|
|
||||||
oauth2_client = {
|
oauth2_client = {
|
||||||
ENABLE_AUTO_REGISTRATION = true;
|
ENABLE_AUTO_REGISTRATION = true;
|
||||||
|
@ -44,9 +50,13 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO:
|
# TODO:
|
||||||
# - dump (automatic backups)
|
# - Backup
|
||||||
|
# - services.gitea.dump?
|
||||||
|
# - ZFS snapshots?
|
||||||
# - configure mailer
|
# - configure mailer
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ httpPort ];
|
systemd.services.gitea.serviceConfig.WorkingDirectory = lib.mkForce "${cfg.stateDir}/work";
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ sshPort ];
|
||||||
}
|
}
|
|
@ -0,0 +1,117 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.hedgedoc.settings;
|
||||||
|
domain = "md.feal.no";
|
||||||
|
port = 3300;
|
||||||
|
host = "127.0.1.2";
|
||||||
|
authServerUrl = "https://auth.feal.no";
|
||||||
|
in {
|
||||||
|
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
|
||||||
|
sops.secrets."hedgedoc/env" = {
|
||||||
|
restartUnits = [ "hedgedoc.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.hedgedoc = {
|
||||||
|
enable = true;
|
||||||
|
environmentFile = config.sops.secrets."hedgedoc/env".path;
|
||||||
|
settings = {
|
||||||
|
inherit domain port host;
|
||||||
|
protocolUseSSL = true;
|
||||||
|
sessionSecret = "$CMD_SESSION_SECRET";
|
||||||
|
|
||||||
|
allowFreeURL = true;
|
||||||
|
allowAnonymous = false;
|
||||||
|
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
|
||||||
|
|
||||||
|
# dbURL = "postgres://hedgedoc@localhost/hedgedoc";
|
||||||
|
db = {
|
||||||
|
username = "hedgedoc";
|
||||||
|
database = "hedgedoc";
|
||||||
|
host = "/run/postgresql";
|
||||||
|
dialect = "postgresql";
|
||||||
|
};
|
||||||
|
|
||||||
|
email = false;
|
||||||
|
oauth2 = {
|
||||||
|
baseURL = "${authServerUrl}/oauth2";
|
||||||
|
tokenURL = "${authServerUrl}/oauth2/token";
|
||||||
|
authorizationURL = "${authServerUrl}/ui/oauth2";
|
||||||
|
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
|
||||||
|
|
||||||
|
clientID = "hedgedoc";
|
||||||
|
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
|
||||||
|
scope = "openid email profile";
|
||||||
|
userProfileUsernameAttr = "name";
|
||||||
|
userProfileEmailAttr = "email";
|
||||||
|
userProfileDisplayNameAttr = "displayname";
|
||||||
|
|
||||||
|
providerName = "KaniDM";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.hedgedoc = {
|
||||||
|
requires = [
|
||||||
|
"postgresql.service"
|
||||||
|
# "kanidm.service"
|
||||||
|
];
|
||||||
|
serviceConfig = let
|
||||||
|
workDir = "/var/lib/hedgedoc";
|
||||||
|
in {
|
||||||
|
WorkingDirectory = lib.mkForce workDir;
|
||||||
|
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
|
||||||
|
|
||||||
|
# Better safe than sorry :)
|
||||||
|
CapabilityBoundingSet = "";
|
||||||
|
LockPersonality = true;
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
PrivateUsers = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ProtectSystem = "strict";
|
||||||
|
ReadWritePaths = [ workDir ];
|
||||||
|
RemoveIPC = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
UMask = "0007";
|
||||||
|
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
# SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
ensureDatabases = [ "hedgedoc" ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "hedgedoc";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
listen = [
|
||||||
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||||
|
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
||||||
|
];
|
||||||
|
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations = {
|
||||||
|
"/" = {
|
||||||
|
proxyPass = "http://${host}:${toString port}";
|
||||||
|
};
|
||||||
|
"/socket.io" = {
|
||||||
|
proxyPass = "http://${host}:${toString port}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,7 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
|
||||||
main_ip = "127.0.1.2";
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
sops.secrets."matrix/synapse/registrationsecret" = {
|
sops.secrets."matrix/synapse/registrationsecret" = {
|
||||||
restartUnits = [ "matrix-synapse.service" ];
|
restartUnits = [ "matrix-synapse.service" ];
|
||||||
|
@ -9,9 +6,18 @@ in
|
||||||
group = "matrix-synapse";
|
group = "matrix-synapse";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.matrix-synapse = {
|
services.matrix-synapse-next = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.matrix-synapse;
|
enableNginx = true;
|
||||||
|
|
||||||
|
workers = {
|
||||||
|
federationSenders = 1;
|
||||||
|
federationReceivers = 2;
|
||||||
|
initialSyncers = 1;
|
||||||
|
normalSyncers = 1;
|
||||||
|
eventPersisters = 1;
|
||||||
|
useUserDirectoryWorker = true;
|
||||||
|
};
|
||||||
|
|
||||||
extraConfigFiles = [
|
extraConfigFiles = [
|
||||||
config.sops.secrets."matrix/synapse/registrationsecret".path
|
config.sops.secrets."matrix/synapse/registrationsecret".path
|
||||||
|
@ -63,42 +69,16 @@ in
|
||||||
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
tls_certificate_path = "/etc/ssl-snakeoil/matrix_feal_no.crt";
|
||||||
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
tls_private_key_path = "/etc/ssl-snakeoil/matrix_feal_no.key";
|
||||||
|
|
||||||
listeners = [
|
};
|
||||||
{ port = 8008;
|
};
|
||||||
bind_addresses = [ main_ip ];
|
|
||||||
type = "http";
|
services.redis.servers."".enable = true;
|
||||||
tls = false;
|
|
||||||
x_forwarded = true;
|
services.nginx.virtualHosts."matrix.feal.no" = {
|
||||||
resources = [
|
listen = [
|
||||||
{ names = [ "client" ]; compress = true; }
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||||
{ names = [ "federation" ]; compress = true; }
|
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
enableReload = true;
|
|
||||||
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
|
|
||||||
virtualHosts."matrix.feal.no" = {
|
|
||||||
locations."/_matrix" = {
|
|
||||||
proxyPass = "http://${main_ip}:8008";
|
|
||||||
extraConfig = ''
|
|
||||||
client_max_body_size 50M;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
# locations."/_synapse/client".proxyPass = "http://${main_ip}:8008";
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://${main_ip}:8008";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
|
@ -5,6 +5,10 @@ let
|
||||||
in {
|
in {
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
dataDir = "/tank/services/metrics/grafana";
|
||||||
|
|
||||||
|
# TODO: Migrate sqlite to postgres
|
||||||
|
|
||||||
settings.server = {
|
settings.server = {
|
||||||
domain = "grafana.home.feal.no";
|
domain = "grafana.home.feal.no";
|
||||||
http_port = 2342;
|
http_port = 2342;
|
|
@ -1,10 +1,11 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.loki;
|
cfg = config.services.loki;
|
||||||
saveDirectory = "/tank/var/lib/loki";
|
saveDirectory = "/tank/services/metrics/loki";
|
||||||
in {
|
in {
|
||||||
services.loki = {
|
services.loki = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
dataDir = saveDirectory;
|
||||||
configuration = {
|
configuration = {
|
||||||
auth_enabled = false;
|
auth_enabled = false;
|
||||||
server = {
|
server = {
|
||||||
|
@ -70,6 +71,4 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
|
|
||||||
}
|
}
|
|
@ -8,18 +8,22 @@ in {
|
||||||
listenAddress = "127.0.0.1";
|
listenAddress = "127.0.0.1";
|
||||||
port = 9001;
|
port = 9001;
|
||||||
|
|
||||||
|
# StateDirectory must be under /var/lib.
|
||||||
|
# TODO: Back up to /tank/services/metrics/prometheus
|
||||||
|
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
{
|
{
|
||||||
job_name = "node";
|
job_name = "node";
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = [
|
targets = [
|
||||||
"voyager.home.feal.no:${toString cfg.exporters.node.port}"
|
"voyager.home.feal.no:9100"
|
||||||
"sulu.home.feal.no:9100"
|
"sulu.home.feal.no:9100"
|
||||||
"mccoy.home.feal.no:9100"
|
"mccoy.home.feal.no:9100"
|
||||||
"borg.home.feal.no:9100"
|
|
||||||
"troi.home.feal.no:9100"
|
|
||||||
"dlink-feal.home.feal.no:9100"
|
"dlink-feal.home.feal.no:9100"
|
||||||
|
"edison.home.feal.no:9100"
|
||||||
|
"defiant.home.feal.no:9100"
|
||||||
|
"scotty.home.feal.no:9100"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
|
@ -12,8 +12,8 @@
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
};
|
};
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/var/prometheus/snmp.yml'";
|
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/tank/services/metrics/prometheus/snmp.yml'";
|
||||||
# TODO: Fix this conf file!
|
# snmp.yml = https://github.com/prometheus/snmp_exporter/blob/main/snmp.yml + https://global.download.synology.com/download/Document/Software/DeveloperGuide/Firmware/DSM/All/enu/Synology_DiskStation_MIB_Guide.pdf
|
||||||
};
|
};
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
};
|
};
|
|
@ -0,0 +1,70 @@
|
||||||
|
{ config, pkgs, lib, inputs, ... }:
|
||||||
|
{
|
||||||
|
imports = [ inputs.nix-minecraft.nixosModules.minecraft-servers ];
|
||||||
|
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
|
||||||
|
|
||||||
|
services.minecraft-servers = {
|
||||||
|
enable = true;
|
||||||
|
eula = true;
|
||||||
|
openFirewall = true;
|
||||||
|
dataDir = "/var/lib/minecraft-wack";
|
||||||
|
|
||||||
|
servers.wack = {
|
||||||
|
enable = true;
|
||||||
|
jvmOpts = "-Xms4G -Xmx4G";
|
||||||
|
|
||||||
|
package = pkgs.fabricServers.fabric-1_20_4;
|
||||||
|
|
||||||
|
serverProperties = {
|
||||||
|
motd = "WackAttack M1n3cr4f7";
|
||||||
|
white-list = true;
|
||||||
|
difficulty = "normal";
|
||||||
|
view-distance = 16;
|
||||||
|
simulation-distance = 16;
|
||||||
|
enable-command-block = true;
|
||||||
|
enable-rcon = true;
|
||||||
|
"rcon.password" = "wack";
|
||||||
|
};
|
||||||
|
|
||||||
|
symlinks = {
|
||||||
|
mods = pkgs.linkFarmFromDrvs "mods" (builtins.attrValues {
|
||||||
|
FabricAPI = pkgs.fetchurl {
|
||||||
|
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/JMCwDuki/fabric-api-0.92.0%2B1.20.4.jar";
|
||||||
|
sha256 = "sha256-7U0BK5CBENWY4s3t+dXTASprIeY4Tdeyzc06lNGkc/Q=";
|
||||||
|
};
|
||||||
|
Lithium = pkgs.fetchurl {
|
||||||
|
url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/nMhjKWVE/lithium-fabric-mc1.20.4-0.12.1.jar";
|
||||||
|
sha256 = "sha256-as1JWV7mnhJkz8eYmPVpRS5BvWaYVGf8s40oBBka880=";
|
||||||
|
};
|
||||||
|
MCDiscordChat = pkgs.fetchurl {
|
||||||
|
url = "https://cdn.modrinth.com/data/D0sHdnXY/versions/tldGNWOW/MC-Discord-Chat-2.2.5.jar";
|
||||||
|
sha256 = "sha256-WK02gRNbTjbjQSIlWHP4aBSeGTZxtXwwbqt9fa7AJTA=";
|
||||||
|
};
|
||||||
|
SimpleVoiceChat = pkgs.fetchurl {
|
||||||
|
url = "https://cdn.modrinth.com/data/9eGKb6K1/versions/UIZXn9t1/voicechat-fabric-1.20.4-2.4.32.jar";
|
||||||
|
sha256 = "sha256-BZMK7Y8uaw1MvtQC1MXblsaaHy100a59KxSs4P0fjXE=";
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
|
||||||
|
whitelist = {
|
||||||
|
"_Oblivion" = "289be565-d73e-4cb1-a047-dcc319acdc80";
|
||||||
|
Crisju = "8b77dc43-27ba-4710-bbfd-4e01e6ec7461";
|
||||||
|
Dandellion = "f393413b-59fc-49d7-a5c4-83a5d177132c";
|
||||||
|
Taschmex = "a3a258b0-901f-43d9-b130-dad3b29cd7ee";
|
||||||
|
guy_montag = "cb8aa890-a5a3-41f2-9bb7-1edb20c5a31f";
|
||||||
|
koppern = "3450494c-b945-4fa2-938c-5519adec005f";
|
||||||
|
krloer = "ab3029e2-76b6-4219-854e-16091fe5e421";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO: Automated backup job (https://git.pvv.ntnu.no/Drift/pvv-nixos-config/src/commit/57d1dfd121fdb23fcef54e0632f6f6278c6bb753/hosts/greddost/services/minecraft/default.nix#L144)
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||||
|
"minecraft-server"
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.firewall.allowedUDPPorts = [ 24454 ];
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,73 @@
|
||||||
|
{ config, values, ... }:
|
||||||
|
{
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
enableReload = true;
|
||||||
|
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
|
||||||
|
defaultListen = [
|
||||||
|
{
|
||||||
|
addr = "192.168.10.175";
|
||||||
|
port = 80;
|
||||||
|
ssl = false;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
80 443 # Internal / Default
|
||||||
|
43080 43443 # External / Publicly exposed
|
||||||
|
];
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "felix@albrigtsen.it";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Publicly exposed services:
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = let
|
||||||
|
publicProxy = upstream: {
|
||||||
|
listen = [
|
||||||
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||||
|
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
||||||
|
];
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/".proxyPass = "${upstream}";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
"jf.feal.no" = publicProxy "http://jellyfin.home.feal.no/";
|
||||||
|
"git.feal.no" = publicProxy "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
|
||||||
|
"wiki.wackattack.eu" = publicProxy "http://pascal.wackattack.home.feal.no/";
|
||||||
|
|
||||||
|
"cloud.feal.no" = {
|
||||||
|
listen = [
|
||||||
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||||
|
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
||||||
|
];
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
server_tokens off;
|
||||||
|
|
||||||
|
# HSTS settings
|
||||||
|
# WARNING: Only add the preload option once you read about
|
||||||
|
# the consequences in https://hstspreload.org/. This option
|
||||||
|
# will add the domain to a hardcoded list that is shipped
|
||||||
|
# in all major browsers and getting removed from this list
|
||||||
|
# could take several months.
|
||||||
|
#add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
|
||||||
|
'';
|
||||||
|
locations."/".proxyPass = "http://voyager.home.feal.no/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,35 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
domain = "pihole.home.feal.no";
|
||||||
|
dnsHost = "192.168.10.175";
|
||||||
|
webuiListen = "127.0.1.2:5053";
|
||||||
|
in {
|
||||||
|
# Flame - Homelab dashboard/linktree
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
pihole = {
|
||||||
|
image = "pihole/pihole";
|
||||||
|
ports = [
|
||||||
|
"${dnsHost}:53:53/tcp"
|
||||||
|
"${dnsHost}:53:53/udp"
|
||||||
|
"${webuiListen}:80"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.TZ = "Europe/Oslo";
|
||||||
|
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/pihole/etc:/etc/pihole"
|
||||||
|
"/var/lib/pihole/dnsmasq:/etc/dnsmasq.d"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://${webuiListen}";
|
||||||
|
extraConfig = ''
|
||||||
|
rewrite /(.*) /admin/$1 break;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
enableTCPIP = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
# enable = true;
|
||||||
|
location = "/data/backup/postgresql/";
|
||||||
|
startAt = "*-*-* 03:15:00";
|
||||||
|
backupAll = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ config.services.postgresql.package ];
|
||||||
|
}
|
|
@ -3,7 +3,7 @@ let
|
||||||
cfg = config.services.vaultwarden;
|
cfg = config.services.vaultwarden;
|
||||||
domain = "pw.feal.no";
|
domain = "pw.feal.no";
|
||||||
address = "127.0.0.1";
|
address = "127.0.0.1";
|
||||||
port = 3011; # Note! The websocket port is left as default
|
port = 3011; # Note: The websocket port is left as default(3012)
|
||||||
in {
|
in {
|
||||||
sops.secrets."vaultwarden/admintoken" = {
|
sops.secrets."vaultwarden/admintoken" = {
|
||||||
owner = "vaultwarden";
|
owner = "vaultwarden";
|
||||||
|
@ -20,27 +20,30 @@ in {
|
||||||
rocketAddress = address;
|
rocketAddress = address;
|
||||||
rocketPort = port;
|
rocketPort = port;
|
||||||
websocketEnabled = true;
|
websocketEnabled = true;
|
||||||
databaseUrl = "postgresql://vaultwarden@localhost/vaultwarden?sslmode=disable";
|
# databaseUrl = "postgresql://vaultwarden:@localhost/vaultwarden?sslmode=disable";
|
||||||
|
databaseUrl = "postgresql://vaultwarden@/vaultwarden";
|
||||||
|
|
||||||
signupsAllowed = false;
|
signupsAllowed = false;
|
||||||
rocketLog = "critical";
|
|
||||||
|
|
||||||
# This example assumes a mailserver running on localhost,
|
|
||||||
# thus without transport encryption.
|
|
||||||
# If you use an external mail server, follow:
|
|
||||||
# https://github.com/dani-garcia/vaultwarden/wiki/SMTP-configuration
|
|
||||||
/* SMTP_HOST = "127.0.0.1"; */
|
|
||||||
/* SMTP_PORT = 25; */
|
|
||||||
/* SMTP_SSL = false; */
|
|
||||||
|
|
||||||
/* SMTP_FROM = "admin@bitwarden.example.com"; */
|
|
||||||
/* SMTP_FROM_NAME = "example.com Bitwarden server"; */
|
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
ensureDatabases = [ "vaultwarden" ];
|
||||||
|
ensureUsers = [{
|
||||||
|
name = "vaultwarden";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
listen = [
|
||||||
|
{ addr = "192.168.10.175"; port = 43443; ssl = true; }
|
||||||
|
{ addr = "192.168.10.175"; port = 43080; ssl = false; }
|
||||||
|
];
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
client_max_body_size 128M;
|
client_max_body_size 128M;
|
||||||
'';
|
'';
|
||||||
|
@ -57,13 +60,4 @@ in {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.postgresql = {
|
|
||||||
ensureDatabases = [ "vaultwarden" ];
|
|
||||||
ensureUsers = [{
|
|
||||||
name = "vaultwarden";
|
|
||||||
ensurePermissions = {
|
|
||||||
"DATABASE \"vaultwarden\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
}
|
}
|
|
@ -0,0 +1,43 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
../../base.nix
|
||||||
|
../../common/metrics-exporters.nix
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./desktop.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
virtualisation.docker.enable = true;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "edison";
|
||||||
|
defaultGateway = "192.168.10.1";
|
||||||
|
|
||||||
|
# Networking / Wi-Fi is configured with NM for now. TODO
|
||||||
|
networkmanager.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
console.keyMap = "us";
|
||||||
|
|
||||||
|
# sops.defaultSopsFile = ../../secrets/edison/edison.yaml;
|
||||||
|
|
||||||
|
environment.variables = { EDITOR = "vim"; };
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
pavucontrol
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.steam.enable = true;
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||||
|
"nvidia-x11"
|
||||||
|
"nvidia-settings"
|
||||||
|
"steam"
|
||||||
|
"steam-original"
|
||||||
|
"steam-run"
|
||||||
|
];
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,55 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
services.xserver = {
|
||||||
|
enable = true;
|
||||||
|
desktopManager.xfce.enable = true;
|
||||||
|
videoDrivers = [ "nvidia" ];
|
||||||
|
layout = "us,no";
|
||||||
|
xkbVariant = "intl";
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
xfce.xfce4-pulseaudio-plugin
|
||||||
|
];
|
||||||
|
|
||||||
|
services.picom.enable = true;
|
||||||
|
hardware.opengl.enable = true;
|
||||||
|
|
||||||
|
services.pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
jack.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
fontDir.enable = true;
|
||||||
|
packages = with pkgs; [
|
||||||
|
noto-fonts
|
||||||
|
noto-fonts-emoji
|
||||||
|
noto-fonts-cjk-sans
|
||||||
|
font-awesome
|
||||||
|
fira-code
|
||||||
|
hack-font
|
||||||
|
(nerdfonts.override {
|
||||||
|
fonts = [
|
||||||
|
"Hack"
|
||||||
|
];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Remote:
|
||||||
|
services.xrdp = {
|
||||||
|
enable = true;
|
||||||
|
defaultWindowManager = "xfce4-session";
|
||||||
|
openFirewall = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.flatpak.enable = true;
|
||||||
|
users.users."felixalb".packages = [ pkgs.flatpak ];
|
||||||
|
xdg.portal = {
|
||||||
|
enable = true;
|
||||||
|
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -5,32 +5,37 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelModules = [ ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
fileSystems."/" =
|
||||||
{ device = "/dev/disk/by-uuid/f7086b7c-581e-40d4-90c0-47cb767395c7";
|
{ device = "/dev/disk/by-uuid/14b254e1-d94f-4b9b-a910-7fcf7e33af46";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{ device = "/dev/disk/by-uuid/4303-A70F";
|
{ device = "/dev/disk/by-uuid/A197-7913";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices =
|
||||||
|
[ { device = "/dev/disk/by-uuid/d56040a0-3009-4899-95fa-1b82e60e32e4"; }
|
||||||
|
];
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
networking.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
bat
|
||||||
|
bottom
|
||||||
|
mumble
|
||||||
|
ncdu
|
||||||
|
neofetch
|
||||||
|
nix-index
|
||||||
|
];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./../../home/base.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
|
||||||
|
alacritty.enable = true;
|
||||||
|
firefox.enable = true;
|
||||||
|
rofi.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
}
|
|
@ -10,94 +10,40 @@
|
||||||
./wireguard.nix
|
./wireguard.nix
|
||||||
./exports.nix
|
./exports.nix
|
||||||
|
|
||||||
#./vms.nix
|
./services/snappymail.nix
|
||||||
|
./services/calibre.nix
|
||||||
|
./services/fancontrol.nix
|
||||||
|
./services/jellyfin.nix
|
||||||
|
./services/kanidm.nix
|
||||||
|
./services/nextcloud.nix
|
||||||
./services/nginx
|
./services/nginx
|
||||||
./services/postgres.nix
|
./services/postgres.nix
|
||||||
./services/kanidm.nix
|
./services/timemachine.nix
|
||||||
./services/matrix
|
|
||||||
./services/jellyfin.nix
|
|
||||||
./services/transmission.nix
|
./services/transmission.nix
|
||||||
./services/metrics
|
|
||||||
./services/flame.nix
|
|
||||||
./services/gitea.nix
|
|
||||||
./services/hedgedoc.nix
|
|
||||||
./services/vaultwarden.nix
|
|
||||||
./services/calibre.nix
|
|
||||||
# ./services/code-server.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "voyager";
|
hostName = "voyager";
|
||||||
defaultGateway = "192.168.10.1";
|
bridges.br0.interfaces = [ "eno1" ];
|
||||||
nameservers = [ "192.168.11.100" "1.1.1.1" ];
|
interfaces.br0.useDHCP = false;
|
||||||
interfaces.eno1.ipv4 = {
|
interfaces.br0.ipv4.addresses = [
|
||||||
addresses = [
|
|
||||||
{ address = "192.168.10.165"; prefixLength = 24; }
|
{ address = "192.168.10.165"; prefixLength = 24; }
|
||||||
];
|
];
|
||||||
};
|
|
||||||
hostId = "8e84b235";
|
hostId = "8e84b235";
|
||||||
|
defaultGateway = "192.168.10.1";
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/voyager/voyager.yaml;
|
sops.defaultSopsFile = ../../secrets/voyager/voyager.yaml;
|
||||||
|
|
||||||
environment.variables = { EDITOR = "vim"; };
|
environment.variables = { EDITOR = "vim"; };
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
((vim_configurable.override { }).customize{
|
|
||||||
name = "vim";
|
|
||||||
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
|
|
||||||
start = [ vim-nix vim-lastplace vim-commentary ];
|
|
||||||
opt = [];
|
|
||||||
};
|
|
||||||
vimrcConfig.customRC = ''
|
|
||||||
" your custom vimrc
|
|
||||||
set number
|
|
||||||
set relativenumber
|
|
||||||
set nu rnu
|
|
||||||
set signcolumn=number
|
|
||||||
|
|
||||||
set hlsearch
|
|
||||||
set smartcase
|
|
||||||
set incsearch
|
|
||||||
|
|
||||||
set autoindent
|
|
||||||
set expandtab
|
|
||||||
set shiftwidth=2
|
|
||||||
set tabstop=2
|
|
||||||
set smartindent
|
|
||||||
set smarttab
|
|
||||||
|
|
||||||
set ruler
|
|
||||||
|
|
||||||
set undolevels=1000
|
|
||||||
|
|
||||||
set nocompatible
|
|
||||||
set backspace=indent,eol,start
|
|
||||||
" Turn on syntax highlighting by default
|
|
||||||
syntax on
|
|
||||||
" ...
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
)
|
|
||||||
zfs
|
zfs
|
||||||
screen
|
|
||||||
exa
|
|
||||||
];
|
];
|
||||||
|
|
||||||
/* virtualisation.podman = { */
|
|
||||||
/* enable = true; */
|
|
||||||
/* dockerCompat = true; # Make `docker` shell alias */
|
|
||||||
/* defaultNetwork.settings.dns_enabled = true; */
|
|
||||||
/* }; */
|
|
||||||
|
|
||||||
/* virtualisation.oci-containers.backend = "podman"; */
|
|
||||||
|
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
virtualisation.oci-containers.backend = "docker";
|
virtualisation.oci-containers.backend = "docker";
|
||||||
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 22 ];
|
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -5,17 +5,23 @@
|
||||||
device = "/tank/backup/riker";
|
device = "/tank/backup/riker";
|
||||||
options = [ "bind" ];
|
options = [ "bind" ];
|
||||||
};
|
};
|
||||||
|
"/export/defiant-backup" = {
|
||||||
|
device = "/tank/backup/defiant";
|
||||||
|
options = [ "bind" ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enable nfs4 only
|
# Enable nfs4 only
|
||||||
services.nfs.server = {
|
services.nfs.server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
exports = ''
|
exports = ''
|
||||||
/export 192.168.10.4(rw,fsid=0,no_subtree_check) 192.168.10.5(rw,fsid=0,no_subtree_check) 192.168.10.2(rw,fsid=0,no_subtree_check)
|
/export 192.168.10.4(rw,fsid=0,no_subtree_check) 192.168.10.5(rw,fsid=0,no_subtree_check) 192.168.10.2(rw,fsid=0,no_subtree_check) 192.168.10.175(rw,fsid=0,no_subtree_check)
|
||||||
/export/riker-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash)
|
/export/riker-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash)
|
||||||
/export/doyle-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash)
|
/export/doyle-backup 192.168.10.2(rw,nohide,no_subtree_check,no_root_squash)
|
||||||
|
/export/defiant-backup 192.168.10.175(rw,nohide,no_subtree_check,async,no_root_squash)
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 2049 ];
|
networking.firewall.allowedTCPPorts = [ 111 2049 20048 ];
|
||||||
|
networking.firewall.allowedUDPPorts = [ 111 20048];
|
||||||
}
|
}
|
||||||
|
|
|
@ -36,6 +36,4 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Network mounts (export)
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,7 +29,6 @@
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
# networking.interfaces.eno2.useDHCP = lib.mkDefault true;
|
||||||
# networking.interfaces.idrac.useDHCP = lib.mkDefault true;
|
# networking.interfaces.idrac.useDHCP = lib.mkDefault true;
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
{ pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
bat
|
||||||
|
bottom
|
||||||
|
ncdu
|
||||||
|
neofetch
|
||||||
|
];
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./../../home/base.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
programs = {
|
||||||
|
zsh.shellAliases."rebuild" = "sudo nixos-rebuild switch --flake /config";
|
||||||
|
};
|
||||||
|
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
}
|
|
@ -0,0 +1,108 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mkDefault mkEnableOption mkForce mkIf mkOption mkPackageOption generators types;
|
||||||
|
|
||||||
|
cfg = config.services.snappymail;
|
||||||
|
maxUploadSize = "256M";
|
||||||
|
in {
|
||||||
|
options.services.snappymail = {
|
||||||
|
enable = mkEnableOption (lib.mdDoc "Snappymail");
|
||||||
|
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.snappymail;
|
||||||
|
defaultText = lib.mdDoc "pkgs.snappymail";
|
||||||
|
description = lib.mdDoc "Which snappymail package to use.";
|
||||||
|
};
|
||||||
|
|
||||||
|
dataDir = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "/var/lib/snappymail";
|
||||||
|
description = "State directory for snappymail";
|
||||||
|
};
|
||||||
|
|
||||||
|
hostname = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
/* default = null; */
|
||||||
|
example = "mail.example.com";
|
||||||
|
description = "Enable nginx with this hostname, null disables nginx";
|
||||||
|
};
|
||||||
|
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "snappymail";
|
||||||
|
description = lib.mdDoc "System user under which snappymail runs";
|
||||||
|
};
|
||||||
|
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "snappymail";
|
||||||
|
description = lib.mdDoc "System group under which snappymail runs";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
users.users = mkIf (cfg.user == "snappymail") {
|
||||||
|
snappymail = {
|
||||||
|
description = "Snappymail service";
|
||||||
|
group = cfg.group;
|
||||||
|
home = cfg.dataDir;
|
||||||
|
useDefaultShell = true;
|
||||||
|
createHome = true;
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups = mkIf (cfg.group == "snappymail") {
|
||||||
|
snappymail = {};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.phpfpm.pools.snappymail = {
|
||||||
|
user = cfg.user;
|
||||||
|
group = cfg.group;
|
||||||
|
phpOptions = generators.toKeyValue {} {
|
||||||
|
upload_max_filesize = maxUploadSize;
|
||||||
|
post_max_size = maxUploadSize;
|
||||||
|
memory_limit = maxUploadSize;
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
"listen.owner" = config.services.nginx.user;
|
||||||
|
"listen.group" = config.services.nginx.group;
|
||||||
|
"pm" = "ondemand";
|
||||||
|
"pm.max_children" = 32;
|
||||||
|
"pm.process_idle_timeout" = "10s";
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = mkIf (cfg.hostname != null) {
|
||||||
|
virtualHosts."${cfg.hostname}" = {
|
||||||
|
locations."/".extraConfig = ''
|
||||||
|
index index.php;
|
||||||
|
autoindex on;
|
||||||
|
autoindex_exact_size off;
|
||||||
|
autoindex_localtime on;
|
||||||
|
'';
|
||||||
|
locations."^~ /data".extraConfig = ''
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
|
locations."~ \.php$".extraConfig = ''
|
||||||
|
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.snappymail.socket};
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size ${maxUploadSize};
|
||||||
|
'';
|
||||||
|
|
||||||
|
root = if (cfg.package == pkgs.snappymail) then
|
||||||
|
pkgs.snappymail.override {
|
||||||
|
dataPath = cfg.dataDir;
|
||||||
|
}
|
||||||
|
else cfg.package;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,5 +1,4 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
domain = "books.home.feal.no";
|
domain = "books.home.feal.no";
|
||||||
storage = "/tank/media/books";
|
storage = "/tank/media/books";
|
||||||
|
|
|
@ -0,0 +1,63 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
systemd.timers."fancontrol" = {
|
||||||
|
wantedBy = [ "timers.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar="*:0/3";
|
||||||
|
Unit = "fancontrol.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."fancontrol" = {
|
||||||
|
environment = {
|
||||||
|
TEMP_MIN_FALLING = "50";
|
||||||
|
TEMP_MAX_RISING = "56";
|
||||||
|
TEMP_CRIT = "70";
|
||||||
|
|
||||||
|
LOW_FAN_SPEED = "0x10";
|
||||||
|
};
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
SET_FAN_MANUAL="0x30 0x30 0x01 0x00" # Enable manual control
|
||||||
|
SET_FAN_AUTO="0x30 0x30 0x01 0x01" # Disable manual control
|
||||||
|
|
||||||
|
SET_FAN_LOW="0x30 0x30 0x02 0xff $LOW_FAN_SPEED"
|
||||||
|
SET_FAN_MAX="0x30 0x30 0x02 0xff 0x64" # force 100%
|
||||||
|
|
||||||
|
|
||||||
|
# Get all temperatures readings starting with "Temp ", find all two digit numbers followed by spaces, find the largest one, trim the trailing space
|
||||||
|
maxcoretemp=$(${pkgs.ipmitool}/bin/ipmitool sdr type temperature | grep '^Temp ' | grep -Po '\d{2} ' | sort -nr | head -n1 | xargs)
|
||||||
|
|
||||||
|
# Verify that we read a valid number
|
||||||
|
ISNUMBER='^[0-9]+$'
|
||||||
|
if ! [[ $maxcoretemp =~ $ISNUMBER ]] ; then
|
||||||
|
echo "Error: could not read temperature" >&2
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Highest measured CPU temperature: '$maxcoretemp'"
|
||||||
|
|
||||||
|
if [ "$maxcoretemp" -gt "$TEMP_CRIT" ]; then
|
||||||
|
echo "TOO HOT, CRITICAL CPU TEMP"
|
||||||
|
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
|
||||||
|
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MAX
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$maxcoretemp" -gt "$TEMP_MAX_RISING" ]; then
|
||||||
|
echo "TOO HOT, switching to IDRAC fan controL"
|
||||||
|
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_AUTO
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$maxcoretemp" -lt "$TEMP_MIN_FALLING" ]; then
|
||||||
|
echo "Sufficiently cooled, stepping down fans"
|
||||||
|
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_MANUAL
|
||||||
|
${pkgs.ipmitool}/bin/ipmitool raw $SET_FAN_LOW
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Temperature is between limits, doing nothing..."
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,22 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
host = "127.0.1.2";
|
|
||||||
port = "5005";
|
|
||||||
in {
|
|
||||||
# Flame - Homelab dashboard/linktree
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
flame = {
|
|
||||||
image = "pawelmalak/flame";
|
|
||||||
ports = [ "${host}:${port}:5005" ];
|
|
||||||
volumes = [
|
|
||||||
"/var/lib/flame/data:/app/data/"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.nginx.virtualHosts."flame.home.feal.no" = {
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://${host}:${port}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,97 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.services.hedgedoc.settings;
|
|
||||||
domain = "md.feal.no";
|
|
||||||
port = 3300;
|
|
||||||
host = "0.0.0.0";
|
|
||||||
authServerUrl = config.services.kanidm.serverSettings.origin;
|
|
||||||
in {
|
|
||||||
# Contains CMD_SESSION_SECRET and CMD_OAUTH2_CLIENT_SECRET
|
|
||||||
sops.secrets."hedgedoc/env" = {
|
|
||||||
restartUnits = [ "hedgedoc.service" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
services.hedgedoc = {
|
|
||||||
enable = true;
|
|
||||||
environmentFile = config.sops.secrets."hedgedoc/env".path;
|
|
||||||
settings = {
|
|
||||||
inherit domain port host;
|
|
||||||
protocolUseSSL = true;
|
|
||||||
sessionSecret = "$CMD_SESSION_SECRET";
|
|
||||||
|
|
||||||
allowFreeURL = true;
|
|
||||||
allowAnonymous = false;
|
|
||||||
allowAnonymousEdits = true; # Allow anonymous edits with the "freely" permission
|
|
||||||
|
|
||||||
dbURL = "postgres://hedgedoc:@localhost/hedgedoc";
|
|
||||||
|
|
||||||
email = false;
|
|
||||||
oauth2 = {
|
|
||||||
baseURL = "${authServerUrl}/oauth2";
|
|
||||||
tokenURL = "${authServerUrl}/oauth2/token";
|
|
||||||
authorizationURL = "${authServerUrl}/ui/oauth2";
|
|
||||||
userProfileURL = "${authServerUrl}/oauth2/openid/hedgedoc/userinfo";
|
|
||||||
|
|
||||||
clientID = "hedgedoc";
|
|
||||||
clientSecret = "$CMD_OAUTH2_CLIENT_SECRET";
|
|
||||||
scope = "openid email profile";
|
|
||||||
userProfileUsernameAttr = "name";
|
|
||||||
userProfileEmailAttr = "email";
|
|
||||||
userProfileDisplayNameAttr = "displayname";
|
|
||||||
|
|
||||||
providerName = "KaniDM";
|
|
||||||
};
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.hedgedoc = {
|
|
||||||
requires = [
|
|
||||||
"postgresql.service"
|
|
||||||
"kanidm.service"
|
|
||||||
];
|
|
||||||
serviceConfig = let
|
|
||||||
workDir = "/var/lib/hedgedoc";
|
|
||||||
in {
|
|
||||||
WorkingDirectory = lib.mkForce workDir;
|
|
||||||
StateDirectory = lib.mkForce [ "hedgedoc" "hedgedoc/uploads" ];
|
|
||||||
|
|
||||||
# Better safe than sorry :)
|
|
||||||
CapabilityBoundingSet = "";
|
|
||||||
LockPersonality = true;
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
PrivateDevices = true;
|
|
||||||
PrivateMounts = true;
|
|
||||||
PrivateTmp = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
ProtectClock = true;
|
|
||||||
ProtectHome = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectProc = "invisible";
|
|
||||||
ProtectSystem = "strict";
|
|
||||||
ReadWritePaths = [ workDir ];
|
|
||||||
RemoveIPC = true;
|
|
||||||
RestrictSUIDSGID = true;
|
|
||||||
UMask = "0007";
|
|
||||||
RestrictAddressFamilies = [ "AF_UNIX AF_INET AF_INET6" ];
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
SystemCallFilter = "~@clock @cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @setuid @swap";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ port ];
|
|
||||||
|
|
||||||
services.postgresql = {
|
|
||||||
ensureDatabases = [ "hedgedoc" ];
|
|
||||||
ensureUsers = [{
|
|
||||||
name = "hedgedoc";
|
|
||||||
ensurePermissions = {
|
|
||||||
"DATABASE \"hedgedoc\"" = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,33 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
services.mx-puppet-discord = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
serviceDependencies = [
|
|
||||||
"matrix-synapse.service"
|
|
||||||
"postgresql.service"
|
|
||||||
];
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
bridge = {
|
|
||||||
bindAddress = "localhost";
|
|
||||||
domain = "feal.no";
|
|
||||||
homeserverUrl = "https://matrix.feal.no";
|
|
||||||
# homeserverUrl = "http://127.0.1.2:8008";
|
|
||||||
|
|
||||||
port = 8434;
|
|
||||||
enableGroupSync = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
database.connString = "postgresql://mx-puppet-discord@localhost/mx-puppet-discord?sslmode=disable";
|
|
||||||
|
|
||||||
provisioning.whitelist = [ "@felixalb:feal\\.no" ];
|
|
||||||
relay.whitelist = [ ".*" ];
|
|
||||||
selfService.whitelist = [ "@felixalb:feal\\.no" ];
|
|
||||||
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.matrix-synapse.settings.app_service_config_files = [ /var/lib/mx-puppet-discord/discord-registration.yaml ];
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
{ config, ... }:
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./synapse.nix
|
|
||||||
# ./bridge-facebook.nix
|
|
||||||
# ./bridge-discord.nix
|
|
||||||
# ./element.nix
|
|
||||||
# ./coturn.nix
|
|
||||||
# ./discord.nix
|
|
||||||
];
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./prometheus.nix
|
|
||||||
./grafana.nix
|
|
||||||
./loki.nix
|
|
||||||
#./snmp-exporter.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -0,0 +1,88 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.nextcloud;
|
||||||
|
hostName = "cloud.feal.no";
|
||||||
|
in {
|
||||||
|
services.nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.nextcloud28;
|
||||||
|
inherit hostName;
|
||||||
|
home = "/var/lib/nextcloud";
|
||||||
|
https = true;
|
||||||
|
webfinger = true;
|
||||||
|
|
||||||
|
config = {
|
||||||
|
dbtype = "pgsql";
|
||||||
|
dbuser = "nextcloud";
|
||||||
|
dbhost = "/run/postgresql";
|
||||||
|
dbname = "nextcloud";
|
||||||
|
adminuser = "ncadmin";
|
||||||
|
adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
|
||||||
|
trustedProxies = [ "192.168.10.175" ]; # defiant
|
||||||
|
defaultPhoneRegion = "NO";
|
||||||
|
};
|
||||||
|
|
||||||
|
# phpOptions = {
|
||||||
|
# "opcache.interned_strings_buffer" = "16";
|
||||||
|
# "upload_max_filesize" = "4G";
|
||||||
|
# "post_max_size" = "4G";
|
||||||
|
# "memory_limit" = "4G";
|
||||||
|
# };
|
||||||
|
|
||||||
|
poolSettings = {
|
||||||
|
"pm" = "ondemand";
|
||||||
|
"pm.max_children" = 32;
|
||||||
|
"pm.process_idle_timeout" = "10s";
|
||||||
|
"pm.max_requests" = 500;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ cfg.occ ];
|
||||||
|
|
||||||
|
sops.secrets."nextcloud/adminpass" = {
|
||||||
|
mode = "0440";
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
restartUnits = [ "phpfpm-nextcloud.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
ensureDatabases = [ "nextcloud" ];
|
||||||
|
ensureUsers = [ {
|
||||||
|
name = "nextcloud";
|
||||||
|
ensureDBOwnership = true;
|
||||||
|
} ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."nextcloud-setup" = {
|
||||||
|
requires = [ "postgresql.service" ];
|
||||||
|
after = [ "postgresql.service" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."phpfpm-nextcloud".serviceConfig = {
|
||||||
|
WorkingDirectory = "/var/lib/nextcloud";
|
||||||
|
NoNewPrivileges = true;
|
||||||
|
PrivateDevices = true;
|
||||||
|
PrivateMounts = true;
|
||||||
|
PrivateTmp = true;
|
||||||
|
ProtectClock = true;
|
||||||
|
ProtectHome = true;
|
||||||
|
ProtectHostname = true;
|
||||||
|
ProtectKernelLogs = true;
|
||||||
|
ProtectKernelModules = true;
|
||||||
|
ProtectKernelTunables = true;
|
||||||
|
ProtectProc = "invisible";
|
||||||
|
ReadWritePaths = [ "/var/lib/nextcloud" "/run/phpfpm" "/run/systemd" "/run/secrets" "/nix/store" ];
|
||||||
|
RemoveIPC = true;
|
||||||
|
RestrictSUIDSGID = true;
|
||||||
|
UMask = "0007";
|
||||||
|
SystemCallArchitectures = "native";
|
||||||
|
SystemCallFilter = "@system-service";
|
||||||
|
CapabilityBoundingSet = "~CAP_FSETID ~CAP_SETFCAP ~CAP_SETUID ~CAP_SETGID ~CAP_SETPCAP ~CAP_NET_ADMIN ~CAP_SYS_ADMIN ~CAP_SYS_PTRACE ";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/var/lib/nextcloud" = {
|
||||||
|
device = "/tank/nextcloud";
|
||||||
|
options = [ "bind "];
|
||||||
|
};
|
||||||
|
}
|
|
@ -4,6 +4,8 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
enableReload = true;
|
enableReload = true;
|
||||||
|
|
||||||
|
clientMaxBodySize = "100m";
|
||||||
|
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
recommendedTlsSettings = true;
|
recommendedTlsSettings = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
|
@ -11,5 +13,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
/* security.acme = { */
|
||||||
|
/* acceptTerms = true; */
|
||||||
|
/* email = "felix@albrigtsen.it"; */
|
||||||
|
/* }; */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports = [ ../modules/snappymail.nix ];
|
||||||
|
|
||||||
|
services.snappymail = {
|
||||||
|
enable = true;
|
||||||
|
hostname = "mail.home.feal.no";
|
||||||
|
};
|
||||||
|
services.nginx.virtualHosts."${config.services.snappymail.hostname}" = let
|
||||||
|
certPath = "/etc/ssl-snakeoil/mail_home_feal_no";
|
||||||
|
in {
|
||||||
|
addSSL = true;
|
||||||
|
|
||||||
|
sslCertificate = "${certPath}.crt";
|
||||||
|
sslCertificateKey = "${certPath}.key";
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,42 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
timeMachineDir = "/tank/backup/worf";
|
||||||
|
user = "worf-backup";
|
||||||
|
sizeLimit = "800000"; # MiB
|
||||||
|
allowedIPs = "192.168.10.2 192.168.10.5"; #TODO
|
||||||
|
in {
|
||||||
|
services.avahi = {
|
||||||
|
enable = true;
|
||||||
|
publish = {
|
||||||
|
enable = true;
|
||||||
|
userServices = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.netatalk = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
Global = {
|
||||||
|
"mimic model" = "TimeCapsule6,106"; # show the icon for the first gen TC
|
||||||
|
"hosts allow" = allowedIPs;
|
||||||
|
};
|
||||||
|
|
||||||
|
"worf-time-machine" = {
|
||||||
|
"time machine" = "yes";
|
||||||
|
"path" = timeMachineDir;
|
||||||
|
"valid users" = user;
|
||||||
|
"vol size limit" = sizeLimit;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.extraUsers.worf-backup = {
|
||||||
|
isSystemUser = true;
|
||||||
|
name = user;
|
||||||
|
group = user;
|
||||||
|
};
|
||||||
|
users.groups."${user}" = {};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 548 636 ];
|
||||||
|
}
|
|
@ -0,0 +1,142 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
# Many settings should be handled by home manager. System-wide settings are however managed here.
|
||||||
|
imports = [
|
||||||
|
./yabai.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
# gc = {
|
||||||
|
# automatic = true;
|
||||||
|
# options = "--delete-older-than 2d";
|
||||||
|
# };
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
allow-dirty = true;
|
||||||
|
experimental-features = [ "nix-command" "flakes" "repl-flake" ];
|
||||||
|
auto-optimise-store = true;
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
log-lines = 50;
|
||||||
|
};
|
||||||
|
|
||||||
|
buildMachines = [
|
||||||
|
{
|
||||||
|
hostName = "voyager.home.feal.no";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
|
||||||
|
maxJobs = 4;
|
||||||
|
supportedFeatures = [ "kvm" "big-parallel" "benchmark" "nixos-test" ];
|
||||||
|
mandatoryFeatures = [ ];
|
||||||
|
|
||||||
|
sshUser = "felixalb";
|
||||||
|
sshKey = "/var/root/.ssh/nix-builder";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostName = "defiant.home.feal.no";
|
||||||
|
system = "x86_64-linux";
|
||||||
|
|
||||||
|
maxJobs = 6;
|
||||||
|
supportedFeatures = [ "big-parallel" "benchmark" "nixos-test" ];
|
||||||
|
mandatoryFeatures = [ ];
|
||||||
|
|
||||||
|
sshUser = "felixalb";
|
||||||
|
sshKey = "/var/root/.ssh/nix-builder";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
distributedBuilds = true;
|
||||||
|
extraOptions = "builders-use-substitutes = true";
|
||||||
|
};
|
||||||
|
|
||||||
|
# System packages for all users
|
||||||
|
environment = {
|
||||||
|
systemPackages = with pkgs; [
|
||||||
|
findutils
|
||||||
|
gnugrep
|
||||||
|
jq
|
||||||
|
ripgrep
|
||||||
|
sshfs
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
variables = {
|
||||||
|
EDITOR = "nvim";
|
||||||
|
VISUAL = "nvim";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.felixalb = {
|
||||||
|
home = "/Users/felixalb";
|
||||||
|
shell = pkgs.zsh;
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.zsh.enable = true;
|
||||||
|
system.activationScripts.postActivation.text = ''sudo chsh -s ${pkgs.zsh}/bin/zsh''; # Since it's not possible to declare default shell, run this command after build
|
||||||
|
|
||||||
|
|
||||||
|
fonts = {
|
||||||
|
fontDir.enable = true;
|
||||||
|
fonts = with pkgs; [
|
||||||
|
noto-fonts
|
||||||
|
font-awesome
|
||||||
|
fira-code
|
||||||
|
hack-font
|
||||||
|
|
||||||
|
(nerdfonts.override {
|
||||||
|
fonts = [
|
||||||
|
"Hack"
|
||||||
|
];
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
system.defaults = {
|
||||||
|
# login window settings
|
||||||
|
loginwindow = {
|
||||||
|
# disable guest account
|
||||||
|
GuestEnabled = false;
|
||||||
|
# show name instead of username
|
||||||
|
SHOWFULLNAME = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
finder = {
|
||||||
|
AppleShowAllExtensions = true;
|
||||||
|
FXEnableExtensionChangeWarning = true;
|
||||||
|
_FXShowPosixPathInTitle = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
# firewall settings
|
||||||
|
alf = {
|
||||||
|
# 0 = disabled 1 = enabled 2 = blocks all connections except for essential services
|
||||||
|
globalstate = 1;
|
||||||
|
loggingenabled = 0;
|
||||||
|
stealthenabled = 1;
|
||||||
|
};
|
||||||
|
|
||||||
|
# dock settings
|
||||||
|
dock = {
|
||||||
|
autohide = true;
|
||||||
|
autohide-delay = 0.0;
|
||||||
|
autohide-time-modifier = 1.0;
|
||||||
|
tilesize = 45;
|
||||||
|
static-only = false;
|
||||||
|
showhidden = false;
|
||||||
|
show-recents = false;
|
||||||
|
show-process-indicators = true;
|
||||||
|
orientation = "bottom";
|
||||||
|
mru-spaces = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.keyboard = {
|
||||||
|
enableKeyMapping = true;
|
||||||
|
remapCapsLockToControl = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Auto upgrade nix package and the daemon service.
|
||||||
|
services.nix-daemon.enable = true;
|
||||||
|
nix.package = pkgs.nix;
|
||||||
|
}
|
|
@ -0,0 +1,82 @@
|
||||||
|
{ pkgs
|
||||||
|
, lib
|
||||||
|
, inputs
|
||||||
|
, config
|
||||||
|
, ...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
./../../home/base.nix
|
||||||
|
./../../home/alacritty.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
# alacritty
|
||||||
|
emacs
|
||||||
|
iterm2
|
||||||
|
spotify
|
||||||
|
ripes
|
||||||
|
prismlauncher
|
||||||
|
|
||||||
|
bat
|
||||||
|
bottom
|
||||||
|
cocoapods
|
||||||
|
gnutar
|
||||||
|
ncdu
|
||||||
|
neofetch
|
||||||
|
nix-index
|
||||||
|
nodejs
|
||||||
|
tldr
|
||||||
|
eza
|
||||||
|
zellij
|
||||||
|
|
||||||
|
pandoc
|
||||||
|
texlive.combined.scheme-full
|
||||||
|
|
||||||
|
(python311.withPackages (ps: with ps; [
|
||||||
|
pygments
|
||||||
|
|
||||||
|
jupyter
|
||||||
|
numpy
|
||||||
|
scipy
|
||||||
|
|
||||||
|
pwntools
|
||||||
|
pycryptodome
|
||||||
|
requests
|
||||||
|
]))
|
||||||
|
];
|
||||||
|
|
||||||
|
programs.zsh = {
|
||||||
|
shellAliases."rebuild" = "darwin-rebuild switch --flake /Users/felixalb/nix";
|
||||||
|
prezto.pmodules = [ "ssh" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Ctrl+y + ,
|
||||||
|
programs.neovim.plugins = with pkgs.vimPlugins; [ coc-emmet emmet-vim ];
|
||||||
|
|
||||||
|
# Copy Applications to ~/Applications to allow them to be launched from Spotlight
|
||||||
|
disabledModules = [ "targets/darwin/linkapps.nix" ];
|
||||||
|
home.activation = lib.mkIf pkgs.stdenv.isDarwin {
|
||||||
|
copyApplications =
|
||||||
|
let
|
||||||
|
apps = pkgs.buildEnv {
|
||||||
|
name = "home-manager-applications";
|
||||||
|
paths = config.home.packages;
|
||||||
|
pathsToLink = "/Applications";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
lib.hm.dag.entryAfter [ "writeBoundary" ] ''
|
||||||
|
baseDir="$HOME/Applications/Home Manager Apps"
|
||||||
|
if [ -d "$baseDir" ]; then
|
||||||
|
rm -rf "$baseDir"
|
||||||
|
fi
|
||||||
|
mkdir -p "$baseDir"
|
||||||
|
for appFile in ${apps}/Applications/*; do
|
||||||
|
target="$baseDir/$(basename "$appFile")"
|
||||||
|
$DRY_RUN_CMD cp ''${VERBOSE_ARG:+-v} -fHRL "$appFile" "$baseDir"
|
||||||
|
$DRY_RUN_CMD chmod ''${VERBOSE_ARG:+-v} -R +w "$target"
|
||||||
|
done
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
home.stateVersion = "23.05";
|
||||||
|
}
|
|
@ -0,0 +1,129 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.yabai;
|
||||||
|
sketchybar-app-font = pkgs.callPackage ./../../common/sketchybar-app-font.nix {};
|
||||||
|
in {
|
||||||
|
services.yabai = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.yabai;
|
||||||
|
enableScriptingAddition = true;
|
||||||
|
config = {
|
||||||
|
layout = "bsp";
|
||||||
|
debug_output = "on";
|
||||||
|
focus_follows_mouse = "autoraise";
|
||||||
|
mouse_follows_focus = "off";
|
||||||
|
|
||||||
|
window_placement = "second_child";
|
||||||
|
window_opacity = "off";
|
||||||
|
window_border = "on";
|
||||||
|
window_border_width = 1;
|
||||||
|
window_border_blur = "off";
|
||||||
|
normal_window_border_color = "0xff404066";
|
||||||
|
active_window_border_color = "0xffff2020";
|
||||||
|
|
||||||
|
window_border_radius = 0;
|
||||||
|
|
||||||
|
# top_padding = 10;
|
||||||
|
# bottom_padding = 10;
|
||||||
|
# left_padding = 10;
|
||||||
|
# right_padding = 10;
|
||||||
|
window_gap = 0;
|
||||||
|
|
||||||
|
external_bar = "all:40:0";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.skhd = {
|
||||||
|
enable = true;
|
||||||
|
skhdConfig = let
|
||||||
|
mod = "alt";
|
||||||
|
mod2 = "alt + ctrl";
|
||||||
|
mod3 = "alt + shift";
|
||||||
|
mod4 = "alt + cmd";
|
||||||
|
in ''
|
||||||
|
# Move window focus
|
||||||
|
${mod} - j : yabai -m window --focus south
|
||||||
|
${mod} - k : yabai -m window --focus north
|
||||||
|
${mod} - h : yabai -m window --focus west
|
||||||
|
${mod} - l : yabai -m window --focus east
|
||||||
|
|
||||||
|
${mod} - down : yabai -m window --focus south
|
||||||
|
${mod} - up : yabai -m window --focus north
|
||||||
|
${mod} - left : yabai -m window --focus west
|
||||||
|
${mod} - right : yabai -m window --focus east
|
||||||
|
|
||||||
|
# Move windows
|
||||||
|
${mod3} - j : yabai -m window --warp south
|
||||||
|
${mod3} - k : yabai -m window --warp north
|
||||||
|
${mod3} - h : yabai -m window --warp west
|
||||||
|
${mod3} - l : yabai -m window --warp east
|
||||||
|
|
||||||
|
${mod3} - down : yabai -m window --warp south
|
||||||
|
${mod3} - up : yabai -m window --warp north
|
||||||
|
${mod3} - left : yabai -m window --warp west
|
||||||
|
${mod3} - right : yabai -m window --warp east
|
||||||
|
|
||||||
|
# Move windows to different spaces
|
||||||
|
${mod2} - 1 : yabai -m window --space 1
|
||||||
|
${mod2} - 2 : yabai -m window --space 2
|
||||||
|
${mod2} - 3 : yabai -m window --space 3
|
||||||
|
${mod2} - 4 : yabai -m window --space 4
|
||||||
|
${mod2} - 5 : yabai -m window --space 5
|
||||||
|
${mod2} - 6 : yabai -m window --space 6
|
||||||
|
${mod2} - 7 : yabai -m window --space 7
|
||||||
|
|
||||||
|
# Switch spaces
|
||||||
|
ctrl - left : yabai -m space --focus prev
|
||||||
|
ctrl - right : yabai -m space --focus next
|
||||||
|
|
||||||
|
ctrl - 1 : yabai -m space --focus 1
|
||||||
|
ctrl - 2 : yabai -m space --focus 2
|
||||||
|
ctrl - 3 : yabai -m space --focus 3
|
||||||
|
ctrl - 4 : yabai -m space --focus 4
|
||||||
|
ctrl - 5 : yabai -m space --focus 5
|
||||||
|
ctrl - 6 : yabai -m space --focus 6
|
||||||
|
ctrl - 7 : yabai -m space --focus 7
|
||||||
|
|
||||||
|
# Resize windows
|
||||||
|
${mod2} - j : yabai -m window --resize bottom:0:20
|
||||||
|
${mod2} - k : yabai -m window --resize bottom:0:-20
|
||||||
|
${mod2} - h : yabai -m window --resize right:-20:0
|
||||||
|
${mod2} - l : yabai -m window --resize right:20:0
|
||||||
|
|
||||||
|
${mod2} - down : yabai -m window --resize bottom:0:20
|
||||||
|
${mod2} - up : yabai -m window --resize bottom:0:-20
|
||||||
|
${mod2} - left : yabai -m window --resize right:-20:0
|
||||||
|
${mod2} - right : yabai -m window --resize right:20:0
|
||||||
|
|
||||||
|
# Move windows to different displays
|
||||||
|
${mod2} + cmd - 1 : yabai -m window --display 1
|
||||||
|
${mod2} + cmd - 2 : yabai -m window --display 2
|
||||||
|
${mod2} + cmd - 3 : yabai -m window --display 3
|
||||||
|
|
||||||
|
# Fullscreen
|
||||||
|
${mod2} - f : yabai -m window --toggle zoom-fullscreen
|
||||||
|
${mod2} + shift - f : yabai -m window --toggle native-fullscreen
|
||||||
|
|
||||||
|
# Mirror layout
|
||||||
|
${mod2} - m : yabai -m space --mirror y-axis
|
||||||
|
|
||||||
|
# Misc.
|
||||||
|
${mod2} - b : yabai -m space --balance
|
||||||
|
${mod2} - space : yabai -m window --toggle float --grid 4:4:1:1:2:2
|
||||||
|
${mod2} - return : yabai -m window --toggle split
|
||||||
|
|
||||||
|
# Launch terminal
|
||||||
|
cmd - return : open -n -a ${pkgs.alacritty}/Applications/Alacritty.app
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.sketchybar = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.sketchybar;
|
||||||
|
# The config is handled outside of nix, and is placed in ~/.config/sketchybar
|
||||||
|
};
|
||||||
|
|
||||||
|
fonts.fonts = [
|
||||||
|
sketchybar-app-font
|
||||||
|
];
|
||||||
|
}
|
|
@ -0,0 +1,36 @@
|
||||||
|
matrix:
|
||||||
|
synapse:
|
||||||
|
registrationsecret: ENC[AES256_GCM,data:6gRW6t080VSyNRAmIrMqXL/oj7dj0JbcQekG3lac7zcdvJbgkUaqEGoWdrym2XiEOSLBOVMthnpLdalC2wcyJdmxB7xMNsYS4RfjR3PMKIo1Ap7JSmuKBl3eeaOalHk=,iv:dZl4/qFMoqEbSwL4JF/sjG21e6DuKVxbXwrGHkxfW4U=,tag:LWdCcmUUeTO4YAHkHOSJuw==,type:str]
|
||||||
|
hedgedoc:
|
||||||
|
env: ENC[AES256_GCM,data:7UU8MNo3AEpG1L0lpbfow4mGsIj7qMgtldCxv2T8rimintl1PN+avb2yxXz2P+1MqxNhacYYfBn5AkVqUJvAvo/HaQmsu+M1iFuMG6vEQuMGZZ1bjcslKxjVFWe9Rxzb9O33jqielsBiUmkP7f0MoGzfdyncpRuGjge+ADL7YXdRdH2zyDLW0txM3P593MQYiGo9wzwb7ZpycX4NsuE=,iv:4QE4RwD6c7KQS/w15YP/P2u7iOTWd36/YhpA2Jtdu0U=,tag:QBvO3q5C9TK0oSeso367/Q==,type:str]
|
||||||
|
vaultwarden:
|
||||||
|
admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhQXEzMHQzaTU2YW85Yjhh
|
||||||
|
eDZ1eG15UytULzhYaTBZemlRak5USmVrMlhRCmtOUmNqYS9xa0VHU2J1V0E0NjN0
|
||||||
|
ZDRhek9xNXJNY0FhZUJCVjJpYW1ZNHcKLS0tIER3OFlyV2Q3b2l0RkkzVkZMaHdt
|
||||||
|
MHI3WEV0RnZvWGw5a3BIV21kMlJxdU0Kpa1mjuwYoyk8Qfsst1k/pGGONYQf/sdZ
|
||||||
|
kfTZV2btleBISsP5aBDTF+I4AJZesumJuNVA0gPsI88GaQuf3rqb8w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjRi9mRDMvcDhBN3RVcG90
|
||||||
|
Q2Y5NGhTVmVOaW9VRTl0R25QQXJsb2FQOTFrCnNsL0M2OTQ1KzJKSXJaVlVrL01v
|
||||||
|
R1RnOURGcDU3V2JldTdlRitQeDBIZE0KLS0tIHB2T3ZGQjZZRUlUL0FUSzhoZ1Ez
|
||||||
|
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
|
||||||
|
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-12-29T22:35:52Z"
|
||||||
|
mac: ENC[AES256_GCM,data:wLuNSHMesuGxoYH4km/NkX58JcZgXCoQW5veh+wL8A3vmWg+HGkcnWLxhGPetG4fhdORkurr+/l803Y3Fq79C5C3JyMSZEI5ba9LL9SLnJsTu9B+sro6DRp0xCX8kvY/Hfl23jsg8NcJ2QoiE0eHMJ5LftSydSNPefnkzSz70UU=,iv:r8Cv2kOf2T3WwXLpDyTVDG+O6RcIhv+juIteCgR+Zlc=,tag:EoaPXCOprA5yBtnyORmXvA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -0,0 +1,41 @@
|
||||||
|
matrix:
|
||||||
|
synapse:
|
||||||
|
registrationsecret: ENC[AES256_GCM,data:hXLNFkvMe21RlT1wgQvsBeyxtn+0yLK5bYUeMQbV/1bVtl6nvoInZ1qP7wz8MoWhFiAq1ZwxE2bjDfxXdkL8YSvNHlhdbFD1nJBP51mci9SQE/xLaMh7Aqtos0swdKw=,iv:uIxuhhaTpCRQQ/fP16J50cKCSbAD+KYO3a2kb70BX2M=,tag:EqD5jeZvCcJJCrBcG0YjsA==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1sjk38fy5dk2nn0q0rmxuvr9uw3ttgz7mq4632f8jllzqryft0y3s46j65k
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNHA3eFNxWjd4a2tOcEl3
|
||||||
|
Q3N3YXNSd0IrNm53QUtJWmFlNlRqb1ZsQ0VFCkZCanRYdEZZZWY4SFNWNDlBUEth
|
||||||
|
Umk0UkxReWhrTmw5RkxzTzhDdzQ5WTQKLS0tIDMyK2t6dTVPaWlGUjRRT3ZHSUJC
|
||||||
|
VjBsbEFiakZKL1BGMlp3TXM3SUhuRFUKEppZj9LpW2axFg6yN0R8i/GV8OywK9ha
|
||||||
|
NDDFqw1x+8e++Mec7uN737oYo3nsFZJG7pMxFbuXBol2RUfZ0GLuwQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4RGFnVE1Va2hYUWt4L0dk
|
||||||
|
QjY0cFl6Z2JjK0ZtNzRhZVNpQkRrOG9JKzE4CmhXZ0xiZkp3K3VXQnhSOExxTXZq
|
||||||
|
NjBVQlVBKzhJaFRKeFZ5OE13VVhlc1EKLS0tIFdaaFZ6ZnZZQkl1dW5sT0hkdjlN
|
||||||
|
M0F4TmtTeXVTeWdpUVdNNlNGTmZMOFUKCsULF8MXQ7DkTGpXVbiJtmErHK6ve08N
|
||||||
|
av/z7DlzdGeUhlL5Jk/jonGr0Ixhtlvn+MqrVFGBIB+6OqOi2eDX/Q==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyWUNlOGZmZnRWMXprV2hV
|
||||||
|
OTNZdU02aVJBUlMwQTFFTnUzekFXTVBlYWs0CmtOYmhJRDlTSm42NFZoSEZlclhR
|
||||||
|
bFN6NEUwUG9jQ3d3Z2JzcWNIandOa1UKLS0tIDlwZVBIdi9LVjVsaFhNeEplNk4v
|
||||||
|
SzRrQ0hZMnZFWHRuTWErWDQ3M2NJOG8KDphp0PenVKK6cZ4V4VUHL5A64wNF0vi7
|
||||||
|
gkvXBWSakJX5ONssN2aaXTfoHY5QrRJG4Rj4ZM0Bdm7WrIPdBFONrw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-10-13T22:50:20Z"
|
||||||
|
mac: ENC[AES256_GCM,data:ktGFV+oNBMIKNCVLXZtrxn8HbvgjmXTRmAWuDQaNyMIIWvnTvd5IQBivG1kCimVr96RFl6RWTMWH4nqHVFlo0jxQfx8KUVXmaO7dfp4Ri+ZKMLu33HmLfwHiStnYRwPCAtwG/AXx9SXl0SAL5S+xHSl4mnShbyYfLAHibccYros=,iv:JeMtQ5uxYzpqr1eHZrLTNqhizjOCaixNg8VFcwjY2Y8=,tag:gHfRDBezAwzCqmEhayVYEg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -0,0 +1,40 @@
|
||||||
|
hedgedoc:
|
||||||
|
env: ENC[AES256_GCM,data:IE1Lp1Lx0ctKIyV9z0rJWIouaHvstEyhcFO6KLNliN2FHKYNlfggrXEwxT+UwNUvEyuN6p+nCOLc48pAxODLHdl+DuTtwmqb14lbiwS6s/CPxlkJvcUnkauFOhuk45qXOhu4rz9sdtA7vSjMXEGmi55bJNAB+AD+oIVgtDEYa/cNkAaGJltxClx3KjCyfmOnN69ZuL81ewOnk5dq8ms=,iv:HBdiT0I9vKgs0es3jluYP0j8lr0YS4seLQmZvj7Bs40=,tag:pqEjkBWeSMtA4QDXpYDKSg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1yjc08ykd5d687p9tmn6mpsna3azryreuuz6akj2p0dtft9xqq5lsuamljk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCc3lUVW1PNTNoRm4xbzBI
|
||||||
|
OTlBK1MzaHE1cU1UTEN2TkNlU3dVVXZSUXpBCjhISjdBSnZVSnhyckFoVXdJK3N1
|
||||||
|
cE9GanNRcExpckRJbEtPWkFvVFgwZ3MKLS0tIHhhb1A2dU5BbFpmK0d5Yi9yMDZY
|
||||||
|
c1lwVWNibW1PVTFEYlVkYzNKL2pmR3MK0WEvII7d3VUr53uFf/leic1JsALinG4G
|
||||||
|
PSXfzvhywVf+C1/YgE5HJH9pPhIDigLFins09UWt1RDVuwfdmXPJwA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMYkdUMmpDTmtzZHExT3RM
|
||||||
|
d3UxZy9DTzRjcHVrNHB6OTBNOHFkV25GV1JjCk1BU1poZ090U3ZJV0xuMEdIcDE0
|
||||||
|
MHYrbk9VYWlsdWg0bmpVY1pVUmJFTm8KLS0tIExoUG9aMy8rWlBvUXNZcGhUd0FC
|
||||||
|
dEpEWEJZdTMrOTZxVU1JcFN6Nlo5QzQKdo4cKvw7fBmGqsi2ALOEbdRVngzPGhte
|
||||||
|
5AC1PAX85a8r6DA/8etSKjXVh/wEdEs85+qKDgKKJSNqNG+nlzF+wQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxYU05cHJOUkZib3B3UHc3
|
||||||
|
dDdDTUlFK1pudHFubTNLMTQ3WDZKeERCRld3ClhCOVpEcjhDQWt6NGxDMXNVSlk0
|
||||||
|
QVhSdnFRc2hqZmZQUEFVR25BNWdYMDQKLS0tICt0bXp6SXpqbFlTdkxWMGlGK0Nw
|
||||||
|
enQ5UjA2ZVBGcUFCenhYckVjanVOeE0KT0NPv0yGmreBQzozp9z5tOtY9Awo5ajs
|
||||||
|
y00uxfBVUgQkhNYCUQ5j9vzMv2U5vDncHox07rEl7YqdlzjJzbuupA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-10-05T21:56:24Z"
|
||||||
|
mac: ENC[AES256_GCM,data:7n8WFY6fWEwEeF91CNzDbqJm/hx+Nm+A+uKmHN5r9zbwgkKNPuf+aX3bACkGDyI/B2XN6TxEGl3Gc2MnF3ZTazbRkaZE06gS3bPmosHIZkw1CCkJdgD5KM5y8Nffj4Dzdmu86Z1W74FkV29aAFF1BtYSRalBCJ+2kxWabSPTT2Y=,iv:mfpwBmI11ysnIK+xPt8J3n7FEWedRS1WW5HxTmGxCas=,tag:X8gUuKw+tRTm82NvhC5grw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
|
@ -8,19 +8,14 @@
|
||||||
#ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment]
|
#ENC[AES256_GCM,data:T+pI1ogtfjo57NrOvCuhbs//,iv:mqkwAHWxqvt9XkQX0EKXQyJrK5KOCVDpva1Ok37XvKc=,tag:qrp2QeNrJSDr3ECN6cBDiA==,type:comment]
|
||||||
#ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment]
|
#ENC[AES256_GCM,data:46+Qt0FRlg2tN8A=,iv:4y5C0S75gp4qFFkJ4lOMcPbftOLyzB12wApqNOFYan4=,tag:T/4zLU7d90GkzDohJd2XTg==,type:comment]
|
||||||
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
#ENC[AES256_GCM,data:fvJA2s0OEs7PDOr/,iv:HlO9MCqBHtz1Hm9tILlEsJ2gfgTPThmmyoCXlGyy/9Y=,tag:7L1Kl4RgAFG+WLvtk30nYQ==,type:comment]
|
||||||
hedgedoc:
|
|
||||||
env: ENC[AES256_GCM,data:QaDReiDztJhu8n+Sa2SE9XjQS+YIMvQFqY5nSXKPUBrHk3tvEzmST8ZjjthruGWdKoEDQT0phR2KV660Hza8WQNajC85slVIQK2HFXKK8xYn5qeMQj5U1m85rmSjMNg6Rdb+rCQFWiM2KRfdkiWiAzcgOvGd2ziX3oE4tTTpBs2Jy70B+eXEVqZvYajQUyQZItCPb7BUhkhv8rVbI0Q=,iv:3ZcWie2pwfvUsXhQo1Zlpbq6r85OOWASKiwzfY30BHM=,tag:NyH6w9MQPUWvue/wo8LmAg==,type:str]
|
|
||||||
transmission:
|
transmission:
|
||||||
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
|
vpncreds: ENC[AES256_GCM,data:KWm6AGlJze0Of9Nkz0moaQCAXMwylsZ+BIZR4BnbuDRbjKRMJSWCOFBSbG3esGprLhoCnYwc9mghSeoP2AQRAT++sERpxX3JTHF9QuauNmhRWb1xLsOfQAu6vsA/0dTshQr8ivhJSnEz57rasdOraovYjVsRXd7cuclajPoS4nl3+1/IrSkAlxNzx8F0PMmyOrvoPVMmqQ4PcKFfkXc1f59O2iJ19Bmt/x5yIxU=,iv:VAYlqL8Pb5J4g+W3QClrgRftYw5UofXmG9cfEsZdLr4=,tag:zJIxYaGEedFjM8IsBfnQog==,type:str]
|
||||||
matrix:
|
|
||||||
synapse:
|
|
||||||
registrationsecret: ENC[AES256_GCM,data:lrj4itbDdfwSJYlvgYbWy2bcgNj69DJA2gzLUiN2AINRfoprsZI7kbNvJO0E2FVPWrfcB6HSHqomgIi6G+77NoyPOSTzzI6aHMvt4Ups6/KpQFpR2QV3VykzADoagWs=,iv:GiuT4lAD8/ZPgTVwXUaHmjSvzHqnGPzAuwxFBlzU8O0=,tag:79tuTluST8E6gigm9Z7nEQ==,type:str]
|
|
||||||
wireguard:
|
wireguard:
|
||||||
wg0:
|
wg0:
|
||||||
public: ENC[AES256_GCM,data:jKkYH9giZJ09/hFWF0UgM8TSvQ/qrkSbhCOhHG5Ze2WI8MLZaNzZMQSgWHM=,iv:VI48j/DzQez+L4oW2vUHj8FqDpTAd5P/71ih4D/3I54=,tag:9m23ruMSkFsTbxj9dAD9eg==,type:str]
|
public: ENC[AES256_GCM,data:jKkYH9giZJ09/hFWF0UgM8TSvQ/qrkSbhCOhHG5Ze2WI8MLZaNzZMQSgWHM=,iv:VI48j/DzQez+L4oW2vUHj8FqDpTAd5P/71ih4D/3I54=,tag:9m23ruMSkFsTbxj9dAD9eg==,type:str]
|
||||||
private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str]
|
private: ENC[AES256_GCM,data:XF89i1/TF5CpOvixwFDNOpke0YdWQDAMbvf/jOGR7iHKzz4OJu7K33lQbObT,iv:tVGdkkUU83Ba7VxHa7AJaIHFETp2Dy72dya3FDjnPZY=,tag:h9IJVeGnK7gABbu9hWZpww==,type:str]
|
||||||
vaultwarden:
|
nextcloud:
|
||||||
admintoken: ENC[AES256_GCM,data:mJDiu0tgJQmvmJcJMULmctJvPN6/uM9VaoigHOMFkve9Vd3IMrpDmyJq+ibLpul+hw4PlLARjRzOxdZVcX7AB+uOOOrypppOIfvYC6U=,iv:YcyYLEHeIsCchcEy+fOMiQi8Cgf24AwQDpL7fhogNEU=,tag:1SqpNvuPhfjYIjvvRV34/Q==,type:str]
|
adminpass: ENC[AES256_GCM,data:r2Z6KsQ1hP90/Bf8J804a5D7BTS7,iv:f3TkiPVxw8lAPcyStWqOZuhF4p/5nUPkzL2j/yjsnyg=,tag:c2JWdxZUjkHQWNWDILBrRQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -30,23 +25,32 @@ sops:
|
||||||
- recipient: age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
- recipient: age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZml2bXBjSUYrMW5RcnFl
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOUxoemtPaURCdGdhSmc4
|
||||||
MTRzM1p2L1JMTGJCamk1RHczOStQUjlFSDFzCmdGTDYrYUhJUjAyYWdkclgwazNt
|
RWZKNlduSVQxTmJPQ29YVDFIUHQ0bTkvdVJJCjgySTFKd1kvVk1pbnJCbi9JWENW
|
||||||
UWVqY0JxYXh3cXVyNjlSZ2h6c0R4REEKLS0tIDZHY0F6M0lOZ1JRelp3Umx0aW4x
|
MmxhVGVtanNWNGppZ1dPcjJSdmhYdXcKLS0tIGRTSGxvelZwbE9sR0JpeExSaStE
|
||||||
cjRUa2szZGZuSnhjd3hCNmYvV0tXTmMKlYuaUIvwTv8NpaoBYVva4jbRemkFTdfU
|
dytwYnN5bkt5b0lla0ljcW15bU1NMWsKimYSeyPLuqVE2hTh8PNZwI1+Rq/cR10i
|
||||||
yP4J5RyUry83aVlHFQ2f7neBpWc6A2rePl3XuEQxSggl13hh71H+nw==
|
nJuRRCuL01ACJVypn57k6/wakLO84/+dyjazrjleUsEpQB2K3wBAkg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
- recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOG5GSDd4R09mZ2QvT0dy
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1RDeDE3UytQWlhJcStD
|
||||||
YnIxMWNBL3huMXNmcjV0a1VlS0FxS1JtSFVjCmthenVlYytjZklxNk43YlR5NExG
|
djVTM09UK3FBQThhc1BvWVhBeEVPU2RTdUcwCnNQcnlScnhUUmpSV2tnWGZSam1H
|
||||||
aVQ2K1ZsbHdWTm91d1JvNDVsYW1FSEkKLS0tIFpTeG1zcVRpWWlWUE1abllKR1BW
|
cTdIZ0tiR3lvaWUzSVE2OUI0Q1FGYVEKLS0tIDlRdkpmSGk2UFRxclQ5b2lJRG5y
|
||||||
THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh
|
b3BLS0o4WXQxdW1PR0dPa0NLamJOTEEKY66UiTF6+hJtfMB8tPge8Xaz9riB2veK
|
||||||
u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g==
|
WEsq72StufeZDjGxkhAGOTZHg9poG6YgBFnt+PMbe9DACfVbAfPP2Q==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-06-08T21:22:10Z"
|
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||||
mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str]
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NXBlZk5DbW1VSHBPZVBq
|
||||||
|
UmVDNU9tMkdHMW04aloyQlpCUHdCS1JYcWpzCmRXNnFzSnFNZ2ZIVXJRMGJvaVV6
|
||||||
|
WitBeGorNU5Mb2VWRE5WTkx6dzQ5QUkKLS0tIHhVM1lmbkNBWXExUlBXd0pzTHVD
|
||||||
|
NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB
|
||||||
|
4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-01-03T11:58:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:17G+wUFH0yV9dQo7kLoMiI7UMBVfj8HbqE0p26/LZ5N0wbLyXKt5YdXQPG8rC22fgHdgePFgIl6qxI2KWgy0bwgBtg9kTxjaKDHkdEs8KKTxbjUXYeIp2JonIH9j3GgN/wa7kABr4QyhDmKhlLupi0ea2A51fDSuhYZDN2kl5As=,iv:XNhmnQJEww6PfHI80bl8LKoiiJdJQcezy71kQZx4oys=,tag:02+GjhSRxw4+qNNjlxPbqA==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.7.3
|
version: 3.8.1
|
||||||
|
|
|
@ -0,0 +1,61 @@
|
||||||
|
let
|
||||||
|
unstable = import (fetchTarball https://nixos.org/channels/nixos-unstable/nixexprs.tar.xz) { };
|
||||||
|
in { pkgs ? import <nixpkgs> {} }:
|
||||||
|
pkgs.mkShell {
|
||||||
|
nativeBuildInputs = with pkgs; [
|
||||||
|
python3
|
||||||
|
(with python3Packages; [
|
||||||
|
beautifulsoup4
|
||||||
|
numpy
|
||||||
|
pillow
|
||||||
|
pwntools
|
||||||
|
pycryptodome
|
||||||
|
requests
|
||||||
|
])
|
||||||
|
|
||||||
|
nodejs
|
||||||
|
php
|
||||||
|
|
||||||
|
bat
|
||||||
|
binwalk
|
||||||
|
coreutils
|
||||||
|
gnugrep
|
||||||
|
gnutar
|
||||||
|
ripgrep
|
||||||
|
curl
|
||||||
|
#sxiv
|
||||||
|
feh
|
||||||
|
|
||||||
|
ghidra
|
||||||
|
pwninit
|
||||||
|
|
||||||
|
metasploit
|
||||||
|
sqlmap
|
||||||
|
|
||||||
|
exiftool
|
||||||
|
steghide
|
||||||
|
# stegsolve
|
||||||
|
|
||||||
|
dig
|
||||||
|
nmap
|
||||||
|
rustscan
|
||||||
|
thc-hydra
|
||||||
|
|
||||||
|
# davtest
|
||||||
|
# cadaver
|
||||||
|
httpie
|
||||||
|
|
||||||
|
john
|
||||||
|
hashcat
|
||||||
|
|
||||||
|
] ++ lib.optionals (pkgs.stdenv.isLinux) [
|
||||||
|
sage
|
||||||
|
gdb
|
||||||
|
pwndbg
|
||||||
|
ropgadget
|
||||||
|
ropper
|
||||||
|
wireshark
|
||||||
|
tcpdump
|
||||||
|
];
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue