+lkk-admin

This commit is contained in:
m3tam3re 2024-05-15 12:06:11 +02:00
parent ac76e6f10b
commit 2e4aa2d0d6
89 changed files with 64 additions and 2226 deletions

View File

@ -63,22 +63,6 @@
"type": "github" "type": "github"
} }
}, },
"dotfiles": {
"flake": false,
"locked": {
"lastModified": 1713941143,
"narHash": "sha256-xkjxhTUToZ5KOT46te2q+59k7hgMmVxlhomvYrWCD+Y=",
"ref": "refs/heads/master",
"rev": "9c79f4672bee385c7ae0c69153a60103627e12c2",
"revCount": 12,
"type": "git",
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
},
"original": {
"type": "git",
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -289,7 +273,6 @@
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"dotfiles": "dotfiles",
"fh": "fh", "fh": "fh",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",

165
flake.nix
View File

@ -13,121 +13,72 @@
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*.tar.gz"; fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*.tar.gz";
deploy-rs.url = "github:serokell/deploy-rs"; deploy-rs.url = "github:serokell/deploy-rs";
dotfiles.url = "git+https://code.m3tam3re.com/m3tam3re/dotfiles.git";
dotfiles.flake = false; # Use this if your dotfiles repo is not a flake
}; };
outputs = { outputs = { self, nixpkgs, fh, home-manager, agenix, deploy-rs, ... }@inputs:
self, let
dotfiles, inherit (self) outputs;
nixpkgs, lib = nixpkgs.lib;
fh, systems = [
home-manager, "aarch64-linux"
agenix, "i686-linux"
deploy-rs, "x86_64-linux"
... "aarch64-darwin"
} @ inputs: let "x86_64-darwin"
inherit (self) outputs; ];
lib = nixpkgs.lib; in {
systems = [ overlays = import ./overlays { inherit inputs; };
"aarch64-linux" nixosConfigurations = {
"i686-linux" lkk-nix-1 = lib.nixosSystem rec {
"x86_64-linux" specialArgs = { inherit inputs outputs; };
"aarch64-darwin" modules = [ ./hosts/lkk-nix-1 agenix.nixosModules.default ];
"x86_64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter =
forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
overlays = import ./overlays {inherit inputs;};
nixosConfigurations = {
lkk-nix-1 = lib.nixosSystem rec {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/lkk-nix-1 agenix.nixosModules.default];
};
m3-r1 = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/m3-r1 agenix.nixosModules.default];
};
lkk-prod-1 = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/lkk-prod-1 agenix.nixosModules.default];
};
lkk-prod-2 = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/lkk-prod-2 agenix.nixosModules.default];
};
m3-nix = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/m3-nix agenix.nixosModules.default];
};
};
homeConfigurations = {
# Laptop
"m3tam3re@m3-nix" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {inherit inputs outputs;};
modules = [./home/users/m3tam3re/m3-nix.nix];
};
"m3tam3re@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
# pass things to t
}; };
modules = [./home/users/m3tam3re/lkk-nix-1.nix]; lkk-prod-1 = lib.nixosSystem {
}; specialArgs = { inherit inputs outputs; };
"m3tam3re@m3-r1" = home-manager.lib.homeManagerConfiguration { modules = [ ./hosts/lkk-prod-1 agenix.nixosModules.default ];
pkgs = nixpkgs.legacyPackages."x86_64-linux"; };
extraSpecialArgs = { lkk-prod-2 = lib.nixosSystem {
# pass things to t specialArgs = { inherit inputs outputs; };
modules = [ ./hosts/lkk-prod-2 agenix.nixosModules.default ];
}; };
modules = [./home/users/m3tam3re/m3-r1.nix];
}; };
}; homeConfigurations = {
deploy.nodes.lkk-nix-1 = { # Laptop
hostname = "lkk-nix-1"; "lkk-admin@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
sshUser = "root"; pkgs = nixpkgs.legacyPackages."x86_64-linux";
profiles.system = { extraSpecialArgs = {
user = "root"; # pass things to t
path = };
deploy-rs.lib.x86_64-linux.activate.nixos modules = [ ./home/users/lkk-admin/lkk-nix-1.nix ];
self.nixosConfigurations.lkk-nix-1; };
}; };
}; deploy.nodes.lkk-nix-1 = {
deploy.nodes.m3-r1 = { hostname = "lkk-nix-1";
hostname = "m3-r1"; sshUser = "root";
sshUser = "root"; profiles.system = {
activationTimeout = 600; user = "root";
profiles.system = { path = deploy-rs.lib.x86_64-linux.activate.nixos
user = "root"; self.nixosConfigurations.lkk-nix-1;
path = };
deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.m3-r1;
}; };
}; deploy.nodes.lkk-prod-1 = {
deploy.nodes.lkk-prod-1 = { hostname = "lkk-prod-1";
hostname = "lkk-prod-1"; sshUser = "root";
sshUser = "root"; profiles.system = {
profiles.system = { user = "root";
user = "root"; path = deploy-rs.lib.x86_64-linux.activate.nixos
path = self.nixosConfigurations.lkk-prod-1;
deploy-rs.lib.x86_64-linux.activate.nixos };
self.nixosConfigurations.lkk-prod-1;
}; };
}; deploy.nodes.lkk-prod-2 = {
deploy.nodes.lkk-prod-2 = { hostname = "lkk-prod-2";
hostname = "lkk-prod-2"; sshUser = "root";
sshUser = "root"; profiles.system = {
profiles.system = { user = "root";
user = "root"; path = deploy-rs.lib.x86_64-linux.activate.nixos
path = self.nixosConfigurations.lkk-prod-2;
deploy-rs.lib.x86_64-linux.activate.nixos };
self.nixosConfigurations.lkk-prod-2;
}; };
deploy.remoteBuild = true;
}; };
deploy.remoteBuild = true;
};
} }

View File

@ -1,12 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }: {
imports = [ imports = [ ./fish.nix ./starship.nix ];
./fish.nix
./neofetch.nix
./secrets.nix
./scripts.nix
./starship.nix
./zellij.nix
];
programs.zoxide = { programs.zoxide = {
enable = true; enable = true;
@ -53,7 +46,6 @@
just just
lf lf
nix-index nix-index
open-interpreter
procs procs
progress progress
ripgrep ripgrep
@ -61,7 +53,6 @@
trash-cli trash-cli
tree tree
unzip unzip
wttrbar
zip zip
]; ];
} }

View File

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.neofetch;
in {
options.features.cli.neofetch.enable = mkEnableOption "enable neofetch";
config = mkIf cfg.enable {
home.packages = with pkgs; [neofetch];
};
}

View File

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = [pkgs.zellij-ps];}

View File

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.secrets;
in {
options.features.cli.secrets.enable = mkEnableOption "enable secrets";
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package =
pkgs.pass-wayland.withExtensions
(exts: [exts.pass-otp exts.pass-import]);
};
home.packages = with pkgs; [pinentry];
};
}

View File

@ -1,17 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.zellij;
in {
options.features.cli.zellij.enable = mkEnableOption "enable tmux";
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
};
};
}

View File

@ -1,13 +0,0 @@
{pkgs, ...}: {
imports = [./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix];
home.packages = with pkgs; [
cachix
cmake
gcc
ispell
guile_3_0
tinyscheme
python3
];
}

View File

@ -1,8 +0,0 @@
{pkgs, ...}: {
services.emacs.enable = true;
programs.emacs = {
enable = true;
package = pkgs.emacs29;
extraPackages = epkgs: [epkgs.vterm];
};
}

View File

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
gopls
];
}

View File

@ -1,9 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
appimage-run
deploy-rs
nil
nix-prefetch-git
nixfmt
];
}

View File

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = with pkgs; [nodejs];}

View File

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = with pkgs; [];}

View File

@ -1,10 +0,0 @@
{pkgs, ...}: {
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
};
};
home.packages = with pkgs; [insomnia hugo pandoc];
}

View File

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.crypto;
in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq-desktop monero-gui trezor-suite];
};
}

View File

@ -1,153 +0,0 @@
{ pkgs, ... }: {
imports = [
./crypto.nix
./design.nix
./extrafonts.nix
./media.nix
./office.nix
./theme.nix
./syncthing.nix
./wayland.nix
./wofi.nix
];
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = [ "org.gnome.FileRoller.desktop" ];
"application/csv" = [ "calc.desktop" ];
"application/pdf" = [ "okularApplication_pdf.desktop" ];
"x-scheme-handler/org-protocol" = [ "org-protocol.desktop" ];
};
defaultApplications = {
"application/zip" = [ "org.gnome.FileRoller.desktop" ];
"application/csv" = [ "calc.desktop" ];
"application/pdf" = [ "okularApplication_pdf.desktop" ];
"x-scheme-handler/org-protocol" = [ "org-protocol.desktop" ];
};
};
userDirs = {
enable = true;
createDirectories = true;
};
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
TERMINAL = "alacritty";
QT_QPA_PLATFORM = "wayland";
};
home.sessionPath =
[ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" ];
fonts.fontconfig.enable = true;
services.mako = {
enable = true;
backgroundColor = "#282a36";
textColor = "#80FFEA";
borderColor = "#9742b5";
width = 400;
height = 150;
padding = "10,20";
borderRadius = 8;
borderSize = 1;
margin = "20,20";
};
programs.alacritty = {
enable = true;
settings = {
env.TERM = "xterm-256color";
font = {
size = 12;
#draw_bold_text_with_bright_colors = true;
};
scrolling.multiplier = 5;
selection.save_to_clipboard = true;
colors = {
primary = {
background = "0x22212c";
#foregound = "0xf8f8f2";
};
cursor = {
text = "0x454158";
cursor = "0xf8f8f2";
};
selection = {
text = "0xf8f8f2";
background = "0x454158";
};
normal = {
black = "0x22212c";
red = "0xff9580";
green = "0x8aff80";
yellow = "0xffff80";
blue = "0x9580ff";
magenta = "0xff80bf";
cyan = "0x80ffea";
white = "0xf8f8f2";
};
bright = {
black = "0x22212c";
red = "0xffaa99";
green = "0xa2ff99";
yellow = "0xffff99";
blue = "0xaa99ff";
magenta = "0xff99cc";
cyan = "0x99ffee";
white = "0xffffff";
};
};
};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 20;
};
home.packages = with pkgs; [
appimage-run
anytype
blueberry
brave
brightnessctl
clipman
distrobox
eww
gnome.file-roller
gnome.seahorse
gnome.sushi
glib
gsettings-desktop-schemas
graphviz
hyprpaper
ksnip
nwg-look
pamixer
pavucontrol
libsForQt5.qtstyleplugins
nyxt
pcmanfm
qt5ct
qt6.qtwayland
rustdesk
socat
unrar
unzip
usbutils
v4l-utils
remmina
wl-clipboard
wlogout
wtype
xdg-utils
ydotool
zip
];
}

View File

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.design;
in {
options.features.desktop.design.enable = mkEnableOption "enable design tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
argyllcms
cyan
gimp
gimpPlugins.gmic
gmic
gmic-qt
imagemagick
inkscape
lcms2
];
};
}

View File

@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.extrafonts;
in {
options.features.desktop.extrafonts.enable = mkEnableOption "install additional fonts for desktop apps";
config = mkIf cfg.enable {
home.packages = with pkgs; [
emacs-all-the-icons-fonts
fira-code
fira-code-symbols
fira-code-nerdfont
font-manager
font-awesome_5
noto-fonts
];
};
}

View File

@ -9,19 +9,10 @@ in {
home.packages = with pkgs; [ home.packages = with pkgs; [
audacity audacity
ffmpeg_6-full ffmpeg_6-full
gphoto2
handbrake
stable.libsForQt5.kdenlive
makemkv
mediainfo mediainfo
mpv mpv
plexamp
spotify
uxplay uxplay
vlc vlc
webcord
youtube-dl
unimatrix
]; ];
programs.obs-studio = { programs.obs-studio = {

View File

@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.office.enable =
mkEnableOption "enable office features";
config = mkIf cfg.enable {
home.packages = with pkgs; [libreoffice neomutt pdftk okular zathura];
};
}

View File

@ -1,21 +1,7 @@
{ { pkgs, lib, outputs, ... }: {
pkgs,
lib,
outputs,
...
}: {
imports = [ imports = [
# #
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [ alacritty brave libreoffice libnotify firefox ];
alacritty
brave
libreoffice
nextcloud-client
xclip
libnotify
espanso
firefox
];
} }

View File

@ -1,4 +0,0 @@
{pkgs, ...}: {
services.syncthing = {enable = true;};
home.packages = with pkgs; [syncthingtray-minimal];
}

View File

@ -1,17 +0,0 @@
{pkgs, ...}: {
qt = {
enable = true;
platformTheme = "gtk";
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
iconTheme = {
name = "Dracula";
package = pkgs.dracula-icon-theme;
};
};
}

View File

@ -1,15 +0,0 @@
{ inputs, config, lib, pkgs, ... }: {
programs.waybar = { enable = true; };
home.packages = with pkgs; [
grim
hypridle
hyprlock
mimeo
pulseaudio
slurp
waypipe
wf-recorder
wl-mirror
ydotool
];
}

View File

@ -1,7 +0,0 @@
{
pkgs,
outputs,
...
}: {
home.packages = [pkgs.wofi pkgs.bemoji pkgs.wofi-pass];
}

View File

@ -1,11 +0,0 @@
{pkgs, ...}: {
imports = [./sunshine.nix];
home.packages = with pkgs; [
gamemode
gamescope
goverlay
mangohud
ryujinx
protonup-ng
];
}

View File

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.gaming.sunshine;
in {
options.features.gaming.sunshine.enable = mkEnableOption "enable Sunshine";
config = mkIf cfg.enable {
home.packages = with pkgs; [sunshine];
};
}

View File

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
i2p
];
}

View File

@ -1 +0,0 @@
{imports = [./podman.nix ./qemu.nix];}

View File

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.virtualization.podman;
in {
options.features.virtualization.podman.enable =
mkEnableOption "install podman";
config = mkIf cfg.enable {home.packages = with pkgs; [fuse-overlayfs];};
}

View File

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.virtualization.qemu;
in {
options.features.virtualization.qemu.enable =
mkEnableOption "install qemu tools";
config =
mkIf cfg.enable {home.packages = with pkgs; [virt-manager virtiofsd];};
}

View File

@ -1,22 +0,0 @@
{ pkgs, inputs, ... }: {
home.file.".config/bat" = {
source = "${inputs.dotfiles}/bat";
recursive = true;
};
home.file.".config/nyxt" = {
source = "${inputs.dotfiles}/nyxt";
recursive = true;
};
home.file.".config/hypr" = {
source = "${inputs.dotfiles}/hypr";
recursive = true;
};
home.file.".config/nvim" = {
source = "${inputs.dotfiles}/nvim";
recursive = true;
};
home.file.".config/zellij" = {
source = "${inputs.dotfiles}/zellij";
recursive = true;
};
}

View File

@ -1,227 +0,0 @@
{ config, ... }: {
home.file.".config/hypr/hyprland.conf".text = ''
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=eDP-1,preferred,2560x0,1.25
monitor=DP-1,preferred,0x0,1
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
xwayland {
force_zero_scaling = true
}
# Execute your favorite apps at launch
# exec-once = waybar & hyprpaper & firefox
exec-once = waybar
exec-once = hyprpaper
exec-once = wl-paste -p -t text --watch clipman store -P --histpath="~/.local/share/clipman-primary.json"
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
# Some default env vars.
env = LIBVA_DRIVER_NAME,nvidia
env = XDG_SESSION_TYPE,wayland
env = GBM_BACKEND,nvidia-drm
env = __GLX_VENDOR_LIBRARY_NAME,nvidia
env = XCURSOR_SIZE,32
env = WLR_NO_HARDWARE_CURSORS,1
env = GTK_THEME,Dracula
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = de,us
kb_variant =
kb_model =
kb_rules =
kb_options=ctrl:nocaps
follow_mouse = 1
touchpad {
natural_scroll = yes
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
device {
name = zsa-technology-labs-moonlander-mark-i
kb_layout = us
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
#col.active_border = rgb(44475a) rgb(bd93f9) 90deg
#col.inactive_border = rgba(44475aaa)
#col.group_border = rgba(282a36dd)
#col.group_border_active = rgb(bd93f9) rgb(44475a) 90deg
gaps_in = 5
gaps_out = 5
border_size = 1
col.active_border = rgba(9742b5ee) rgba(9742b5ee) 45deg
col.inactive_border = rgba(595959aa)
layout = dwindle
}
decoration {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
col.shadow = rgba(1E202966)
drop_shadow = yes
shadow_range = 60
shadow_offset = 1 2
shadow_render_power = 3
shadow_scale = 0.97
rounding = 8
blur {
enabled = yes
size = 3
passes = 3
}
active_opacity = 0.9
inactive_opacity = 0.5
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = true
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
windowrule = float, file_progress
windowrule = float, confirm
windowrule = float, dialog
windowrule = float, download
windowrule = float, notification
windowrule = float, error
windowrule = float, splash
windowrule = float, confirmreset
windowrule = float, title:Open File
windowrule = float, title:branchdialog
windowrule = float, Lxappearance
windowrule = float, Wofi
windowrule = float, dunst
windowrule = animation none,Wofi
windowrule = float,viewnior
windowrule = float,feh
windowrule = float, pavucontrol-qt
windowrule = float, pavucontrol
windowrule = float, file-roller
windowrule = fullscreen, wlogout
windowrule = float, title:wlogout
windowrule = fullscreen, title:wlogout
windowrule = idleinhibit focus, mpv
windowrule = idleinhibit fullscreen, firefox
windowrule = float, title:^(Media viewer)$
windowrule = float, title:^(Volume Control)$
windowrule = float, title:^(Picture-in-Picture)$
windowrule = size 800 600, title:^(Volume Control)$
windowrule = move 75 44%, title:^(Volume Control)$
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
$mainMod = SUPER
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, return, exec, alacritty -e zellij-ps
bind = $mainMod, t, exec, alacritty
bind = $mainMod SHIFT, e, exec, alacritty -e zellij_nvim
bind = $mainMod, o, exec, thunar
bind = $mainMod, Escape, exec, wlogout -p layer-shell
bind = $mainMod, Space, togglefloating
bind = $mainMod, q, killactive,
bind = $mainMod, M, exit,
bind= $mainMod, F, fullscreen
bind = $mainMod, V, togglefloating,
bind = $mainMod, D, exec, wofi --show drun --allow-images
bind = $mainMod SHIFT, S, exec, bemoji
bind = $mainMod, P, exec, wofi-pass
bind = $mainMod SHIFT, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
workspace = 1, monitor:DP-1, default:true
workspace = 2, monitor:DP-1
workspace = 3, monitor:DP-1
workspace = 4, monitor:eDP-1
workspace = 5, monitor:eDP-1
windowrulev2 = workspace 1,class:(Emacs)
windowrulev2 = workspace 3,opacity 1.0, class:(brave-browser)
windowrulev2 = workspace 4,class:(com.obsproject.Studio)
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
'';
}

View File

@ -1,38 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [
./base
./dotfiles
../../features/cli
../../features/coding
../../features/desktop
../../features/gaming
../../features/virtualization
];
features = {
cli = {
fish.enable = true;
neofetch.enable = true;
secrets.enable = true;
starship.enable = true;
zellij.enable = true;
};
gaming = {sunshine.enable = true;};
desktop = {
crypto.enable = true;
design.enable = true;
extrafonts.enable = true;
media.enable = true;
office.enable = true;
};
virtualization = {
podman.enable = true;
qemu.enable = true;
};
};
home.stateVersion = "24.05";
}

View File

@ -1,16 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [./base ../../features/cli];
features = {
cli = {
fish.enable = true;
starship.enable = true;
};
};
home.stateVersion = "22.11";
}

View File

@ -59,11 +59,6 @@
owner = "traefik"; owner = "traefik";
}; };
minio-root-cred = {
file = ../../secrets/minio-root-cred.age;
mode = "770";
};
baserow-env = { baserow-env = {
file = ../../secrets/baserow-env.age; file = ../../secrets/baserow-env.age;
mode = "770"; mode = "770";

View File

@ -1,148 +0,0 @@
{ config, inputs, outputs, pkgs, lib, ... }:
with pkgs; {
imports = [
./hardware.nix
./hardware-configuration.nix # Include the results of the hardware scan.
../common/users/m3tam3re
../common/base
./services
];
specialisation = {
"NVIDIA".configuration = {
boot.kernelParams = [ "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
system.nixos.tags = [ "NVIDIA" ];
services.xserver.videoDrivers = [ "nvidia" ];
};
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1
options v4l2loopback exclusive_caps=1 max_buffers=2
'';
networking = {
hostName = "m3-nix";
firewall.extraCommands =
"iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
networkmanager.enable = true;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
allowSFTP = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
addresses = true;
workstation = true;
userServices = true;
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs;
[
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
};
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
wg-key.file = ../../secrets/wg-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.utf8";
console.keyMap = "de";
# NOTE: NIX related config
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/projects/nix-configurations";
};
nix.extraOptions = ''
experimental-features = nix-command
keep-outputs = true
keep-derivations = true
'';
nix = {
settings = {
experimental-features = "nix-command flakes";
trusted-users = [ "root" "m3tam3re" ];
};
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry = (lib.mapAttrs (_: flake: { inherit flake; }))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = [ "/etc/nix/path" ];
};
environment.etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
environment.systemPackages =
[ neovim nvd nix-output-monitor wally-cli nfs-utils restic sshfs ];
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
];
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev)
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

View File

@ -1,67 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "ahci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4811-EA6E";
fsType = "vfat";
};
fileSystems."/opt" = {
device = "/dev/disk/by-uuid/3574df3a-2a90-4b54-9c21-128f1d01ff8f";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
fileSystems."/mnt/skynet-bkg" = {
device = "100.94.135.99:/volume3/bkg";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp46s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View File

@ -1,54 +0,0 @@
{ config, pkgs, ... }: {
hardware.nvidia = {
package = let
rcu_patch = pkgs.fetchpatch {
url =
"https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
};
in config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "535.154.05";
sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg=";
sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k=";
openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo=";
settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10=";
persistencedSha256 =
"sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE=";
#version = "550.40.07";
#sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0=";
#sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4=";
#openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
#settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs=";
#persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
patches = [ rcu_patch ];
};
prime = {
offload.enable = false;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
modesetting.enable = true;
powerManagement.finegrained = false;
powerManagement.enable = true;
open = false;
dynamicBoost.enable = true;
nvidiaSettings = true;
};
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
services.hardware.bolt.enable = true;
services.auto-cpufreq.enable = true;
services.tlp.enable = true;
services.fstrim.enable = true;
hardware.bluetooth.enable = true;
hardware.keyboard.zsa.enable = true;
hardware.tuxedo-rs.enable = true;
hardware.tuxedo-rs.tailor-gui.enable = true;
hardware.tuxedo-keyboard.enable = true;
}

View File

@ -1,6 +0,0 @@
{
services.cron = {
enable = true;
systemCronJobs = [""];
};
}

View File

@ -1,32 +0,0 @@
{pkgs, ...}: {
imports = [
./cron.nix
./flatpak.nix
./prometheus-node.nix
./ollama.nix
./sound.nix
./udev.nix
./restic.nix
./tailscale.nix
./virtualization.nix
./wireguard.nix
#./xserver.nix
];
# services.gvfs = {
# enable = true;
# package = pkgs.gnome3.gvfs;
# };
# services.kubo = { enable = true; }; # IPFS
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
services.printing.enable = true;
services.sabnzbd.enable = true;
services.i2p.enable = true;
services.gvfs.enable = true;
services.trezord.enable = true;
services.logind.lidSwitchExternalPower = "ignore";
}

View File

@ -1,8 +0,0 @@
{pkgs, ...}: {
services.flatpak.enable = true;
xdg.portal = {
# xdg desktop intergration (required for flatpak)
enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
}

View File

@ -1,7 +0,0 @@
{
config,
pkgs,
...
}: {
services.ollama = {enable = true;};
}

View File

@ -1,10 +0,0 @@
{
services.prometheus.exporters.node = {
enable = true;
port = 8081;
enabledCollectors = ["logind" "systemd"];
disabledCollectors = ["textfile"];
openFirewall = true;
firewallFilter = "-i br0 -p tcp -m tcp --dport 8081";
};
}

View File

@ -1,25 +0,0 @@
{
services.restic.backups = {
skynet = {
repository = "/mnt/skynet-bkg/m3-nix";
passwordFile = "/etc/nixos/restic-pass";
initialize = true;
paths = ["/home/m3tam3re"];
exclude = [
"/home/m3tam3re/.cache"
"/home/m3tam3re/Bilder/"
"/home/m3tam3re/Videos/"
"/home/m3tam3re/Downloads"
"/home/m3tam3re/Library"
"/home/m3tam3re/Projekte"
"/home/m3tam3re/Sync"
"/home/m3tam3re/.local/share/Trash"
];
timerConfig = {
OnCalendar = "09:30";
RandomizedDelaySec = "2h";
Persistent = true;
};
};
};
}

View File

@ -1,14 +0,0 @@
{ pkgs, ... }: {
sound.enable = true;
sound.mediaKeys.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = false;
wireplumber.enable = true;
wireplumber.package = pkgs.stable.wireplumber;
};
}

View File

@ -1,40 +0,0 @@
{
config,
pkgs,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
wantedBy = ["multi-user.target"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
'';
};
}

View File

@ -1,5 +0,0 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666
'';
}

View File

@ -1,19 +0,0 @@
{pkgs, ...}: {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf = {
enable = true;
packages = [pkgs.OVMFFull];
};
};
};
containers.cdi.dynamic.nvidia.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
}

View File

@ -1,8 +0,0 @@
{config, ...}: {
networking.wg-quick.interfaces = {
wg0 = {
configFile = config.age.secrets.wg-key.path;
autostart = false;
};
};
}

View File

@ -1,19 +0,0 @@
{pkgs, ...}: {
services.xserver.videoDrivers = ["nvidia"];
# services.xserver = {
# enable = true;
# videoDrivers = [ "nvidia" ];
# displayManager = {
# defaultSession = "hyprland";
# sddm = { enable = true; };
# };
# libinput.enable = true; # touchpad support
# layout = "de";
# xkbOptions = "ctrl:nocaps";
# };
# services.xserver.screenSection = ''
# Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
# Option "AllowIndirectGLXProtocol" "off"
# Option "TripleBuffer" "on"
# '';
}

View File

@ -1,40 +0,0 @@
let
gpuIDs = [
"10de:249d" # Graphics
"10de:228b" # Audio
];
in
{
pkgs,
lib,
config,
...
}: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let
cfg = config.vfio;
in {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelParams =
[
# enable IOMMU
"intel_iommu=on"
]
++ lib.optional cfg.enable
# isolate the GPU
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
};
}

View File

@ -1,104 +0,0 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [
./hardware-configuration.nix
../common/users/m3tam3re
../common/base
./services
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
networking = {
hostName = "m3-r1";
firewall.enable = true;
firewall.allowedTCPPortRanges = [{
from = 3000;
to = 3100;
}];
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
firewall.allowedUDPPorts = [ 53 51820 41641 ];
firewall.allowedUDPPortRanges = [{
from = 3478;
to = 3481;
}];
};
programs.fish.enable = true;
age = {
secrets = {
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
openai.file = ../../secrets/openai.age;
tailscale-key.file = ../../secrets/tailscale-key.age;
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
mode = "770";
};
n8n-env = {
file = ../../secrets/n8n-m3r1.age;
mode = "770";
};
traefik-env = {
file = ../../secrets/traefik-env.age;
mode = "770";
owner = "traefik";
};
searx-environmentFile = {
file = ../../secrets/searx-environmentFile.age;
mode = "770";
owner = "searx";
};
littlelink-m3tam3re-env = {
file = ../../secrets/littlelink-m3tam3re-env.age;
mode = "770";
};
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
nix = {
extraOptions = ''
experimental-features = nix-command
keep-outputs = true
keep-derivations = true
'';
settings = {
experimental-features = "nix-command flakes";
trusted-users = [ "root" "m3tam3re" ];
};
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry = (lib.mapAttrs (_: flake: { inherit flake; }))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = [ "/etc/nix/path" ];
};
environment.etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
];
config = { allowUnfree = true; };
};
system.stateVersion = "23.05"; # Did you read the comment?
}

View File

@ -1,53 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A79C-4B9F";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -1,13 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [./containers];
virtualisation.podman = {
enable = true;
defaultNetwork.settings = {dns_enabled = true;};
};
virtualisation.oci-containers.backend = "podman";
}

View File

@ -1,25 +0,0 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.24.2";
environment = {
BASEROW_PUBLIC_URL = "https://br.m3tam3re.com";
POSTGRES_USER = "baserow";
POSTGRES_PASSWORD = "baserow";
POSTGRES_DB = "baserow";
DATABASE_HOST = "postgres";
DATABASE_NAME = "baserow";
DATABASE_USER = "baserow";
DATABASE_PASSWORD = "baserow";
EMAIL_SMTP = "in-v3.mailjet.com";
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
EMAIL_SMTP_PORT = "587";
EMAIL_SMTP_USER = config.age.secrets.mj-smtp-user.path;
EMAIL_SMTP_PASSWORD = config.age.secrets.mj-smtp-pass.path;
};
ports = [ "3001:80" ];
volumes = [ "baserow_data:/baserow/data" ];
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.11" ];
};
}

View File

@ -1,12 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."briefkasten" = {
image = "docker.io/ndom91/briefkasten";
environmentFiles = [config.age.secrets.briefkasten-env.path];
ports = ["3009:3000"];
extraOptions = ["--add-host=postgres:10.88.0.1" "--ip=10.88.0.19"];
};
}

View File

@ -1,12 +0,0 @@
{
imports = [
./baserow.nix
# ./briefkasten.nix
./little-link.nix
./matomo.nix
./mautic.nix
# ./nextcloud.nix
./nginx.nix
# ./wordpress.nix
];
}

View File

@ -1,12 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [config.age.secrets.littlelink-m3tam3re-env.path];
ports = ["3011:3000"];
extraOptions = ["--ip=10.88.0.21"];
};
}

View File

@ -1,19 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."matomo" = {
image = "docker.io/matomo";
environment = {
MATOMO_DATABASE_HOST = "mysql";
MATOMO_DATABASE_USERNAME = "matomo";
MATOMO_DATABASE_PASSWORD = "matomo";
MATOMO_DATABASE_DBNAME = "matomo";
PHP_MEMORY_LIMIT = "2048M";
};
ports = ["3003:80"];
volumes = ["matomo_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.13"];
};
}

View File

@ -1,20 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."mautic" = {
image = "docker.io/mautic/mautic:v4-apache";
environment = {
MAUTIC_DB_HOST = "mysql";
MAUTIC_DB_USER = "mautic";
MAUTIC_DB_PASSWORD = "mautic";
MAUTIC_DB_DBNAME = "mautic";
PHP_MEMORY_LIMIT = "2048M";
MAUTIC_RUN_CRON_JOBS = "true";
};
ports = ["127.0.0.1:3008:80"];
volumes = ["mautic_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.23"];
};
}

View File

@ -1,18 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."nextcloud" = {
image = "docker.io/nextcloud";
environment = {
TRUSTED_PROXIES = "10.88.0.1/16";
OVERWRITEPROTOCOL = "https";
OVERWRITECLIURL = "https://cloud.lanakk.com";
OVERWRITEHOST = "cloud.lanakk.com";
};
ports = ["3005:80"];
volumes = ["nextcloud_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.15"];
};
}

View File

@ -1,8 +0,0 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."http-images" = {
image = "docker.io/nginx:alpine";
ports = [ "3012:80" ];
volumes = [ "/var/www/m3tam3re.com/www:/usr/share/nginx/html" ];
extraOptions = [ "--ip=10.88.0.22" ];
};
}

View File

@ -1,22 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."wireguard" = {
image = "docker.io/weejewel/wg-easy";
environment = {
WG_HOST = "wg.lanakk.com";
WG_DEFAULT_DNS = "10.88.0.1:5353";
};
ports = ["3007:51821/tcp" "51820:51820/udp"];
volumes = ["wireguard_data:/etc/wireguard"];
extraOptions = [
"--cap-add=NET_ADMIN"
"--cap-add=SYS_MODULE"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv4.ip_forward=1"
"--ip=10.88.0.17"
];
};
}

View File

@ -1,18 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."lanakk_blog" = {
image = "docker.io/wordpress";
environment = {
WORDPRESS_DB_HOST = "mysql";
WORDPRESS_DB_USER = "wp";
WORDPRESS_DB_PASSWORD = "wp";
WORDPRESS_DB_NAME = "lanakk_blog";
};
ports = ["3002:80"];
volumes = ["lanakk_blog_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.12"];
};
}

View File

@ -1,14 +0,0 @@
{
imports = [
./container.nix
./gitea.nix
./mariadb.nix
# ./n8n.nix
./postgres.nix
./searx.nix
./syncthing.nix
# ./tailscale.nix
./traefik.nix
# ./vaultwarden.nix
];
}

View File

@ -1,16 +0,0 @@
{
config,
pkgs,
...
}: {
services.gitea = {
enable = true;
settings.server.ROOT_URL = "https://code.m3tam3re.com";
lfs.enable = true;
dump = {
enable = true;
interval = "03:30:00";
backupDir = "/var/backup/gitea";
};
};
}

View File

@ -1,15 +0,0 @@
{
pkgs,
config,
...
}: {
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
services.mysqlBackup = {
enable = true;
calendar = "03:00:00";
databases = ["matomo"];
};
}

View File

@ -1,18 +0,0 @@
{
config,
pkgs,
...
}: {
services.n8n = {
enable = true;
openFirewall = true;
settings = {
host = "wf.lanakk.com";
protocol = "https";
editorBaseUrl = "https://wf.lanakk.com";
};
};
systemd.services.n8n.serviceConfig = {
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
};
}

View File

@ -1,28 +0,0 @@
{
pkgs,
config,
...
}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.1/16 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
CREATE DATABASE baserow;
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
ALTER DATABASE baserow OWNER to baserow;
'';
};
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow"];
};
}

View File

@ -1,10 +0,0 @@
{pkgs, ...}: {
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server.port = 3004;
server.secret_key = "@SEARX_SECRET_KEY@";
};
};
}

View File

@ -1,26 +0,0 @@
{
config,
pkgs,
...
}: {
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"LK-DATA" = {
id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3";
};
};
folders = {
"Bildvorschauen" = {
path = "/opt/service-data/http-images";
devices = ["LK-DATA"];
};
};
};
};
}

View File

@ -1,42 +0,0 @@
{
config,
pkgs,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
networking.firewall = {
trustedInterfaces = ["tailscale0"];
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
wantedBy = ["multi-user.target"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
'';
};
}

View File

@ -1,171 +0,0 @@
{ config, ... }: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = { level = "WARN"; };
certificatesResolvers = {
lets-encrypt = {
acme = {
email = "acc@m3tam3re.com";
storage = "/var/lib/traefik/acme.json";
tlsChallenge = { };
};
};
};
api = { };
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = { address = ":443"; };
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ];
};
};
nextcloud_redirectregex = {
redirectRegex = {
permanent = true;
regex = "https://(.*)/.well-known/(?:card|cal)dav";
replacement = "https://\${1}/remote.php/dav";
};
};
nextcloud_headers = {
headers = {
referrerPolicy = "no-referrer";
stsSeconds = "31536000";
forceSTSHeader = true;
stsPreload = true;
stsIncludeSubdomains = true;
};
};
};
services = {
baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }];
gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }];
n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }];
littlelink-m3tam3re.loadBalancer.servers =
[{ url = "http://localhost:3011/"; }];
matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }];
searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }];
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3012/"; }];
syncthing.loadBalancer.servers =
[{ url = "http://localhost:8384/"; }];
vaultwarden.loadBalancer.servers =
[{ url = "http://localhost:3014/"; }];
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
tls = { certResolver = "lets-encrypt"; };
service = "api@internal";
middlewares = "auth";
entrypoints = "websecure";
};
baserow = {
rule = "Host(`br.m3tam3re.com`)";
tls = { certResolver = "lets-encrypt"; };
service = "baserow";
entrypoints = "websecure";
};
gitea = {
rule = "Host(`code.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "code.m3tam3re.com";
};
service = "gitea";
entrypoints = "websecure";
};
littlelink-m3tm3re = {
rule = "Host(`links.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "links.m3tam3re.com";
};
service = "littlelink-m3tam3re";
entrypoints = "websecure";
};
n8n = {
rule = "Host(`io.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "io.m3tam3re.com";
};
service = "n8n";
entrypoints = "websecure";
};
m3tam3re = {
rule = "Host(`www.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "www.m3tam3re.com";
};
service = "m3tam3re";
entrypoints = "websecure";
};
matomo-m3tam3re = {
rule = "Host(`stats.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "stats.m3tam3re.com";
};
service = "matomo";
entrypoints = "websecure";
};
searx = {
rule = "Host(`search.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "search.m3tam3re.com";
};
service = "searx";
entrypoints = "websecure";
};
mautic = {
rule = "Host(`ma.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "ma.m3tam3re.com";
};
service = "mautic";
entrypoints = "websecure";
};
syncthing = {
rule = "Host(`sync.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "sync.m3tam3re.com";
};
service = "syncthing";
entrypoints = "websecure";
};
vaultwarden = {
rule = "Host(`vw.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "vw.m3tam3re.com";
};
service = "vaultwarden";
middlewares = "auth";
entrypoints = "websecure";
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
};
}

View File

@ -1,11 +0,0 @@
{
config,
pkgs,
...
}: {
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
}

View File

@ -1 +0,0 @@
{ordercollect = import ./ordercollect.nix;}

View File

@ -1,32 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.services.ordercollect;
in {
options.services.ordercollect = {
enable = mkEnableOption "Enable Ordercollect";
port = mkOption {
type = types.str;
description = "The http port to run on";
default = "";
};
package = mkOption {
type = types.package;
default = pkgs.ordercollect;
description = ''
The package for ordercollect
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [cfg.package];
systemd.services.ordercollect = {
ExecStart = "${cfg.package}/bin/ordercollect --port ${cfg.port}";
Restart = "on-failure";
};
};
}

View File

@ -1,5 +1,4 @@
{pkgs, ...}: { { pkgs, ... }:
wofi-pass = pkgs.callPackage ./wofi-pass {}; {
ordercollect = pkgs.callPackage ./ordercollect {}; # ordercollect = pkgs.callPackage ./ordercollect {};
zellij-ps = pkgs.callPackage ./zellij-ps {};
} }

View File

@ -1,26 +0,0 @@
{
buildGoModule,
fetchFromGitea,
lib,
}:
buildGoModule rec {
pname = "ordercollect";
version = "0.1.0";
src = fetchFromGitea {
domain = "code.lanakk.com";
owner = "LANAKK";
repo = "ordercollect";
rev = "9ecbfa46f6758214aa2fcee7ad96aa7730301a06";
hash = "sha256-n4njl7LwG6GuoTj7x3rWOjErZ/a1Fog0qAymYxvsR2w=";
};
vendorHash = "sha256-G6k331XRuVN/cM4sNcdUV9/BzdISQI7Ljc4tesJnmH0=";
meta = with lib; {
description = "A simple Api for creating orders, written in Go";
homepage = "https://code.lanakk.com/LANAKK/ordercollect";
license = licenses.mit;
maintainers = with maintainers; [m3tam3re];
};
}

View File

@ -1,29 +0,0 @@
{
stdenv,
lib,
fetchFromGitHub,
bash,
pkgs,
makeWrapper,
}:
with lib;
with pkgs;
stdenv.mkDerivation {
pname = "wofi-pass";
version = "0.1";
src = fetchFromGitHub {
owner = "TinfoilSubmarine";
repo = "wofi-pass";
rev = "869c545";
sha256 = "gcfW8E/3/dqv0P3S4z9fDv8k4R7czcIKwpo/OHFFWj0=";
};
buildInputs = [bash coreutils wl-clipboard wofi wtype];
nativeBuildInputs = [makeWrapper];
installPhase = ''
mkdir -p $out/bin
cp wofi-pass $out/bin/wofi-pass
wrapProgram $out/bin/wofi-pass \
--prefix PATH : ${makeBinPath [bash coreutils wl-clipboard wofi wtype]}
'';
}

View File

@ -1,33 +0,0 @@
{ lib, stdenv, fetchFromGitea, fish, fd, fzf, pkgs, zellij, }:
with lib;
with pkgs;
stdenv.mkDerivation rec {
pname = "zellij-ps";
version = "0.1.0";
src = fetchFromGitea {
domain = "code.m3tam3re.com";
owner = "m3tam3re";
repo = "helper-scripts";
rev = "25cd4f662c2a7d1a5091ad30810c458627fdba5a";
sha256 = "0lw1qmn18i1s21ljmsdy2x034x19gad8krml9iggksn3c31haz9m";
};
buildInputs = [ fish fd fzf zellij ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp zellij-ps.fish $out/bin/zellij-ps
wrapProgram $out/bin/zellij-ps \
--prefix PATH : ${lib.makeBinPath [ fish fd fzf zellij ]}
'';
meta = with lib; {
description = "A small project script for zellij";
homepage = "https://code.m3tam3re.com/m3tam3re/helper-scripts";
license = licenses.mit;
maintainers = with maintainers; [ m3tam3re ];
platforms = platforms.unix;
};
}

View File

@ -6,23 +6,17 @@ in {
"secrets/mj-smtp-pass.age".publicKeys = [ system ]; "secrets/mj-smtp-pass.age".publicKeys = [ system ];
"secrets/n8n-env.age".publicKeys = [ system ]; "secrets/n8n-env.age".publicKeys = [ system ];
"secrets/n8n-m3r1.age".publicKeys = [ system ];
"secrets/godaddy-api-key.age".publicKeys = [ system ]; "secrets/godaddy-api-key.age".publicKeys = [ system ];
"secrets/godaddy-api-secret.age".publicKeys = [ system ]; "secrets/godaddy-api-secret.age".publicKeys = [ system ];
"secrets/searx-environmentFile.age".publicKeys = [ system ];
"secrets/tailscale-key.age".publicKeys = [ system ]; "secrets/tailscale-key.age".publicKeys = [ system ];
"secrets/wg-key.age".publicKeys = [ system ];
"secrets/briefkasten-env.age".publicKeys = [ system ]; "secrets/briefkasten-env.age".publicKeys = [ system ];
"secrets/littlelink-lanakk-env.age".publicKeys = [ system ]; "secrets/littlelink-lanakk-env.age".publicKeys = [ system ];
"secrets/littlelink-m3tam3re-env.age".publicKeys = [ system ]; "secrets/littlelink-m3tam3re-env.age".publicKeys = [ system ];
"secrets/m3tam3re-secrets.age".publicKeys = [ system ];
"secrets/traefik-env.age".publicKeys = [ system ]; "secrets/traefik-env.age".publicKeys = [ system ];
"secrets/metabase-env.age".publicKeys = [ system ]; "secrets/metabase-env.age".publicKeys = [ system ];
@ -32,8 +26,5 @@ in {
"secrets/pgadmin.age".publicKeys = [ system ]; "secrets/pgadmin.age".publicKeys = [ system ];
"secrets/minio-system-cred.age".publicKeys = [ system ];
"secrets/openai.age".publicKeys = [ system ];
"secrets/vaultwarden-env.age".publicKeys = [ system ]; "secrets/vaultwarden-env.age".publicKeys = [ system ];
} }

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.