LANAKK
/
nix-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

+lkk-admin

This commit is contained in:
m3tam3re 2024-05-15 12:06:11 +02:00
parent ac76e6f10b
commit 2e4aa2d0d6
89 changed files with 64 additions and 2226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
flake.lock
View File

@ -63,22 +63,6 @@
"type": "github"
}
},
"dotfiles": {
"flake": false,
"locked": {
"lastModified": 1713941143,
"narHash": "sha256-xkjxhTUToZ5KOT46te2q+59k7hgMmVxlhomvYrWCD+Y=",
"ref": "refs/heads/master",
"rev": "9c79f4672bee385c7ae0c69153a60103627e12c2",
"revCount": 12,
"type": "git",
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
},
"original": {
"type": "git",
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
@ -289,7 +273,6 @@
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"dotfiles": "dotfiles",
"fh": "fh",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_4",

77
flake.nix
View File

@ -13,20 +13,10 @@
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-23.11";
fh.url = "https://flakehub.com/f/DeterminateSystems/fh/*.tar.gz";
deploy-rs.url = "github:serokell/deploy-rs";
dotfiles.url = "git+https://code.m3tam3re.com/m3tam3re/dotfiles.git";
dotfiles.flake = false; # Use this if your dotfiles repo is not a flake
};
outputs = {
self,
dotfiles,
nixpkgs,
fh,
home-manager,
agenix,
deploy-rs,
...
} @ inputs: let
outputs = { self, nixpkgs, fh, home-manager, agenix, deploy-rs, ... }@inputs:
let
inherit (self) outputs;
lib = nixpkgs.lib;
systems = [
@ -36,55 +26,30 @@
"aarch64-darwin"
"x86_64-darwin"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
formatter =
forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
overlays = import ./overlays {inherit inputs;};
overlays = import ./overlays { inherit inputs; };
nixosConfigurations = {
lkk-nix-1 = lib.nixosSystem rec {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/lkk-nix-1 agenix.nixosModules.default];
};
m3-r1 = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/m3-r1 agenix.nixosModules.default];
specialArgs = { inherit inputs outputs; };
modules = [ ./hosts/lkk-nix-1 agenix.nixosModules.default ];
};
lkk-prod-1 = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/lkk-prod-1 agenix.nixosModules.default];
specialArgs = { inherit inputs outputs; };
modules = [ ./hosts/lkk-prod-1 agenix.nixosModules.default ];
};
lkk-prod-2 = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/lkk-prod-2 agenix.nixosModules.default];
};
m3-nix = lib.nixosSystem {
specialArgs = {inherit inputs outputs;};
modules = [./hosts/m3-nix agenix.nixosModules.default];
specialArgs = { inherit inputs outputs; };
modules = [ ./hosts/lkk-prod-2 agenix.nixosModules.default ];
};
};
homeConfigurations = {
# Laptop
"m3tam3re@m3-nix" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {inherit inputs outputs;};
modules = [./home/users/m3tam3re/m3-nix.nix];
};
"m3tam3re@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
"lkk-admin@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
# pass things to t
};
modules = [./home/users/m3tam3re/lkk-nix-1.nix];
};
"m3tam3re@m3-r1" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
# pass things to t
};
modules = [./home/users/m3tam3re/m3-r1.nix];
modules = [ ./home/users/lkk-admin/lkk-nix-1.nix ];
};
};
deploy.nodes.lkk-nix-1 = {
@ -92,29 +57,16 @@
sshUser = "root";
profiles.system = {
user = "root";
path =
deploy-rs.lib.x86_64-linux.activate.nixos
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.lkk-nix-1;
};
};
deploy.nodes.m3-r1 = {
hostname = "m3-r1";
sshUser = "root";
activationTimeout = 600;
profiles.system = {
user = "root";
path =
deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.m3-r1;
};
};
deploy.nodes.lkk-prod-1 = {
hostname = "lkk-prod-1";
sshUser = "root";
profiles.system = {
user = "root";
path =
deploy-rs.lib.x86_64-linux.activate.nixos
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.lkk-prod-1;
};
};
@ -123,8 +75,7 @@
sshUser = "root";
profiles.system = {
user = "root";
path =
deploy-rs.lib.x86_64-linux.activate.nixos
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.lkk-prod-2;
};
};

11
home/features/cli/default.nix
View File

@ -1,12 +1,5 @@
{ pkgs, ... }: {
imports = [
./fish.nix
./neofetch.nix
./secrets.nix
./scripts.nix
./starship.nix
./zellij.nix
];
imports = [ ./fish.nix ./starship.nix ];
programs.zoxide = {
enable = true;
@ -53,7 +46,6 @@
just
lf
nix-index
open-interpreter
procs
progress
ripgrep
@ -61,7 +53,6 @@
trash-cli
tree
unzip
wttrbar
zip
];
}

15
home/features/cli/neofetch.nix
View File

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.neofetch;
in {
options.features.cli.neofetch.enable = mkEnableOption "enable neofetch";
config = mkIf cfg.enable {
home.packages = with pkgs; [neofetch];
};
}

1
home/features/cli/scripts.nix
View File

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = [pkgs.zellij-ps];}

21
home/features/cli/secrets.nix
View File

@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.secrets;
in {
options.features.cli.secrets.enable = mkEnableOption "enable secrets";
config = mkIf cfg.enable {
programs.password-store = {
enable = true;
package =
pkgs.pass-wayland.withExtensions
(exts: [exts.pass-otp exts.pass-import]);
};
home.packages = with pkgs; [pinentry];
};
}

17
home/features/cli/zellij.nix
View File

@ -1,17 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.cli.zellij;
in {
options.features.cli.zellij.enable = mkEnableOption "enable tmux";
config = mkIf cfg.enable {
programs.zellij = {
enable = true;
};
};
}

13
home/features/coding/default.nix
View File

@ -1,13 +0,0 @@
{pkgs, ...}: {
imports = [./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix];
home.packages = with pkgs; [
cachix
cmake
gcc
ispell
guile_3_0
tinyscheme
python3
];
}

8
home/features/coding/emacs.nix
View File

@ -1,8 +0,0 @@
{pkgs, ...}: {
services.emacs.enable = true;
programs.emacs = {
enable = true;
package = pkgs.emacs29;
extraPackages = epkgs: [epkgs.vterm];
};
}

5
home/features/coding/golang.nix
View File

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
gopls
];
}

9
home/features/coding/nix.nix
View File

@ -1,9 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
appimage-run
deploy-rs
nil
nix-prefetch-git
nixfmt
];
}

1
home/features/coding/nodejs.nix
View File

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = with pkgs; [nodejs];}

1
home/features/coding/rust.nix
View File

@ -1 +0,0 @@
{pkgs, ...}: {home.packages = with pkgs; [];}

10
home/features/coding/tools.nix
View File

@ -1,10 +0,0 @@
{pkgs, ...}: {
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
};
};
home.packages = with pkgs; [insomnia hugo pandoc];
}

15
home/features/desktop/crypto.nix
View File

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.crypto;
in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [bisq-desktop monero-gui trezor-suite];
};
}

153
home/features/desktop/default.nix
View File

@ -1,153 +0,0 @@
{ pkgs, ... }: {
imports = [
./crypto.nix
./design.nix
./extrafonts.nix
./media.nix
./office.nix
./theme.nix
./syncthing.nix
./wayland.nix
./wofi.nix
];
xdg = {
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = [ "org.gnome.FileRoller.desktop" ];
"application/csv" = [ "calc.desktop" ];
"application/pdf" = [ "okularApplication_pdf.desktop" ];
"x-scheme-handler/org-protocol" = [ "org-protocol.desktop" ];
};
defaultApplications = {
"application/zip" = [ "org.gnome.FileRoller.desktop" ];
"application/csv" = [ "calc.desktop" ];
"application/pdf" = [ "okularApplication_pdf.desktop" ];
"x-scheme-handler/org-protocol" = [ "org-protocol.desktop" ];
};
};
userDirs = {
enable = true;
createDirectories = true;
};
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
TERMINAL = "alacritty";
QT_QPA_PLATFORM = "wayland";
};
home.sessionPath =
[ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" ];
fonts.fontconfig.enable = true;
services.mako = {
enable = true;
backgroundColor = "#282a36";
textColor = "#80FFEA";
borderColor = "#9742b5";
width = 400;
height = 150;
padding = "10,20";
borderRadius = 8;
borderSize = 1;
margin = "20,20";
};
programs.alacritty = {
enable = true;
settings = {
env.TERM = "xterm-256color";
font = {
size = 12;
#draw_bold_text_with_bright_colors = true;
};
scrolling.multiplier = 5;
selection.save_to_clipboard = true;
colors = {
primary = {
background = "0x22212c";
#foregound = "0xf8f8f2";
};
cursor = {
text = "0x454158";
cursor = "0xf8f8f2";
};
selection = {
text = "0xf8f8f2";
background = "0x454158";
};
normal = {
black = "0x22212c";
red = "0xff9580";
green = "0x8aff80";
yellow = "0xffff80";
blue = "0x9580ff";
magenta = "0xff80bf";
cyan = "0x80ffea";
white = "0xf8f8f2";
};
bright = {
black = "0x22212c";
red = "0xffaa99";
green = "0xa2ff99";
yellow = "0xffff99";
blue = "0xaa99ff";
magenta = "0xff99cc";
cyan = "0x99ffee";
white = "0xffffff";
};
};
};
};
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Ice";
size = 20;
};
home.packages = with pkgs; [
appimage-run
anytype
blueberry
brave
brightnessctl
clipman
distrobox
eww
gnome.file-roller
gnome.seahorse
gnome.sushi
glib
gsettings-desktop-schemas
graphviz
hyprpaper
ksnip
nwg-look
pamixer
pavucontrol
libsForQt5.qtstyleplugins
nyxt
pcmanfm
qt5ct
qt6.qtwayland
rustdesk
socat
unrar
unzip
usbutils
v4l-utils
remmina
wl-clipboard
wlogout
wtype
xdg-utils
ydotool
zip
];
}

25
home/features/desktop/design.nix
View File

@ -1,25 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.design;
in {
options.features.desktop.design.enable = mkEnableOption "enable design tools";
config = mkIf cfg.enable {
home.packages = with pkgs; [
argyllcms
cyan
gimp
gimpPlugins.gmic
gmic
gmic-qt
imagemagick
inkscape
lcms2
];
};
}

23
home/features/desktop/extrafonts.nix
View File

@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.extrafonts;
in {
options.features.desktop.extrafonts.enable = mkEnableOption "install additional fonts for desktop apps";
config = mkIf cfg.enable {
home.packages = with pkgs; [
emacs-all-the-icons-fonts
fira-code
fira-code-symbols
fira-code-nerdfont
font-manager
font-awesome_5
noto-fonts
];
};
}

9
home/features/desktop/media.nix
View File

@ -9,19 +9,10 @@ in {
home.packages = with pkgs; [
audacity
ffmpeg_6-full
gphoto2
handbrake
stable.libsForQt5.kdenlive
makemkv
mediainfo
mpv
plexamp
spotify
uxplay
vlc
webcord
youtube-dl
unimatrix
];
programs.obs-studio = {

16
home/features/desktop/office.nix
View File

@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.desktop.office;
in {
options.features.desktop.office.enable =
mkEnableOption "enable office features";
config = mkIf cfg.enable {
home.packages = with pkgs; [libreoffice neomutt pdftk okular zathura];
};
}

18
home/features/desktop/plasma.nix
View File

@ -1,21 +1,7 @@
{
pkgs,
lib,
outputs,
...
}: {
{ pkgs, lib, outputs, ... }: {
imports = [
#
];
home.packages = with pkgs; [
alacritty
brave
libreoffice
nextcloud-client
xclip
libnotify
espanso
firefox
];
home.packages = with pkgs; [ alacritty brave libreoffice libnotify firefox ];
}

4
home/features/desktop/syncthing.nix
View File

@ -1,4 +0,0 @@
{pkgs, ...}: {
services.syncthing = {enable = true;};
home.packages = with pkgs; [syncthingtray-minimal];
}

17
home/features/desktop/theme.nix
View File

@ -1,17 +0,0 @@
{pkgs, ...}: {
qt = {
enable = true;
platformTheme = "gtk";
};
gtk = {
enable = true;
theme = {
name = "Dracula";
package = pkgs.dracula-theme;
};
iconTheme = {
name = "Dracula";
package = pkgs.dracula-icon-theme;
};
};
}

15
home/features/desktop/wayland.nix
View File

@ -1,15 +0,0 @@
{ inputs, config, lib, pkgs, ... }: {
programs.waybar = { enable = true; };
home.packages = with pkgs; [
grim
hypridle
hyprlock
mimeo
pulseaudio
slurp
waypipe
wf-recorder
wl-mirror
ydotool
];
}

7
home/features/desktop/wofi.nix
View File

@ -1,7 +0,0 @@
{
pkgs,
outputs,
...
}: {
home.packages = [pkgs.wofi pkgs.bemoji pkgs.wofi-pass];
}

11
home/features/gaming/default.nix
View File

@ -1,11 +0,0 @@
{pkgs, ...}: {
imports = [./sunshine.nix];
home.packages = with pkgs; [
gamemode
gamescope
goverlay
mangohud
ryujinx
protonup-ng
];
}

15
home/features/gaming/sunshine.nix
View File

@ -1,15 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.gaming.sunshine;
in {
options.features.gaming.sunshine.enable = mkEnableOption "enable Sunshine";
config = mkIf cfg.enable {
home.packages = with pkgs; [sunshine];
};
}

5
home/features/privacy/default.nix
View File

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
i2p
];
}

1
home/features/virtualization/default.nix
View File

@ -1 +0,0 @@
{imports = [./podman.nix ./qemu.nix];}

14
home/features/virtualization/podman.nix
View File

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.virtualization.podman;
in {
options.features.virtualization.podman.enable =
mkEnableOption "install podman";
config = mkIf cfg.enable {home.packages = with pkgs; [fuse-overlayfs];};
}

14
home/features/virtualization/qemu.nix
View File

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.features.virtualization.qemu;
in {
options.features.virtualization.qemu.enable =
mkEnableOption "install qemu tools";
config =
mkIf cfg.enable {home.packages = with pkgs; [virt-manager virtiofsd];};
}

22
home/users/m3tam3re/dotfiles/default.nix
View File

@ -1,22 +0,0 @@
{ pkgs, inputs, ... }: {
home.file.".config/bat" = {
source = "${inputs.dotfiles}/bat";
recursive = true;
};
home.file.".config/nyxt" = {
source = "${inputs.dotfiles}/nyxt";
recursive = true;
};
home.file.".config/hypr" = {
source = "${inputs.dotfiles}/hypr";
recursive = true;
};
home.file.".config/nvim" = {
source = "${inputs.dotfiles}/nvim";
recursive = true;
};
home.file.".config/zellij" = {
source = "${inputs.dotfiles}/zellij";
recursive = true;
};
}

227
home/users/m3tam3re/dotfiles/hyprland.nix
View File

@ -1,227 +0,0 @@
{ config, ... }: {
home.file.".config/hypr/hyprland.conf".text = ''
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor=eDP-1,preferred,2560x0,1.25
monitor=DP-1,preferred,0x0,1
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
xwayland {
force_zero_scaling = true
}
# Execute your favorite apps at launch
# exec-once = waybar & hyprpaper & firefox
exec-once = waybar
exec-once = hyprpaper
exec-once = wl-paste -p -t text --watch clipman store -P --histpath="~/.local/share/clipman-primary.json"
# Source a file (multi-file configs)
# source = ~/.config/hypr/myColors.conf
# Some default env vars.
env = LIBVA_DRIVER_NAME,nvidia
env = XDG_SESSION_TYPE,wayland
env = GBM_BACKEND,nvidia-drm
env = __GLX_VENDOR_LIBRARY_NAME,nvidia
env = XCURSOR_SIZE,32
env = WLR_NO_HARDWARE_CURSORS,1
env = GTK_THEME,Dracula
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = de,us
kb_variant =
kb_model =
kb_rules =
kb_options=ctrl:nocaps
follow_mouse = 1
touchpad {
natural_scroll = yes
}
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
device {
name = zsa-technology-labs-moonlander-mark-i
kb_layout = us
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
#col.active_border = rgb(44475a) rgb(bd93f9) 90deg
#col.inactive_border = rgba(44475aaa)
#col.group_border = rgba(282a36dd)
#col.group_border_active = rgb(bd93f9) rgb(44475a) 90deg
gaps_in = 5
gaps_out = 5
border_size = 1
col.active_border = rgba(9742b5ee) rgba(9742b5ee) 45deg
col.inactive_border = rgba(595959aa)
layout = dwindle
}
decoration {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
col.shadow = rgba(1E202966)
drop_shadow = yes
shadow_range = 60
shadow_offset = 1 2
shadow_render_power = 3
shadow_scale = 0.97
rounding = 8
blur {
enabled = yes
size = 3
passes = 3
}
active_opacity = 0.9
inactive_opacity = 0.5
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
}
animations {
enabled = yes
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
master {
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
new_is_master = true
}
gestures {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
workspace_swipe = off
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
windowrule = float, file_progress
windowrule = float, confirm
windowrule = float, dialog
windowrule = float, download
windowrule = float, notification
windowrule = float, error
windowrule = float, splash
windowrule = float, confirmreset
windowrule = float, title:Open File
windowrule = float, title:branchdialog
windowrule = float, Lxappearance
windowrule = float, Wofi
windowrule = float, dunst
windowrule = animation none,Wofi
windowrule = float,viewnior
windowrule = float,feh
windowrule = float, pavucontrol-qt
windowrule = float, pavucontrol
windowrule = float, file-roller
windowrule = fullscreen, wlogout
windowrule = float, title:wlogout
windowrule = fullscreen, title:wlogout
windowrule = idleinhibit focus, mpv
windowrule = idleinhibit fullscreen, firefox
windowrule = float, title:^(Media viewer)$
windowrule = float, title:^(Volume Control)$
windowrule = float, title:^(Picture-in-Picture)$
windowrule = size 800 600, title:^(Volume Control)$
windowrule = move 75 44%, title:^(Volume Control)$
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
$mainMod = SUPER
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = $mainMod, return, exec, alacritty -e zellij-ps
bind = $mainMod, t, exec, alacritty
bind = $mainMod SHIFT, e, exec, alacritty -e zellij_nvim
bind = $mainMod, o, exec, thunar
bind = $mainMod, Escape, exec, wlogout -p layer-shell
bind = $mainMod, Space, togglefloating
bind = $mainMod, q, killactive,
bind = $mainMod, M, exit,
bind= $mainMod, F, fullscreen
bind = $mainMod, V, togglefloating,
bind = $mainMod, D, exec, wofi --show drun --allow-images
bind = $mainMod SHIFT, S, exec, bemoji
bind = $mainMod, P, exec, wofi-pass
bind = $mainMod SHIFT, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
workspace = 1, monitor:DP-1, default:true
workspace = 2, monitor:DP-1
workspace = 3, monitor:DP-1
workspace = 4, monitor:eDP-1
workspace = 5, monitor:eDP-1
windowrulev2 = workspace 1,class:(Emacs)
windowrulev2 = workspace 3,opacity 1.0, class:(brave-browser)
windowrulev2 = workspace 4,class:(com.obsproject.Studio)
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
'';
}

38
home/users/m3tam3re/m3-nix.nix
View File

@ -1,38 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [
./base
./dotfiles
../../features/cli
../../features/coding
../../features/desktop
../../features/gaming
../../features/virtualization
];
features = {
cli = {
fish.enable = true;
neofetch.enable = true;
secrets.enable = true;
starship.enable = true;
zellij.enable = true;
};
gaming = {sunshine.enable = true;};
desktop = {
crypto.enable = true;
design.enable = true;
extrafonts.enable = true;
media.enable = true;
office.enable = true;
};
virtualization = {
podman.enable = true;
qemu.enable = true;
};
};
home.stateVersion = "24.05";
}

16
home/users/m3tam3re/m3-r1.nix
View File

@ -1,16 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [./base ../../features/cli];
features = {
cli = {
fish.enable = true;
starship.enable = true;
};
};
home.stateVersion = "22.11";
}

5
hosts/lkk-nix-1/default.nix
View File

@ -59,11 +59,6 @@
owner = "traefik";
};
minio-root-cred = {
file = ../../secrets/minio-root-cred.age;
mode = "770";
};
baserow-env = {
file = ../../secrets/baserow-env.age;
mode = "770";

148
hosts/m3-nix/default.nix
View File

@ -1,148 +0,0 @@
{ config, inputs, outputs, pkgs, lib, ... }:
with pkgs; {
imports = [
./hardware.nix
./hardware-configuration.nix # Include the results of the hardware scan.
../common/users/m3tam3re
../common/base
./services
];
specialisation = {
"NVIDIA".configuration = {
boot.kernelParams = [ "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
system.nixos.tags = [ "NVIDIA" ];
services.xserver.videoDrivers = [ "nvidia" ];
};
};
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.memtest86.enable = true;
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1
options v4l2loopback exclusive_caps=1 max_buffers=2
'';
networking = {
hostName = "m3-nix";
firewall.extraCommands =
"iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns";
networkmanager.enable = true;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "no";
allowSFTP = true;
};
services.avahi = {
enable = true;
nssmdns4 = true;
publish = {
addresses = true;
workstation = true;
userServices = true;
};
};
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs;
[
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
};
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
wg-key.file = ../../secrets/wg-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.utf8";
console.keyMap = "de";
# NOTE: NIX related config
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/projects/nix-configurations";
};
nix.extraOptions = ''
experimental-features = nix-command
keep-outputs = true
keep-derivations = true
'';
nix = {
settings = {
experimental-features = "nix-command flakes";
trusted-users = [ "root" "m3tam3re" ];
};
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry = (lib.mapAttrs (_: flake: { inherit flake; }))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = [ "/etc/nix/path" ];
};
environment.etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
environment.systemPackages =
[ neovim nvd nix-output-monitor wally-cli nfs-utils restic sshfs ];
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
];
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leavecatenate(variables, "bootdev", bootdev)
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}

67
hosts/m3-nix/hardware-configuration.nix
View File

@ -1,67 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [(modulesPath + "/installer/scan/not-detected.nix")];
boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "ahci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/3a50bf0a-024b-488b-aa11-56b32f2fb54d";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4811-EA6E";
fsType = "vfat";
};
fileSystems."/opt" = {
device = "/dev/disk/by-uuid/3574df3a-2a90-4b54-9c21-128f1d01ff8f";
fsType = "btrfs";
options = ["noatime" "compress=zstd"];
};
fileSystems."/mnt/skynet-bkg" = {
device = "100.94.135.99:/volume3/bkg";
fsType = "nfs";
options = ["noauto" "x-systemd.automount"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp46s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

54
hosts/m3-nix/hardware.nix
View File

@ -1,54 +0,0 @@
{ config, pkgs, ... }: {
hardware.nvidia = {
package = let
rcu_patch = pkgs.fetchpatch {
url =
"https://github.com/gentoo/gentoo/raw/c64caf53/x11-drivers/nvidia-drivers/files/nvidia-drivers-470.223.02-gpl-pfn_valid.patch";
hash = "sha256-eZiQQp2S/asE7MfGvfe6dA/kdCvek9SYa/FFGp24dVg=";
};
in config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "535.154.05";
sha256_64bit = "sha256-fpUGXKprgt6SYRDxSCemGXLrEsIA6GOinp+0eGbqqJg=";
sha256_aarch64 = "sha256-G0/GiObf/BZMkzzET8HQjdIcvCSqB1uhsinro2HLK9k=";
openSha256 = "sha256-wvRdHguGLxS0mR06P5Qi++pDJBCF8pJ8hr4T8O6TJIo=";
settingsSha256 = "sha256-9wqoDEWY4I7weWW05F4igj1Gj9wjHsREFMztfEmqm10=";
persistencedSha256 =
"sha256-d0Q3Lk80JqkS1B54Mahu2yY/WocOqFFbZVBh+ToGhaE=";
#version = "550.40.07";
#sha256_64bit = "sha256-KYk2xye37v7ZW7h+uNJM/u8fNf7KyGTZjiaU03dJpK0=";
#sha256_aarch64 = "sha256-AV7KgRXYaQGBFl7zuRcfnTGr8rS5n13nGUIe3mJTXb4=";
#openSha256 = "sha256-mRUTEWVsbjq+psVe+kAT6MjyZuLkG2yRDxCMvDJRL1I=";
#settingsSha256 = "sha256-c30AQa4g4a1EHmaEu1yc05oqY01y+IusbBuq+P6rMCs=";
#persistencedSha256 = "sha256-11tLSY8uUIl4X/roNnxf5yS2PQvHvoNjnd2CB67e870=";
patches = [ rcu_patch ];
};
prime = {
offload.enable = false;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
modesetting.enable = true;
powerManagement.finegrained = false;
powerManagement.enable = true;
open = false;
dynamicBoost.enable = true;
nvidiaSettings = true;
};
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
services.hardware.bolt.enable = true;
services.auto-cpufreq.enable = true;
services.tlp.enable = true;
services.fstrim.enable = true;
hardware.bluetooth.enable = true;
hardware.keyboard.zsa.enable = true;
hardware.tuxedo-rs.enable = true;
hardware.tuxedo-rs.tailor-gui.enable = true;
hardware.tuxedo-keyboard.enable = true;
}

6
hosts/m3-nix/services/cron.nix
View File

@ -1,6 +0,0 @@
{
services.cron = {
enable = true;
systemCronJobs = [""];
};
}

32
hosts/m3-nix/services/default.nix
View File

@ -1,32 +0,0 @@
{pkgs, ...}: {
imports = [
./cron.nix
./flatpak.nix
./prometheus-node.nix
./ollama.nix
./sound.nix
./udev.nix
./restic.nix
./tailscale.nix
./virtualization.nix
./wireguard.nix
#./xserver.nix
];
# services.gvfs = {
# enable = true;
# package = pkgs.gnome3.gvfs;
# };
# services.kubo = { enable = true; }; # IPFS
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-gnome3;
};
services.printing.enable = true;
services.sabnzbd.enable = true;
services.i2p.enable = true;
services.gvfs.enable = true;
services.trezord.enable = true;
services.logind.lidSwitchExternalPower = "ignore";
}

8
hosts/m3-nix/services/flatpak.nix
View File

@ -1,8 +0,0 @@
{pkgs, ...}: {
services.flatpak.enable = true;
xdg.portal = {
# xdg desktop intergration (required for flatpak)
enable = true;
extraPortals = [pkgs.xdg-desktop-portal-gtk];
};
}

7
hosts/m3-nix/services/ollama.nix
View File

@ -1,7 +0,0 @@
{
config,
pkgs,
...
}: {
services.ollama = {enable = true;};
}

10
hosts/m3-nix/services/prometheus-node.nix
View File

@ -1,10 +0,0 @@
{
services.prometheus.exporters.node = {
enable = true;
port = 8081;
enabledCollectors = ["logind" "systemd"];
disabledCollectors = ["textfile"];
openFirewall = true;
firewallFilter = "-i br0 -p tcp -m tcp --dport 8081";
};
}

25
hosts/m3-nix/services/restic.nix
View File

@ -1,25 +0,0 @@
{
services.restic.backups = {
skynet = {
repository = "/mnt/skynet-bkg/m3-nix";
passwordFile = "/etc/nixos/restic-pass";
initialize = true;
paths = ["/home/m3tam3re"];
exclude = [
"/home/m3tam3re/.cache"
"/home/m3tam3re/Bilder/"
"/home/m3tam3re/Videos/"
"/home/m3tam3re/Downloads"
"/home/m3tam3re/Library"
"/home/m3tam3re/Projekte"
"/home/m3tam3re/Sync"
"/home/m3tam3re/.local/share/Trash"
];
timerConfig = {
OnCalendar = "09:30";
RandomizedDelaySec = "2h";
Persistent = true;
};
};
};
}

14
hosts/m3-nix/services/sound.nix
View File

@ -1,14 +0,0 @@
{ pkgs, ... }: {
sound.enable = true;
sound.mediaKeys.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = false;
wireplumber.enable = true;
wireplumber.package = pkgs.stable.wireplumber;
};
}

40
hosts/m3-nix/services/tailscale.nix
View File

@ -1,40 +0,0 @@
{
config,
pkgs,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
wantedBy = ["multi-user.target"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
'';
};
}

5
hosts/m3-nix/services/udev.nix
View File

@ -1,5 +0,0 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666
'';
}

19
hosts/m3-nix/services/virtualization.nix
View File

@ -1,19 +0,0 @@
{pkgs, ...}: {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf = {
enable = true;
packages = [pkgs.OVMFFull];
};
};
};
containers.cdi.dynamic.nvidia.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
}

8
hosts/m3-nix/services/wireguard.nix
View File

@ -1,8 +0,0 @@
{config, ...}: {
networking.wg-quick.interfaces = {
wg0 = {
configFile = config.age.secrets.wg-key.path;
autostart = false;
};
};
}

19
hosts/m3-nix/services/xserver.nix
View File

@ -1,19 +0,0 @@
{pkgs, ...}: {
services.xserver.videoDrivers = ["nvidia"];
# services.xserver = {
# enable = true;
# videoDrivers = [ "nvidia" ];
# displayManager = {
# defaultSession = "hyprland";
# sddm = { enable = true; };
# };
# libinput.enable = true; # touchpad support
# layout = "de";
# xkbOptions = "ctrl:nocaps";
# };
# services.xserver.screenSection = ''
# Option "metamodes" "nvidia-auto-select +0+0 {ForceFullCompositionPipeline=On}"
# Option "AllowIndirectGLXProtocol" "off"
# Option "TripleBuffer" "on"
# '';
}

40
hosts/m3-nix/vfio.nix
View File

@ -1,40 +0,0 @@
let
gpuIDs = [
"10de:249d" # Graphics
"10de:228b" # Audio
];
in
{
pkgs,
lib,
config,
...
}: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let
cfg = config.vfio;
in {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelParams =
[
# enable IOMMU
"intel_iommu=on"
]
++ lib.optional cfg.enable
# isolate the GPU
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
};
}

104
hosts/m3-r1/default.nix
View File

@ -1,104 +0,0 @@
{ inputs, outputs, lib, config, pkgs, ... }: {
imports = [
./hardware-configuration.nix
../common/users/m3tam3re
../common/base
./services
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
networking = {
hostName = "m3-r1";
firewall.enable = true;
firewall.allowedTCPPortRanges = [{
from = 3000;
to = 3100;
}];
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
firewall.allowedUDPPorts = [ 53 51820 41641 ];
firewall.allowedUDPPortRanges = [{
from = 3478;
to = 3481;
}];
};
programs.fish.enable = true;
age = {
secrets = {
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
openai.file = ../../secrets/openai.age;
tailscale-key.file = ../../secrets/tailscale-key.age;
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
mode = "770";
};
n8n-env = {
file = ../../secrets/n8n-m3r1.age;
mode = "770";
};
traefik-env = {
file = ../../secrets/traefik-env.age;
mode = "770";
owner = "traefik";
};
searx-environmentFile = {
file = ../../secrets/searx-environmentFile.age;
mode = "770";
owner = "searx";
};
littlelink-m3tam3re-env = {
file = ../../secrets/littlelink-m3tam3re-env.age;
mode = "770";
};
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
nix = {
extraOptions = ''
experimental-features = nix-command
keep-outputs = true
keep-derivations = true
'';
settings = {
experimental-features = "nix-command flakes";
trusted-users = [ "root" "m3tam3re" ];
};
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
optimise.automatic = true;
registry = (lib.mapAttrs (_: flake: { inherit flake; }))
((lib.filterAttrs (_: lib.isType "flake")) inputs);
nixPath = [ "/etc/nix/path" ];
};
environment.etc = lib.mapAttrs' (name: value: {
name = "nix/path/${name}";
value.source = value.flake;
}) config.nix.registry;
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
nixpkgs = {
overlays = [
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.stable-packages
];
config = { allowUnfree = true; };
};
system.stateVersion = "23.05"; # Did you read the comment?
}

53
hosts/m3-r1/hardware-configuration.nix
View File

@ -1,53 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A79C-4B9F";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

13
hosts/m3-r1/services/container.nix
View File

@ -1,13 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [./containers];
virtualisation.podman = {
enable = true;
defaultNetwork.settings = {dns_enabled = true;};
};
virtualisation.oci-containers.backend = "podman";
}

25
hosts/m3-r1/services/containers/baserow.nix
View File

@ -1,25 +0,0 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.24.2";
environment = {
BASEROW_PUBLIC_URL = "https://br.m3tam3re.com";
POSTGRES_USER = "baserow";
POSTGRES_PASSWORD = "baserow";
POSTGRES_DB = "baserow";
DATABASE_HOST = "postgres";
DATABASE_NAME = "baserow";
DATABASE_USER = "baserow";
DATABASE_PASSWORD = "baserow";
EMAIL_SMTP = "in-v3.mailjet.com";
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
EMAIL_SMTP_PORT = "587";
EMAIL_SMTP_USER = config.age.secrets.mj-smtp-user.path;
EMAIL_SMTP_PASSWORD = config.age.secrets.mj-smtp-pass.path;
};
ports = [ "3001:80" ];
volumes = [ "baserow_data:/baserow/data" ];
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.11" ];
};
}

12
hosts/m3-r1/services/containers/briefkasten.nix
View File

@ -1,12 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."briefkasten" = {
image = "docker.io/ndom91/briefkasten";
environmentFiles = [config.age.secrets.briefkasten-env.path];
ports = ["3009:3000"];
extraOptions = ["--add-host=postgres:10.88.0.1" "--ip=10.88.0.19"];
};
}

12
hosts/m3-r1/services/containers/default.nix
View File

@ -1,12 +0,0 @@
{
imports = [
./baserow.nix
# ./briefkasten.nix
./little-link.nix
./matomo.nix
./mautic.nix
# ./nextcloud.nix
./nginx.nix
# ./wordpress.nix
];
}

12
hosts/m3-r1/services/containers/little-link.nix
View File

@ -1,12 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [config.age.secrets.littlelink-m3tam3re-env.path];
ports = ["3011:3000"];
extraOptions = ["--ip=10.88.0.21"];
};
}

19
hosts/m3-r1/services/containers/matomo.nix
View File

@ -1,19 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."matomo" = {
image = "docker.io/matomo";
environment = {
MATOMO_DATABASE_HOST = "mysql";
MATOMO_DATABASE_USERNAME = "matomo";
MATOMO_DATABASE_PASSWORD = "matomo";
MATOMO_DATABASE_DBNAME = "matomo";
PHP_MEMORY_LIMIT = "2048M";
};
ports = ["3003:80"];
volumes = ["matomo_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.13"];
};
}

20
hosts/m3-r1/services/containers/mautic.nix
View File

@ -1,20 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."mautic" = {
image = "docker.io/mautic/mautic:v4-apache";
environment = {
MAUTIC_DB_HOST = "mysql";
MAUTIC_DB_USER = "mautic";
MAUTIC_DB_PASSWORD = "mautic";
MAUTIC_DB_DBNAME = "mautic";
PHP_MEMORY_LIMIT = "2048M";
MAUTIC_RUN_CRON_JOBS = "true";
};
ports = ["127.0.0.1:3008:80"];
volumes = ["mautic_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.23"];
};
}

18
hosts/m3-r1/services/containers/nextcloud.nix
View File

@ -1,18 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."nextcloud" = {
image = "docker.io/nextcloud";
environment = {
TRUSTED_PROXIES = "10.88.0.1/16";
OVERWRITEPROTOCOL = "https";
OVERWRITECLIURL = "https://cloud.lanakk.com";
OVERWRITEHOST = "cloud.lanakk.com";
};
ports = ["3005:80"];
volumes = ["nextcloud_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.15"];
};
}

8
hosts/m3-r1/services/containers/nginx.nix
View File

@ -1,8 +0,0 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."http-images" = {
image = "docker.io/nginx:alpine";
ports = [ "3012:80" ];
volumes = [ "/var/www/m3tam3re.com/www:/usr/share/nginx/html" ];
extraOptions = [ "--ip=10.88.0.22" ];
};
}

22
hosts/m3-r1/services/containers/wireguard.nix
View File

@ -1,22 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."wireguard" = {
image = "docker.io/weejewel/wg-easy";
environment = {
WG_HOST = "wg.lanakk.com";
WG_DEFAULT_DNS = "10.88.0.1:5353";
};
ports = ["3007:51821/tcp" "51820:51820/udp"];
volumes = ["wireguard_data:/etc/wireguard"];
extraOptions = [
"--cap-add=NET_ADMIN"
"--cap-add=SYS_MODULE"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv4.ip_forward=1"
"--ip=10.88.0.17"
];
};
}

18
hosts/m3-r1/services/containers/wordpress.nix
View File

@ -1,18 +0,0 @@
{
config,
outputs,
...
}: {
virtualisation.oci-containers.containers."lanakk_blog" = {
image = "docker.io/wordpress";
environment = {
WORDPRESS_DB_HOST = "mysql";
WORDPRESS_DB_USER = "wp";
WORDPRESS_DB_PASSWORD = "wp";
WORDPRESS_DB_NAME = "lanakk_blog";
};
ports = ["3002:80"];
volumes = ["lanakk_blog_data:/var/www/html"];
extraOptions = ["--add-host=mysql:10.88.0.1" "--ip=10.88.0.12"];
};
}

14
hosts/m3-r1/services/default.nix
View File

@ -1,14 +0,0 @@
{
imports = [
./container.nix
./gitea.nix
./mariadb.nix
# ./n8n.nix
./postgres.nix
./searx.nix
./syncthing.nix
# ./tailscale.nix
./traefik.nix
# ./vaultwarden.nix
];
}

16
hosts/m3-r1/services/gitea.nix
View File

@ -1,16 +0,0 @@
{
config,
pkgs,
...
}: {
services.gitea = {
enable = true;
settings.server.ROOT_URL = "https://code.m3tam3re.com";
lfs.enable = true;
dump = {
enable = true;
interval = "03:30:00";
backupDir = "/var/backup/gitea";
};
};
}

15
hosts/m3-r1/services/mariadb.nix
View File

@ -1,15 +0,0 @@
{
pkgs,
config,
...
}: {
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
services.mysqlBackup = {
enable = true;
calendar = "03:00:00";
databases = ["matomo"];
};
}

18
hosts/m3-r1/services/n8n.nix
View File

@ -1,18 +0,0 @@
{
config,
pkgs,
...
}: {
services.n8n = {
enable = true;
openFirewall = true;
settings = {
host = "wf.lanakk.com";
protocol = "https";
editorBaseUrl = "https://wf.lanakk.com";
};
};
systemd.services.n8n.serviceConfig = {
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
};
}

28
hosts/m3-r1/services/postgres.nix
View File

@ -1,28 +0,0 @@
{
pkgs,
config,
...
}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.1/16 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
CREATE DATABASE baserow;
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
ALTER DATABASE baserow OWNER to baserow;
'';
};
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow"];
};
}

10
hosts/m3-r1/services/searx.nix
View File

@ -1,10 +0,0 @@
{pkgs, ...}: {
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server.port = 3004;
server.secret_key = "@SEARX_SECRET_KEY@";
};
};
}

26
hosts/m3-r1/services/syncthing.nix
View File

@ -1,26 +0,0 @@
{
config,
pkgs,
...
}: {
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
overrideDevices = true;
overrideFolders = true;
settings = {
devices = {
"LK-DATA" = {
id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3";
};
};
folders = {
"Bildvorschauen" = {
path = "/opt/service-data/http-images";
devices = ["LK-DATA"];
};
};
};
};
}

42
hosts/m3-r1/services/tailscale.nix
View File

@ -1,42 +0,0 @@
{
config,
pkgs,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
networking.firewall = {
trustedInterfaces = ["tailscale0"];
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
wantedBy = ["multi-user.target"];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
'';
};
}

171
hosts/m3-r1/services/traefik.nix
View File

@ -1,171 +0,0 @@
{ config, ... }: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = { level = "WARN"; };
certificatesResolvers = {
lets-encrypt = {
acme = {
email = "acc@m3tam3re.com";
storage = "/var/lib/traefik/acme.json";
tlsChallenge = { };
};
};
};
api = { };
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = { address = ":443"; };
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ];
};
};
nextcloud_redirectregex = {
redirectRegex = {
permanent = true;
regex = "https://(.*)/.well-known/(?:card|cal)dav";
replacement = "https://\${1}/remote.php/dav";
};
};
nextcloud_headers = {
headers = {
referrerPolicy = "no-referrer";
stsSeconds = "31536000";
forceSTSHeader = true;
stsPreload = true;
stsIncludeSubdomains = true;
};
};
};
services = {
baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }];
gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }];
n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }];
littlelink-m3tam3re.loadBalancer.servers =
[{ url = "http://localhost:3011/"; }];
matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }];
searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }];
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
m3tam3re.loadBalancer.servers = [{ url = "http://localhost:3012/"; }];
syncthing.loadBalancer.servers =
[{ url = "http://localhost:8384/"; }];
vaultwarden.loadBalancer.servers =
[{ url = "http://localhost:3014/"; }];
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
tls = { certResolver = "lets-encrypt"; };
service = "api@internal";
middlewares = "auth";
entrypoints = "websecure";
};
baserow = {
rule = "Host(`br.m3tam3re.com`)";
tls = { certResolver = "lets-encrypt"; };
service = "baserow";
entrypoints = "websecure";
};
gitea = {
rule = "Host(`code.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "code.m3tam3re.com";
};
service = "gitea";
entrypoints = "websecure";
};
littlelink-m3tm3re = {
rule = "Host(`links.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "links.m3tam3re.com";
};
service = "littlelink-m3tam3re";
entrypoints = "websecure";
};
n8n = {
rule = "Host(`io.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "io.m3tam3re.com";
};
service = "n8n";
entrypoints = "websecure";
};
m3tam3re = {
rule = "Host(`www.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "www.m3tam3re.com";
};
service = "m3tam3re";
entrypoints = "websecure";
};
matomo-m3tam3re = {
rule = "Host(`stats.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "stats.m3tam3re.com";
};
service = "matomo";
entrypoints = "websecure";
};
searx = {
rule = "Host(`search.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "search.m3tam3re.com";
};
service = "searx";
entrypoints = "websecure";
};
mautic = {
rule = "Host(`ma.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "ma.m3tam3re.com";
};
service = "mautic";
entrypoints = "websecure";
};
syncthing = {
rule = "Host(`sync.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "sync.m3tam3re.com";
};
service = "syncthing";
entrypoints = "websecure";
};
vaultwarden = {
rule = "Host(`vw.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "vw.m3tam3re.com";
};
service = "vaultwarden";
middlewares = "auth";
entrypoints = "websecure";
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
};
}

11
hosts/m3-r1/services/vaultwarden.nix
View File

@ -1,11 +0,0 @@
{
config,
pkgs,
...
}: {
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
}

1
modules/nixos/default.nix
View File

@ -1 +0,0 @@
{ordercollect = import ./ordercollect.nix;}

32
modules/nixos/ordercollect.nix
View File

@ -1,32 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.services.ordercollect;
in {
options.services.ordercollect = {
enable = mkEnableOption "Enable Ordercollect";
port = mkOption {
type = types.str;
description = "The http port to run on";
default = "";
};
package = mkOption {
type = types.package;
default = pkgs.ordercollect;
description = ''
The package for ordercollect
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [cfg.package];
systemd.services.ordercollect = {
ExecStart = "${cfg.package}/bin/ordercollect --port ${cfg.port}";
Restart = "on-failure";
};
};
}

7
pkgs/default.nix
View File

@ -1,5 +1,4 @@
{pkgs, ...}: {
wofi-pass = pkgs.callPackage ./wofi-pass {};
ordercollect = pkgs.callPackage ./ordercollect {};
zellij-ps = pkgs.callPackage ./zellij-ps {};
{ pkgs, ... }:
{
# ordercollect = pkgs.callPackage ./ordercollect {};
}

26
pkgs/ordercollect/default.nix
View File

@ -1,26 +0,0 @@
{
buildGoModule,
fetchFromGitea,
lib,
}:
buildGoModule rec {
pname = "ordercollect";
version = "0.1.0";
src = fetchFromGitea {
domain = "code.lanakk.com";
owner = "LANAKK";
repo = "ordercollect";
rev = "9ecbfa46f6758214aa2fcee7ad96aa7730301a06";
hash = "sha256-n4njl7LwG6GuoTj7x3rWOjErZ/a1Fog0qAymYxvsR2w=";
};
vendorHash = "sha256-G6k331XRuVN/cM4sNcdUV9/BzdISQI7Ljc4tesJnmH0=";
meta = with lib; {
description = "A simple Api for creating orders, written in Go";
homepage = "https://code.lanakk.com/LANAKK/ordercollect";
license = licenses.mit;
maintainers = with maintainers; [m3tam3re];
};
}

29
pkgs/wofi-pass/default.nix
View File

@ -1,29 +0,0 @@
{
stdenv,
lib,
fetchFromGitHub,
bash,
pkgs,
makeWrapper,
}:
with lib;
with pkgs;
stdenv.mkDerivation {
pname = "wofi-pass";
version = "0.1";
src = fetchFromGitHub {
owner = "TinfoilSubmarine";
repo = "wofi-pass";
rev = "869c545";
sha256 = "gcfW8E/3/dqv0P3S4z9fDv8k4R7czcIKwpo/OHFFWj0=";
};
buildInputs = [bash coreutils wl-clipboard wofi wtype];
nativeBuildInputs = [makeWrapper];
installPhase = ''
mkdir -p $out/bin
cp wofi-pass $out/bin/wofi-pass
wrapProgram $out/bin/wofi-pass \
--prefix PATH : ${makeBinPath [bash coreutils wl-clipboard wofi wtype]}
'';
}

33
pkgs/zellij-ps/default.nix
View File

@ -1,33 +0,0 @@
{ lib, stdenv, fetchFromGitea, fish, fd, fzf, pkgs, zellij, }:
with lib;
with pkgs;
stdenv.mkDerivation rec {
pname = "zellij-ps";
version = "0.1.0";
src = fetchFromGitea {
domain = "code.m3tam3re.com";
owner = "m3tam3re";
repo = "helper-scripts";
rev = "25cd4f662c2a7d1a5091ad30810c458627fdba5a";
sha256 = "0lw1qmn18i1s21ljmsdy2x034x19gad8krml9iggksn3c31haz9m";
};
buildInputs = [ fish fd fzf zellij ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp zellij-ps.fish $out/bin/zellij-ps
wrapProgram $out/bin/zellij-ps \
--prefix PATH : ${lib.makeBinPath [ fish fd fzf zellij ]}
'';
meta = with lib; {
description = "A small project script for zellij";
homepage = "https://code.m3tam3re.com/m3tam3re/helper-scripts";
license = licenses.mit;
maintainers = with maintainers; [ m3tam3re ];
platforms = platforms.unix;
};
}

9
secrets.nix
View File

@ -6,23 +6,17 @@ in {
"secrets/mj-smtp-pass.age".publicKeys = [ system ];
"secrets/n8n-env.age".publicKeys = [ system ];
"secrets/n8n-m3r1.age".publicKeys = [ system ];
"secrets/godaddy-api-key.age".publicKeys = [ system ];
"secrets/godaddy-api-secret.age".publicKeys = [ system ];
"secrets/searx-environmentFile.age".publicKeys = [ system ];
"secrets/tailscale-key.age".publicKeys = [ system ];
"secrets/wg-key.age".publicKeys = [ system ];
"secrets/briefkasten-env.age".publicKeys = [ system ];
"secrets/littlelink-lanakk-env.age".publicKeys = [ system ];
"secrets/littlelink-m3tam3re-env.age".publicKeys = [ system ];
"secrets/m3tam3re-secrets.age".publicKeys = [ system ];
"secrets/traefik-env.age".publicKeys = [ system ];
"secrets/metabase-env.age".publicKeys = [ system ];
@ -32,8 +26,5 @@ in {
"secrets/pgadmin.age".publicKeys = [ system ];
"secrets/minio-system-cred.age".publicKeys = [ system ];
"secrets/openai.age".publicKeys = [ system ];
"secrets/vaultwarden-env.age".publicKeys = [ system ];
}

BIN
secrets/briefkasten-env.age
View File

Binary file not shown.

BIN
secrets/littlelink-m3tam3re-env.age
View File

Binary file not shown.

BIN
secrets/minio-root-cred.age
View File

Binary file not shown.

BIN
secrets/n8n-m3r1.age
View File

Binary file not shown.

BIN
secrets/openai.age
View File

Binary file not shown.

BIN
secrets/searx-environmentFile.age
View File

Binary file not shown.

BIN
secrets/wg-key.age
View File

Binary file not shown.