Compare commits

...

50 Commits

Author SHA1 Message Date
m3tam3re 16f931782e m3-r1 2023-07-18 12:52:40 +00:00
m3tam3re 16d4ec6928 m3-r1 2023-07-18 12:53:55 +02:00
m3tam3re 5fa6d0b0ee Revert "backup timer lkk-nix-1"
This reverts commit 791c61aa94.
2023-07-05 15:17:24 +02:00
m3tam3re 791c61aa94 backup timer lkk-nix-1 2023-07-05 15:05:59 +02:00
m3tam3re d32f0ec691 vaultwarden final config 2023-07-04 15:22:15 +02:00
m3tam3re 56d578dea1 +vaultwarden 2023-07-04 09:20:00 +02:00
m3tam3re 58f52d3ecb +vaultwarden 2023-07-04 09:18:47 +02:00
m3tam3re 66fe8c6fce baserow 1.18 2023-07-03 16:25:30 +02:00
m3tam3re 6ac66d4809 trezor udev, emacs changes 2023-07-03 14:32:30 +02:00
m3tam3re f7bf66c9b5 git settings 2023-06-27 12:51:03 +02:00
m3tam3re fc681daa8f gpu-passthrough 2023-06-27 12:35:30 +02:00
m3tam3re 7f1fbff43f obs-wlrobs 2023-06-19 06:04:31 +02:00
m3tam3re 339809b1a2 -wofi-emoji +bemoji 2023-06-18 06:00:57 +02:00
m3tam3re 23745eb5b1 -busybox + coreutils 2023-06-17 17:03:03 +02:00
m3tam3re 80c1f85681 +nyxt +pass-import 2023-06-15 14:51:57 +02:00
m3tam3re c5b4727a7a -nautilus + thunar 2023-06-13 06:20:48 +02:00
m3tam3re 94e539b24d some emacs changes 2023-06-12 06:18:54 +02:00
m3tam3re 96de7b7a71 Hyprland package source to nixpkgs 2023-06-01 12:35:45 +02:00
m3tam3re dfa3f15c20 23-05 release update 2023-06-01 11:25:56 +02:00
m3tam3re 331bc69af4 23-05 release update 2023-06-01 11:23:52 +02:00
m3tam3re 6c94ed70d1 +wireguard 2023-05-30 11:51:56 +02:00
m3tam3re 57d608eb2b +wireguard 2023-05-30 11:50:34 +02:00
m3tam3re 367570b877 23.05.upgrade 2023-05-24 13:46:40 +02:00
m3tam3re 49e51ce04d 23.05 / espanso-wayland 2023-05-24 07:55:41 +02:00
m3tam3re 5befc77f48 1505 2023-05-15 13:05:47 +02:00
m3tam3re 11b60a43af n8n webhook fix 2023-05-06 15:30:50 +02:00
m3tam3re 7481001aae espanso test 2023-05-05 06:03:00 +02:00
m3tam3re 6391b25f71 flake update, npm global 2023-04-29 06:47:39 +02:00
m3tam3re 0238155824 +zoxide 2023-04-26 06:43:46 +02:00
m3tam3re 4840a49f58 +mautic 2023-04-24 19:14:11 +02:00
m3tam3re 06da56bacd +wl-clipboard 2023-04-21 10:19:46 +02:00
m3tam3re d87939af0f tailscale service fix 2023-04-21 05:18:13 +02:00
m3tam3re 39a27a95e8 + wofi-pass 2023-04-17 18:37:10 +02:00
m3tam3re 18b18bab5e -rofi + wofi 2023-04-16 17:07:24 +02:00
m3tam3re b178a9838c - wg-easy age 2023-04-14 07:26:40 +02:00
m3tam3re 1afc81f297 +tailscale age 2023-04-14 07:24:45 +02:00
m3tam3re 51ab101f6e fw ports 2023-04-14 06:26:07 +02:00
m3tam3re 80c9aed243 +tailscale 2023-04-14 06:23:31 +02:00
m3tam3re a0a6a1c1d3 dns 2023-04-13 13:33:07 +02:00
m3tam3re 16d36e539d adguard fix 2023-04-13 13:27:24 +02:00
m3tam3re 94a07f803a n8n-env 2023-04-13 12:46:49 +02:00
m3tam3re 202bfa9859 n8n-env 2023-04-13 11:35:44 +02:00
m3tam3re 42268d6cc2 I am stupid 2023-04-13 11:26:58 +02:00
m3tam3re c9b2d51885 I am stupid 2023-04-13 11:25:50 +02:00
m3tam3re e9c395fbcc n8n-env 2023-04-13 11:23:10 +02:00
m3tam3re 74c85961df podman fix 2023-04-13 06:58:47 +02:00
m3tam3re aab779c65f podman fix 2023-04-13 06:23:38 +02:00
m3tam3re ebacf11249 podman fix 2023-04-13 06:20:25 +02:00
m3tam3re a57a211b47 unfree fix lkk-nix-1 2023-04-13 05:24:21 +02:00
m3tam3re 0451280165 unstable branch 2023-04-12 19:30:43 +02:00
99 changed files with 1507 additions and 608 deletions

2
.gitignore vendored
View File

@ -1,3 +1,5 @@
/result
*.qcow2
\#
#
.#

View File

@ -3,14 +3,15 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1680281360,
"narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
"lastModified": 1684153753,
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e64961977f60388dd0b49572bb0fc453b871f896",
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
"type": "github"
},
"original": {
@ -19,22 +20,6 @@
"type": "github"
}
},
"base16-schemes": {
"flake": false,
"locked": {
"lastModified": 1680729003,
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=",
"owner": "tinted-theming",
"repo": "base16-schemes",
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-schemes",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -64,11 +49,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1674127017,
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
"lastModified": 1686747123,
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"type": "github"
},
"original": {
@ -96,82 +81,41 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1680667162,
"narHash": "sha256-2vgxK4j42y73S3XB2cThz1dSEyK9J9tfu4mhuEfAw68=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "440faf5ae472657ef2d8cc7756d77b6ab0ace68d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hyprland": {
"inputs": {
"hyprland-protocols": "hyprland-protocols",
"nixpkgs": "nixpkgs_3",
"wlroots": "wlroots",
"xdph": "xdph"
},
"locked": {
"lastModified": 1681044500,
"narHash": "sha256-jXuwPWHr5Yywc0T40NsJ8LyPjjxEnJgo44wXgb9JZc8=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "046ad79d11dbccc90ade48d63aaa340655d999fb",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "Hyprland",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
"hyprland",
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1680997116,
"narHash": "sha256-nNyoatiHmTMczrCoHCH2LIRfSF8n9ZPZ1O7WNMxcbR4=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "d7d403b711b60e8136295b0d4229e89a115e80cc",
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-protocols",
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-colors": {
"home-manager_2": {
"inputs": {
"base16-schemes": "base16-schemes",
"nixpkgs-lib": "nixpkgs-lib"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1680875144,
"narHash": "sha256-Ub/Y+/zoAoji+E7WCLbTykcTmfRiyzLJ5QEyR3NbHgY=",
"owner": "misterio77",
"repo": "nix-colors",
"rev": "41cc6c1086a4d26509f9fc80a538131d03a11234",
"lastModified": 1686778999,
"narHash": "sha256-3qBtOJdznerw33LgwJTSUL6u8/j1Ot83fcc0f6oHKmk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e0034971f9def16bbc32124147787bc0f09f0e59",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "nix-colors",
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
@ -191,37 +135,6 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1680397293,
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1680945546,
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1671417167,
@ -240,45 +153,26 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1680669251,
"narHash": "sha256-AVNE+0u4HlI3v96KCXE9risH7NKqj0QDLLfSckYXIbA=",
"owner": "NixOS",
"lastModified": 1686592866,
"narHash": "sha256-riGg89eWhXJcPNrQGcSwTEEm7CGxWC06oSX44hajeMw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e",
"rev": "0eeebd64de89e4163f4d3cf34ffe925a5cf67a05",
"type": "github"
},
"original": {
"owner": "NixOS",
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1680865339,
"narHash": "sha256-H6rmJ1CyJ3Q5ZyoLMYq/UEYMS9Q1orJjRpWiQ47HudE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0040164e473509b4aee6aedb3b923e400d6df10b",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"hyprland": "hyprland",
"nix-colors": "nix-colors",
"nixpkgs": "nixpkgs_4",
"nixpkgs-unstable": "nixpkgs-unstable"
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_3"
}
},
"utils": {
@ -295,64 +189,6 @@
"repo": "flake-utils",
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"wlroots": {
"flake": false,
"locked": {
"host": "gitlab.freedesktop.org",
"lastModified": 1680810405,
"narHash": "sha256-LmI/4Yp/pOOoI4RxLRx9I90NBsiqdRLVOfbATKlgpkg=",
"owner": "wlroots",
"repo": "wlroots",
"rev": "7abda952d0000b72d240fe1d41457b9288f0b6e5",
"type": "gitlab"
},
"original": {
"host": "gitlab.freedesktop.org",
"owner": "wlroots",
"repo": "wlroots",
"type": "gitlab"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hyprland",
"hyprland-protocols"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673116118,
"narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"type": "github"
}
}
},
"root": "root",

View File

@ -9,92 +9,63 @@
inputs.nixpkgs.follows = "nixpkgs";
};
agenix.url = "github:ryantm/agenix";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
deploy-rs.url = "github:serokell/deploy-rs";
hyprland.url = "github:hyprwm/Hyprland";
nix-colors.url = "github:misterio77/nix-colors";
};
outputs = { self, nix-colors, nixpkgs, nixpkgs-unstable, home-manager
, hyprland, agenix, deploy-rs, ... }@inputs:
outputs = { self, nixpkgs, home-manager, agenix, deploy-rs, ... }@inputs:
let
inherit (self) outputs;
lib = nixpkgs.lib;
allowUnfree = { nixpkgs.config.allowUnfree = true; };
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
};
forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
forEachPkgs = f: forEachSystem (sys: f nixpkgs.legacyPackages.${sys});
in {
packages = forEachPkgs (pkgs: (import ./pkgs { inherit pkgs; }));
nixosConfigurations = {
lkk-nix-1 = lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
./hosts/lkk-nix-1
agenix.nixosModules.default
({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
];
modules =
[ allowUnfree ./hosts/lkk-nix-1 agenix.nixosModules.default ];
};
m3-r1 = lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [ allowUnfree ./hosts/m3-r1 agenix.nixosModules.default ];
};
lkk-prod-1 = lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
allowUnfree
./hosts/lkk-prod-1
agenix.nixosModules.default
({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
];
modules =
[ allowUnfree ./hosts/lkk-prod-1 agenix.nixosModules.default ];
};
lkk-prod-2 = lib.nixosSystem {
specialArgs = { inherit inputs; };
modules = [
allowUnfree
./hosts/lkk-prod-2
agenix.nixosModules.default
({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
];
modules =
[ allowUnfree ./hosts/lkk-prod-2 agenix.nixosModules.default ];
};
m3-nix = lib.nixosSystem {
specialArgs = { inherit inputs outputs; };
modules = [
allowUnfree
./hosts/m3-nix
agenix.nixosModules.default
({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
];
modules = [ allowUnfree ./hosts/m3-nix agenix.nixosModules.default ];
};
};
homeConfigurations = {
# Laptop
"m3tam3re@m3-nix" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = { inherit inputs nix-colors; };
modules = [
hyprland.homeManagerModules.default
./home/users/m3tam3re/m3-nix.nix
allowUnfree
({ config, pkgs, ... }: {
nixpkgs.overlays = [ overlay-unstable ];
})
];
extraSpecialArgs = { inherit inputs outputs; };
modules = [ ./home/users/m3tam3re/m3-nix.nix allowUnfree ];
};
# Company Root Servera
"m3tam3re@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = { # pass things to t
};
modules = [ ./home/users/m3tam3re/lkk-nix-1.nix ];
};
"m3tam3re@m3-r1" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = { # pass things to t
};
modules = [ ./home/users/m3tam3re/m3-r1.nix ];
};
};
deploy.nodes.lkk-nix-1 = {
hostname = "lkk-nix-1";
@ -105,6 +76,15 @@
self.nixosConfigurations.lkk-nix-1;
};
};
deploy.nodes.m3-r1 = {
hostname = "lkk-nix-1";
sshUser = "root";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos
self.nixosConfigurations.lkk-nix-1;
};
};
deploy.nodes.lkk-prod-1 = {
hostname = "lkk-prod-1";
sshUser = "root";

View File

@ -0,0 +1,68 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.features.cli.fish;
in {
options.features.cli.fish.enable = mkEnableOption "enable fish shell";
config = mkIf cfg.enable {
programs.fish = {
enable = true;
plugins = [{
name = "foreign-env";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-foreign-env";
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
};
}];
loginShellInit = ''
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
set -x EDITOR emacsclient
set -x VISUAL emacsclient
set -x XDG_DATA_HOME $HOME/.local/share
set -x FZF_ALT_C_COMMAND fd --type d --exclude .git --follow --hidden
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
if test (tty) = "/dev/tty1"
exec Hyprland &> /dev/null
end
'';
shellAbbrs = {
ls = "exa";
grep = "rg";
ps = "procs";
n = "nix";
nd = "nix develop -c $SHELL";
ns = "nix shell";
nsn = "nix shell nixpkgs#";
nb = "nix build";
nbn = "nix build nixpkgs#";
nf = "nix flake";
nrs = "sudo nixos-rebuild switch --flake .#$HOSTNAME";
snr = "sudo nixos-rebuild --flake .";
snrs = "sudo nixos-rebuild --flake . switch";
hm = "home-manager --flake .";
hms = "home-manager --flake . switch";
tsu = "sudo tailscale up";
tsd = "sudo tailscale down";
vi = "nvim";
vim = "nvim";
wgd = "sudo systemctl stop wg-quick-wg0.service";
wgu = "sudo systemctl start wg-quick-wg0.service";
};
};
};
}

View File

@ -7,20 +7,26 @@
./starship.nix
./tmux.nix
];
programs.autojump = {
programs.zoxide = {
enable = true;
enableFishIntegration = true;
};
programs.fzf = {
enable = true;
enableFishIntegration = true;
tmux.enableShellIntegration = true;
};
home.packages = with pkgs; [
bc
busybox
comma
coreutils
direnv
exa
fd
htop
httpie
jq
neovim
procs
progress
ripgrep

View File

@ -24,7 +24,12 @@ in {
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
set -x EDITOR emacsclient
set -x VISUAL emacsclient
set -x TERMINAL alacritty
set -x XDG_DATA_HOME $HOME/.local/share
set -x FZF_ALT_C_COMMAND fd --type d --exclude .git --follow --hidden
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
if test (tty) = "/dev/tty1"
exec Hyprland &> /dev/null
end
@ -42,18 +47,22 @@ in {
nbn = "nix build nixpkgs#";
nf = "nix flake";
nr = "nixos-rebuild --flake .";
nrs = "nixos-rebuild --flake . switch";
nr = "sudo nixos-rebuild --flake .";
nrs = "sudo nixos-rebuild switch --flake .#$HOSTNAME";
snr = "sudo nixos-rebuild --flake .";
snrs = "sudo nixos-rebuild --flake . switch";
hm = "home-manager --flake .";
hms = "home-manager --flake . switch";
tsu = "sudo tailscale up";
tsd = "sudo tailscale down";
vi = "nvim";
vim = "nvim";
wgd = "sudo systemctl stop wg-quick-wg0.service";
wgu = "sudo systemctl start wg-quick-wg0.service";
};
};
};

View File

@ -12,7 +12,7 @@ in {
programs.password-store = {
enable = true;
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp exts.pass-import ]);
};
programs.gpg = { enable = true; };
services.gpg-agent = {
@ -20,6 +20,7 @@ in {
defaultCacheTtl = 1800;
enableSshSupport = true;
};
programs.browserpass.enable = true;
home.packages = with pkgs; [
pinentry
];

View File

@ -14,7 +14,10 @@ in {
shortcut = "a";
keyMode = "vi";
clock24 = true;
plugins = with pkgs.tmuxPlugins; [ sensible yank ];
extraConfig = ''
set-option -sa terminal-overrides ",xterm*:Tc"
# Enable mouse mode (tmux 2.1 and above)
set -g mouse on
@ -24,9 +27,8 @@ in {
unbind '"'
unbind %
# change status bar color
bind-key r source-file ~/.tmux.conf \; display-message "Konfiguration neu geladen"
set -g @plugin 'sainnhe/tmux-fzf'
# status bar theme
set -g status-bg 'colour235'
#set -g message-command-fg 'colour222'

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
appimage-run
deploy-rs
nil
nix-prefetch-git
nixfmt
rnix-lsp
];
}

View File

@ -1,8 +1,13 @@
{ pkgs, ... }: {
imports = [ ./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix ];
imports =
[ ./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix ];
home.packages = with pkgs;
[
home.packages = with pkgs; [
ispell
python3
python311Packages.pip
python311Packages.setuptools
guile_3_0
tinyscheme
];
}

View File

@ -1,108 +1,4 @@
{ pkgs, ... }: {
services.emacs.enable = true;
programs.emacs = { # 310
enable = true;
extraPackages = epkgs: [
epkgs.all-the-icons
epkgs.all-the-icons-dired
epkgs.calfw
epkgs.calfw-org
epkgs.calfw-ical
epkgs.command-log-mode
epkgs.company
epkgs.company-box
epkgs.consult
epkgs.counsel
epkgs.counsel-projectile
epkgs.consult-org-roam
epkgs.dart-mode
epkgs.dashboard
epkgs.deft
epkgs.dired-hide-dotfiles
epkgs.dired-open
epkgs.dired-single
epkgs.direnv
epkgs.docker
epkgs.docker-compose-mode
epkgs.dockerfile-mode
epkgs.docker-tramp
epkgs.doom-themes
epkgs.doom-modeline
epkgs.elfeed
epkgs.elfeed-web
epkgs.elfeed-tube
epkgs.elfeed-tube-mpv
epkgs.elfeed-org
epkgs.embark
epkgs.embark-consult
epkgs.emmet-mode
epkgs.envrc
epkgs.evil
epkgs.evil-collection
epkgs.evil-nerd-commenter
epkgs.exec-path-from-shell
epkgs.forge
epkgs.fontawesome
epkgs.general
epkgs.go-mode
epkgs.graphql-mode
epkgs.helpful
epkgs.helm
epkgs.helm-lsp
epkgs.helm-descbinds
epkgs.helm-rg
epkgs.helm-c-yasnippet
epkgs.highlight-indent-guides
epkgs.hydra
epkgs.ivy
epkgs.ivy-prescient
epkgs.ivy-rich
epkgs.json-mode
#epkgs.khalel
epkgs.lispy
epkgs.lsp-dart
epkgs.lsp-ivy
epkgs.lsp-mode
epkgs.lsp-ui
epkgs.lsp-treemacs
epkgs.magit
epkgs.marginalia
epkgs.mastodon
epkgs.mermaid-mode
epkgs.nix-mode
epkgs.no-littering
epkgs.ob-mermaid
epkgs.org
epkgs.org-auto-tangle
epkgs.org-bullets
epkgs.org-download
epkgs.org-gcal
epkgs.org-ql
epkgs.org-present
epkgs.org-roam
epkgs.org-roam-ui
epkgs.pass
epkgs.pdf-tools
epkgs.projectile
epkgs.pyenv-mode
epkgs.python-mode
epkgs.rainbow-delimiters
epkgs.request
epkgs.restclient
epkgs.rustic
epkgs.smartparens
epkgs.svelte-mode
epkgs.todoist
epkgs.typescript-mode
epkgs.use-package
epkgs.visual-fill-column
epkgs.vue-mode
epkgs.vterm
epkgs.web-mode
epkgs.which-key
epkgs.yasnippet
epkgs.yasnippet-snippets
epkgs.zetteldeft
];
};
programs.emacs = { enable = true; };
}

View File

@ -6,5 +6,6 @@
nil
nix-prefetch-git
nixfmt
rnix-lsp
];
}

View File

@ -2,6 +2,5 @@
{
home.packages = with pkgs; [
rustup
rust-analyzer
];
}

View File

@ -4,6 +4,5 @@
direnv
insomnia
hugo
shopify-cli
];
}

View File

@ -0,0 +1,89 @@
{ pkgs, ... }: {
imports = [
./crypto.nix
./design.nix
# ./espanso.nix
./extrafonts.nix
./media.nix
./office.nix
./qt.nix
./syncthing.nix
./waybar.nix
./wofi.nix
];
xdg.mimeApps = {
enable = true;
defaultApplications = { "application/pdf" = [ "okular.desktop" ]; };
};
home.sessionVariables = {
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
NIXOS_OZONE_WL = "1";
EDITOR = "emacsclient";
VISUAL = "emacsclient";
TERMINAL = "alacritty";
BROWSER = "nyxt";
QT_QPA_PLATFORM = "wayland";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
};
home.sessionPath =
[ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" ];
fonts.fontconfig.enable = true;
services.mako = {
enable = true;
backgroundColor = "#282a36";
textColor = "#80FFEA";
borderColor = "#9742b5";
width = 400;
height = 150;
padding = "10,20";
borderRadius = 8;
borderSize = 1;
margin = "20,20";
};
home.packages = with pkgs; [
alacritty
appimage-run
blueberry
brave
brightnessctl
clipman
distrobox
flameshot
firefox
fuzzel
gnome.file-roller
gnome.seahorse
gnome.sushi
gnome.vinagre
glib
gsettings-desktop-schemas
hyprpaper
pamixer
pavucontrol
libsForQt5.qtstyleplugins
nyxt
qt5ct
rustdesk
tor-browser-bundle-bin
transmission-gtk
ungoogled-chromium
unrar
unzip
usbutils
v4l-utils
wl-clipboard
wlogout
wtype
xdg-utils
ydotool
zip
];
}

View File

@ -9,6 +9,6 @@ in {
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
config = mkIf cfg.enable {
home.packages = with pkgs; [ bisq-desktop monero-gui trezord trezor-suite ];
home.packages = with pkgs; [ bisq-desktop monero-gui trezor-suite ];
};
}

View File

@ -3,14 +3,14 @@
imports = [
./crypto.nix
./design.nix
# ./espanso.nix
./extrafonts.nix
#./hyprland
./media.nix
./office.nix
./qt.nix
./rofi.nix
./syncthing.nix
./waybar.nix
./wofi.nix
];
xdg.mimeApps = {
@ -23,17 +23,28 @@
NIXOS_OZONE_WL = "1";
EDITOR = "emacs";
VISUAL = "emacs";
TERMINAL = "alacritty";
QT_QPA_PLATFORM = "wayland";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
};
home.sessionPath = [ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" ];
home.sessionPath =
[ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" ];
fonts.fontconfig.enable = true;
services.dunst = {
services.mako = {
enable = true;
backgroundColor = "#282a36";
textColor = "#80FFEA";
borderColor = "#9742b5";
width = 400;
height = 150;
padding = "10,20";
borderRadius = 8;
borderSize = 1;
margin = "20,20";
};
home.packages = with pkgs; [
@ -44,33 +55,37 @@
brightnessctl
clipman
distrobox
eww-wayland
flameshot
firefox
fuzzel
gnome.file-roller
gnome.nautilus
gnome.nautilus
gnome.seahorse
gnome.sushi
gnome.vinagre
glib
gsettings-desktop-schemas
hyprpaper
nyxt
pamixer
pavucontrol
picom
libsForQt5.qtstyleplugins
nyxt
qt5ct
rustdesk
socat
tor-browser-bundle-bin
transmission-gtk
trayer
ungoogled-chromium
unrar
unzip
usbutils
v4l-utils
wl-clipboard
wlogout
wtype
xdg-utils
xdotool
ydotool
zip
];
}

View File

@ -15,6 +15,7 @@ in {
darktable
gimp-with-plugins
gimpPlugins.gmic
glaxnimate
gmic
gmic-qt
imagemagick

View File

@ -1,3 +1,2 @@
{
services.espanso.enable = true;
}
{ pkgs, ... }: { home.packages = with pkgs; [ espanso-wayland ]; }

View File

@ -17,7 +17,7 @@ in ''
env = WLR_NO_HARDWARE_CURSORS,1
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = de
kb_layout = de,us
kb_variant =
kb_model =
kb_rules =
@ -147,11 +147,11 @@ in ''
bind = $mainMod SHIFT, e, exec, emacsclient -n -c -e '(package-initialize)'
bind = $mainMod, Escape, exec, wlogout -p layer-shell
bind = $mainMod, Space, togglefloating
bind = $mainMod, q, killactive,
bind = $mainMod, M, exit,
bind = $mainMod, q, killactive
bind = $mainMod, M, exit
bind = $mainMod, F, fullscreen
bind = $mainMod, E, exec, thunar
bind = $mainMod, V, togglefloating,
bind = $mainMod, V, togglefloating
bind = $mainMod, D, exec, fuzzel
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle

View File

@ -29,8 +29,8 @@
waypipe
wireplumber
wf-recorder
wl-clipboard
wl-mirror
wl-clipboard
ydotool
];
}

View File

@ -11,18 +11,26 @@ in {
config = mkIf cfg.enable {
home.packages = with pkgs; [
ffmpeg
ffmpeg_6-full
fractal
frei0r
gphoto2
handbrake
libsForQt5.kdenlive
makemkv
mediainfo
mpv
obs-studio
plexamp
uxplay
vlc
webcord
youtube-dl
];
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [ obs-backgroundremoval wlrobs ];
};
};
}

View File

@ -14,6 +14,7 @@ in {
nextcloud-client
libreoffice
neomutt
pdftk
tutanota-desktop
okular
zathura

View File

@ -3,6 +3,14 @@
#
];
home.packages = with pkgs; [ alacritty brave libreoffice nextcloud-client ];
services.espanso.enable = true;
home.packages = with pkgs; [
alacritty
brave
libreoffice
nextcloud-client
xclip
libnotify
espanso
firefox
];
}

View File

@ -1,22 +0,0 @@
{ pkgs, ... }: {
programs.rofi = {
enable = true;
package = pkgs.rofi-wayland;
plugins = [ pkgs.rofi-calc pkgs.rofi-emoji ];
theme = "themes/dracula";
extraConfig = {
modi = "drun,ssh,filebrowser,keys,window";
kb-primary-paste = "Control+V,Shift+Insert";
kb-secondary-paste = "Control+v,Insert";
};
};
programs.rofi.pass = {
enable = true;
extraConfig = ''
layout_cmd () {
setxkbmap de
}
'';
};
}

View File

@ -28,7 +28,6 @@
waypipe
wireplumber
wf-recorder
wl-clipboard
wl-mirror
ydotool
];

View File

@ -0,0 +1,12 @@
{ pkgs, outputs, ...}:
let
wofi-pass = outputs.packages.x86_64-linux.wofi-pass;
bemoji = outputs.packages.x86_64-linux.bemoji;
in
{
home.packages = [
pkgs.wofi
bemoji
wofi-pass
];
}

View File

@ -7,6 +7,8 @@
gamescope
goverlay
mangohud
yuzu-early-access
ryujinx
protontricks
protonup-ng
winetricks

View File

@ -10,7 +10,7 @@ in {
config = mkIf cfg.enable {
home.packages = with pkgs; [
#podman
fuse-overlayfs
];
};
}

View File

@ -23,6 +23,9 @@ nixpkgs = {
userName = "m3tam3re";
userEmail = "m@m3tam3re.com";
aliases = { st = "status"; };
extraConfig = {
core.excludesfile = "~/.gitignore_global";
};
};
};

View File

@ -16,11 +16,13 @@
# source = ~/.config/hypr/myColors.conf
# Some default env vars.
env = XCURSOR_SIZE,24
#env = XCURSOR_SIZE,24
env = WLR_NO_HARDWARE_CURSORS,1
env = __NV_PRIME_RENDER_OFFLOAD,1
env = GTK_THEME,Dracula
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
input {
kb_layout = de
kb_layout = de,us
kb_variant =
kb_model =
kb_rules =
@ -34,6 +36,10 @@
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
}
device:zsa-technology-labs-moonlander-mark-i {
kb_layout = us
}
general {
# See https://wiki.hyprland.org/Configuring/Variables/ for more
col.active_border = rgb(44475a) rgb(bd93f9) 90deg
@ -155,10 +161,10 @@
bind = $mainMod, q, killactive,
bind = $mainMod, M, exit,
bind= $mainMod, F, fullscreen
bind = $mainMod, E, exec, thunar
bind = $mainMod, V, togglefloating,
bind = $mainMod, D, exec, rofi -modi 'drun,emoji,calc,ssh' -show drun -font 'Fira Code 13' -show-icons
bind = $mainMod, D, exec, rofi -modi 'drun,emoji,calc,ssh' -show drun -font 'Fira Code 13' -show-icons
bind = $mainMod, D, exec, wofi --show drun --allow-images
bind = $mainMod SHIFT, S, exec, bemoji
bind = $mainMod, P, exec, wofi-pass
bind = $mainMod SHIFT, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle

View File

@ -30,7 +30,7 @@
podman.enable = true;
qemu.enable = true;
};
services = { netbird.enable = true; };
services = { };
};
home.stateVersion = "22.11";
home.stateVersion = "23.11";
}

View File

@ -0,0 +1,12 @@
{ config, pkgs, ... }: {
imports = [ ./base ../../features/cli ];
features = {
cli = {
fish.enable = true;
starship.enable = true;
};
};
home.stateVersion = "22.11";
}

View File

@ -5,7 +5,6 @@
../../features/desktop/plasma.nix
../../features/services
];
features = {
cli = {
fish.enable = true;

View File

@ -1,16 +1,11 @@
{ lib, pkgs, inputs, outputs, ... }:
{
imports = [
inputs.home-manager.nixosModules.home-manager
];
{ lib, pkgs, inputs, outputs, ... }: {
imports = [ inputs.home-manager.nixosModules.home-manager ];
home-manager = {
useUserPackages = true;
extraSpecialArgs = { inherit inputs outputs; };
};
users.defaultUserShell = pkgs.fish;
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
pkgs.busybox
];
environment.systemPackages =
[ inputs.agenix.packages.x86_64-linux.default pkgs.coreutils ];
}

View File

@ -4,12 +4,23 @@
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
isNormalUser = true;
description = "m3tam3re";
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ];
extraGroups = [
"wheel"
"networkmanager"
"libvirtd"
"flatpak"
"audio"
"video"
"input"
"kvm"
"qemu-libvirtd"
];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
];
packages = [ pkgs.home-manager ];
};
home-manager.users.m3tam3re = import m3tam3re/${config.networking.hostName}.nix;
home-manager.users.m3tam3re =
import m3tam3re/${config.networking.hostName}.nix;
}

View File

@ -3,6 +3,7 @@
isNormalUser = true;
description = "Produktion";
extraGroups = [ "tailscale" "networkmanager" "audio" "video" ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
];

View File

@ -7,11 +7,10 @@
];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
services.openssh.enable = true;
services.openssh.passwordAuthentication = false;
services.openssh.settings.PasswordAuthentication = false;
networking = {
hostName = "lkk-nix-1";
firewall.enable = true;
@ -20,20 +19,26 @@
to = 3100;
}];
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
firewall.allowedUDPPorts = [ 53 51820 ];
firewall.allowedUDPPorts = [ 53 51820 41641 ];
firewall.allowedUDPPortRanges = [{
from = 3478;
to = 3481;
}];
};
programs.fish.enable = true;
age = {
secrets = {
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
tailscale-key.file = ../../secrets/tailscale-key.age;
billbee-api-key = {
file = ../../secrets/billbee-api-key.age;
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
mode = "770";
};
n8n-env = {
file = ../../secrets/n8n-env.age;
mode = "770";
};
@ -54,10 +59,6 @@
owner = "searx";
};
wg-easy-environmentFile = {
file = ../../secrets/wg-easy-environmentFile.age;
mode = "770";
};
briefkasten-env = {
file = ../../secrets/briefkasten-env.age;
mode = "770";
@ -71,7 +72,7 @@
mode = "770";
};
};
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
nix = {

View File

@ -3,5 +3,6 @@
enable = true;
mutableSettings = true;
settings.bind_port = 3008;
settings.dns.port = 5353;
};
}

View File

@ -5,6 +5,7 @@
virtualisation.podman = {
enable = true;
defaultNetwork.settings = { dns_enabled = true; };
};
virtualisation.oci-containers.backend = "podman";
}

View File

@ -1,6 +1,6 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.14.0";
image = "docker.io/baserow/baserow:1.18.0";
environment = {
BASEROW_PUBLIC_URL = "https://db.lanakk.com";

View File

@ -4,9 +4,9 @@
./briefkasten.nix
./little-link.nix
./matomo.nix
./mautic.nix
./nextcloud.nix
./nginx.nix
./wordpress.nix
./wireguard.nix
];
}

View File

@ -0,0 +1,16 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."mautic" = {
image = "docker.io/mautic/mautic:v4-apache";
environment = {
MAUTIC_DB_HOST = "mysql";
MAUTIC_DB_USER = "mautic";
MAUTIC_DB_PASSWORD = "mautic";
MAUTIC_DB_DBNAME = "mautic";
PHP_MEMORY_LIMIT="2048M";
MAUTIC_RUN_CRON_JOBS="true";
};
ports = [ "3008:80" ];
volumes = [ "mautic_data:/var/www/html" ];
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.23" ];
};
}

View File

@ -1,7 +1,7 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."wireguard" = {
image = "weejewel/wg-easy";
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1"; };
image = "docker.io/weejewel/wg-easy";
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1:5353"; };
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
volumes = [ "wireguard_data:/etc/wireguard" ];
extraOptions = [

View File

@ -1,15 +1,17 @@
{
imports = [
./adguard.nix
./container.nix
./gitea.nix
./invidious.nix
./mariadb.nix
./metabase.nix
./minio.nix
./n8n.nix
./postgres.nix
./searx.nix
./syncthing.nix
./tailscale.nix
./traefik.nix
./vaultwarden.nix
];
}

View File

@ -2,8 +2,7 @@
{
services.gitea = {
enable = true;
package = pkgs.unstable.gitea;
rootUrl = "https://code.lanakk.com";
settings.server.ROOT_URL = "https://code.lanakk.com";
lfs.enable = true;
dump = {
enable = true;

View File

@ -2,7 +2,6 @@
{
services.invidious = {
enable = true;
package = pkgs.unstable.invidious;
port = 3006;
domain = "video.lanakk.com";
};

View File

@ -0,0 +1,7 @@
{ config, pkgs, ... }: {
services.metabase = {
enable = true;
listen.port = 3013;
};
}

View File

@ -1,26 +1,15 @@
{ config, pkgs, ... }: {
disabledModules = [ "system/services/n8n.nix" ];
nixpkgs.overlays =
[ (self: super:
{
n8n = pkgs.unstable.n8n;
})
];
services.n8n = {
enable = true;
openFirewall = true;
settings = {
host = "wf.lanakk.com";
protocol = "https";
editorBaseUrl="https://wf.lanakk.com";
host = "https://wf.lanakk.com";
};
};
systemd.services.n8n.environment = {
BILLBEE_API_KEY =
config.age.secrets.billbee-api-key.path; # TODO env file for systemd service
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = "${config.age.secrets.traefik-env.path}";
systemd.services.n8n.serviceConfig = {
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
};
}

View File

@ -0,0 +1,38 @@
{ config, pkgs, ... }: {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
'';
};
}

View File

@ -70,7 +70,7 @@
[{ url = "http://localhost:3006/"; }];
wireguard.loadBalancer.servers =
[{ url = "http://localhost:3007/"; }];
adguard.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
briefkasten.loadBalancer.servers =
[{ url = "http://localhost:3009/"; }];
littlelink-lanakk.loadBalancer.servers =
@ -81,10 +81,12 @@
[{ url = "http://localhost:3012/"; }];
syncthing.loadBalancer.servers =
[{ url = "http://localhost:8384/"; }];
minio.loadBalancer.servers =
[{ url = "http://localhost:9000/"; }];
minio.loadBalancer.servers = [{ url = "http://localhost:9000/"; }];
minio-console.loadBalancer.servers =
[{ url = "http://localhost:9001/"; }];
metabase.loadBalancer.servers = [{ url = "http://localhost:3013/"; }];
vaultwarden.loadBalancer.servers =
[{ url = "http://localhost:3014/"; }];
};
routers = {
api = {
@ -145,6 +147,15 @@
service = "matomo";
entrypoints = "websecure";
};
matomo-m3tam3re = {
rule = "Host(`stats.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "stats.m3tam3re.com";
};
service = "matomo";
entrypoints = "websecure";
};
minio = {
rule = "Host(`s3.lanakk.com`)";
tls = {
@ -201,14 +212,13 @@
middlewares = "auth";
entrypoints = "websecure";
};
adguard = {
rule = "Host(`ab.lanakk.com`)";
mautic = {
rule = "Host(`ma.lanakk.com`)";
tls = {
certResolver = "godaddy";
domains = "ab.lanakk.com";
domains = "ma.lanakk.com";
};
service = "adguard";
middlewares = "auth";
service = "mautic";
entrypoints = "websecure";
};
briefkasten = {
@ -256,12 +266,30 @@
service = "littlelink-m3tam3re";
entrypoints = "websecure";
};
metabase = {
rule = "Host(`kpi.lanakk.com`)";
tls = {
certResolver = "godaddy";
domains = "kpi.lanakk.com";
};
service = "metabase";
entrypoints = "websecure";
};
vaultwarden = {
rule = "Host(`vw.lanakk.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "vw.lanakk.com";
};
service = "vaultwarden";
entrypoints = "websecure";
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile="${config.age.secrets.traefik-env.path}";
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
};
}

View File

@ -0,0 +1,8 @@
{ config, pkgs, ... }: {
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
}

View File

@ -18,19 +18,59 @@
networkmanager.enable = true;
firewall.enable = true;
};
programs.fish.enable = true;
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
services.openssh = {
enable = true;
permitRootLogin = "yes";
settings.PermitRootLogin = "yes";
};
services.avahi = {
enable = true;
nssmdns = true;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --authkey $TAILSCALE_KEY
'';
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Set your time zone.
time.timeZone = "Europe/Berlin";
@ -93,11 +133,7 @@
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs;
[
neovim
];
environment.systemPackages = with pkgs; [ neovim ];
nix = {
gc = {
automatic = true;

View File

@ -18,14 +18,54 @@
networkmanager.enable = true;
firewall.enable = true;
};
programs.fish.enable = true;
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
services.openssh = {
enable = true;
permitRootLogin = "yes";
settings.PermitRootLogin = "yes";
};
services.avahi = {
enable = true;
nssmdns = true;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --authkey $TAILSCALE_KEY
'';
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

View File

@ -16,35 +16,41 @@ in {
imports = [
./hardware.nix
./hardware-configuration.nix # Include the results of the hardware scan.
./vfio.nix
../common/users/m3tam3re
../common/base
./services
inputs.hyprland.nixosModules.default
];
specialisation = {
external-display.configuration = {
"EX-Display".configuration = {
system.nixos.tags = [ "Externer-Monitor" ];
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.prime.offload.enable = lib.mkForce false;
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
};
};
specialisation = {
dual-display.configuration = {
"DUAL-Display".configuration = {
system.nixos.tags = [ "Dual-Monitor" ];
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.prime.offload.enable = lib.mkForce false;
hardware.nvidia.prime.sync.enable = lib.mkForce true;
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
};
};
specialisation = {
"VFIO".configuration = {
system.nixos.tags = [ "GPU-passthrough" ];
vfio.enable = true;
};
};
# Bootloader.
# boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "nodev";
boot.loader.grub.useOSProber = true;
@ -78,21 +84,6 @@ in {
# Enable networking
networking.networkmanager.enable = true;
networking.wg-quick.interfaces = {
wg0 = {
address = [ "10.8.0.3/24" ];
privateKeyFile = "/root/wg/peer_m3-nix/privatekey-peer_m3-nix";
dns = [ "10.88.0.1" ];
peers = [{
publicKey = "Il/nVlX2qzmZMJQ8QAKN+uQdkcK66Wt7MWZn9Vku6Tg=";
presharedKey = "sOgKQCXs+WAEpVvnkqTHlK1ItWpmP/xiexhAJ6oMBJs=";
allowedIPs = [ "0.0.0.0/0" "::/0" ];
endpoint = "wg.lanakk.com:51820";
persistentKeepalive = 25;
}];
};
};
services.avahi = {
enable = true;
@ -118,12 +109,24 @@ in {
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
programs.fish.enable = true;
programs.thunar = {
enable = true;
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
};
age = {
secrets = {
tailscale-key.file = ../../secrets/tailscale-key.age;
wg-key.file = ../../secrets/wg-key.age;
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
time.timeZone = "Europe/Berlin";
i18n.defaultLocale = "de_DE.utf8";
console.keyMap = "de";
environment.systemPackages = [ nvidia-offload neovim ];
environment.systemPackages = [ nvidia-offload neovim wally-cli ];
nix.extraOptions = ''
experimental-features = nix-command
'';
@ -135,7 +138,9 @@ in {
};
optimise.automatic = true;
};
systemd.extraConfig = ''
DefaultTimeoutStopSec=10s
'';
nixpkgs.config.allowUnfree = true;
# This value determines the NixOS release from which the default
@ -144,6 +149,6 @@ in {
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
system.stateVersion = "23.11"; # Did you read the comment?
}

View File

@ -54,7 +54,8 @@
lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
#hardware.video.hidpi.enable = lib.mkDefault true;
hardware.bluetooth.enable = true;
hardware.keyboard.zsa.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -4,8 +4,10 @@
./flatpak.nix
./sound.nix
./udev.nix
./tailscale.nix
./virtualization.nix
./xserver.nix
./wireguard.nix
#./xserver.nix
];
# services.gvfs = {
@ -14,5 +16,8 @@
# };
# services.kubo = { enable = true; }; # IPFS
services.printing.enable = true;
services.netbird.enable = true;
services.sabnzbd.enable = true;
services.i2p.enable = true;
services.gvfs.enable = true;
services.trezord.enable = true;
}

View File

@ -0,0 +1,36 @@
{ config, pkgs, ... }: {
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
'';
};
}

View File

@ -2,14 +2,5 @@
{
services.udev.extraRules = ''
# Trezor
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
# Trezor v2
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", GROUP="users", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
'';
}

View File

@ -1,10 +1,19 @@
{
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.swtpm.enable = true;
virtualisation.libvirtd.qemu.ovmf.enable = true;
virtualisation.podman = {
{ pkgs, ... }: {
virtualisation = {
libvirtd = {
enable = true;
qemu = {
swtpm.enable = true;
ovmf = {
enable = true;
packages = [ pkgs.OVMFFull ];
};
};
};
podman = {
enable = true;
enableNvidia = true;
defaultNetwork.dnsname.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
}

View File

@ -0,0 +1,8 @@
{ config, ... }: {
networking.wg-quick.interfaces = {
wg0 = {
configFile = config.age.secrets.wg-key.path;
autostart = false;
};
};
}

31
hosts/m3-nix/vfio.nix Normal file
View File

@ -0,0 +1,31 @@
let
gpuIDs = [
"10de:249d" # Graphics
"10de:228b" # Audio
];
in { pkgs, lib, config, ... }: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let cfg = config.vfio;
in {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
kernelParams = [
# enable IOMMU
"intel_iommu=on"
] ++ lib.optional cfg.enable
# isolate the GPU
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
};
}

View File

69
hosts/m3-r1/default.nix Normal file
View File

@ -0,0 +1,69 @@
{ pkgs, ... }: {
imports = [
./hardware-configuration.nix
../common/users/m3tam3re
../common/base
./services
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
networking = {
hostName = "m3-r1";
firewall.enable = true;
firewall.allowedTCPPortRanges = [{
from = 3000;
to = 3100;
}];
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
firewall.allowedUDPPorts = [ 53 51820 41641 ];
firewall.allowedUDPPortRanges = [{
from = 3478;
to = 3481;
}];
};
programs.fish.enable = true;
age = {
secrets = {
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
tailscale-key.file = ../../secrets/tailscale-key.age;
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
mode = "770";
};
n8n-env = {
file = ../../secrets/n8n-env.age;
mode = "770";
};
traefik-env = {
file = ../../secrets/traefik-env.age;
mode = "770";
owner = "traefik";
};
searx-environmentFile = {
file = ../../secrets/searx-environmentFile.age;
mode = "770";
owner = "searx";
};
};
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
};
nix = {
gc = {
automatic = true;
options = "--delete-older-than 30d";
};
optimise.automatic = true;
};
system.stateVersion = "23.05"; # Did you read the comment?
}

View File

@ -0,0 +1,49 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = [ "subvol=root" "compress=zstd" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/A79C-4B9F";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

View File

@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
imports = [ ./containers ];
virtualisation.podman = {
enable = true;
defaultNetwork.settings = { dns_enabled = true; };
};
virtualisation.oci-containers.backend = "podman";
}

View File

@ -0,0 +1,25 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.18.0";
environment = {
BASEROW_PUBLIC_URL = "https://db.lanakk.com";
POSTGRES_USER = "baserow";
POSTGRES_PASSWORD = "baserow";
POSTGRES_DB = "baserow";
DATABASE_HOST = "postgres";
DATABASE_NAME = "baserow";
DATABASE_USER = "baserow";
DATABASE_PASSWORD = "baserow";
EMAIL_SMTP = "in-v3.mailjet.com";
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
EMAIL_SMTP_PORT = "587";
EMAIL_SMTP_USER = config.age.secrets.mj-smtp-user.path;
EMAIL_SMTP_PASSWORD = config.age.secrets.mj-smtp-pass.path;
};
ports = [ "3001:80" ];
volumes = [ "baserow_data:/baserow/data" ];
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.11" ];
};
}

View File

@ -0,0 +1,8 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."briefkasten" = {
image = "docker.io/ndom91/briefkasten";
environmentFiles = [ config.age.secrets.briefkasten-env.path ];
ports = [ "3009:3000" ];
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.19" ];
};
}

View File

@ -0,0 +1,12 @@
{
imports = [
./baserow.nix
# ./briefkasten.nix
# ./little-link.nix
./matomo.nix
./mautic.nix
# ./nextcloud.nix
# ./nginx.nix
# ./wordpress.nix
];
}

View File

@ -0,0 +1,14 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."littlelink_lanakk" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ];
ports = [ "3010:3000" ];
extraOptions = [ "--ip=10.88.0.20" ];
};
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [ config.age.secrets.littlelink-m3tam3re-env.path ];
ports = [ "3011:3000" ];
extraOptions = [ "--ip=10.88.0.21" ];
};
}

View File

@ -0,0 +1,16 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."matomo" = {
image = "docker.io/matomo";
environment = {
MATOMO_DATABASE_HOST = "mysql";
MATOMO_DATABASE_USERNAME = "matomo";
MATOMO_DATABASE_PASSWORD = "matomo";
MATOMO_DATABASE_DBNAME = "matomo";
PHP_MEMORY_LIMIT="2048M";
};
ports = [ "3003:80" ];
volumes = [ "matomo_data:/var/www/html" ];
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.13" ];
};
}

View File

@ -0,0 +1,16 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."mautic" = {
image = "docker.io/mautic/mautic:v4-apache";
environment = {
MAUTIC_DB_HOST = "mysql";
MAUTIC_DB_USER = "mautic";
MAUTIC_DB_PASSWORD = "mautic";
MAUTIC_DB_DBNAME = "mautic";
PHP_MEMORY_LIMIT="2048M";
MAUTIC_RUN_CRON_JOBS="true";
};
ports = [ "3008:80" ];
volumes = [ "mautic_data:/var/www/html" ];
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.23" ];
};
}

View File

@ -0,0 +1,14 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."nextcloud" = {
image = "docker.io/nextcloud";
environment = {
TRUSTED_PROXIES = "10.88.0.1/16";
OVERWRITEPROTOCOL = "https";
OVERWRITECLIURL = "https://cloud.lanakk.com";
OVERWRITEHOST = "cloud.lanakk.com";
};
ports = [ "3005:80" ];
volumes = [ "nextcloud_data:/var/www/html" ];
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.15" ];
};
}

View File

@ -0,0 +1,8 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."http-images" = {
image = "docker.io/nginx:alpine";
ports = [ "3012:80" ];
volumes = [ "/opt/service-data/http-images:/usr/share/nginx/html"];
extraOptions = [ "--ip=10.88.0.22" ];
};
}

View File

@ -0,0 +1,15 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."wireguard" = {
image = "docker.io/weejewel/wg-easy";
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1:5353"; };
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
volumes = [ "wireguard_data:/etc/wireguard" ];
extraOptions = [
"--cap-add=NET_ADMIN"
"--cap-add=SYS_MODULE"
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
"--sysctl=net.ipv4.ip_forward=1"
"--ip=10.88.0.17"
];
};
}

View File

@ -0,0 +1,14 @@
{ config, outputs, ... }: {
virtualisation.oci-containers.containers."lanakk_blog" = {
image = "docker.io/wordpress";
environment = {
WORDPRESS_DB_HOST = "mysql";
WORDPRESS_DB_USER = "wp";
WORDPRESS_DB_PASSWORD = "wp";
WORDPRESS_DB_NAME = "lanakk_blog";
};
ports = [ "3002:80" ];
volumes = [ "lanakk_blog_data:/var/www/html" ];
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.12" ];
};
}

View File

@ -0,0 +1,13 @@
{
imports = [
./container.nix
./gitea.nix
./n8n.nix
./postgres.nix
./searx.nix
./syncthing.nix
./tailscale.nix
./traefik.nix
./vaultwarden.nix
];
}

View File

@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
services.gitea = {
enable = true;
settings.server.ROOT_URL = "https://code.lanakk.com";
lfs.enable = true;
dump = {
enable = true;
interval = "03:30:00";
backupDir = "/var/backup/gitea";
};
};
}

View File

@ -0,0 +1,13 @@
{ pkgs, config, ... }:
{
services.mysql = {
enable = true;
package = pkgs.mariadb;
};
services.mysqlBackup = {
enable = true;
calendar = "03:00:00";
databases = [ "" ];
};
}

View File

@ -0,0 +1,15 @@
{ config, pkgs, ... }: {
services.n8n = {
enable = true;
openFirewall = true;
settings = {
host = "wf.lanakk.com";
protocol = "https";
editorBaseUrl="https://wf.lanakk.com";
};
};
systemd.services.n8n.serviceConfig = {
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
};
}

View File

@ -0,0 +1,26 @@
{ pkgs, config, ... }:
{
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.88.0.1/16 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
CREATE DATABASE baserow;
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
ALTER DATABASE baserow OWNER to baserow;
'';
};
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = [ "baserow" ];
};
}

View File

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server.port = 3004;
server.secret_key = "@SEARX_SECRET_KEY@";
};
};
}

View File

@ -0,0 +1,20 @@
{ config, pkgs, ... }: {
services.syncthing = {
enable = true;
openDefaultPorts = true;
guiAddress = "0.0.0.0:8384";
overrideDevices = true;
overrideFolders = true;
devices = {
"LK-DATA" = {
id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3";
};
};
folders = {
"Bildvorschauen" = {
path = "/opt/service-data/http-images";
devices = [ "LK-DATA" ];
};
};
};
}

View File

@ -0,0 +1,38 @@
{ config, pkgs, ... }: {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
};
systemd.services.tailscale-autoconnect = {
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = [ "network-pre.target" "tailscale.service" ];
wants = [ "network-pre.target" "tailscale.service" ];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job
serviceConfig = {
Type = "oneshot";
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
};
# have the job run this shell script
script = with pkgs; ''
# wait for tailscaled to settle
sleep 2
# check if we are already authenticated to tailscale
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
if [ $status = "Running" ]; then # if so, then do nothing
exit 0
fi
# otherwise authenticate with tailscale
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
'';
};
}

View File

@ -0,0 +1,152 @@
{ config, ... }: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = { level = "WARN"; };
certificatesResolvers = {
lets-encrypt = {
acme = {
email = "acc@m3tam3re.com";
storage = "/var/lib/traefik/acme.json";
tlsChallenge = { };
};
};
};
api = { };
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = { address = ":443"; };
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ];
};
};
nextcloud_redirectregex = {
redirectRegex = {
permanent = true;
regex = "https://(.*)/.well-known/(?:card|cal)dav";
replacement = "https://\${1}/remote.php/dav";
};
};
nextcloud_headers = {
headers = {
referrerPolicy = "no-referrer";
stsSeconds = "31536000";
forceSTSHeader = true;
stsPreload = true;
stsIncludeSubdomains = true;
};
};
};
services = {
baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }];
gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }];
n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }];
lanakk_blog.loadBalancer.servers =
[{ url = "http://localhost:3002/"; }];
matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }];
searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }];
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
syncthing.loadBalancer.servers =
[{ url = "http://localhost:8384/"; }];
vaultwarden.loadBalancer.servers =
[{ url = "http://localhost:3014/"; }];
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
tls = { certResolver = "lets-encrypt"; };
service = "api@internal";
middlewares = "auth";
entrypoints = "websecure";
};
baserow = {
rule = "Host(`br.m3tam3re.com`)";
tls = { certResolver = "lets-encrypt"; };
service = "baserow";
entrypoints = "websecure";
};
gitea = {
rule = "Host(`code.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "code.m3tam3re.com";
};
service = "gitea";
entrypoints = "websecure";
};
n8n = {
rule = "Host(`io.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "io.m3tam3re.com";
};
service = "n8n";
entrypoints = "websecure";
};
matomo-m3tam3re = {
rule = "Host(`stats.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "stats.m3tam3re.com";
};
service = "matomo";
entrypoints = "websecure";
};
searx = {
rule = "Host(`search.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "search.m3tam3re.com";
};
service = "searx";
entrypoints = "websecure";
};
mautic = {
rule = "Host(`ma.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "ma.m3tam3re.com";
};
service = "mautic";
entrypoints = "websecure";
};
syncthing = {
rule = "Host(`sync.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "sync.m3tam3re.com";
};
service = "syncthing";
entrypoints = "websecure";
};
vaultwarden = {
rule = "Host(`vw.m3tam3re.com`)";
tls = {
certResolver = "lets-encrypt";
domains = "vw.m3tam3re.com";
};
service = "vaultwarden";
middlewares = "auth";
entrypoints = "websecure";
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
};
}

View File

@ -0,0 +1,8 @@
{ config, pkgs, ... }: {
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
}

View File

@ -0,0 +1 @@
{ ordercollect = import ./ordercollect.nix; }

View File

@ -0,0 +1,31 @@
{ config, lib, ... }:
with lib;
let cfg = config.services.ordercollect;
in {
options.services.ordercollect = {
enable = mkEnableOption "Enable Ordercollect";
port = mkOption {
type = types.str;
description = "The http port to run on";
default = "";
};
package = mkOption {
type = types.package;
default = pkgs.ordercollect;
description = ''
The package for ordercollect
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.services.ordercollect = {
ExecStart = "${cfg.package}/bin/ordercollect --port ${cfg.port}";
Restart = "on-failure";
};
};
}

24
pkgs/bemoji/default.nix Normal file
View File

@ -0,0 +1,24 @@
{ stdenv, lib, fetchFromGitHub, bash, pkgs, makeWrapper }:
with lib;
with pkgs;
stdenv.mkDerivation {
pname = "bemoji";
version = "0.3.0";
src = fetchFromGitHub {
owner = "marty-oehme";
repo = "bemoji";
rev = "dc68887";
sha256 = "XXNrUaS06UHF3cVfIfWjGF1sdPE709W2tFhfwTitzNs=";
};
buildInputs = [ bash coreutils wl-clipboard wofi wtype ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp bemoji $out/bin/bemoji
wrapProgram $out/bin/bemoji \
--prefix PATH : ${makeBinPath [ bash coreutils wl-clipboard wofi wtype ]}
'';
}

7
pkgs/default.nix Normal file
View File

@ -0,0 +1,7 @@
{ pkgs ? import <nixpkgs> { } }: {
wofi-pass = pkgs.callPackage ./wofi-pass { };
bemoji = pkgs.callPackage ./bemoji { };
ordercollect = pkgs.callPackage ./ordercollect { };
}

View File

@ -0,0 +1,23 @@
{ buildGoModule, fetchFromGitea, lib }:
buildGoModule rec {
pname = "ordercollect";
version = "0.1.0";
src = fetchFromGitea {
domain = "code.lanakk.com";
owner = "LANAKK";
repo = "ordercollect";
rev = "9ecbfa46f6758214aa2fcee7ad96aa7730301a06";
hash = "sha256-n4njl7LwG6GuoTj7x3rWOjErZ/a1Fog0qAymYxvsR2w=";
};
vendorHash = "sha256-G6k331XRuVN/cM4sNcdUV9/BzdISQI7Ljc4tesJnmH0=";
meta = with lib; {
description = "A simple Api for creating orders, written in Go";
homepage = "https://code.lanakk.com/LANAKK/ordercollect";
license = licenses.mit;
maintainers = with maintainers; [ m3tam3re ];
};
}

View File

@ -0,0 +1,24 @@
{ stdenv, lib, fetchFromGitHub, bash, pkgs, makeWrapper }:
with lib;
with pkgs;
stdenv.mkDerivation {
pname = "wofi-pass";
version = "0.1";
src = fetchFromGitHub {
owner = "TinfoilSubmarine";
repo = "wofi-pass";
rev = "869c545";
sha256 = "gcfW8E/3/dqv0P3S4z9fDv8k4R7czcIKwpo/OHFFWj0=";
};
buildInputs = [ bash coreutils wl-clipboard wofi wtype ];
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
mkdir -p $out/bin
cp wofi-pass $out/bin/wofi-pass
wrapProgram $out/bin/wofi-pass \
--prefix PATH : ${makeBinPath [ bash coreutils wl-clipboard wofi wtype ]}
'';
}

View File

@ -1,24 +1,28 @@
let
root = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
system =
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
in {
"mj-smtp-user.age".publicKeys = [ root ];
"mj-smtp-pass.age".publicKeys = [ root ];
"mj-smtp-user.age".publicKeys = [ system ];
"mj-smtp-pass.age".publicKeys = [ system ];
"billbee-api-key.age".publicKeys = [ root ];
"n8n-env.age".publicKeys = [ system ];
"godaddy-api-key.age".publicKeys = [ root ];
"godaddy-api-secret.age".publicKeys = [ root ];
"godaddy-api-key.age".publicKeys = [ system ];
"godaddy-api-secret.age".publicKeys = [ system ];
"searx-environmentFile.age".publicKeys = [ root ];
"searx-environmentFile.age".publicKeys = [ system ];
"wg-easy-environmentFile.age".publicKeys = [ root ];
"tailscale-key.age".publicKeys = [ system ];
"wg-key.age".publicKeys = [ system ];
"briefkasten-env.age".publicKeys = [ root ];
"briefkasten-env.age".publicKeys = [ system ];
"littlelink-lanakk-env.age".publicKeys = [ root ];
"littlelink-m3tam3re-env.age".publicKeys = [ root ];
"littlelink-lanakk-env.age".publicKeys = [ system ];
"littlelink-m3tam3re-env.age".publicKeys = [ system ];
"traefik-env.age".publicKeys = [ root ];
"traefik-env.age".publicKeys = [ system ];
"minio-root-cred.age".publicKeys = [ root ];
"minio-system-cred.age".publicKeys = [ system ];
"vaultwarden-env.age".publicKeys = [ system ];
}

View File

@ -1,16 +0,0 @@
age-encryption.org/v1
-> ssh-rsa DQlE7w
OtpKyKFBd86zVAvGIZuBYZuKO3y79nq9Ak6h08j8f8xPSwXtEtcAJBfgBXQCYdV2
Z+pY7rMpKx/0rx+nG4/Axl2WwuCIhYrB4ypNxYOAdtrgBGdGQueQfZAcq5aV1aRt
KZF1dlcxy3P8CYpodmLZQW+djjGtoDQDIjlNpf/1WPjKEF86Dd+3ihnnGFzIHib5
9hxIc7iwIEVp6atEoqd9I/Cp/kpwUksAhuX906l0vIvCz1YyuW0oWugGa4uN1ruK
cfCcv4iWqZb/dJg0m/tUH6xXC/njjFs4xh3kauomtYf+PkJ66BK0BfAJenIGwHsm
/t5sI9TzumMm3lfJMjjxqRUfI9Etp9VSe5OcAbeNZkAk84JmU1vddyQ9cQKmJ4il
TUtdRHAYqh1HKdihY0Kf3p/Cua7zNu0PRDRF52zUP06wZ9LLMBokeD6lOVsh5sWb
PcpRQgZxEbgbkSi7XEncSHUWuyhtfRMie3jaFfaNb/Eq1J+U1puHaahG2RboubNl
-> *#,oB|-grease q:S"z3 $yJt<Ihx dX S^C[i
QwYCVTkVaOPWgAdaB4lT+On0G5iSIth64mvqOukhpd1pfJEqbErK2shdLAgeGqnV
LcGBGnBHTeZxkLK0dUojZU4EowyATgg7Xza/bog
--- SY/yTo1kwFsPe35ej/YJa2D+OADxOlzE5zSO7MD/ges
ÝÝ/u$g,çÆy¶Yª­~Ò¢öÅ9ì÷ÒÇ|]5ˆ%¼ž Ô<>²¸VKºmGš”.kòQ¬w ÙªÕp_Çù“P

BIN
secrets/n8n-env.age Normal file

Binary file not shown.

16
secrets/tailscale-key.age Normal file
View File

@ -0,0 +1,16 @@
age-encryption.org/v1
-> ssh-rsa DQlE7w
b4/YbeFqzbMhKh0R1V5Kth0a6O9OMIGXZJWHeV4sYXAonybyc5yWFz05Mrm2Qo9E
xOEH7s8XpTPmyOPoUfFdzEJSQ/QFUOganfsO1YiTOTVOf7ARHI1WjPSiYH/pXaef
cksXjxLjGuiMZWGbIeU+xaxVsrbUPFtTb0nTvUrAdVMXPMM7TvLva7JO3DZa/7RA
tikR4fV2kMiD6yhoNedzDoRRWtuMLmHvtoJlKnAnhxAkRz8Poo77ZNVdrw+w5KuM
bDDVxvNJ76peGI7hx+LYlKQHf849iAjsa/e0C2zkOJROEMzhW9CgaJxNA829GqRM
96lluaJLtGvtxQuQSJcnTRWZQBg8513+LJGcIUT7gynCa8qChlDoxuwmhhGIDAQ5
9QtO9scI39dMsgQeM+TJcpMYlgJCw2JLQ1j7en6xUXfUrV8hahV7Ul/rVFe5oU81
KUBSBFJoli2R0P4PeoykNNLY897kfXWyjIyW1RZ4Z0g+9DwG8VMuYrxe3BbLSWBE
-> V~^hk-grease :Y
1ROczYKXhky797kakoYTfMjB1YSjiEc0cMKI5wvb8PUwepSvv+IJ+H941XTr7qv9
CD7hGgQO/gtHp9nI4/bguBaxZrGGg1p2o3Sb7j3ENz1Gyw
--- uyM+nfRla6Evb8kfnwNNWF1FvkPeQ333kOMCo0oCh+8
AIŒÇQ4ˆÕåþž¯¹§SŒ¸ÿýç,Š¢+T$ÙÑ1Óôÿt_·ìí§øE%Zï]€ößõ`rŒa£/GüýŸ·<“™'my#­Fˆ¯#èw"äÀDi„Ïkñj

BIN
secrets/vaultwarden-env.age Normal file

Binary file not shown.

Binary file not shown.

BIN
secrets/wg-key.age Normal file

Binary file not shown.