Compare commits
50 Commits
Author | SHA1 | Date |
---|---|---|
m3tam3re | 16f931782e | |
m3tam3re | 16d4ec6928 | |
m3tam3re | 5fa6d0b0ee | |
m3tam3re | 791c61aa94 | |
m3tam3re | d32f0ec691 | |
m3tam3re | 56d578dea1 | |
m3tam3re | 58f52d3ecb | |
m3tam3re | 66fe8c6fce | |
m3tam3re | 6ac66d4809 | |
m3tam3re | f7bf66c9b5 | |
m3tam3re | fc681daa8f | |
m3tam3re | 7f1fbff43f | |
m3tam3re | 339809b1a2 | |
m3tam3re | 23745eb5b1 | |
m3tam3re | 80c1f85681 | |
m3tam3re | c5b4727a7a | |
m3tam3re | 94e539b24d | |
m3tam3re | 96de7b7a71 | |
m3tam3re | dfa3f15c20 | |
m3tam3re | 331bc69af4 | |
m3tam3re | 6c94ed70d1 | |
m3tam3re | 57d608eb2b | |
m3tam3re | 367570b877 | |
m3tam3re | 49e51ce04d | |
m3tam3re | 5befc77f48 | |
m3tam3re | 11b60a43af | |
m3tam3re | 7481001aae | |
m3tam3re | 6391b25f71 | |
m3tam3re | 0238155824 | |
m3tam3re | 4840a49f58 | |
m3tam3re | 06da56bacd | |
m3tam3re | d87939af0f | |
m3tam3re | 39a27a95e8 | |
m3tam3re | 18b18bab5e | |
m3tam3re | b178a9838c | |
m3tam3re | 1afc81f297 | |
m3tam3re | 51ab101f6e | |
m3tam3re | 80c9aed243 | |
m3tam3re | a0a6a1c1d3 | |
m3tam3re | 16d36e539d | |
m3tam3re | 94a07f803a | |
m3tam3re | 202bfa9859 | |
m3tam3re | 42268d6cc2 | |
m3tam3re | c9b2d51885 | |
m3tam3re | e9c395fbcc | |
m3tam3re | 74c85961df | |
m3tam3re | aab779c65f | |
m3tam3re | ebacf11249 | |
m3tam3re | a57a211b47 | |
m3tam3re | 0451280165 |
|
@ -1,3 +1,5 @@
|
||||||
/result
|
/result
|
||||||
*.qcow2
|
*.qcow2
|
||||||
\#
|
\#
|
||||||
|
#
|
||||||
|
.#
|
||||||
|
|
230
flake.lock
230
flake.lock
|
@ -3,14 +3,15 @@
|
||||||
"agenix": {
|
"agenix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
|
"home-manager": "home-manager",
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1680281360,
|
"lastModified": 1684153753,
|
||||||
"narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
|
"narHash": "sha256-PVbWt3qrjYAK+T5KplFcO+h7aZWfEj1UtyoKlvcDxh0=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "e64961977f60388dd0b49572bb0fc453b871f896",
|
"rev": "db5637d10f797bb251b94ef9040b237f4702cde3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -19,22 +20,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"base16-schemes": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1680729003,
|
|
||||||
"narHash": "sha256-M9LHTL24/W4oqgbYRkz0B2qpNrkefTs98pfj3MxIXnU=",
|
|
||||||
"owner": "tinted-theming",
|
|
||||||
"repo": "base16-schemes",
|
|
||||||
"rev": "dc048afa066287a719ddbab62b3e19e4b5110cf0",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "tinted-theming",
|
|
||||||
"repo": "base16-schemes",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"darwin": {
|
"darwin": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -64,11 +49,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1674127017,
|
"lastModified": 1686747123,
|
||||||
"narHash": "sha256-QO1xF7stu5ZMDLbHN30LFolMAwY6TVlzYvQoUs1RD68=",
|
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "8c9ea9605eed20528bf60fae35a2b613b901fd77",
|
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -96,82 +81,41 @@
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"agenix",
|
||||||
],
|
|
||||||
"utils": "utils_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1680667162,
|
|
||||||
"narHash": "sha256-2vgxK4j42y73S3XB2cThz1dSEyK9J9tfu4mhuEfAw68=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "home-manager",
|
|
||||||
"rev": "440faf5ae472657ef2d8cc7756d77b6ab0ace68d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "home-manager",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"hyprland": {
|
|
||||||
"inputs": {
|
|
||||||
"hyprland-protocols": "hyprland-protocols",
|
|
||||||
"nixpkgs": "nixpkgs_3",
|
|
||||||
"wlroots": "wlroots",
|
|
||||||
"xdph": "xdph"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681044500,
|
|
||||||
"narHash": "sha256-jXuwPWHr5Yywc0T40NsJ8LyPjjxEnJgo44wXgb9JZc8=",
|
|
||||||
"owner": "hyprwm",
|
|
||||||
"repo": "Hyprland",
|
|
||||||
"rev": "046ad79d11dbccc90ade48d63aaa340655d999fb",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "hyprwm",
|
|
||||||
"repo": "Hyprland",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"hyprland-protocols": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"hyprland",
|
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1680997116,
|
"lastModified": 1682203081,
|
||||||
"narHash": "sha256-nNyoatiHmTMczrCoHCH2LIRfSF8n9ZPZ1O7WNMxcbR4=",
|
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
|
||||||
"owner": "hyprwm",
|
"owner": "nix-community",
|
||||||
"repo": "hyprland-protocols",
|
"repo": "home-manager",
|
||||||
"rev": "d7d403b711b60e8136295b0d4229e89a115e80cc",
|
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "hyprwm",
|
"owner": "nix-community",
|
||||||
"repo": "hyprland-protocols",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nix-colors": {
|
"home-manager_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"base16-schemes": "base16-schemes",
|
"nixpkgs": [
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs"
|
||||||
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1680875144,
|
"lastModified": 1686778999,
|
||||||
"narHash": "sha256-Ub/Y+/zoAoji+E7WCLbTykcTmfRiyzLJ5QEyR3NbHgY=",
|
"narHash": "sha256-3qBtOJdznerw33LgwJTSUL6u8/j1Ot83fcc0f6oHKmk=",
|
||||||
"owner": "misterio77",
|
"owner": "nix-community",
|
||||||
"repo": "nix-colors",
|
"repo": "home-manager",
|
||||||
"rev": "41cc6c1086a4d26509f9fc80a538131d03a11234",
|
"rev": "e0034971f9def16bbc32124147787bc0f09f0e59",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "misterio77",
|
"owner": "nix-community",
|
||||||
"repo": "nix-colors",
|
"repo": "home-manager",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -191,37 +135,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-lib": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1680397293,
|
|
||||||
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "nixpkgs.lib",
|
|
||||||
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-community",
|
|
||||||
"repo": "nixpkgs.lib",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-unstable": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1680945546,
|
|
||||||
"narHash": "sha256-8FuaH5t/aVi/pR1XxnF0qi4WwMYC+YxlfdsA0V+TEuQ=",
|
|
||||||
"owner": "nixos",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "d9f759f2ea8d265d974a6e1259bd510ac5844c5d",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nixos",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1671417167,
|
"lastModified": 1671417167,
|
||||||
|
@ -240,45 +153,26 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1680669251,
|
"lastModified": 1686592866,
|
||||||
"narHash": "sha256-AVNE+0u4HlI3v96KCXE9risH7NKqj0QDLLfSckYXIbA=",
|
"narHash": "sha256-riGg89eWhXJcPNrQGcSwTEEm7CGxWC06oSX44hajeMw=",
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "9c8ff8b426a8b07b9e0a131ac3218740dc85ba1e",
|
"rev": "0eeebd64de89e4163f4d3cf34ffe925a5cf67a05",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "nixos",
|
||||||
"ref": "nixos-unstable",
|
"ref": "nixos-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1680865339,
|
|
||||||
"narHash": "sha256-H6rmJ1CyJ3Q5ZyoLMYq/UEYMS9Q1orJjRpWiQ47HudE=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "0040164e473509b4aee6aedb3b923e400d6df10b",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-22.11",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
"deploy-rs": "deploy-rs",
|
"deploy-rs": "deploy-rs",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager_2",
|
||||||
"hyprland": "hyprland",
|
"nixpkgs": "nixpkgs_3"
|
||||||
"nix-colors": "nix-colors",
|
|
||||||
"nixpkgs": "nixpkgs_4",
|
|
||||||
"nixpkgs-unstable": "nixpkgs-unstable"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
|
@ -295,64 +189,6 @@
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
|
||||||
"utils_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1678901627,
|
|
||||||
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"wlroots": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"host": "gitlab.freedesktop.org",
|
|
||||||
"lastModified": 1680810405,
|
|
||||||
"narHash": "sha256-LmI/4Yp/pOOoI4RxLRx9I90NBsiqdRLVOfbATKlgpkg=",
|
|
||||||
"owner": "wlroots",
|
|
||||||
"repo": "wlroots",
|
|
||||||
"rev": "7abda952d0000b72d240fe1d41457b9288f0b6e5",
|
|
||||||
"type": "gitlab"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"host": "gitlab.freedesktop.org",
|
|
||||||
"owner": "wlroots",
|
|
||||||
"repo": "wlroots",
|
|
||||||
"type": "gitlab"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"xdph": {
|
|
||||||
"inputs": {
|
|
||||||
"hyprland-protocols": [
|
|
||||||
"hyprland",
|
|
||||||
"hyprland-protocols"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
|
||||||
"hyprland",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1673116118,
|
|
||||||
"narHash": "sha256-eR0yDSkR2XYMesfdRWJs25kAdXET2mbNNHu5t+KUcKA=",
|
|
||||||
"owner": "hyprwm",
|
|
||||||
"repo": "xdg-desktop-portal-hyprland",
|
|
||||||
"rev": "d479c846531fd0e1d2357c9588b8310a2b859ef2",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "hyprwm",
|
|
||||||
"repo": "xdg-desktop-portal-hyprland",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
88
flake.nix
88
flake.nix
|
@ -9,92 +9,63 @@
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
agenix.url = "github:ryantm/agenix";
|
agenix.url = "github:ryantm/agenix";
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
|
|
||||||
deploy-rs.url = "github:serokell/deploy-rs";
|
deploy-rs.url = "github:serokell/deploy-rs";
|
||||||
hyprland.url = "github:hyprwm/Hyprland";
|
|
||||||
nix-colors.url = "github:misterio77/nix-colors";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nix-colors, nixpkgs, nixpkgs-unstable, home-manager
|
outputs = { self, nixpkgs, home-manager, agenix, deploy-rs, ... }@inputs:
|
||||||
, hyprland, agenix, deploy-rs, ... }@inputs:
|
|
||||||
let
|
let
|
||||||
inherit (self) outputs;
|
inherit (self) outputs;
|
||||||
lib = nixpkgs.lib;
|
lib = nixpkgs.lib;
|
||||||
allowUnfree = { nixpkgs.config.allowUnfree = true; };
|
allowUnfree = { nixpkgs.config.allowUnfree = true; };
|
||||||
system = "x86_64-linux";
|
forEachSystem = nixpkgs.lib.genAttrs [ "x86_64-linux" "aarch64-linux" ];
|
||||||
overlay-unstable = final: prev: {
|
forEachPkgs = f: forEachSystem (sys: f nixpkgs.legacyPackages.${sys});
|
||||||
unstable = import nixpkgs-unstable {
|
|
||||||
inherit system;
|
|
||||||
config.allowUnfree = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in {
|
in {
|
||||||
|
packages = forEachPkgs (pkgs: (import ./pkgs { inherit pkgs; }));
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
lkk-nix-1 = lib.nixosSystem {
|
lkk-nix-1 = lib.nixosSystem {
|
||||||
specialArgs = { inherit inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
modules = [
|
modules =
|
||||||
./hosts/lkk-nix-1
|
[ allowUnfree ./hosts/lkk-nix-1 agenix.nixosModules.default ];
|
||||||
agenix.nixosModules.default
|
};
|
||||||
({ config, pkgs, ... }: {
|
m3-r1 = lib.nixosSystem {
|
||||||
nixpkgs.overlays = [ overlay-unstable ];
|
specialArgs = { inherit inputs; };
|
||||||
})
|
modules = [ allowUnfree ./hosts/m3-r1 agenix.nixosModules.default ];
|
||||||
];
|
|
||||||
};
|
};
|
||||||
lkk-prod-1 = lib.nixosSystem {
|
lkk-prod-1 = lib.nixosSystem {
|
||||||
specialArgs = { inherit inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
modules = [
|
modules =
|
||||||
allowUnfree
|
[ allowUnfree ./hosts/lkk-prod-1 agenix.nixosModules.default ];
|
||||||
./hosts/lkk-prod-1
|
|
||||||
agenix.nixosModules.default
|
|
||||||
({ config, pkgs, ... }: {
|
|
||||||
nixpkgs.overlays = [ overlay-unstable ];
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
lkk-prod-2 = lib.nixosSystem {
|
lkk-prod-2 = lib.nixosSystem {
|
||||||
specialArgs = { inherit inputs; };
|
specialArgs = { inherit inputs; };
|
||||||
modules = [
|
modules =
|
||||||
allowUnfree
|
[ allowUnfree ./hosts/lkk-prod-2 agenix.nixosModules.default ];
|
||||||
./hosts/lkk-prod-2
|
|
||||||
agenix.nixosModules.default
|
|
||||||
({ config, pkgs, ... }: {
|
|
||||||
nixpkgs.overlays = [ overlay-unstable ];
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
m3-nix = lib.nixosSystem {
|
m3-nix = lib.nixosSystem {
|
||||||
specialArgs = { inherit inputs outputs; };
|
specialArgs = { inherit inputs outputs; };
|
||||||
modules = [
|
modules = [ allowUnfree ./hosts/m3-nix agenix.nixosModules.default ];
|
||||||
allowUnfree
|
|
||||||
./hosts/m3-nix
|
|
||||||
agenix.nixosModules.default
|
|
||||||
({ config, pkgs, ... }: {
|
|
||||||
nixpkgs.overlays = [ overlay-unstable ];
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
homeConfigurations = {
|
homeConfigurations = {
|
||||||
# Laptop
|
# Laptop
|
||||||
"m3tam3re@m3-nix" = home-manager.lib.homeManagerConfiguration {
|
"m3tam3re@m3-nix" = home-manager.lib.homeManagerConfiguration {
|
||||||
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||||
extraSpecialArgs = { inherit inputs nix-colors; };
|
extraSpecialArgs = { inherit inputs outputs; };
|
||||||
modules = [
|
modules = [ ./home/users/m3tam3re/m3-nix.nix allowUnfree ];
|
||||||
hyprland.homeManagerModules.default
|
|
||||||
./home/users/m3tam3re/m3-nix.nix
|
|
||||||
allowUnfree
|
|
||||||
({ config, pkgs, ... }: {
|
|
||||||
nixpkgs.overlays = [ overlay-unstable ];
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
# Company Root Servera
|
|
||||||
"m3tam3re@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
|
"m3tam3re@lkk-nix-1" = home-manager.lib.homeManagerConfiguration {
|
||||||
|
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||||
extraSpecialArgs = { # pass things to t
|
extraSpecialArgs = { # pass things to t
|
||||||
};
|
};
|
||||||
modules = [ ./home/users/m3tam3re/lkk-nix-1.nix ];
|
modules = [ ./home/users/m3tam3re/lkk-nix-1.nix ];
|
||||||
};
|
};
|
||||||
|
"m3tam3re@m3-r1" = home-manager.lib.homeManagerConfiguration {
|
||||||
|
pkgs = nixpkgs.legacyPackages."x86_64-linux";
|
||||||
|
extraSpecialArgs = { # pass things to t
|
||||||
|
};
|
||||||
|
modules = [ ./home/users/m3tam3re/m3-r1.nix ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
deploy.nodes.lkk-nix-1 = {
|
deploy.nodes.lkk-nix-1 = {
|
||||||
hostname = "lkk-nix-1";
|
hostname = "lkk-nix-1";
|
||||||
|
@ -105,6 +76,15 @@
|
||||||
self.nixosConfigurations.lkk-nix-1;
|
self.nixosConfigurations.lkk-nix-1;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
deploy.nodes.m3-r1 = {
|
||||||
|
hostname = "lkk-nix-1";
|
||||||
|
sshUser = "root";
|
||||||
|
profiles.system = {
|
||||||
|
user = "root";
|
||||||
|
path = deploy-rs.lib.x86_64-linux.activate.nixos
|
||||||
|
self.nixosConfigurations.lkk-nix-1;
|
||||||
|
};
|
||||||
|
};
|
||||||
deploy.nodes.lkk-prod-1 = {
|
deploy.nodes.lkk-prod-1 = {
|
||||||
hostname = "lkk-prod-1";
|
hostname = "lkk-prod-1";
|
||||||
sshUser = "root";
|
sshUser = "root";
|
||||||
|
|
|
@ -0,0 +1,68 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let cfg = config.features.cli.fish;
|
||||||
|
|
||||||
|
in {
|
||||||
|
|
||||||
|
options.features.cli.fish.enable = mkEnableOption "enable fish shell";
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
programs.fish = {
|
||||||
|
enable = true;
|
||||||
|
plugins = [{
|
||||||
|
name = "foreign-env";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "oh-my-fish";
|
||||||
|
repo = "plugin-foreign-env";
|
||||||
|
rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc";
|
||||||
|
sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs";
|
||||||
|
};
|
||||||
|
}];
|
||||||
|
loginShellInit = ''
|
||||||
|
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
|
||||||
|
set -x EDITOR emacsclient
|
||||||
|
set -x VISUAL emacsclient
|
||||||
|
set -x XDG_DATA_HOME $HOME/.local/share
|
||||||
|
set -x FZF_ALT_C_COMMAND fd --type d --exclude .git --follow --hidden
|
||||||
|
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
|
||||||
|
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
|
||||||
|
|
||||||
|
if test (tty) = "/dev/tty1"
|
||||||
|
exec Hyprland &> /dev/null
|
||||||
|
end
|
||||||
|
'';
|
||||||
|
shellAbbrs = {
|
||||||
|
ls = "exa";
|
||||||
|
grep = "rg";
|
||||||
|
ps = "procs";
|
||||||
|
|
||||||
|
n = "nix";
|
||||||
|
nd = "nix develop -c $SHELL";
|
||||||
|
ns = "nix shell";
|
||||||
|
nsn = "nix shell nixpkgs#";
|
||||||
|
nb = "nix build";
|
||||||
|
nbn = "nix build nixpkgs#";
|
||||||
|
nf = "nix flake";
|
||||||
|
|
||||||
|
|
||||||
|
nrs = "sudo nixos-rebuild switch --flake .#$HOSTNAME";
|
||||||
|
snr = "sudo nixos-rebuild --flake .";
|
||||||
|
snrs = "sudo nixos-rebuild --flake . switch";
|
||||||
|
hm = "home-manager --flake .";
|
||||||
|
hms = "home-manager --flake . switch";
|
||||||
|
|
||||||
|
tsu = "sudo tailscale up";
|
||||||
|
tsd = "sudo tailscale down";
|
||||||
|
|
||||||
|
vi = "nvim";
|
||||||
|
vim = "nvim";
|
||||||
|
|
||||||
|
wgd = "sudo systemctl stop wg-quick-wg0.service";
|
||||||
|
wgu = "sudo systemctl start wg-quick-wg0.service";
|
||||||
|
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,20 +7,26 @@
|
||||||
./starship.nix
|
./starship.nix
|
||||||
./tmux.nix
|
./tmux.nix
|
||||||
];
|
];
|
||||||
programs.autojump = {
|
programs.zoxide = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableFishIntegration = true;
|
enableFishIntegration = true;
|
||||||
};
|
};
|
||||||
|
programs.fzf = {
|
||||||
|
enable = true;
|
||||||
|
enableFishIntegration = true;
|
||||||
|
tmux.enableShellIntegration = true;
|
||||||
|
};
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
bc
|
bc
|
||||||
busybox
|
|
||||||
comma
|
comma
|
||||||
|
coreutils
|
||||||
direnv
|
direnv
|
||||||
exa
|
exa
|
||||||
fd
|
fd
|
||||||
htop
|
htop
|
||||||
httpie
|
httpie
|
||||||
jq
|
jq
|
||||||
|
neovim
|
||||||
procs
|
procs
|
||||||
progress
|
progress
|
||||||
ripgrep
|
ripgrep
|
||||||
|
|
|
@ -24,7 +24,12 @@ in {
|
||||||
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
|
set -x WEBKIT_DISABLE_COMPOSITING_MODE 1
|
||||||
set -x EDITOR emacsclient
|
set -x EDITOR emacsclient
|
||||||
set -x VISUAL emacsclient
|
set -x VISUAL emacsclient
|
||||||
|
set -x TERMINAL alacritty
|
||||||
set -x XDG_DATA_HOME $HOME/.local/share
|
set -x XDG_DATA_HOME $HOME/.local/share
|
||||||
|
set -x FZF_ALT_C_COMMAND fd --type d --exclude .git --follow --hidden
|
||||||
|
set -x FZF_DEFAULT_COMMAND fd --type f --exclude .git --follow --hidden
|
||||||
|
set -x FZF_CTRL_T_COMMAND "$FZF_DEFAULT_COMMAND"
|
||||||
|
|
||||||
if test (tty) = "/dev/tty1"
|
if test (tty) = "/dev/tty1"
|
||||||
exec Hyprland &> /dev/null
|
exec Hyprland &> /dev/null
|
||||||
end
|
end
|
||||||
|
@ -42,18 +47,22 @@ in {
|
||||||
nbn = "nix build nixpkgs#";
|
nbn = "nix build nixpkgs#";
|
||||||
nf = "nix flake";
|
nf = "nix flake";
|
||||||
|
|
||||||
nr = "nixos-rebuild --flake .";
|
nr = "sudo nixos-rebuild --flake .";
|
||||||
nrs = "nixos-rebuild --flake . switch";
|
nrs = "sudo nixos-rebuild switch --flake .#$HOSTNAME";
|
||||||
snr = "sudo nixos-rebuild --flake .";
|
snr = "sudo nixos-rebuild --flake .";
|
||||||
snrs = "sudo nixos-rebuild --flake . switch";
|
snrs = "sudo nixos-rebuild --flake . switch";
|
||||||
hm = "home-manager --flake .";
|
hm = "home-manager --flake .";
|
||||||
hms = "home-manager --flake . switch";
|
hms = "home-manager --flake . switch";
|
||||||
|
|
||||||
|
tsu = "sudo tailscale up";
|
||||||
|
tsd = "sudo tailscale down";
|
||||||
|
|
||||||
vi = "nvim";
|
vi = "nvim";
|
||||||
vim = "nvim";
|
vim = "nvim";
|
||||||
|
|
||||||
wgd = "sudo systemctl stop wg-quick-wg0.service";
|
wgd = "sudo systemctl stop wg-quick-wg0.service";
|
||||||
wgu = "sudo systemctl start wg-quick-wg0.service";
|
wgu = "sudo systemctl start wg-quick-wg0.service";
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -12,7 +12,7 @@ in {
|
||||||
|
|
||||||
programs.password-store = {
|
programs.password-store = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]);
|
package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-otp exts.pass-import ]);
|
||||||
};
|
};
|
||||||
programs.gpg = { enable = true; };
|
programs.gpg = { enable = true; };
|
||||||
services.gpg-agent = {
|
services.gpg-agent = {
|
||||||
|
@ -20,6 +20,7 @@ in {
|
||||||
defaultCacheTtl = 1800;
|
defaultCacheTtl = 1800;
|
||||||
enableSshSupport = true;
|
enableSshSupport = true;
|
||||||
};
|
};
|
||||||
|
programs.browserpass.enable = true;
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
pinentry
|
pinentry
|
||||||
];
|
];
|
||||||
|
|
|
@ -14,46 +14,48 @@ in {
|
||||||
shortcut = "a";
|
shortcut = "a";
|
||||||
keyMode = "vi";
|
keyMode = "vi";
|
||||||
clock24 = true;
|
clock24 = true;
|
||||||
|
plugins = with pkgs.tmuxPlugins; [ sensible yank ];
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
# Enable mouse mode (tmux 2.1 and above)
|
|
||||||
set -g mouse on
|
set-option -sa terminal-overrides ",xterm*:Tc"
|
||||||
|
# Enable mouse mode (tmux 2.1 and above)
|
||||||
|
set -g mouse on
|
||||||
|
|
||||||
# split panes using | and -
|
# split panes using | and -
|
||||||
bind | split-window -h
|
bind | split-window -h
|
||||||
bind - split-window -v
|
bind - split-window -v
|
||||||
unbind '"'
|
unbind '"'
|
||||||
unbind %
|
unbind %
|
||||||
|
|
||||||
# change status bar color
|
bind-key r source-file ~/.tmux.conf \; display-message "Konfiguration neu geladen"
|
||||||
bind-key r source-file ~/.tmux.conf \; display-message "Konfiguration neu geladen"
|
set -g @plugin 'sainnhe/tmux-fzf'
|
||||||
|
# status bar theme
|
||||||
# status bar theme
|
set -g status-bg 'colour235'
|
||||||
set -g status-bg 'colour235'
|
#set -g message-command-fg 'colour222'
|
||||||
#set -g message-command-fg 'colour222'
|
set -g status-justify 'centre'
|
||||||
set -g status-justify 'centre'
|
set -g status-left-length '100'
|
||||||
set -g status-left-length '100'
|
set -g status 'on'
|
||||||
set -g status 'on'
|
#set -g pane-active-border-fg 'colour154'
|
||||||
#set -g pane-active-border-fg 'colour154'
|
#set -g message-bg 'colour238'
|
||||||
#set -g message-bg 'colour238'
|
set -g status-right-length '100'
|
||||||
set -g status-right-length '100'
|
#set -g status-right-attr 'none'
|
||||||
#set -g status-right-attr 'none'
|
#set -g message-fg 'colour222'
|
||||||
#set -g message-fg 'colour222'
|
#set -g message-command-bg 'colour238'
|
||||||
#set -g message-command-bg 'colour238'
|
#set -g status-attr 'none'
|
||||||
#set -g status-attr 'none'
|
#set -g status-utf8 'on'
|
||||||
#set -g status-utf8 'on'
|
#set -g pane-border-fg 'colour238'
|
||||||
#set -g pane-border-fg 'colour238'
|
#set -g status-left-attr 'none'
|
||||||
#set -g status-left-attr 'none'
|
#setw -g window-status-fg 'colour121'
|
||||||
#setw -g window-status-fg 'colour121'
|
#setw -g window-status-attr 'none'
|
||||||
#setw -g window-status-attr 'none'
|
#setw -g window-status-activity-bg 'colour235'
|
||||||
#setw -g window-status-activity-bg 'colour235'
|
#setw -g window-status-activity-attr 'none'
|
||||||
#setw -g window-status-activity-attr 'none'
|
#setw -g window-status-activity-fg 'colour154'
|
||||||
#setw -g window-status-activity-fg 'colour154'
|
setw -g window-status-separator ' '
|
||||||
setw -g window-status-separator ' '
|
#setw -g window-status-bg 'colour235'
|
||||||
#setw -g window-status-bg 'colour235'
|
set -g status-left '#[fg=colour232,bg=colour154] #S #[fg=colour154,bg=colour238,nobold,nounderscore,noitalics]#[fg=colour222,bg=colour238] #W #[fg=colour238,bg=colour235,nobold,nounderscore,noitalics]#[fg=colour121,bg=colour235] #(whoami) #(uptime | cut -d " " -f 1,2,3) #[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]'
|
||||||
set -g status-left '#[fg=colour232,bg=colour154] #S #[fg=colour154,bg=colour238,nobold,nounderscore,noitalics]#[fg=colour222,bg=colour238] #W #[fg=colour238,bg=colour235,nobold,nounderscore,noitalics]#[fg=colour121,bg=colour235] #(whoami) #(uptime | cut -d " " -f 1,2,3) #[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]'
|
set -g status-right '#[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]#[fg=colour121,bg=colour235] %r %a %Y #[fg=colour238,bg=colour235,nobold,nounderscore,noitalics]#[fg=colour222,bg=colour238] #H #[fg=colour154,bg=colour238,nobold,nounderscore,noitalics]#[fg=colour232,bg=colour154] #(rainbarf --battery --remaining --no-rgb) '
|
||||||
set -g status-right '#[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]#[fg=colour121,bg=colour235] %r %a %Y #[fg=colour238,bg=colour235,nobold,nounderscore,noitalics]#[fg=colour222,bg=colour238] #H #[fg=colour154,bg=colour238,nobold,nounderscore,noitalics]#[fg=colour232,bg=colour154] #(rainbarf --battery --remaining --no-rgb) '
|
setw -g window-status-format '#[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]#[default] #I #W #[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]'
|
||||||
setw -g window-status-format '#[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]#[default] #I #W #[fg=colour235,bg=colour235,nobold,nounderscore,noitalics]'
|
setw -g window-status-current-format '#[fg=colour235,bg=colour238,nobold,nounderscore,noitalics]#[fg=colour222,bg=colour238] #I #W #F #[fg=colour238,bg=colour235,nobold,nounderscore,noitalics]'
|
||||||
setw -g window-status-current-format '#[fg=colour235,bg=colour238,nobold,nounderscore,noitalics]#[fg=colour222,bg=colour238] #I #W #F #[fg=colour238,bg=colour235,nobold,nounderscore,noitalics]'
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
appimage-run
|
||||||
|
deploy-rs
|
||||||
|
nil
|
||||||
|
nix-prefetch-git
|
||||||
|
nixfmt
|
||||||
|
rnix-lsp
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,8 +1,13 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }: {
|
||||||
imports = [ ./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix ];
|
imports =
|
||||||
|
[ ./emacs.nix ./golang.nix ./nix.nix ./nodejs.nix ./rust.nix ./tools.nix ];
|
||||||
|
|
||||||
home.packages = with pkgs;
|
home.packages = with pkgs; [
|
||||||
[
|
ispell
|
||||||
python3
|
python3
|
||||||
];
|
python311Packages.pip
|
||||||
|
python311Packages.setuptools
|
||||||
|
guile_3_0
|
||||||
|
tinyscheme
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,108 +1,4 @@
|
||||||
{ pkgs, ... }: {
|
{ pkgs, ... }: {
|
||||||
services.emacs.enable = true;
|
services.emacs.enable = true;
|
||||||
programs.emacs = { # 310
|
programs.emacs = { enable = true; };
|
||||||
enable = true;
|
|
||||||
extraPackages = epkgs: [
|
|
||||||
epkgs.all-the-icons
|
|
||||||
epkgs.all-the-icons-dired
|
|
||||||
epkgs.calfw
|
|
||||||
epkgs.calfw-org
|
|
||||||
epkgs.calfw-ical
|
|
||||||
epkgs.command-log-mode
|
|
||||||
epkgs.company
|
|
||||||
epkgs.company-box
|
|
||||||
epkgs.consult
|
|
||||||
epkgs.counsel
|
|
||||||
epkgs.counsel-projectile
|
|
||||||
epkgs.consult-org-roam
|
|
||||||
epkgs.dart-mode
|
|
||||||
epkgs.dashboard
|
|
||||||
epkgs.deft
|
|
||||||
epkgs.dired-hide-dotfiles
|
|
||||||
epkgs.dired-open
|
|
||||||
epkgs.dired-single
|
|
||||||
epkgs.direnv
|
|
||||||
epkgs.docker
|
|
||||||
epkgs.docker-compose-mode
|
|
||||||
epkgs.dockerfile-mode
|
|
||||||
epkgs.docker-tramp
|
|
||||||
epkgs.doom-themes
|
|
||||||
epkgs.doom-modeline
|
|
||||||
epkgs.elfeed
|
|
||||||
epkgs.elfeed-web
|
|
||||||
epkgs.elfeed-tube
|
|
||||||
epkgs.elfeed-tube-mpv
|
|
||||||
epkgs.elfeed-org
|
|
||||||
epkgs.embark
|
|
||||||
epkgs.embark-consult
|
|
||||||
epkgs.emmet-mode
|
|
||||||
epkgs.envrc
|
|
||||||
epkgs.evil
|
|
||||||
epkgs.evil-collection
|
|
||||||
epkgs.evil-nerd-commenter
|
|
||||||
epkgs.exec-path-from-shell
|
|
||||||
epkgs.forge
|
|
||||||
epkgs.fontawesome
|
|
||||||
epkgs.general
|
|
||||||
epkgs.go-mode
|
|
||||||
epkgs.graphql-mode
|
|
||||||
epkgs.helpful
|
|
||||||
epkgs.helm
|
|
||||||
epkgs.helm-lsp
|
|
||||||
epkgs.helm-descbinds
|
|
||||||
epkgs.helm-rg
|
|
||||||
epkgs.helm-c-yasnippet
|
|
||||||
epkgs.highlight-indent-guides
|
|
||||||
epkgs.hydra
|
|
||||||
epkgs.ivy
|
|
||||||
epkgs.ivy-prescient
|
|
||||||
epkgs.ivy-rich
|
|
||||||
epkgs.json-mode
|
|
||||||
#epkgs.khalel
|
|
||||||
epkgs.lispy
|
|
||||||
epkgs.lsp-dart
|
|
||||||
epkgs.lsp-ivy
|
|
||||||
epkgs.lsp-mode
|
|
||||||
epkgs.lsp-ui
|
|
||||||
epkgs.lsp-treemacs
|
|
||||||
epkgs.magit
|
|
||||||
epkgs.marginalia
|
|
||||||
epkgs.mastodon
|
|
||||||
epkgs.mermaid-mode
|
|
||||||
epkgs.nix-mode
|
|
||||||
epkgs.no-littering
|
|
||||||
epkgs.ob-mermaid
|
|
||||||
epkgs.org
|
|
||||||
epkgs.org-auto-tangle
|
|
||||||
epkgs.org-bullets
|
|
||||||
epkgs.org-download
|
|
||||||
epkgs.org-gcal
|
|
||||||
epkgs.org-ql
|
|
||||||
epkgs.org-present
|
|
||||||
epkgs.org-roam
|
|
||||||
epkgs.org-roam-ui
|
|
||||||
epkgs.pass
|
|
||||||
epkgs.pdf-tools
|
|
||||||
epkgs.projectile
|
|
||||||
epkgs.pyenv-mode
|
|
||||||
epkgs.python-mode
|
|
||||||
epkgs.rainbow-delimiters
|
|
||||||
epkgs.request
|
|
||||||
epkgs.restclient
|
|
||||||
epkgs.rustic
|
|
||||||
epkgs.smartparens
|
|
||||||
epkgs.svelte-mode
|
|
||||||
epkgs.todoist
|
|
||||||
epkgs.typescript-mode
|
|
||||||
epkgs.use-package
|
|
||||||
epkgs.visual-fill-column
|
|
||||||
epkgs.vue-mode
|
|
||||||
epkgs.vterm
|
|
||||||
epkgs.web-mode
|
|
||||||
epkgs.which-key
|
|
||||||
epkgs.yasnippet
|
|
||||||
epkgs.yasnippet-snippets
|
|
||||||
epkgs.zetteldeft
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,5 +6,6 @@
|
||||||
nil
|
nil
|
||||||
nix-prefetch-git
|
nix-prefetch-git
|
||||||
nixfmt
|
nixfmt
|
||||||
|
rnix-lsp
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,5 @@
|
||||||
{
|
{
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
rustup
|
rustup
|
||||||
rust-analyzer
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,6 +4,5 @@
|
||||||
direnv
|
direnv
|
||||||
insomnia
|
insomnia
|
||||||
hugo
|
hugo
|
||||||
shopify-cli
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,89 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
./crypto.nix
|
||||||
|
./design.nix
|
||||||
|
# ./espanso.nix
|
||||||
|
./extrafonts.nix
|
||||||
|
./media.nix
|
||||||
|
./office.nix
|
||||||
|
./qt.nix
|
||||||
|
./syncthing.nix
|
||||||
|
./waybar.nix
|
||||||
|
./wofi.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
xdg.mimeApps = {
|
||||||
|
enable = true;
|
||||||
|
defaultApplications = { "application/pdf" = [ "okular.desktop" ]; };
|
||||||
|
};
|
||||||
|
|
||||||
|
home.sessionVariables = {
|
||||||
|
WEBKIT_DISABLE_COMPOSITING_MODE = "1";
|
||||||
|
NIXOS_OZONE_WL = "1";
|
||||||
|
EDITOR = "emacsclient";
|
||||||
|
VISUAL = "emacsclient";
|
||||||
|
TERMINAL = "alacritty";
|
||||||
|
BROWSER = "nyxt";
|
||||||
|
QT_QPA_PLATFORM = "wayland";
|
||||||
|
XDG_CONFIG_HOME = "\${HOME}/.config";
|
||||||
|
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
||||||
|
XDG_DATA_HOME = "\${HOME}/.local/share";
|
||||||
|
};
|
||||||
|
home.sessionPath =
|
||||||
|
[ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" ];
|
||||||
|
|
||||||
|
fonts.fontconfig.enable = true;
|
||||||
|
|
||||||
|
services.mako = {
|
||||||
|
enable = true;
|
||||||
|
backgroundColor = "#282a36";
|
||||||
|
textColor = "#80FFEA";
|
||||||
|
borderColor = "#9742b5";
|
||||||
|
width = 400;
|
||||||
|
height = 150;
|
||||||
|
padding = "10,20";
|
||||||
|
borderRadius = 8;
|
||||||
|
borderSize = 1;
|
||||||
|
margin = "20,20";
|
||||||
|
};
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
alacritty
|
||||||
|
appimage-run
|
||||||
|
blueberry
|
||||||
|
brave
|
||||||
|
brightnessctl
|
||||||
|
clipman
|
||||||
|
distrobox
|
||||||
|
flameshot
|
||||||
|
firefox
|
||||||
|
fuzzel
|
||||||
|
gnome.file-roller
|
||||||
|
gnome.seahorse
|
||||||
|
gnome.sushi
|
||||||
|
gnome.vinagre
|
||||||
|
glib
|
||||||
|
gsettings-desktop-schemas
|
||||||
|
hyprpaper
|
||||||
|
pamixer
|
||||||
|
pavucontrol
|
||||||
|
libsForQt5.qtstyleplugins
|
||||||
|
nyxt
|
||||||
|
qt5ct
|
||||||
|
rustdesk
|
||||||
|
tor-browser-bundle-bin
|
||||||
|
transmission-gtk
|
||||||
|
ungoogled-chromium
|
||||||
|
unrar
|
||||||
|
unzip
|
||||||
|
usbutils
|
||||||
|
v4l-utils
|
||||||
|
wl-clipboard
|
||||||
|
wlogout
|
||||||
|
wtype
|
||||||
|
xdg-utils
|
||||||
|
ydotool
|
||||||
|
zip
|
||||||
|
];
|
||||||
|
}
|
|
@ -9,6 +9,6 @@ in {
|
||||||
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
|
options.features.desktop.crypto.enable = mkEnableOption "Enable Crypto";
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
home.packages = with pkgs; [ bisq-desktop monero-gui trezord trezor-suite ];
|
home.packages = with pkgs; [ bisq-desktop monero-gui trezor-suite ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,14 +3,14 @@
|
||||||
imports = [
|
imports = [
|
||||||
./crypto.nix
|
./crypto.nix
|
||||||
./design.nix
|
./design.nix
|
||||||
|
# ./espanso.nix
|
||||||
./extrafonts.nix
|
./extrafonts.nix
|
||||||
#./hyprland
|
|
||||||
./media.nix
|
./media.nix
|
||||||
./office.nix
|
./office.nix
|
||||||
./qt.nix
|
./qt.nix
|
||||||
./rofi.nix
|
|
||||||
./syncthing.nix
|
./syncthing.nix
|
||||||
./waybar.nix
|
./waybar.nix
|
||||||
|
./wofi.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
xdg.mimeApps = {
|
xdg.mimeApps = {
|
||||||
|
@ -23,17 +23,28 @@
|
||||||
NIXOS_OZONE_WL = "1";
|
NIXOS_OZONE_WL = "1";
|
||||||
EDITOR = "emacs";
|
EDITOR = "emacs";
|
||||||
VISUAL = "emacs";
|
VISUAL = "emacs";
|
||||||
|
TERMINAL = "alacritty";
|
||||||
QT_QPA_PLATFORM = "wayland";
|
QT_QPA_PLATFORM = "wayland";
|
||||||
XDG_CONFIG_HOME = "\${HOME}/.config";
|
XDG_CONFIG_HOME = "\${HOME}/.config";
|
||||||
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
XDG_BIN_HOME = "\${HOME}/.local/bin";
|
||||||
XDG_DATA_HOME = "\${HOME}/.local/share";
|
XDG_DATA_HOME = "\${HOME}/.local/share";
|
||||||
};
|
};
|
||||||
home.sessionPath = [ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" ];
|
home.sessionPath =
|
||||||
|
[ "\${XDG_BIN_HOME}" "\${HOME}/.cargo/bin" "$HOME/.npm-global/bin" ];
|
||||||
|
|
||||||
fonts.fontconfig.enable = true;
|
fonts.fontconfig.enable = true;
|
||||||
|
|
||||||
services.dunst = {
|
services.mako = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
backgroundColor = "#282a36";
|
||||||
|
textColor = "#80FFEA";
|
||||||
|
borderColor = "#9742b5";
|
||||||
|
width = 400;
|
||||||
|
height = 150;
|
||||||
|
padding = "10,20";
|
||||||
|
borderRadius = 8;
|
||||||
|
borderSize = 1;
|
||||||
|
margin = "20,20";
|
||||||
};
|
};
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
|
@ -44,33 +55,37 @@
|
||||||
brightnessctl
|
brightnessctl
|
||||||
clipman
|
clipman
|
||||||
distrobox
|
distrobox
|
||||||
|
eww-wayland
|
||||||
flameshot
|
flameshot
|
||||||
|
firefox
|
||||||
fuzzel
|
fuzzel
|
||||||
gnome.file-roller
|
gnome.file-roller
|
||||||
gnome.nautilus
|
|
||||||
gnome.nautilus
|
|
||||||
gnome.seahorse
|
gnome.seahorse
|
||||||
gnome.sushi
|
gnome.sushi
|
||||||
gnome.vinagre
|
gnome.vinagre
|
||||||
glib
|
glib
|
||||||
gsettings-desktop-schemas
|
gsettings-desktop-schemas
|
||||||
hyprpaper
|
hyprpaper
|
||||||
nyxt
|
|
||||||
pamixer
|
pamixer
|
||||||
pavucontrol
|
pavucontrol
|
||||||
picom
|
|
||||||
libsForQt5.qtstyleplugins
|
libsForQt5.qtstyleplugins
|
||||||
|
nyxt
|
||||||
qt5ct
|
qt5ct
|
||||||
rustdesk
|
rustdesk
|
||||||
|
socat
|
||||||
|
tor-browser-bundle-bin
|
||||||
|
transmission-gtk
|
||||||
|
trayer
|
||||||
|
ungoogled-chromium
|
||||||
unrar
|
unrar
|
||||||
unzip
|
unzip
|
||||||
usbutils
|
usbutils
|
||||||
v4l-utils
|
v4l-utils
|
||||||
|
wl-clipboard
|
||||||
wlogout
|
wlogout
|
||||||
wtype
|
wtype
|
||||||
xdg-utils
|
xdg-utils
|
||||||
xdotool
|
ydotool
|
||||||
zip
|
zip
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,6 +15,7 @@ in {
|
||||||
darktable
|
darktable
|
||||||
gimp-with-plugins
|
gimp-with-plugins
|
||||||
gimpPlugins.gmic
|
gimpPlugins.gmic
|
||||||
|
glaxnimate
|
||||||
gmic
|
gmic
|
||||||
gmic-qt
|
gmic-qt
|
||||||
imagemagick
|
imagemagick
|
||||||
|
|
|
@ -1,3 +1,2 @@
|
||||||
{
|
{ pkgs, ... }: { home.packages = with pkgs; [ espanso-wayland ]; }
|
||||||
services.espanso.enable = true;
|
|
||||||
}
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ in ''
|
||||||
env = WLR_NO_HARDWARE_CURSORS,1
|
env = WLR_NO_HARDWARE_CURSORS,1
|
||||||
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
||||||
input {
|
input {
|
||||||
kb_layout = de
|
kb_layout = de,us
|
||||||
kb_variant =
|
kb_variant =
|
||||||
kb_model =
|
kb_model =
|
||||||
kb_rules =
|
kb_rules =
|
||||||
|
@ -30,7 +30,7 @@ in ''
|
||||||
|
|
||||||
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
||||||
}
|
}
|
||||||
|
|
||||||
general {
|
general {
|
||||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||||
col.active_border = rgb(44475a) rgb(bd93f9) 90deg
|
col.active_border = rgb(44475a) rgb(bd93f9) 90deg
|
||||||
|
@ -147,11 +147,11 @@ in ''
|
||||||
bind = $mainMod SHIFT, e, exec, emacsclient -n -c -e '(package-initialize)'
|
bind = $mainMod SHIFT, e, exec, emacsclient -n -c -e '(package-initialize)'
|
||||||
bind = $mainMod, Escape, exec, wlogout -p layer-shell
|
bind = $mainMod, Escape, exec, wlogout -p layer-shell
|
||||||
bind = $mainMod, Space, togglefloating
|
bind = $mainMod, Space, togglefloating
|
||||||
bind = $mainMod, q, killactive,
|
bind = $mainMod, q, killactive
|
||||||
bind = $mainMod, M, exit,
|
bind = $mainMod, M, exit
|
||||||
bind= $mainMod, F, fullscreen
|
bind = $mainMod, F, fullscreen
|
||||||
bind = $mainMod, E, exec, thunar
|
bind = $mainMod, E, exec, thunar
|
||||||
bind = $mainMod, V, togglefloating,
|
bind = $mainMod, V, togglefloating
|
||||||
bind = $mainMod, D, exec, fuzzel
|
bind = $mainMod, D, exec, fuzzel
|
||||||
bind = $mainMod, P, pseudo, # dwindle
|
bind = $mainMod, P, pseudo, # dwindle
|
||||||
bind = $mainMod, J, togglesplit, # dwindle
|
bind = $mainMod, J, togglesplit, # dwindle
|
||||||
|
|
|
@ -29,8 +29,8 @@
|
||||||
waypipe
|
waypipe
|
||||||
wireplumber
|
wireplumber
|
||||||
wf-recorder
|
wf-recorder
|
||||||
wl-clipboard
|
|
||||||
wl-mirror
|
wl-mirror
|
||||||
|
wl-clipboard
|
||||||
ydotool
|
ydotool
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -11,18 +11,26 @@ in {
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
ffmpeg
|
ffmpeg_6-full
|
||||||
fractal
|
fractal
|
||||||
|
frei0r
|
||||||
gphoto2
|
gphoto2
|
||||||
handbrake
|
handbrake
|
||||||
libsForQt5.kdenlive
|
libsForQt5.kdenlive
|
||||||
makemkv
|
makemkv
|
||||||
|
mediainfo
|
||||||
mpv
|
mpv
|
||||||
obs-studio
|
|
||||||
plexamp
|
plexamp
|
||||||
uxplay
|
uxplay
|
||||||
vlc
|
vlc
|
||||||
|
webcord
|
||||||
youtube-dl
|
youtube-dl
|
||||||
];
|
];
|
||||||
|
|
||||||
|
programs.obs-studio = {
|
||||||
|
enable = true;
|
||||||
|
plugins = with pkgs.obs-studio-plugins; [ obs-backgroundremoval wlrobs ];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,6 +14,7 @@ in {
|
||||||
nextcloud-client
|
nextcloud-client
|
||||||
libreoffice
|
libreoffice
|
||||||
neomutt
|
neomutt
|
||||||
|
pdftk
|
||||||
tutanota-desktop
|
tutanota-desktop
|
||||||
okular
|
okular
|
||||||
zathura
|
zathura
|
||||||
|
|
|
@ -3,6 +3,14 @@
|
||||||
#
|
#
|
||||||
];
|
];
|
||||||
|
|
||||||
home.packages = with pkgs; [ alacritty brave libreoffice nextcloud-client ];
|
home.packages = with pkgs; [
|
||||||
services.espanso.enable = true;
|
alacritty
|
||||||
|
brave
|
||||||
|
libreoffice
|
||||||
|
nextcloud-client
|
||||||
|
xclip
|
||||||
|
libnotify
|
||||||
|
espanso
|
||||||
|
firefox
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,22 +0,0 @@
|
||||||
{ pkgs, ... }: {
|
|
||||||
programs.rofi = {
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.rofi-wayland;
|
|
||||||
plugins = [ pkgs.rofi-calc pkgs.rofi-emoji ];
|
|
||||||
theme = "themes/dracula";
|
|
||||||
extraConfig = {
|
|
||||||
modi = "drun,ssh,filebrowser,keys,window";
|
|
||||||
kb-primary-paste = "Control+V,Shift+Insert";
|
|
||||||
kb-secondary-paste = "Control+v,Insert";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.rofi.pass = {
|
|
||||||
enable = true;
|
|
||||||
extraConfig = ''
|
|
||||||
layout_cmd () {
|
|
||||||
setxkbmap de
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -28,7 +28,6 @@
|
||||||
waypipe
|
waypipe
|
||||||
wireplumber
|
wireplumber
|
||||||
wf-recorder
|
wf-recorder
|
||||||
wl-clipboard
|
|
||||||
wl-mirror
|
wl-mirror
|
||||||
ydotool
|
ydotool
|
||||||
];
|
];
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
{ pkgs, outputs, ...}:
|
||||||
|
let
|
||||||
|
wofi-pass = outputs.packages.x86_64-linux.wofi-pass;
|
||||||
|
bemoji = outputs.packages.x86_64-linux.bemoji;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
home.packages = [
|
||||||
|
pkgs.wofi
|
||||||
|
bemoji
|
||||||
|
wofi-pass
|
||||||
|
];
|
||||||
|
}
|
|
@ -7,6 +7,8 @@
|
||||||
gamescope
|
gamescope
|
||||||
goverlay
|
goverlay
|
||||||
mangohud
|
mangohud
|
||||||
|
yuzu-early-access
|
||||||
|
ryujinx
|
||||||
protontricks
|
protontricks
|
||||||
protonup-ng
|
protonup-ng
|
||||||
winetricks
|
winetricks
|
||||||
|
|
|
@ -10,7 +10,7 @@ in {
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
#podman
|
fuse-overlayfs
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,9 @@ nixpkgs = {
|
||||||
userName = "m3tam3re";
|
userName = "m3tam3re";
|
||||||
userEmail = "m@m3tam3re.com";
|
userEmail = "m@m3tam3re.com";
|
||||||
aliases = { st = "status"; };
|
aliases = { st = "status"; };
|
||||||
|
extraConfig = {
|
||||||
|
core.excludesfile = "~/.gitignore_global";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -16,11 +16,13 @@
|
||||||
# source = ~/.config/hypr/myColors.conf
|
# source = ~/.config/hypr/myColors.conf
|
||||||
|
|
||||||
# Some default env vars.
|
# Some default env vars.
|
||||||
env = XCURSOR_SIZE,24
|
#env = XCURSOR_SIZE,24
|
||||||
env = WLR_NO_HARDWARE_CURSORS,1
|
env = WLR_NO_HARDWARE_CURSORS,1
|
||||||
|
env = __NV_PRIME_RENDER_OFFLOAD,1
|
||||||
|
env = GTK_THEME,Dracula
|
||||||
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
||||||
input {
|
input {
|
||||||
kb_layout = de
|
kb_layout = de,us
|
||||||
kb_variant =
|
kb_variant =
|
||||||
kb_model =
|
kb_model =
|
||||||
kb_rules =
|
kb_rules =
|
||||||
|
@ -34,6 +36,10 @@
|
||||||
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
||||||
}
|
}
|
||||||
|
|
||||||
|
device:zsa-technology-labs-moonlander-mark-i {
|
||||||
|
kb_layout = us
|
||||||
|
}
|
||||||
|
|
||||||
general {
|
general {
|
||||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||||
col.active_border = rgb(44475a) rgb(bd93f9) 90deg
|
col.active_border = rgb(44475a) rgb(bd93f9) 90deg
|
||||||
|
@ -155,10 +161,10 @@
|
||||||
bind = $mainMod, q, killactive,
|
bind = $mainMod, q, killactive,
|
||||||
bind = $mainMod, M, exit,
|
bind = $mainMod, M, exit,
|
||||||
bind= $mainMod, F, fullscreen
|
bind= $mainMod, F, fullscreen
|
||||||
bind = $mainMod, E, exec, thunar
|
|
||||||
bind = $mainMod, V, togglefloating,
|
bind = $mainMod, V, togglefloating,
|
||||||
bind = $mainMod, D, exec, rofi -modi 'drun,emoji,calc,ssh' -show drun -font 'Fira Code 13' -show-icons
|
bind = $mainMod, D, exec, wofi --show drun --allow-images
|
||||||
bind = $mainMod, D, exec, rofi -modi 'drun,emoji,calc,ssh' -show drun -font 'Fira Code 13' -show-icons
|
bind = $mainMod SHIFT, S, exec, bemoji
|
||||||
|
bind = $mainMod, P, exec, wofi-pass
|
||||||
bind = $mainMod SHIFT, P, pseudo, # dwindle
|
bind = $mainMod SHIFT, P, pseudo, # dwindle
|
||||||
bind = $mainMod, J, togglesplit, # dwindle
|
bind = $mainMod, J, togglesplit, # dwindle
|
||||||
|
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
qemu.enable = true;
|
qemu.enable = true;
|
||||||
};
|
};
|
||||||
services = { netbird.enable = true; };
|
services = { };
|
||||||
};
|
};
|
||||||
home.stateVersion = "22.11";
|
home.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,12 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
imports = [ ./base ../../features/cli ];
|
||||||
|
|
||||||
|
features = {
|
||||||
|
cli = {
|
||||||
|
fish.enable = true;
|
||||||
|
starship.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
home.stateVersion = "22.11";
|
||||||
|
}
|
|
@ -5,7 +5,6 @@
|
||||||
../../features/desktop/plasma.nix
|
../../features/desktop/plasma.nix
|
||||||
../../features/services
|
../../features/services
|
||||||
];
|
];
|
||||||
|
|
||||||
features = {
|
features = {
|
||||||
cli = {
|
cli = {
|
||||||
fish.enable = true;
|
fish.enable = true;
|
||||||
|
|
|
@ -1,16 +1,11 @@
|
||||||
{ lib, pkgs, inputs, outputs, ... }:
|
{ lib, pkgs, inputs, outputs, ... }: {
|
||||||
{
|
imports = [ inputs.home-manager.nixosModules.home-manager ];
|
||||||
imports = [
|
home-manager = {
|
||||||
inputs.home-manager.nixosModules.home-manager
|
|
||||||
];
|
|
||||||
home-manager = {
|
|
||||||
useUserPackages = true;
|
useUserPackages = true;
|
||||||
extraSpecialArgs = { inherit inputs outputs; };
|
extraSpecialArgs = { inherit inputs outputs; };
|
||||||
};
|
};
|
||||||
users.defaultUserShell = pkgs.fish;
|
users.defaultUserShell = pkgs.fish;
|
||||||
|
|
||||||
environment.systemPackages = [
|
environment.systemPackages =
|
||||||
inputs.agenix.packages.x86_64-linux.default
|
[ inputs.agenix.packages.x86_64-linux.default pkgs.coreutils ];
|
||||||
pkgs.busybox
|
|
||||||
];
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,12 +4,23 @@
|
||||||
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
|
"$y$j9T$wOKc3kLsQVtmmyLIN7ljV.$NvdWzwn6p8JNByHoXQqf6/GF3C0JOPHW/D0HgFLQXy4";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "m3tam3re";
|
description = "m3tam3re";
|
||||||
extraGroups = [ "wheel" "networkmanager" "libvirtd" "flatpak" "audio" "video" ];
|
extraGroups = [
|
||||||
|
"wheel"
|
||||||
|
"networkmanager"
|
||||||
|
"libvirtd"
|
||||||
|
"flatpak"
|
||||||
|
"audio"
|
||||||
|
"video"
|
||||||
|
"input"
|
||||||
|
"kvm"
|
||||||
|
"qemu-libvirtd"
|
||||||
|
];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
||||||
];
|
];
|
||||||
packages = [ pkgs.home-manager ];
|
packages = [ pkgs.home-manager ];
|
||||||
};
|
};
|
||||||
home-manager.users.m3tam3re = import m3tam3re/${config.networking.hostName}.nix;
|
home-manager.users.m3tam3re =
|
||||||
|
import m3tam3re/${config.networking.hostName}.nix;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
|
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
description = "Produktion";
|
description = "Produktion";
|
||||||
|
extraGroups = [ "tailscale" "networkmanager" "audio" "video" ];
|
||||||
openssh.authorizedKeys.keys = [
|
openssh.authorizedKeys.keys = [
|
||||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU= m3tam3re@m3-nix"
|
||||||
];
|
];
|
||||||
|
|
|
@ -7,11 +7,10 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.openssh.passwordAuthentication = false;
|
services.openssh.settings.PasswordAuthentication = false;
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "lkk-nix-1";
|
hostName = "lkk-nix-1";
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
|
@ -20,20 +19,26 @@
|
||||||
to = 3100;
|
to = 3100;
|
||||||
}];
|
}];
|
||||||
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
|
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
|
||||||
firewall.allowedUDPPorts = [ 53 51820 ];
|
firewall.allowedUDPPorts = [ 53 51820 41641 ];
|
||||||
firewall.allowedUDPPortRanges = [{
|
firewall.allowedUDPPortRanges = [{
|
||||||
from = 3478;
|
from = 3478;
|
||||||
to = 3481;
|
to = 3481;
|
||||||
}];
|
}];
|
||||||
};
|
};
|
||||||
|
programs.fish.enable = true;
|
||||||
age = {
|
age = {
|
||||||
secrets = {
|
secrets = {
|
||||||
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
|
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
|
||||||
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
|
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
|
||||||
|
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||||
|
|
||||||
billbee-api-key = {
|
vaultwarden-env = {
|
||||||
file = ../../secrets/billbee-api-key.age;
|
file = ../../secrets/vaultwarden-env.age;
|
||||||
|
mode = "770";
|
||||||
|
};
|
||||||
|
|
||||||
|
n8n-env = {
|
||||||
|
file = ../../secrets/n8n-env.age;
|
||||||
mode = "770";
|
mode = "770";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -54,10 +59,6 @@
|
||||||
owner = "searx";
|
owner = "searx";
|
||||||
};
|
};
|
||||||
|
|
||||||
wg-easy-environmentFile = {
|
|
||||||
file = ../../secrets/wg-easy-environmentFile.age;
|
|
||||||
mode = "770";
|
|
||||||
};
|
|
||||||
briefkasten-env = {
|
briefkasten-env = {
|
||||||
file = ../../secrets/briefkasten-env.age;
|
file = ../../secrets/briefkasten-env.age;
|
||||||
mode = "770";
|
mode = "770";
|
||||||
|
@ -71,7 +72,7 @@
|
||||||
mode = "770";
|
mode = "770";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
identityPaths = [ "/home/m3tam3re/.ssh/lkk-nix-1" ];
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
|
|
@ -3,5 +3,6 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
mutableSettings = true;
|
mutableSettings = true;
|
||||||
settings.bind_port = 3008;
|
settings.bind_port = 3008;
|
||||||
|
settings.dns.port = 5353;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
|
|
||||||
virtualisation.podman = {
|
virtualisation.podman = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
defaultNetwork.settings = { dns_enabled = true; };
|
||||||
};
|
};
|
||||||
virtualisation.oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{ config, outputs, ... }: {
|
{ config, outputs, ... }: {
|
||||||
virtualisation.oci-containers.containers."baserow" = {
|
virtualisation.oci-containers.containers."baserow" = {
|
||||||
image = "docker.io/baserow/baserow:1.14.0";
|
image = "docker.io/baserow/baserow:1.18.0";
|
||||||
environment = {
|
environment = {
|
||||||
BASEROW_PUBLIC_URL = "https://db.lanakk.com";
|
BASEROW_PUBLIC_URL = "https://db.lanakk.com";
|
||||||
|
|
||||||
POSTGRES_USER = "baserow";
|
POSTGRES_USER = "baserow";
|
||||||
POSTGRES_PASSWORD = "baserow";
|
POSTGRES_PASSWORD = "baserow";
|
||||||
POSTGRES_DB = "baserow";
|
POSTGRES_DB = "baserow";
|
||||||
|
@ -11,7 +11,7 @@
|
||||||
DATABASE_NAME = "baserow";
|
DATABASE_NAME = "baserow";
|
||||||
DATABASE_USER = "baserow";
|
DATABASE_USER = "baserow";
|
||||||
DATABASE_PASSWORD = "baserow";
|
DATABASE_PASSWORD = "baserow";
|
||||||
|
|
||||||
EMAIL_SMTP = "in-v3.mailjet.com";
|
EMAIL_SMTP = "in-v3.mailjet.com";
|
||||||
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
|
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
|
||||||
EMAIL_SMTP_PORT = "587";
|
EMAIL_SMTP_PORT = "587";
|
||||||
|
|
|
@ -4,9 +4,9 @@
|
||||||
./briefkasten.nix
|
./briefkasten.nix
|
||||||
./little-link.nix
|
./little-link.nix
|
||||||
./matomo.nix
|
./matomo.nix
|
||||||
|
./mautic.nix
|
||||||
./nextcloud.nix
|
./nextcloud.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./wordpress.nix
|
./wordpress.nix
|
||||||
./wireguard.nix
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."mautic" = {
|
||||||
|
image = "docker.io/mautic/mautic:v4-apache";
|
||||||
|
environment = {
|
||||||
|
MAUTIC_DB_HOST = "mysql";
|
||||||
|
MAUTIC_DB_USER = "mautic";
|
||||||
|
MAUTIC_DB_PASSWORD = "mautic";
|
||||||
|
MAUTIC_DB_DBNAME = "mautic";
|
||||||
|
PHP_MEMORY_LIMIT="2048M";
|
||||||
|
MAUTIC_RUN_CRON_JOBS="true";
|
||||||
|
};
|
||||||
|
ports = [ "3008:80" ];
|
||||||
|
volumes = [ "mautic_data:/var/www/html" ];
|
||||||
|
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.23" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,7 +1,7 @@
|
||||||
{ config, outputs, ... }: {
|
{ config, outputs, ... }: {
|
||||||
virtualisation.oci-containers.containers."wireguard" = {
|
virtualisation.oci-containers.containers."wireguard" = {
|
||||||
image = "weejewel/wg-easy";
|
image = "docker.io/weejewel/wg-easy";
|
||||||
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1"; };
|
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1:5353"; };
|
||||||
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
|
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
|
||||||
volumes = [ "wireguard_data:/etc/wireguard" ];
|
volumes = [ "wireguard_data:/etc/wireguard" ];
|
||||||
extraOptions = [
|
extraOptions = [
|
||||||
|
|
|
@ -1,15 +1,17 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./adguard.nix
|
|
||||||
./container.nix
|
./container.nix
|
||||||
./gitea.nix
|
./gitea.nix
|
||||||
./invidious.nix
|
./invidious.nix
|
||||||
./mariadb.nix
|
./mariadb.nix
|
||||||
|
./metabase.nix
|
||||||
./minio.nix
|
./minio.nix
|
||||||
./n8n.nix
|
./n8n.nix
|
||||||
./postgres.nix
|
./postgres.nix
|
||||||
./searx.nix
|
./searx.nix
|
||||||
./syncthing.nix
|
./syncthing.nix
|
||||||
|
./tailscale.nix
|
||||||
./traefik.nix
|
./traefik.nix
|
||||||
|
./vaultwarden.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,8 +2,7 @@
|
||||||
{
|
{
|
||||||
services.gitea = {
|
services.gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.unstable.gitea;
|
settings.server.ROOT_URL = "https://code.lanakk.com";
|
||||||
rootUrl = "https://code.lanakk.com";
|
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
dump = {
|
dump = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -2,7 +2,6 @@
|
||||||
{
|
{
|
||||||
services.invidious = {
|
services.invidious = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.unstable.invidious;
|
|
||||||
port = 3006;
|
port = 3006;
|
||||||
domain = "video.lanakk.com";
|
domain = "video.lanakk.com";
|
||||||
};
|
};
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
|
||||||
|
services.metabase = {
|
||||||
|
enable = true;
|
||||||
|
listen.port = 3013;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,26 +1,15 @@
|
||||||
{ config, pkgs, ... }: {
|
{ config, pkgs, ... }: {
|
||||||
disabledModules = [ "system/services/n8n.nix" ];
|
|
||||||
|
|
||||||
nixpkgs.overlays =
|
|
||||||
[ (self: super:
|
|
||||||
{
|
|
||||||
n8n = pkgs.unstable.n8n;
|
|
||||||
})
|
|
||||||
];
|
|
||||||
|
|
||||||
services.n8n = {
|
services.n8n = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
settings = {
|
settings = {
|
||||||
editorBaseUrl = "https://wf.lanakk.com";
|
host = "wf.lanakk.com";
|
||||||
host = "https://wf.lanakk.com";
|
protocol = "https";
|
||||||
|
editorBaseUrl="https://wf.lanakk.com";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.services.n8n.environment = {
|
systemd.services.n8n.serviceConfig = {
|
||||||
BILLBEE_API_KEY =
|
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
|
||||||
config.age.secrets.billbee-api-key.path; # TODO env file for systemd service
|
|
||||||
};
|
|
||||||
systemd.services.traefik.serviceConfig = {
|
|
||||||
EnvironmentFile = "${config.age.secrets.traefik-env.path}";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,38 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "both";
|
||||||
|
};
|
||||||
|
networking.firewall = {
|
||||||
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
|
};
|
||||||
|
systemd.services.tailscale-autoconnect = {
|
||||||
|
description = "Automatic connection to Tailscale";
|
||||||
|
|
||||||
|
# make sure tailscale is running before trying to connect to tailscale
|
||||||
|
after = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wants = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
# set this service as a oneshot job
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||||
|
};
|
||||||
|
|
||||||
|
# have the job run this shell script
|
||||||
|
script = with pkgs; ''
|
||||||
|
# wait for tailscaled to settle
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# check if we are already authenticated to tailscale
|
||||||
|
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||||
|
if [ $status = "Running" ]; then # if so, then do nothing
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# otherwise authenticate with tailscale
|
||||||
|
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -15,7 +15,7 @@
|
||||||
acme = {
|
acme = {
|
||||||
email = "dev@lanakk.com";
|
email = "dev@lanakk.com";
|
||||||
storage = "/var/lib/traefik/acme.json";
|
storage = "/var/lib/traefik/acme.json";
|
||||||
tlsChallenge = {};
|
tlsChallenge = { };
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -70,7 +70,7 @@
|
||||||
[{ url = "http://localhost:3006/"; }];
|
[{ url = "http://localhost:3006/"; }];
|
||||||
wireguard.loadBalancer.servers =
|
wireguard.loadBalancer.servers =
|
||||||
[{ url = "http://localhost:3007/"; }];
|
[{ url = "http://localhost:3007/"; }];
|
||||||
adguard.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
|
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
|
||||||
briefkasten.loadBalancer.servers =
|
briefkasten.loadBalancer.servers =
|
||||||
[{ url = "http://localhost:3009/"; }];
|
[{ url = "http://localhost:3009/"; }];
|
||||||
littlelink-lanakk.loadBalancer.servers =
|
littlelink-lanakk.loadBalancer.servers =
|
||||||
|
@ -81,10 +81,12 @@
|
||||||
[{ url = "http://localhost:3012/"; }];
|
[{ url = "http://localhost:3012/"; }];
|
||||||
syncthing.loadBalancer.servers =
|
syncthing.loadBalancer.servers =
|
||||||
[{ url = "http://localhost:8384/"; }];
|
[{ url = "http://localhost:8384/"; }];
|
||||||
minio.loadBalancer.servers =
|
minio.loadBalancer.servers = [{ url = "http://localhost:9000/"; }];
|
||||||
[{ url = "http://localhost:9000/"; }];
|
|
||||||
minio-console.loadBalancer.servers =
|
minio-console.loadBalancer.servers =
|
||||||
[{ url = "http://localhost:9001/"; }];
|
[{ url = "http://localhost:9001/"; }];
|
||||||
|
metabase.loadBalancer.servers = [{ url = "http://localhost:3013/"; }];
|
||||||
|
vaultwarden.loadBalancer.servers =
|
||||||
|
[{ url = "http://localhost:3014/"; }];
|
||||||
};
|
};
|
||||||
routers = {
|
routers = {
|
||||||
api = {
|
api = {
|
||||||
|
@ -145,6 +147,15 @@
|
||||||
service = "matomo";
|
service = "matomo";
|
||||||
entrypoints = "websecure";
|
entrypoints = "websecure";
|
||||||
};
|
};
|
||||||
|
matomo-m3tam3re = {
|
||||||
|
rule = "Host(`stats.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "stats.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "matomo";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
minio = {
|
minio = {
|
||||||
rule = "Host(`s3.lanakk.com`)";
|
rule = "Host(`s3.lanakk.com`)";
|
||||||
tls = {
|
tls = {
|
||||||
|
@ -201,14 +212,13 @@
|
||||||
middlewares = "auth";
|
middlewares = "auth";
|
||||||
entrypoints = "websecure";
|
entrypoints = "websecure";
|
||||||
};
|
};
|
||||||
adguard = {
|
mautic = {
|
||||||
rule = "Host(`ab.lanakk.com`)";
|
rule = "Host(`ma.lanakk.com`)";
|
||||||
tls = {
|
tls = {
|
||||||
certResolver = "godaddy";
|
certResolver = "godaddy";
|
||||||
domains = "ab.lanakk.com";
|
domains = "ma.lanakk.com";
|
||||||
};
|
};
|
||||||
service = "adguard";
|
service = "mautic";
|
||||||
middlewares = "auth";
|
|
||||||
entrypoints = "websecure";
|
entrypoints = "websecure";
|
||||||
};
|
};
|
||||||
briefkasten = {
|
briefkasten = {
|
||||||
|
@ -256,12 +266,30 @@
|
||||||
service = "littlelink-m3tam3re";
|
service = "littlelink-m3tam3re";
|
||||||
entrypoints = "websecure";
|
entrypoints = "websecure";
|
||||||
};
|
};
|
||||||
|
metabase = {
|
||||||
|
rule = "Host(`kpi.lanakk.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "godaddy";
|
||||||
|
domains = "kpi.lanakk.com";
|
||||||
|
};
|
||||||
|
service = "metabase";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
vaultwarden = {
|
||||||
|
rule = "Host(`vw.lanakk.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "vw.lanakk.com";
|
||||||
|
};
|
||||||
|
service = "vaultwarden";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.traefik.serviceConfig = {
|
systemd.services.traefik.serviceConfig = {
|
||||||
EnvironmentFile="${config.age.secrets.traefik-env.path}";
|
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
backupDir = "/var/backup/vaultwarden";
|
||||||
|
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
|
||||||
|
};
|
||||||
|
}
|
|
@ -7,7 +7,7 @@
|
||||||
../common/base
|
../common/base
|
||||||
];
|
];
|
||||||
|
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
@ -18,19 +18,59 @@
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
};
|
};
|
||||||
|
programs.fish.enable = true;
|
||||||
|
age = {
|
||||||
|
secrets = {
|
||||||
|
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||||
|
};
|
||||||
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
|
};
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "yes";
|
settings.PermitRootLogin = "yes";
|
||||||
};
|
};
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nssmdns = true;
|
nssmdns = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "client";
|
||||||
|
};
|
||||||
|
systemd.services.tailscale-autoconnect = {
|
||||||
|
description = "Automatic connection to Tailscale";
|
||||||
|
|
||||||
|
# make sure tailscale is running before trying to connect to tailscale
|
||||||
|
after = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wants = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
# set this service as a oneshot job
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# have the job run this shell script
|
||||||
|
script = with pkgs; ''
|
||||||
|
# wait for tailscaled to settle
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# check if we are already authenticated to tailscale
|
||||||
|
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||||
|
if [ $status = "Running" ]; then # if so, then do nothing
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# otherwise authenticate with tailscale
|
||||||
|
${tailscale}/bin/tailscale up --authkey $TAILSCALE_KEY
|
||||||
|
'';
|
||||||
|
};
|
||||||
# Configure network proxy if necessary
|
# Configure network proxy if necessary
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
@ -93,11 +133,7 @@
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs;
|
environment.systemPackages = with pkgs; [ neovim ];
|
||||||
[
|
|
||||||
neovim
|
|
||||||
];
|
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
gc = {
|
gc = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
|
|
|
@ -18,14 +18,54 @@
|
||||||
networkmanager.enable = true;
|
networkmanager.enable = true;
|
||||||
firewall.enable = true;
|
firewall.enable = true;
|
||||||
};
|
};
|
||||||
|
programs.fish.enable = true;
|
||||||
|
age = {
|
||||||
|
secrets = {
|
||||||
|
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||||
|
};
|
||||||
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
|
};
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
permitRootLogin = "yes";
|
settings.PermitRootLogin = "yes";
|
||||||
};
|
};
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
nssmdns = true;
|
nssmdns = true;
|
||||||
|
};
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "client";
|
||||||
|
};
|
||||||
|
systemd.services.tailscale-autoconnect = {
|
||||||
|
description = "Automatic connection to Tailscale";
|
||||||
|
|
||||||
|
# make sure tailscale is running before trying to connect to tailscale
|
||||||
|
after = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wants = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
# set this service as a oneshot job
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# have the job run this shell script
|
||||||
|
script = with pkgs; ''
|
||||||
|
# wait for tailscaled to settle
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# check if we are already authenticated to tailscale
|
||||||
|
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||||
|
if [ $status = "Running" ]; then # if so, then do nothing
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# otherwise authenticate with tailscale
|
||||||
|
${tailscale}/bin/tailscale up --authkey $TAILSCALE_KEY
|
||||||
|
'';
|
||||||
|
};
|
||||||
# Configure network proxy if necessary
|
# Configure network proxy if necessary
|
||||||
# networking.proxy.default = "http://user:password@proxy:port/";
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
|
@ -16,35 +16,41 @@ in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
./hardware-configuration.nix # Include the results of the hardware scan.
|
./hardware-configuration.nix # Include the results of the hardware scan.
|
||||||
|
./vfio.nix
|
||||||
../common/users/m3tam3re
|
../common/users/m3tam3re
|
||||||
../common/base
|
../common/base
|
||||||
./services
|
./services
|
||||||
inputs.hyprland.nixosModules.default
|
|
||||||
];
|
];
|
||||||
|
|
||||||
specialisation = {
|
specialisation = {
|
||||||
external-display.configuration = {
|
"EX-Display".configuration = {
|
||||||
system.nixos.tags = [ "Externer-Monitor" ];
|
system.nixos.tags = [ "Externer-Monitor" ];
|
||||||
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
hardware.nvidia.prime.offload.enable = lib.mkForce false;
|
hardware.nvidia.prime.offload.enable = lib.mkForce false;
|
||||||
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
|
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
specialisation = {
|
specialisation = {
|
||||||
dual-display.configuration = {
|
"DUAL-Display".configuration = {
|
||||||
system.nixos.tags = [ "Dual-Monitor" ];
|
system.nixos.tags = [ "Dual-Monitor" ];
|
||||||
|
services.xserver.videoDrivers = [ "nvidia" ];
|
||||||
hardware.nvidia.prime.offload.enable = lib.mkForce false;
|
hardware.nvidia.prime.offload.enable = lib.mkForce false;
|
||||||
hardware.nvidia.prime.sync.enable = lib.mkForce true;
|
hardware.nvidia.prime.sync.enable = lib.mkForce true;
|
||||||
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
|
hardware.nvidia.powerManagement.finegrained = lib.mkForce false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
specialisation = {
|
||||||
|
"VFIO".configuration = {
|
||||||
|
system.nixos.tags = [ "GPU-passthrough" ];
|
||||||
|
vfio.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
# Bootloader.
|
# Bootloader.
|
||||||
# boot.loader.systemd-boot.enable = true;
|
# boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
boot.loader.grub.efiSupport = true;
|
boot.loader.grub.efiSupport = true;
|
||||||
boot.loader.grub.version = 2;
|
|
||||||
boot.loader.grub.device = "nodev";
|
boot.loader.grub.device = "nodev";
|
||||||
boot.loader.grub.useOSProber = true;
|
boot.loader.grub.useOSProber = true;
|
||||||
|
|
||||||
|
@ -78,21 +84,6 @@ in {
|
||||||
|
|
||||||
# Enable networking
|
# Enable networking
|
||||||
networking.networkmanager.enable = true;
|
networking.networkmanager.enable = true;
|
||||||
networking.wg-quick.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
address = [ "10.8.0.3/24" ];
|
|
||||||
privateKeyFile = "/root/wg/peer_m3-nix/privatekey-peer_m3-nix";
|
|
||||||
dns = [ "10.88.0.1" ];
|
|
||||||
|
|
||||||
peers = [{
|
|
||||||
publicKey = "Il/nVlX2qzmZMJQ8QAKN+uQdkcK66Wt7MWZn9Vku6Tg=";
|
|
||||||
presharedKey = "sOgKQCXs+WAEpVvnkqTHlK1ItWpmP/xiexhAJ6oMBJs=";
|
|
||||||
allowedIPs = [ "0.0.0.0/0" "::/0" ];
|
|
||||||
endpoint = "wg.lanakk.com:51820";
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.avahi = {
|
services.avahi = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -103,7 +94,7 @@ in {
|
||||||
userServices = true;
|
userServices = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# xdg.portal = {
|
# xdg.portal = {
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# wlr.enable = true;
|
# wlr.enable = true;
|
||||||
|
@ -118,12 +109,24 @@ in {
|
||||||
remotePlay.openFirewall = true;
|
remotePlay.openFirewall = true;
|
||||||
dedicatedServer.openFirewall = true;
|
dedicatedServer.openFirewall = true;
|
||||||
};
|
};
|
||||||
|
programs.fish.enable = true;
|
||||||
|
programs.thunar = {
|
||||||
|
enable = true;
|
||||||
|
plugins = with pkgs.xfce; [ thunar-archive-plugin thunar-volman ];
|
||||||
|
};
|
||||||
|
age = {
|
||||||
|
secrets = {
|
||||||
|
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||||
|
wg-key.file = ../../secrets/wg-key.age;
|
||||||
|
};
|
||||||
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
i18n.defaultLocale = "de_DE.utf8";
|
i18n.defaultLocale = "de_DE.utf8";
|
||||||
console.keyMap = "de";
|
console.keyMap = "de";
|
||||||
|
|
||||||
environment.systemPackages = [ nvidia-offload neovim ];
|
environment.systemPackages = [ nvidia-offload neovim wally-cli ];
|
||||||
nix.extraOptions = ''
|
nix.extraOptions = ''
|
||||||
experimental-features = nix-command
|
experimental-features = nix-command
|
||||||
'';
|
'';
|
||||||
|
@ -135,7 +138,9 @@ in {
|
||||||
};
|
};
|
||||||
optimise.automatic = true;
|
optimise.automatic = true;
|
||||||
};
|
};
|
||||||
|
systemd.extraConfig = ''
|
||||||
|
DefaultTimeoutStopSec=10s
|
||||||
|
'';
|
||||||
nixpkgs.config.allowUnfree = true;
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
|
@ -144,6 +149,6 @@ in {
|
||||||
# this value at the release version of the first install of this system.
|
# this value at the release version of the first install of this system.
|
||||||
# Before changing this value read the documentation for this option
|
# Before changing this value read the documentation for this option
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
system.stateVersion = "22.11"; # Did you read the comment?
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -54,7 +54,8 @@
|
||||||
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
|
||||||
# high-resolution display
|
# high-resolution display
|
||||||
hardware.video.hidpi.enable = lib.mkDefault true;
|
#hardware.video.hidpi.enable = lib.mkDefault true;
|
||||||
hardware.bluetooth.enable = true;
|
hardware.bluetooth.enable = true;
|
||||||
|
hardware.keyboard.zsa.enable = true;
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
}
|
}
|
||||||
|
|
|
@ -4,8 +4,10 @@
|
||||||
./flatpak.nix
|
./flatpak.nix
|
||||||
./sound.nix
|
./sound.nix
|
||||||
./udev.nix
|
./udev.nix
|
||||||
|
./tailscale.nix
|
||||||
./virtualization.nix
|
./virtualization.nix
|
||||||
./xserver.nix
|
./wireguard.nix
|
||||||
|
#./xserver.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# services.gvfs = {
|
# services.gvfs = {
|
||||||
|
@ -14,5 +16,8 @@
|
||||||
# };
|
# };
|
||||||
# services.kubo = { enable = true; }; # IPFS
|
# services.kubo = { enable = true; }; # IPFS
|
||||||
services.printing.enable = true;
|
services.printing.enable = true;
|
||||||
services.netbird.enable = true;
|
services.sabnzbd.enable = true;
|
||||||
|
services.i2p.enable = true;
|
||||||
|
services.gvfs.enable = true;
|
||||||
|
services.trezord.enable = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "client";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.tailscale-autoconnect = {
|
||||||
|
description = "Automatic connection to Tailscale";
|
||||||
|
|
||||||
|
# make sure tailscale is running before trying to connect to tailscale
|
||||||
|
after = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wants = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
# set this service as a oneshot job
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||||
|
};
|
||||||
|
|
||||||
|
# have the job run this shell script
|
||||||
|
script = with pkgs; ''
|
||||||
|
# wait for tailscaled to settle
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# check if we are already authenticated to tailscale
|
||||||
|
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||||
|
if [ $status = "Running" ]; then # if so, then do nothing
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# otherwise authenticate with tailscale
|
||||||
|
${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -2,14 +2,5 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
# Trezor
|
|
||||||
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
|
|
||||||
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
|
|
||||||
# Trezor v2
|
|
||||||
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
|
|
||||||
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl", SYMLINK+="trezor%n"
|
|
||||||
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="plugdev", TAG+="uaccess", TAG+="udev-acl"
|
|
||||||
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", MODE="0666", GROUP="users", RUN+="${pkgs.coreutils}/bin/chmod a+w /sys/class/backlight/%k/brightness"
|
|
||||||
ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
|
|
||||||
'';
|
'';
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,19 @@
|
||||||
{
|
{ pkgs, ... }: {
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation = {
|
||||||
virtualisation.libvirtd.qemu.swtpm.enable = true;
|
libvirtd = {
|
||||||
virtualisation.libvirtd.qemu.ovmf.enable = true;
|
enable = true;
|
||||||
virtualisation.podman = {
|
qemu = {
|
||||||
enable = true;
|
swtpm.enable = true;
|
||||||
enableNvidia = true;
|
ovmf = {
|
||||||
defaultNetwork.dnsname.enable = true;
|
enable = true;
|
||||||
|
packages = [ pkgs.OVMFFull ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
podman = {
|
||||||
|
enable = true;
|
||||||
|
enableNvidia = true;
|
||||||
|
defaultNetwork.settings.dns_enabled = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
networking.wg-quick.interfaces = {
|
||||||
|
wg0 = {
|
||||||
|
configFile = config.age.secrets.wg-key.path;
|
||||||
|
autostart = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,31 @@
|
||||||
|
let
|
||||||
|
gpuIDs = [
|
||||||
|
"10de:249d" # Graphics
|
||||||
|
"10de:228b" # Audio
|
||||||
|
];
|
||||||
|
in { pkgs, lib, config, ... }: {
|
||||||
|
options.vfio.enable = with lib;
|
||||||
|
mkEnableOption "Configure the machine for VFIO";
|
||||||
|
|
||||||
|
config = let cfg = config.vfio;
|
||||||
|
in {
|
||||||
|
boot = {
|
||||||
|
initrd.kernelModules = [
|
||||||
|
"vfio_pci"
|
||||||
|
"vfio"
|
||||||
|
"vfio_iommu_type1"
|
||||||
|
"vfio_virqfd"
|
||||||
|
];
|
||||||
|
|
||||||
|
kernelParams = [
|
||||||
|
# enable IOMMU
|
||||||
|
"intel_iommu=on"
|
||||||
|
] ++ lib.optional cfg.enable
|
||||||
|
# isolate the GPU
|
||||||
|
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
|
||||||
|
};
|
||||||
|
|
||||||
|
hardware.opengl.enable = true;
|
||||||
|
virtualisation.spiceUSBRedirection.enable = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,69 @@
|
||||||
|
{ pkgs, ... }: {
|
||||||
|
imports = [
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../common/users/m3tam3re
|
||||||
|
../common/base
|
||||||
|
./services
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.openssh.settings.PasswordAuthentication = false;
|
||||||
|
networking = {
|
||||||
|
hostName = "m3-r1";
|
||||||
|
firewall.enable = true;
|
||||||
|
firewall.allowedTCPPortRanges = [{
|
||||||
|
from = 3000;
|
||||||
|
to = 3100;
|
||||||
|
}];
|
||||||
|
firewall.allowedTCPPorts = [ 53 80 443 5432 3306 3478 ];
|
||||||
|
firewall.allowedUDPPorts = [ 53 51820 41641 ];
|
||||||
|
firewall.allowedUDPPortRanges = [{
|
||||||
|
from = 3478;
|
||||||
|
to = 3481;
|
||||||
|
}];
|
||||||
|
};
|
||||||
|
programs.fish.enable = true;
|
||||||
|
age = {
|
||||||
|
secrets = {
|
||||||
|
mj-smtp-user.file = ../../secrets/mj-smtp-user.age;
|
||||||
|
mj-smtp-pass.file = ../../secrets/mj-smtp-pass.age;
|
||||||
|
tailscale-key.file = ../../secrets/tailscale-key.age;
|
||||||
|
|
||||||
|
vaultwarden-env = {
|
||||||
|
file = ../../secrets/vaultwarden-env.age;
|
||||||
|
mode = "770";
|
||||||
|
};
|
||||||
|
|
||||||
|
n8n-env = {
|
||||||
|
file = ../../secrets/n8n-env.age;
|
||||||
|
mode = "770";
|
||||||
|
};
|
||||||
|
|
||||||
|
traefik-env = {
|
||||||
|
file = ../../secrets/traefik-env.age;
|
||||||
|
mode = "770";
|
||||||
|
owner = "traefik";
|
||||||
|
};
|
||||||
|
|
||||||
|
searx-environmentFile = {
|
||||||
|
file = ../../secrets/searx-environmentFile.age;
|
||||||
|
mode = "770";
|
||||||
|
owner = "searx";
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
identityPaths = [ "/root/.ssh/lkk-nix-1" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
gc = {
|
||||||
|
automatic = true;
|
||||||
|
options = "--delete-older-than 30d";
|
||||||
|
};
|
||||||
|
optimise.automatic = true;
|
||||||
|
};
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
}
|
|
@ -0,0 +1,49 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=root" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/home" =
|
||||||
|
{ device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=home" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" =
|
||||||
|
{ device = "/dev/disk/by-uuid/5e3a0875-005c-49c4-9dbf-86e471e7e881";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=nix" "compress=zstd" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/A79C-4B9F";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ./containers ];
|
||||||
|
|
||||||
|
virtualisation.podman = {
|
||||||
|
enable = true;
|
||||||
|
defaultNetwork.settings = { dns_enabled = true; };
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.backend = "podman";
|
||||||
|
}
|
|
@ -0,0 +1,25 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."baserow" = {
|
||||||
|
image = "docker.io/baserow/baserow:1.18.0";
|
||||||
|
environment = {
|
||||||
|
BASEROW_PUBLIC_URL = "https://db.lanakk.com";
|
||||||
|
|
||||||
|
POSTGRES_USER = "baserow";
|
||||||
|
POSTGRES_PASSWORD = "baserow";
|
||||||
|
POSTGRES_DB = "baserow";
|
||||||
|
DATABASE_HOST = "postgres";
|
||||||
|
DATABASE_NAME = "baserow";
|
||||||
|
DATABASE_USER = "baserow";
|
||||||
|
DATABASE_PASSWORD = "baserow";
|
||||||
|
|
||||||
|
EMAIL_SMTP = "in-v3.mailjet.com";
|
||||||
|
EMAIL_SMTP_HOST = "in-v3.mailjet.com";
|
||||||
|
EMAIL_SMTP_PORT = "587";
|
||||||
|
EMAIL_SMTP_USER = config.age.secrets.mj-smtp-user.path;
|
||||||
|
EMAIL_SMTP_PASSWORD = config.age.secrets.mj-smtp-pass.path;
|
||||||
|
};
|
||||||
|
ports = [ "3001:80" ];
|
||||||
|
volumes = [ "baserow_data:/baserow/data" ];
|
||||||
|
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.11" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."briefkasten" = {
|
||||||
|
image = "docker.io/ndom91/briefkasten";
|
||||||
|
environmentFiles = [ config.age.secrets.briefkasten-env.path ];
|
||||||
|
ports = [ "3009:3000" ];
|
||||||
|
extraOptions = [ "--add-host=postgres:10.88.0.1" "--ip=10.88.0.19" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./baserow.nix
|
||||||
|
# ./briefkasten.nix
|
||||||
|
# ./little-link.nix
|
||||||
|
./matomo.nix
|
||||||
|
./mautic.nix
|
||||||
|
# ./nextcloud.nix
|
||||||
|
# ./nginx.nix
|
||||||
|
# ./wordpress.nix
|
||||||
|
];
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."littlelink_lanakk" = {
|
||||||
|
image = "ghcr.io/techno-tim/littlelink-server";
|
||||||
|
environmentFiles = [ config.age.secrets.littlelink-lanakk-env.path ];
|
||||||
|
ports = [ "3010:3000" ];
|
||||||
|
extraOptions = [ "--ip=10.88.0.20" ];
|
||||||
|
};
|
||||||
|
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
|
||||||
|
image = "ghcr.io/techno-tim/littlelink-server";
|
||||||
|
environmentFiles = [ config.age.secrets.littlelink-m3tam3re-env.path ];
|
||||||
|
ports = [ "3011:3000" ];
|
||||||
|
extraOptions = [ "--ip=10.88.0.21" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."matomo" = {
|
||||||
|
image = "docker.io/matomo";
|
||||||
|
environment = {
|
||||||
|
MATOMO_DATABASE_HOST = "mysql";
|
||||||
|
MATOMO_DATABASE_USERNAME = "matomo";
|
||||||
|
MATOMO_DATABASE_PASSWORD = "matomo";
|
||||||
|
MATOMO_DATABASE_DBNAME = "matomo";
|
||||||
|
PHP_MEMORY_LIMIT="2048M";
|
||||||
|
|
||||||
|
};
|
||||||
|
ports = [ "3003:80" ];
|
||||||
|
volumes = [ "matomo_data:/var/www/html" ];
|
||||||
|
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.13" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,16 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."mautic" = {
|
||||||
|
image = "docker.io/mautic/mautic:v4-apache";
|
||||||
|
environment = {
|
||||||
|
MAUTIC_DB_HOST = "mysql";
|
||||||
|
MAUTIC_DB_USER = "mautic";
|
||||||
|
MAUTIC_DB_PASSWORD = "mautic";
|
||||||
|
MAUTIC_DB_DBNAME = "mautic";
|
||||||
|
PHP_MEMORY_LIMIT="2048M";
|
||||||
|
MAUTIC_RUN_CRON_JOBS="true";
|
||||||
|
};
|
||||||
|
ports = [ "3008:80" ];
|
||||||
|
volumes = [ "mautic_data:/var/www/html" ];
|
||||||
|
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.23" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."nextcloud" = {
|
||||||
|
image = "docker.io/nextcloud";
|
||||||
|
environment = {
|
||||||
|
TRUSTED_PROXIES = "10.88.0.1/16";
|
||||||
|
OVERWRITEPROTOCOL = "https";
|
||||||
|
OVERWRITECLIURL = "https://cloud.lanakk.com";
|
||||||
|
OVERWRITEHOST = "cloud.lanakk.com";
|
||||||
|
};
|
||||||
|
ports = [ "3005:80" ];
|
||||||
|
volumes = [ "nextcloud_data:/var/www/html" ];
|
||||||
|
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.15" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."http-images" = {
|
||||||
|
image = "docker.io/nginx:alpine";
|
||||||
|
ports = [ "3012:80" ];
|
||||||
|
volumes = [ "/opt/service-data/http-images:/usr/share/nginx/html"];
|
||||||
|
extraOptions = [ "--ip=10.88.0.22" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."wireguard" = {
|
||||||
|
image = "docker.io/weejewel/wg-easy";
|
||||||
|
environment = { WG_HOST = "wg.lanakk.com"; WG_DEFAULT_DNS = "10.88.0.1:5353"; };
|
||||||
|
ports = [ "3007:51821/tcp" "51820:51820/udp" ];
|
||||||
|
volumes = [ "wireguard_data:/etc/wireguard" ];
|
||||||
|
extraOptions = [
|
||||||
|
"--cap-add=NET_ADMIN"
|
||||||
|
"--cap-add=SYS_MODULE"
|
||||||
|
"--sysctl=net.ipv4.conf.all.src_valid_mark=1"
|
||||||
|
"--sysctl=net.ipv4.ip_forward=1"
|
||||||
|
"--ip=10.88.0.17"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,14 @@
|
||||||
|
{ config, outputs, ... }: {
|
||||||
|
virtualisation.oci-containers.containers."lanakk_blog" = {
|
||||||
|
image = "docker.io/wordpress";
|
||||||
|
environment = {
|
||||||
|
WORDPRESS_DB_HOST = "mysql";
|
||||||
|
WORDPRESS_DB_USER = "wp";
|
||||||
|
WORDPRESS_DB_PASSWORD = "wp";
|
||||||
|
WORDPRESS_DB_NAME = "lanakk_blog";
|
||||||
|
};
|
||||||
|
ports = [ "3002:80" ];
|
||||||
|
volumes = [ "lanakk_blog_data:/var/www/html" ];
|
||||||
|
extraOptions = [ "--add-host=mysql:10.88.0.1" "--ip=10.88.0.12" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./container.nix
|
||||||
|
./gitea.nix
|
||||||
|
./n8n.nix
|
||||||
|
./postgres.nix
|
||||||
|
./searx.nix
|
||||||
|
./syncthing.nix
|
||||||
|
./tailscale.nix
|
||||||
|
./traefik.nix
|
||||||
|
./vaultwarden.nix
|
||||||
|
];
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
settings.server.ROOT_URL = "https://code.lanakk.com";
|
||||||
|
lfs.enable = true;
|
||||||
|
dump = {
|
||||||
|
enable = true;
|
||||||
|
interval = "03:30:00";
|
||||||
|
backupDir = "/var/backup/gitea";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,13 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.mysql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.mariadb;
|
||||||
|
};
|
||||||
|
services.mysqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
calendar = "03:00:00";
|
||||||
|
databases = [ "" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
|
||||||
|
services.n8n = {
|
||||||
|
enable = true;
|
||||||
|
openFirewall = true;
|
||||||
|
settings = {
|
||||||
|
host = "wf.lanakk.com";
|
||||||
|
protocol = "https";
|
||||||
|
editorBaseUrl="https://wf.lanakk.com";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd.services.n8n.serviceConfig = {
|
||||||
|
EnvironmentFile = "${config.age.secrets.n8n-env.path}";
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,26 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
enableTCPIP = true;
|
||||||
|
package = pkgs.postgresql_15;
|
||||||
|
authentication = pkgs.lib.mkOverride 10 ''
|
||||||
|
local all all trust
|
||||||
|
host all all 127.0.0.1/32 trust
|
||||||
|
host all all ::1/128 trust
|
||||||
|
host all all 10.88.0.1/16 trust
|
||||||
|
'';
|
||||||
|
initialScript = pkgs.writeText "backend-initScript" ''
|
||||||
|
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
|
||||||
|
CREATE DATABASE baserow;
|
||||||
|
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
|
||||||
|
ALTER DATABASE baserow OWNER to baserow;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
startAt = "03:10:00";
|
||||||
|
databases = [ "baserow" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,11 @@
|
||||||
|
{ pkgs, ... }:
|
||||||
|
{
|
||||||
|
services.searx = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.searxng;
|
||||||
|
settings = {
|
||||||
|
server.port = 3004;
|
||||||
|
server.secret_key = "@SEARX_SECRET_KEY@";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
services.syncthing = {
|
||||||
|
enable = true;
|
||||||
|
openDefaultPorts = true;
|
||||||
|
guiAddress = "0.0.0.0:8384";
|
||||||
|
overrideDevices = true;
|
||||||
|
overrideFolders = true;
|
||||||
|
devices = {
|
||||||
|
"LK-DATA" = {
|
||||||
|
id = "BI7CMZF-2SGQMXW-RG47HRG-FEH454J-ZTCE544-BXNSCSJ-PXCE7A7-R4CX2Q3";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
folders = {
|
||||||
|
"Bildvorschauen" = {
|
||||||
|
path = "/opt/service-data/http-images";
|
||||||
|
devices = [ "LK-DATA" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,38 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
services.tailscale = {
|
||||||
|
enable = true;
|
||||||
|
useRoutingFeatures = "both";
|
||||||
|
};
|
||||||
|
networking.firewall = {
|
||||||
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
|
};
|
||||||
|
systemd.services.tailscale-autoconnect = {
|
||||||
|
description = "Automatic connection to Tailscale";
|
||||||
|
|
||||||
|
# make sure tailscale is running before trying to connect to tailscale
|
||||||
|
after = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wants = [ "network-pre.target" "tailscale.service" ];
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
||||||
|
# set this service as a oneshot job
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "oneshot";
|
||||||
|
EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
|
||||||
|
};
|
||||||
|
|
||||||
|
# have the job run this shell script
|
||||||
|
script = with pkgs; ''
|
||||||
|
# wait for tailscaled to settle
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
# check if we are already authenticated to tailscale
|
||||||
|
status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
|
||||||
|
if [ $status = "Running" ]; then # if so, then do nothing
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# otherwise authenticate with tailscale
|
||||||
|
${tailscale}/bin/tailscale up --advertise-exit-node --authkey $TAILSCALE_KEY
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,152 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
services.traefik = {
|
||||||
|
enable = true;
|
||||||
|
staticConfigOptions = {
|
||||||
|
log = { level = "WARN"; };
|
||||||
|
certificatesResolvers = {
|
||||||
|
lets-encrypt = {
|
||||||
|
acme = {
|
||||||
|
email = "acc@m3tam3re.com";
|
||||||
|
storage = "/var/lib/traefik/acme.json";
|
||||||
|
tlsChallenge = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
api = { };
|
||||||
|
entryPoints = {
|
||||||
|
web = {
|
||||||
|
address = ":80";
|
||||||
|
http.redirections.entryPoint = {
|
||||||
|
to = "websecure";
|
||||||
|
scheme = "https";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
websecure = { address = ":443"; };
|
||||||
|
};
|
||||||
|
};
|
||||||
|
dynamicConfigOptions = {
|
||||||
|
http = {
|
||||||
|
middlewares = {
|
||||||
|
auth = {
|
||||||
|
basicAuth = {
|
||||||
|
users = [ "m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh." ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nextcloud_redirectregex = {
|
||||||
|
redirectRegex = {
|
||||||
|
permanent = true;
|
||||||
|
regex = "https://(.*)/.well-known/(?:card|cal)dav";
|
||||||
|
replacement = "https://\${1}/remote.php/dav";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nextcloud_headers = {
|
||||||
|
headers = {
|
||||||
|
referrerPolicy = "no-referrer";
|
||||||
|
stsSeconds = "31536000";
|
||||||
|
forceSTSHeader = true;
|
||||||
|
stsPreload = true;
|
||||||
|
stsIncludeSubdomains = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services = {
|
||||||
|
baserow.loadBalancer.servers = [{ url = "http://localhost:3001/"; }];
|
||||||
|
gitea.loadBalancer.servers = [{ url = "http://localhost:3000/"; }];
|
||||||
|
n8n.loadBalancer.servers = [{ url = "http://localhost:5678/"; }];
|
||||||
|
lanakk_blog.loadBalancer.servers =
|
||||||
|
[{ url = "http://localhost:3002/"; }];
|
||||||
|
matomo.loadBalancer.servers = [{ url = "http://localhost:3003/"; }];
|
||||||
|
searx.loadBalancer.servers = [{ url = "http://localhost:3004/"; }];
|
||||||
|
mautic.loadBalancer.servers = [{ url = "http://localhost:3008/"; }];
|
||||||
|
syncthing.loadBalancer.servers =
|
||||||
|
[{ url = "http://localhost:8384/"; }];
|
||||||
|
vaultwarden.loadBalancer.servers =
|
||||||
|
[{ url = "http://localhost:3014/"; }];
|
||||||
|
};
|
||||||
|
routers = {
|
||||||
|
api = {
|
||||||
|
rule = "Host(`r.m3tam3re.com`)";
|
||||||
|
tls = { certResolver = "lets-encrypt"; };
|
||||||
|
service = "api@internal";
|
||||||
|
middlewares = "auth";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
baserow = {
|
||||||
|
rule = "Host(`br.m3tam3re.com`)";
|
||||||
|
tls = { certResolver = "lets-encrypt"; };
|
||||||
|
service = "baserow";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
gitea = {
|
||||||
|
rule = "Host(`code.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "code.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "gitea";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
n8n = {
|
||||||
|
rule = "Host(`io.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "io.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "n8n";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
matomo-m3tam3re = {
|
||||||
|
rule = "Host(`stats.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "stats.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "matomo";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
searx = {
|
||||||
|
rule = "Host(`search.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "search.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "searx";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
mautic = {
|
||||||
|
rule = "Host(`ma.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "ma.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "mautic";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
syncthing = {
|
||||||
|
rule = "Host(`sync.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "sync.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "syncthing";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
vaultwarden = {
|
||||||
|
rule = "Host(`vw.m3tam3re.com`)";
|
||||||
|
tls = {
|
||||||
|
certResolver = "lets-encrypt";
|
||||||
|
domains = "vw.m3tam3re.com";
|
||||||
|
};
|
||||||
|
service = "vaultwarden";
|
||||||
|
middlewares = "auth";
|
||||||
|
entrypoints = "websecure";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.traefik.serviceConfig = {
|
||||||
|
EnvironmentFile = [ "${config.age.secrets.traefik-env.path}" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, pkgs, ... }: {
|
||||||
|
|
||||||
|
services.vaultwarden = {
|
||||||
|
enable = true;
|
||||||
|
backupDir = "/var/backup/vaultwarden";
|
||||||
|
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1 @@
|
||||||
|
{ ordercollect = import ./ordercollect.nix; }
|
|
@ -0,0 +1,31 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let cfg = config.services.ordercollect;
|
||||||
|
|
||||||
|
in {
|
||||||
|
options.services.ordercollect = {
|
||||||
|
enable = mkEnableOption "Enable Ordercollect";
|
||||||
|
port = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = "The http port to run on";
|
||||||
|
default = "";
|
||||||
|
};
|
||||||
|
package = mkOption {
|
||||||
|
type = types.package;
|
||||||
|
default = pkgs.ordercollect;
|
||||||
|
description = ''
|
||||||
|
The package for ordercollect
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
systemd.services.ordercollect = {
|
||||||
|
ExecStart = "${cfg.package}/bin/ordercollect --port ${cfg.port}";
|
||||||
|
Restart = "on-failure";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{ stdenv, lib, fetchFromGitHub, bash, pkgs, makeWrapper }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
with pkgs;
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
pname = "bemoji";
|
||||||
|
version = "0.3.0";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "marty-oehme";
|
||||||
|
repo = "bemoji";
|
||||||
|
rev = "dc68887";
|
||||||
|
sha256 = "XXNrUaS06UHF3cVfIfWjGF1sdPE709W2tFhfwTitzNs=";
|
||||||
|
};
|
||||||
|
buildInputs = [ bash coreutils wl-clipboard wofi wtype ];
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp bemoji $out/bin/bemoji
|
||||||
|
wrapProgram $out/bin/bemoji \
|
||||||
|
--prefix PATH : ${makeBinPath [ bash coreutils wl-clipboard wofi wtype ]}
|
||||||
|
'';
|
||||||
|
}
|
|
@ -0,0 +1,7 @@
|
||||||
|
{ pkgs ? import <nixpkgs> { } }: {
|
||||||
|
|
||||||
|
wofi-pass = pkgs.callPackage ./wofi-pass { };
|
||||||
|
bemoji = pkgs.callPackage ./bemoji { };
|
||||||
|
ordercollect = pkgs.callPackage ./ordercollect { };
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
{ buildGoModule, fetchFromGitea, lib }:
|
||||||
|
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "ordercollect";
|
||||||
|
version = "0.1.0";
|
||||||
|
|
||||||
|
src = fetchFromGitea {
|
||||||
|
domain = "code.lanakk.com";
|
||||||
|
owner = "LANAKK";
|
||||||
|
repo = "ordercollect";
|
||||||
|
rev = "9ecbfa46f6758214aa2fcee7ad96aa7730301a06";
|
||||||
|
hash = "sha256-n4njl7LwG6GuoTj7x3rWOjErZ/a1Fog0qAymYxvsR2w=";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorHash = "sha256-G6k331XRuVN/cM4sNcdUV9/BzdISQI7Ljc4tesJnmH0=";
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "A simple Api for creating orders, written in Go";
|
||||||
|
homepage = "https://code.lanakk.com/LANAKK/ordercollect";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ m3tam3re ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,24 @@
|
||||||
|
{ stdenv, lib, fetchFromGitHub, bash, pkgs, makeWrapper }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
with pkgs;
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
pname = "wofi-pass";
|
||||||
|
version = "0.1";
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "TinfoilSubmarine";
|
||||||
|
repo = "wofi-pass";
|
||||||
|
rev = "869c545";
|
||||||
|
sha256 = "gcfW8E/3/dqv0P3S4z9fDv8k4R7czcIKwpo/OHFFWj0=";
|
||||||
|
};
|
||||||
|
buildInputs = [ bash coreutils wl-clipboard wofi wtype ];
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
installPhase = ''
|
||||||
|
mkdir -p $out/bin
|
||||||
|
cp wofi-pass $out/bin/wofi-pass
|
||||||
|
wrapProgram $out/bin/wofi-pass \
|
||||||
|
--prefix PATH : ${makeBinPath [ bash coreutils wl-clipboard wofi wtype ]}
|
||||||
|
'';
|
||||||
|
}
|
32
secrets.nix
32
secrets.nix
|
@ -1,24 +1,28 @@
|
||||||
let
|
let
|
||||||
root = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
|
system =
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU=";
|
||||||
in {
|
in {
|
||||||
"mj-smtp-user.age".publicKeys = [ root ];
|
"mj-smtp-user.age".publicKeys = [ system ];
|
||||||
"mj-smtp-pass.age".publicKeys = [ root ];
|
"mj-smtp-pass.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"billbee-api-key.age".publicKeys = [ root ];
|
"n8n-env.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"godaddy-api-key.age".publicKeys = [ root ];
|
"godaddy-api-key.age".publicKeys = [ system ];
|
||||||
"godaddy-api-secret.age".publicKeys = [ root ];
|
"godaddy-api-secret.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"searx-environmentFile.age".publicKeys = [ root ];
|
"searx-environmentFile.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"wg-easy-environmentFile.age".publicKeys = [ root ];
|
"tailscale-key.age".publicKeys = [ system ];
|
||||||
|
"wg-key.age".publicKeys = [ system ];
|
||||||
"briefkasten-env.age".publicKeys = [ root ];
|
|
||||||
|
|
||||||
"littlelink-lanakk-env.age".publicKeys = [ root ];
|
"briefkasten-env.age".publicKeys = [ system ];
|
||||||
"littlelink-m3tam3re-env.age".publicKeys = [ root ];
|
|
||||||
|
|
||||||
"traefik-env.age".publicKeys = [ root ];
|
"littlelink-lanakk-env.age".publicKeys = [ system ];
|
||||||
|
"littlelink-m3tam3re-env.age".publicKeys = [ system ];
|
||||||
|
|
||||||
"minio-root-cred.age".publicKeys = [ root ];
|
"traefik-env.age".publicKeys = [ system ];
|
||||||
|
|
||||||
|
"minio-system-cred.age".publicKeys = [ system ];
|
||||||
|
|
||||||
|
"vaultwarden-env.age".publicKeys = [ system ];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-rsa DQlE7w
|
|
||||||
OtpKyKFBd86zVAvGIZuBYZuKO3y79nq9Ak6h08j8f8xPSwXtEtcAJBfgBXQCYdV2
|
|
||||||
Z+pY7rMpKx/0rx+nG4/Axl2WwuCIhYrB4ypNxYOAdtrgBGdGQueQfZAcq5aV1aRt
|
|
||||||
KZF1dlcxy3P8CYpodmLZQW+djjGtoDQDIjlNpf/1WPjKEF86Dd+3ihnnGFzIHib5
|
|
||||||
9hxIc7iwIEVp6atEoqd9I/Cp/kpwUksAhuX906l0vIvCz1YyuW0oWugGa4uN1ruK
|
|
||||||
cfCcv4iWqZb/dJg0m/tUH6xXC/njjFs4xh3kauomtYf+PkJ66BK0BfAJenIGwHsm
|
|
||||||
/t5sI9TzumMm3lfJMjjxqRUfI9Etp9VSe5OcAbeNZkAk84JmU1vddyQ9cQKmJ4il
|
|
||||||
TUtdRHAYqh1HKdihY0Kf3p/Cua7zNu0PRDRF52zUP06wZ9LLMBokeD6lOVsh5sWb
|
|
||||||
PcpRQgZxEbgbkSi7XEncSHUWuyhtfRMie3jaFfaNb/Eq1J+U1puHaahG2RboubNl
|
|
||||||
|
|
||||||
-> *#,oB|-grease q:S"z3 $yJt<Ihx dX S^C[i
|
|
||||||
QwYCVTkVaOPWgAdaB4lT+On0G5iSIth64mvqOukhpd1pfJEqbErK2shdLAgeGqnV
|
|
||||||
LcGBGnBHTeZxkLK0dUojZU4EowyATgg7Xza/bog
|
|
||||||
--- SY/yTo1kwFsPe35ej/YJa2D+OADxOlzE5zSO7MD/ges
|
|
||||||
ÝÝ/u$›g,çÆy¶Yª~Ò¢öÅ9ì÷ÒÇ|]5ˆ%¼ž
Ô<>²¸V›KºmGš”.kòQ¬wÙªÕp_Çù“P
|
|
Binary file not shown.
|
@ -0,0 +1,16 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa DQlE7w
|
||||||
|
b4/YbeFqzbMhKh0R1V5Kth0a6O9OMIGXZJWHeV4sYXAonybyc5yWFz05Mrm2Qo9E
|
||||||
|
xOEH7s8XpTPmyOPoUfFdzEJSQ/QFUOganfsO1YiTOTVOf7ARHI1WjPSiYH/pXaef
|
||||||
|
cksXjxLjGuiMZWGbIeU+xaxVsrbUPFtTb0nTvUrAdVMXPMM7TvLva7JO3DZa/7RA
|
||||||
|
tikR4fV2kMiD6yhoNedzDoRRWtuMLmHvtoJlKnAnhxAkRz8Poo77ZNVdrw+w5KuM
|
||||||
|
bDDVxvNJ76peGI7hx+LYlKQHf849iAjsa/e0C2zkOJROEMzhW9CgaJxNA829GqRM
|
||||||
|
96lluaJLtGvtxQuQSJcnTRWZQBg8513+LJGcIUT7gynCa8qChlDoxuwmhhGIDAQ5
|
||||||
|
9QtO9scI39dMsgQeM+TJcpMYlgJCw2JLQ1j7en6xUXfUrV8hahV7Ul/rVFe5oU81
|
||||||
|
KUBSBFJoli2R0P4PeoykNNLY897kfXWyjIyW1RZ4Z0g+9DwG8VMuYrxe3BbLSWBE
|
||||||
|
|
||||||
|
-> V~^hk-grease :Y
|
||||||
|
1ROczYKXhky797kakoYTfMjB1YSjiEc0cMKI5wvb8PUwepSvv+IJ+H941XTr7qv9
|
||||||
|
CD7hGgQO/gtHp9nI4/bguBaxZrGGg1p2o3Sb7j3ENz1Gyw
|
||||||
|
--- uyM+nfRla6Evb8kfnwNNWF1FvkPeQ333kOMCo0oCh+8
|
||||||
|
AIŒÇQ4ˆÕåþž¯¹§SŒ¸ÿýç,Š¢+‘T$ÙÑ1Óôÿt_·ìí§øE%’Zï]€ößõ`rŒa£/GüýŸ·<“™'‹my#Fˆ¯#èw"äÀDi„Ïkñj
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Loading…
Reference in New Issue