From 23cfb96adbe91a8ec6167ed250ff76a6e7948c39 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Sat, 20 Jul 2024 00:10:56 +0200 Subject: [PATCH] chore: code cleanup --- SwarselSystems.org | 4011 ++++++++++++++++++------------------ flake.lock | 112 +- flake.nix | 15 +- index.html | 3041 +++++++++++++-------------- profiles/TEMPLATE/home.nix | 39 +- profiles/common/home.nix | 131 +- profiles/threed/home.nix | 6 +- programs/emacs/init.el | 27 + 8 files changed, 3701 insertions(+), 3681 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index f1da79e..19b36ad 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -151,7 +151,7 @@ For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS mo }; monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; }; name = "FiraCode Nerd Font Mono"; }; @@ -162,8 +162,6 @@ For styling, I am using the [[https://github.com/danth/stylix][stylix]] NixOS mo }; }; - - #+end_src *** Waybar items - LAPTOPS :PROPERTIES: @@ -176,22 +174,23 @@ The most part of this configuration is done here: [[#h:0bf51f63-01c0-4053-a591-7 #+begin_src nix :tangle no :noweb-ref waybarlaptop - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; #+end_src *** Waybar items - PC @@ -205,26 +204,27 @@ The most part of this configuration is done here: [[#h:0bf51f63-01c0-4053-a591-7 #+begin_src nix :tangle no :noweb-ref waybarpc - programs.waybar.settings.mainBar."custom/pseudobat"= { - format= ""; - on-click-right= "wlogout -p layer-shell"; - }; - programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark" - "mpris" - "custom/left-arrow-light" - "network" - "custom/left-arrow-dark" - "pulseaudio" - "custom/left-arrow-light" - "custom/pseudobat" - "battery" - "custom/left-arrow-dark" - "group/hardware" - "custom/left-arrow-light" - "clock#2" - "custom/left-arrow-dark" - "clock#1" - ]; + programs.waybar.settings.mainBar."custom/pseudobat" = { + format = ""; + on-click-right = "wlogout -p layer-shell"; + }; + programs.waybar.settings.mainBar.modules-right = [ + "custom/outer-left-arrow-dark" + "mpris" + "custom/left-arrow-light" + "network" + "custom/left-arrow-dark" + "pulseaudio" + "custom/left-arrow-light" + "custom/pseudobat" + "battery" + "custom/left-arrow-dark" + "group/hardware" + "custom/left-arrow-light" + "clock#2" + "custom/left-arrow-dark" + "clock#1" + ]; #+end_src *** Sway Startup commands @@ -244,12 +244,12 @@ Do not that =syncthingtray= is also not mentioned here. It is installed as a hom #+begin_src nix :tangle no :noweb-ref startupnixos - { command = "nextcloud --background";} - { command = "discord --start-minimized";} - { command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";} - { command = "ANKI_WAYLAND=1 anki";} - { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} - { command = "nm-applet";} +{ command = "nextcloud --background"; } +{ command = "discord --start-minimized"; } +{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; } +{ command = "ANKI_WAYLAND=1 anki"; } +{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; } +{ command = "nm-applet"; } #+end_src @@ -274,10 +274,10 @@ I also enable the extra socket here for ssh agent forwarding. But I have not ful defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; + }; #+end_src @@ -331,7 +331,7 @@ This sections is for common NixoS settings that I use for my NixoS LXC images th }; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -402,6 +402,7 @@ Mind the comma at the end. You need this because the =...= is being passed as th lanzaboote, nixos-hardware, nix-alien, + nixos-generators, nswitch-rcm-nix, nix-index-database, @@ -410,7 +411,7 @@ Mind the comma at the end. You need this because the =...= is being passed as th Here, just add the input names, urls and other options that are needed, like =nixpkgs.follows=. By using the latter option, you tell the package to not provide it's own package repository, but instead 'nest' itself into another, which is very useful. A short overview over each input and what it does: -- nixkpkgs +- [[https://github.com/NixOS/nixpkgs][nixpkgs]] This is the base repository that I am following for all packages. I follow the unstable branch. - [[https://github.com/nix-community/home-manager][home-manager]] This handles user-level configuration and mostly provides dotfiles that are generated and symlinked to =~/.config/=. @@ -430,6 +431,8 @@ A short overview over each input and what it does: Provides specific hardware setting for some hardware configurations. For example, this sets some better defaults for my Lenovo Thinkpad P14s Gen2. - [[https://github.com/thiagokokada/nix-alien][nix-alien]] This is supposed to allow me to run unpatched libraries directly without a need for ELF patching or resorting to =steam-run=. However, I have not yet gotten this to work. +- [[https://github.com/nix-community/nixos-generators][nixos-generators]] + Provides me with images that I can use to create LXCs on Proxmox. - [[https://github.com/Swarsel/nswitch-rcm-nix][nswitch-rcm-nix]] Allows auto injection of payloads upon connecting a Nintendo Switch. - [[https://github.com/nix-community/nix-index-database][nix-index-database]] @@ -483,11 +486,6 @@ A short overview over each input and what it does: inputs.nixpkgs.follows = "nixpkgs"; }; - # patches for gaming on nix - nix-gaming = { - url = "github:fufexan/nix-gaming"; - }; - # hardware quirks on nix nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; @@ -522,42 +520,47 @@ Lastly I define some common module lists that I can simply load depending on the #+begin_src nix :tangle no :noweb-ref flakelet system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment - pkgs = import nixpkgs { inherit system; - overlays = [ emacs-overlay.overlay - nur.overlay - nixgl.overlay - (final: _prev: { - stable = import nixpkgs-stable { - inherit (final) system config; - }; - }) - ]; - config.allowUnfree = true; - }; + pkgs = import nixpkgs { + inherit system; + overlays = [ + emacs-overlay.overlay + nur.overlay + nixgl.overlay + (final: _prev: { + stable = import nixpkgs-stable { + inherit (final) system config; + }; + }) + ]; + config.allowUnfree = true; + }; # NixOS modules that can only be used on NixOS systems - nixModules = [ stylix.nixosModules.stylix - sops-nix.nixosModules.sops - nswitch-rcm-nix.nixosModules.nswitch-rcm - ./profiles/common/nixos.nix - # dynamic library loading - ({ self, system, ... }: { - environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ - nix-alien - ]; - # needed for `nix-alien-ld` - programs.nix-ld.enable = true; - }) - ]; + nixModules = [ + stylix.nixosModules.stylix + sops-nix.nixosModules.sops + nswitch-rcm-nix.nixosModules.nswitch-rcm + ./profiles/common/nixos.nix + # dynamic library loading + ({ self, system, ... }: { + environment.systemPackages = with self.inputs.nix-alien.packages.${system}; [ + nix-alien + ]; + # needed for `nix-alien-ld` + programs.nix-ld.enable = true; + }) + ]; # Home-Manager modules wanted on non-NixOS systems - homeModules = [ stylix.homeManagerModules.stylix - ]; + homeModules = [ + stylix.homeManagerModules.stylix + ]; # Home-Manager modules wanted on both NixOS and non-NixOS systems - mixedModules = [ sops-nix.homeManagerModules.sops - nix-index-database.hmModules.nix-index - ./profiles/common/home.nix - ]; + mixedModules = [ + sops-nix.homeManagerModules.sops + nix-index-database.hmModules.nix-index + ./profiles/common/home.nix + ]; #+end_src *** nixosConfigurations @@ -570,9 +573,9 @@ This section is the biggest pain point of the configuration. For every system, I #+begin_src nix :tangle no :noweb-ref flakenixosconf onett = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ - ./profiles/onett/nixos.nix + ./profles/onett/nixos.nix home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = mixedModules ++ [ @@ -583,7 +586,7 @@ This section is the biggest pain point of the configuration. For every system, I }; sandbox = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/sandbox/nixos.nix @@ -591,7 +594,7 @@ This section is the biggest pain point of the configuration. For every system, I }; twoson = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ ./profiles/twoson/nixos.nix home-manager.nixosModules.home-manager @@ -604,7 +607,7 @@ This section is the biggest pain point of the configuration. For every system, I }; threed = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ lanzaboote.nixosModules.lanzaboote ./profiles/threed/nixos.nix @@ -618,7 +621,7 @@ This section is the biggest pain point of the configuration. For every system, I }; fourside = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 ./profiles/fourside/nixos.nix @@ -632,7 +635,7 @@ This section is the biggest pain point of the configuration. For every system, I }; winters = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ nixos-hardware.nixosModules.framework-16-inch-7040-amd ./profiles/winters/nixos.nix @@ -646,7 +649,7 @@ This section is the biggest pain point of the configuration. For every system, I }; stand = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = nixModules ++ [ ./profiles/stand/nixos.nix home-manager.nixosModules.home-manager @@ -659,7 +662,7 @@ This section is the biggest pain point of the configuration. For every system, I }; nginx = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/nginx/nixos.nix @@ -667,7 +670,7 @@ This section is the biggest pain point of the configuration. For every system, I }; calibre = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/calibre/nixos.nix @@ -675,7 +678,7 @@ This section is the biggest pain point of the configuration. For every system, I }; jellyfin = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ # sops-nix.nixosModules.sops ./profiles/server1/jellyfin/nixos.nix @@ -683,7 +686,7 @@ This section is the biggest pain point of the configuration. For every system, I }; transmission = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/transmission/nixos.nix @@ -691,7 +694,7 @@ This section is the biggest pain point of the configuration. For every system, I }; matrix = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; # this is to import a service module that is not on nixpkgs # this way avoids infinite recursion errors modules = [ @@ -701,7 +704,7 @@ This section is the biggest pain point of the configuration. For every system, I }; sound = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/sound/nixos.nix @@ -709,7 +712,7 @@ This section is the biggest pain point of the configuration. For every system, I }; spotifyd = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/spotifyd/nixos.nix @@ -717,7 +720,7 @@ This section is the biggest pain point of the configuration. For every system, I }; paperless = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/server1/paperless/nixos.nix @@ -726,7 +729,7 @@ This section is the biggest pain point of the configuration. For every system, I #ovm swarsel sync = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/remote/oracle/sync/nixos.nix @@ -735,7 +738,7 @@ This section is the biggest pain point of the configuration. For every system, I #ovm swarsel swatrix = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + specialArgs = { inherit inputs pkgs; }; modules = [ sops-nix.nixosModules.sops ./profiles/remote/oracle/matrix/nixos.nix @@ -794,7 +797,7 @@ nix build ~/.dotfiles/#proxmox-lxc The resulting image can then be loaded in Proxmox. -#+begin_src nix :nowe:tangle no b-ref flakenixosgenerators +#+begin_src nix :tangle no :noweb-ref flakenixosgenerators proxmox-lxc = nixos-generators.nixosGenerate { inherit system; @@ -837,62 +840,61 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl :END: #+begin_src nix :noweb yes :tangle profiles/TEMPLATE/nixos.nix +{ pkgs, ... }: - { pkgs, ... }: +{ - { + <> - <> + services = { + getty.autologinUser = "TEMPLATE"; + greetd.settings.initial_session.user = "TEMPLATE"; + }; - services = { - getty.autologinUser = "TEMPLATE"; - greetd.settings.initial_session.user="TEMPLATE"; - }; + # Bootloader + boot.loader.grub = { + enable = true; + device = "/dev/sda"; # TEMPLATE - if only one disk, this will work + useOSProber = true; + }; - # Bootloader - boot.loader.grub = { - enable = true; - device = "/dev/sda"; # TEMPLATE - if only one disk, this will work - useOSProber = true; - }; + # -------------------------------------- + # you might need a configuration like this instead: + # Bootloader + # boot = { + # kernelPackages = pkgs.linuxPackages_latest; + # loader.grub = { + # enable = true; + # devices = ["nodev" ]; + # useOSProber = true; + # }; + # }; + # -------------------------------------- - # -------------------------------------- - # you might need a configuration like this instead: - # Bootloader - # boot = { - # kernelPackages = pkgs.linuxPackages_latest; - # loader.grub = { - # enable = true; - # devices = ["nodev" ]; - # useOSProber = true; - # }; - # }; - # -------------------------------------- + networking.hostName = "TEMPLATE"; # Define your hostname. - networking.hostName = "TEMPLATE"; # Define your hostname. + stylix.image = ../../wallpaper/TEMPLATEwp.png; + <> - stylix.image = ../../wallpaper/TEMPLATEwp.png; - <> + # Configure keymap in X11 (only used for login) + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; - # Configure keymap in X11 (only used for login) - services.xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; + users.users.TEMPLATE = { + isNormalUser = true; + description = "TEMPLATE"; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + packages = with pkgs; [ ]; + }; - users.users.TEMPLATE = { - isNormalUser = true; - description = "TEMPLATE"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; - packages = with pkgs; []; - }; + environment.systemPackages = with pkgs; [ + ]; - environment.systemPackages = with pkgs; [ - ]; + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - - } +} #+end_src @@ -901,89 +903,91 @@ No matter what you do, check the initial /etc/nixos/configuration.nix for notabl :CUSTOM_ID: h:a08e51ee-88eb-4241-917d-68b4bdbcf171 :END: #+begin_src nix :noweb yes :tangle profiles/TEMPLATE/home.nix +{ config, pkgs, ... }: - { config, pkgs, ... }: +{ - { + <> + home = { + username = "TEMPLATE"; + homeDirectory = "/home/TEMPLATE"; + stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. + keyboard.layout = "us"; # TEMPLATE + home.packages = with pkgs; [ + # --------------------------------------------------------------- + # if schildichat works on this machine, use it, otherwise go for element + # element-desktop + # --------------------------------------------------------------- + ]; + }; + # update path if the sops private key is stored somewhere else + sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; - <> - home = { - username = "TEMPLATE"; - homeDirectory = "/home/TEMPLATE"; - stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. - keyboard.layout = "us"; # TEMPLATE - home.packages = with pkgs; [ - # --------------------------------------------------------------- - # if schildichat works on this machine, use it, otherwise go for element - # element-desktop - # --------------------------------------------------------------- - ]; - }; - # update path if the sops private key is stored somewhere else - sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ]; + # waybar config - TEMPLATE - update for cores and temp + programs.waybar.settings.mainBar = { + #cpu.format = "{icon0} {icon1} {icon2} {icon3}"; + cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; + temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; + }; - # waybar config - TEMPLATE - update for cores and temp - programs.waybar.settings.mainBar = { - #cpu.format = "{icon0} {icon1} {icon2} {icon3}"; - cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; - temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input"; - }; + # ----------------------------------------------------------------- + # is this machine always connected to power? If yes, use this block: + # <> + # ----------------------------------------------------------------- - # ----------------------------------------------------------------- - # is this machine always connected to power? If yes, use this block: - # <> - # ----------------------------------------------------------------- - - # ----------------------------------------------------------------- - # if not always connected to power (laptop), use this (default): - <> - # ----------------------------------------------------------------- - - wayland.windowManager.sway= { - config = rec { - # update for actual inputs here, - input = { - "36125:53060:splitkb.com_Kyria_rev3" = { - xkb_layout = "us"; - xkb_variant = "altgr-intl"; - }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE - xkb_layout = "us"; - xkb_options = "grp:win_space_toggle"; - # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; - xkb_variant = "altgr-intl"; - }; - "type:touchpad" = { - dwt = "enabled"; - tap = "enabled"; - natural_scroll = "enabled"; - middle_emulation = "enabled"; - }; + # ----------------------------------------------------------------- + # if not always connected to power (laptop), use this (default): + <> + # ----------------------------------------------------------------- + wayland.windowManager.sway = { + config = rec { + # update for actual inputs here, + input = { + "36125:53060:splitkb.com_Kyria_rev3" = { + xkb_layout = "us"; + xkb_variant = "altgr-intl"; + }; + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE + xkb_layout = "us"; + xkb_options = "grp:win_space_toggle"; + # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; + xkb_variant = "altgr-intl"; + }; + "type:touchpad" = { + dwt = "enabled"; + tap = "enabled"; + natural_scroll = "enabled"; + middle_emulation = "enabled"; }; - output = { - DP-1 = { - mode = "2560x1440"; # TEMPLATE - scale = "1"; - bg = "~/.dotfiles/wallpaper/TEMPLATE.png fill"; - }; - }; + }; - keybindings = let + output = { + DP-1 = { + mode = "2560x1440"; # TEMPLATE + scale = "1"; + bg = "~/.dotfiles/wallpaper/TEMPLATE.png fill"; + }; + }; + + keybindings = + let inherit (config.wayland.windowManager.sway.config) modifier; - in { + in + { # TEMPLATE "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; # "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; }; - startup = [ - <> - ]; - }; + startup = [ + <> + ]; }; - } + }; +} #+end_src @@ -1004,814 +1008,823 @@ My old laptop, replaced by a new one, since most basic functions have stopped to :END: #+begin_src nix :noweb yes :tangle profiles/sandbox/nixos.nix +{ config, pkgs, sops, ... }: +let + matrixDomain = "swatrix.swarsel.win"; +in +{ - { config, pkgs, sops, ... }: let - matrixDomain = "swatrix.swarsel.win"; - in { + imports = [ + ./hardware-configuration.nix + ]; - imports = [ - ./hardware-configuration.nix + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + supportedFilesystems = [ "zfs" ]; + zfs.forceImportRoot = false; + kernelModules = [ "tun" ]; + kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.enp7s0.rp_filter" = 2; + }; + }; + + networking = { + hostId = "8a8ad84a"; + hostName = "sandbox"; # Define your hostname. + enableIPv6 = true; + firewall.enable = false; + firewall.extraCommands = '' + sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP + ''; + iproute2 = { + enable = true; + rttablesExtraConfig = '' + 200 vpn + ''; + }; + }; + + hardware.graphics = { + enable = true; + hardware.enableAllFirmware = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl ]; + }; - boot.loader.grub = { - enable = true; - device = "/dev/sda"; - useOSProber = true; - supportedFilesystems = [ "zfs" ]; - zfs.forceImportRoot = false; - kernelModules = [ "tun" ]; - kernel.sysctl = { - "net.ipv4.conf.all.rp_filter" = 2; - "net.ipv4.conf.default.rp_filter" = 2; - "net.ipv4.conf.enp7s0.rp_filter" = 2; - }; - }; - - networking = { - hostId = "8a8ad84a"; - hostName = "sandbox"; # Define your hostname. - enableIPv6 = true; - firewall.enable = false; - firewall.extraCommands = '' - sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP - ''; - iproute2 = { - enable = true; - rttablesExtraConfig = '' - 200 vpn - ''; - }; - }; - - hardware.graphics = { - enable = true; - hardware.enableAllFirmware = true; - extraPackages = with pkgs; [ - intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - vaapiVdpau - libvdpau-va-gl - ]; - }; - - sound = { - enable = true; - }; - - users = { - groups = { - vpn = {}; - mpd = {}; - navidrome = { - gid = 61593; - }; - spotifyd = { - gid = 65136; - }; - }; - users = { - jellyfin = { - extraGroups = [ "video" "render" ]; - }; - vpn = { - isNormalUser = true; - group = "vpn"; - home = "/home/vpn"; - }; - navidrome = { - isSystemUser = true; - uid = 61593; - group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; - }; - spotifyd = { - isSystemUser = true; - uid = 65136; - group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; - }; - mpd = { - isSystemUser = true; - group = "mpd"; - extraGroups = [ "audio" "utmp" ]; - }; - swarsel = { - isNormalUser = true; - description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp"]; - packages = with pkgs; []; - }; - root = { - openssh.authorizedKeys.keyFiles = [ - ../../secrets/keys/authorized_keys - ]; - }; - }; - }; - - fileSystems."/mnt/Eternor" = { - device = "//192.168.1.3/Eternor"; - fsType = "cifs"; - options = let - # this line prevents hanging on network split - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; - in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; - }; - - environment = { - systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - lego - nginx - calibre - openvpn - jq - iptables - busybox - wireguard-tools - matrix-synapse - lottieconverter - ffmpeg - pciutils - alsa-utils - mpv - zfs - ]; - etc = { - "openvpn/iptables.sh" = - { source = ../../scripts/server1/iptables.sh; - mode = "0755"; - }; - "openvpn/update-resolv-conf" = - { source = ../../scripts/server1/update-resolv-conf; - mode = "0755"; - }; - "openvpn/routing.sh" = - { source = ../../scripts/server1/routing.sh; - mode = "0755"; - }; - "openvpn/ca.rsa.2048.crt" = - { source = ../../secrets/certs/ca.rsa.2048.crt; - mode = "0644"; - }; - "openvpn/crl.rsa.2048.pem" = - { source = ../../secrets/certs/crl.rsa.2048.pem; - mode = "0644"; - }; - }; - shellAliases = { - nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; - }; - }; - - systemd = { - timers."restart-bridges" = { - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = "1d"; - OnUnitActiveSec = "1d"; - Unit = "restart-bridges.service"; - }; - }; - - services."restart-bridges" = { - script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; - serviceConfig = { - Type = "oneshot"; - User = "root"; - }; - }; - }; - nix.settings.experimental-features = ["nix-command" "flakes"]; - - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - - documentation = { - enable = false; - }; - - sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; - defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; - validateSopsFiles = false; - secrets = { - dnstokenfull = {owner="acme";}; - kavita = { owner = "kavita";}; - vpnuser = {}; - rpcuser = {owner="vpn";}; - vpnpass = {}; - rpcpass = {owner="vpn";}; - vpnprot = {}; - vpnloc = {}; - mpdpass = { owner = "mpd";}; - }; - templates = { - "transmission-rpc" = { - owner = "vpn"; - content = builtins.toJSON { - rpc-username = config.sops.placeholder.rpcuser; - rpc-password = config.sops.placeholder.rpcpass; - }; - }; - - pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; - - vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server - - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 - - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt - - disable-occ - ''; - "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; - }; - }; - - security.acme = { - acceptTerms = true; - preliminarySelfsigned = false; - defaults.email = "mrswarsel@gmail.com"; - defaults.dnsProvider = "cloudflare"; - defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; - }; - - services = { - xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; - - openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - listenAddresses = [{ - port = 22; - addr = "0.0.0.0"; - }]; - }; - - nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - virtualHosts = { - - "stash.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "https://192.168.1.5"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - "/.well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - "/.well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; - }; - }; - }; - - "swatrix.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "~ ^(/_matrix|/_synapse/client)" = { - proxyPass = "http://127.0.0.1:8008"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - - - "sound.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:4040"; - proxyWebsockets = true; - extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; - }; - }; - }; - - "scan.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:28981"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - - "screen.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8096"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - - "scroll.swarsel.win" = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://127.0.0.1:8080"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; - }; - }; - }; - - kavita = { - enable = true; - user = "kavita"; - port = 8080; - tokenKeyFile = config.sops.secrets.kavita.path; - }; - - jellyfin = { - enable = true; - user = "jellyfin"; - }; - - radarr = { - enable = true; - }; - readarr = { - enable = true; - }; - sonarr = { - enable = true; - }; - lidarr = { - enable = true; - }; - prowlarr = { - enable = true; - }; - openvpn.servers = { - pia = { - autoStart = true; - updateResolvConf = false; - config = "config ${config.sops.templates.vpn.path}"; - }; - }; - transmission = { - enable = true; - credentialsFile = config.sops.templates."transmission-rpc".path; - user = "vpn"; - settings = { - alt-speed-down= 8000; - alt-speed-enabled= false; - alt-speed-time-begin= 0; - alt-speed-time-day= 127; - alt-speed-time-enabled= true; - alt-speed-time-end= 360; - alt-speed-up= 2000; - bind-address-ipv4= "0.0.0.0"; - bind-address-ipv6= "::"; - blocklist-enabled= false; - blocklist-url= "http://www.example.com/blocklist"; - cache-size-mb= 256; - dht-enabled= false; - download-dir= "/test"; - download-limit= 100; - download-limit-enabled= 0; - download-queue-enabled= true; - download-queue-size= 5; - encryption= 2; - idle-seeding-limit= 30; - idle-seeding-limit-enabled= false; - incomplete-dir= "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled= false; - lpd-enabled= false; - max-peers-global= 200; - message-level= 1; - peer-congestion-algorithm= ""; - peer-id-ttl-hours= 6; - peer-limit-global= 100; - peer-limit-per-torrent= 40; - peer-port= 22371; - peer-port-random-high= 65535; - peer-port-random-low= 49152; - peer-port-random-on-start= false; - peer-socket-tos= "default"; - pex-enabled= false; - port-forwarding-enabled= false; - preallocation= 1; - prefetch-enabled= true; - queue-stalled-enabled= true; - queue-stalled-minutes= 30; - ratio-limit= 2; - ratio-limit-enabled= false; - rename-partial-files= true; - rpc-authentication-required= true; - rpc-bind-address= "0.0.0.0"; - rpc-enabled= true; - rpc-host-whitelist= ""; - rpc-host-whitelist-enabled= true; - rpc-port= 9091; - rpc-url= "/transmission/"; - rpc-whitelist= "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled= true; - scrape-paused-torrents-enabled= true; - script-torrent-done-enabled= false; - seed-queue-enabled= false; - seed-queue-size= 10; - speed-limit-down= 6000; - speed-limit-down-enabled= true; - speed-limit-up= 500; - speed-limit-up-enabled= true; - start-added-torrents= true; - trash-original-torrent-files= false; - umask= 2; - upload-limit= 100; - upload-limit-enabled= 0; - upload-slots-per-torrent= 14; - utp-enabled= false; - }; - }; - - # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; - # sops.templates."matrix_user_register.sh".content = '' - # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - # ''; - # sops.templates.matrixshared.owner = "matrix-synapse"; - # sops.templates.matrixshared.content = '' - # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - # ''; - # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; - # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; - # sops.templates.mautrixtelegram.owner = "matrix-synapse"; - # sops.templates.mautrixtelegram.content = '' - # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} - # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} - # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} - # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - # ''; - - - - - # ---------------- - # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; - # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; - # sops.templates.mautrixwhatsapp.content = '' - # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} - # ''; - - postgresql = { - enable = true; - initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - }; - matrix-synapse = { - settings.app_service_config_files = [ - "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/whatsapp-registration.yaml" - "/var/lib/matrix-synapse/signal-registration.yaml" - "/var/lib/matrix-synapse/doublepuppet.yaml" - ]; - enable = false; - settings.server_name = matrixDomain; - settings.public_baseurl = "https://${matrixDomain}"; - extraConfigFiles = [ - config.sops.templates.matrixshared.path - ]; - settings.listeners = [ - { port = 8008; - bind_addresses = [ "0.0.0.0" ]; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = true; - } - ]; - } - ]; - }; - - mautrix-telegram = { - enable = false; - environmentFile = config.sops.templates.mautrixtelegram.path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; - }; - appservice = { - address= "http://localhost:29317"; - hostname = "0.0.0.0"; - port = "29317"; - provisioning.enabled = true; - id = "telegram"; - # ephemeral_events = true; # not needed due to double puppeting - public = { - enabled = false; - }; - database = "postgresql:///mautrix-telegram?host=/run/postgresql"; - }; - bridge = { - # login_shared_secret_map = { - # matrixDomain = "as_token:doublepuppet"; - # }; - relaybot.authless_portals = true; - allow_avatar_remove = true; - allow_contact_info = true; - sync_channel_members = true; - startup_sync = true; - sync_create_limit = 0; - sync_direct_chats = true; - telegram_link_preview = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; - }; - animated_sticker = { - target = "gif"; - args = { - width = 256; - height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported - }; - }; - }; - }; - }; - - mautrix-whatsapp = { - enable = false; - # environmentFile = config.sops.templates.mautrixwhatsapp.path; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; - }; - appservice = { - address= "http://localhost:29318"; - hostname = "0.0.0.0"; - port = 29318; - database = { - type = "postgres"; - uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; - }; - }; - bridge = { - displayname_template = "{{or .FullName .PushName .JID}} (WA)"; - history_sync = { - backfill = true; - max_initial_conversations = -1; - message_count = -1; - request_full_sync = true; - full_sync_config = { - days_limit = 900; - size_mb_limit = 5000; - storage_quota_mb = 5000; - }; - }; - login_shared_secret_map = { - matrixDomain = "as_token:doublepuppet"; - }; - sync_manual_marked_unread = true; - send_presence_on_typing = true; - parallel_member_sync = true; - url_previews = true; - caption_in_message = true; - extev_polls = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; - }; - }; - }; - }; - - mautrix-signal = { - enable = false; - settings = { - homeserver = { - address = "http://localhost:8008"; - domain = matrixDomain; - }; - appservice = { - - address= "http://localhost:29328"; - hostname = "0.0.0.0"; - port = 29328; - database = { - type = "postgres"; - uri = "postgresql:///mautrix-signal?host=/run/postgresql"; - }; - }; - bridge = { - displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; - login_shared_secret_map = { - matrixDomain = "as_token:doublepuppet"; - }; - caption_in_message = true; - permissions = { - "*" = "relaybot"; - "@swarsel:${matrixDomain}" = "admin"; - }; - }; - }; - }; + sound = { + enable = true; + }; + users = { + groups = { + vpn = { }; + mpd = { }; navidrome = { - enable = true; - settings = { - Address = "0.0.0.0"; - Port = 4040; - MusicFolder = "/mnt/"; - EnableSharing = true; - EnableTranscodingConfig = true; - Scanner.GroupAlbumReleases = true; - ScanSchedule = "@every 24h"; - # Insert these values locally as sops-nix does not work for them - # LastFM.ApiKey = TEMPLATE; - # LastFM.Secret = TEMPLATE; - # Spotify.ID = TEMPLATE; - # Spotify.Secret = TEMPLATE; - UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; - UIWelcomeMessage = "~SwarselSound~"; - }; + gid = 61593; + }; + spotifyd = { + gid = 65136; + }; + }; + users = { + jellyfin = { + extraGroups = [ "video" "render" ]; + }; + vpn = { + isNormalUser = true; + group = "vpn"; + home = "/home/vpn"; + }; + navidrome = { + isSystemUser = true; + uid = 61593; + group = "navidrome"; + extraGroups = [ "audio" "utmp" ]; + }; + spotifyd = { + isSystemUser = true; + uid = 65136; + group = "spotifyd"; + extraGroups = [ "audio" "utmp" ]; }; mpd = { - enable = true; - musicDirectory = "/mnt/Eternor/Musik"; - user = "mpd"; + isSystemUser = true; group = "mpd"; - network = { - port = 3254; - listenAddress = "any"; - }; - credentials = [ - { - passwordFile = config.sops.secrets.mpdpass.path; - permissions = [ - "read" - "add" - "control" - "admin" - ]; - } + extraGroups = [ "audio" "utmp" ]; + }; + swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp" ]; + packages = with pkgs; [ ]; + }; + root = { + openssh.authorizedKeys.keyFiles = [ + ../../secrets/keys/authorized_keys ]; }; + }; + }; + + fileSystems."/mnt/Eternor" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + options = + let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in + [ "${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100" ]; + }; + + environment = { + systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + lego + nginx + calibre + openvpn + jq + iptables + busybox + wireguard-tools + matrix-synapse + lottieconverter + ffmpeg + pciutils + alsa-utils + mpv + zfs + ]; + etc = { + "openvpn/iptables.sh" = + { + source = ../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = + { + source = ../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = + { + source = ../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = + { + source = ../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = + { + source = ../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; + }; + shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + }; + + systemd = { + timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; + }; + }; + + services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + + documentation = { + enable = false; + }; + + sops = { + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; + validateSopsFiles = false; + secrets = { + dnstokenfull = { owner = "acme"; }; + kavita = { owner = "kavita"; }; + vpnuser = { }; + rpcuser = { owner = "vpn"; }; + vpnpass = { }; + rpcpass = { owner = "vpn"; }; + vpnprot = { }; + vpnloc = { }; + mpdpass = { owner = "mpd"; }; + }; + templates = { + "transmission-rpc" = { + owner = "vpn"; + content = builtins.toJSON { + rpc-username = config.sops.placeholder.rpcuser; + rpc-password = config.sops.placeholder.rpcpass; + }; + }; + + pia.content = '' + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; + + vpn.content = '' + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + ''; + "certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + }; + }; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services = { + xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + listenAddresses = [{ + port = 22; + addr = "0.0.0.0"; + }]; + }; + + nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "stash.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "https://192.168.1.5"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + "/.well-known/carddav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + "/.well-known/caldav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + }; + }; + + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; - spotifyd = { - enable = true; - settings = { - global = { - dbus_type = "session"; - use_mpris = false; - device = "default:CARD=PCH"; - device_name = "SwarselSpot"; - mixer = "alsa"; - zeroconf_port = 1025; + "sound.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:4040"; + proxyWebsockets = true; + extraConfig = '' + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; + }; + }; + }; + + "scan.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:28981"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "screen.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8096"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "scroll.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8080"; + extraConfig = '' + client_max_body_size 0; + ''; + }; }; }; }; + }; - # Network shares - # add a user with sudo smbpasswd -a - samba = { - package = pkgs.samba4Full; - extraConfig = '' - workgroup = WORKGROUP - server role = standalone server - dns proxy = no + kavita = { + enable = true; + user = "kavita"; + port = 8080; + tokenKeyFile = config.sops.secrets.kavita.path; + }; - pam password change = yes - map to guest = bad user - create mask = 0664 - force create mode = 0664 - directory mask = 0775 - force directory mode = 0775 - follow symlinks = yes - ''; + jellyfin = { + enable = true; + user = "jellyfin"; + }; - # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` - # Required for samba to register mDNS records for auto discovery - # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 - enable = true; - # openFirewall = true; - shares.test = { - browseable = "yes"; - "read only" = "no"; - "guest ok" = "no"; - path = "/test2"; - writable = "true"; - comment = "Eternor"; - "valid users" = "@smbtest2"; - }; - }; - - - avahi = { - publish.enable = true; - publish.userServices = true; - # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` - nssmdns = true; - # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it - enable = true; - }; - - samba-wsdd = { - # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued - enable = true; + radarr = { + enable = true; + }; + readarr = { + enable = true; + }; + sonarr = { + enable = true; + }; + lidarr = { + enable = true; + }; + prowlarr = { + enable = true; + }; + openvpn.servers = { + pia = { + autoStart = true; + updateResolvConf = false; + config = "config ${config.sops.templates.vpn.path}"; }; }; - } + transmission = { + enable = true; + credentialsFile = config.sops.templates."transmission-rpc".path; + user = "vpn"; + settings = { + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 256; + dht-enabled = false; + download-dir = "/test"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; + }; + }; + + # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + # sops.templates."matrix_user_register.sh".content = '' + # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + # ''; + # sops.templates.matrixshared.owner = "matrix-synapse"; + # sops.templates.matrixshared.content = '' + # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + # ''; + # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + # sops.templates.mautrixtelegram.owner = "matrix-synapse"; + # sops.templates.mautrixtelegram.content = '' + # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + # ''; + + + + + # ---------------- + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + postgresql = { + enable = true; + initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + }; + matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = false; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { + port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + mautrix-telegram = { + enable = false; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address = "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; + }; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; + }; + + mautrix-whatsapp = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address = "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; + }; + }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + mautrix-signal = { + enable = false; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + + address = "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + navidrome = { + enable = true; + settings = { + Address = "0.0.0.0"; + Port = 4040; + MusicFolder = "/mnt/"; + EnableSharing = true; + EnableTranscodingConfig = true; + Scanner.GroupAlbumReleases = true; + ScanSchedule = "@every 24h"; + # Insert these values locally as sops-nix does not work for them + # LastFM.ApiKey = TEMPLATE; + # LastFM.Secret = TEMPLATE; + # Spotify.ID = TEMPLATE; + # Spotify.Secret = TEMPLATE; + UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; + UIWelcomeMessage = "~SwarselSound~"; + }; + }; + mpd = { + enable = true; + musicDirectory = "/mnt/Eternor/Musik"; + user = "mpd"; + group = "mpd"; + network = { + port = 3254; + listenAddress = "any"; + }; + credentials = [ + { + passwordFile = config.sops.secrets.mpdpass.path; + permissions = [ + "read" + "add" + "control" + "admin" + ]; + } + ]; + }; + + + spotifyd = { + enable = true; + settings = { + global = { + dbus_type = "session"; + use_mpris = false; + device = "default:CARD=PCH"; + device_name = "SwarselSpot"; + mixer = "alsa"; + zeroconf_port = 1025; + }; + }; + }; + + # Network shares + # add a user with sudo smbpasswd -a + samba = { + package = pkgs.samba4Full; + extraConfig = '' + workgroup = WORKGROUP + server role = standalone server + dns proxy = no + + pam password change = yes + map to guest = bad user + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + follow symlinks = yes + ''; + + # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` + # Required for samba to register mDNS records for auto discovery + # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 + enable = true; + # openFirewall = true; + shares.test = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/test2"; + writable = "true"; + comment = "Eternor"; + "valid users" = "@smbtest2"; + }; + }; + + + avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + }; + + samba-wsdd = { + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + enable = true; + }; + }; +} #+end_src **** Threed (Surface Pro 3) @@ -1827,54 +1840,53 @@ New setup for the SP3, this time using NixOS - another machine will take over th :END: #+begin_src nix :noweb yes :tangle profiles/threed/nixos.nix +{ lib, pkgs, ... }: - { lib, pkgs, ... }: +{ + <> - { - <> + services = { + getty.autologinUser = "swarsel"; + greetd.settings.initial_session.user = "swarsel"; + }; - services = { - getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + hardware.bluetooth.enable = true; + + # Bootloader + boot = { + loader.systemd-boot.enable = lib.mkForce false; + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; }; + loader.efi.canTouchEfiVariables = true; + # use bootspec instead of lzbt for secure boot. This is not a generally needed setting + bootspec.enable = true; + # kernelPackages = pkgs.linuxPackages_latest; + }; - hardware.bluetooth.enable = true; + networking = { + hostName = "threed"; + enableIPv6 = false; + firewall.enable = false; + }; - # Bootloader - boot = { - loader.systemd-boot.enable = lib.mkForce false; - lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - }; - loader.efi.canTouchEfiVariables = true; - # use bootspec instead of lzbt for secure boot. This is not a generally needed setting - bootspec.enable = true; - # kernelPackages = pkgs.linuxPackages_latest; - }; + stylix.image = ../../wallpaper/surfacewp.png; + <> - networking = { - hostName = "threed"; - enableIPv6 = false; - firewall.enable = false; - }; + users.users.swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + packages = with pkgs; [ ]; + }; - stylix.image = ../../wallpaper/surfacewp.png; - <> + environment.systemPackages = with pkgs; [ + ]; - users.users.swarsel = { - isNormalUser = true; - description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; - packages = with pkgs; []; - }; + system.stateVersion = "23.05"; - environment.systemPackages = with pkgs; [ - ]; - - system.stateVersion = "23.05"; - - } +} #+end_src @@ -1883,7 +1895,6 @@ New setup for the SP3, this time using NixOS - another machine will take over th :CUSTOM_ID: h:449c20d8-338a-483c-a6f0-9a164a6071d6 :END: #+begin_src nix :noweb yes :tangle profiles/threed/home.nix - { config, pkgs, ... }: { @@ -1907,7 +1918,7 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; <> - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { input = { "*" = { @@ -1931,18 +1942,20 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; }; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+F2" = "exec brightnessctl set +5%"; - "${modifier}+F1"= "exec brightnessctl set 5%-"; - "${modifier}+n" = "exec sway output eDP-1 transform normal, splith"; - "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1"; - "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv"; - "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; - }; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+F2" = "exec brightnessctl set +5%"; + "${modifier}+F1" = "exec brightnessctl set 5%-"; + "${modifier}+n" = "exec sway output eDP-1 transform normal, splith"; + "${modifier}+Ctrl+p" = "exec wl-mirror eDP-1"; + "${modifier}+t" = "exec sway output eDP-1 transform 90, splitv"; + "${modifier}+XF86AudioLowerVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+XF86AudioRaiseVolume" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + }; startup = [ <> @@ -1954,9 +1967,9 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; extraConfig = " - exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1 - exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1 - "; + exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05 map_to_output eDP-1 + exec swaymsg input 7062:6917:NTRG0001:01_1B96:1B05_Stylus map_to_output eDP-1 + "; }; } #+end_src @@ -1976,7 +1989,6 @@ My new main machine. Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines. #+begin_src nix :noweb yes :tangle profiles/fourside/nixos.nix - { config, pkgs, ... }: { @@ -1989,7 +2001,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; boot = { @@ -2010,46 +2022,46 @@ Mostly just sets some opened ports for several games, enables virtualbox (which allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard allowedTCPPortRanges = [ - {from = 27015; to = 27030;} # barotrauma - {from = 27036; to = 27037;} # barotrauma + { from = 27015; to = 27030; } # barotrauma + { from = 27036; to = 27037; } # barotrauma ]; allowedUDPPortRanges = [ - {from = 27000; to = 27031;} # barotrauma - {from = 58962; to = 58964;} # barotrauma + { from = 27000; to = 27031; } # barotrauma + { from = 58962; to = 58964; } # barotrauma ]; }; }; virtualisation.virtualbox = { host = { - enable = true; - enableExtensionPack = true; + enable = true; + enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; - }; }; + }; stylix.image = ../../wallpaper/lenovowp.png; <> hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; - }; - bluetooth.enable = true; - trackpoint = { - enable = true; - device = "TPPS/2 Elan TrackPoint"; - }; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; }; + bluetooth.enable = true; + trackpoint = { + enable = true; + device = "TPPS/2 Elan TrackPoint"; + }; + }; programs.steam = { enable = true; @@ -2058,7 +2070,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which ]; }; - # Configure keymap in X11 (only used for login) + # Configure keymap in X11 (only used for login) services.thinkfan = { enable = false; @@ -2069,7 +2081,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which services.nswitch-rcm = { enable = true; - package = pkgs.fetchurl { + package = pkgs.fetchurl { url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; }; @@ -2080,17 +2092,17 @@ Mostly just sets some opened ports for several games, enables virtualbox (which description = "Leon S"; hashedPasswordFile = config.sops.secrets.swarseluser.path; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; []; + packages = with pkgs; [ ]; }; environment.systemPackages = with pkgs; [ - # gog games installing - heroic - # minecraft - temurin-bin-17 - (prismlauncher.override { - glfw = pkgs.glfw-wayland-minecraft; - }) + # gog games installing + heroic + # minecraft + temurin-bin-17 + (prismlauncher.override { + glfw = pkgs.glfw-wayland-minecraft; + }) ]; system.stateVersion = "23.05"; @@ -2108,7 +2120,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which This is basically just adjusted to the core count, path to the =hwmon= (this was very bothersome on this machine due to changing address), as well as making use of the top-row function keys. #+begin_src nix :noweb yes :tangle profiles/fourside/home.nix - { config, pkgs, ... }: { @@ -2134,7 +2145,7 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was <> - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -2142,7 +2153,8 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; @@ -2172,28 +2184,30 @@ This is basically just adjusted to the core count, path to the =hwmon= (this was }; workspaceOutputAssign = [ - { output = "eDP-1"; workspace = "1:一";} - { output = "DP-4"; workspace = "2:二";} + { output = "eDP-1"; workspace = "1:一"; } + { output = "DP-4"; workspace = "2:二"; } ]; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; - "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; - "XF86MonBrightnessDown"= "exec brightnessctl set 5%-"; - "XF86Display" = "exec wl-mirror eDP-1"; - # these are left open to use - # "XF86WLAN" = "exec wl-mirror eDP-1"; - # "XF86Messenger" = "exec wl-mirror eDP-1"; - # "XF86Go" = "exec wl-mirror eDP-1"; - # "XF86Favorites" = "exec wl-mirror eDP-1"; - # "XF86HomePage" = "exec wtype -P Escape -p Escape"; - # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%"; - # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% "; - "XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle"; - }; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; + "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; + "XF86MonBrightnessDown" = "exec brightnessctl set 5%-"; + "XF86Display" = "exec wl-mirror eDP-1"; + # these are left open to use + # "XF86WLAN" = "exec wl-mirror eDP-1"; + # "XF86Messenger" = "exec wl-mirror eDP-1"; + # "XF86Go" = "exec wl-mirror eDP-1"; + # "XF86Favorites" = "exec wl-mirror eDP-1"; + # "XF86HomePage" = "exec wtype -P Escape -p Escape"; + # "XF86AudioLowerVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink -5%"; + # "XF86AudioRaiseVolume" = "pactl set-sink-volume alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink +5% "; + "XF86AudioMute" = "pactl set-sink-mute alsa_output.pci-0000_08_00.6.HiFi__hw_Generic_1__sink toggle"; + }; startup = [ <> @@ -2219,7 +2233,6 @@ My work machine. Mostly just sets some opened ports for several games, enables virtualbox (which I do not want everywhere because of resource considerations) and enables thinkfan, which allows for better fan control on Lenovo Thinkpad machines. #+begin_src nix :noweb yes :tangle profiles/winters/nixos.nix - { pkgs, ... }: { @@ -2232,7 +2245,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which services = { getty.autologinUser = "swarsel"; - greetd.settings.initial_session.user="swarsel"; + greetd.settings.initial_session.user = "swarsel"; }; boot = { @@ -2259,27 +2272,27 @@ Mostly just sets some opened ports for several games, enables virtualbox (which virtualisation.virtualbox = { host = { - enable = true; - enableExtensionPack = true; + enable = true; + enableExtensionPack = true; }; # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch guest = { enable = false; - }; }; + }; stylix.image = ../../wallpaper/lenovowp.png; <> hardware = { - graphics = { - enable = true; - enable32Bit = true; - extraPackages = with pkgs; [ - ]; - }; - bluetooth.enable = true; + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + ]; }; + bluetooth.enable = true; + }; programs.steam = { enable = true; @@ -2294,7 +2307,7 @@ Mostly just sets some opened ports for several games, enables virtualbox (which isNormalUser = true; description = "Leon S"; extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ]; - packages = with pkgs; []; + packages = with pkgs; [ ]; }; environment.systemPackages = with pkgs; [ @@ -2323,7 +2336,6 @@ Mostly just sets some opened ports for several games, enables virtualbox (which TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. #+begin_src nix :noweb yes :tangle profiles/winters/home.nix - { config, pkgs, ... }: { @@ -2349,7 +2361,7 @@ TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. <> - wayland.windowManager.sway= { + wayland.windowManager.sway = { config = rec { # update for actual inputs here, input = { @@ -2357,7 +2369,8 @@ TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. xkb_layout = "us"; xkb_variant = "altgr-intl"; }; - "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE + "1:1:AT_Translated_Set_2_keyboard" = { + # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; xkb_variant = "altgr-intl"; @@ -2388,8 +2401,8 @@ TODO: Adjust =hwmon= path, I/O modules and XF86 keys once laptop arrives. }; workspaceOutputAssign = [ - { output = "eDP-1"; workspace = "1:一";} - { output = "HDMI-A-1"; workspace = "2:二";} + { output = "eDP-1"; workspace = "1:一"; } + { output = "HDMI-A-1"; workspace = "2:二"; } ]; @@ -2427,48 +2440,47 @@ In the long run, I am thinking about a transition to kubernetes or using just a :END: #+begin_src nix :tangle profiles/server1/TEMPLATE/nixos.nix +{ pkgs, modulesPath, ... }: - { pkgs, modulesPath, ... }: +{ + imports = [ + (modulesPath + "/virtualisation/proxmox-lxc.nix") + ]; - { - imports = [ - (modulesPath + "/virtualisation/proxmox-lxc.nix") - ]; + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; - environment.systemPackages = with pkgs; [ - git - gnupg - ssh-to-age - ]; + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; - services.xserver = { - layout = "us"; - xkbVariant = "altgr-intl"; - }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.settings.experimental-features = ["nix-command" "flakes"]; + proxmoxLXC = { + manageNetwork = true; # manage network myself + manageHostName = false; # manage hostname myself + }; + networking = { + hostName = "TEMPLATE"; # Define your hostname. + useDHCP = true; + enableIPv6 = false; + firewall.enable = false; + }; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../secrets/keys/authorized_keys + ]; + # users.users.root.password = "TEMPLATE"; - proxmoxLXC = { -manageNetwork = true; # manage network myself -manageHostName = false; # manage hostname myself -}; - networking = { -hostName = "TEMPLATE"; # Define your hostname. -useDHCP = true; -enableIPv6 = false; -firewall.enable = false; -}; - services.openssh = { - enable = true; - settings.PermitRootLogin = "yes"; - }; - users.users.root.openssh.authorizedKeys.keyFiles = [ - ../../../secrets/keys/authorized_keys - ]; - # users.users.root.password = "TEMPLATE"; - - system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change - } + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change +} #+end_src @@ -2482,7 +2494,6 @@ firewall.enable = false; :END: #+begin_src nix :tangle profiles/server1/nginx/nixos.nix - { config, pkgs, modulesPath, ... }: { imports = [ @@ -2503,15 +2514,15 @@ firewall.enable = false; xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; validateSopsFiles = false; - secrets.dnstokenfull = {owner="acme";}; + secrets.dnstokenfull = { owner = "acme"; }; templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; proxmoxLXC = { @@ -2564,7 +2575,7 @@ firewall.enable = false; proxyPass = "https://192.168.1.5"; extraConfig = '' client_max_body_size 0; - ''; + ''; }; # "/push/" = { # proxyPass = "http://192.168.2.5:7867"; @@ -2586,8 +2597,8 @@ firewall.enable = false; "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.23:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2602,13 +2613,13 @@ firewall.enable = false; proxyPass = "http://192.168.1.13:4040"; proxyWebsockets = true; extraConfig = '' - proxy_redirect http:// https://; - proxy_read_timeout 600s; - proxy_send_timeout 600s; - proxy_buffering off; - proxy_request_buffering off; - client_max_body_size 0; - ''; + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; }; }; }; @@ -2621,8 +2632,8 @@ firewall.enable = false; "/" = { proxyPass = "http://192.168.1.24:28981"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2635,8 +2646,8 @@ firewall.enable = false; "/" = { proxyPass = "http://192.168.1.16:8096"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2649,8 +2660,8 @@ firewall.enable = false; "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://192.168.1.20:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2663,8 +2674,8 @@ firewall.enable = false; "/" = { proxyPass = "http://192.168.1.22:8080"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2677,8 +2688,8 @@ firewall.enable = false; "/" = { proxyPass = "https://192.168.1.7"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -2717,7 +2728,6 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib :END: #+begin_src nix :tangle profiles/server1/calibre/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -2736,10 +2746,10 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib users.groups.lxc_shares = { gid = 10000; members = [ - "kavita" - "calibre-web" - "root" - ]; + "kavita" + "calibre-web" + "root" + ]; }; services.xserver = { @@ -2747,24 +2757,24 @@ In general, I am not amazed by this setup; Kavita is the reader of choice, calib xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { -age.sshKeyPaths = [ "/etc/ssh/sops" ]; -defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; -validateSopsFiles = false; -secrets.kavita = { owner = "kavita";}; -}; + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; + validateSopsFiles = false; + secrets.kavita = { owner = "kavita"; }; + }; proxmoxLXC = { -manageNetwork = true; # manage network myself -manageHostName = false; # manage hostname myself -}; + manageNetwork = true; # manage network myself + manageHostName = false; # manage hostname myself + }; networking = { -hostName = "calibre"; # Define your hostname. -useDHCP = true; -enableIPv6 = false; -firewall.enable = false; -}; + hostName = "calibre"; # Define your hostname. + useDHCP = true; + enableIPv6 = false; + firewall.enable = false; + }; services.openssh = { enable = true; settings.PermitRootLogin = "yes"; @@ -2801,7 +2811,6 @@ firewall.enable = false; :END: #+begin_src nix :tangle profiles/server1/jellyfin/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -2825,7 +2834,7 @@ firewall.enable = false; }; users.users.jellyfin = { - extraGroups = [ "video" "render" ]; + extraGroups = [ "video" "render" ]; }; services.xserver = { @@ -2833,7 +2842,7 @@ firewall.enable = false; xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -2866,7 +2875,7 @@ firewall.enable = false; enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiVdpau libvdpau-va-gl ]; @@ -2895,7 +2904,6 @@ This stuff just does not work, I seem to be unable to create a working VPN Split :END: #+begin_src nix :tangle profiles/server1/transmission/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -2927,7 +2935,7 @@ This stuff just does not work, I seem to be unable to create a working VPN Split "root" ]; }; - users.groups.vpn = {}; + users.groups.vpn = { }; users.users.vpn = { isNormalUser = true; @@ -2940,7 +2948,7 @@ This stuff just does not work, I seem to be unable to create a working VPN Split xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; @@ -2981,28 +2989,33 @@ This stuff just does not work, I seem to be unable to create a working VPN Split networking.iproute2 = { enable = true; rttablesExtraConfig = '' - 200 vpn - ''; + 200 vpn + ''; }; environment.etc = { "openvpn/iptables.sh" = - { source = ../../../scripts/server1/iptables.sh; + { + source = ../../../scripts/server1/iptables.sh; mode = "0755"; }; "openvpn/update-resolv-conf" = - { source = ../../../scripts/server1/update-resolv-conf; + { + source = ../../../scripts/server1/update-resolv-conf; mode = "0755"; }; "openvpn/routing.sh" = - { source = ../../../scripts/server1/routing.sh; + { + source = ../../../scripts/server1/routing.sh; mode = "0755"; }; "openvpn/ca.rsa.2048.crt" = - { source = ../../../secrets/certs/ca.rsa.2048.crt; + { + source = ../../../secrets/certs/ca.rsa.2048.crt; mode = "0644"; }; "openvpn/crl.rsa.2048.pem" = - { source = ../../../secrets/certs/crl.rsa.2048.pem; + { + source = ../../../secrets/certs/crl.rsa.2048.pem; mode = "0644"; }; }; @@ -3036,46 +3049,46 @@ This stuff just does not work, I seem to be unable to create a working VPN Split }; pia.content = '' - ${config.sops.placeholder.vpnuser} - ${config.sops.placeholder.vpnpass} - ''; + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; vpn.content = '' - client - dev tun - proto ${config.sops.placeholder.vpnprot} - remote ${config.sops.placeholder.vpnloc} - resolv-retry infinite - nobind - persist-key - persist-tun - cipher aes-128-cbc - auth sha1 - tls-client - remote-cert-tls server + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server - auth-user-pass ${config.sops.templates.pia.path} - compress - verb 1 - reneg-sec 0 + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 - crl-verify /etc/openvpn/crl.rsa.2048.pem - ca /etc/openvpn/ca.rsa.2048.crt + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt - disable-occ - dhcp-option DNS 209.222.18.222 - dhcp-option DNS 209.222.18.218 - dhcp-option DNS 8.8.8.8 - route-noexec - ''; + disable-occ + dhcp-option DNS 209.222.18.222 + dhcp-option DNS 209.222.18.218 + dhcp-option DNS 8.8.8.8 + route-noexec + ''; }; secrets = { - vpnuser = {}; - rpcuser = {owner="vpn";}; - vpnpass = {}; - rpcpass = {owner="vpn";}; - vpnprot = {}; - vpnloc = {}; + vpnuser = { }; + rpcuser = { owner = "vpn"; }; + vpnpass = { }; + rpcpass = { owner = "vpn"; }; + vpnprot = { }; + vpnloc = { }; }; }; services.openvpn.servers = { @@ -3093,74 +3106,74 @@ This stuff just does not work, I seem to be unable to create a working VPN Split group = "lxc_shares"; settings = { - alt-speed-down= 8000; - alt-speed-enabled= false; - alt-speed-time-begin= 0; - alt-speed-time-day= 127; - alt-speed-time-enabled= true; - alt-speed-time-end= 360; - alt-speed-up= 2000; - bind-address-ipv4= "0.0.0.0"; - bind-address-ipv6= "::"; - blocklist-enabled= false; - blocklist-url= "http://www.example.com/blocklist"; - cache-size-mb= 4; - dht-enabled= false; - download-dir= "/media/Eternor/New"; - download-limit= 100; - download-limit-enabled= 0; - download-queue-enabled= true; - download-queue-size= 5; - encryption= 2; - idle-seeding-limit= 30; - idle-seeding-limit-enabled= false; - incomplete-dir= "/var/lib/transmission-daemon/Downloads"; - incomplete-dir-enabled= false; - lpd-enabled= false; - max-peers-global= 200; - message-level= 1; - peer-congestion-algorithm= ""; - peer-id-ttl-hours= 6; - peer-limit-global= 100; - peer-limit-per-torrent= 40; - peer-port= 22371; - peer-port-random-high= 65535; - peer-port-random-low= 49152; - peer-port-random-on-start= false; - peer-socket-tos= "default"; - pex-enabled= false; - port-forwarding-enabled= false; - preallocation= 1; - prefetch-enabled= true; - queue-stalled-enabled= true; - queue-stalled-minutes= 30; - ratio-limit= 2; - ratio-limit-enabled= false; - rename-partial-files= true; - rpc-authentication-required= true; - rpc-bind-address= "0.0.0.0"; - rpc-enabled= true; - rpc-host-whitelist= ""; - rpc-host-whitelist-enabled= true; - rpc-port= 9091; - rpc-url= "/transmission/"; - rpc-whitelist= "127.0.0.1,192.168.3.2"; - rpc-whitelist-enabled= true; - scrape-paused-torrents-enabled= true; - script-torrent-done-enabled= false; - seed-queue-enabled= false; - seed-queue-size= 10; - speed-limit-down= 6000; - speed-limit-down-enabled= true; - speed-limit-up= 500; - speed-limit-up-enabled= true; - start-added-torrents= true; - trash-original-torrent-files= false; - umask= 2; - upload-limit= 100; - upload-limit-enabled= 0; - upload-slots-per-torrent= 14; - utp-enabled= false; + alt-speed-down = 8000; + alt-speed-enabled = false; + alt-speed-time-begin = 0; + alt-speed-time-day = 127; + alt-speed-time-enabled = true; + alt-speed-time-end = 360; + alt-speed-up = 2000; + bind-address-ipv4 = "0.0.0.0"; + bind-address-ipv6 = "::"; + blocklist-enabled = false; + blocklist-url = "http://www.example.com/blocklist"; + cache-size-mb = 4; + dht-enabled = false; + download-dir = "/media/Eternor/New"; + download-limit = 100; + download-limit-enabled = 0; + download-queue-enabled = true; + download-queue-size = 5; + encryption = 2; + idle-seeding-limit = 30; + idle-seeding-limit-enabled = false; + incomplete-dir = "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled = false; + lpd-enabled = false; + max-peers-global = 200; + message-level = 1; + peer-congestion-algorithm = ""; + peer-id-ttl-hours = 6; + peer-limit-global = 100; + peer-limit-per-torrent = 40; + peer-port = 22371; + peer-port-random-high = 65535; + peer-port-random-low = 49152; + peer-port-random-on-start = false; + peer-socket-tos = "default"; + pex-enabled = false; + port-forwarding-enabled = false; + preallocation = 1; + prefetch-enabled = true; + queue-stalled-enabled = true; + queue-stalled-minutes = 30; + ratio-limit = 2; + ratio-limit-enabled = false; + rename-partial-files = true; + rpc-authentication-required = true; + rpc-bind-address = "0.0.0.0"; + rpc-enabled = true; + rpc-host-whitelist = ""; + rpc-host-whitelist-enabled = true; + rpc-port = 9091; + rpc-url = "/transmission/"; + rpc-whitelist = "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled = true; + scrape-paused-torrents-enabled = true; + script-torrent-done-enabled = false; + seed-queue-enabled = false; + seed-queue-size = 10; + speed-limit-down = 6000; + speed-limit-down-enabled = true; + speed-limit-up = 500; + speed-limit-up-enabled = true; + start-added-torrents = true; + trash-original-torrent-files = false; + umask = 2; + upload-limit = 100; + upload-limit-enabled = 0; + upload-slots-per-torrent = 14; + utp-enabled = false; }; }; @@ -3189,10 +3202,11 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :noweb yes :tangle profiles/server1/matrix/nixos.nix - - { config, pkgs, modulesPath, sops, ... }: let + { config, pkgs, modulesPath, sops, ... }: + let matrixDomain = "matrix2.swarsel.win"; - in { + in + { <> imports = [ @@ -3220,21 +3234,21 @@ Make sure to also do this for doublepuppet.yaml defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; validateSopsFiles = false; secrets = { - matrixsharedsecret = {owner="matrix-synapse";}; - mautrixtelegram_as = {owner="matrix-synapse";}; - mautrixtelegram_hs = {owner="matrix-synapse";}; - mautrixtelegram_api_id = {owner="matrix-synapse";}; - mautrixtelegram_api_hash = {owner="matrix-synapse";}; + matrixsharedsecret = { owner = "matrix-synapse"; }; + mautrixtelegram_as = { owner = "matrix-synapse"; }; + mautrixtelegram_hs = { owner = "matrix-synapse"; }; + mautrixtelegram_api_id = { owner = "matrix-synapse"; }; + mautrixtelegram_api_hash = { owner = "matrix-synapse"; }; }; templates = { "matrix_user_register.sh".content = '' - register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - ''; + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - ''; + ''; }; mautrixtelegram = { owner = "matrix-synapse"; @@ -3243,7 +3257,7 @@ Make sure to also do this for doublepuppet.yaml MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - ''; + ''; }; }; }; @@ -3251,27 +3265,27 @@ Make sure to also do this for doublepuppet.yaml services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; services.matrix-synapse = { @@ -3286,7 +3300,8 @@ Make sure to also do this for doublepuppet.yaml server_name = matrixDomain; public_baseurl = "https://${matrixDomain}"; listeners = [ - { port = 8008; + { + port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; @@ -3314,7 +3329,7 @@ Make sure to also do this for doublepuppet.yaml domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -3343,16 +3358,16 @@ Make sure to also do this for doublepuppet.yaml args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ - lottieconverter # for animated stickers conversion, unfree package - ffmpeg # if converting animated stickers to webm (very slow!) + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { @@ -3363,7 +3378,7 @@ Make sure to also do this for doublepuppet.yaml domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -3410,7 +3425,7 @@ Make sure to also do this for doublepuppet.yaml }; appservice = { - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -3446,10 +3461,10 @@ Make sure to also do this for doublepuppet.yaml systemd.services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; @@ -3470,7 +3485,6 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :noweb yes :tangle profiles/server1/sound/nixos.nix - { config, pkgs, modulesPath, ... }: { @@ -3493,7 +3507,7 @@ Make sure to also do this for doublepuppet.yaml gid = 61593; }; - mpd = {}; + mpd = { }; }; users = { @@ -3501,13 +3515,13 @@ Make sure to also do this for doublepuppet.yaml isSystemUser = true; uid = 61593; group = "navidrome"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = [ "audio" "utmp" ]; }; mpd = { isSystemUser = true; group = "mpd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = [ "audio" "utmp" ]; }; }; }; @@ -3534,7 +3548,7 @@ Make sure to also do this for doublepuppet.yaml age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; validateSopsFiles = false; - secrets.mpdpass = { owner = "mpd";}; + secrets.mpdpass = { owner = "mpd"; }; }; services.navidrome = { @@ -3590,7 +3604,6 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :noweb yes :tangle profiles/server1/spotifyd/nixos.nix - { pkgs, modulesPath, ... }: { @@ -3606,7 +3619,7 @@ Make sure to also do this for doublepuppet.yaml isSystemUser = true; uid = 65136; group = "spotifyd"; - extraGroups = [ "audio" "utmp" ]; + extraGroups = [ "audio" "utmp" ]; }; sound = { @@ -3652,7 +3665,6 @@ Make sure to also do this for doublepuppet.yaml :END: #+begin_src nix :tangle profiles/remote/oracle/sync/nixos.nix - { config, pkgs, ... }: { @@ -3671,16 +3683,16 @@ Make sure to also do this for doublepuppet.yaml xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; validateSopsFiles = false; - secrets.swarsel = { owner = "root";}; - secrets.dnstokenfull = {owner="acme";}; + secrets.swarsel = { owner = "root"; }; + secrets.dnstokenfull = { owner = "acme"; }; templates."certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} ''; }; @@ -3708,8 +3720,8 @@ Make sure to also do this for doublepuppet.yaml "/" = { proxyPass = "http://localhost:27701"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3722,8 +3734,8 @@ Make sure to also do this for doublepuppet.yaml "/" = { proxyPass = "http://localhost:8384/"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3736,8 +3748,8 @@ Make sure to also do this for doublepuppet.yaml "/" = { proxyPass = "http://localhost:3000"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3751,14 +3763,14 @@ Make sure to also do this for doublepuppet.yaml enableIPv6 = false; domain = "subnet03112148.vcn03112148.oraclevcn.com"; firewall.extraCommands = '' - iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT - iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT + iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT ''; }; services.openssh = { @@ -3833,12 +3845,12 @@ The files mentioned by #+begin_src nix :tangle no - settings.app_service_config_files = [ - "/var/lib/matrix-synapse/telegram-registration.yaml" - "/var/lib/matrix-synapse/whatsapp-registration.yaml" - "/var/lib/matrix-synapse/signal-registration.yaml" - "/var/lib/matrix-synapse/doublepuppet.yaml" - ] + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ] #+end_src @@ -3873,10 +3885,11 @@ namespaces: Lastly, the machine that runs matrix needs to regularly update, as otherwise you will lose connectivity to the bridges. #+begin_src nix :tangle profiles/remote/oracle/matrix/nixos.nix - - { config, pkgs, sops, ... }: let + { config, pkgs, sops, ... }: + let matrixDomain = "swatrix.swarsel.win"; - in { + in + { imports = [ ./hardware-configuration.nix @@ -3896,27 +3909,27 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you xkbVariant = "altgr-intl"; }; - nix.settings.experimental-features = ["nix-command" "flakes"]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; sops = { age.sshKeyPaths = [ "/etc/ssh/sops" ]; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; validateSopsFiles = false; secrets = { - dnstokenfull = {owner="acme";}; - matrixsharedsecret = {owner="matrix-synapse";}; - mautrixtelegram_as = {owner="matrix-synapse";}; - mautrixtelegram_hs = {owner="matrix-synapse";}; - mautrixtelegram_api_id = {owner="matrix-synapse";}; - mautrixtelegram_api_hash = {owner="matrix-synapse";}; + dnstokenfull = { owner = "acme"; }; + matrixsharedsecret = { owner = "matrix-synapse"; }; + mautrixtelegram_as = { owner = "matrix-synapse"; }; + mautrixtelegram_hs = { owner = "matrix-synapse"; }; + mautrixtelegram_api_id = { owner = "matrix-synapse"; }; + mautrixtelegram_api_hash = { owner = "matrix-synapse"; }; }; templates = { "certs.secret".content = '' - CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} - ''; + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; "matrix_user_register.sh".content = '' - register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 - ''; + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; mautrixtelegram = { owner = "matrix-synapse"; content = '' @@ -3924,13 +3937,13 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} - ''; + ''; }; matrixshared = { owner = "matrix-synapse"; content = '' registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} - ''; + ''; }; }; }; @@ -3963,8 +3976,8 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you "~ ^(/_matrix|/_synapse/client)" = { proxyPass = "http://localhost:8008"; extraConfig = '' - client_max_body_size 0; - ''; + client_max_body_size 0; + ''; }; }; }; @@ -3978,13 +3991,13 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you enableIPv6 = false; domain = "swarsel.win"; firewall.extraCommands = '' - iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT - iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT - ''; + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT + ''; }; services.openssh = { enable = true; @@ -4005,27 +4018,27 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you services.postgresql = { enable = true; initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; - CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; - CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; - CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; }; services.matrix-synapse = { settings.app_service_config_files = [ @@ -4040,7 +4053,8 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you public_baseurl = "https://${matrixDomain}"; }; listeners = [ - { port = 8008; + { + port = 8008; bind_addresses = [ "0.0.0.0" ]; type = "http"; tls = false; @@ -4067,7 +4081,7 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you domain = matrixDomain; }; appservice = { - address= "http://localhost:29317"; + address = "http://localhost:29317"; hostname = "0.0.0.0"; port = "29317"; provisioning.enabled = true; @@ -4096,16 +4110,16 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you args = { width = 256; height = 256; - fps = 30; # only for webm - background = "020202"; # only for gif, transparency not supported + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported }; }; }; }; }; systemd.services.mautrix-telegram.path = with pkgs; [ - lottieconverter # for animated stickers conversion, unfree package - ffmpeg # if converting animated stickers to webm (very slow!) + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) ]; services.mautrix-whatsapp = { @@ -4116,7 +4130,7 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you domain = matrixDomain; }; appservice = { - address= "http://localhost:29318"; + address = "http://localhost:29318"; hostname = "0.0.0.0"; port = 29318; database = { @@ -4164,7 +4178,7 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you }; appservice = { - address= "http://localhost:29328"; + address = "http://localhost:29328"; hostname = "0.0.0.0"; port = 29328; database = { @@ -4200,10 +4214,10 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you systemd.services."restart-bridges" = { script = '' - systemctl restart mautrix-whatsapp.service - systemctl restart mautrix-signal.service - systemctl restart mautrix-telegram.service - ''; + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; serviceConfig = { Type = "oneshot"; User = "root"; @@ -4224,56 +4238,55 @@ Lastly, the machine that runs matrix needs to regularly update, as otherwise you :END: #+begin_src nix :noweb yes :tangle profiles/server1/paperless/nixos.nix +{ config, pkgs, modulesPath, ... }: - { config, pkgs, modulesPath, ... }: +{ + <> - { - <> - - users.groups.lxc_shares = { - gid = 10000; - members = [ - "paperless" - "root" - ]; - }; - - environment.systemPackages = with pkgs; [ - git - gnupg - ssh-to-age + users.groups.lxc_shares = { + gid = 10000; + members = [ + "paperless" + "root" ]; + }; - networking = { - hostName = "paperless"; # Define your hostname. - firewall.enable = false; - }; + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + ]; - sops = { - age.sshKeyPaths = [ "/etc/ssh/sops" ]; - defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; - validateSopsFiles = false; - secrets.admin = { owner = "paperless";}; - }; + networking = { + hostName = "paperless"; # Define your hostname. + firewall.enable = false; + }; - services.paperless = { - enable = true; - mediaDir = "/media"; - user = "paperless"; - port = 28981; - passwordFile = config.sops.secrets.admin.path; - address = "0.0.0.0"; - extraConfig = { - PAPERLESS_OCR_LANGUAGE = "deu+eng"; - PAPERLESS_URL = "scan.swarsel.win"; - PAPERLESS_OCR_USER_ARGS = builtins.toJSON { - optimize = 1; - pdfa_image_compression = "lossless"; - }; + sops = { + age.sshKeyPaths = [ "/etc/ssh/sops" ]; + defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; + validateSopsFiles = false; + secrets.admin = { owner = "paperless"; }; + }; + + services.paperless = { + enable = true; + mediaDir = "/media"; + user = "paperless"; + port = 28981; + passwordFile = config.sops.secrets.admin.path; + address = "0.0.0.0"; + extraConfig = { + PAPERLESS_OCR_LANGUAGE = "deu+eng"; + PAPERLESS_URL = "scan.swarsel.win"; + PAPERLESS_OCR_USER_ARGS = builtins.toJSON { + optimize = 1; + pdfa_image_compression = "lossless"; }; }; + }; - } +} #+end_src @@ -4316,6 +4329,7 @@ First, we enable the use of =home-manager= as a NixoS module Next, we setup the keymap in case we are not in a graphical session. At this point, I always resort to us/altgr-intl, as it is extremly comfortable to use #+begin_src nix :tangle profiles/common/nixos.nix + services.xserver = { xkb = { layout = "us"; @@ -4766,30 +4780,31 @@ I use sops-nix to handle secrets that I want to have available on my machines at validateSopsFiles = false; secrets = { - swarseluser = {neededForUsers = true;}; - ernest = {}; - frauns = {}; - hotspot = {}; - eduid = {}; - edupass = {}; - handyhotspot = {}; - vpnuser = {}; - vpnpass = {}; + swarseluser = { neededForUsers = true; }; + ernest = { }; + frauns = { }; + hotspot = { }; + eduid = { }; + edupass = { }; + handyhotspot = { }; + vpnuser = { }; + vpnpass = { }; }; templates = { "network-manager.env".content = '' - ERNEST=${config.sops.placeholder.ernest} - FRAUNS=${config.sops.placeholder.frauns} - HOTSPOT=${config.sops.placeholder.hotspot} - EDUID=${config.sops.placeholder.eduid} - EDUPASS=${config.sops.placeholder.edupass} - HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} - VPNUSER=${config.sops.placeholder.vpnuser} - VPNPASS=${config.sops.placeholder.vpnpass} - ''; + ERNEST=${config.sops.placeholder.ernest} + FRAUNS=${config.sops.placeholder.frauns} + HOTSPOT=${config.sops.placeholder.hotspot} + EDUID=${config.sops.placeholder.eduid} + EDUPASS=${config.sops.placeholder.edupass} + HANDYHOTSPOT=${config.sops.placeholder.handyhotspot} + VPNUSER=${config.sops.placeholder.vpnuser} + VPNPASS=${config.sops.placeholder.vpnpass} + ''; }; }; -#+end_src + + #+end_src *** System Packages :PROPERTIES: @@ -4852,7 +4867,7 @@ Mostly used to install some compilers and lsp's that I want to have available wh #lsp-bridge / python gcc gdb - (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) + (python3.withPackages (ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server ])) # (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server])) # -------------------------------------------- @@ -4870,9 +4885,9 @@ Mostly used to install some compilers and lsp's that I want to have available wh ]; unpackPhase = '' - mkdir -p $out/bin - tar xvf $src -C $out/ - mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ + mkdir -p $out/bin + tar xvf $src -C $out/ + mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/ ''; }) @@ -4905,6 +4920,7 @@ Also, we setup zsh. Do not touch this. users.defaultUserShell = pkgs.zsh; environment.shells = with pkgs; [ zsh ]; environment.pathsToLink = [ "/share/zsh" ]; + #+end_src *** Services @@ -4961,13 +4977,14 @@ This allows me to use my big scanner/printer's printing function over the networ pkgs.gutenprintBin ]; browsedConf = '' - BrowseDNSSDSubTypes _cups,_print - BrowseLocalProtocols all - BrowseRemoteProtocols all - CreateIPPPrinterQueues All - BrowseProtocols all - ''; + BrowseDNSSDSubTypes _cups,_print + BrowseLocalProtocols all + BrowseRemoteProtocols all + CreateIPPPrinterQueues All + BrowseProtocols all + ''; }; + #+end_src Avahi is the service used for the network discovery @@ -4979,6 +4996,7 @@ Avahi is the service used for the network discovery nssmdns4 = true; openFirewall = true; }; + #+end_src **** enable GVfs @@ -5006,26 +5024,28 @@ This is a super-convenient package that lets my remap my =CAPS= key to =ESC= if # Make CAPS work as a dual function ESC/CTRL key services.interception-tools = { enable = true; - udevmonConfig = let - dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' - TIMING: - TAP_MILLISEC: 200 - DOUBLE_TAP_MILLISEC: 0 + udevmonConfig = + let + dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" '' + TIMING: + TAP_MILLISEC: 200 + DOUBLE_TAP_MILLISEC: 0 - MAPPINGS: - - KEY: KEY_CAPSLOCK - TAP: KEY_ESC - HOLD: KEY_LEFTCTRL + MAPPINGS: + - KEY: KEY_CAPSLOCK + TAP: KEY_ESC + HOLD: KEY_LEFTCTRL + ''; + in + '' + - JOB: | + ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ + | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ + | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE + DEVICE: + EVENTS: + EV_KEY: [KEY_CAPSLOCK] ''; - in '' - - JOB: | - ${pkgs.interception-tools}/bin/intercept -g $DEVNODE \ - | ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \ - | ${pkgs.interception-tools}/bin/uinput -d $DEVNODE - DEVICE: - EVENTS: - EV_KEY: [KEY_CAPSLOCK] - ''; }; #+end_src @@ -5078,18 +5098,18 @@ This section houses the greetd related settings. I do not really want to use a d initial_session.command = "sway"; # initial_session.user ="swarsel"; default_session.command = '' - ${pkgs.greetd.tuigreet}/bin/tuigreet \ - --time \ - --asterisks \ - --user-menu \ - --cmd sway - ''; + ${pkgs.greetd.tuigreet}/bin/tuigreet \ + --time \ + --asterisks \ + --user-menu \ + --cmd sway + ''; }; }; environment.etc."greetd/environments".text = '' - sway - ''; + sway + ''; #+end_src @@ -5114,8 +5134,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 :END: #+begin_src nix :tangle profiles/common/home.nix - - { config, pkgs, fetchFromGitHub , ... }: + { config, pkgs, fetchFromGitHub, ... }: { home.packages = with pkgs; [ @@ -5144,6 +5163,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 # nix alejandra + nixpkgs-fmt deadnix statix @@ -5265,12 +5285,12 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 # latex and related packages (pkgs.texlive.combine { inherit (pkgs.texlive) scheme-full - dvisvgm dvipng # for preview and export as html + dvisvgm dvipng# for preview and export as html wrapfig amsmath ulem hyperref capt-of; }) # font stuff - (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly"]; }) + (nerdfonts.override { fonts = [ "FiraMono" "FiraCode" "NerdFontsSymbolsOnly" ]; }) noto-fonts-emoji font-awesome_5 noto-fonts @@ -5284,134 +5304,138 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 :END: #+begin_src nix :tangle profiles/common/home.nix - # cura - (let cura5 = appimageTools.wrapType2 rec { - name = "cura5"; - version = "5.4.0"; - src = fetchurl { - url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; - hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; - }; - extraPkgs = pkgs: with pkgs; [ ]; - }; in writeScriptBin "cura" '' - #! ${pkgs.bash}/bin/bash - # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. - # So we convert each of the files passed as argument to an absolute path. - # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. - args=() - for a in "$@"; do - if [ -e "$a" ]; then - a="$(realpath "$a")" - fi - args+=("$a") - done - exec "${cura5}/bin/cura5" "''${args[@]}" - '') + ( + let + cura5 = appimageTools.wrapType2 rec { + name = "cura5"; + version = "5.4.0"; + src = fetchurl { + url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; + hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; + }; + extraPkgs = pkgs: with pkgs; [ ]; + }; + in + writeScriptBin "cura" '' + #! ${pkgs.bash}/bin/bash + # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. + # So we convert each of the files passed as argument to an absolute path. + # This fixes use cases like `cd /path/to/my/files; cura mymodel.stl anothermodel.stl`. + args=() + for a in "$@"; do + if [ -e "$a" ]; then + a="$(realpath "$a")" + fi + args+=("$a") + done + exec "${cura5}/bin/cura5" "''${args[@]}" + '' + ) #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state (pkgs.writeShellScriptBin "e" '' - bash ~/.dotfiles/scripts/editor_nowait.sh "$@" - '') + bash ~/.dotfiles/scripts/editor_nowait.sh "$@" + '') (pkgs.writeShellScriptBin "timer" '' - sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; - '') + sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; + '') (pkgs.writeScriptBin "project" '' - #! ${pkgs.bash}/bin/bash - if [ "$1" == "rust" ]; then - cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix - cp ~/.dotfiles/templates/toolchain.toml . - elif [ "$1" == "cpp" ]; then - cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix - elif [ "$1" == "python" ]; then - cp ~/.dotfiles/templates/py_flake.nix ./flake.nix - elif [ "$1" == "cuda" ]; then - cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix - elif [ "$1" == "other" ]; then - cp ~/.dotfiles/templates/other_flake.nix ./flake.nix - elif [ "$1" == "latex" ]; then - if [ "$2" == "" ]; then - echo "No filename specified, usage: 'project latex '" - exit 0 - fi - cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex - exit 0 - else - echo "No valid argument given. Valid arguments are rust cpp python, cuda" - exit 0 - fi - echo "use flake" >> .envrc - direnv allow - '') + #! ${pkgs.bash}/bin/bash + if [ "$1" == "rust" ]; then + cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix + cp ~/.dotfiles/templates/toolchain.toml . + elif [ "$1" == "cpp" ]; then + cp ~/.dotfiles/templates/cpp_flake.nix ./flake.nix + elif [ "$1" == "python" ]; then + cp ~/.dotfiles/templates/py_flake.nix ./flake.nix + elif [ "$1" == "cuda" ]; then + cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix + elif [ "$1" == "other" ]; then + cp ~/.dotfiles/templates/other_flake.nix ./flake.nix + elif [ "$1" == "latex" ]; then + if [ "$2" == "" ]; then + echo "No filename specified, usage: 'project latex '" + exit 0 + fi + cp ~/.dotfiles/templates/tex_standard.tex ./"$2".tex + exit 0 + else + echo "No valid argument given. Valid arguments are rust cpp python, cuda" + exit 0 + fi + echo "use flake" >> .envrc + direnv allow + '') (pkgs.writeShellApplication { name = "pass-fuzzel"; runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; text = '' - shopt -s nullglob globstar + shopt -s nullglob globstar - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - [[ -n $password ]] || exit + [[ -n $password ]] || exit - if [[ $typeit -eq 0 ]]; then - pass show -c "$password" &>/tmp/pass-fuzzel - else - pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed Password" - ''; + if [[ $typeit -eq 0 ]]; then + pass show -c "$password" &>/tmp/pass-fuzzel + else + pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed Password" + ''; }) (pkgs.writeShellApplication { name = "pass-fuzzel-otp"; - runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))]; + runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [ exts.pass-otp ])) ]; text = '' - shopt -s nullglob globstar + shopt -s nullglob globstar - typeit=0 - if [[ $# -ge 1 && $1 == "--type" ]]; then - typeit=1 - shift - fi + typeit=0 + if [[ $# -ge 1 && $1 == "--type" ]]; then + typeit=1 + shift + fi - export PASSWORD_STORE_DIR=~/.local/share/password-store - prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} - password_files=( "$prefix"/otp/**/*.gpg ) - password_files=( "''${password_files[@]#"$prefix"/}" ) - password_files=( "''${password_files[@]%.gpg}" ) + export PASSWORD_STORE_DIR=~/.local/share/password-store + prefix=''${PASSWORD_STORE_DIR-~/.local/share/password-store} + password_files=( "$prefix"/otp/**/*.gpg ) + password_files=( "''${password_files[@]#"$prefix"/}" ) + password_files=( "''${password_files[@]%.gpg}" ) - password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") + password=$(printf '%s\n' "''${password_files[@]}" | fuzzel --dmenu "$@") - [[ -n $password ]] || exit + [[ -n $password ]] || exit - if [[ $typeit -eq 0 ]]; then - pass otp -c "$password" &>/tmp/pass-fuzzel - else - pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - - fi - notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" - ''; + if [[ $typeit -eq 0 ]]; then + pass otp -c "$password" &>/tmp/pass-fuzzel + else + pass otp "$password" | { IFS= read -r pass; printf %s "$pass"; } | wtype - + fi + notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" + ''; }) (pkgs.writeShellApplication { name = "cdw"; runtimeInputs = [ pkgs.fzf ]; text = '' - cd "$(git worktree list | fzf | awk '{print $1}')" + cd "$(git worktree list | fzf | awk '{print $1}')" ''; }) @@ -5419,7 +5443,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499 name = "cdb"; runtimeInputs = [ pkgs.fzf ]; text = '' - git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" + git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" ''; }) @@ -5454,13 +5478,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; validateSopsFiles = false; secrets = { - mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";}; - nautilus = {path = "/run/user/1000/secrets/nautilus";}; - leon = {path = "/run/user/1000/secrets/leon";}; - swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; - caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; + mrswarsel = { path = "/run/user/1000/secrets/mrswarsel"; }; + nautilus = { path = "/run/user/1000/secrets/nautilus"; }; + leon = { path = "/run/user/1000/secrets/leon"; }; + swarselmail = { path = "/run/user/1000/secrets/swarselmail"; }; + caldav = { path = "${config.home.homeDirectory}/.emacs.d/.caldav"; }; }; }; + #+end_src *** SSH Machines @@ -5472,100 +5497,100 @@ It is very convenient to have SSH aliases in place for machines that I use. This #+begin_src nix :tangle profiles/common/home.nix - programs.ssh= { - enable = true; - forwardAgent = true; - extraConfig = '' - SetEnv TERM=xterm-256color - ''; - matchBlocks = { - "nginx" = { - hostname = "192.168.1.14"; - user = "root"; - }; - "jellyfin" = { - hostname = "192.168.1.16"; - user = "root"; - }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "proxmox" = { - hostname = "192.168.1.2"; - user = "root"; - }; - "transmission" = { - hostname = "192.168.1.6"; - user = "root"; - }; - "fetcher" = { - hostname = "192.168.1.7"; - user = "root"; - }; - "omv" = { - hostname = "192.168.1.3"; - user = "root"; - }; - "webbot" = { - hostname = "192.168.1.11"; - user = "root"; - }; - "nextcloud" = { - hostname = "192.168.1.5"; - user = "root"; - }; - "sound" = { - hostname = "192.168.1.13"; - user = "root"; - }; - "spotify" = { - hostname = "192.168.1.17"; - user = "root"; - }; - "wordpress" = { - hostname = "192.168.1.9"; - user = "root"; - }; - "turn" = { - hostname = "192.168.1.18"; - user = "root"; - }; - "hugo" = { - hostname = "192.168.1.19"; - user = "root"; - }; - "matrix" = { - hostname = "192.168.1.23"; - user = "root"; - }; - "scroll" = { - hostname = "192.168.1.22"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; #this is a oracle vm server but needs root due to nixos-infect - }; - "songdiver" = { - hostname = "89.168.100.65"; - user = "ubuntu"; - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - "efficient" = { - hostname = "g0.complang.tuwien.ac.at"; - forwardAgent = true; - user = "ep01427399"; - }; - }; + programs.ssh = { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ''; + matchBlocks = { + "nginx" = { + hostname = "192.168.1.14"; + user = "root"; }; + "jellyfin" = { + hostname = "192.168.1.16"; + user = "root"; + }; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "proxmox" = { + hostname = "192.168.1.2"; + user = "root"; + }; + "transmission" = { + hostname = "192.168.1.6"; + user = "root"; + }; + "fetcher" = { + hostname = "192.168.1.7"; + user = "root"; + }; + "omv" = { + hostname = "192.168.1.3"; + user = "root"; + }; + "webbot" = { + hostname = "192.168.1.11"; + user = "root"; + }; + "nextcloud" = { + hostname = "192.168.1.5"; + user = "root"; + }; + "sound" = { + hostname = "192.168.1.13"; + user = "root"; + }; + "spotify" = { + hostname = "192.168.1.17"; + user = "root"; + }; + "wordpress" = { + hostname = "192.168.1.9"; + user = "root"; + }; + "turn" = { + hostname = "192.168.1.18"; + user = "root"; + }; + "hugo" = { + hostname = "192.168.1.19"; + user = "root"; + }; + "matrix" = { + hostname = "192.168.1.23"; + user = "root"; + }; + "scroll" = { + hostname = "192.168.1.22"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; #this is a oracle vm server but needs root due to nixos-infect + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + "efficient" = { + hostname = "g0.complang.tuwien.ac.at"; + forwardAgent = true; + user = "ep01427399"; + }; + }; + }; #+end_src @@ -5602,7 +5627,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the genericName = "Cura"; exec = "cura"; terminal = false; - categories = [ "Application"]; + categories = [ "Application" ]; }; anki = { @@ -5610,7 +5635,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the genericName = "Anki"; exec = "anki"; terminal = false; - categories = [ "Application"]; + categories = [ "Application" ]; }; # schlidichat = { @@ -5626,7 +5651,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the genericName = "Element"; exec = "element-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; terminal = false; - categories = [ "Application"]; + categories = [ "Application" ]; }; emacsclient-newframe = { @@ -5635,7 +5660,7 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the exec = "emacsclient -r %u"; icon = "emacs"; terminal = false; - categories = [ "Development" "TextEditor"]; + categories = [ "Development" "TextEditor" ]; }; }; @@ -5730,6 +5755,7 @@ This section is for programs that require no further configuration. zsh Integrat pandoc.enable = true; fzf.enable = true; zoxide.enable = true; + }; #+end_src *** nix-index @@ -5738,22 +5764,24 @@ nix-index provides a way to find out which packages are provided by which deriva #+begin_src nix :tangle profiles/common/home.nix - nix-index = let - command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' + programs.nix-index = + let + command-not-found = pkgs.runCommandLocal "command-not-found.sh" { } '' mkdir -p $out/etc/profile.d substitute ${../../scripts/command-not-found.sh} \ $out/etc/profile.d/command-not-found.sh \ --replace @nix-locate@ ${pkgs.nix-index}/bin/nix-locate \ --replace @tput@ ${pkgs.ncurses}/bin/tput - ''; - in { - enable = true; - package = pkgs.symlinkJoin { - name = "nix-index"; - paths = [ command-not-found ]; + ''; + in + { + enable = true; + package = pkgs.symlinkJoin { + name = "nix-index"; + paths = [ command-not-found ]; + }; }; - }; - }; + #+end_src *** password-store @@ -5767,7 +5795,7 @@ Enables password store with the =pass-otp= extension which allows me to store an programs.password-store = { enable = true; - package = pkgs.pass.withExtensions (exts: [exts.pass-otp]); + package = pkgs.pass.withExtensions (exts: [ exts.pass-otp ]); }; #+end_src @@ -6037,13 +6065,13 @@ Here we set some aliases (some of them should be shellApplications instead) as w nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;"; edithome = "bash ~/.dotfiles/scripts/editor.sh ~/.dotfiles/Nix.org"; magit = "emacsclient -nc -e \"(magit-status)\""; - config="git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; - g="git"; - c="git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; + config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME"; + g = "git"; + c = "git --git-dir=$HOME/.dotfiles/.git --work-tree=$HOME/.dotfiles/"; passpush = "cd ~/.local/share/password-store; git add .; git commit -m 'pass file changes'; git push; cd -;"; passpull = "cd ~/.local/share/password-store; git pull; cd -;"; hotspot = "nmcli connection up local; nmcli device wifi hotspot;"; - cd="z"; + cd = "z"; cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\""; }; autosuggestion.enable = true; @@ -6056,8 +6084,8 @@ Here we set some aliases (some of them should be shellApplications instead) as w ]; defaultKeymap = "emacs"; dirHashes = { - dl = "$HOME/Downloads"; - gh = "$HOME/Documents/GitHub"; + dl = "$HOME/Downloads"; + gh = "$HOME/Documents/GitHub"; }; history = { expireDuplicatesFirst = true; @@ -6124,9 +6152,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl }; mbsync = { enable = true; - create= "maildir"; + create = "maildir"; expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; @@ -6174,9 +6202,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl mu.enable = true; mbsync = { enable = true; - create= "maildir"; + create = "maildir"; expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; @@ -6201,9 +6229,9 @@ Normally I use 4 mail accounts - here I set them all up. Three of them are Googl mu.enable = true; mbsync = { enable = true; - create= "maildir"; + create = "maildir"; expunge = "both"; - patterns = ["*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail"]; + patterns = [ "*" "![Gmail]*" "[Gmail]/Sent Mail" "[Gmail]/Starred" "[Gmail]/All Mail" ]; extraConfig = { channel = { Sync = "All"; @@ -6269,7 +6297,7 @@ Lastly, I am defining some more packages here that the parser has problems findi rev = "3f6ca0d5556fe9795b74714304564f2295dcfa24"; hash = "sha256-w1wmJW7YwXyjvXJOWdN2+k+QmhXr4IflES/c2bCX3CI="; }; - packageRequires = []; + packageRequires = [ ]; }) ]; @@ -6299,15 +6327,15 @@ The rest of this configuration is found here: mainBar = { layer = "top"; position = "top"; - modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window"]; + modules-left = [ "sway/workspaces" "custom/outer-right-arrow-dark" "sway/window" ]; modules-center = [ "sway/mode" "custom/configwarn" ]; "sway/mode" = { format = "{}"; }; "custom/configwarn" = { - exec= "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; - interval= 60; + exec = "bash ~/.dotfiles/scripts/checkconfigstatus.sh"; + interval = 60; }; "group/hardware" = { @@ -6330,14 +6358,14 @@ The rest of this configuration is found here: }; power-profiles-daemon = { - format= "{icon}"; - tooltip-format= "Power profile: {profile}\nDriver: {driver}"; - tooltip= true; - format-icons= { - "default"= ""; - "performance"= ""; - "balanced"= ""; - "power-saver"= ""; + format = "{icon}"; + tooltip-format = "Power profile: {profile}\nDriver: {driver}"; + tooltip = true; + format-icons = { + "default" = ""; + "performance" = ""; + "balanced" = ""; + "power-saver" = ""; }; }; @@ -6349,15 +6377,15 @@ The rest of this configuration is found here: }; mpris = { - format= "{player_icon} {title} [{position}/{length}]"; - format-paused= "{player_icon} {title} [{position}/{length}]"; - player-icons= { + format = "{player_icon} {title} [{position}/{length}]"; + format-paused = "{player_icon} {title} [{position}/{length}]"; + player-icons = { "default" = "▶ "; "mpv" = "🎵 "; "spotify" = " "; }; - status-icons= { - "paused"= " "; + status-icons = { + "paused" = " "; }; interval = 1; title-len = 20; @@ -6368,114 +6396,114 @@ The rest of this configuration is found here: format = ""; tooltip = false; }; - "custom/outer-left-arrow-dark"= { + "custom/outer-left-arrow-dark" = { format = ""; tooltip = false; }; - "custom/left-arrow-light"= { - format= ""; - tooltip= false; + "custom/left-arrow-light" = { + format = ""; + tooltip = false; }; - "custom/right-arrow-dark"= { - format= ""; - tooltip= false; + "custom/right-arrow-dark" = { + format = ""; + tooltip = false; }; - "custom/outer-right-arrow-dark"= { - format= ""; - tooltip= false; + "custom/outer-right-arrow-dark" = { + format = ""; + tooltip = false; }; - "custom/right-arrow-light"= { - format= ""; - tooltip= false; + "custom/right-arrow-light" = { + format = ""; + tooltip = false; }; - "sway/workspaces"= { - disable-scroll= true; - format= "{name}"; + "sway/workspaces" = { + disable-scroll = true; + format = "{name}"; }; - "clock#1"= { - min-length= 8; - interval= 1; - format= "{:%H:%M:%S}"; + "clock#1" = { + min-length = 8; + interval = 1; + format = "{:%H:%M:%S}"; # on-click-right= "gnome-clocks"; - tooltip-format= "{:%Y %B}\n{calendar}"; + tooltip-format = "{:%Y %B}\n{calendar}"; }; - "clock#2"= { - format= "{:%d. %B %Y}"; + "clock#2" = { + format = "{:%d. %B %Y}"; # on-click-right= "gnome-clocks"; - tooltip-format= "{:%Y %B}\n{calendar}"; + tooltip-format = "{:%Y %B}\n{calendar}"; }; - pulseaudio= { - format= "{icon} {volume:2}%"; - format-bluetooth= "{icon} {volume}%"; - format-muted= "MUTE"; - format-icons= { - headphones= ""; - default= [ + pulseaudio = { + format = "{icon} {volume:2}%"; + format-bluetooth = "{icon} {volume}%"; + format-muted = "MUTE"; + format-icons = { + headphones = ""; + default = [ "" "" ]; }; - scroll-step= 1; - on-click= "pamixer -t"; - on-click-right= "pavucontrol"; + scroll-step = 1; + on-click = "pamixer -t"; + on-click-right = "pavucontrol"; }; - memory= { - interval= 5; - format= " {}%"; - tooltip-format= "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; + memory = { + interval = 5; + format = " {}%"; + tooltip-format = "Memory: {used:0.1f}G/{total:0.1f}G\nSwap: {swapUsed}G/{swapTotal}G"; }; - cpu= { - min-length= 6; - interval= 5; - format-icons = ["▁" "▂" "▃" "▄" "▅" "▆" "▇" "█"]; + cpu = { + min-length = 6; + interval = 5; + format-icons = [ "▁" "▂" "▃" "▄" "▅" "▆" "▇" "█" ]; # on-click-right= "com.github.stsdc.monitor"; - on-click-right= "kitty -o confirm_os_window_close=0 btm"; + on-click-right = "kitty -o confirm_os_window_close=0 btm"; }; - battery= { - states= { - "warning"= 60; - "error"= 30; - "critical"= 15; + battery = { + states = { + "warning" = 60; + "error" = 30; + "critical" = 15; }; - interval=5; - format= "{icon} {capacity}%"; - format-charging= "{capacity}% "; - format-plugged= "{capacity}% "; - format-icons= [ + interval = 5; + format = "{icon} {capacity}%"; + format-charging = "{capacity}% "; + format-plugged = "{capacity}% "; + format-icons = [ "" "" "" "" "" ]; - on-click-right= "wlogout -p layer-shell"; + on-click-right = "wlogout -p layer-shell"; }; - disk= { - interval= 30; - format= "Disk {percentage_used:2}%"; - path= "/"; - states= { - "warning"= 80; - "critical"= 90; + disk = { + interval = 30; + format = "Disk {percentage_used:2}%"; + path = "/"; + states = { + "warning" = 80; + "critical" = 90; }; tooltip-format = "{used} used out of {total} on {path} ({percentage_used}%)\n{free} free on {path} ({percentage_free}%)"; }; - tray= { - icon-size= 20; + tray = { + icon-size = 20; }; - network= { + network = { interval = 5; - format-wifi= "{signalStrength}% "; - format-ethernet= ""; - format-linked= "{ifname} (No IP) "; - format-disconnected= "Disconnected ⚠"; - format-alt= "{ifname}: {ipaddr}/{cidr}"; - tooltip-format-ethernet= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; - tooltip-format-wifi= "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + format-wifi = "{signalStrength}% "; + format-ethernet = ""; + format-linked = "{ifname} (No IP) "; + format-disconnected = "Disconnected ⚠"; + format-alt = "{ifname}: {ipaddr}/{cidr}"; + tooltip-format-ethernet = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr}\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; + tooltip-format-wifi = "{ifname} via {gwaddr}: {essid} {ipaddr}/{cidr} \n{signaldBm}dBm @ {frequency}MHz\n\n⇡{bandwidthUpBytes} ⇣{bandwidthDownBytes}"; }; }; }; @@ -6578,11 +6606,12 @@ I used to build the firefox addon =bypass-paywalls-clean= myself here, but the m }; "Home Manager Options" = { - urls = [{ template = "https://home-manager-options.extranix.com/"; - params = [ - { name = "query"; value = "{searchTerms}"; } - ]; - }]; + urls = [{ + template = "https://home-manager-options.extranix.com/"; + params = [ + { name = "query"; value = "{searchTerms}"; } + ]; + }]; icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; definedAliases = [ "@hm" "@ho" "@hmo" ]; @@ -6748,78 +6777,80 @@ Currently, I am too lazy to explain every option here, but most of it is very se modifier = "Mod4"; terminal = "kitty"; menu = "fuzzel"; - bars = [{ command = "waybar";}]; - keybindings = let - inherit (config.wayland.windowManager.sway.config) modifier; - in { - "${modifier}+q" = "kill"; - "${modifier}+f" = "exec firefox"; - "${modifier}+Space" = "exec fuzzel"; - "${modifier}+Shift+Space" = "floating toggle"; - "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; - "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; - "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; - "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; - "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; - "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; - "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; - "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; - "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; - "${modifier}+Shift+F12" = "move scratchpad"; - "${modifier}+F12" = "scratchpad show"; - "${modifier}+c" = "exec qalculate-gtk"; - "${modifier}+p" = "exec pass-fuzzel"; - "${modifier}+o" = "exec pass-fuzzel-otp"; - "${modifier}+Shift+p" = "exec pass-fuzzel --type"; - "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; - "${modifier}+Escape" = "mode $exit"; - # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; - "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; - "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; - "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; - "${modifier}+1" = "workspace 1:一"; - "${modifier}+Shift+1" = "move container to workspace 1:一"; - "${modifier}+2" = "workspace 2:二"; - "${modifier}+Shift+2" = "move container to workspace 2:二"; - "${modifier}+3" = "workspace 3:三"; - "${modifier}+Shift+3" = "move container to workspace 3:三"; - "${modifier}+4" = "workspace 4:四"; - "${modifier}+Shift+4" = "move container to workspace 4:四"; - "${modifier}+5" = "workspace 5:五"; - "${modifier}+Shift+5" = "move container to workspace 5:五"; - "${modifier}+6" = "workspace 6:六"; - "${modifier}+Shift+6" = "move container to workspace 6:六"; - "${modifier}+7" = "workspace 7:七"; - "${modifier}+Shift+7" = "move container to workspace 7:七"; - "${modifier}+8" = "workspace 8:八"; - "${modifier}+Shift+8" = "move container to workspace 8:八"; - "${modifier}+9" = "workspace 9:九"; - "${modifier}+Shift+9" = "move container to workspace 9:九"; - "${modifier}+0" = "workspace 10:十"; - "${modifier}+Shift+0" = "move container to workspace 10:十"; - "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; - "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; - "${modifier}+Left" = "focus left"; - "${modifier}+Right" = "focus right"; - "${modifier}+Down" = "focus down"; - "${modifier}+Up" = "focus up"; - "${modifier}+Shift+Left" = "move left 40px"; - "${modifier}+Shift+Right" = "move right 40px"; - "${modifier}+Shift+Down" = "move down 40px"; - "${modifier}+Shift+Up" = "move up 40px"; - "${modifier}+h" = "focus left"; - "${modifier}+l" = "focus right"; - "${modifier}+j" = "focus down"; - "${modifier}+k" = "focus up"; - "${modifier}+Shift+h" = "move left 40px"; - "${modifier}+Shift+l" = "move right 40px"; - "${modifier}+Shift+j" = "move down 40px"; - "${modifier}+Shift+k" = "move up 40px"; - "${modifier}+Ctrl+Shift+c" = "reload"; - "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; - "${modifier}+r" = "mode resize"; - "${modifier}+Return" = "exec kitty"; - }; + bars = [{ command = "waybar"; }]; + keybindings = + let + inherit (config.wayland.windowManager.sway.config) modifier; + in + { + "${modifier}+q" = "kill"; + "${modifier}+f" = "exec firefox"; + "${modifier}+Space" = "exec fuzzel"; + "${modifier}+Shift+Space" = "floating toggle"; + "${modifier}+e" = "exec emacsclient -nquc -a emacs -e \"(dashboard-open)\""; + "${modifier}+Shift+m" = "exec emacsclient -nquc -a emacs -e \"(mu4e)\""; + "${modifier}+Shift+c" = "exec emacsclient -nquc -a emacs -e \"(swarsel/open-calendar)\""; + "${modifier}+Shift+s" = "exec \"bash ~/.dotfiles/scripts/checkspotify.sh\""; + "${modifier}+m" = "exec \"bash ~/.dotfiles/scripts/checkspotifytui.sh\""; + "${modifier}+x" = "exec \"bash ~/.dotfiles/scripts/checkkitty.sh\""; + "${modifier}+d" = "exec \"bash ~/.dotfiles/scripts/checkdiscord.sh\""; + "${modifier}+Shift+r" = "exec \"bash ~/.dotfiles/scripts/restart.sh\""; + "${modifier}+Shift+t" = "exec \"bash ~/.dotfiles/scripts/toggle_opacity.sh\""; + "${modifier}+Shift+F12" = "move scratchpad"; + "${modifier}+F12" = "scratchpad show"; + "${modifier}+c" = "exec qalculate-gtk"; + "${modifier}+p" = "exec pass-fuzzel"; + "${modifier}+o" = "exec pass-fuzzel-otp"; + "${modifier}+Shift+p" = "exec pass-fuzzel --type"; + "${modifier}+Shift+o" = "exec pass-fuzzel-otp --type"; + "${modifier}+Escape" = "mode $exit"; + # "${modifier}+Shift+Escape" = "exec com.github.stsdc.monitor"; + "${modifier}+Shift+Escape" = "exec kitty -o confirm_os_window_close=0 btm"; + "${modifier}+s" = "exec grim -g \"$(slurp)\" -t png - | wl-copy -t image/png"; + "${modifier}+i" = "exec \"bash ~/.dotfiles/scripts/startup.sh\""; + "${modifier}+1" = "workspace 1:一"; + "${modifier}+Shift+1" = "move container to workspace 1:一"; + "${modifier}+2" = "workspace 2:二"; + "${modifier}+Shift+2" = "move container to workspace 2:二"; + "${modifier}+3" = "workspace 3:三"; + "${modifier}+Shift+3" = "move container to workspace 3:三"; + "${modifier}+4" = "workspace 4:四"; + "${modifier}+Shift+4" = "move container to workspace 4:四"; + "${modifier}+5" = "workspace 5:五"; + "${modifier}+Shift+5" = "move container to workspace 5:五"; + "${modifier}+6" = "workspace 6:六"; + "${modifier}+Shift+6" = "move container to workspace 6:六"; + "${modifier}+7" = "workspace 7:七"; + "${modifier}+Shift+7" = "move container to workspace 7:七"; + "${modifier}+8" = "workspace 8:八"; + "${modifier}+Shift+8" = "move container to workspace 8:八"; + "${modifier}+9" = "workspace 9:九"; + "${modifier}+Shift+9" = "move container to workspace 9:九"; + "${modifier}+0" = "workspace 10:十"; + "${modifier}+Shift+0" = "move container to workspace 10:十"; + "XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%"; + "XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%"; + "${modifier}+Left" = "focus left"; + "${modifier}+Right" = "focus right"; + "${modifier}+Down" = "focus down"; + "${modifier}+Up" = "focus up"; + "${modifier}+Shift+Left" = "move left 40px"; + "${modifier}+Shift+Right" = "move right 40px"; + "${modifier}+Shift+Down" = "move down 40px"; + "${modifier}+Shift+Up" = "move up 40px"; + "${modifier}+h" = "focus left"; + "${modifier}+l" = "focus right"; + "${modifier}+j" = "focus down"; + "${modifier}+k" = "focus up"; + "${modifier}+Shift+h" = "move left 40px"; + "${modifier}+Shift+l" = "move right 40px"; + "${modifier}+Shift+j" = "move down 40px"; + "${modifier}+Shift+k" = "move up 40px"; + "${modifier}+Ctrl+Shift+c" = "reload"; + "${modifier}+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'"; + "${modifier}+r" = "mode resize"; + "${modifier}+Return" = "exec kitty"; + }; modes = { resize = { Down = "resize grow height 10 px or 10 ppt"; @@ -6832,8 +6863,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se }; defaultWorkspace = "workspace 1:一"; startup = [ - { command = "kitty -T kittyterm";} - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} + { command = "kitty -T kittyterm"; } + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player"; } ]; window = { border = 1; @@ -6845,28 +6876,28 @@ Currently, I am too lazy to explain every option here, but most of it is very se floating = { border = 1; criteria = [ - {title = "^Picture-in-Picture$";} - {app_id = "qalculate-gtk";} - {app_id = "org.gnome.clocks";} - {app_id = "com.github.stsdc.monitor";} - {app_id = "blueman";} - {app_id = "pavucontrol";} - {app_id = "syncthingtray";} - {title = "Syncthing Tray";} - {app_id = "SchildiChat";} - {app_id = "Element";} - {app_id = "com.nextcloud.desktopclient.nextcloud";} - {app_id = "gnome-system-monitor";} - {title = "(?:Open|Save) (?:File|Folder|As)";} - {title = "^Add$";} - {title = "com-jgoodies-jdiskreport-JDiskReport";} - {app_id = "discord";} - {window_role = "pop-up";} - {window_role = "bubble";} - {window_role = "dialog";} - {window_role = "task_dialog";} - {window_role = "menu";} - {window_role = "Preferences";} + { title = "^Picture-in-Picture$"; } + { app_id = "qalculate-gtk"; } + { app_id = "org.gnome.clocks"; } + { app_id = "com.github.stsdc.monitor"; } + { app_id = "blueman"; } + { app_id = "pavucontrol"; } + { app_id = "syncthingtray"; } + { title = "Syncthing Tray"; } + { app_id = "SchildiChat"; } + { app_id = "Element"; } + { app_id = "com.nextcloud.desktopclient.nextcloud"; } + { app_id = "gnome-system-monitor"; } + { title = "(?:Open|Save) (?:File|Folder|As)"; } + { title = "^Add$"; } + { title = "com-jgoodies-jdiskreport-JDiskReport"; } + { app_id = "discord"; } + { window_role = "pop-up"; } + { window_role = "bubble"; } + { window_role = "dialog"; } + { window_role = "task_dialog"; } + { window_role = "menu"; } + { window_role = "Preferences"; } ]; titlebar = false; }; @@ -6893,19 +6924,19 @@ Currently, I am too lazy to explain every option here, but most of it is very se { command = "sticky enable, shadows enable"; criteria = { - title="^Picture-in-Picture$"; + title = "^Picture-in-Picture$"; }; } { command = "opacity 0.8, sticky enable, border normal, move container to scratchpad"; criteria = { - title="^kittyterm$"; + title = "^kittyterm$"; }; } { command = "opacity 0.95, sticky enable, border normal, move container to scratchpad"; criteria = { - title="^spotifytui$"; + title = "^spotifytui$"; }; } # { @@ -6919,7 +6950,7 @@ Currently, I am too lazy to explain every option here, but most of it is very se command = "resize set width 60 ppt height 60 ppt, sticky enable, move container to scratchpad"; criteria = { - class="Spotify"; + class = "Spotify"; }; } { @@ -6946,24 +6977,25 @@ Currently, I am too lazy to explain every option here, but most of it is very se inner = 5; }; }; - extraSessionCommands ='' - export SDL_VIDEODRIVER=wayland - export QT_QPA_PLATFORM=wayland - export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" - export _JAVA_AWT_WM_NONREPARENTING=1 - export XDG_CURRENT_DESKTOP=sway - export XDG_SESSION_DESKTOP=sway - export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; - export ANKI_WAYLAND=1; - export OBSIDIAN_USE_WAYLAND=1; - ''; + extraSessionCommands = '' + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export XDG_CURRENT_DESKTOP=sway + export XDG_SESSION_DESKTOP=sway + export QTWEBENGINE_CHROMIUM_FLAGS="--no-sandbox"; + export ANKI_WAYLAND=1; + export OBSIDIAN_USE_WAYLAND=1; + ''; # extraConfigEarly = " # exec systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK # "; - extraConfig =let - inherit (config.wayland.windowManager.sway.config) modifier; - swayfxSettings = " + extraConfig = + let + inherit (config.wayland.windowManager.sway.config) modifier; + swayfxSettings = " blur enable blur_xray disable blur_passes 1 @@ -6973,7 +7005,8 @@ Currently, I am too lazy to explain every option here, but most of it is very se titlebar_separator disable default_dim_inactive 0.02 "; - in " + in + " exec_always autotiling set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" mode $exit { diff --git a/flake.lock b/flake.lock index 1399b51..b2d96e1 100644 --- a/flake.lock +++ b/flake.lock @@ -237,24 +237,6 @@ "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", "type": "github" }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1719994518, - "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", - "type": "github" - }, "original": { "id": "flake-parts", "type": "indirect" @@ -535,25 +517,6 @@ "type": "github" } }, - "nix-gaming": { - "inputs": { - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_3" - }, - "locked": { - "lastModified": 1720920199, - "narHash": "sha256-0dNwRhtUVQha5S+NFeoeMXEt/6v0x56DCdyUk+vEFeY=", - "owner": "fufexan", - "repo": "nix-gaming", - "rev": "fce565402d5b1ed4e92c4a9dfcd094d0172d8f0b", - "type": "github" - }, - "original": { - "owner": "fufexan", - "repo": "nix-gaming", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": "nixpkgs_2" @@ -620,7 +583,7 @@ "nixgl": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1713543440, @@ -732,18 +695,6 @@ "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" } }, - "nixpkgs-lib_2": { - "locked": { - "lastModified": 1719876945, - "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" - } - }, "nixpkgs-stable": { "locked": { "lastModified": 1720954236, @@ -825,22 +776,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1720781449, - "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8b5a3d5a1d951344d683b442c0739010b80039db", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1660551188, "narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=", @@ -855,6 +790,22 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1720957393, + "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_5": { "locked": { "lastModified": 1720957393, @@ -872,22 +823,6 @@ } }, "nixpkgs_6": { - "locked": { - "lastModified": 1720957393, - "narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_7": { "locked": { "lastModified": 1720781449, "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=", @@ -903,7 +838,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1714912032, "narHash": "sha256-clkcOIkg8G4xuJh+1onLG4HPMpbtzdLv4rHxFzgsH9c=", @@ -969,8 +904,8 @@ }, "nswitch-rcm-nix": { "inputs": { - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_6" + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1721302286, @@ -1034,13 +969,12 @@ "home-manager": "home-manager", "lanzaboote": "lanzaboote", "nix-alien": "nix-alien", - "nix-gaming": "nix-gaming", "nix-index-database": "nix-index-database_2", "nix-on-droid": "nix-on-droid", "nixgl": "nixgl", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "nixpkgs-stable": "nixpkgs-stable_3", "nswitch-rcm-nix": "nswitch-rcm-nix", "nur": "nur", @@ -1075,7 +1009,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-stable": "nixpkgs-stable_4" }, "locked": { @@ -1104,7 +1038,7 @@ "flake-compat": "flake-compat_3", "gnome-shell": "gnome-shell", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1720818679, diff --git a/flake.nix b/flake.nix index 9142c2d..70e794c 100644 --- a/flake.nix +++ b/flake.nix @@ -47,11 +47,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # patches for gaming on nix - nix-gaming = { - url = "github:fufexan/nix-gaming"; - }; - # hardware quirks on nix nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; @@ -87,6 +82,7 @@ lanzaboote, nixos-hardware, nix-alien, + nixos-generators, nswitch-rcm-nix, nix-index-database, ... @@ -151,7 +147,7 @@ modules = nixModules ++ [ - ./profiles/onett/nixos.nix + ./profles/onett/nixos.nix home-manager.nixosModules.home-manager { home-manager.users.swarsel.imports = @@ -368,6 +364,13 @@ }; packages.x86_64-linux = { + proxmox-lxc = nixos-generators.nixosGenerate { + inherit system; + modules = [ + ./profiles/server1/TEMPLATE/nixos.nix + ]; + format = "proxmox-lxc"; + }; }; }; } diff --git a/index.html b/index.html index f08a3af..6571e4b 100644 --- a/index.html +++ b/index.html @@ -3,7 +3,7 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> - + SwarselSystems: NixOS + Emacs Configuration @@ -261,7 +261,7 @@
  • 3.3.6. Linking dotfiles
  • 3.3.7. Sourcing environment variables
  • 3.3.8. Programs
    • -
  • 3.3.9. nix-index
    • +
  • 3.3.9. nix-index
  • 3.3.10. password-store
  • 3.3.11. direnv
  • 3.3.12. eza
    • @@ -329,41 +329,42 @@ @@ -388,7 +389,7 @@

    -This file has 41233 words spanning 10941 lines and was last revised on 2024-07-19 14:29:02 +0200. +This file has 41226 words spanning 10979 lines and was last revised on 2024-07-20 00:04:46 +0200.

    @@ -438,7 +439,7 @@ This section defines my Emacs configuration. For a while, I considered to use ry

    -My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-19 14:29:02 +0200) +My emacs is built using the emacs-overlay nix flake, which builds a bleeding edge emacs on wayland (pgtk) with utilities like treesitter support. By executing the below source block, the current build setting can be updated at any time, and you can see my most up-to-date build options (last updated: 2024-07-20 00:04:46 +0200)

    @@ -564,7 +565,7 @@ stylix = { }; monospace = { - package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }; + package = pkgs.nerdfonts.override { fonts = [ "FiraCode" ]; }; name = "FiraCode Nerd Font Mono"; }; @@ -575,8 +576,6 @@ stylix = { }; }; - - @@ -594,22 +593,23 @@ The most part of this configuration is done here: 
    -programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                  "mpris"
-                                                  "custom/left-arrow-light"
-                                                  "network"
-                                                  "custom/left-arrow-dark"
-                                                  "pulseaudio"
-                                                  "custom/left-arrow-light"
-                                                  "custom/pseudobat"
-                                                  "battery"
-                                                  "custom/left-arrow-dark"
-                                                  "group/hardware"
-                                                  "custom/left-arrow-light"
-                                                  "clock#2"
-                                                  "custom/left-arrow-dark"
-                                                  "clock#1"
-                                                 ];
+programs.waybar.settings.mainBar.modules-right = [
+  "custom/outer-left-arrow-dark"
+  "mpris"
+  "custom/left-arrow-light"
+  "network"
+  "custom/left-arrow-dark"
+  "pulseaudio"
+  "custom/left-arrow-light"
+  "custom/pseudobat"
+  "battery"
+  "custom/left-arrow-dark"
+  "group/hardware"
+  "custom/left-arrow-light"
+  "clock#2"
+  "custom/left-arrow-dark"
+  "clock#1"
+];
    @@ -628,26 +628,27 @@ The most part of this configuration is done here: 
    -programs.waybar.settings.mainBar."custom/pseudobat"= {
-  format= "";
-  on-click-right= "wlogout -p layer-shell";
+programs.waybar.settings.mainBar."custom/pseudobat" = {
+  format = "";
+  on-click-right = "wlogout -p layer-shell";
 };
-programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
-                                                  "mpris"
-                                                  "custom/left-arrow-light"
-                                                  "network"
-                                                  "custom/left-arrow-dark"
-                                                  "pulseaudio"
-                                                  "custom/left-arrow-light"
-                                                  "custom/pseudobat"
-                                                  "battery"
-                                                  "custom/left-arrow-dark"
-                                                  "group/hardware"
-                                                  "custom/left-arrow-light"
-                                                  "clock#2"
-                                                  "custom/left-arrow-dark"
-                                                  "clock#1"
-                                                 ];
+programs.waybar.settings.mainBar.modules-right = [
+  "custom/outer-left-arrow-dark"
+  "mpris"
+  "custom/left-arrow-light"
+  "network"
+  "custom/left-arrow-dark"
+  "pulseaudio"
+  "custom/left-arrow-light"
+  "custom/pseudobat"
+  "battery"
+  "custom/left-arrow-dark"
+  "group/hardware"
+  "custom/left-arrow-light"
+  "clock#2"
+  "custom/left-arrow-dark"
+  "clock#1"
+];
    @@ -678,12 +679,12 @@ Do not that syncthingtray is also not mentioned here. It is install 
    -{ command = "nextcloud --background";}
-{ command = "discord --start-minimized";}
-{ command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
-{ command = "ANKI_WAYLAND=1 anki";}
-{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
-{ command = "nm-applet";}
+{ command = "nextcloud --background"; }
+{ command = "discord --start-minimized"; }
+{ command = "element-desktop --hidden  -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; }
+{ command = "ANKI_WAYLAND=1 anki"; }
+{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian"; }
+{ command = "nm-applet"; }
    @@ -714,10 +715,10 @@ services.gpg-agent = { defaultCacheTtl = 600; maxCacheTtl = 7200; extraConfig = '' - allow-loopback-pinentry - allow-emacs-pinentry + allow-loopback-pinentry + allow-emacs-pinentry ''; - }; +}; @@ -778,7 +779,7 @@ services = { }; }; -nix.settings.experimental-features = ["nix-command" "flakes"]; +nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -831,7 +832,7 @@ services = { }; }; -nix.settings.experimental-features = ["nix-command" "flakes"]; +nix.settings.experimental-features = [ "nix-command" "flakes" ]; proxmoxLXC = { manageNetwork = true; # manage network myself @@ -899,6 +900,7 @@ sops-nix, lanzaboote, nixos-hardware, nix-alien, +nixos-generators, nswitch-rcm-nix, nix-index-database, @@ -911,7 +913,7 @@ A short overview over each input and what it does: