diff --git a/.sops.yaml b/.sops.yaml index 30cdba4..2b86493 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -16,6 +16,8 @@ keys: - &server_sound age1w7tfe7k0r0hm6mzz0kmz8302kfn0rlh96w7g6zwqd4muqg7u9anqv07745 - &server_sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h - &server_paperless age1j4y7mwh6hg8kvktgvq5g3xstnmlnaxkdhfrps8lnl029nfpr03dq2nr4cd + - &server_sandbox age1d4ywpqztawcw0eswn42udt4hhcktdcrm54v9kmt3uspkwkz8e52qx7d5aa + - &server_omatrix age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q creation_rules: - path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$ key_groups: @@ -80,3 +82,15 @@ creation_rules: - *admin_swarsel age: - *server_paperless + - path_regex: secrets/sandbox/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *admin_swarsel + age: + - *server_sandbox + - path_regex: secrets/omatrix/[^/]+\.(yaml|json|env|ini)$ + key_groups: + - pgp: + - *admin_swarsel + age: + - *server_omatrix diff --git a/Emacs.org b/Emacs.org index 3364f77..94fb388 100644 --- a/Emacs.org +++ b/Emacs.org @@ -52,7 +52,7 @@ swarsel-anki-org-file "Anki.org" swarsel-tasks-org-file "Tasks.org" swarsel-archive-org-file "Archive.org" - swarsel-org-folder-name "Org" + swarsel-org-folder-name "org" swarsel-obsidian-daily-folder-name "⭐ Personal/Journal" swarsel-obsidian-folder-name "Obsidian" swarsel-obsidian-vault-name "Main") @@ -354,17 +354,10 @@ Base emacs undo logic is very useful, but not easy to understand. I prefer undo- "mm" '((lambda () (interactive) (mu4e)) :which-key "mu4e") "mg" '((lambda () (interactive) (magit-list-repositories)) :which-key "magit-list-repos") "mc" '((lambda () (interactive) (swarsel/open-calendar)) :which-key "calendar") - "a" '(:ignore a :which-key "agenda") - "at" '((lambda () (interactive) (org-agenda nil "t")) :which-key "agenda tasks") - "aa" '((lambda () (interactive) (org-agenda nil "a")) :which-key "agenda today") - "as" '((lambda () (interactive) (org-agenda nil "s")) :which-key "agenda search") - "an" '((lambda () (interactive) (org-agenda nil "n")) :which-key "agenda all") - "ar" '((lambda () (interactive) (org-agenda-refile)) :which-key "agenda refile") "mp" '(popper-toggle :which-key "popper") "md" '(dirvish :which-key "dirvish") - "c" '(:ignore c :which-key "capture") + ;; "c" '(:ignore c :which-key "capture") ;; "cj" '((lambda () (interactive) (org-capture nil "jj")) :which-key "journal") - "ct" '((lambda () (interactive) (org-capture nil "tt")) :which-key "tasks") ;; "cs" '(markdown-download-screenshot :which-key "screenshot") "l" '(:ignore l :which-key "links") "le" '((lambda () (interactive) (find-file swarsel-emacs-org-filepath)) :which-key "Emacs.org") @@ -814,138 +807,135 @@ Soon I want to try out this new hot stuff - just at the moment there is too much #+begin_src emacs-lisp - (defun swarsel/org-mode-setup () - (org-indent-mode) - (variable-pitch-mode 1) - ;;(auto-fill-mode 0) - (setq display-line-numbers-type 'relative - display-line-numbers-current-absolute 1 - display-line-numbers-width-start nil - display-line-numbers-width 6 - display-line-numbers-grow-only 1) - (add-hook 'org-tab-first-hook 'org-end-of-line) - (visual-line-mode 1)) - ;; (setq evil-auto-indent nil) - ;;(diminish org-indent-mode) + (defun swarsel/org-mode-setup () + (org-indent-mode) + (variable-pitch-mode 1) + ;;(auto-fill-mode 0) + (setq display-line-numbers-type 'relative + display-line-numbers-current-absolute 1 + display-line-numbers-width-start nil + display-line-numbers-width 6 + display-line-numbers-grow-only 1) + (add-hook 'org-tab-first-hook 'org-end-of-line) + (visual-line-mode 1)) + ;; (setq evil-auto-indent nil) + ;;(diminish org-indent-mode) - ;; (defun swarsel/org-font-setup () - ;; ;; Replace list hyphen with dot - ;; (font-lock-add-keywords 'org-mode - ;; '(("^ *\\([-]\\) " - ;; (0 (prog1 () (compose-region (match-beginning 1) (match-end 1) "•"))))))) + ;; (defun swarsel/org-font-setup () + ;; ;; Replace list hyphen with dot + ;; (font-lock-add-keywords 'org-mode + ;; '(("^ *\\([-]\\) " + ;; (0 (prog1 () (compose-region (match-beginning 1) (match-end 1) "•"))))))) - (use-package org - ;;:diminish (org-indent-mode) - :hook (org-mode . swarsel/org-mode-setup) - :bind ("C-" . org-fold-outer) - :config - (setq org-ellipsis " ⤵" - org-hide-emphasis-markers t) - (setq org-startup-folded t) - (setq org-support-shift-select t) - ;; (setq org-agenda-start-with-log-mode t) - ;; (setq org-log-done 'time) - ;; (setq org-log-into-drawer t) - (setq org-startup-with-inline-images t) - (setq org-image-actual-width nil) - (setq org-format-latex-options '(:foreground "White" :background default :scale 2.0 :html-foreground "Black" :html-background "Transparent" :html-scale 1.0 :matchers ("begin" "$1" "$" "$$" "\\(" "\\["))) + (use-package org + ;;:diminish (org-indent-mode) + :hook (org-mode . swarsel/org-mode-setup) + :bind ("C-" . org-fold-outer) + :config + (setq org-ellipsis " ⤵" + org-hide-emphasis-markers t) + (setq org-startup-folded t) + (setq org-support-shift-select t) + ;; (setq org-agenda-start-with-log-mode t) + ;; (setq org-log-done 'time) + ;; (setq org-log-into-drawer t) + (setq org-startup-with-inline-images t) + (setq org-image-actual-width nil) + (setq org-format-latex-options '(:foreground "White" :background default :scale 2.0 :html-foreground "Black" :html-background "Transparent" :html-scale 1.0 :matchers ("begin" "$1" "$" "$$" "\\(" "\\["))) - (setq org-agenda-files - '("/home/swarsel/Nextcloud/Org/Tasks.org" - "/home/swarsel/Nextcloud/Org/Archive.org" - "/home/swarsel/Calendars/leon_cal.org")) - ;; swarsel-org-anki-filepath)) - ;; (setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org")) + ;; (setq org-agenda-files + ;; '(swarsel-org-tasks-filepath + ;; swarsel-org-archive-filepath + ;; swarsel-org-anki-filepath)) + (setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org")) - ;; (require 'org-habit) - ;; (add-to-list 'org-modules 'org-habit) - ;; (setq org-habit-graph-column 60) + ;; (require 'org-habit) + ;; (add-to-list 'org-modules 'org-habit) + ;; (setq org-habit-graph-column 60) - ;; (setq org-todo-keywords - ;; '((sequence "TODO(t)" "NEXT(n)" "|" "X1DONE(d!)") - ;; (sequence "BACKLOG(b)" "PLAN(p)" "READY(r)" "ACTIVE(a)" "REVIEW(v)" "WAIT(w@/!)" "HOLD(h)" "|" "COMPLETED(c)" "CANC(k@)"))) + ;; (setq org-todo-keywords + ;; '((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d!)") + ;; (sequence "BACKLOG(b)" "PLAN(p)" "READY(r)" "ACTIVE(a)" "REVIEW(v)" "WAIT(w@/!)" "HOLD(h)" "|" "COMPLETED(c)" "CANC(k@)"))) - (setq org-refile-targets - '((swarsel-archive-org-file :maxlevel . 1) - ;; (swarsel-anki-org-file :maxlevel . 1) - (swarsel-tasks-org-file :maxlevel . 1))) + ;; (setq org-refile-targets + ;; '((swarsel-archive-org-file :maxlevel . 1) + ;; (swarsel-anki-org-file :maxlevel . 1) + ;; (swarsel-tasks-org-file :maxlevel . 1))) - ;; ;; Configure custom agenda views - ;; (setq org-agenda-custom-commands - ;; '(("d" "Dashboard" - ;; ((agenda "" ((org-deadline-warning-days 7))) - ;; (todo "NEXT" - ;; ((org-agenda-overriding-header "Next Tasks"))) - ;; (tags-todo "agenda/ACTIVE" ((org-agenda-overriding-header "Active Projects"))))) + ;; ;; Configure custom agenda views + ;; (setq org-agenda-custom-commands + ;; '(("d" "Dashboard" + ;; ((agenda "" ((org-deadline-warning-days 7))) + ;; (todo "NEXT" + ;; ((org-agenda-overriding-header "Next Tasks"))) + ;; (tags-todo "agenda/ACTIVE" ((org-agenda-overriding-header "Active Projects"))))) - ;; ("n" "Next Tasks" - ;; ((todo "NEXT" - ;; ((org-agenda-overriding-header "Next Tasks"))))) + ;; ("n" "Next Tasks" + ;; ((todo "NEXT" + ;; ((org-agenda-overriding-header "Next Tasks"))))) - ;; ("W" "Work Tasks" tags-todo "+work-email") + ;; ("W" "Work Tasks" tags-todo "+work-email") - ;; ;; Low-effort next actions - ;; ("e" tags-todo "+TODO=\"NEXT\"+Effort<15&+Effort>0" - ;; ((org-agenda-overriding-header "Low Effort Tasks") - ;; (org-agenda-max-todos 20) - ;; (org-agenda-files org-agenda-files))) + ;; ;; Low-effort next actions + ;; ("e" tags-todo "+TODO=\"NEXT\"+Effort<15&+Effort>0" + ;; ((org-agenda-overriding-header "Low Effort Tasks") + ;; (org-agenda-max-todos 20) + ;; (org-agenda-files org-agenda-files))) - ;; ("w" "Workflow Status" - ;; ((todo "WAIT" - ;; ((org-agenda-overriding-header "Waiting on External") - ;; (org-agenda-files org-agenda-files))) - ;; (todo "REVIEW" - ;; ((org-agenda-overriding-header "In Review") - ;; (org-agenda-files org-agenda-files))) - ;; (todo "PLAN" - ;; ((org-agenda-overriding-header "In Planning") - ;; (org-agenda-todo-list-sublevels nil) - ;; (org-agenda-files org-agenda-files))) - ;; (todo "BACKLOG" - ;; ((org-agenda-overriding-header "Project Backlog") - ;; (org-agenda-todo-list-sublevels nil) - ;; (org-agenda-files org-agenda-files))) - ;; (todo "READY" - ;; ((org-agenda-overriding-header "Ready for Work") - ;; (org-agenda-files org-agenda-files))) - ;; (todo "ACTIVE" - ;; ((org-agenda-overriding-header "Active Projects") - ;; (org-agenda-files org-agenda-files))) - ;; (todo "COMPLETED" - ;; ((org-agenda-overriding-header "Completed Projects") - ;; (org-agenda-files org-agenda-files))) - ;; (todo "CANC" - ;; ((org-agenda-overriding-header "Cancelled Projects") - ;; (org-agenda-files org-agenda-files))))))) + ;; ("w" "Workflow Status" + ;; ((todo "WAIT" + ;; ((org-agenda-overriding-header "Waiting on External") + ;; (org-agenda-files org-agenda-files))) + ;; (todo "REVIEW" + ;; ((org-agenda-overriding-header "In Review") + ;; (org-agenda-files org-agenda-files))) + ;; (todo "PLAN" + ;; ((org-agenda-overriding-header "In Planning") + ;; (org-agenda-todo-list-sublevels nil) + ;; (org-agenda-files org-agenda-files))) + ;; (todo "BACKLOG" + ;; ((org-agenda-overriding-header "Project Backlog") + ;; (org-agenda-todo-list-sublevels nil) + ;; (org-agenda-files org-agenda-files))) + ;; (todo "READY" + ;; ((org-agenda-overriding-header "Ready for Work") + ;; (org-agenda-files org-agenda-files))) + ;; (todo "ACTIVE" + ;; ((org-agenda-overriding-header "Active Projects") + ;; (org-agenda-files org-agenda-files))) + ;; (todo "COMPLETED" + ;; ((org-agenda-overriding-header "Completed Projects") + ;; (org-agenda-files org-agenda-files))) + ;; (todo "CANC" + ;; ((org-agenda-overriding-header "Cancelled Projects") + ;; (org-agenda-files org-agenda-files))))))) - (setq org-capture-templates - `( - ;; ("a" "Anki basic" - ;; entry - ;; (file+headline swarsel-org-anki-filepath "Dispatch") - ;; (function swarsel-anki-make-template-string)) + ;; (setq org-capture-templates + ;; `( + ;; ("a" "Anki basic" + ;; entry + ;; (file+headline swarsel-org-anki-filepath "Dispatch") + ;; (function swarsel-anki-make-template-string)) - ;; ("A" "Anki cloze" - ;; entry - ;; (file+headline org-swarsel-anki-file "Dispatch") - ;; "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: Cloze\n:ANKI_DECK: 🦁 All::01 ❤️ Various::00 ✨ Allgemein\n:END:\n** Text\n%?\n** Extra\n") + ;; ("A" "Anki cloze" + ;; entry + ;; (file+headline org-swarsel-anki-file "Dispatch") + ;; "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: Cloze\n:ANKI_DECK: 🦁 All::01 ❤️ Various::00 ✨ Allgemein\n:END:\n** Text\n%?\n** Extra\n") + ;; ("t" "Tasks / Projects") + ;; ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox") + ;; "* TODO %?\n %U\n %a\n %i" :empty-lines 1) - ("t" "Tasks / Projects") - ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox") - "* TODO %?\n %U\n %i" :empty-lines 1) + ;; ("j" "Journal Entries") + ;; ("jj" "Journal" entry + ;; (file+olp+datetree swarsel-org-journal-filepath) + ;; "\n* %<%I:%M %p> - Journal :journal:\n\n%?\n\n" + ;; ;; ,(dw/read-file-as-string "~/Notes/Templates/Daily.org") + ;; :clock-in :clock-resume + ;; :empty-lines 1))) - ;; ("j" "Journal Entries") - ;; ("jj" "Journal" entry - ;; (file+olp+datetree swarsel-org-journal-filepath) - ;; "\n* %<%I:%M %p> - Journal :journal:\n\n%?\n\n" - ;; ;; ,(dw/read-file-as-string "~/Notes/Templates/Daily.org") - ;; :clock-in :clock-resume - ;; :empty-lines 1) - )) - - ;; (swarsel/org-font-setup) - ) + ;; (swarsel/org-font-setup) + ) #+end_src ** Font Faces diff --git a/Nix.org b/Nix.org index 6240a1f..4469262 100644 --- a/Nix.org +++ b/Nix.org @@ -118,12 +118,13 @@ This is where the theme for the whole OS is defined. This noweb-ref section cann #+begin_src nix :noweb-ref startupnixos { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } #+end_src @@ -211,6 +212,8 @@ This is where the theme for the whole OS is defined. This noweb-ref section cann lanzaboote, pia, nixpkgs-mautrix-signal, + nix-gaming, + nixos-hardware, #+end_src @@ -271,6 +274,15 @@ This is where the theme for the whole OS is defined. This noweb-ref section cann url = github:niklaskorz/nixpkgs/nixos-23.11-mautrix-signal; }; + # patches for gaming on nix + nix-gaming = { + url = github:fufexan/nix-gaming; + }; + + # hardware quirks on nix + nixos-hardware = { + url = github:NixOS/nixos-hardware/master; + }; #+end_src *** let @@ -317,158 +329,172 @@ This is where the theme for the whole OS is defined. This noweb-ref section cann #+begin_src nix :noweb-ref flakenixosconf - onett = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/onett/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/onett/home.nix - ]; - } - ]; - }; + onett = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/onett/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/onett/home.nix + ]; + } + ]; + }; - twoson = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/twoson/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/twoson/home.nix - ]; - } - ]; - }; + sandbox = nixpkgs.lib.nixosSystem { + pkgs = pkgsmautrix; + specialArgs.unstable = nixpkgs-mautrix-signal; + modules = [ + sops-nix.nixosModules.sops + ./profiles/sandbox/nixos.nix + ]; + }; - threed = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - lanzaboote.nixosModules.lanzaboote - ./profiles/threed/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/threed/home.nix - ]; - } - ]; - }; + twoson = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/twoson/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/twoson/home.nix + ]; + } + ]; + }; - fourside = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/fourside/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.swarsel.imports = mixedModules ++ [ - ./profiles/fourside/home.nix - ]; - } - ]; - }; + threed = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + lanzaboote.nixosModules.lanzaboote + ./profiles/threed/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/threed/home.nix + ]; + } + ]; + }; - stand = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = nixModules ++ [ - ./profiles/stand/nixos.nix - home-manager.nixosModules.home-manager - { - home-manager.users.homelen.imports = mixedModules ++ [ - ./profiles/stand/home.nix - ]; - } - ]; - }; + fourside = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 + ./profiles/fourside/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.swarsel.imports = mixedModules ++ [ + ./profiles/fourside/home.nix + ]; + } + ]; + }; - nginx = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/server1/nginx/nixos.nix - ]; - }; + stand = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = nixModules ++ [ + ./profiles/stand/nixos.nix + home-manager.nixosModules.home-manager + { + home-manager.users.homelen.imports = mixedModules ++ [ + ./profiles/stand/home.nix + ]; + } + ]; + }; - calibre = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/server1/calibre/nixos.nix - ]; - }; + nginx = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + ./profiles/server1/nginx/nixos.nix + ]; + }; - jellyfin = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - # sops-nix.nixosModules.sops - ./profiles/server1/jellyfin/nixos.nix - ]; - }; + calibre = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + ./profiles/server1/calibre/nixos.nix + ]; + }; - transmission = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - pia.nixosModule - ./profiles/server1/transmission/nixos.nix - ]; - }; + jellyfin = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + # sops-nix.nixosModules.sops + ./profiles/server1/jellyfin/nixos.nix + ]; + }; - matrix = nixpkgs.lib.nixosSystem { - # specialArgs = {inherit pkgsmautrix; }; - pkgs = pkgsmautrix; - # this is to import a service module that is not on nixpkgs - # this way avoids infinite recursion errors - specialArgs.unstable = nixpkgs-mautrix-signal; - modules = [ - sops-nix.nixosModules.sops - ./profiles/server1/matrix/nixos.nix - ]; - }; + transmission = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + pia.nixosModule + ./profiles/server1/transmission/nixos.nix + ]; + }; - sound = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/server1/sound/nixos.nix - ]; - }; + matrix = nixpkgs.lib.nixosSystem { + # specialArgs = {inherit pkgsmautrix; }; + pkgs = pkgsmautrix; + # this is to import a service module that is not on nixpkgs + # this way avoids infinite recursion errors + specialArgs.unstable = nixpkgs-mautrix-signal; + modules = [ + sops-nix.nixosModules.sops + ./profiles/server1/matrix/nixos.nix + ]; + }; - spotifyd = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/server1/spotifyd/nixos.nix - ]; - }; + sound = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + ./profiles/server1/sound/nixos.nix + ]; + }; - paperless = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/server1/paperless/nixos.nix - ]; - }; + spotifyd = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + ./profiles/server1/spotifyd/nixos.nix + ]; + }; - #ovm swarsel - sync = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/remote/oracle/sync/nixos.nix - ]; - }; + paperless = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + ./profiles/server1/paperless/nixos.nix + ]; + }; - #ovm swarsel - backup = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; - modules = [ - sops-nix.nixosModules.sops - ./profiles/remote/oracle/backup/nixos.nix - ]; - }; + #ovm swarsel + sync = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs pkgs; }; + modules = [ + sops-nix.nixosModules.sops + ./profiles/remote/oracle/sync/nixos.nix + ]; + }; + + #ovm swarsel + swatrix = nixpkgs.lib.nixosSystem { + # specialArgs = {inherit pkgsmautrix; }; + pkgs = pkgsmautrix; + # this is to import a service module that is not on nixpkgs + # this way avoids infinite recursion errors + specialArgs.unstable = nixpkgs-mautrix-signal; + modules = [ + sops-nix.nixosModules.sops + ./profiles/remote/oracle/matrix/nixos.nix + ]; + }; #+end_src *** homeConfigurations @@ -523,8 +549,6 @@ If a non-NixOS host must be used, check the Surface configuration for pointers. No matter what you do, check the initial /etc/nixos/configuration.nix for notable changes that might emerge in future versions of nix. -Also, you will most likely need to update the version and hashsum for the firefox extension `bypass-paywalls-clean`. - *** NixOS #+begin_src nix :noweb yes :tangle profiles/TEMPLATE/nixos.nix @@ -541,18 +565,9 @@ Also, you will most likely need to update the version and hashsum for the firefo }; # Bootloader - # use this for single partition boot - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - # ------------------------------------- - # alternate setup using grub - # boot.loader.grub.enable = true; - # boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work - # boot.loader.grub.useOSProber = true; - # ------------------------------------- + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work + boot.loader.grub.useOSProber = true; # -------------------------------------- # you might need a configuration like this instead: @@ -603,7 +618,7 @@ Also, you will most likely need to update the version and hashsum for the firefo homeDirectory = "/home/TEMPLATE"; stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. keyboard.layout = "us"; # TEMPLATE - packages = with pkgs; [ + home.packages = with pkgs; [ # --------------------------------------------------------------- # if schildichat works on this machine, use it, otherwise go for element # element-desktop @@ -1295,7 +1310,17 @@ New setup for the SP3, this time using NixOS - another machine will take over th { - <> + # <> + imports = + [ + inputs.nix-gaming.nixosModules.steamCompat + ./hardware-configuration.nix + ]; + + nix.settings = { + substituters = ["https://nix-gaming.cachix.org"]; + trusted-public-keys = ["nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="]; + }; services = { getty.autologinUser = "swarsel"; @@ -1305,65 +1330,93 @@ New setup for the SP3, this time using NixOS - another machine will take over th boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; + kernelPackages = pkgs.linuxPackages_latest; }; - networking.hostName = "fourside"; # Define your hostname. + networking = { + hostName = "fourside"; # Define your hostname. + nftables.enable = true; + enableIPv6 = false; + firewall.checkReversePath = false; + firewall = { + enable = true; + allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPortRanges = [ + {from = 27015; to = 27030;} # barotrauma + {from = 27036; to = 27037;} # barotrauma + ]; + allowedUDPPortRanges = [ + {from = 27000; to = 27031;} # barotrauma + ]; + }; + }; + + virtualisation.virtualbox = { + host = { + enable = true; + enableExtensionPack = true; + }; + guest = { + enable = true; + x11 = true; + }; + }; - networking.firewall.enable = false; stylix.image = ../../wallpaper/lenovowp.png; <> hardware = { - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + }; + bluetooth.enable = true; }; - bluetooth.enable = true; + + programs.steam = { + enable = true; + extraCompatPackages = [ + inputs.nix-gaming.packages.${pkgs.system}.proton-ge + ]; }; - # Configure keymap in X11 (only used for login) + # Configure keymap in X11 (only used for login) services.xserver = { layout = "us"; xkbVariant = "altgr-intl"; }; + services.thinkfan = { + enable = false; + }; + services.power-profiles-daemon.enable = true; + users.users.swarsel = { isNormalUser = true; description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" ]; packages = with pkgs; []; }; environment.systemPackages = with pkgs; [ - temurin-bin-17 - - (prismlauncher.override { - glfw = (let - mcWaylandPatchRepo = fetchFromGitHub { - owner = "Admicos"; - repo = "minecraft-wayland"; - rev = "370ce5b95e3ae9bc4618fb45113bc641fbb13867"; - sha256 = - "sha256-RPRg6Gd7N8yyb305V607NTC1kUzvyKiWsh6QlfHW+JE="; - }; - mcWaylandPatches = map (name: "${mcWaylandPatchRepo}/${name}") - (lib.naturalSort (builtins.attrNames (lib.filterAttrs - (name: type: - type == "regular" && lib.hasSuffix ".patch" name) - (builtins.readDir mcWaylandPatchRepo)))); - in glfw-wayland.overrideAttrs (previousAttrs: { - patches = previousAttrs.patches ++ mcWaylandPatches; - }));}) + # gog games installing + heroic + # minecraft + temurin-bin-17 + (prismlauncher.override { + glfw = pkgs.glfw-wayland-minecraft; + }) ]; system.stateVersion = "23.05"; + } #+end_src @@ -1389,7 +1442,8 @@ New setup for the SP3, this time using NixOS - another machine will take over th # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; - temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input"; + # temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input"; + temperature.hwmon-path = "/sys/class/hwmon/hwmon4/temp1_input"; }; <> @@ -1405,7 +1459,6 @@ New setup for the SP3, this time using NixOS - another machine will take over th "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; - # # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; xkb_variant = "altgr-intl"; }; "type:touchpad" = { @@ -1418,8 +1471,8 @@ New setup for the SP3, this time using NixOS - another machine will take over th }; output = { - eDP-1 = { - mode = "1920x1080"; # TEMPLATE + DP-1 = { + mode = "2560x1440"; # TEMPLATE scale = "1"; bg = "~/.dotfiles/wallpaper/lenovowp.png fill"; }; @@ -1428,10 +1481,11 @@ New setup for the SP3, this time using NixOS - another machine will take over th keybindings = let modifier = config.wayland.windowManager.sway.config.modifier; in { - "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessDown"= "exec brightnessctl set 5%-"; "XF86Display" = "exec wl-mirror eDP-1"; + # these are left open to use # "XF86WLAN" = "exec wl-mirror eDP-1"; # "XF86Messenger" = "exec wl-mirror eDP-1"; # "XF86Go" = "exec wl-mirror eDP-1"; @@ -1728,6 +1782,7 @@ In the long run, I am thinking about a transition to kubernetes or using just a }; }; + "sound.swarsel.win" = { enableACME = true; forceSSL = true; @@ -1821,6 +1876,10 @@ In the long run, I am thinking about a transition to kubernetes or using just a }; }; + + + + } #+end_src @@ -3021,6 +3080,354 @@ Make sure to also do this for doublepuppet.yaml #+end_src +*** Swatrix +**** NixOS + +#+begin_src nix :tangle profiles/remote/oracle/matrix/nixos.nix + + { config, pkgs, modulesPath, unstable, sops, ... }: let + matrixDomain = "swatrix.swarsel.win"; + in { + + imports = [ + ./hardware-configuration.nix + (unstable + "/nixos/modules/services/matrix/mautrix-signal.nix") + ]; + + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + matrix-synapse + lottieconverter + ffmpeg + ]; + + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; + sops.defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; + sops.validateSopsFiles = false; + sops.secrets.dnstokenfull = {owner="acme";}; + sops.templates."certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + + documentation = { + enable = false; + }; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + }; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = false; + networking.hostName = "swatrix"; + networking.enableIPv6 = false; + # networking.domain = "subnet03112148.vcn03112148.oraclevcn.com"; + networking.domain = "swarsel.win"; + networking.firewall.extraCommands = '' + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT + ''; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../../secrets/keys/authorized_keys + ]; + + system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change + + environment.shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + + boot.loader.grub.device = "nodev"; + + sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + sops.templates."matrix_user_register.sh".content = '' + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; + sops.templates.matrixshared.owner = "matrix-synapse"; + sops.templates.matrixshared.content = '' + registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + ''; + sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + sops.templates.mautrixtelegram.owner = "matrix-synapse"; + sops.templates.mautrixtelegram.content = '' + MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + ''; + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + + services.matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = true; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + services.mautrix-telegram = { + enable = true; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; + }; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; + }; + systemd.services.mautrix-telegram.path = with pkgs; [ + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) + ]; + + services.mautrix-whatsapp = { + enable = true; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; + }; + }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + services.mautrix-signal = { + enable = true; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + + address= "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + # restart the bridges daily. this is done for the signal bridge mainly which stops carrying + # messages out after a while. + + systemd.timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; + }; + }; + + systemd.services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + + } + +#+end_src + *** Paperless **** NixOS @@ -3074,6 +3481,883 @@ Make sure to also do this for doublepuppet.yaml #+end_src +*** Sandbox (Lenovo Y510P) + +My laptop, sadly soon to be replaced by a new one, since most basic functions are stopping to work lately. + +**** NixOS + +#+begin_src nix :noweb yes :tangle profiles/sandbox/nixos.nix + + { config, pkgs, modulesPath, unstable, sops, ... }: let + matrixDomain = "swatrix.swarsel.win"; + in { + + imports = [ + ./hardware-configuration.nix + # we import here a service that is not available yet on normal nixpkgs + # this module is hence not in the modules list, we add it ourselves + (unstable + "/nixos/modules/services/matrix/mautrix-signal.nix") + ]; + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + users.users.swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp"]; + packages = with pkgs; []; + }; + + # actual config starts here + + fileSystems."/mnt/Eternor" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; + }; + + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + lego + nginx + calibre + openvpn + jq + iptables + busybox + wireguard-tools + matrix-synapse + lottieconverter + ffmpeg + pciutils + alsa-utils + mpv + zfs + ]; + + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + listenAddresses = [{ + port = 22; + addr = "0.0.0.0"; + }]; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../secrets/keys/authorized_keys + ]; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + + environment.shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + + boot.supportedFilesystems = [ "zfs" ]; + boot.zfs.forceImportRoot = false; + networking.hostId = "8a8ad84a"; + + networking.hostName = "sandbox"; # Define your hostname. + networking.enableIPv6 = true; + networking.firewall.enable = false; + + documentation = { + enable = false; + }; + + sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; + sops.defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; + sops.validateSopsFiles = false; + sops.secrets.dnstokenfull = {owner="acme";}; + sops.templates."certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "stash.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "https://192.168.1.5"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + # "/push/" = { + # proxyPass = "http://192.168.2.5:7867"; + # }; + "/.well-known/carddav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + "/.well-known/caldav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + }; + }; + + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + + "sound.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:4040"; + proxyWebsockets = true; + extraConfig = '' + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; + }; + }; + }; + + "scan.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:28981"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "screen.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8096"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "scroll.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8080"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + + }; + }; + + + sops.secrets.kavita = { owner = "kavita";}; + + services.kavita = { + enable = true; + user = "kavita"; + port = 8080; + tokenKeyFile = config.sops.secrets.kavita.path; + }; + + users.users.jellyfin = { + extraGroups = [ "video" "render" ]; + }; + + # nixpkgs.config.packageOverrides = pkgs: { + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + # }; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; + + services.jellyfin = { + enable = true; + user = "jellyfin"; + # openFirewall = true; # this works only for the default ports + }; + + users.groups.vpn = {}; + + users.users.vpn = { + isNormalUser = true; + group = "vpn"; + home = "/home/vpn"; + }; + + boot.kernelModules = [ "tun" ]; + + services.radarr = { + enable = true; + }; + + services.readarr = { + enable = true; + }; + services.sonarr = { + enable = true; + }; + services.lidarr = { + enable = true; + }; + services.prowlarr = { + enable = true; + }; + + networking.firewall.extraCommands = '' + sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP + ''; + networking.iproute2 = { + enable = true; + rttablesExtraConfig = '' + 200 vpn + ''; + }; + boot.kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.enp7s0.rp_filter" = 2; + }; + environment.etc = { + "openvpn/iptables.sh" = + { source = ../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = + { source = ../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = + { source = ../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = + { source = ../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = + { source = ../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; + }; + + sops.secrets.vpnuser = {}; + sops.secrets.rpcuser = {owner="vpn";}; + sops.secrets.vpnpass = {}; + sops.secrets.rpcpass = {owner="vpn";}; + sops.secrets.vpnprot = {}; + sops.secrets.vpnloc = {}; + # sops.secrets.crlpem = {}; + # sops.secrets.capem = {}; + sops.templates."transmission-rpc".owner = "vpn"; + sops.templates."transmission-rpc".content = builtins.toJSON { + rpc-username = config.sops.placeholder.rpcuser; + rpc-password = config.sops.placeholder.rpcpass; + }; + + sops.templates.pia.content = '' + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; + + sops.templates.vpn.content = '' + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + ''; + + services.openvpn.servers = { + pia = { + autoStart = true; + updateResolvConf = false; + config = "config ${config.sops.templates.vpn.path}"; + }; + }; + + services.transmission = { + enable = true; + credentialsFile = config.sops.templates."transmission-rpc".path; + user = "vpn"; + settings = { + + alt-speed-down= 8000; + alt-speed-enabled= false; + alt-speed-time-begin= 0; + alt-speed-time-day= 127; + alt-speed-time-enabled= true; + alt-speed-time-end= 360; + alt-speed-up= 2000; + bind-address-ipv4= "0.0.0.0"; + bind-address-ipv6= "::"; + blocklist-enabled= false; + blocklist-url= "http://www.example.com/blocklist"; + cache-size-mb= 256; + dht-enabled= false; + download-dir= "/test"; + download-limit= 100; + download-limit-enabled= 0; + download-queue-enabled= true; + download-queue-size= 5; + encryption= 2; + idle-seeding-limit= 30; + idle-seeding-limit-enabled= false; + incomplete-dir= "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled= false; + lpd-enabled= false; + max-peers-global= 200; + message-level= 1; + peer-congestion-algorithm= ""; + peer-id-ttl-hours= 6; + peer-limit-global= 100; + peer-limit-per-torrent= 40; + peer-port= 22371; + peer-port-random-high= 65535; + peer-port-random-low= 49152; + peer-port-random-on-start= false; + peer-socket-tos= "default"; + pex-enabled= false; + port-forwarding-enabled= false; + preallocation= 1; + prefetch-enabled= true; + queue-stalled-enabled= true; + queue-stalled-minutes= 30; + ratio-limit= 2; + ratio-limit-enabled= false; + rename-partial-files= true; + rpc-authentication-required= true; + rpc-bind-address= "0.0.0.0"; + rpc-enabled= true; + rpc-host-whitelist= ""; + rpc-host-whitelist-enabled= true; + rpc-port= 9091; + rpc-url= "/transmission/"; + rpc-whitelist= "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled= true; + scrape-paused-torrents-enabled= true; + script-torrent-done-enabled= false; + seed-queue-enabled= false; + seed-queue-size= 10; + speed-limit-down= 6000; + speed-limit-down-enabled= true; + speed-limit-up= 500; + speed-limit-up-enabled= true; + start-added-torrents= true; + trash-original-torrent-files= false; + umask= 2; + upload-limit= 100; + upload-limit-enabled= 0; + upload-slots-per-torrent= 14; + utp-enabled= false; + }; + }; + + # services.nginx = { + # enable = true; + # virtualHosts = { + + # "192.168.1.192" = { + # locations = { + # "/transmission" = { + # proxyPass = "http://127.0.0.1:9091"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + # }; + # }; + # }; + # }; + # }; + + + # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + # sops.templates."matrix_user_register.sh".content = '' + # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + # ''; + # sops.templates.matrixshared.owner = "matrix-synapse"; + # sops.templates.matrixshared.content = '' + # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + # ''; + # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + # sops.templates.mautrixtelegram.owner = "matrix-synapse"; + # sops.templates.mautrixtelegram.content = '' + # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + # ''; + + + + + # ---------------- + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + + services.matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = false; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + services.mautrix-telegram = { + enable = false; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; + }; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; + }; + # systemd.services.mautrix-telegram.path = with pkgs; [ + # lottieconverter # for animated stickers conversion, unfree package + # ffmpeg # if converting animated stickers to webm (very slow!) + # ]; + + services.mautrix-whatsapp = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; + }; + }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + services.mautrix-signal = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + + address= "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + # restart the bridges daily. this is done for the signal bridge mainly which stops carrying + # messages out after a while. + + systemd.timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; + }; + }; + + systemd.services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + + + users.groups.navidrome = { + gid = 61593; + }; + + users.groups.mpd = {}; + + users.users.navidrome = { + isSystemUser = true; + uid = 61593; + group = "navidrome"; + extraGroups = [ "audio" "utmp" ]; + }; + + users.users.mpd = { + isSystemUser = true; + group = "mpd"; + extraGroups = [ "audio" "utmp" ]; + }; + + sound = { + enable = true; + }; + + hardware.enableAllFirmware = true; + + sops.secrets.mpdpass = { owner = "mpd";}; + + services.navidrome = { + enable = true; + settings = { + Address = "0.0.0.0"; + Port = 4040; + MusicFolder = "/mnt/"; + EnableSharing = true; + EnableTranscodingConfig = true; + Scanner.GroupAlbumReleases = true; + ScanSchedule = "@every 24h"; + # Insert these values locally as sops-nix does not work for them + # LastFM.ApiKey = TEMPLATE; + # LastFM.Secret = TEMPLATE; + # Spotify.ID = TEMPLATE; + # Spotify.Secret = TEMPLATE; + UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; + UIWelcomeMessage = "~SwarselSound~"; + }; + }; + services.mpd = { + enable = true; + musicDirectory = "/mnt/Eternor/Musik"; + user = "mpd"; + group = "mpd"; + network = { + port = 3254; + listenAddress = "any"; + }; + credentials = [ + { + passwordFile = config.sops.secrets.mpdpass.path; + permissions = [ + "read" + "add" + "control" + "admin" + ]; + } + ]; + }; + + + users.groups.spotifyd = { + gid = 65136; + }; + + users.users.spotifyd = { + isSystemUser = true; + uid = 65136; + group = "spotifyd"; + extraGroups = [ "audio" "utmp" ]; + }; + + services.spotifyd = { + enable = true; + settings = { + global = { + dbus_type = "session"; + use_mpris = false; + device = "default:CARD=PCH"; + device_name = "SwarselSpot"; + mixer = "alsa"; + zeroconf_port = 1025; + }; + }; + }; + + # Network shares + # add a user with sudo smbpasswd -a + services.samba = { + package = pkgs.samba4Full; + extraConfig = '' + workgroup = WORKGROUP + server role = standalone server + dns proxy = no + + pam password change = yes + map to guest = bad user + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + follow symlinks = yes + ''; + + # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` + # Required for samba to register mDNS records for auto discovery + # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 + enable = true; + # openFirewall = true; + shares.test = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/test2"; + writable = "true"; + comment = "Eternor"; + "valid users" = "@smbtest2"; + }; + }; + + + services.avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + }; + + services.samba-wsdd = { + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + enable = true; + }; + + + + + + + + + + + } + +#+end_src * Common NixOS These are system-level settings specific to NixOS machines. All settings that are required on all machines go here. @@ -3111,6 +4395,15 @@ Section for all settings that are not really deserving of their own section. # enable flakes - urgent line!! nix.settings.experimental-features = ["nix-command" "flakes"]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + # gstreamer plugins for nautilus (used for file metadata) + environment.sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + # correct time between linux and windows time.hardwareClockInLocalTime = true; @@ -3205,6 +4498,8 @@ Mostly used to install some compilers and lps's that I want to have available wh # latex texlab ghostscript_headless + # wireguard + wireguard-tools # rust rust-analyzer clippy @@ -3358,11 +4653,14 @@ Also, I define some useful shell scripts here. losslessaudiochecker ffmpeg_5-full flac + mediainfo + picard + audacity + sox # b2 backup @backblaze restic - # "big" programs filebot gimp @@ -3374,8 +4672,12 @@ Also, I define some useful shell scripts here. spotify discord nextcloud-client - spotify-tui - schildichat-desktop + spotify-player + element-desktop-wayland + nicotine-plus + transmission + mktorrent + hexchat # kyria qmk @@ -3387,12 +4689,12 @@ Also, I define some useful shell scripts here. libudev-zero dwarfs fuse-overlayfs - steam - steam-run + # steam + # steam-run patchelf gamescope vulkan-tools - openssl + moonlight-qt # firefox related tridactyl-native @@ -3414,6 +4716,8 @@ Also, I define some useful shell scripts here. speechd networkmanagerapplet psmisc # kill etc + lm_sensors + # syncthingtray # jq # used for searching the i3 tree in check.sh files # specifically needed for anki @@ -3450,7 +4754,7 @@ Also, I define some useful shell scripts here. # gnome.gnome-clocks # wlogout # jdiskreport - syncthingtray + # syncthingtray # monitor #keychain @@ -3522,6 +4826,8 @@ Also, I define some useful shell scripts here. cp ~/.dotfiles/templates/py_flake.nix ./flake.nix elif [ "$1" == "cuda" ]; then cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix + elif [ "$1" == "other" ]; then + cp ~/.dotfiles/templates/other_flake.nix ./flake.nix elif [ "$1" == "latex" ]; then if [ "$2" == "" ]; then echo "No filename specified, usage: 'project latex '" @@ -3586,8 +4892,6 @@ I use sops-nix to handle secrets that I want to have available on my machines at - cp ~/.ssh/sops.pub ~/.dotfiles/secrets/keys/NAME.pub - update entry for sops.age.sshKeyPaths -*Changes are only visible after reboot.* - #+begin_src nix :tangle profiles/common/home.nix sops.defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; @@ -3810,23 +5114,23 @@ TODO: Non-NixOS machines (=sp3) should not use these by default, but instead the categories = [ "Application"]; }; - schlidichat = { - name = "SchildiChat Matrix Client"; - genericName = "SchildiChat"; - exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application"]; - }; + # schlidichat = { + # name = "SchildiChat Matrix Client"; + # genericName = "SchildiChat"; + # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + # terminal = false; + # categories = [ "Application"]; + # }; # currently unused but kept for possible future use-case # not needed as long as schildichat is working properly - # element = { - # name = "Element Matrix Client"; - # genericName = "Element"; - # exec = "element-desktop"; - # terminal = false; - # categories = [ "Application"]; - # }; + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop"; + terminal = false; + categories = [ "Application"]; + }; }; @@ -4762,22 +6066,22 @@ Again I am just using the first bar option here that I was able to find good und # the rest of the information is also found in the manifest.json, but might not be # needed - (let version = "3.5.4.0"; - in buildFirefoxXpiAddon { - pname = "bypass-paywalls-clean"; - inherit version; - addonId = "magnolia@12.34"; - url = - "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.5.4.0.xpi"; - sha256 = "ab81f711c30c4f7a010d69bd964bdfaf0179802c0b27d0a88c73c0aa6b044803"; - meta = with lib; { - homepage = - "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean"; - description = "Bypass Paywalls of (custom) news sites"; - license = licenses.mit; - platforms = platforms.all; - }; - }) + # (let version = "3.4.5.0"; + # in buildFirefoxXpiAddon { + # pname = "bypass-paywalls-clean"; + # inherit version; + # addonId = "magnolia@12.34"; + # url = + # "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.4.5.0.xpi"; + # sha256 = "703d30c15b88291bd0305cc59013693aea5f75a40ea98fb8e252d1c7bfb43514"; + # meta = with lib; { + # homepage = + # "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean"; + # description = "Bypass Paywalls of (custom) news sites"; + # license = licenses.mit; + # platforms = platforms.all; + # }; + # }) (buildFirefoxXpiAddon { @@ -4885,6 +6189,9 @@ Services that can be defined through home-manager should be defined here. services.syncthing = { enable = true; + tray = { + enable = false; + }; }; # this enables the emacs server @@ -5026,7 +6333,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded defaultWorkspace = "workspace 1:一"; startup = [ { command = "kitty -T kittyterm";} - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spt";} + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} ]; window = { border = 1; @@ -5063,8 +6370,7 @@ I am currently using SwayFX, which adds some nice effects to sway, like rounded {app_id = "pavucontrol";} {app_id = "syncthingtray";} {app_id = "SchildiChat";} - {class = "Element";} - {title = "Element";} + {app_id = "Element";} {app_id = "com.nextcloud.desktopclient.nextcloud";} {app_id = "gnome-system-monitor";} {title = "(?:Open|Save) (?:File|Folder|As)";} diff --git a/flake.lock b/flake.lock index c2d3241..85a301b 100644 --- a/flake.lock +++ b/flake.lock @@ -226,6 +226,24 @@ "type": "github" } }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1709336216, + "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -425,6 +443,25 @@ "type": "github" } }, + "nix-gaming": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1710033370, + "narHash": "sha256-f44y3CIkskEbs6rnMU+QQfLvqPkM3JuVaiKrtnX/we8=", + "owner": "fufexan", + "repo": "nix-gaming", + "rev": "7ad732aefc2c5187d63d1d171294f03fae9d4445", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "nix-gaming", + "type": "github" + } + }, "nix-on-droid": { "inputs": { "home-manager": "home-manager_2", @@ -453,7 +490,7 @@ "nixgl": { "inputs": { "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1685908677, @@ -505,6 +542,22 @@ "type": "github" } }, + "nixos-hardware": { + "locked": { + "lastModified": 1709410583, + "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1699354722, @@ -537,6 +590,24 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-mautrix-signal": { "locked": { "lastModified": 1703864075, @@ -602,6 +673,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1709968316, + "narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0e7f98a5f30166cbed344569426850b21e4091d4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1660551188, "narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=", @@ -616,7 +703,7 @@ "type": "github" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1701718080, "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=", @@ -632,7 +719,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1702029940, "narHash": "sha256-qM3Du0perpLesh5hr87mVPZ79McMUKIWUH7EQMh2kWo=", @@ -648,7 +735,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1700856099, "narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=", @@ -784,10 +871,12 @@ "emacs-overlay": "emacs-overlay", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "nix-gaming": "nix-gaming", "nix-on-droid": "nix-on-droid", "nixgl": "nixgl", "nixos-generators": "nixos-generators", - "nixpkgs": "nixpkgs_3", + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_4", "nixpkgs-mautrix-signal": "nixpkgs-mautrix-signal", "nur": "nur", "pia": "pia", @@ -822,7 +911,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable_3" }, "locked": { @@ -851,7 +940,7 @@ "base16-vim": "base16-vim", "flake-compat": "flake-compat_2", "home-manager": "home-manager_3", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1701532764, diff --git a/flake.nix b/flake.nix index 9f60c21..3be2a8f 100644 --- a/flake.nix +++ b/flake.nix @@ -58,6 +58,15 @@ url = github:niklaskorz/nixpkgs/nixos-23.11-mautrix-signal; }; + # patches for gaming on nix + nix-gaming = { + url = github:fufexan/nix-gaming; + }; + + # hardware quirks on nix + nixos-hardware = { + url = github:NixOS/nixos-hardware/master; + }; }; @@ -76,6 +85,8 @@ lanzaboote, pia, nixpkgs-mautrix-signal, + nix-gaming, + nixos-hardware, ... }: let @@ -139,6 +150,15 @@ ]; }; + sandbox = nixpkgs.lib.nixosSystem { + pkgs = pkgsmautrix; + specialArgs.unstable = nixpkgs-mautrix-signal; + modules = [ + sops-nix.nixosModules.sops + ./profiles/sandbox/nixos.nix + ]; + }; + twoson = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs pkgs; }; modules = nixModules ++ [ @@ -169,6 +189,7 @@ fourside = nixpkgs.lib.nixosSystem { specialArgs = {inherit inputs pkgs; }; modules = nixModules ++ [ + nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2 ./profiles/fourside/nixos.nix home-manager.nixosModules.home-manager { @@ -271,11 +292,15 @@ }; #ovm swarsel - backup = nixpkgs.lib.nixosSystem { - specialArgs = {inherit inputs pkgs; }; + swatrix = nixpkgs.lib.nixosSystem { + # specialArgs = {inherit pkgsmautrix; }; + pkgs = pkgsmautrix; + # this is to import a service module that is not on nixpkgs + # this way avoids infinite recursion errors + specialArgs.unstable = nixpkgs-mautrix-signal; modules = [ sops-nix.nixosModules.sops - ./profiles/remote/oracle/backup/nixos.nix + ./profiles/remote/oracle/matrix/nixos.nix ]; }; }; diff --git a/profiles/TEMPLATE/home.nix b/profiles/TEMPLATE/home.nix index 95d8deb..8b0f895 100644 --- a/profiles/TEMPLATE/home.nix +++ b/profiles/TEMPLATE/home.nix @@ -13,7 +13,7 @@ homeDirectory = "/home/TEMPLATE"; stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing. keyboard.layout = "us"; # TEMPLATE - packages = with pkgs; [ + home.packages = with pkgs; [ # --------------------------------------------------------------- # if schildichat works on this machine, use it, otherwise go for element # element-desktop @@ -120,12 +120,13 @@ startup = [ { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } ]; }; diff --git a/profiles/TEMPLATE/nixos.nix b/profiles/TEMPLATE/nixos.nix index 6ca659b..c9c02fd 100644 --- a/profiles/TEMPLATE/nixos.nix +++ b/profiles/TEMPLATE/nixos.nix @@ -15,18 +15,9 @@ }; # Bootloader - # use this for single partition boot - boot = { - loader.systemd-boot.enable = true; - loader.efi.canTouchEfiVariables = true; - }; - - # ------------------------------------- - # alternate setup using grub - # boot.loader.grub.enable = true; - # boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work - # boot.loader.grub.useOSProber = true; - # ------------------------------------- + boot.loader.grub.enable = true; + boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work + boot.loader.grub.useOSProber = true; # -------------------------------------- # you might need a configuration like this instead: diff --git a/profiles/common/home.nix b/profiles/common/home.nix index 1dbe1eb..2718a34 100644 --- a/profiles/common/home.nix +++ b/profiles/common/home.nix @@ -8,11 +8,14 @@ losslessaudiochecker ffmpeg_5-full flac + mediainfo + picard + audacity + sox # b2 backup @backblaze restic - # "big" programs filebot gimp @@ -24,8 +27,12 @@ spotify discord nextcloud-client - spotify-tui - schildichat-desktop + spotify-player + element-desktop-wayland + nicotine-plus + transmission + mktorrent + hexchat # kyria qmk @@ -37,12 +44,12 @@ libudev-zero dwarfs fuse-overlayfs - steam - steam-run + # steam + # steam-run patchelf gamescope vulkan-tools - openssl + moonlight-qt # firefox related tridactyl-native @@ -64,6 +71,8 @@ speechd networkmanagerapplet psmisc # kill etc + lm_sensors + # syncthingtray # jq # used for searching the i3 tree in check.sh files # specifically needed for anki @@ -100,7 +109,7 @@ # gnome.gnome-clocks # wlogout # jdiskreport - syncthingtray + # syncthingtray # monitor #keychain @@ -172,6 +181,8 @@ cp ~/.dotfiles/templates/py_flake.nix ./flake.nix elif [ "$1" == "cuda" ]; then cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix + elif [ "$1" == "other" ]; then + cp ~/.dotfiles/templates/other_flake.nix ./flake.nix elif [ "$1" == "latex" ]; then if [ "$2" == "" ]; then echo "No filename specified, usage: 'project latex '" @@ -419,23 +430,23 @@ xdg.desktopEntries = { categories = [ "Application"]; }; - schlidichat = { - name = "SchildiChat Matrix Client"; - genericName = "SchildiChat"; - exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; - terminal = false; - categories = [ "Application"]; - }; + # schlidichat = { + # name = "SchildiChat Matrix Client"; + # genericName = "SchildiChat"; + # exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds"; + # terminal = false; + # categories = [ "Application"]; + # }; # currently unused but kept for possible future use-case # not needed as long as schildichat is working properly -# element = { -# name = "Element Matrix Client"; -# genericName = "Element"; -# exec = "element-desktop"; -# terminal = false; -# categories = [ "Application"]; -# }; + element = { + name = "Element Matrix Client"; + genericName = "Element"; + exec = "element-desktop"; + terminal = false; + categories = [ "Application"]; + }; }; @@ -1297,22 +1308,22 @@ programs.firefox = { # the rest of the information is also found in the manifest.json, but might not be # needed - (let version = "3.5.4.0"; - in buildFirefoxXpiAddon { - pname = "bypass-paywalls-clean"; - inherit version; - addonId = "magnolia@12.34"; - url = - "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.5.4.0.xpi"; - sha256 = "ab81f711c30c4f7a010d69bd964bdfaf0179802c0b27d0a88c73c0aa6b044803"; - meta = with lib; { - homepage = - "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean"; - description = "Bypass Paywalls of (custom) news sites"; - license = licenses.mit; - platforms = platforms.all; - }; -}) + # (let version = "3.4.5.0"; + # in buildFirefoxXpiAddon { + # pname = "bypass-paywalls-clean"; + # inherit version; + # addonId = "magnolia@12.34"; + # url = + # "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.4.5.0.xpi"; + # sha256 = "703d30c15b88291bd0305cc59013693aea5f75a40ea98fb8e252d1c7bfb43514"; + # meta = with lib; { + # homepage = + # "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean"; + # description = "Bypass Paywalls of (custom) news sites"; + # license = licenses.mit; + # platforms = platforms.all; + # }; + # }) (buildFirefoxXpiAddon { @@ -1404,6 +1415,9 @@ services.kdeconnect = { services.syncthing = { enable = true; + tray = { + enable = false; + }; }; # this enables the emacs server @@ -1529,7 +1543,7 @@ wayland.windowManager.sway = { defaultWorkspace = "workspace 1:一"; startup = [ { command = "kitty -T kittyterm";} - { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spt";} + { command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";} ]; window = { border = 1; @@ -1566,8 +1580,7 @@ wayland.windowManager.sway = { {app_id = "pavucontrol";} {app_id = "syncthingtray";} {app_id = "SchildiChat";} - {class = "Element";} - {title = "Element";} + {app_id = "Element";} {app_id = "com.nextcloud.desktopclient.nextcloud";} {app_id = "gnome-system-monitor";} {title = "(?:Open|Save) (?:File|Folder|As)";} diff --git a/profiles/common/nixos.nix b/profiles/common/nixos.nix index fe61649..2408c48 100644 --- a/profiles/common/nixos.nix +++ b/profiles/common/nixos.nix @@ -25,6 +25,15 @@ # enable flakes - urgent line!! nix.settings.experimental-features = ["nix-command" "flakes"]; environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + # gstreamer plugins for nautilus (used for file metadata) + environment.sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ + gst-plugins-good + gst-plugins-bad + gst-plugins-ugly + gst-libav + ]); + # correct time between linux and windows time.hardwareClockInLocalTime = true; @@ -111,6 +120,8 @@ environment.systemPackages = with pkgs; [ # latex texlab ghostscript_headless + # wireguard + wireguard-tools # rust rust-analyzer clippy diff --git a/profiles/fourside/home.nix b/profiles/fourside/home.nix index 16d1eb0..8cb58ed 100644 --- a/profiles/fourside/home.nix +++ b/profiles/fourside/home.nix @@ -21,7 +21,8 @@ # waybar config - TEMPLATE - update for cores and temp programs.waybar.settings.mainBar = { cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}"; - temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input"; + # temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input"; + temperature.hwmon-path = "/sys/class/hwmon/hwmon4/temp1_input"; }; @@ -54,7 +55,6 @@ "1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE xkb_layout = "us"; xkb_options = "grp:win_space_toggle"; - # # xkb_options = "ctrl:nocaps,grp:win_space_toggle"; xkb_variant = "altgr-intl"; }; "type:touchpad" = { @@ -67,8 +67,8 @@ }; output = { - eDP-1 = { - mode = "1920x1080"; # TEMPLATE + DP-1 = { + mode = "2560x1440"; # TEMPLATE scale = "1"; bg = "~/.dotfiles/wallpaper/lenovowp.png fill"; }; @@ -77,10 +77,11 @@ keybindings = let modifier = config.wayland.windowManager.sway.config.modifier; in { - "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; + "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; "XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessDown"= "exec brightnessctl set 5%-"; "XF86Display" = "exec wl-mirror eDP-1"; + # these are left open to use # "XF86WLAN" = "exec wl-mirror eDP-1"; # "XF86Messenger" = "exec wl-mirror eDP-1"; # "XF86Go" = "exec wl-mirror eDP-1"; @@ -94,12 +95,13 @@ startup = [ { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } ]; }; diff --git a/profiles/fourside/nixos.nix b/profiles/fourside/nixos.nix index a7103c1..e38e8fd 100644 --- a/profiles/fourside/nixos.nix +++ b/profiles/fourside/nixos.nix @@ -2,12 +2,22 @@ { - + # + # imports = + # [ + # ./hardware-configuration.nix + # ]; + # imports = [ + inputs.nix-gaming.nixosModules.steamCompat ./hardware-configuration.nix ]; - + + nix.settings = { + substituters = ["https://nix-gaming.cachix.org"]; + trusted-public-keys = ["nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="]; + }; services = { getty.autologinUser = "swarsel"; @@ -17,11 +27,38 @@ boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; + kernelPackages = pkgs.linuxPackages_latest; }; - networking.hostName = "fourside"; # Define your hostname. + networking = { + hostName = "fourside"; # Define your hostname. + nftables.enable = true; + enableIPv6 = false; + firewall.checkReversePath = false; + firewall = { + enable = true; + allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard + allowedTCPPortRanges = [ + {from = 27015; to = 27030;} # barotrauma + {from = 27036; to = 27037;} # barotrauma + ]; + allowedUDPPortRanges = [ + {from = 27000; to = 27031;} # barotrauma + ]; + }; + }; + + virtualisation.virtualbox = { + host = { + enable = true; + enableExtensionPack = true; + }; + guest = { + enable = true; + x11 = true; + }; + }; - networking.firewall.enable = false; stylix.image = ../../wallpaper/lenovowp.png; @@ -74,54 +111,55 @@ hardware = { - opengl = { - enable = true; - driSupport = true; - driSupport32Bit = true; - extraPackages = with pkgs; [ - vulkan-loader - vulkan-validation-layers - vulkan-extension-layer - ]; + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + vulkan-loader + vulkan-validation-layers + vulkan-extension-layer + ]; + }; + bluetooth.enable = true; }; - bluetooth.enable = true; + + programs.steam = { + enable = true; + extraCompatPackages = [ + inputs.nix-gaming.packages.${pkgs.system}.proton-ge + ]; }; - # Configure keymap in X11 (only used for login) + # Configure keymap in X11 (only used for login) services.xserver = { layout = "us"; xkbVariant = "altgr-intl"; }; + services.thinkfan = { + enable = false; + }; + services.power-profiles-daemon.enable = true; + users.users.swarsel = { isNormalUser = true; description = "Leon S"; - extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ]; + extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" ]; packages = with pkgs; []; }; environment.systemPackages = with pkgs; [ - temurin-bin-17 - - (prismlauncher.override { - glfw = (let - mcWaylandPatchRepo = fetchFromGitHub { - owner = "Admicos"; - repo = "minecraft-wayland"; - rev = "370ce5b95e3ae9bc4618fb45113bc641fbb13867"; - sha256 = - "sha256-RPRg6Gd7N8yyb305V607NTC1kUzvyKiWsh6QlfHW+JE="; - }; - mcWaylandPatches = map (name: "${mcWaylandPatchRepo}/${name}") - (lib.naturalSort (builtins.attrNames (lib.filterAttrs - (name: type: - type == "regular" && lib.hasSuffix ".patch" name) - (builtins.readDir mcWaylandPatchRepo)))); - in glfw-wayland.overrideAttrs (previousAttrs: { - patches = previousAttrs.patches ++ mcWaylandPatches; - }));}) + # gog games installing + heroic + # minecraft + temurin-bin-17 + (prismlauncher.override { + glfw = pkgs.glfw-wayland-minecraft; + }) ]; system.stateVersion = "23.05"; + } diff --git a/profiles/onett/home.nix b/profiles/onett/home.nix index 11c7b76..6251553 100644 --- a/profiles/onett/home.nix +++ b/profiles/onett/home.nix @@ -109,12 +109,13 @@ startup = [ { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } ]; }; diff --git a/profiles/remote/oracle/matrix/hardware-configuration.nix b/profiles/remote/oracle/matrix/hardware-configuration.nix new file mode 100644 index 0000000..9098a32 --- /dev/null +++ b/profiles/remote/oracle/matrix/hardware-configuration.nix @@ -0,0 +1,14 @@ +{ modulesPath, ... }: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; + boot.loader.grub = { + efiSupport = true; + efiInstallAsRemovable = true; + device = "nodev"; + }; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/A1B2-7E6F"; fsType = "vfat"; }; + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.kernelModules = [ "nvme" ]; + fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; + +} diff --git a/profiles/remote/oracle/matrix/nixos.nix b/profiles/remote/oracle/matrix/nixos.nix new file mode 100644 index 0000000..e4c69c8 --- /dev/null +++ b/profiles/remote/oracle/matrix/nixos.nix @@ -0,0 +1,340 @@ +{ config, pkgs, modulesPath, unstable, sops, ... }: let + matrixDomain = "swatrix.swarsel.win"; +in { + + imports = [ + ./hardware-configuration.nix + (unstable + "/nixos/modules/services/matrix/mautrix-signal.nix") + ]; + + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + matrix-synapse + lottieconverter + ffmpeg + ]; + + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; + sops.defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; + sops.validateSopsFiles = false; + sops.secrets.dnstokenfull = {owner="acme";}; + sops.templates."certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + + documentation = { + enable = false; + }; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://localhost:8008"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + }; + }; + + boot.tmp.cleanOnBoot = true; + zramSwap.enable = false; + networking.hostName = "swatrix"; + networking.enableIPv6 = false; + # networking.domain = "subnet03112148.vcn03112148.oraclevcn.com"; + networking.domain = "swarsel.win"; + networking.firewall.extraCommands = '' + iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT + iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT + ''; + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../../../secrets/keys/authorized_keys + ]; + + system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change + + environment.shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + + boot.loader.grub.device = "nodev"; + + sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + sops.templates."matrix_user_register.sh".content = '' + register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + ''; + sops.templates.matrixshared.owner = "matrix-synapse"; + sops.templates.matrixshared.content = '' + registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + ''; + sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + sops.templates.mautrixtelegram.owner = "matrix-synapse"; + sops.templates.mautrixtelegram.content = '' + MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + ''; + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + + services.matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = true; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + services.mautrix-telegram = { + enable = true; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; + }; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; + }; + systemd.services.mautrix-telegram.path = with pkgs; [ + lottieconverter # for animated stickers conversion, unfree package + ffmpeg # if converting animated stickers to webm (very slow!) + ]; + + services.mautrix-whatsapp = { + enable = true; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; + }; + }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + services.mautrix-signal = { + enable = true; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + + address= "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + # restart the bridges daily. this is done for the signal bridge mainly which stops carrying + # messages out after a while. + + systemd.timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; + }; + }; + + systemd.services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + +} diff --git a/profiles/sandbox/hardware-configuration.nix b/profiles/sandbox/hardware-configuration.nix new file mode 100644 index 0000000..037bd7f --- /dev/null +++ b/profiles/sandbox/hardware-configuration.nix @@ -0,0 +1,33 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp7s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp8s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/profiles/sandbox/nixos.nix b/profiles/sandbox/nixos.nix new file mode 100644 index 0000000..f9cbe3d --- /dev/null +++ b/profiles/sandbox/nixos.nix @@ -0,0 +1,867 @@ +{ config, pkgs, modulesPath, unstable, sops, ... }: let + matrixDomain = "swatrix.swarsel.win"; + in { + + imports = [ + ./hardware-configuration.nix + # we import here a service that is not available yet on normal nixpkgs + # this module is hence not in the modules list, we add it ourselves + (unstable + "/nixos/modules/services/matrix/mautrix-signal.nix") + ]; + + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; + + users.users.swarsel = { + isNormalUser = true; + description = "Leon S"; + extraGroups = [ "networkmanager" "wheel" "lp"]; + packages = with pkgs; []; + }; + + # actual config starts here + + fileSystems."/mnt/Eternor" = { + device = "//192.168.1.3/Eternor"; + fsType = "cifs"; + options = let + # this line prevents hanging on network split + automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; + in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"]; + }; + + environment.systemPackages = with pkgs; [ + git + gnupg + ssh-to-age + lego + nginx + calibre + openvpn + jq + iptables + busybox + wireguard-tools + matrix-synapse + lottieconverter + ffmpeg + pciutils + alsa-utils + mpv + zfs + ]; + + services.xserver = { + layout = "us"; + xkbVariant = "altgr-intl"; + }; + + nix.settings.experimental-features = ["nix-command" "flakes"]; + + services.openssh = { + enable = true; + settings.PermitRootLogin = "yes"; + listenAddresses = [{ + port = 22; + addr = "0.0.0.0"; + }]; + }; + users.users.root.openssh.authorizedKeys.keyFiles = [ + ../../secrets/keys/authorized_keys + ]; + + system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change + + environment.shellAliases = { + nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; + }; + +boot.supportedFilesystems = [ "zfs" ]; +boot.zfs.forceImportRoot = false; +networking.hostId = "8a8ad84a"; + + networking.hostName = "sandbox"; # Define your hostname. + networking.enableIPv6 = true; + networking.firewall.enable = false; + + documentation = { + enable = false; + }; + + sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; + sops.defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml"; + sops.validateSopsFiles = false; + sops.secrets.dnstokenfull = {owner="acme";}; + sops.templates."certs.secret".content = '' + CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} + ''; + + security.acme = { + acceptTerms = true; + preliminarySelfsigned = false; + defaults.email = "mrswarsel@gmail.com"; + defaults.dnsProvider = "cloudflare"; + defaults.environmentFile = "${config.sops.templates."certs.secret".path}"; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + virtualHosts = { + + "stash.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "https://192.168.1.5"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + # "/push/" = { + # proxyPass = "http://192.168.2.5:7867"; + # }; + "/.well-known/carddav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + "/.well-known/caldav" = { + return = "301 $scheme://$host/remote.php/dav"; + }; + }; + }; + + "swatrix.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "~ ^(/_matrix|/_synapse/client)" = { + proxyPass = "http://127.0.0.1:8008"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + + "sound.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:4040"; + proxyWebsockets = true; + extraConfig = '' + proxy_redirect http:// https://; + proxy_read_timeout 600s; + proxy_send_timeout 600s; + proxy_buffering off; + proxy_request_buffering off; + client_max_body_size 0; + ''; + }; + }; + }; + + "scan.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:28981"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "screen.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8096"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + "scroll.swarsel.win" = { + enableACME = true; + forceSSL = true; + acmeRoot = null; + locations = { + "/" = { + proxyPass = "http://127.0.0.1:8080"; + extraConfig = '' + client_max_body_size 0; + ''; + }; + }; + }; + + + }; + }; + + + sops.secrets.kavita = { owner = "kavita";}; + + services.kavita = { + enable = true; + user = "kavita"; + port = 8080; + tokenKeyFile = config.sops.secrets.kavita.path; + }; + + users.users.jellyfin = { + extraGroups = [ "video" "render" ]; + }; + + # nixpkgs.config.packageOverrides = pkgs: { + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + # }; + + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; + + services.jellyfin = { + enable = true; + user = "jellyfin"; + # openFirewall = true; # this works only for the default ports + }; + + users.groups.vpn = {}; + + users.users.vpn = { + isNormalUser = true; + group = "vpn"; + home = "/home/vpn"; + }; + + boot.kernelModules = [ "tun" ]; + + services.radarr = { + enable = true; + }; + + services.readarr = { + enable = true; + }; + services.sonarr = { + enable = true; + }; + services.lidarr = { + enable = true; + }; + services.prowlarr = { + enable = true; + }; + + networking.firewall.extraCommands = '' + sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP + ''; + networking.iproute2 = { + enable = true; + rttablesExtraConfig = '' + 200 vpn + ''; + }; + boot.kernel.sysctl = { + "net.ipv4.conf.all.rp_filter" = 2; + "net.ipv4.conf.default.rp_filter" = 2; + "net.ipv4.conf.enp7s0.rp_filter" = 2; + }; + environment.etc = { + "openvpn/iptables.sh" = + { source = ../../scripts/server1/iptables.sh; + mode = "0755"; + }; + "openvpn/update-resolv-conf" = + { source = ../../scripts/server1/update-resolv-conf; + mode = "0755"; + }; + "openvpn/routing.sh" = + { source = ../../scripts/server1/routing.sh; + mode = "0755"; + }; + "openvpn/ca.rsa.2048.crt" = + { source = ../../secrets/certs/ca.rsa.2048.crt; + mode = "0644"; + }; + "openvpn/crl.rsa.2048.pem" = + { source = ../../secrets/certs/crl.rsa.2048.pem; + mode = "0644"; + }; + }; + + sops.secrets.vpnuser = {}; + sops.secrets.rpcuser = {owner="vpn";}; + sops.secrets.vpnpass = {}; + sops.secrets.rpcpass = {owner="vpn";}; + sops.secrets.vpnprot = {}; + sops.secrets.vpnloc = {}; + # sops.secrets.crlpem = {}; + # sops.secrets.capem = {}; + sops.templates."transmission-rpc".owner = "vpn"; + sops.templates."transmission-rpc".content = builtins.toJSON { + rpc-username = config.sops.placeholder.rpcuser; + rpc-password = config.sops.placeholder.rpcpass; + }; + + sops.templates.pia.content = '' + ${config.sops.placeholder.vpnuser} + ${config.sops.placeholder.vpnpass} + ''; + + sops.templates.vpn.content = '' + client + dev tun + proto ${config.sops.placeholder.vpnprot} + remote ${config.sops.placeholder.vpnloc} + resolv-retry infinite + nobind + persist-key + persist-tun + cipher aes-128-cbc + auth sha1 + tls-client + remote-cert-tls server + + auth-user-pass ${config.sops.templates.pia.path} + compress + verb 1 + reneg-sec 0 + + crl-verify /etc/openvpn/crl.rsa.2048.pem + ca /etc/openvpn/ca.rsa.2048.crt + + disable-occ + ''; + + services.openvpn.servers = { + pia = { + autoStart = true; + updateResolvConf = false; + config = "config ${config.sops.templates.vpn.path}"; + }; + }; + + services.transmission = { + enable = true; + credentialsFile = config.sops.templates."transmission-rpc".path; + user = "vpn"; + settings = { + + alt-speed-down= 8000; + alt-speed-enabled= false; + alt-speed-time-begin= 0; + alt-speed-time-day= 127; + alt-speed-time-enabled= true; + alt-speed-time-end= 360; + alt-speed-up= 2000; + bind-address-ipv4= "0.0.0.0"; + bind-address-ipv6= "::"; + blocklist-enabled= false; + blocklist-url= "http://www.example.com/blocklist"; + cache-size-mb= 256; + dht-enabled= false; + download-dir= "/test"; + download-limit= 100; + download-limit-enabled= 0; + download-queue-enabled= true; + download-queue-size= 5; + encryption= 2; + idle-seeding-limit= 30; + idle-seeding-limit-enabled= false; + incomplete-dir= "/var/lib/transmission-daemon/Downloads"; + incomplete-dir-enabled= false; + lpd-enabled= false; + max-peers-global= 200; + message-level= 1; + peer-congestion-algorithm= ""; + peer-id-ttl-hours= 6; + peer-limit-global= 100; + peer-limit-per-torrent= 40; + peer-port= 22371; + peer-port-random-high= 65535; + peer-port-random-low= 49152; + peer-port-random-on-start= false; + peer-socket-tos= "default"; + pex-enabled= false; + port-forwarding-enabled= false; + preallocation= 1; + prefetch-enabled= true; + queue-stalled-enabled= true; + queue-stalled-minutes= 30; + ratio-limit= 2; + ratio-limit-enabled= false; + rename-partial-files= true; + rpc-authentication-required= true; + rpc-bind-address= "0.0.0.0"; + rpc-enabled= true; + rpc-host-whitelist= ""; + rpc-host-whitelist-enabled= true; + rpc-port= 9091; + rpc-url= "/transmission/"; + rpc-whitelist= "127.0.0.1,192.168.3.2"; + rpc-whitelist-enabled= true; + scrape-paused-torrents-enabled= true; + script-torrent-done-enabled= false; + seed-queue-enabled= false; + seed-queue-size= 10; + speed-limit-down= 6000; + speed-limit-down-enabled= true; + speed-limit-up= 500; + speed-limit-up-enabled= true; + start-added-torrents= true; + trash-original-torrent-files= false; + umask= 2; + upload-limit= 100; + upload-limit-enabled= 0; + upload-slots-per-torrent= 14; + utp-enabled= false; + }; + }; + + # services.nginx = { + # enable = true; + # virtualHosts = { + + # "192.168.1.192" = { + # locations = { + # "/transmission" = { + # proxyPass = "http://127.0.0.1:9091"; + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header X-Real-IP $remote_addr; + # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # ''; + # }; + # }; + # }; + # }; + # }; + + + # sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; + # sops.templates."matrix_user_register.sh".content = '' + # register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 + # ''; + # sops.templates.matrixshared.owner = "matrix-synapse"; + # sops.templates.matrixshared.content = '' + # registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} + # ''; + # sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; + # sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; + # sops.templates.mautrixtelegram.owner = "matrix-synapse"; + # sops.templates.mautrixtelegram.content = '' + # MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} + # MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} + # MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} + # MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} + # ''; + + + + + # ---------------- + # sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; + # sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; + # sops.templates.mautrixwhatsapp.content = '' + # MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} + # ''; + + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; + CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; + CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; + CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + + services.matrix-synapse = { + settings.app_service_config_files = [ + "/var/lib/matrix-synapse/telegram-registration.yaml" + "/var/lib/matrix-synapse/whatsapp-registration.yaml" + "/var/lib/matrix-synapse/signal-registration.yaml" + "/var/lib/matrix-synapse/doublepuppet.yaml" + ]; + enable = false; + settings.server_name = matrixDomain; + settings.public_baseurl = "https://${matrixDomain}"; + extraConfigFiles = [ + config.sops.templates.matrixshared.path + ]; + settings.listeners = [ + { port = 8008; + bind_addresses = [ "0.0.0.0" ]; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = [ "client" "federation" ]; + compress = true; + } + ]; + } + ]; + }; + + services.mautrix-telegram = { + enable = false; + environmentFile = config.sops.templates.mautrixtelegram.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29317"; + hostname = "0.0.0.0"; + port = "29317"; + provisioning.enabled = true; + id = "telegram"; + # ephemeral_events = true; # not needed due to double puppeting + public = { + enabled = false; + }; + database = "postgresql:///mautrix-telegram?host=/run/postgresql"; + }; + bridge = { + # login_shared_secret_map = { + # matrixDomain = "as_token:doublepuppet"; + # }; + relaybot.authless_portals = true; + allow_avatar_remove = true; + allow_contact_info = true; + sync_channel_members = true; + startup_sync = true; + sync_create_limit = 0; + sync_direct_chats = true; + telegram_link_preview = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + # Animated stickers conversion requires additional packages in the + # service's path. + # If this isn't a fresh installation, clearing the bridge's uploaded + # file cache might be necessary (make a database backup first!): + # delete from telegram_file where \ + # mime_type in ('application/gzip', 'application/octet-stream') + animated_sticker = { + target = "gif"; + args = { + width = 256; + height = 256; + fps = 30; # only for webm + background = "020202"; # only for gif, transparency not supported + }; + }; + }; + }; + }; + # systemd.services.mautrix-telegram.path = with pkgs; [ + # lottieconverter # for animated stickers conversion, unfree package + # ffmpeg # if converting animated stickers to webm (very slow!) + # ]; + + services.mautrix-whatsapp = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + address= "http://localhost:29318"; + hostname = "0.0.0.0"; + port = 29318; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .FullName .PushName .JID}} (WA)"; + history_sync = { + backfill = true; + max_initial_conversations = -1; + message_count = -1; + request_full_sync = true; + full_sync_config = { + days_limit = 900; + size_mb_limit = 5000; + storage_quota_mb = 5000; + }; + }; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + sync_manual_marked_unread = true; + send_presence_on_typing = true; + parallel_member_sync = true; + url_previews = true; + caption_in_message = true; + extev_polls = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + services.mautrix-signal = { + enable = false; + # environmentFile = config.sops.templates.mautrixwhatsapp.path; + settings = { + homeserver = { + address = "http://localhost:8008"; + domain = matrixDomain; + }; + appservice = { + + address= "http://localhost:29328"; + hostname = "0.0.0.0"; + port = 29328; + database = { + type = "postgres"; + uri = "postgresql:///mautrix-signal?host=/run/postgresql"; + }; + }; + bridge = { + displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)"; + login_shared_secret_map = { + matrixDomain = "as_token:doublepuppet"; + }; + caption_in_message = true; + permissions = { + "*" = "relaybot"; + "@swarsel:${matrixDomain}" = "admin"; + }; + }; + }; + }; + + # restart the bridges daily. this is done for the signal bridge mainly which stops carrying + # messages out after a while. + + systemd.timers."restart-bridges" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "1d"; + OnUnitActiveSec = "1d"; + Unit = "restart-bridges.service"; + }; + }; + + systemd.services."restart-bridges" = { + script = '' + systemctl restart mautrix-whatsapp.service + systemctl restart mautrix-signal.service + systemctl restart mautrix-telegram.service + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + + + users.groups.navidrome = { + gid = 61593; + }; + + users.groups.mpd = {}; + + users.users.navidrome = { + isSystemUser = true; + uid = 61593; + group = "navidrome"; + extraGroups = [ "audio" "utmp" ]; + }; + + users.users.mpd = { + isSystemUser = true; + group = "mpd"; + extraGroups = [ "audio" "utmp" ]; + }; + + sound = { + enable = true; + }; + + hardware.enableAllFirmware = true; + + sops.secrets.mpdpass = { owner = "mpd";}; + + services.navidrome = { + enable = true; + settings = { + Address = "0.0.0.0"; + Port = 4040; + MusicFolder = "/mnt/"; + EnableSharing = true; + EnableTranscodingConfig = true; + Scanner.GroupAlbumReleases = true; + ScanSchedule = "@every 24h"; + # Insert these values locally as sops-nix does not work for them + # LastFM.ApiKey = TEMPLATE; + # LastFM.Secret = TEMPLATE; + # Spotify.ID = TEMPLATE; + # Spotify.Secret = TEMPLATE; + UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png"; + UIWelcomeMessage = "~SwarselSound~"; + }; + }; + services.mpd = { + enable = true; + musicDirectory = "/mnt/Eternor/Musik"; + user = "mpd"; + group = "mpd"; + network = { + port = 3254; + listenAddress = "any"; + }; + credentials = [ + { + passwordFile = config.sops.secrets.mpdpass.path; + permissions = [ + "read" + "add" + "control" + "admin" + ]; + } + ]; + }; + + + users.groups.spotifyd = { + gid = 65136; + }; + + users.users.spotifyd = { + isSystemUser = true; + uid = 65136; + group = "spotifyd"; + extraGroups = [ "audio" "utmp" ]; + }; + + services.spotifyd = { + enable = true; + settings = { + global = { + dbus_type = "session"; + use_mpris = false; + device = "default:CARD=PCH"; + device_name = "SwarselSpot"; + mixer = "alsa"; + zeroconf_port = 1025; + }; + }; + }; + + # Network shares + # add a user with sudo smbpasswd -a + services.samba = { + package = pkgs.samba4Full; + extraConfig = '' + workgroup = WORKGROUP + server role = standalone server + dns proxy = no + + pam password change = yes + map to guest = bad user + create mask = 0664 + force create mode = 0664 + directory mask = 0775 + force directory mode = 0775 + follow symlinks = yes + ''; + + # ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba` + # Required for samba to register mDNS records for auto discovery + # See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268 + enable = true; + # openFirewall = true; + shares.test = { + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + path = "/test2"; + writable = "true"; + comment = "Eternor"; + "valid users" = "@smbtest2"; + }; + }; + + + services.avahi = { + publish.enable = true; + publish.userServices = true; + # ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile` + nssmdns = true; + # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it + enable = true; + }; + + services.samba-wsdd = { + # This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued + enable = true; + }; + + + + + + + + + + + } diff --git a/profiles/server1/nginx/nixos.nix b/profiles/server1/nginx/nixos.nix index 2da5ead..08667e9 100644 --- a/profiles/server1/nginx/nixos.nix +++ b/profiles/server1/nginx/nixos.nix @@ -101,6 +101,7 @@ }; }; + "sound.swarsel.win" = { enableACME = true; forceSSL = true; @@ -194,4 +195,8 @@ }; }; + + + + } diff --git a/profiles/stand/home.nix b/profiles/stand/home.nix index 908c590..d442d60 100644 --- a/profiles/stand/home.nix +++ b/profiles/stand/home.nix @@ -76,12 +76,13 @@ startup = [ { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } ]; }; diff --git a/profiles/threed/home.nix b/profiles/threed/home.nix index b49d5a2..e00f51f 100644 --- a/profiles/threed/home.nix +++ b/profiles/threed/home.nix @@ -83,12 +83,13 @@ startup = [ { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } ]; diff --git a/profiles/twoson/home.nix b/profiles/twoson/home.nix index 61891c0..63733e5 100644 --- a/profiles/twoson/home.nix +++ b/profiles/twoson/home.nix @@ -115,12 +115,13 @@ startup = [ { command = "nextcloud --background";} - { command = "spotify";} + # { command = "spotify";} { command = "discord --start-minimized";} - { command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";} + { command = "element-desktop --hidden";} { command = "ANKI_WAYLAND=1 anki";} { command = "OBSIDIAN_USE_WAYLAND=1 obsidian";} { command = "nm-applet";} + # { command = "sleep 60 && syncthingtray --wait"; } ]; }; diff --git a/programs/emacs/custom.el b/programs/emacs/custom.el index 93650b4..fa10b22 100644 --- a/programs/emacs/custom.el +++ b/programs/emacs/custom.el @@ -8,7 +8,6 @@ "badd1a5e20bd0c29f4fe863f3b480992c65ef1fa63951f59aa5d6b129a3f9c4c" "2e05569868dc11a52b08926b4c1a27da77580daa9321773d92822f7a639956ce" default)) - '(org-agenda-files nil) '(send-mail-function 'sendmail-send-it)) ;; (custom-set-faces ;; ;; custom-set-faces was added by Custom. diff --git a/programs/emacs/init.el b/programs/emacs/init.el index a1eebb3..cf1e608 100644 --- a/programs/emacs/init.el +++ b/programs/emacs/init.el @@ -23,7 +23,7 @@ swarsel-anki-org-file "Anki.org" swarsel-tasks-org-file "Tasks.org" swarsel-archive-org-file "Archive.org" - swarsel-org-folder-name "Org" + swarsel-org-folder-name "org" swarsel-obsidian-daily-folder-name "⭐ Personal/Journal" swarsel-obsidian-folder-name "Obsidian" swarsel-obsidian-vault-name "Main") @@ -247,17 +247,10 @@ "mm" '((lambda () (interactive) (mu4e)) :which-key "mu4e") "mg" '((lambda () (interactive) (magit-list-repositories)) :which-key "magit-list-repos") "mc" '((lambda () (interactive) (swarsel/open-calendar)) :which-key "calendar") - "a" '(:ignore a :which-key "agenda") - "at" '((lambda () (interactive) (org-agenda nil "t")) :which-key "agenda tasks") - "aa" '((lambda () (interactive) (org-agenda nil "a")) :which-key "agenda today") - "as" '((lambda () (interactive) (org-agenda nil "s")) :which-key "agenda search") - "an" '((lambda () (interactive) (org-agenda nil "n")) :which-key "agenda all") - "ar" '((lambda () (interactive) (org-agenda-refile)) :which-key "agenda refile") "mp" '(popper-toggle :which-key "popper") "md" '(dirvish :which-key "dirvish") - "c" '(:ignore c :which-key "capture") + ;; "c" '(:ignore c :which-key "capture") ;; "cj" '((lambda () (interactive) (org-capture nil "jj")) :which-key "journal") - "ct" '((lambda () (interactive) (org-capture nil "tt")) :which-key "tasks") ;; "cs" '(markdown-download-screenshot :which-key "screenshot") "l" '(:ignore l :which-key "links") "le" '((lambda () (interactive) (find-file swarsel-emacs-org-filepath)) :which-key "Emacs.org") @@ -613,10 +606,10 @@ (variable-pitch-mode 1) ;;(auto-fill-mode 0) (setq display-line-numbers-type 'relative - display-line-numbers-current-absolute 1 - display-line-numbers-width-start nil - display-line-numbers-width 6 - display-line-numbers-grow-only 1) + display-line-numbers-current-absolute 1 + display-line-numbers-width-start nil + display-line-numbers-width 6 + display-line-numbers-grow-only 1) (add-hook 'org-tab-first-hook 'org-end-of-line) (visual-line-mode 1)) ;; (setq evil-auto-indent nil) @@ -634,7 +627,7 @@ :bind ("C-" . org-fold-outer) :config (setq org-ellipsis " ⤵" - org-hide-emphasis-markers t) + org-hide-emphasis-markers t) (setq org-startup-folded t) (setq org-support-shift-select t) ;; (setq org-agenda-start-with-log-mode t) @@ -644,12 +637,11 @@ (setq org-image-actual-width nil) (setq org-format-latex-options '(:foreground "White" :background default :scale 2.0 :html-foreground "Black" :html-background "Transparent" :html-scale 1.0 :matchers ("begin" "$1" "$" "$$" "\\(" "\\["))) - (setq org-agenda-files - '("/home/swarsel/Nextcloud/Org/Tasks.org" - "/home/swarsel/Nextcloud/Org/Archive.org" - "/home/swarsel/Calendars/leon_cal.org")) + ;; (setq org-agenda-files + ;; '(swarsel-org-tasks-filepath + ;; swarsel-org-archive-filepath ;; swarsel-org-anki-filepath)) - ;; (setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org")) + (setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org")) ;; (require 'org-habit) @@ -657,13 +649,13 @@ ;; (setq org-habit-graph-column 60) ;; (setq org-todo-keywords - ;; '((sequence "TODO(t)" "NEXT(n)" "|" "X1DONE(d!)") + ;; '((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d!)") ;; (sequence "BACKLOG(b)" "PLAN(p)" "READY(r)" "ACTIVE(a)" "REVIEW(v)" "WAIT(w@/!)" "HOLD(h)" "|" "COMPLETED(c)" "CANC(k@)"))) - (setq org-refile-targets - '((swarsel-archive-org-file :maxlevel . 1) + ;; (setq org-refile-targets + ;; '((swarsel-archive-org-file :maxlevel . 1) ;; (swarsel-anki-org-file :maxlevel . 1) - (swarsel-tasks-org-file :maxlevel . 1))) + ;; (swarsel-tasks-org-file :maxlevel . 1))) ;; ;; Configure custom agenda views ;; (setq org-agenda-custom-commands @@ -713,8 +705,8 @@ ;; ((org-agenda-overriding-header "Cancelled Projects") ;; (org-agenda-files org-agenda-files))))))) - (setq org-capture-templates - `( + ;; (setq org-capture-templates + ;; `( ;; ("a" "Anki basic" ;; entry ;; (file+headline swarsel-org-anki-filepath "Dispatch") @@ -724,10 +716,9 @@ ;; entry ;; (file+headline org-swarsel-anki-file "Dispatch") ;; "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: Cloze\n:ANKI_DECK: 🦁 All::01 ❤️ Various::00 ✨ Allgemein\n:END:\n** Text\n%?\n** Extra\n") - - ("t" "Tasks / Projects") - ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox") - "* TODO %?\n %U\n %i" :empty-lines 1) + ;; ("t" "Tasks / Projects") + ;; ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox") + ;; "* TODO %?\n %U\n %a\n %i" :empty-lines 1) ;; ("j" "Journal Entries") ;; ("jj" "Journal" entry @@ -735,8 +726,7 @@ ;; "\n* %<%I:%M %p> - Journal :journal:\n\n%?\n\n" ;; ;; ,(dw/read-file-as-string "~/Notes/Templates/Daily.org") ;; :clock-in :clock-resume - ;; :empty-lines 1) - )) + ;; :empty-lines 1))) ;; (swarsel/org-font-setup) ) diff --git a/scripts/checkelement.sh b/scripts/checkelement.sh new file mode 100644 index 0000000..c52cbde --- /dev/null +++ b/scripts/checkelement.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +STR=$(swaymsg -t get_tree | grep Element) +if [ "$STR" == "" ]; then + exec element-desktop + #exec swaymsg '[app_id=SchildiChat]' move container to scratchpad; scratchpad show +else + exec swaymsg '[app_id=Element]' kill +fi +exit 0 diff --git a/scripts/checkspotifytui.sh b/scripts/checkspotifytui.sh index 880f526..feb7d7d 100755 --- a/scripts/checkspotifytui.sh +++ b/scripts/checkspotifytui.sh @@ -2,7 +2,7 @@ STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep spotifytui) CHECK=$(swaymsg -t get_tree | grep spotifytui) if [ "$CHECK" == "" ]; then - exec kitty -T spotifytui -o confirm_os_window_close=0 spt & sleep 1 + exec kitty -T spotifytui -o confirm_os_window_close=0 spotify_player & sleep 1 fi if [ "$STR" == "" ]; then exec swaymsg '[title="spotifytui"]' scratchpad show diff --git a/scripts/server1/iptables.sh b/scripts/server1/iptables.sh index dbf2e45..4317817 100644 --- a/scripts/server1/iptables.sh +++ b/scripts/server1/iptables.sh @@ -1,8 +1,8 @@ #! /usr/bin/env bash export INTERFACE="tun0" export VPNUSER="vpn" -export LOCALIP="192.168.1.191" -export NETIF="eth0" +export LOCALIP="192.168.1.107" +export NETIF="enp7s0" # flushes all the iptables rules, if you have other rules to use then add them into the script iptables -F -t nat diff --git a/secrets/omatrix/secrets.yaml b/secrets/omatrix/secrets.yaml new file mode 100644 index 0000000..337827a --- /dev/null +++ b/secrets/omatrix/secrets.yaml @@ -0,0 +1,57 @@ +matrixsharedsecret: ENC[AES256_GCM,data:fgHmBP2hprqpUE4TmoBDv+Vd05sJDbAJWDs034Dxnru09aDPwjqPnxCU+nf7Mqmnd5/z441bqG7hPdKM7H3SSQ==,iv:r8wos/EZhjw2Zf2v+OAvKlWensbL4jqU04CPoc05Y04=,tag:epKklBJ2hPdKsMCROmEaMA==,type:str] +mautrixtelegram_as: ENC[AES256_GCM,data:MBS0UzGRIOVZ4Miqrwz0bbezNuqrlU96QyN6T60lOh7KgNUTYR0eB2Im4tcjUvtTVhkM5I4t88jzv/WuUE5oNA==,iv:7GUcJpKkoKsp/wFzFSnPL7S1eU2Bfzy42A3hm4WbWu4=,tag:Z9621h5+K+PQgZNt4RYyhQ==,type:str] +mautrixtelegram_hs: ENC[AES256_GCM,data:p4jJxkD43ivaRQFMSAtzEc/ylYZEuwoEv7tIJZtcF4cJVvqDYDWjAwuu9QXHWuEqEs/djLHjx82KfdqDvpOmxA==,iv:MUTNSyafrWx3rKn5rMStuzZAXueqR9gBCgYUu5DFBy8=,tag:fpVYokTTWK/Snlx+SPWkBQ==,type:str] +mautrixtelegram_api_id: ENC[AES256_GCM,data:CoY2x/2icA==,iv:EHv73YK5H6wAOF6Sssx0hulX+cK9IFb2GOoOTKo5vO8=,tag:wWiioGdAe/F+Y10FdNJpDA==,type:str] +mautrixtelegram_api_hash: ENC[AES256_GCM,data:WS6nrYQ+g1MFsiwHQigEWWFk1Xvv3mS/cs+gCIFc8V4=,iv:6aJ2XqmBedDO4U2/eG/Ne1orUDbyGTC3aFiMOYTWfj4=,tag:fgs22Q8aCb6hOof8qZj6RQ==,type:str] +dnstokenfull: ENC[AES256_GCM,data:XffZv2uZKdIkNTwoO3KqSvoJ2R/RJqHYRkLxscXZyErHu3WH5EU3Dg==,iv:+ME40HBH6L/uWwqHbmW1PA3Y4p+dtcCl12UyiLflGX4=,tag:rsUWdOiBOyFCshqa6MUIng==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNlFlUVFhOEJNdWR3OWxl + RWhza2ovR1ZCRXRPYnQ0MDJKak9qZTV2WFVFCjZNSUI0azBSMi9MK2c5dE1xb1Z2 + YzBHMGpCU05VcllQNWJtcFNUcThzMmcKLS0tIFkvcGU3aWROZ21KZ2lRYmZlSTdX + d1JqTGFiNHlBLythc3J4RjJLVDBhYkkKz56uLu8f+SblqcyRhU0Lvjoh50h1BQgj + L/R2VaCLZEz04/AzM08bmjOpcORmvPTSqobeKDrh76vp536SUX01XA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-21T01:56:14Z" + mac: ENC[AES256_GCM,data:Ce27me4iu6pMYYekgT7C1pKYJ+cdd1PQAb4Wyb/w9rrgTJeTrQFBmYC3GRRcpijwMVzlWq8KampuFEAiGFmuLoE+G94nEbKZskKqbV43BWhrdnthoBoPxizwRLhEOOi3rNJW2L26TNMsjDG4kelfhxFbKYetdPV1M73mBywxWr8=,iv:MzuzBom0YikkDCvjsYUR8VuN/JEX4+ygasgUU6AaPtM=,tag:XDmxmmGcNvNhfXqLJAoxxg==,type:str] + pgp: + - created_at: "2024-03-21T01:51:54Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwDh3VI7VctTARAAssl+AF2Y2zr1/zWquYmB4cZolN99Tr1sQjIbHPEDC6ym + DnH5vHx4eGc0svrAL0Vv3TBQ3W8gS5w4EHSumxa0oerfVY1bwk+BN5nOHgg6l7mG + LMA1H7g2QNNEsUTH7IuaOVWofsVWzhxZwZILUEQlsYWLYkl/hz2aOZHiOTLTwz1Y + RtfbRzYTf1jYg7lks2elrlmhd2d+QoxoYxT+tg8oagaVM5VGDRS/9evnrZ/E3fNd + 87BNUxc+SswMwonWfuLtOkPPo+jckVy7yg0zpZn1p9vnYQAyuQy52aRjTzY0vZCq + DwW46Y+fgHnsfI2Ym03pL32Z1lemqqcOKXZc3TJRv/4a+dcR2G4j6sckAg6al1U1 + P0fcnOlYpO+bWoy35l1HD0sHLIn7+PE1JfxzTcvvWrLz/w22/g6RwG8uYg47YXnt + uKxIYmQUGSSDCDddnF8xwuwRzyAVUgYZr71jnwUtiXURW6VorUtA69O+tdq0hLZR + wW6zJ1nY+cJy3DKfnlrrPEOIjFP/OBibftB7CvqYG4xAgKjubAq5MhB5RpRajC3L + aeuUCKEe0dzpBFE/g10KQF9OFUnptN0LfrLcAkMjKqyXmPdbMKhD4Obhv4lJA0Ks + v+SbKtKWohGA6nzt1yrOvzFkiAkmj6pa9DEZgQ6jKumTTBi4mSUptezI4X3VcmaF + AgwDC9FRLmchgYQBD/41T1tegaRsb477ffMtHlKmZguvPIviJQoNKbUvlcXC5+mT + IsJEwhanypP7YpaWNlvep9Qtr8/NplkIF+n2uB0cAaZWK3dZsKe8Erfqik08oj7N + yGYNgm4ykC3y/TTJaX+xcmRrHtGAY6RNT/TaeJ2ip8DxsHIwA8wqFmnVqLXjhmFl + hYV87+mtX2M22Xc/YEPsvocbWiQCyLHLVQsS1VfN6nRFkNi/pc5lyBYxRRKa7Exp + azfRUr/sWkFtwPptUdA5l7Z21nVBBd4GKrdwbbn5u6mgH4GIwqAwFk9U3RWrCAEq + vcEekyabBOFAm1+Lt//FYtL/nuyN5Pq6p87bxnh6H3IrMdmkwERI8O9IYdUBOhNr + cx5vPH0oKxkdznc11xHQHyoojmCuerPzROlNNhL1knI1XalfKCxfZhYk3VvYPnmk + maEsw7zbwmdtKi6F377Di08jhp60846zvXz351rLPolaFAlAxp0BSL/XJEvxTd9N + wPg9tR+aC+6yQIJeXQ5q+pzxM2wSwTcIAcBxYj5eOB1/sehKLraBBMtZU5IyekiP + s7I7hp/gDD3BpFogXf3BU/jtHz8yPv48Z3My4N8YkrHVR8JP55xpBpGuxJ2568bC + R64dhas0pZxJ9rnq/yJmbadmcVZpL7wNlZnNGgyTTJI6jWAJtqhKFi5R2G+3fdJe + AT8Qvl4IZ1IMfR1TMf0w+uWDAQsxJGxNqTlHwgF2YiHZdC7YA8npEDLzFSeYnzls + pJmMnciuK/enCETBuZInYojD0/ZgjayD0ImAfQDbFplagm/mWmHjG70eef9ESw== + =ECO+ + -----END PGP MESSAGE----- + fp: 4BE7925262289B476DBBC17B76FD3810215AE097 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/secrets/sandbox/secrets.yaml b/secrets/sandbox/secrets.yaml new file mode 100644 index 0000000..404aa66 --- /dev/null +++ b/secrets/sandbox/secrets.yaml @@ -0,0 +1,79 @@ +#ENC[AES256_GCM,data:V9WkgLQW8pA=,iv:OrH5gnzRFGgkUhzyEx7vEqssG/dvHsLP8dRICqcTf0Y=,tag:eZ7A1p5XpllPGWoOuFnSvQ==,type:comment] +smbuser: ENC[AES256_GCM,data:aqtzxuhmpkw=,iv:lhAzbw/RT1xi/eG9ATOcMWz/XSb0B5v0ewMmKrOWS2g=,tag:QXK9AQhmgEsFyfwzd8fCDQ==,type:str] +smbpassword: ENC[AES256_GCM,data:Xry5vCtkkWdRYp3dmdwwC+itlbqjVpk=,iv:ovz76df017AhTWk15IMUhtUfjS9qR5e1ABdnew4zHcQ=,tag:kX3GqBmxkZLaVHiV9/thCA==,type:str] +smbdomain: ENC[AES256_GCM,data:RPLxHfZzw+c=,iv:jbRsY5fCIV++G2cQ0UYA9I+VOGaoXDIxTwMJ65LwOIM=,tag:CPvXrPgIonCC4jZ6N2u1Hg==,type:str] +kavita: ENC[AES256_GCM,data:J3PvmPsCgNW4lEKhqhsJm+xK0kUsCbWDu4c5i4/F5F7XstwT3dkMPTLBMtE=,iv:QfBelQezPRGtnZlFa+JZZ3m3mH5wQYhTo4ZiCyNSH68=,tag:QtyG5opwFFxF5w48BIFUOA==,type:str] +#ENC[AES256_GCM,data:7OPyL94wCA==,iv:1kp/uu0fNpIF86OQbCscvD5LL6fL4uVicMe8jODa3QA=,tag:Bc0+i581OWp0yHrhi2bgFA==,type:comment] +matrixsharedsecret: ENC[AES256_GCM,data:nClidnaXhhYg4PoGmJysc8ANuN1NtCSugxeJOXmtTXLACXOrS4WXPD3IZH6bCOEmGmZLEa3ch7HVCYFATIe83A==,iv:fTQ1tn8/xcoDoBFuWmJZENDhkB9t8it0yMXxFRWi3CE=,tag:bMx0Jc5D2+wvF2CKAM/dFQ==,type:str] +mautrixtelegram_as: ENC[AES256_GCM,data:h9TotOCZWWgBt/srj+9UfQdDd5yCKF0XQrOJut53W9WT1EJoJ8dvwwFxWyJMEspAa+eVZ55/CA1v29CMhN+n8Q==,iv:98HI89KcI1DXTIrp5XUMlGGzmViT8twtjKkggpm0kKQ=,tag:eQqixbcX3ABYQpMPDIRpiw==,type:str] +mautrixtelegram_hs: ENC[AES256_GCM,data:nxtcbftC5fpvc5NkJCV7AKrnbLj9/9evp6U3dv9zSXRi7+NVu2EMAZ5NIy/KHDgXxCriDtk2LQcRtJqli9yxfw==,iv:r2LkIwI/bPCrI80loqguaaema4Cj3j58nQ6jGeYPh/I=,tag:eR5DcOIBBtCokgXAEmlmHw==,type:str] +mautrixtelegram_api_id: ENC[AES256_GCM,data:Q9larQ9Rww==,iv:fNx2EnXIvtU/qMidD8ihYvf4mN1yZmyd/7wuDHeLa6I=,tag:B2ptuep8VWlUnhlO5W8M8g==,type:str] +mautrixtelegram_api_hash: ENC[AES256_GCM,data:D3LxcOFRbXY/SIyLeXtZdG6i4URQbUQBtuyqMbxU6kg=,iv:SuP2X/ih2ItPWOjEzc6sXYw+5ZqBSwq/V14pr5I0sFw=,tag:Wf64lPhEla/TOxZN71siKQ==,type:str] +#ENC[AES256_GCM,data:BKjxDiVEY/s8qQ==,iv:1uHR0cQWtHKMjrksv3Ca8a0WXGjEYyL8i49p7byowgI=,tag:cPfvdUZEc3Knl/96a95YcQ==,type:comment] +admin: ENC[AES256_GCM,data:Vf0ifIVw2Gb7D82hV5NshMBc16iPGhAI6w==,iv:FCErCWQy0o05Lca99wEVD2zsBaeoz07cEE7LN016RPY=,tag:1FmYeCVtrQ7pbRWK0xi9Nw==,type:str] +#ENC[AES256_GCM,data:UZTYttb0,iv:UCl9NqBBmbx2Xc9Mp6F0eYdou5j3ilURktebyzt+8oI=,tag:FskxbRkglVV5skDkkPpYbQ==,type:comment] +mpdpass: ENC[AES256_GCM,data:p02pZ3UcdNzOAUSmEv7Wev2v1S9YHGjsKg==,iv:RbHweYXoZxzXnqyuQ1KdDzIa6DQ51pJFMDBU1FtV8hY=,tag:ELYrwJIQ9Fb1umRFWQFLYw==,type:str] +#ENC[AES256_GCM,data:i1BGUWvgc+AA,iv:Aup4uePzlxOwezUEtyTph4DzwdiwDc8Hwq32XTxUUSc=,tag:1uQECSYDywmdILQkfGa2PA==,type:comment] +username: ENC[AES256_GCM,data:p6wbQE+rhS1PraUmmpGto6elI9/U,iv:F4VzjKR/CN+0T+XpDXng2wxUYPxb87icbIxLfcTk9Rw=,tag:EugOqjCTRh7G0+zqfBdpsA==,type:str] +password: ENC[AES256_GCM,data:NxTgoinhLhp5UeE=,iv:jABO/Ba7Xcu9ET+e1XRsv//E8ocPfysyXhTsBtKn5gM=,tag:IbSXy0ukZTtuAXkNDvXOBg==,type:str] +#ENC[AES256_GCM,data:pld5tGw=,iv:yxLnXS6u7np8EdLyxN3715iTbgFCXZCs/Qv5dp02+w8=,tag:NHWnS5B8r/s7H7XaPwapYQ==,type:comment] +swarsel: ENC[AES256_GCM,data:c2i+AX3bIJQY79w=,iv:lV5KcB8oyDfTbxwd82XXpg07Y2ED8AELEe2T5VsoWmw=,tag:Q2z96v9LDfaOE9JjMK6sVA==,type:str] +dnstokenfull: ENC[AES256_GCM,data:Iz8eqkp0SH2VVoRBD2SB/Mr4YX2jhMongXJtqpDeByBchUpiB6OCyQ==,iv:RyMexxqMsN91u64ECIYqEeIDLya5g+aBmEHUzhR5bc0=,tag:FjKvXc/beCHDwLGJaLvJbQ==,type:str] +#ENC[AES256_GCM,data:rw9MQnHkYu2GoXGnkQ==,iv:h+u0N22iQxpYBg8gRHWMIZOpHojqEUVlNeisxnMFjxk=,tag:ePExc3oM+7/bYlVjiG9fCQ==,type:comment] +vpnuser: ENC[AES256_GCM,data:fhil3oK+hlI=,iv:b00PdVaC0ocTmf2/pNZIWMqBJqPQHB4ceePntuvUXPE=,tag:y+6YOUAuV2qbya8U2CGSVQ==,type:str] +rpcuser: ENC[AES256_GCM,data:+/IbZRCBwA==,iv:C5fvCOWaoJZBvntAWQpcTkPwgerepkdfoyMnjY510vk=,tag:UM2BEdu6PWX3YaHBbnIPRA==,type:str] +vpnpass: ENC[AES256_GCM,data:VWO6Ke+n0Dgu1Q==,iv:b1f/5d9A270ltSVpsCBNqDv7EKVNnAAi+pLH+8iC9gc=,tag:LQMM7ObT288b4fj4Qx6Acg==,type:str] +rpcpass: ENC[AES256_GCM,data:gH3iP8FkZUcgNeJb1VaQxeKpcdGVbQHv,iv:tc5FJPuqOqq7yNWRfcnQMnmxoqIshqusK10NWzFX5rk=,tag:FGGfzxyAlmd528pdy9zI2Q==,type:str] +vpnprot: ENC[AES256_GCM,data:eL3o,iv:Bn8uWbtBhU0sEqK8hlJNNV7oDVegYIHq9D+ajkfUs0Y=,tag:JQIzjzEwZaMQd3pzUosP5Q==,type:str] +vpnloc: ENC[AES256_GCM,data:51m9DRTL1XG4bEZd9uvDwEwJoYvukESvzRQK,iv:beA4JrDDCjlBmBRhfxuIof2ji4pn7c9Hd0yvYv9HQbQ=,tag:dJsEGPBGW11NVBEwFliL0Q==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1d4ywpqztawcw0eswn42udt4hhcktdcrm54v9kmt3uspkwkz8e52qx7d5aa + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORm5RRUFzR1UvM2JaYzh0 + Q295ZERnL3FLUnNpUFp0Q3NQdURBWm8weFhZCmhMeEdneVJnMTdzYmhmeElqNDF4 + bGVrYWUvaE9WUHVzbi8wRXhOZlloQ0UKLS0tIDhqS0oveDNLOUlKUEFIR0l2Q1Ux + NHBWQ1RNMDdETlBsQnhOL2ZKQkpwSFUK9MP4tsiOWT4UHvma5MT4BLMp+tiBhkRk + IX4ZHQdX0/VX0ZXPUpSNvh3eZdxpiAoeNgizdXIVRIucxLKVGDSv5Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-03-18T12:26:46Z" + mac: ENC[AES256_GCM,data:sJkHpgOfITJtmwncNOtGTDQ0s7FgyvFobQLcwD4dNWsTqzRX1Nt18BtjNDA738HzmX7hVmNhrsDh0QWTG4deQBKclIAoCl1zkHAo1wNSr1Y4DSzsozkipwHr5YiRAPC3ooma6xldczcSyOMt8WsszcQOH/n/UT7CZ6cT1H+2SHk=,iv:RMtmH7gMbqZ3BxxDzkM0G6g2qqKaylsAOc27qhdHIeU=,tag:3+93K3I6+rsPcfk8XUcXHw==,type:str] + pgp: + - created_at: "2024-03-18T12:26:37Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAwDh3VI7VctTAQ/8CyoPvPi1mJLa55u3Vjd5HK7satqVXeXYzXmub6he7tn4 + sAg0zj6t4UGAbKLGwUf3rRMYWYXebcmcbSq8zbPUUcvbZBg6MPH45yADUN9T6YXV + y3efHyeo6BYmkLbtsTGdbai2yzIEuQgOiHQ+i7Da1XnYy5JA3uFHtFJrP0pLXZyN + qRWDnPmPW1UPNaIL60f22MaxxqPwbZk0p1cRpzqYqFmu4OHZeC1CWRPbGlG9sj9T + AaHqabNQJxMDT1tJkkATrIJRs5SM1xmiPnbmjx/EZcMdMShiBhhxUBdNYafOJ8gh + nI2io7ZoRy5guJSkmmcMEvprNUyYS8AFXkJ2HEXkdv4NtkEyz9FTfL0obeoLay4s + 4kYJ+CmLgg6KUa75Q97/c5k4jBNrL6thamU+AZ3cVwMJZOx7yjXxixw/dL8JNSt3 + aFqFqGoDSpCUGmNvLTJrDy6qmewkUe2Yel4EGdKRkutg4vPUhmurmeJUetv87Irx + Y3wMtJEcSS96ac1sGK0LXuwMyUw4TON2zuwVE/uh1SaEUaH4ufFHM414OLVZCVGE + 4EFV4w2prch6jdWVJBcAwtnUYe7GCH4YZHhIt0dI37NFT/wufVkp/6I9QChshr1b + wcvYXVGHC9V2lSu7umCioxumWH4tJTvaJIrUZEi/2FBhCQx9NdeQge+qdBrIEmaF + AgwDC9FRLmchgYQBD/92RhlR4RazIKoCBGXB7IfdYXZRsVcj6NI9YijDzVtR82ok + dbwMqYNUvRhO1klVoSF/PBA1RF/B8kUHLuCgpsaJPPUicbqBT9ObQnEVuKfMRIcs + 6iOeGtNcrMQCQxGLufLQB4nVzi4IBhD6elOXwr/5zM2BONbuz41v9L00lBHxg96C + +NFMT+r2JNmKA32CX5c/BqYtQRJj+G3v//40LOfViNWb49EVmAlaMJ/pA0ogNUW4 + SvyQBTNAuu7qz60to9oZPt+p4GhjiXUUemWZrZCMrwCLJlQoaQfgR9K+/z5Im1y8 + Cf2omf8heXOHDBOsVtCRwD9dR5Y+04FsH4SWJsseZa5pBSkFk6DFJ5+ZaO9i7OQ2 + BybxP3Ncb6VF7C5zTYHVCvSu0P5A7l1bdF3aOHXwlvumvqhDtiMNA5rQMeFKlXMe + peNdgiZUXk89UV+vaHxawpKglRIdygBr2eZhEFa1mO5PjHTOZpjGUWyjnIo+3szz + Cd3JVUOLo2V07ywWqnsKLPhWLO1h3dxxg7wkuU0c5MlaQnSeq+vDRd4Qj0k9ZnSW + 6CbIGyU7pP/BsZbYbb5bH2M8ps+KoLzoA/DhG1x/7D3Si1EBKsBRghMNsP3dMvuK + XABLd9pf+AXcJUEmvT/7G81BXRtvLOqtqFkNX76xP9YwV0EX5CywcyYke2X37dJe + Adj3bM7CbKLpzK8S0K/jO5NvUN9AA4JjGPtXoL7tenhOx3XwBhGiiaI40yoV8ylp + Pl1Xb4qYmS4QcHcskxykVvNjvUWJABJpP8MUCWmUlcvikfo6pnlexlDkiPdfDQ== + =gt6V + -----END PGP MESSAGE----- + fp: 4BE7925262289B476DBBC17B76FD3810215AE097 + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/templates/other_flake.nix b/templates/other_flake.nix new file mode 100644 index 0000000..514cce1 --- /dev/null +++ b/templates/other_flake.nix @@ -0,0 +1,18 @@ +{ + description = "General Flake"; + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + }; + + outputs = {nixpkgs, ...}: let + system = "x86_64-linux"; + pkgs = nixpkgs.legacyPackages.${system}; + in { + devShells.${system}.default = pkgs.mkShell { + + packages = with pkgs; [ + # fill here + ]; + }; + }; +}