swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

upgraded flake to recent

Browse source
This commit is contained in:
Swarsel 2024-02-26 17:56:13 +01:00
parent fda648a01f
commit 28ef6da2fb
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
28 changed files with 3407 additions and 511 deletions
Download patch file Download diff file Expand all files Collapse all files

14
.sops.yaml
View file

@ -16,6 +16,8 @@ keys:
- &server_sound age1w7tfe7k0r0hm6mzz0kmz8302kfn0rlh96w7g6zwqd4muqg7u9anqv07745
- &server_sync age1glge4e97vgqzh332mqs5990vteezu2m8k4wq3z35jk0q8czw3gks2d7a3h
- &server_paperless age1j4y7mwh6hg8kvktgvq5g3xstnmlnaxkdhfrps8lnl029nfpr03dq2nr4cd
- &server_sandbox age1d4ywpqztawcw0eswn42udt4hhcktdcrm54v9kmt3uspkwkz8e52qx7d5aa
- &server_omatrix age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q
creation_rules:
- path_regex: secrets/general/[^/]+\.(yaml|json|env|ini)$
key_groups:
@ -80,3 +82,15 @@ creation_rules:
- *admin_swarsel
age:
- *server_paperless
- path_regex: secrets/sandbox/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_sandbox
- path_regex: secrets/omatrix/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *admin_swarsel
age:
- *server_omatrix

42
Emacs.org
View file

@ -52,7 +52,7 @@
swarsel-anki-org-file "Anki.org"
swarsel-tasks-org-file "Tasks.org"
swarsel-archive-org-file "Archive.org"
swarsel-org-folder-name "Org"
swarsel-org-folder-name "org"
swarsel-obsidian-daily-folder-name "⭐ Personal/Journal"
swarsel-obsidian-folder-name "Obsidian"
swarsel-obsidian-vault-name "Main")
@ -354,17 +354,10 @@ Base emacs undo logic is very useful, but not easy to understand. I prefer undo-
"mm" '((lambda () (interactive) (mu4e)) :which-key "mu4e")
"mg" '((lambda () (interactive) (magit-list-repositories)) :which-key "magit-list-repos")
"mc" '((lambda () (interactive) (swarsel/open-calendar)) :which-key "calendar")
"a" '(:ignore a :which-key "agenda")
"at" '((lambda () (interactive) (org-agenda nil "t")) :which-key "agenda tasks")
"aa" '((lambda () (interactive) (org-agenda nil "a")) :which-key "agenda today")
"as" '((lambda () (interactive) (org-agenda nil "s")) :which-key "agenda search")
"an" '((lambda () (interactive) (org-agenda nil "n")) :which-key "agenda all")
"ar" '((lambda () (interactive) (org-agenda-refile)) :which-key "agenda refile")
"mp" '(popper-toggle :which-key "popper")
"md" '(dirvish :which-key "dirvish")
"c" '(:ignore c :which-key "capture")
;; "c" '(:ignore c :which-key "capture")
;; "cj" '((lambda () (interactive) (org-capture nil "jj")) :which-key "journal")
"ct" '((lambda () (interactive) (org-capture nil "tt")) :which-key "tasks")
;; "cs" '(markdown-download-screenshot :which-key "screenshot")
"l" '(:ignore l :which-key "links")
"le" '((lambda () (interactive) (find-file swarsel-emacs-org-filepath)) :which-key "Emacs.org")
@ -850,12 +843,11 @@ Soon I want to try out this new hot stuff - just at the moment there is too much
(setq org-image-actual-width nil)
(setq org-format-latex-options '(:foreground "White" :background default :scale 2.0 :html-foreground "Black" :html-background "Transparent" :html-scale 1.0 :matchers ("begin" "$1" "$" "$$" "\\(" "\\[")))
(setq org-agenda-files
'("/home/swarsel/Nextcloud/Org/Tasks.org"
"/home/swarsel/Nextcloud/Org/Archive.org"
"/home/swarsel/Calendars/leon_cal.org"))
;; (setq org-agenda-files
;; '(swarsel-org-tasks-filepath
;; swarsel-org-archive-filepath
;; swarsel-org-anki-filepath))
;; (setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org"))
(setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org"))
;; (require 'org-habit)
@ -863,13 +855,13 @@ Soon I want to try out this new hot stuff - just at the moment there is too much
;; (setq org-habit-graph-column 60)
;; (setq org-todo-keywords
;; '((sequence "TODO(t)" "NEXT(n)" "|" "X1DONE(d!)")
;; '((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d!)")
;; (sequence "BACKLOG(b)" "PLAN(p)" "READY(r)" "ACTIVE(a)" "REVIEW(v)" "WAIT(w@/!)" "HOLD(h)" "|" "COMPLETED(c)" "CANC(k@)")))
(setq org-refile-targets
'((swarsel-archive-org-file :maxlevel . 1)
;; (setq org-refile-targets
;; '((swarsel-archive-org-file :maxlevel . 1)
;; (swarsel-anki-org-file :maxlevel . 1)
(swarsel-tasks-org-file :maxlevel . 1)))
;; (swarsel-tasks-org-file :maxlevel . 1)))
;; ;; Configure custom agenda views
;; (setq org-agenda-custom-commands
@ -919,8 +911,8 @@ Soon I want to try out this new hot stuff - just at the moment there is too much
;; ((org-agenda-overriding-header "Cancelled Projects")
;; (org-agenda-files org-agenda-files)))))))
(setq org-capture-templates
`(
;; (setq org-capture-templates
;; `(
;; ("a" "Anki basic"
;; entry
;; (file+headline swarsel-org-anki-filepath "Dispatch")
@ -930,10 +922,9 @@ Soon I want to try out this new hot stuff - just at the moment there is too much
;; entry
;; (file+headline org-swarsel-anki-file "Dispatch")
;; "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: Cloze\n:ANKI_DECK: 🦁 All::01 ❤️ Various::00 ✨ Allgemein\n:END:\n** Text\n%?\n** Extra\n")
("t" "Tasks / Projects")
("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox")
"* TODO %?\n %U\n %i" :empty-lines 1)
;; ("t" "Tasks / Projects")
;; ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox")
;; "* TODO %?\n %U\n %a\n %i" :empty-lines 1)
;; ("j" "Journal Entries")
;; ("jj" "Journal" entry
@ -941,8 +932,7 @@ Soon I want to try out this new hot stuff - just at the moment there is too much
;; "\n* %<%I:%M %p> - Journal :journal:\n\n%?\n\n"
;; ;; ,(dw/read-file-as-string "~/Notes/Templates/Daily.org")
;; :clock-in :clock-resume
;; :empty-lines 1)
))
;; :empty-lines 1)))
;; (swarsel/org-font-setup)
)

1482
Nix.org
View file

File diff suppressed because it is too large Load diff

103
flake.lock generated
View file

@ -226,6 +226,24 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@ -425,6 +443,25 @@
"type": "github"
}
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1710033370,
"narHash": "sha256-f44y3CIkskEbs6rnMU+QQfLvqPkM3JuVaiKrtnX/we8=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "7ad732aefc2c5187d63d1d171294f03fae9d4445",
"type": "github"
},
"original": {
"owner": "fufexan",
"repo": "nix-gaming",
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_2",
@ -453,7 +490,7 @@
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1685908677,
@ -505,6 +542,22 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1709410583,
"narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1699354722,
@ -537,6 +590,24 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-mautrix-signal": {
"locked": {
"lastModified": 1703864075,
@ -602,6 +673,22 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1709968316,
"narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e7f98a5f30166cbed344569426850b21e4091d4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
@ -616,7 +703,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1701718080,
"narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
@ -632,7 +719,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1702029940,
"narHash": "sha256-qM3Du0perpLesh5hr87mVPZ79McMUKIWUH7EQMh2kWo=",
@ -648,7 +735,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1700856099,
"narHash": "sha256-RnEA7iJ36Ay9jI0WwP+/y4zjEhmeN6Cjs9VOFBH7eVQ=",
@ -784,10 +871,12 @@
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"nix-gaming": "nix-gaming",
"nix-on-droid": "nix-on-droid",
"nixgl": "nixgl",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_3",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs-mautrix-signal": "nixpkgs-mautrix-signal",
"nur": "nur",
"pia": "pia",
@ -822,7 +911,7 @@
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
@ -851,7 +940,7 @@
"base16-vim": "base16-vim",
"flake-compat": "flake-compat_2",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1701532764,

31
flake.nix
View file

@ -58,6 +58,15 @@
url = github:niklaskorz/nixpkgs/nixos-23.11-mautrix-signal;
};
# patches for gaming on nix
nix-gaming = {
url = github:fufexan/nix-gaming;
};
# hardware quirks on nix
nixos-hardware = {
url = github:NixOS/nixos-hardware/master;
};
};
@ -76,6 +85,8 @@
lanzaboote,
pia,
nixpkgs-mautrix-signal,
nix-gaming,
nixos-hardware,
...
}: let
@ -139,6 +150,15 @@
];
};
sandbox = nixpkgs.lib.nixosSystem {
pkgs = pkgsmautrix;
specialArgs.unstable = nixpkgs-mautrix-signal;
modules = [
sops-nix.nixosModules.sops
./profiles/sandbox/nixos.nix
];
};
twoson = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; };
modules = nixModules ++ [
@ -169,6 +189,7 @@
fourside = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; };
modules = nixModules ++ [
nixos-hardware.nixosModules.lenovo-thinkpad-p14s-amd-gen2
./profiles/fourside/nixos.nix
home-manager.nixosModules.home-manager
{
@ -271,11 +292,15 @@
};
#ovm swarsel
backup = nixpkgs.lib.nixosSystem {
specialArgs = {inherit inputs pkgs; };
swatrix = nixpkgs.lib.nixosSystem {
# specialArgs = {inherit pkgsmautrix; };
pkgs = pkgsmautrix;
# this is to import a service module that is not on nixpkgs
# this way avoids infinite recursion errors
specialArgs.unstable = nixpkgs-mautrix-signal;
modules = [
sops-nix.nixosModules.sops
./profiles/remote/oracle/backup/nixos.nix
./profiles/remote/oracle/matrix/nixos.nix
];
};
};

7
profiles/TEMPLATE/home.nix
View file

@ -13,7 +13,7 @@
homeDirectory = "/home/TEMPLATE";
stateVersion = "23.05"; # TEMPLATE -- Please read the comment before changing.
keyboard.layout = "us"; # TEMPLATE
packages = with pkgs; [
home.packages = with pkgs; [
# ---------------------------------------------------------------
# if schildichat works on this machine, use it, otherwise go for element
# element-desktop
@ -120,12 +120,13 @@
startup = [
{ command = "nextcloud --background";}
{ command = "spotify";}
# { command = "spotify";}
{ command = "discord --start-minimized";}
{ command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";}
{ command = "element-desktop --hidden";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
# { command = "sleep 60 && syncthingtray --wait"; }
];
};

15
profiles/TEMPLATE/nixos.nix
View file

@ -15,18 +15,9 @@
};
# Bootloader
# use this for single partition boot
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
# -------------------------------------
# alternate setup using grub
# boot.loader.grub.enable = true;
# boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work
# boot.loader.grub.useOSProber = true;
# -------------------------------------
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; # TEMPLATE - if only one disk, this will work
boot.loader.grub.useOSProber = true;
# --------------------------------------
# you might need a configuration like this instead:

93
profiles/common/home.nix
View file

@ -8,11 +8,14 @@
losslessaudiochecker
ffmpeg_5-full
flac
mediainfo
picard
audacity
sox
# b2 backup @backblaze
restic
# "big" programs
filebot
gimp
@ -24,8 +27,12 @@
spotify
discord
nextcloud-client
spotify-tui
schildichat-desktop
spotify-player
element-desktop-wayland
nicotine-plus
transmission
mktorrent
hexchat
# kyria
qmk
@ -37,12 +44,12 @@
libudev-zero
dwarfs
fuse-overlayfs
steam
steam-run
# steam
# steam-run
patchelf
gamescope
vulkan-tools
openssl
moonlight-qt
# firefox related
tridactyl-native
@ -64,6 +71,8 @@
speechd
networkmanagerapplet
psmisc # kill etc
lm_sensors
# syncthingtray
# jq # used for searching the i3 tree in check<xxx>.sh files
# specifically needed for anki
@ -100,7 +109,7 @@
# gnome.gnome-clocks
# wlogout
# jdiskreport
syncthingtray
# syncthingtray
# monitor
#keychain
@ -172,6 +181,8 @@
cp ~/.dotfiles/templates/py_flake.nix ./flake.nix
elif [ "$1" == "cuda" ]; then
cp ~/.dotfiles/templates/cu_flake.nix ./flake.nix
elif [ "$1" == "other" ]; then
cp ~/.dotfiles/templates/other_flake.nix ./flake.nix
elif [ "$1" == "latex" ]; then
if [ "$2" == "" ]; then
echo "No filename specified, usage: 'project latex <NAME>'"
@ -419,23 +430,23 @@ xdg.desktopEntries = {
categories = [ "Application"];
};
schlidichat = {
name = "SchildiChat Matrix Client";
genericName = "SchildiChat";
exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
terminal = false;
categories = [ "Application"];
};
# schlidichat = {
# name = "SchildiChat Matrix Client";
# genericName = "SchildiChat";
# exec = "schildichat-desktop -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";
# terminal = false;
# categories = [ "Application"];
# };
# currently unused but kept for possible future use-case
# not needed as long as schildichat is working properly
# element = {
# name = "Element Matrix Client";
# genericName = "Element";
# exec = "element-desktop";
# terminal = false;
# categories = [ "Application"];
# };
element = {
name = "Element Matrix Client";
genericName = "Element";
exec = "element-desktop";
terminal = false;
categories = [ "Application"];
};
};
@ -1297,22 +1308,22 @@ programs.firefox = {
# the rest of the information is also found in the manifest.json, but might not be
# needed
(let version = "3.5.4.0";
in buildFirefoxXpiAddon {
pname = "bypass-paywalls-clean";
inherit version;
addonId = "magnolia@12.34";
url =
"https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.5.4.0.xpi";
sha256 = "ab81f711c30c4f7a010d69bd964bdfaf0179802c0b27d0a88c73c0aa6b044803";
meta = with lib; {
homepage =
"https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean";
description = "Bypass Paywalls of (custom) news sites";
license = licenses.mit;
platforms = platforms.all;
};
})
# (let version = "3.4.5.0";
# in buildFirefoxXpiAddon {
# pname = "bypass-paywalls-clean";
# inherit version;
# addonId = "magnolia@12.34";
# url =
# "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.4.5.0.xpi";
# sha256 = "703d30c15b88291bd0305cc59013693aea5f75a40ea98fb8e252d1c7bfb43514";
# meta = with lib; {
# homepage =
# "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean";
# description = "Bypass Paywalls of (custom) news sites";
# license = licenses.mit;
# platforms = platforms.all;
# };
# })
(buildFirefoxXpiAddon {
@ -1404,6 +1415,9 @@ services.kdeconnect = {
services.syncthing = {
enable = true;
tray = {
enable = false;
};
};
# this enables the emacs server
@ -1529,7 +1543,7 @@ wayland.windowManager.sway = {
defaultWorkspace = "workspace 1:";
startup = [
{ command = "kitty -T kittyterm";}
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spt";}
{ command = "sleep 60; kitty -T spotifytui -o confirm_os_window_close=0 spotify_player";}
];
window = {
border = 1;
@ -1566,8 +1580,7 @@ wayland.windowManager.sway = {
{app_id = "pavucontrol";}
{app_id = "syncthingtray";}
{app_id = "SchildiChat";}
{class = "Element";}
{title = "Element";}
{app_id = "Element";}
{app_id = "com.nextcloud.desktopclient.nextcloud";}
{app_id = "gnome-system-monitor";}
{title = "(?:Open|Save) (?:File|Folder|As)";}

11
profiles/common/nixos.nix
View file

@ -25,6 +25,15 @@
# enable flakes - urgent line!!
nix.settings.experimental-features = ["nix-command" "flakes"];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# gstreamer plugins for nautilus (used for file metadata)
environment.sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
]);
# correct time between linux and windows
time.hardwareClockInLocalTime = true;
@ -111,6 +120,8 @@ environment.systemPackages = with pkgs; [
# latex
texlab
ghostscript_headless
# wireguard
wireguard-tools
# rust
rust-analyzer
clippy

16
profiles/fourside/home.nix
View file

@ -21,7 +21,8 @@
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
cpu.format = "{icon0} {icon1} {icon2} {icon3} {icon4} {icon5} {icon6} {icon7}";
temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input";
# temperature.hwmon-path = "/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon4/temp1_input";
temperature.hwmon-path = "/sys/class/hwmon/hwmon4/temp1_input";
};
@ -54,7 +55,6 @@
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
# # xkb_options = "ctrl:nocaps,grp:win_space_toggle";
xkb_variant = "altgr-intl";
};
"type:touchpad" = {
@ -67,8 +67,8 @@
};
output = {
eDP-1 = {
mode = "1920x1080"; # TEMPLATE
DP-1 = {
mode = "2560x1440"; # TEMPLATE
scale = "1";
bg = "~/.dotfiles/wallpaper/lenovowp.png fill";
};
@ -77,10 +77,11 @@
keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier;
in {
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown"= "exec brightnessctl set 5%-";
"XF86Display" = "exec wl-mirror eDP-1";
# these are left open to use
# "XF86WLAN" = "exec wl-mirror eDP-1";
# "XF86Messenger" = "exec wl-mirror eDP-1";
# "XF86Go" = "exec wl-mirror eDP-1";
@ -94,12 +95,13 @@
startup = [
{ command = "nextcloud --background";}
{ command = "spotify";}
# { command = "spotify";}
{ command = "discord --start-minimized";}
{ command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";}
{ command = "element-desktop --hidden";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
# { command = "sleep 60 && syncthingtray --wait"; }
];
};

80
profiles/fourside/nixos.nix
View file

@ -2,12 +2,22 @@
{
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports =
[
inputs.nix-gaming.nixosModules.steamCompat
./hardware-configuration.nix
];
nix.settings = {
substituters = ["https://nix-gaming.cachix.org"];
trusted-public-keys = ["nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="];
};
services = {
getty.autologinUser = "swarsel";
@ -17,11 +27,38 @@
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
kernelPackages = pkgs.linuxPackages_latest;
};
networking.hostName = "fourside"; # Define your hostname.
networking = {
hostName = "fourside"; # Define your hostname.
nftables.enable = true;
enableIPv6 = false;
firewall.checkReversePath = false;
firewall = {
enable = true;
allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPortRanges = [
{from = 27015; to = 27030;} # barotrauma
{from = 27036; to = 27037;} # barotrauma
];
allowedUDPPortRanges = [
{from = 27000; to = 27031;} # barotrauma
];
};
};
virtualisation.virtualbox = {
host = {
enable = true;
enableExtensionPack = true;
};
guest = {
enable = true;
x11 = true;
};
};
networking.firewall.enable = false;
stylix.image = ../../wallpaper/lenovowp.png;
@ -87,41 +124,42 @@
bluetooth.enable = true;
};
programs.steam = {
enable = true;
extraCompatPackages = [
inputs.nix-gaming.packages.${pkgs.system}.proton-ge
];
};
# Configure keymap in X11 (only used for login)
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
services.thinkfan = {
enable = false;
};
services.power-profiles-daemon.enable = true;
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" ];
packages = with pkgs; [];
};
environment.systemPackages = with pkgs; [
# gog games installing
heroic
# minecraft
temurin-bin-17
(prismlauncher.override {
glfw = (let
mcWaylandPatchRepo = fetchFromGitHub {
owner = "Admicos";
repo = "minecraft-wayland";
rev = "370ce5b95e3ae9bc4618fb45113bc641fbb13867";
sha256 =
"sha256-RPRg6Gd7N8yyb305V607NTC1kUzvyKiWsh6QlfHW+JE=";
};
mcWaylandPatches = map (name: "${mcWaylandPatchRepo}/${name}")
(lib.naturalSort (builtins.attrNames (lib.filterAttrs
(name: type:
type == "regular" && lib.hasSuffix ".patch" name)
(builtins.readDir mcWaylandPatchRepo))));
in glfw-wayland.overrideAttrs (previousAttrs: {
patches = previousAttrs.patches ++ mcWaylandPatches;
}));})
glfw = pkgs.glfw-wayland-minecraft;
})
];
system.stateVersion = "23.05";
}

5
profiles/onett/home.nix
View file

@ -109,12 +109,13 @@
startup = [
{ command = "nextcloud --background";}
{ command = "spotify";}
# { command = "spotify";}
{ command = "discord --start-minimized";}
{ command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";}
{ command = "element-desktop --hidden";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
# { command = "sleep 60 && syncthingtray --wait"; }
];
};

14
profiles/remote/oracle/matrix/hardware-configuration.nix Normal file
View file

@ -0,0 +1,14 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/A1B2-7E6F"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; };
}

340
profiles/remote/oracle/matrix/nixos.nix Normal file
View file

@ -0,0 +1,340 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let
matrixDomain = "swatrix.swarsel.win";
in {
imports = [
./hardware-configuration.nix
(unstable + "/nixos/modules/services/matrix/mautrix-signal.nix")
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
matrix-synapse
lottieconverter
ffmpeg
];
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
sops.validateSopsFiles = false;
sops.secrets.dnstokenfull = {owner="acme";};
sops.templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
documentation = {
enable = false;
};
security.acme = {
acceptTerms = true;
preliminarySelfsigned = false;
defaults.email = "mrswarsel@gmail.com";
defaults.dnsProvider = "cloudflare";
defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"swatrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.hostName = "swatrix";
networking.enableIPv6 = false;
# networking.domain = "subnet03112148.vcn03112148.oraclevcn.com";
networking.domain = "swarsel.win";
networking.firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
'';
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.11"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
boot.loader.grub.device = "nodev";
sops.secrets.matrixsharedsecret = {owner="matrix-synapse";};
sops.templates."matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
sops.templates.matrixshared.owner = "matrix-synapse";
sops.templates.matrixshared.content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";};
sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";};
sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";};
sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";};
sops.templates.mautrixtelegram.owner = "matrix-synapse";
sops.templates.mautrixtelegram.content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
# sops.templates.mautrixwhatsapp.content = ''
# MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared}
# '';
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.matrix-synapse = {
settings.app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
enable = true;
settings.server_name = matrixDomain;
settings.public_baseurl = "https://${matrixDomain}";
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
settings.listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
services.mautrix-telegram = {
enable = true;
environmentFile = config.sops.templates.mautrixtelegram.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
id = "telegram";
# ephemeral_events = true; # not needed due to double puppeting
public = {
enabled = false;
};
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
};
bridge = {
# login_shared_secret_map = {
# matrixDomain = "as_token:doublepuppet";
# };
relaybot.authless_portals = true;
allow_avatar_remove = true;
allow_contact_info = true;
sync_channel_members = true;
startup_sync = true;
sync_create_limit = 0;
sync_direct_chats = true;
telegram_link_preview = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = {
target = "gif";
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
services.mautrix-whatsapp = {
enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
type = "postgres";
uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .FullName .PushName .JID}} (WA)";
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = -1;
request_full_sync = true;
full_sync_config = {
days_limit = 900;
size_mb_limit = 5000;
storage_quota_mb = 5000;
};
};
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
sync_manual_marked_unread = true;
send_presence_on_typing = true;
parallel_member_sync = true;
url_previews = true;
caption_in_message = true;
extev_polls = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
services.mautrix-signal = {
enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
type = "postgres";
uri = "postgresql:///mautrix-signal?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
caption_in_message = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
# restart the bridges daily. this is done for the signal bridge mainly which stops carrying
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
Unit = "restart-bridges.service";
};
};
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

33
profiles/sandbox/hardware-configuration.nix Normal file
View file

@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp7s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp8s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

867
profiles/sandbox/nixos.nix Normal file
View file

@ -0,0 +1,867 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let
matrixDomain = "swatrix.swarsel.win";
in {
imports = [
./hardware-configuration.nix
# we import here a service that is not available yet on normal nixpkgs
# this module is hence not in the modules list, we add it ourselves
(unstable + "/nixos/modules/services/matrix/mautrix-signal.nix")
];
boot.loader.grub = {
enable = true;
device = "/dev/sda";
useOSProber = true;
};
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp"];
packages = with pkgs; [];
};
# actual config starts here
fileSystems."/mnt/Eternor" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/etc/nixos/smb-secrets,uid=1000,gid=100"];
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
lego
nginx
calibre
openvpn
jq
iptables
busybox
wireguard-tools
matrix-synapse
lottieconverter
ffmpeg
pciutils
alsa-utils
mpv
zfs
];
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
boot.supportedFilesystems = [ "zfs" ];
boot.zfs.forceImportRoot = false;
networking.hostId = "8a8ad84a";
networking.hostName = "sandbox"; # Define your hostname.
networking.enableIPv6 = true;
networking.firewall.enable = false;
documentation = {
enable = false;
};
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml";
sops.validateSopsFiles = false;
sops.secrets.dnstokenfull = {owner="acme";};
sops.templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
security.acme = {
acceptTerms = true;
preliminarySelfsigned = false;
defaults.email = "mrswarsel@gmail.com";
defaults.dnsProvider = "cloudflare";
defaults.environmentFile = "${config.sops.templates."certs.secret".path}";
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.5";
extraConfig = ''
client_max_body_size 0;
'';
};
# "/push/" = {
# proxyPass = "http://192.168.2.5:7867";
# };
"/.well-known/carddav" = {
return = "301 $scheme://$host/remote.php/dav";
};
"/.well-known/caldav" = {
return = "301 $scheme://$host/remote.php/dav";
};
};
};
"swatrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://127.0.0.1:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:4040";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
};
};
};
"scan.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:28981";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"screen.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
};
};
sops.secrets.kavita = { owner = "kavita";};
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
users.users.jellyfin = {
extraGroups = [ "video" "render" ];
};
# nixpkgs.config.packageOverrides = pkgs: {
# vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
# };
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
services.jellyfin = {
enable = true;
user = "jellyfin";
# openFirewall = true; # this works only for the default ports
};
users.groups.vpn = {};
users.users.vpn = {
isNormalUser = true;
group = "vpn";
home = "/home/vpn";
};
boot.kernelModules = [ "tun" ];
services.radarr = {
enable = true;
};
services.readarr = {
enable = true;
};
services.sonarr = {
enable = true;
};
services.lidarr = {
enable = true;
};
services.prowlarr = {
enable = true;
};
networking.firewall.extraCommands = ''
sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
'';
networking.iproute2 = {
enable = true;
rttablesExtraConfig = ''
200 vpn
'';
};
boot.kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
"net.ipv4.conf.enp7s0.rp_filter" = 2;
};
environment.etc = {
"openvpn/iptables.sh" =
{ source = ../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{ source = ../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{ source = ../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{ source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{ source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
sops.secrets.vpnuser = {};
sops.secrets.rpcuser = {owner="vpn";};
sops.secrets.vpnpass = {};
sops.secrets.rpcpass = {owner="vpn";};
sops.secrets.vpnprot = {};
sops.secrets.vpnloc = {};
# sops.secrets.crlpem = {};
# sops.secrets.capem = {};
sops.templates."transmission-rpc".owner = "vpn";
sops.templates."transmission-rpc".content = builtins.toJSON {
rpc-username = config.sops.placeholder.rpcuser;
rpc-password = config.sops.placeholder.rpcpass;
};
sops.templates.pia.content = ''
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
sops.templates.vpn.content = ''
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
'';
services.openvpn.servers = {
pia = {
autoStart = true;
updateResolvConf = false;
config = "config ${config.sops.templates.vpn.path}";
};
};
services.transmission = {
enable = true;
credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn";
settings = {
alt-speed-down= 8000;
alt-speed-enabled= false;
alt-speed-time-begin= 0;
alt-speed-time-day= 127;
alt-speed-time-enabled= true;
alt-speed-time-end= 360;
alt-speed-up= 2000;
bind-address-ipv4= "0.0.0.0";
bind-address-ipv6= "::";
blocklist-enabled= false;
blocklist-url= "http://www.example.com/blocklist";
cache-size-mb= 256;
dht-enabled= false;
download-dir= "/test";
download-limit= 100;
download-limit-enabled= 0;
download-queue-enabled= true;
download-queue-size= 5;
encryption= 2;
idle-seeding-limit= 30;
idle-seeding-limit-enabled= false;
incomplete-dir= "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled= false;
lpd-enabled= false;
max-peers-global= 200;
message-level= 1;
peer-congestion-algorithm= "";
peer-id-ttl-hours= 6;
peer-limit-global= 100;
peer-limit-per-torrent= 40;
peer-port= 22371;
peer-port-random-high= 65535;
peer-port-random-low= 49152;
peer-port-random-on-start= false;
peer-socket-tos= "default";
pex-enabled= false;
port-forwarding-enabled= false;
preallocation= 1;
prefetch-enabled= true;
queue-stalled-enabled= true;
queue-stalled-minutes= 30;
ratio-limit= 2;
ratio-limit-enabled= false;
rename-partial-files= true;
rpc-authentication-required= true;
rpc-bind-address= "0.0.0.0";
rpc-enabled= true;
rpc-host-whitelist= "";
rpc-host-whitelist-enabled= true;
rpc-port= 9091;
rpc-url= "/transmission/";
rpc-whitelist= "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled= true;
scrape-paused-torrents-enabled= true;
script-torrent-done-enabled= false;
seed-queue-enabled= false;
seed-queue-size= 10;
speed-limit-down= 6000;
speed-limit-down-enabled= true;
speed-limit-up= 500;
speed-limit-up-enabled= true;
start-added-torrents= true;
trash-original-torrent-files= false;
umask= 2;
upload-limit= 100;
upload-limit-enabled= 0;
upload-slots-per-torrent= 14;
utp-enabled= false;
};
};
# services.nginx = {
# enable = true;
# virtualHosts = {
# "192.168.1.192" = {
# locations = {
# "/transmission" = {
# proxyPass = "http://127.0.0.1:9091";
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# '';
# };
# };
# };
# };
# };
# sops.secrets.matrixsharedsecret = {owner="matrix-synapse";};
# sops.templates."matrix_user_register.sh".content = ''
# register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
# '';
# sops.templates.matrixshared.owner = "matrix-synapse";
# sops.templates.matrixshared.content = ''
# registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
# '';
# sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";};
# sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";};
# sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";};
# sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";};
# sops.templates.mautrixtelegram.owner = "matrix-synapse";
# sops.templates.mautrixtelegram.content = ''
# MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
# MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
# MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
# MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
# '';
# ----------------
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
# sops.templates.mautrixwhatsapp.content = ''
# MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared}
# '';
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.matrix-synapse = {
settings.app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
enable = false;
settings.server_name = matrixDomain;
settings.public_baseurl = "https://${matrixDomain}";
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
settings.listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
services.mautrix-telegram = {
enable = false;
environmentFile = config.sops.templates.mautrixtelegram.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
id = "telegram";
# ephemeral_events = true; # not needed due to double puppeting
public = {
enabled = false;
};
database = "postgresql:///mautrix-telegram?host=/run/postgresql";
};
bridge = {
# login_shared_secret_map = {
# matrixDomain = "as_token:doublepuppet";
# };
relaybot.authless_portals = true;
allow_avatar_remove = true;
allow_contact_info = true;
sync_channel_members = true;
startup_sync = true;
sync_create_limit = 0;
sync_direct_chats = true;
telegram_link_preview = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = {
target = "gif";
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
# systemd.services.mautrix-telegram.path = with pkgs; [
# lottieconverter # for animated stickers conversion, unfree package
# ffmpeg # if converting animated stickers to webm (very slow!)
# ];
services.mautrix-whatsapp = {
enable = false;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
type = "postgres";
uri = "postgresql:///mautrix-whatsapp?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .FullName .PushName .JID}} (WA)";
history_sync = {
backfill = true;
max_initial_conversations = -1;
message_count = -1;
request_full_sync = true;
full_sync_config = {
days_limit = 900;
size_mb_limit = 5000;
storage_quota_mb = 5000;
};
};
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
sync_manual_marked_unread = true;
send_presence_on_typing = true;
parallel_member_sync = true;
url_previews = true;
caption_in_message = true;
extev_polls = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
services.mautrix-signal = {
enable = false;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = {
homeserver = {
address = "http://localhost:8008";
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
type = "postgres";
uri = "postgresql:///mautrix-signal?host=/run/postgresql";
};
};
bridge = {
displayname_template = "{{or .ContactName .ProfileName .PhoneNumber}} (Signal)";
login_shared_secret_map = {
matrixDomain = "as_token:doublepuppet";
};
caption_in_message = true;
permissions = {
"*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin";
};
};
};
};
# restart the bridges daily. this is done for the signal bridge mainly which stops carrying
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
Unit = "restart-bridges.service";
};
};
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
users.groups.navidrome = {
gid = 61593;
};
users.groups.mpd = {};
users.users.navidrome = {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = [ "audio" "utmp" ];
};
users.users.mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = [ "audio" "utmp" ];
};
sound = {
enable = true;
};
hardware.enableAllFirmware = true;
sops.secrets.mpdpass = { owner = "mpd";};
services.navidrome = {
enable = true;
settings = {
Address = "0.0.0.0";
Port = 4040;
MusicFolder = "/mnt/";
EnableSharing = true;
EnableTranscodingConfig = true;
Scanner.GroupAlbumReleases = true;
ScanSchedule = "@every 24h";
# Insert these values locally as sops-nix does not work for them
# LastFM.ApiKey = TEMPLATE;
# LastFM.Secret = TEMPLATE;
# Spotify.ID = TEMPLATE;
# Spotify.Secret = TEMPLATE;
UILoginBackgroundUrl = "https://i.imgur.com/OMLxi7l.png";
UIWelcomeMessage = "~SwarselSound~";
};
};
services.mpd = {
enable = true;
musicDirectory = "/mnt/Eternor/Musik";
user = "mpd";
group = "mpd";
network = {
port = 3254;
listenAddress = "any";
};
credentials = [
{
passwordFile = config.sops.secrets.mpdpass.path;
permissions = [
"read"
"add"
"control"
"admin"
];
}
];
};
users.groups.spotifyd = {
gid = 65136;
};
users.users.spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = [ "audio" "utmp" ];
};
services.spotifyd = {
enable = true;
settings = {
global = {
dbus_type = "session";
use_mpris = false;
device = "default:CARD=PCH";
device_name = "SwarselSpot";
mixer = "alsa";
zeroconf_port = 1025;
};
};
};
# Network shares
# add a user with sudo smbpasswd -a <user>
services.samba = {
package = pkgs.samba4Full;
extraConfig = ''
workgroup = WORKGROUP
server role = standalone server
dns proxy = no
pam password change = yes
map to guest = bad user
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
follow symlinks = yes
'';
# ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba`
# Required for samba to register mDNS records for auto discovery
# See https://github.com/NixOS/nixpkgs/blob/592047fc9e4f7b74a4dc85d1b9f5243dfe4899e3/pkgs/top-level/all-packages.nix#L27268
enable = true;
# openFirewall = true;
shares.test = {
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
path = "/test2";
writable = "true";
comment = "Eternor";
"valid users" = "@smbtest2";
};
};
services.avahi = {
publish.enable = true;
publish.userServices = true;
# ^^ Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
nssmdns = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true;
};
services.samba-wsdd = {
# This enables autodiscovery on windows since SMB1 (and thus netbios) support was discontinued
enable = true;
};
}

5
profiles/server1/nginx/nixos.nix
View file

@ -101,6 +101,7 @@
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -194,4 +195,8 @@
};
};
}

5
profiles/stand/home.nix
View file

@ -76,12 +76,13 @@
startup = [
{ command = "nextcloud --background";}
{ command = "spotify";}
# { command = "spotify";}
{ command = "discord --start-minimized";}
{ command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";}
{ command = "element-desktop --hidden";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
# { command = "sleep 60 && syncthingtray --wait"; }
];
};

5
profiles/threed/home.nix
View file

@ -83,12 +83,13 @@
startup = [
{ command = "nextcloud --background";}
{ command = "spotify";}
# { command = "spotify";}
{ command = "discord --start-minimized";}
{ command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";}
{ command = "element-desktop --hidden";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
# { command = "sleep 60 && syncthingtray --wait"; }
];

5
profiles/twoson/home.nix
View file

@ -115,12 +115,13 @@
startup = [
{ command = "nextcloud --background";}
{ command = "spotify";}
# { command = "spotify";}
{ command = "discord --start-minimized";}
{ command = "schildichat-desktop --disable-gpu-driver-bug-workarounds --hidden";}
{ command = "element-desktop --hidden";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
# { command = "sleep 60 && syncthingtray --wait"; }
];
};

1
programs/emacs/custom.el
View file

@ -8,7 +8,6 @@
"badd1a5e20bd0c29f4fe863f3b480992c65ef1fa63951f59aa5d6b129a3f9c4c"
"2e05569868dc11a52b08926b4c1a27da77580daa9321773d92822f7a639956ce"
default))
'(org-agenda-files nil)
'(send-mail-function 'sendmail-send-it))
;; (custom-set-faces
;; ;; custom-set-faces was added by Custom.

42
programs/emacs/init.el
View file

@ -23,7 +23,7 @@
swarsel-anki-org-file "Anki.org"
swarsel-tasks-org-file "Tasks.org"
swarsel-archive-org-file "Archive.org"
swarsel-org-folder-name "Org"
swarsel-org-folder-name "org"
swarsel-obsidian-daily-folder-name "⭐ Personal/Journal"
swarsel-obsidian-folder-name "Obsidian"
swarsel-obsidian-vault-name "Main")
@ -247,17 +247,10 @@
"mm" '((lambda () (interactive) (mu4e)) :which-key "mu4e")
"mg" '((lambda () (interactive) (magit-list-repositories)) :which-key "magit-list-repos")
"mc" '((lambda () (interactive) (swarsel/open-calendar)) :which-key "calendar")
"a" '(:ignore a :which-key "agenda")
"at" '((lambda () (interactive) (org-agenda nil "t")) :which-key "agenda tasks")
"aa" '((lambda () (interactive) (org-agenda nil "a")) :which-key "agenda today")
"as" '((lambda () (interactive) (org-agenda nil "s")) :which-key "agenda search")
"an" '((lambda () (interactive) (org-agenda nil "n")) :which-key "agenda all")
"ar" '((lambda () (interactive) (org-agenda-refile)) :which-key "agenda refile")
"mp" '(popper-toggle :which-key "popper")
"md" '(dirvish :which-key "dirvish")
"c" '(:ignore c :which-key "capture")
;; "c" '(:ignore c :which-key "capture")
;; "cj" '((lambda () (interactive) (org-capture nil "jj")) :which-key "journal")
"ct" '((lambda () (interactive) (org-capture nil "tt")) :which-key "tasks")
;; "cs" '(markdown-download-screenshot :which-key "screenshot")
"l" '(:ignore l :which-key "links")
"le" '((lambda () (interactive) (find-file swarsel-emacs-org-filepath)) :which-key "Emacs.org")
@ -644,12 +637,11 @@
(setq org-image-actual-width nil)
(setq org-format-latex-options '(:foreground "White" :background default :scale 2.0 :html-foreground "Black" :html-background "Transparent" :html-scale 1.0 :matchers ("begin" "$1" "$" "$$" "\\(" "\\[")))
(setq org-agenda-files
'("/home/swarsel/Nextcloud/Org/Tasks.org"
"/home/swarsel/Nextcloud/Org/Archive.org"
"/home/swarsel/Calendars/leon_cal.org"))
;; (setq org-agenda-files
;; '(swarsel-org-tasks-filepath
;; swarsel-org-archive-filepath
;; swarsel-org-anki-filepath))
;; (setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org"))
(setq org-agenda-files '("/home/swarsel/Calendars/leon_cal.org"))
;; (require 'org-habit)
@ -657,13 +649,13 @@
;; (setq org-habit-graph-column 60)
;; (setq org-todo-keywords
;; '((sequence "TODO(t)" "NEXT(n)" "|" "X1DONE(d!)")
;; '((sequence "TODO(t)" "NEXT(n)" "|" "DONE(d!)")
;; (sequence "BACKLOG(b)" "PLAN(p)" "READY(r)" "ACTIVE(a)" "REVIEW(v)" "WAIT(w@/!)" "HOLD(h)" "|" "COMPLETED(c)" "CANC(k@)")))
(setq org-refile-targets
'((swarsel-archive-org-file :maxlevel . 1)
;; (setq org-refile-targets
;; '((swarsel-archive-org-file :maxlevel . 1)
;; (swarsel-anki-org-file :maxlevel . 1)
(swarsel-tasks-org-file :maxlevel . 1)))
;; (swarsel-tasks-org-file :maxlevel . 1)))
;; ;; Configure custom agenda views
;; (setq org-agenda-custom-commands
@ -713,8 +705,8 @@
;; ((org-agenda-overriding-header "Cancelled Projects")
;; (org-agenda-files org-agenda-files)))))))
(setq org-capture-templates
`(
;; (setq org-capture-templates
;; `(
;; ("a" "Anki basic"
;; entry
;; (file+headline swarsel-org-anki-filepath "Dispatch")
@ -724,10 +716,9 @@
;; entry
;; (file+headline org-swarsel-anki-file "Dispatch")
;; "* %<%H:%M>\n:PROPERTIES:\n:ANKI_NOTE_TYPE: Cloze\n:ANKI_DECK: 🦁 All::01 ❤️ Various::00 ✨ Allgemein\n:END:\n** Text\n%?\n** Extra\n")
("t" "Tasks / Projects")
("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox")
"* TODO %?\n %U\n %i" :empty-lines 1)
;; ("t" "Tasks / Projects")
;; ("tt" "Task" entry (file+olp swarsel-org-tasks-filepath "Inbox")
;; "* TODO %?\n %U\n %a\n %i" :empty-lines 1)
;; ("j" "Journal Entries")
;; ("jj" "Journal" entry
@ -735,8 +726,7 @@
;; "\n* %<%I:%M %p> - Journal :journal:\n\n%?\n\n"
;; ;; ,(dw/read-file-as-string "~/Notes/Templates/Daily.org")
;; :clock-in :clock-resume
;; :empty-lines 1)
))
;; :empty-lines 1)))
;; (swarsel/org-font-setup)
)

10
scripts/checkelement.sh Normal file
View file

@ -0,0 +1,10 @@
#!/bin/bash
STR=$(swaymsg -t get_tree | grep Element)
if [ "$STR" == "" ]; then
exec element-desktop
#exec swaymsg '[app_id=SchildiChat]' move container to scratchpad; scratchpad show
else
exec swaymsg '[app_id=Element]' kill
fi
exit 0

2
scripts/checkspotifytui.sh
View file

@ -2,7 +2,7 @@
STR=$(swaymsg -t get_tree | jq -r 'recurse(.nodes[]) | select(.name == "__i3_scratch")' | grep spotifytui)
CHECK=$(swaymsg -t get_tree | grep spotifytui)
if [ "$CHECK" == "" ]; then
exec kitty -T spotifytui -o confirm_os_window_close=0 spt & sleep 1
exec kitty -T spotifytui -o confirm_os_window_close=0 spotify_player & sleep 1
fi
if [ "$STR" == "" ]; then
exec swaymsg '[title="spotifytui"]' scratchpad show

4
scripts/server1/iptables.sh
View file

@ -1,8 +1,8 @@
#! /usr/bin/env bash
export INTERFACE="tun0"
export VPNUSER="vpn"
export LOCALIP="192.168.1.191"
export NETIF="eth0"
export LOCALIP="192.168.1.107"
export NETIF="enp7s0"
# flushes all the iptables rules, if you have other rules to use then add them into the script
iptables -F -t nat

57
secrets/omatrix/secrets.yaml Normal file
View file

@ -0,0 +1,57 @@
matrixsharedsecret: ENC[AES256_GCM,data:fgHmBP2hprqpUE4TmoBDv+Vd05sJDbAJWDs034Dxnru09aDPwjqPnxCU+nf7Mqmnd5/z441bqG7hPdKM7H3SSQ==,iv:r8wos/EZhjw2Zf2v+OAvKlWensbL4jqU04CPoc05Y04=,tag:epKklBJ2hPdKsMCROmEaMA==,type:str]
mautrixtelegram_as: ENC[AES256_GCM,data:MBS0UzGRIOVZ4Miqrwz0bbezNuqrlU96QyN6T60lOh7KgNUTYR0eB2Im4tcjUvtTVhkM5I4t88jzv/WuUE5oNA==,iv:7GUcJpKkoKsp/wFzFSnPL7S1eU2Bfzy42A3hm4WbWu4=,tag:Z9621h5+K+PQgZNt4RYyhQ==,type:str]
mautrixtelegram_hs: ENC[AES256_GCM,data:p4jJxkD43ivaRQFMSAtzEc/ylYZEuwoEv7tIJZtcF4cJVvqDYDWjAwuu9QXHWuEqEs/djLHjx82KfdqDvpOmxA==,iv:MUTNSyafrWx3rKn5rMStuzZAXueqR9gBCgYUu5DFBy8=,tag:fpVYokTTWK/Snlx+SPWkBQ==,type:str]
mautrixtelegram_api_id: ENC[AES256_GCM,data:CoY2x/2icA==,iv:EHv73YK5H6wAOF6Sssx0hulX+cK9IFb2GOoOTKo5vO8=,tag:wWiioGdAe/F+Y10FdNJpDA==,type:str]
mautrixtelegram_api_hash: ENC[AES256_GCM,data:WS6nrYQ+g1MFsiwHQigEWWFk1Xvv3mS/cs+gCIFc8V4=,iv:6aJ2XqmBedDO4U2/eG/Ne1orUDbyGTC3aFiMOYTWfj4=,tag:fgs22Q8aCb6hOof8qZj6RQ==,type:str]
dnstokenfull: ENC[AES256_GCM,data:XffZv2uZKdIkNTwoO3KqSvoJ2R/RJqHYRkLxscXZyErHu3WH5EU3Dg==,iv:+ME40HBH6L/uWwqHbmW1PA3Y4p+dtcCl12UyiLflGX4=,tag:rsUWdOiBOyFCshqa6MUIng==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age198gj3dmryk7sya5c77tsrm3gdrct6xh7w7cx4gsfywe675aehu8sw2xw6q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlNlFlUVFhOEJNdWR3OWxl
RWhza2ovR1ZCRXRPYnQ0MDJKak9qZTV2WFVFCjZNSUI0azBSMi9MK2c5dE1xb1Z2
YzBHMGpCU05VcllQNWJtcFNUcThzMmcKLS0tIFkvcGU3aWROZ21KZ2lRYmZlSTdX
d1JqTGFiNHlBLythc3J4RjJLVDBhYkkKz56uLu8f+SblqcyRhU0Lvjoh50h1BQgj
L/R2VaCLZEz04/AzM08bmjOpcORmvPTSqobeKDrh76vp536SUX01XA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-21T01:56:14Z"
mac: ENC[AES256_GCM,data:Ce27me4iu6pMYYekgT7C1pKYJ+cdd1PQAb4Wyb/w9rrgTJeTrQFBmYC3GRRcpijwMVzlWq8KampuFEAiGFmuLoE+G94nEbKZskKqbV43BWhrdnthoBoPxizwRLhEOOi3rNJW2L26TNMsjDG4kelfhxFbKYetdPV1M73mBywxWr8=,iv:MzuzBom0YikkDCvjsYUR8VuN/JEX4+ygasgUU6AaPtM=,tag:XDmxmmGcNvNhfXqLJAoxxg==,type:str]
pgp:
- created_at: "2024-03-21T01:51:54Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTARAAssl+AF2Y2zr1/zWquYmB4cZolN99Tr1sQjIbHPEDC6ym
DnH5vHx4eGc0svrAL0Vv3TBQ3W8gS5w4EHSumxa0oerfVY1bwk+BN5nOHgg6l7mG
LMA1H7g2QNNEsUTH7IuaOVWofsVWzhxZwZILUEQlsYWLYkl/hz2aOZHiOTLTwz1Y
RtfbRzYTf1jYg7lks2elrlmhd2d+QoxoYxT+tg8oagaVM5VGDRS/9evnrZ/E3fNd
87BNUxc+SswMwonWfuLtOkPPo+jckVy7yg0zpZn1p9vnYQAyuQy52aRjTzY0vZCq
DwW46Y+fgHnsfI2Ym03pL32Z1lemqqcOKXZc3TJRv/4a+dcR2G4j6sckAg6al1U1
P0fcnOlYpO+bWoy35l1HD0sHLIn7+PE1JfxzTcvvWrLz/w22/g6RwG8uYg47YXnt
uKxIYmQUGSSDCDddnF8xwuwRzyAVUgYZr71jnwUtiXURW6VorUtA69O+tdq0hLZR
wW6zJ1nY+cJy3DKfnlrrPEOIjFP/OBibftB7CvqYG4xAgKjubAq5MhB5RpRajC3L
aeuUCKEe0dzpBFE/g10KQF9OFUnptN0LfrLcAkMjKqyXmPdbMKhD4Obhv4lJA0Ks
v+SbKtKWohGA6nzt1yrOvzFkiAkmj6pa9DEZgQ6jKumTTBi4mSUptezI4X3VcmaF
AgwDC9FRLmchgYQBD/41T1tegaRsb477ffMtHlKmZguvPIviJQoNKbUvlcXC5+mT
IsJEwhanypP7YpaWNlvep9Qtr8/NplkIF+n2uB0cAaZWK3dZsKe8Erfqik08oj7N
yGYNgm4ykC3y/TTJaX+xcmRrHtGAY6RNT/TaeJ2ip8DxsHIwA8wqFmnVqLXjhmFl
hYV87+mtX2M22Xc/YEPsvocbWiQCyLHLVQsS1VfN6nRFkNi/pc5lyBYxRRKa7Exp
azfRUr/sWkFtwPptUdA5l7Z21nVBBd4GKrdwbbn5u6mgH4GIwqAwFk9U3RWrCAEq
vcEekyabBOFAm1+Lt//FYtL/nuyN5Pq6p87bxnh6H3IrMdmkwERI8O9IYdUBOhNr
cx5vPH0oKxkdznc11xHQHyoojmCuerPzROlNNhL1knI1XalfKCxfZhYk3VvYPnmk
maEsw7zbwmdtKi6F377Di08jhp60846zvXz351rLPolaFAlAxp0BSL/XJEvxTd9N
wPg9tR+aC+6yQIJeXQ5q+pzxM2wSwTcIAcBxYj5eOB1/sehKLraBBMtZU5IyekiP
s7I7hp/gDD3BpFogXf3BU/jtHz8yPv48Z3My4N8YkrHVR8JP55xpBpGuxJ2568bC
R64dhas0pZxJ9rnq/yJmbadmcVZpL7wNlZnNGgyTTJI6jWAJtqhKFi5R2G+3fdJe
AT8Qvl4IZ1IMfR1TMf0w+uWDAQsxJGxNqTlHwgF2YiHZdC7YA8npEDLzFSeYnzls
pJmMnciuK/enCETBuZInYojD0/ZgjayD0ImAfQDbFplagm/mWmHjG70eef9ESw==
=ECO+
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

79
secrets/sandbox/secrets.yaml Normal file
View file

@ -0,0 +1,79 @@
#ENC[AES256_GCM,data:V9WkgLQW8pA=,iv:OrH5gnzRFGgkUhzyEx7vEqssG/dvHsLP8dRICqcTf0Y=,tag:eZ7A1p5XpllPGWoOuFnSvQ==,type:comment]
smbuser: ENC[AES256_GCM,data:aqtzxuhmpkw=,iv:lhAzbw/RT1xi/eG9ATOcMWz/XSb0B5v0ewMmKrOWS2g=,tag:QXK9AQhmgEsFyfwzd8fCDQ==,type:str]
smbpassword: ENC[AES256_GCM,data:Xry5vCtkkWdRYp3dmdwwC+itlbqjVpk=,iv:ovz76df017AhTWk15IMUhtUfjS9qR5e1ABdnew4zHcQ=,tag:kX3GqBmxkZLaVHiV9/thCA==,type:str]
smbdomain: ENC[AES256_GCM,data:RPLxHfZzw+c=,iv:jbRsY5fCIV++G2cQ0UYA9I+VOGaoXDIxTwMJ65LwOIM=,tag:CPvXrPgIonCC4jZ6N2u1Hg==,type:str]
kavita: ENC[AES256_GCM,data:J3PvmPsCgNW4lEKhqhsJm+xK0kUsCbWDu4c5i4/F5F7XstwT3dkMPTLBMtE=,iv:QfBelQezPRGtnZlFa+JZZ3m3mH5wQYhTo4ZiCyNSH68=,tag:QtyG5opwFFxF5w48BIFUOA==,type:str]
#ENC[AES256_GCM,data:7OPyL94wCA==,iv:1kp/uu0fNpIF86OQbCscvD5LL6fL4uVicMe8jODa3QA=,tag:Bc0+i581OWp0yHrhi2bgFA==,type:comment]
matrixsharedsecret: ENC[AES256_GCM,data:nClidnaXhhYg4PoGmJysc8ANuN1NtCSugxeJOXmtTXLACXOrS4WXPD3IZH6bCOEmGmZLEa3ch7HVCYFATIe83A==,iv:fTQ1tn8/xcoDoBFuWmJZENDhkB9t8it0yMXxFRWi3CE=,tag:bMx0Jc5D2+wvF2CKAM/dFQ==,type:str]
mautrixtelegram_as: ENC[AES256_GCM,data:h9TotOCZWWgBt/srj+9UfQdDd5yCKF0XQrOJut53W9WT1EJoJ8dvwwFxWyJMEspAa+eVZ55/CA1v29CMhN+n8Q==,iv:98HI89KcI1DXTIrp5XUMlGGzmViT8twtjKkggpm0kKQ=,tag:eQqixbcX3ABYQpMPDIRpiw==,type:str]
mautrixtelegram_hs: ENC[AES256_GCM,data:nxtcbftC5fpvc5NkJCV7AKrnbLj9/9evp6U3dv9zSXRi7+NVu2EMAZ5NIy/KHDgXxCriDtk2LQcRtJqli9yxfw==,iv:r2LkIwI/bPCrI80loqguaaema4Cj3j58nQ6jGeYPh/I=,tag:eR5DcOIBBtCokgXAEmlmHw==,type:str]
mautrixtelegram_api_id: ENC[AES256_GCM,data:Q9larQ9Rww==,iv:fNx2EnXIvtU/qMidD8ihYvf4mN1yZmyd/7wuDHeLa6I=,tag:B2ptuep8VWlUnhlO5W8M8g==,type:str]
mautrixtelegram_api_hash: ENC[AES256_GCM,data:D3LxcOFRbXY/SIyLeXtZdG6i4URQbUQBtuyqMbxU6kg=,iv:SuP2X/ih2ItPWOjEzc6sXYw+5ZqBSwq/V14pr5I0sFw=,tag:Wf64lPhEla/TOxZN71siKQ==,type:str]
#ENC[AES256_GCM,data:BKjxDiVEY/s8qQ==,iv:1uHR0cQWtHKMjrksv3Ca8a0WXGjEYyL8i49p7byowgI=,tag:cPfvdUZEc3Knl/96a95YcQ==,type:comment]
admin: ENC[AES256_GCM,data:Vf0ifIVw2Gb7D82hV5NshMBc16iPGhAI6w==,iv:FCErCWQy0o05Lca99wEVD2zsBaeoz07cEE7LN016RPY=,tag:1FmYeCVtrQ7pbRWK0xi9Nw==,type:str]
#ENC[AES256_GCM,data:UZTYttb0,iv:UCl9NqBBmbx2Xc9Mp6F0eYdou5j3ilURktebyzt+8oI=,tag:FskxbRkglVV5skDkkPpYbQ==,type:comment]
mpdpass: ENC[AES256_GCM,data:p02pZ3UcdNzOAUSmEv7Wev2v1S9YHGjsKg==,iv:RbHweYXoZxzXnqyuQ1KdDzIa6DQ51pJFMDBU1FtV8hY=,tag:ELYrwJIQ9Fb1umRFWQFLYw==,type:str]
#ENC[AES256_GCM,data:i1BGUWvgc+AA,iv:Aup4uePzlxOwezUEtyTph4DzwdiwDc8Hwq32XTxUUSc=,tag:1uQECSYDywmdILQkfGa2PA==,type:comment]
username: ENC[AES256_GCM,data:p6wbQE+rhS1PraUmmpGto6elI9/U,iv:F4VzjKR/CN+0T+XpDXng2wxUYPxb87icbIxLfcTk9Rw=,tag:EugOqjCTRh7G0+zqfBdpsA==,type:str]
password: ENC[AES256_GCM,data:NxTgoinhLhp5UeE=,iv:jABO/Ba7Xcu9ET+e1XRsv//E8ocPfysyXhTsBtKn5gM=,tag:IbSXy0ukZTtuAXkNDvXOBg==,type:str]
#ENC[AES256_GCM,data:pld5tGw=,iv:yxLnXS6u7np8EdLyxN3715iTbgFCXZCs/Qv5dp02+w8=,tag:NHWnS5B8r/s7H7XaPwapYQ==,type:comment]
swarsel: ENC[AES256_GCM,data:c2i+AX3bIJQY79w=,iv:lV5KcB8oyDfTbxwd82XXpg07Y2ED8AELEe2T5VsoWmw=,tag:Q2z96v9LDfaOE9JjMK6sVA==,type:str]
dnstokenfull: ENC[AES256_GCM,data:Iz8eqkp0SH2VVoRBD2SB/Mr4YX2jhMongXJtqpDeByBchUpiB6OCyQ==,iv:RyMexxqMsN91u64ECIYqEeIDLya5g+aBmEHUzhR5bc0=,tag:FjKvXc/beCHDwLGJaLvJbQ==,type:str]
#ENC[AES256_GCM,data:rw9MQnHkYu2GoXGnkQ==,iv:h+u0N22iQxpYBg8gRHWMIZOpHojqEUVlNeisxnMFjxk=,tag:ePExc3oM+7/bYlVjiG9fCQ==,type:comment]
vpnuser: ENC[AES256_GCM,data:fhil3oK+hlI=,iv:b00PdVaC0ocTmf2/pNZIWMqBJqPQHB4ceePntuvUXPE=,tag:y+6YOUAuV2qbya8U2CGSVQ==,type:str]
rpcuser: ENC[AES256_GCM,data:+/IbZRCBwA==,iv:C5fvCOWaoJZBvntAWQpcTkPwgerepkdfoyMnjY510vk=,tag:UM2BEdu6PWX3YaHBbnIPRA==,type:str]
vpnpass: ENC[AES256_GCM,data:VWO6Ke+n0Dgu1Q==,iv:b1f/5d9A270ltSVpsCBNqDv7EKVNnAAi+pLH+8iC9gc=,tag:LQMM7ObT288b4fj4Qx6Acg==,type:str]
rpcpass: ENC[AES256_GCM,data:gH3iP8FkZUcgNeJb1VaQxeKpcdGVbQHv,iv:tc5FJPuqOqq7yNWRfcnQMnmxoqIshqusK10NWzFX5rk=,tag:FGGfzxyAlmd528pdy9zI2Q==,type:str]
vpnprot: ENC[AES256_GCM,data:eL3o,iv:Bn8uWbtBhU0sEqK8hlJNNV7oDVegYIHq9D+ajkfUs0Y=,tag:JQIzjzEwZaMQd3pzUosP5Q==,type:str]
vpnloc: ENC[AES256_GCM,data:51m9DRTL1XG4bEZd9uvDwEwJoYvukESvzRQK,iv:beA4JrDDCjlBmBRhfxuIof2ji4pn7c9Hd0yvYv9HQbQ=,tag:dJsEGPBGW11NVBEwFliL0Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1d4ywpqztawcw0eswn42udt4hhcktdcrm54v9kmt3uspkwkz8e52qx7d5aa
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBORm5RRUFzR1UvM2JaYzh0
Q295ZERnL3FLUnNpUFp0Q3NQdURBWm8weFhZCmhMeEdneVJnMTdzYmhmeElqNDF4
bGVrYWUvaE9WUHVzbi8wRXhOZlloQ0UKLS0tIDhqS0oveDNLOUlKUEFIR0l2Q1Ux
NHBWQ1RNMDdETlBsQnhOL2ZKQkpwSFUK9MP4tsiOWT4UHvma5MT4BLMp+tiBhkRk
IX4ZHQdX0/VX0ZXPUpSNvh3eZdxpiAoeNgizdXIVRIucxLKVGDSv5Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-18T12:26:46Z"
mac: ENC[AES256_GCM,data:sJkHpgOfITJtmwncNOtGTDQ0s7FgyvFobQLcwD4dNWsTqzRX1Nt18BtjNDA738HzmX7hVmNhrsDh0QWTG4deQBKclIAoCl1zkHAo1wNSr1Y4DSzsozkipwHr5YiRAPC3ooma6xldczcSyOMt8WsszcQOH/n/UT7CZ6cT1H+2SHk=,iv:RMtmH7gMbqZ3BxxDzkM0G6g2qqKaylsAOc27qhdHIeU=,tag:3+93K3I6+rsPcfk8XUcXHw==,type:str]
pgp:
- created_at: "2024-03-18T12:26:37Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMAwDh3VI7VctTAQ/8CyoPvPi1mJLa55u3Vjd5HK7satqVXeXYzXmub6he7tn4
sAg0zj6t4UGAbKLGwUf3rRMYWYXebcmcbSq8zbPUUcvbZBg6MPH45yADUN9T6YXV
y3efHyeo6BYmkLbtsTGdbai2yzIEuQgOiHQ+i7Da1XnYy5JA3uFHtFJrP0pLXZyN
qRWDnPmPW1UPNaIL60f22MaxxqPwbZk0p1cRpzqYqFmu4OHZeC1CWRPbGlG9sj9T
AaHqabNQJxMDT1tJkkATrIJRs5SM1xmiPnbmjx/EZcMdMShiBhhxUBdNYafOJ8gh
nI2io7ZoRy5guJSkmmcMEvprNUyYS8AFXkJ2HEXkdv4NtkEyz9FTfL0obeoLay4s
4kYJ+CmLgg6KUa75Q97/c5k4jBNrL6thamU+AZ3cVwMJZOx7yjXxixw/dL8JNSt3
aFqFqGoDSpCUGmNvLTJrDy6qmewkUe2Yel4EGdKRkutg4vPUhmurmeJUetv87Irx
Y3wMtJEcSS96ac1sGK0LXuwMyUw4TON2zuwVE/uh1SaEUaH4ufFHM414OLVZCVGE
4EFV4w2prch6jdWVJBcAwtnUYe7GCH4YZHhIt0dI37NFT/wufVkp/6I9QChshr1b
wcvYXVGHC9V2lSu7umCioxumWH4tJTvaJIrUZEi/2FBhCQx9NdeQge+qdBrIEmaF
AgwDC9FRLmchgYQBD/92RhlR4RazIKoCBGXB7IfdYXZRsVcj6NI9YijDzVtR82ok
dbwMqYNUvRhO1klVoSF/PBA1RF/B8kUHLuCgpsaJPPUicbqBT9ObQnEVuKfMRIcs
6iOeGtNcrMQCQxGLufLQB4nVzi4IBhD6elOXwr/5zM2BONbuz41v9L00lBHxg96C
+NFMT+r2JNmKA32CX5c/BqYtQRJj+G3v//40LOfViNWb49EVmAlaMJ/pA0ogNUW4
SvyQBTNAuu7qz60to9oZPt+p4GhjiXUUemWZrZCMrwCLJlQoaQfgR9K+/z5Im1y8
Cf2omf8heXOHDBOsVtCRwD9dR5Y+04FsH4SWJsseZa5pBSkFk6DFJ5+ZaO9i7OQ2
BybxP3Ncb6VF7C5zTYHVCvSu0P5A7l1bdF3aOHXwlvumvqhDtiMNA5rQMeFKlXMe
peNdgiZUXk89UV+vaHxawpKglRIdygBr2eZhEFa1mO5PjHTOZpjGUWyjnIo+3szz
Cd3JVUOLo2V07ywWqnsKLPhWLO1h3dxxg7wkuU0c5MlaQnSeq+vDRd4Qj0k9ZnSW
6CbIGyU7pP/BsZbYbb5bH2M8ps+KoLzoA/DhG1x/7D3Si1EBKsBRghMNsP3dMvuK
XABLd9pf+AXcJUEmvT/7G81BXRtvLOqtqFkNX76xP9YwV0EX5CywcyYke2X37dJe
Adj3bM7CbKLpzK8S0K/jO5NvUN9AA4JjGPtXoL7tenhOx3XwBhGiiaI40yoV8ylp
Pl1Xb4qYmS4QcHcskxykVvNjvUWJABJpP8MUCWmUlcvikfo6pnlexlDkiPdfDQ==
=gt6V
-----END PGP MESSAGE-----
fp: 4BE7925262289B476DBBC17B76FD3810215AE097
unencrypted_suffix: _unencrypted
version: 3.8.1

18
templates/other_flake.nix Normal file
View file

@ -0,0 +1,18 @@
{
description = "General Flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = {nixpkgs, ...}: let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in {
devShells.${system}.default = pkgs.mkShell {
packages = with pkgs; [
# fill here
];
};
};
}