swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: code cleanup

Browse source
This commit is contained in:
Swarsel 2024-07-18 23:12:04 +02:00
parent bb59145f85
commit 3eecea6503
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
42 changed files with 4232 additions and 4479 deletions
Download patch file Download diff file Expand all files Collapse all files

3366
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

71
flake.nix
View file

@ -3,93 +3,90 @@
inputs = { inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixos-unstable; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = github:NixOS/nixpkgs/nixos-24.05; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
# user-level configuration # user-level configuration
home-manager = { home-manager = {
url = github:nix-community/home-manager; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# overlay to access bleeding edge emacs # overlay to access bleeding edge emacs
emacs-overlay = { emacs-overlay = {
url = github:nix-community/emacs-overlay; url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# nix user repository # nix user repository
# i use this mainly to not have to build all firefox extensions # i use this mainly to not have to build all firefox extensions
# myself as well as for the emacs-init package (tbd) # myself as well as for the emacs-init package (tbd)
nur.url = github:nix-community/NUR; nur.url = "github:nix-community/NUR";
# provides GL to non-NixOS hosts # provides GL to non-NixOS hosts
nixgl.url = github:guibou/nixGL; nixgl.url = "github:guibou/nixGL";
# manages all theming using Home-Manager # manages all theming using Home-Manager
stylix.url = github:danth/stylix; stylix.url = "github:danth/stylix";
# nix secrets management # nix secrets management
sops-nix.url = github:Mic92/sops-nix; sops-nix.url = "github:Mic92/sops-nix";
# enable secure boot on NixOS # enable secure boot on NixOS
lanzaboote.url = github:nix-community/lanzaboote; lanzaboote.url = "github:nix-community/lanzaboote";
# nix for android # nix for android
nix-on-droid = { nix-on-droid = {
url = github:t184256/nix-on-droid/release-23.05; url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# generate NixOS images # generate NixOS images
nixos-generators = { nixos-generators = {
url = github:nix-community/nixos-generators; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# patches for gaming on nix # patches for gaming on nix
nix-gaming = { nix-gaming = {
url = github:fufexan/nix-gaming; url = "github:fufexan/nix-gaming";
}; };
# hardware quirks on nix # hardware quirks on nix
nixos-hardware = { nixos-hardware = {
url = github:NixOS/nixos-hardware/master; url = "github:NixOS/nixos-hardware/master";
}; };
# dynamic library loading # dynamic library loading
nix-alien = { nix-alien = {
url = github:thiagokokada/nix-alien; url = "github:thiagokokada/nix-alien";
}; };
# automatic nintendo switch payload injection # automatic nintendo switch payload injection
nswitch-rcm-nix = { nswitch-rcm-nix = {
url = github:Swarsel/nswitch-rcm-nix; url = "github:Swarsel/nswitch-rcm-nix";
}; };
}; };
outputs = inputs@{ outputs = inputs@{
self,
nixpkgs, nixpkgs,
nixpkgs-stable, nixpkgs-stable,
home-manager, home-manager,
nix-on-droid, nix-on-droid,
nixos-generators, emacs-overlay,
emacs-overlay, nur,
nur, nixgl,
nixgl, stylix,
stylix, sops-nix,
sops-nix, lanzaboote,
lanzaboote, nixos-hardware,
nix-gaming, nix-alien,
nixos-hardware, nswitch-rcm-nix,
nix-alien,
nswitch-rcm-nix,
... ...
}: let }: let
system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment system = "x86_64-linux"; # not very portable, but I do not use other architectures at the moment
@ -106,16 +103,6 @@
config.allowUnfree = true; config.allowUnfree = true;
}; };
# for ovm arm hosts
armpkgs = import nixpkgs { system = "aarch64-linux";
overlays = [ emacs-overlay.overlay
nur.overlay
nixgl.overlay
];
config.allowUnfree = true;
};
# NixOS modules that can only be used on NixOS systems # NixOS modules that can only be used on NixOS systems
nixModules = [ stylix.nixosModules.stylix nixModules = [ stylix.nixosModules.stylix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops

2785
index.html
View file

File diff suppressed because it is too large Load diff

4
profiles/TEMPLATE/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -118,7 +118,7 @@
}; };
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
# TEMPLATE # TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";

4
profiles/TEMPLATE/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { pkgs, ... }:
{ {
@ -67,7 +67,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };

207
profiles/common/home.nix
View file

@ -155,15 +155,15 @@
noto-fonts-cjk-sans noto-fonts-cjk-sans
# cura # cura
(let cura5 = appimageTools.wrapType2 rec { (let cura5 = appimageTools.wrapType2 rec {
name = "cura5"; name = "cura5";
version = "5.4.0"; version = "5.4.0";
src = fetchurl { src = fetchurl {
url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage"; url = "https://github.com/Ultimaker/Cura/releases/download/${version}/UltiMaker-Cura-${version}-linux-modern.AppImage";
hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74="; hash = "sha256-QVv7Wkfo082PH6n6rpsB79st2xK2+Np9ivBg/PYZd74=";
}; };
extraPkgs = pkgs: with pkgs; [ ]; extraPkgs = pkgs: with pkgs; [ ];
}; in writeScriptBin "cura" '' }; in writeScriptBin "cura" ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
# AppImage version of Cura loses current working directory and treats all paths relateive to $HOME. # AppImage version of Cura loses current working directory and treats all paths relateive to $HOME.
# So we convert each of the files passed as argument to an absolute path. # So we convert each of the files passed as argument to an absolute path.
@ -178,15 +178,15 @@
exec "${cura5}/bin/cura5" "''${args[@]}" exec "${cura5}/bin/cura5" "''${args[@]}"
'') '')
#E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state #E: hides scratchpad depending on state, calls emacsclient for edit and then restores the scratchpad state
(pkgs.writeShellScriptBin "e" '' (pkgs.writeShellScriptBin "e" ''
bash ~/.dotfiles/scripts/editor_nowait.sh "$@" bash ~/.dotfiles/scripts/editor_nowait.sh "$@"
'') '')
(pkgs.writeShellScriptBin "timer" '' (pkgs.writeShellScriptBin "timer" ''
sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done; sleep "$1"; while true; do spd-say "$2"; sleep 0.5; done;
'') '')
(pkgs.writeScriptBin "project" '' (pkgs.writeScriptBin "project" ''
#! ${pkgs.bash}/bin/bash #! ${pkgs.bash}/bin/bash
if [ "$1" == "rust" ]; then if [ "$1" == "rust" ]; then
cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix cp ~/.dotfiles/templates/rust_flake.nix ./flake.nix
@ -214,10 +214,10 @@
direnv allow direnv allow
'') '')
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "pass-fuzzel"; name = "pass-fuzzel";
runtimeInputs = [ pkgs.pass pkgs.fuzzel ]; runtimeInputs = [ pkgs.pass pkgs.fuzzel ];
text = '' text = ''
shopt -s nullglob globstar shopt -s nullglob globstar
typeit=0 typeit=0
@ -243,12 +243,12 @@
fi fi
notify-send -u critical -a pass -t 1000 "Copied/Typed Password" notify-send -u critical -a pass -t 1000 "Copied/Typed Password"
''; '';
}) })
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "pass-fuzzel-otp"; name = "pass-fuzzel-otp";
runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))]; runtimeInputs = [ pkgs.fuzzel (pkgs.pass.withExtensions (exts: [exts.pass-otp]))];
text = '' text = ''
shopt -s nullglob globstar shopt -s nullglob globstar
typeit=0 typeit=0
@ -274,42 +274,44 @@
fi fi
notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword" notify-send -u critical -a pass -t 1000 "Copied/Typed OTPassword"
''; '';
}) })
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "cdw"; name = "cdw";
runtimeInputs = [ pkgs.fzf ]; runtimeInputs = [ pkgs.fzf ];
text = '' text = ''
cd "$(git worktree list | fzf | awk '{print $1}')" cd "$(git worktree list | fzf | awk '{print $1}')"
''; '';
}) })
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "cdb"; name = "cdb";
runtimeInputs = [ pkgs.fzf ]; runtimeInputs = [ pkgs.fzf ];
text = '' text = ''
git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')" git checkout "$(git branch --list | grep -v "^\*" | fzf | awk '{print $1}')"
''; '';
}) })
(pkgs.writeShellApplication { (pkgs.writeShellApplication {
name = "bak"; name = "bak";
text = '' text = ''
cp "$1"{,.bak} cp "$1"{,.bak}
''; '';
}) })
]; ];
sops.defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; sops = {
sops.validateSopsFiles = false; defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
# since we are using the home-manager implementation, we need to specify the runtime path for each secret secrets = {
sops.secrets.mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";}; mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
sops.secrets.nautilus = {path = "/run/user/1000/secrets/nautilus";}; nautilus = {path = "/run/user/1000/secrets/nautilus";};
sops.secrets.leon = {path = "/run/user/1000/secrets/leon";}; leon = {path = "/run/user/1000/secrets/leon";};
sops.secrets.swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
sops.secrets.caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
};
};
programs.ssh= { programs.ssh= {
enable = true; enable = true;
@ -512,28 +514,29 @@ home.file = {
xdg.configFile = { xdg.configFile = {
"tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc; "tridactyl/tridactylrc".source = ../../programs/firefox/tridactyl/tridactylrc;
"tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css; "tridactyl/themes/base16-codeschool.css".source = ../../programs/firefox/tridactyl/themes/base16-codeschool.css;
}; };
home.sessionVariables = { home.sessionVariables = {
EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
}; };
# zsh Integration is enabled by default for these programs = {
programs.bottom.enable = true; bottom.enable = true;
programs.imv.enable = true; imv.enable = true;
programs.sioyek.enable = true; sioyek.enable = true;
programs.bat.enable = true; bat.enable = true;
programs.carapace.enable = true; carapace.enable = true;
programs.wlogout.enable = true; wlogout.enable = true;
programs.swayr.enable = true; swayr.enable = true;
programs.yt-dlp.enable = true; yt-dlp.enable = true;
programs.mpv.enable = true; mpv.enable = true;
programs.jq.enable = true; jq.enable = true;
programs.nix-index.enable = true; nix-index.enable = true;
programs.ripgrep.enable = true; ripgrep.enable = true;
programs.pandoc.enable = true; pandoc.enable = true;
programs.fzf.enable = true; fzf.enable = true;
programs.zoxide.enable = true; zoxide.enable = true;
};
programs.password-store = { programs.password-store = {
enable = true; enable = true;
@ -543,7 +546,7 @@ programs.password-store = {
programs.direnv = { programs.direnv = {
enable = true; enable = true;
nix-direnv.enable = true; nix-direnv.enable = true;
}; };
programs.eza = { programs.eza = {
enable = true; enable = true;
@ -836,7 +839,7 @@ accounts.email = {
}; };
mbsync = { mbsync = {
enable = false; enable = false;
}; };
}; };
accounts.nautilus = { accounts.nautilus = {
@ -913,7 +916,7 @@ programs.emacs = {
# build the rest of the packages myself # build the rest of the packages myself
# org-calfw is severely outdated on MELPA and throws many warnings on emacs startup # org-calfw is severely outdated on MELPA and throws many warnings on emacs startup
# build the package from the haji-ali fork, which is well-maintained # build the package from the haji-ali fork, which is well-maintained
(epkgs.trivialBuild rec { (epkgs.trivialBuild rec {
pname = "calfw"; pname = "calfw";
version = "1.0.0-20231002"; version = "1.0.0-20231002";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
@ -925,7 +928,7 @@ programs.emacs = {
packageRequires = [ epkgs.howm ]; packageRequires = [ epkgs.howm ];
}) })
(epkgs.trivialBuild rec { (epkgs.trivialBuild rec {
pname = "fast-scroll"; pname = "fast-scroll";
version = "1.0.0-20191016"; version = "1.0.0-20191016";
src = pkgs.fetchFromGitHub { src = pkgs.fetchFromGitHub {
@ -1142,19 +1145,19 @@ programs.firefox = {
]; ];
}; };
policies = { policies = {
CaptivePortal = false; CaptivePortal = false;
DisableFirefoxStudies = true; DisableFirefoxStudies = true;
DisablePocket = true; DisablePocket = true;
DisableTelemetry = true; DisableTelemetry = true;
DisableFirefoxAccounts = false; DisableFirefoxAccounts = false;
NoDefaultBookmarks = true; NoDefaultBookmarks = true;
OfferToSaveLogins = false; OfferToSaveLogins = false;
OfferToSaveLoginsDefault = false; OfferToSaveLoginsDefault = false;
EnableTrackingProtection = true; EnableTrackingProtection = true;
}; };
profiles.default = { profiles.default = {
isDefault = true; isDefault = true;
userChrome = (builtins.readFile ../../programs/firefox/chrome/userChrome.css); userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
browserpass browserpass
@ -1172,42 +1175,10 @@ programs.firefox = {
widegithub widegithub
enhanced-github enhanced-github
unpaywall unpaywall
# fastforwardteam
don-t-fuck-with-paste don-t-fuck-with-paste
plasma-integration plasma-integration
# (let version = "3.4.5.0";
# in buildFirefoxXpiAddon {
# pname = "bypass-paywalls-clean";
# inherit version;
# addonId = "magnolia@12.34";
# url =
# "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.4.5.0.xpi";
# sha256 = "703d30c15b88291bd0305cc59013693aea5f75a40ea98fb8e252d1c7bfb43514";
# meta = with lib; {
# homepage =
# "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean";
# description = "Bypass Paywalls of (custom) news sites";
# license = licenses.mit;
# platforms = platforms.all;
# };
# })
(buildFirefoxXpiAddon {
pname = ":emoji:";
version = "0.1.3";
addonId = "gonelf@gmail.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3365324/emojidots-0.1.3.xpi";
sha256 = "4f7cc25c478fe52eb82f37c9ff4978dcaa3f95020398c5b184e517f6efa2c201";
meta = with lib;
{
description = "emoji autocomplete anywhere on the internet";
mozPermissions = [ "https://gist.githubusercontent.com/gonelf/d8ae3ccb7902b501c4a5dd625d4089da/raw/5eeda197ba92f8c8139e846a1225d5640077e06f/emoji_pretty.json" "tabs" "storage"];
platforms = platforms.all;
};
})
]; ];
search.engines = { search.engines = {
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [{
@ -1317,9 +1288,10 @@ wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false; # delete this line once SwayFX is fixed upstream checkConfig = false; # delete this line once SwayFX is fixed upstream
package = pkgs.swayfx; package = pkgs.swayfx;
# package = pkgs.sway; systemd = {
systemd.enable = true; enable = true;
systemd.xdgAutostart = true; xdgAutostart = true;
};
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
config = rec { config = rec {
modifier = "Mod4"; modifier = "Mod4";
@ -1327,7 +1299,7 @@ wayland.windowManager.sway = {
menu = "fuzzel"; menu = "fuzzel";
bars = [{ command = "waybar";}]; bars = [{ command = "waybar";}];
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+q" = "kill"; "${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox"; "${modifier}+f" = "exec firefox";
@ -1490,7 +1462,7 @@ wayland.windowManager.sway = {
# criteria = { # criteria = {
# app_id="^$"; # app_id="^$";
# class="^$"; # class="^$";
# }; # };
# } # }
{ {
@ -1539,7 +1511,7 @@ wayland.windowManager.sway = {
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# "; # ";
extraConfig =let extraConfig =let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = " swayfxSettings = "
blur enable blur enable
blur_xray disable blur_xray disable
@ -1550,7 +1522,6 @@ wayland.windowManager.sway = {
titlebar_separator disable titlebar_separator disable
default_dim_inactive 0.02 default_dim_inactive 0.02
"; ";
swayfxSettingsOff = "";
in " in "
exec_always autotiling exec_always autotiling
set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"

131
profiles/common/nixos.nix
View file

@ -1,31 +1,35 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
{ {
home-manager = {
home-manager.useGlobalPkgs = true; useGlobalPkgs = true;
home-manager.useUserPackages = true; useUserPackages = true;
};
services.xserver = { services.xserver = {
xkb.layout = "us"; xkb = {
xkb.variant = "altgr-intl"; layout = "us";
variant = "altgr-intl";
};
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
users.mutableUsers = false; users.mutableUsers = false;
# use ozone for wayland - chromium apps environment = {
environment.sessionVariables.NIXOS_OZONE_WL = "1"; wordlist.enable = true;
sessionVariables = {
# wordlist for look NIXOS_OZONE_WL = "1";
environment.wordlist.enable = true; GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
# gstreamer plugins for nautilus (used for file metadata) gst-plugins-good
environment.sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [ gst-plugins-bad
gst-plugins-good gst-plugins-ugly
gst-plugins-bad gst-libav
gst-plugins-ugly ]);
gst-libav };
]); };
# gstreamer plugins for nautilus (used for file metadata)
time.hardwareClockInLocalTime = true; time.hardwareClockInLocalTime = true;
@ -47,27 +51,31 @@ nix.optimise = {
}; };
# systemd # systemd
systemd.extraConfig = '' systemd.extraConfig = ''
DefaultTimeoutStartSec=60s DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s DefaultTimeoutStopSec=15s
''; '';
hardware.graphics = { hardware = {
enable = true; graphics = {
enable32Bit = true; enable = true;
}; enable32Bit = true;
};
hardware.pulseaudio= { pulseaudio= {
enable = true; enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
hardware.enableAllFirmware = true; enableAllFirmware = true;
hardware.bluetooth.powerOnBoot = true; bluetooth = {
hardware.bluetooth.settings = { powerOnBoot = true;
General = { settings = {
Enable = "Source,Sink,Media,Socket"; General = {
Enable = "Source,Sink,Media,Socket";
};
};
}; };
}; };
@ -278,17 +286,19 @@ systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.servic
time.timeZone = "Europe/Vienna"; time.timeZone = "Europe/Vienna";
i18n.defaultLocale = "en_US.UTF-8"; i18n = {
i18n.extraLocaleSettings = { defaultLocale = "en_US.UTF-8";
LC_ADDRESS = "de_AT.UTF-8"; extraLocaleSettings = {
LC_IDENTIFICATION = "de_AT.UTF-8"; LC_ADDRESS = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8"; LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8"; LC_MEASUREMENT = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8"; LC_MONETARY = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8"; LC_NAME = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8"; LC_NUMERIC = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8"; LC_PAPER = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8"; LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
}; };
sops = { sops = {
@ -400,17 +410,16 @@ environment.systemPackages = with pkgs; [
]; ];
programs.dconf.enable = true; programs = {
programs.evince.enable = true; dconf.enable = true;
programs.kdeconnect.enable = true; evince.enable = true;
kdeconnect.enable = true;
};
# zsh section, do not delete ------
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
# ---------------------------------
services.blueman.enable = true; services.blueman.enable = true;
@ -421,24 +430,26 @@ hardware.sane = {
}; };
# enable discovery and usage of network devices (esp. printers) # enable discovery and usage of network devices (esp. printers)
services.printing.enable = true; services.printing = {
services.printing.drivers = [ enable = true;
drivers = [
pkgs.gutenprint pkgs.gutenprint
pkgs.gutenprintBin pkgs.gutenprintBin
]; ];
services.printing.browsedConf = '' browsedConf = ''
BrowseDNSSDSubTypes _cups,_print BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all BrowseLocalProtocols all
BrowseRemoteProtocols all BrowseRemoteProtocols all
CreateIPPPrinterQueues All CreateIPPPrinterQueues All
BrowseProtocols all BrowseProtocols all
''; '';
services.avahi = { };
enable = true;
nssmdns4 = true; services.avahi = {
openFirewall = true; enable = true;
}; nssmdns4 = true;
openFirewall = true;
};
services.gvfs.enable = true; services.gvfs.enable = true;
@ -473,10 +484,6 @@ services.pcscd.enable = true;
hardware.ledger.enable = true; hardware.ledger.enable = true;
# environment.systemPackages = with pkgs; [
# --- IN SYSTEM PACKAGES SECTION ---
# ];
services.udev.packages = with pkgs; [ services.udev.packages = with pkgs; [
yubikey-personalization yubikey-personalization
ledger-udev-rules ledger-udev-rules

2
profiles/fourside/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

4
profiles/fourside/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -97,7 +97,7 @@
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessUp" = "exec brightnessctl set +5%";

8
profiles/fourside/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, pkgs, ... }:
{ {
@ -94,7 +94,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };
@ -143,10 +143,10 @@
services.nswitch-rcm = { services.nswitch-rcm = {
enable = true; enable = true;
package = (pkgs.fetchurl { package = pkgs.fetchurl {
url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
}); };
}; };
users.users.swarsel = { users.users.swarsel = {

2
profiles/mysticant/configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { pkgs, ... }:
{ {
environment.packages = with pkgs; [ environment.packages = with pkgs; [

181
profiles/remote/oracle/matrix/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let { config, pkgs, sops, ... }: let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
in { in {
@ -23,13 +23,42 @@ in {
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
sops.secrets.dnstokenfull = {owner="acme";}; validateSopsFiles = false;
sops.templates."certs.secret".content = '' secrets = {
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} dnstokenfull = {owner="acme";};
''; matrixsharedsecret = {owner="matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";};
};
templates = {
"certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
mautrixtelegram = {
owner = "matrix-synapse";
content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
};
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
};
};
};
documentation = { documentation = {
enable = false; enable = false;
@ -59,8 +88,8 @@ in {
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://localhost:8008"; proxyPass = "http://localhost:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
}; };
}; };
@ -69,18 +98,19 @@ in {
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = false; zramSwap.enable = false;
networking.hostName = "swatrix"; networking = {
networking.enableIPv6 = false; hostName = "swatrix";
# networking.domain = "subnet03112148.vcn03112148.oraclevcn.com"; enableIPv6 = false;
networking.domain = "swarsel.win"; domain = "swarsel.win";
networking.firewall.extraCommands = '' firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
''; '';
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -97,55 +127,31 @@ in {
boot.loader.grub.device = "nodev"; boot.loader.grub.device = "nodev";
sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; services.postgresql = {
sops.templates."matrix_user_register.sh".content = '' enable = true;
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 initialScript = pkgs.writeText "synapse-init.sql" ''
''; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
sops.templates.matrixshared.owner = "matrix-synapse"; CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
sops.templates.matrixshared.content = '' TEMPLATE template0
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} LC_COLLATE = "C"
''; LC_CTYPE = "C";
sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; TEMPLATE template0
sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; LC_COLLATE = "C"
sops.templates.mautrixtelegram.owner = "matrix-synapse"; LC_CTYPE = "C";
sops.templates.mautrixtelegram.content = '' CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} TEMPLATE template0
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} LC_COLLATE = "C"
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} LC_CTYPE = "C";
''; CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; TEMPLATE template0
# sops.templates.mautrixwhatsapp.content = '' LC_COLLATE = "C"
# MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} LC_CTYPE = "C";
# ''; '';
};
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.matrix-synapse = { services.matrix-synapse = {
settings.app_service_config_files = [ settings.app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml"
@ -154,12 +160,11 @@ in {
"/var/lib/matrix-synapse/doublepuppet.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml"
]; ];
enable = true; enable = true;
settings.server_name = matrixDomain; settings = {
settings.public_baseurl = "https://${matrixDomain}"; server_name = matrixDomain;
extraConfigFiles = [ public_baseurl = "https://${matrixDomain}";
config.sops.templates.matrixshared.path };
]; listeners = [
settings.listeners = [
{ port = 8008; { port = 8008;
bind_addresses = [ "0.0.0.0" ]; bind_addresses = [ "0.0.0.0" ];
type = "http"; type = "http";
@ -173,6 +178,9 @@ in {
]; ];
} }
]; ];
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
}; };
services.mautrix-telegram = { services.mautrix-telegram = {
@ -196,9 +204,6 @@ in {
database = "postgresql:///mautrix-telegram?host=/run/postgresql"; database = "postgresql:///mautrix-telegram?host=/run/postgresql";
}; };
bridge = { bridge = {
# login_shared_secret_map = {
# matrixDomain = "as_token:doublepuppet";
# };
relaybot.authless_portals = true; relaybot.authless_portals = true;
allow_avatar_remove = true; allow_avatar_remove = true;
allow_contact_info = true; allow_contact_info = true;
@ -211,12 +216,6 @@ in {
"*" = "relaybot"; "*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin"; "@swarsel:${matrixDomain}" = "admin";
}; };
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = { animated_sticker = {
target = "gif"; target = "gif";
args = { args = {
@ -236,7 +235,6 @@ in {
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -284,7 +282,6 @@ in {
services.mautrix-signal = { services.mautrix-signal = {
enable = true; enable = true;
registerToSynapse = false; # this has the same effect as registering to app_service_config_file above registerToSynapse = false; # this has the same effect as registering to app_service_config_file above
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -328,10 +325,10 @@ in {
systemd.services."restart-bridges" = { systemd.services."restart-bridges" = {
script = '' script = ''
systemctl restart mautrix-whatsapp.service systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service systemctl restart mautrix-telegram.service
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";

2
profiles/remote/oracle/sync/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

100
profiles/remote/oracle/sync/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
@ -18,14 +18,16 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
sops.secrets.swarsel = { owner = "root";}; validateSopsFiles = false;
sops.secrets.dnstokenfull = {owner="acme";}; secrets.swarsel = { owner = "root";};
sops.templates."certs.secret".content = '' secrets.dnstokenfull = {owner="acme";};
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} templates."certs.secret".content = ''
''; CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -51,57 +53,59 @@
"/" = { "/" = {
proxyPass = "http://localhost:27701"; proxyPass = "http://localhost:27701";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
}; };
}; };
"sync.swarsel.win" = { "sync.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://localhost:8384/"; proxyPass = "http://localhost:8384/";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
};
}; };
}; };
};
"swagit.swarsel.win" = { "swagit.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://localhost:3000"; proxyPass = "http://localhost:3000";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
};
}; };
}; };
};
}; };
}; };
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = false; zramSwap.enable = false;
networking.hostName = "sync"; networking = {
networking.enableIPv6 = false; hostName = "sync";
networking.domain = "subnet03112148.vcn03112148.oraclevcn.com"; enableIPv6 = false;
networking.firewall.extraCommands = '' domain = "subnet03112148.vcn03112148.oraclevcn.com";
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
''; iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
'';
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -125,8 +129,8 @@
openFirewall = true; openFirewall = true;
users = [ users = [
{ {
username = "Swarsel"; username = "Swarsel";
passwordFile = config.sops.secrets.swarsel.path; passwordFile = config.sops.secrets.swarsel.path;
} }
]; ];
}; };

2
profiles/sandbox/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

2
profiles/sandbox/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let { config, pkgs, unstable, sops, ... }: let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
in { in {

64
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,37 +1,41 @@
{ pkgs, modulesPath, ... }: { pkgs, modulesPath, ... }:
{ {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
ssh-to-age ssh-to-age
]; ];
services.xserver = { services.xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC.manageNetwork = true; # manage network myself proxmoxLXC = {
proxmoxLXC.manageHostName = false; # manage hostname myself manageNetwork = true; # manage network myself
networking.hostName = "TEMPLATE"; # Define your hostname. manageHostName = false; # manage hostname myself
networking.useDHCP = true; };
networking.enableIPv6 = false; networking = {
networking.firewall.enable = false; hostName = "TEMPLATE"; # Define your hostname.
services.openssh = { useDHCP = true;
enable = true; enableIPv6 = false;
settings.PermitRootLogin = "yes"; firewall.enable = false;
}; };
users.users.root.openssh.authorizedKeys.keyFiles = [ services.openssh = {
../../../secrets/keys/authorized_keys enable = true;
]; settings.PermitRootLogin = "yes";
# users.users.root.password = "TEMPLATE"; };
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
} }

2
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

149
profiles/server1/calibre/nixos.nix
View file

@ -1,101 +1,70 @@
{ config, pkgs, modulesPath, ... }: { config, pkgs, modulesPath, ... }:
{ {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
ssh-to-age ssh-to-age
calibre calibre
]; ];
users.groups.lxc_shares = { users.groups.lxc_shares = {
gid = 10000; gid = 10000;
members = [ members = [
"kavita" "kavita"
"calibre-web" "calibre-web"
"root" "root"
]; ];
}; };
services.xserver = { services.xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
sops.secrets.kavita = { owner = "kavita";}; validateSopsFiles = false;
# sops.secrets.smbuser = { }; secrets.kavita = { owner = "kavita";};
# sops.secrets.smbpassword = { }; };
# sops.secrets.smbdomain = { }; proxmoxLXC = {
# sops.templates."smb.cred".content = '' manageNetwork = true; # manage network myself
# user=${config.sops.placeholder.smbuser} manageHostName = false; # manage hostname myself
# password=${config.sops.placeholder.smbpassword} };
# domain=${config.sops.placeholder.smbdomain} networking = {
# ''; hostName = "calibre"; # Define your hostname.
proxmoxLXC.manageNetwork = true; # manage network myself useDHCP = true;
proxmoxLXC.manageHostName = false; # manage hostname myself enableIPv6 = false;
networking.hostName = "calibre"; # Define your hostname. firewall.enable = false;
networking.useDHCP = true; };
networking.enableIPv6 = false; services.openssh = {
networking.firewall.enable = false; enable = true;
services.openssh = { settings.PermitRootLogin = "yes";
enable = true; };
settings.PermitRootLogin = "yes"; users.users.root.openssh.authorizedKeys.keyFiles = [
}; ../../../secrets/keys/authorized_keys
users.users.root.openssh.authorizedKeys.keyFiles = [ ];
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = { environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
# services.calibre-server = { }
# enable = true;
# user = "calibre-server";
# auth.enable = true;
# auth.userDb = "/srv/calibre/users.sqlite";
# libraries = [
# /media/Books/main
# /media/Books/diverse
# /media/Books/language
# /media/Books/science
# /media/Books/sport
# /media/Books/novels
# ];
# };
# services.calibre-web = {
# enable = true;
# user = "calibre-web";
# group = "calibre-web";
# listen.port = 8083;
# listen.ip = "0.0.0.0";
# options = {
# enableBookUploading = true;
# enableKepubify = true;
# enableBookConversion = true;
# };
# };
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}

2
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

44
profiles/server1/jellyfin/nixos.nix
View file

@ -31,16 +31,16 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
# sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; proxmoxLXC = {
# sops.defaultSopsFile = "/.dotfiles/secrets/jellyfin/secrets.yaml"; manageNetwork = true; # manage network myself
# sops.validateSopsFiles = false; manageHostName = false; # manage hostname myself
};
proxmoxLXC.manageNetwork = true; # manage network myself networking = {
proxmoxLXC.manageHostName = false; # manage hostname myself hostName = "jellyfin"; # Define your hostname.
networking.hostName = "jellyfin"; # Define your hostname. useDHCP = true;
networking.useDHCP = true; enableIPv6 = false;
networking.enableIPv6 = false; firewall.enable = false;
networking.firewall.enable = false; };
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -55,18 +55,18 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
}; };
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau vaapiVdpau
libvdpau-va-gl libvdpau-va-gl
]; ];
}; };
services.jellyfin = { services.jellyfin = {
enable = true; enable = true;

2
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

218
profiles/server1/matrix/nixos.nix
View file

@ -1,25 +1,35 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let { config, pkgs, modulesPath, sops, ... }: let
matrixDomain = "matrix2.swarsel.win"; matrixDomain = "matrix2.swarsel.win";
in { in {
services.xserver = { services = {
layout = "us"; xserver = {
xkbVariant = "altgr-intl"; layout = "us";
xkbVariant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself proxmoxLXC = {
networking.useDHCP = true; manageNetwork = true; # manage network myself
networking.enableIPv6 = false; manageHostName = false; # manage hostname myself
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
}; };
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -38,8 +48,10 @@ in {
# this module is hence not in the modules list, we add it ourselves # this module is hence not in the modules list, we add it ourselves
]; ];
networking.hostName = "matrix"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "matrix"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
@ -49,85 +61,94 @@ in {
ffmpeg ffmpeg
]; ];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; validateSopsFiles = false;
sops.templates."matrix_user_register.sh".content = '' secrets = {
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 matrixsharedsecret = {owner="matrix-synapse";};
''; mautrixtelegram_as = {owner="matrix-synapse";};
sops.templates.matrixshared.owner = "matrix-synapse"; mautrixtelegram_hs = {owner="matrix-synapse";};
sops.templates.matrixshared.content = '' mautrixtelegram_api_id = {owner="matrix-synapse";};
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} mautrixtelegram_api_hash = {owner="matrix-synapse";};
''; };
sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; templates = {
sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; "matrix_user_register.sh".content = ''
sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; '';
sops.templates.mautrixtelegram.owner = "matrix-synapse"; matrixshared = {
sops.templates.mautrixtelegram.content = '' owner = "matrix-synapse";
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} content = ''
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} '';
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} };
''; mautrixtelegram = {
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; owner = "matrix-synapse";
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; content = ''
# sops.templates.mautrixwhatsapp.content = '' MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
# MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared} MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
# ''; MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
};
};
};
services.postgresql.enable = true; services.postgresql = {
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' enable = true;
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
TEMPLATE template0 CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
LC_COLLATE = "C" TEMPLATE template0
LC_CTYPE = "C"; LC_COLLATE = "C"
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram'; LC_CTYPE = "C";
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram" CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
TEMPLATE template0 CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
LC_COLLATE = "C" TEMPLATE template0
LC_CTYPE = "C"; LC_COLLATE = "C"
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp'; LC_CTYPE = "C";
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp" CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
TEMPLATE template0 CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
LC_COLLATE = "C" TEMPLATE template0
LC_CTYPE = "C"; LC_COLLATE = "C"
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal'; LC_CTYPE = "C";
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal" CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
TEMPLATE template0 CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
LC_COLLATE = "C" TEMPLATE template0
LC_CTYPE = "C"; LC_COLLATE = "C"
''; LC_CTYPE = "C";
'';
};
services.matrix-synapse = { services.matrix-synapse = {
settings.app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
enable = true; enable = true;
settings.server_name = matrixDomain; settings = {
settings.public_baseurl = "https://${matrixDomain}"; app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml"
];
server_name = matrixDomain;
public_baseurl = "https://${matrixDomain}";
listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
};
extraConfigFiles = [ extraConfigFiles = [
config.sops.templates.matrixshared.path config.sops.templates.matrixshared.path
]; ];
settings.listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
compress = true;
}
];
}
];
}; };
services.mautrix-telegram = { services.mautrix-telegram = {
@ -151,9 +172,6 @@ in {
database = "postgresql:///mautrix-telegram?host=/run/postgresql"; database = "postgresql:///mautrix-telegram?host=/run/postgresql";
}; };
bridge = { bridge = {
# login_shared_secret_map = {
# matrixDomain = "as_token:doublepuppet";
# };
relaybot.authless_portals = true; relaybot.authless_portals = true;
allow_avatar_remove = true; allow_avatar_remove = true;
allow_contact_info = true; allow_contact_info = true;
@ -166,12 +184,6 @@ in {
"*" = "relaybot"; "*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin"; "@swarsel:${matrixDomain}" = "admin";
}; };
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = { animated_sticker = {
target = "gif"; target = "gif";
args = { args = {
@ -191,7 +203,6 @@ in {
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -238,7 +249,6 @@ in {
services.mautrix-signal = { services.mautrix-signal = {
enable = true; enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -282,10 +292,10 @@ in {
systemd.services."restart-bridges" = { systemd.services."restart-bridges" = {
script = '' script = ''
systemctl restart mautrix-whatsapp.service systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service systemctl restart mautrix-telegram.service
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";

2
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

222
profiles/server1/nginx/nixos.nix
View file

@ -20,19 +20,25 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
sops.secrets.dnstokenfull = {owner="acme";}; validateSopsFiles = false;
sops.templates."certs.secret".content = '' secrets.dnstokenfull = {owner="acme";};
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} templates."certs.secret".content = ''
''; CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
proxmoxLXC.manageNetwork = true; # manage network myself '';
proxmoxLXC.manageHostName = false; # manage hostname myself };
networking.hostName = "nginx"; # Define your hostname. proxmoxLXC = {
networking.useDHCP = true; manageNetwork = true; # manage network myself
networking.enableIPv6 = false; manageHostName = false; # manage hostname myself
networking.firewall.enable = false; };
networking = {
hostName = "nginx"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -72,11 +78,11 @@
"/" = { "/" = {
proxyPass = "https://192.168.1.5"; proxyPass = "https://192.168.1.5";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
# "/push/" = { # "/push/" = {
# proxyPass = "http://192.168.2.5:7867"; # proxyPass = "http://192.168.2.5:7867";
# }; # };
"/.well-known/carddav" = { "/.well-known/carddav" = {
return = "301 $scheme://$host/remote.php/dav"; return = "301 $scheme://$host/remote.php/dav";
@ -95,108 +101,104 @@
"~ ^(/_matrix|/_synapse/client)" = { "~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.23:8008"; proxyPass = "http://192.168.1.23:8008";
extraConfig = '' extraConfig = ''
client_max_body_size 0; client_max_body_size 0;
''; '';
}; };
}; };
}; };
"sound.swarsel.win" = { "sound.swarsel.win" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
acmeRoot = null; acmeRoot = null;
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://192.168.1.13:4040"; proxyPass = "http://192.168.1.13:4040";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = '' extraConfig = ''
proxy_redirect http:// https://; proxy_redirect http:// https://;
proxy_read_timeout 600s; proxy_read_timeout 600s;
proxy_send_timeout 600s; proxy_send_timeout 600s;
proxy_buffering off; proxy_buffering off;
proxy_request_buffering off; proxy_request_buffering off;
client_max_body_size 0; client_max_body_size 0;
''; '';
};
}; };
}; };
"scan.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.24:28981";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"screen.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.16:8096";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"matrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.20:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"blog.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.7";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
}; };
"scan.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.24:28981";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"screen.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.16:8096";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"matrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.20:8008";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"scroll.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
"blog.swarsel.win" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "https://192.168.1.7";
extraConfig = ''
client_max_body_size 0;
'';
};
};
};
}; };
};
} }

2
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

54
profiles/server1/paperless/nixos.nix
View file

@ -9,23 +9,33 @@
services.xserver = { services = {
layout = "us"; xserver = {
xkbVariant = "altgr-intl"; layout = "us";
xkbVariant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself proxmoxLXC = {
networking.useDHCP = true; manageNetwork = true; # manage network myself
networking.enableIPv6 = false; manageHostName = false; # manage hostname myself
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
}; };
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -52,13 +62,17 @@
ssh-to-age ssh-to-age
]; ];
networking.hostName = "paperless"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "paperless"; # Define your hostname.
firewall.enable = false;
};
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
sops.secrets.admin = { owner = "paperless";}; validateSopsFiles = false;
secrets.admin = { owner = "paperless";};
};
services.paperless = { services.paperless = {
enable = true; enable = true;

2
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

104
profiles/server1/sound/nixos.nix
View file

@ -9,23 +9,33 @@
services.xserver = { services = {
layout = "us"; xserver = {
xkbVariant = "altgr-intl"; layout = "us";
xkbVariant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself proxmoxLXC = {
networking.useDHCP = true; manageNetwork = true; # manage network myself
networking.enableIPv6 = false; manageHostName = false; # manage hostname myself
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
}; };
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -40,32 +50,38 @@
proxmoxLXC.privileged = true; # manage hostname myself proxmoxLXC.privileged = true; # manage hostname myself
users.groups.lxc_pshares = { users = {
gid = 110000; groups = {
members = [ lxc_pshares = {
"navidrome" gid = 110000;
"mpd" members = [
"root" "navidrome"
]; "mpd"
}; "root"
];
};
users.groups.navidrome = { navidrome = {
gid = 61593; gid = 61593;
}; };
users.groups.mpd = {}; mpd = {};
};
users.users.navidrome = { users = {
isSystemUser = true; navidrome = {
uid = 61593; isSystemUser = true;
group = "navidrome"; uid = 61593;
extraGroups = [ "audio" "utmp" ]; group = "navidrome";
}; extraGroups = [ "audio" "utmp" ];
};
users.users.mpd = { mpd = {
isSystemUser = true; isSystemUser = true;
group = "mpd"; group = "mpd";
extraGroups = [ "audio" "utmp" ]; extraGroups = [ "audio" "utmp" ];
};
};
}; };
sound = { sound = {
@ -73,8 +89,10 @@
}; };
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
networking.hostName = "sound"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "sound"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
@ -84,10 +102,12 @@
mpv mpv
]; ];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
sops.secrets.mpdpass = { owner = "mpd";}; validateSopsFiles = false;
secrets.mpdpass = { owner = "mpd";};
};
services.navidrome = { services.navidrome = {
enable = true; enable = true;

2
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

50
profiles/server1/spotifyd/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, ... }: { pkgs, modulesPath, ... }:
{ {
@ -9,23 +9,33 @@
services.xserver = { services = {
layout = "us"; xserver = {
xkbVariant = "altgr-intl"; layout = "us";
xkbVariant = "altgr-intl";
};
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself proxmoxLXC = {
networking.useDHCP = true; manageNetwork = true; # manage network myself
networking.enableIPv6 = false; manageHostName = false; # manage hostname myself
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
}; };
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -56,18 +66,16 @@
}; };
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
networking.hostName = "spotifyd"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "spotifyd"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
ssh-to-age ssh-to-age
]; ];
# sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
# sops.defaultSopsFile = "/.dotfiles/secrets/spotifyd/secrets.yaml";
# sops.validateSopsFiles = false;
services.spotifyd = { services.spotifyd = {
enable = true; enable = true;
settings = { settings = {

2
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

590
profiles/server1/transmission/nixos.nix
View file

@ -1,358 +1,270 @@
{ config, pkgs, modulesPath, ... }: { config, pkgs, modulesPath, ... }:
{ {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix ./hardware-configuration.nix
# ./openvpn.nix #this file holds the vpn login data # ./openvpn.nix #this file holds the vpn login data
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
ssh-to-age ssh-to-age
openvpn openvpn
jq jq
iptables iptables
busybox busybox
wireguard-tools wireguard-tools
]; ];
users.groups.lxc_shares = { users.groups.lxc_shares = {
gid = 10000; gid = 10000;
members = [ members = [
"vpn" "vpn"
"radarr" "radarr"
"sonarr" "sonarr"
"lidarr" "lidarr"
"readarr" "readarr"
"root" "root"
]; ];
}; };
users.groups.vpn = {}; users.groups.vpn = {};
users.users.vpn = { users.users.vpn = {
isNormalUser = true; isNormalUser = true;
group = "vpn"; group = "vpn";
home = "/home/vpn"; home = "/home/vpn";
}; };
services.xserver = { services.xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = [ "tun" ]; boot.kernelModules = [ "tun" ];
proxmoxLXC.manageNetwork = true; # manage network myself proxmoxLXC = {
proxmoxLXC.manageHostName = false; # manage hostname myself manageNetwork = true; # manage network myself
networking.hostName = "transmission"; # Define your hostname. manageHostName = false; # manage hostname myself
networking.useDHCP = true; };
networking.enableIPv6 = false; networking = {
networking.firewall.enable = false; hostName = "transmission"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.radarr = { services = {
enable = true; radarr = {
}; enable = true;
};
readarr = {
enable = true;
};
sonarr = {
enable = true;
};
lidarr = {
enable = true;
};
prowlarr = {
enable = true;
};
};
services.readarr = { networking.iproute2 = {
enable = true; enable = true;
}; rttablesExtraConfig = ''
services.sonarr = { 200 vpn
enable = true; '';
}; };
services.lidarr = { environment.etc = {
enable = true; "openvpn/iptables.sh" =
}; { source = ../../../scripts/server1/iptables.sh;
services.prowlarr = { mode = "0755";
enable = true; };
}; "openvpn/update-resolv-conf" =
{ source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{ source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{ source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{ source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# networking.interfaces = { system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
# lo = { # users.users.root.password = "TEMPLATE";
# useDHCP = false;
# ipv4.addresses = [
# { address = "127.0.0.1"; prefixLength = 8; }
# ];
# };
#
# eth0 = {
# useDHCP = true;
# };
# };
# networking.firewall.extraCommands = '' environment.shellAliases = {
# sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
# ''; };
networking.iproute2 = {
enable = true;
rttablesExtraConfig = ''
200 vpn
'';
};
# boot.kernel.sysctl = {
# "net.ipv4.conf.all.rp_filter" = 2;
# "net.ipv4.conf.default.rp_filter" = 2;
# "net.ipv4.conf.eth0.rp_filter" = 2;
# };
environment.etc = {
"openvpn/iptables.sh" =
{ source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{ source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{ source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{ source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{ source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change sops = {
# users.users.root.password = "TEMPLATE"; templates = {
"transmission-rpc" = {
environment.shellAliases = { owner = "vpn";
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; content = builtins.toJSON {
}; rpc-username = config.sops.placeholder.rpcuser;
rpc-password = config.sops.placeholder.rpcpass;
sops.secrets.vpnuser = {};
sops.secrets.rpcuser = {owner="vpn";};
sops.secrets.vpnpass = {};
sops.secrets.rpcpass = {owner="vpn";};
sops.secrets.vpnprot = {};
sops.secrets.vpnloc = {};
# sops.secrets.crlpem = {};
# sops.secrets.capem = {};
sops.templates."transmission-rpc".owner = "vpn";
sops.templates."transmission-rpc".content = builtins.toJSON {
rpc-username = config.sops.placeholder.rpcuser;
rpc-password = config.sops.placeholder.rpcpass;
};
sops.templates.pia.content = ''
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
sops.templates.vpn.content = ''
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
dhcp-option DNS 8.8.8.8
route-noexec
'';
# services.pia.enable = true;
# services.pia.authUserPass.username = "na";
# services.pia.authUserPass.password = "na";
# systemd.services.openvpn-vpn = {
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" ];
# description = "OpenVPN connection to pia";
# serviceConfig = {
# Type = "forking";
# RuntimeDirectory="openvpn";
# PrivateTmp=true;
# KillMode="mixed";
# ExecStart = ''@${pkgs.openvpn}/sbin/openvpn openvpn --daemon ovpn-pia --status /run/openvpn/pia.status 10 --cd /etc/openvpn --script-security 2 --config ${config.sops.templates.vpn.path} --writepid /run/openvpn/pia.pid'';
# PIDFile=''/run/openvpn/pia.pid'';
# ExecReload=''/run/current-system/sw/bin/kill -HUP $MAINPID'';
# WorkingDirectory="/etc/openvpn";
# Restart="on-failure";
# RestartSec=30;
# ProtectSystem="yes";
# DeviceAllow=["/dev/null rw" "/dev/net/tun rw"];
# };
# };
services.openvpn.servers = {
pia = {
autoStart = false;
updateResolvConf = true;
# up = ''
# export INTERFACE="tun0"
# export VPNUSER="vpn"
# export LOCALIP="192.168.1.191"
# export NETIF="eth0"
# export VPNIF="tun0"
# export GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
# iptables -F -t nat
# iptables -F -t mangle
# iptables -F -t filter
# iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
# iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
# iptables -A INPUT -i $INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i $INTERFACE -j REJECT
# iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
# iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
# iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
# iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT
# if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
# ip rule add from all fwmark 0x1 lookup $VPNUSER
# fi
# ip route replace default via $GATEWAYIP table $VPNUSER
# ip route append default via 127.0.0.1 dev lo table $VPNUSER
# ip route flush cache
# '';
# down = "bash /etc/openvpn/update-resolv-conf";
# these are outsourced to a local file, I am not sure if it can be done with sops-nix
# authUserPass = {
# username = "TODO:secrets";
# password = "TODO:secrets";
# };
config = "config ${config.sops.templates.vpn.path}";
};
};
services.transmission = {
enable = true;
credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down= 8000;
alt-speed-enabled= false;
alt-speed-time-begin= 0;
alt-speed-time-day= 127;
alt-speed-time-enabled= true;
alt-speed-time-end= 360;
alt-speed-up= 2000;
bind-address-ipv4= "0.0.0.0";
bind-address-ipv6= "::";
blocklist-enabled= false;
blocklist-url= "http://www.example.com/blocklist";
cache-size-mb= 4;
dht-enabled= false;
download-dir= "/media/Eternor/New";
download-limit= 100;
download-limit-enabled= 0;
download-queue-enabled= true;
download-queue-size= 5;
encryption= 2;
idle-seeding-limit= 30;
idle-seeding-limit-enabled= false;
incomplete-dir= "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled= false;
lpd-enabled= false;
max-peers-global= 200;
message-level= 1;
peer-congestion-algorithm= "";
peer-id-ttl-hours= 6;
peer-limit-global= 100;
peer-limit-per-torrent= 40;
peer-port= 22371;
peer-port-random-high= 65535;
peer-port-random-low= 49152;
peer-port-random-on-start= false;
peer-socket-tos= "default";
pex-enabled= false;
port-forwarding-enabled= false;
preallocation= 1;
prefetch-enabled= true;
queue-stalled-enabled= true;
queue-stalled-minutes= 30;
ratio-limit= 2;
ratio-limit-enabled= false;
rename-partial-files= true;
rpc-authentication-required= true;
rpc-bind-address= "0.0.0.0";
rpc-enabled= true;
rpc-host-whitelist= "";
rpc-host-whitelist-enabled= true;
rpc-port= 9091;
rpc-url= "/transmission/";
rpc-whitelist= "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled= true;
scrape-paused-torrents-enabled= true;
script-torrent-done-enabled= false;
seed-queue-enabled= false;
seed-queue-size= 10;
speed-limit-down= 6000;
speed-limit-down-enabled= true;
speed-limit-up= 500;
speed-limit-up-enabled= true;
start-added-torrents= true;
trash-original-torrent-files= false;
umask= 2;
upload-limit= 100;
upload-limit-enabled= 0;
upload-slots-per-torrent= 14;
utp-enabled= false;
};
}; };
};
# services.nginx = { pia.content = ''
# enable = true; ${config.sops.placeholder.vpnuser}
# virtualHosts = { ${config.sops.placeholder.vpnpass}
'';
# "192.168.1.192" = { vpn.content = ''
# locations = { client
# "/transmission" = { dev tun
# proxyPass = "http://127.0.0.1:9091"; proto ${config.sops.placeholder.vpnprot}
# extraConfig = '' remote ${config.sops.placeholder.vpnloc}
# proxy_set_header Host $host; resolv-retry infinite
# proxy_set_header X-Real-IP $remote_addr; nobind
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; persist-key
# ''; persist-tun
# }; cipher aes-128-cbc
# }; auth sha1
# }; tls-client
# }; remote-cert-tls server
# };
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
dhcp-option DNS 8.8.8.8
route-noexec
'';
};
secrets = {
vpnuser = {};
rpcuser = {owner="vpn";};
vpnpass = {};
rpcpass = {owner="vpn";};
vpnprot = {};
vpnloc = {};
};
};
services.openvpn.servers = {
pia = {
autoStart = false;
updateResolvConf = true;
config = "config ${config.sops.templates.vpn.path}";
};
};
services.transmission = {
enable = true;
credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down= 8000;
alt-speed-enabled= false;
alt-speed-time-begin= 0;
alt-speed-time-day= 127;
alt-speed-time-enabled= true;
alt-speed-time-end= 360;
alt-speed-up= 2000;
bind-address-ipv4= "0.0.0.0";
bind-address-ipv6= "::";
blocklist-enabled= false;
blocklist-url= "http://www.example.com/blocklist";
cache-size-mb= 4;
dht-enabled= false;
download-dir= "/media/Eternor/New";
download-limit= 100;
download-limit-enabled= 0;
download-queue-enabled= true;
download-queue-size= 5;
encryption= 2;
idle-seeding-limit= 30;
idle-seeding-limit-enabled= false;
incomplete-dir= "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled= false;
lpd-enabled= false;
max-peers-global= 200;
message-level= 1;
peer-congestion-algorithm= "";
peer-id-ttl-hours= 6;
peer-limit-global= 100;
peer-limit-per-torrent= 40;
peer-port= 22371;
peer-port-random-high= 65535;
peer-port-random-low= 49152;
peer-port-random-on-start= false;
peer-socket-tos= "default";
pex-enabled= false;
port-forwarding-enabled= false;
preallocation= 1;
prefetch-enabled= true;
queue-stalled-enabled= true;
queue-stalled-minutes= 30;
ratio-limit= 2;
ratio-limit-enabled= false;
rename-partial-files= true;
rpc-authentication-required= true;
rpc-bind-address= "0.0.0.0";
rpc-enabled= true;
rpc-host-whitelist= "";
rpc-host-whitelist-enabled= true;
rpc-port= 9091;
rpc-url= "/transmission/";
rpc-whitelist= "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled= true;
scrape-paused-torrents-enabled= true;
script-torrent-done-enabled= false;
seed-queue-enabled= false;
seed-queue-size= 10;
speed-limit-down= 6000;
speed-limit-down-enabled= true;
speed-limit-up= 500;
speed-limit-up-enabled= true;
start-added-torrents= true;
trash-original-torrent-files= false;
umask= 2;
upload-limit= 100;
upload-limit-enabled= 0;
upload-slots-per-torrent= 14;
utp-enabled= false;
};
};
} }

2
profiles/threed/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

4
profiles/threed/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -76,7 +76,7 @@
}; };
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+F2" = "exec brightnessctl set +5%"; "${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1"= "exec brightnessctl set 5%-"; "${modifier}+F1"= "exec brightnessctl set 5%-";

4
profiles/threed/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { lib, pkgs, ... }:
{ {
@ -71,7 +71,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };

10
profiles/winters/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -97,11 +97,11 @@
]; ];
keybindings = let # keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; # inherit (config.wayland.windowManager.sway.config) modifier;
in { # in {
}; # };
startup = [ startup = [

4
profiles/winters/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { pkgs, ... }:
{ {
@ -88,7 +88,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };

36
programs/emacs/early-init.el
View file

@ -38,23 +38,23 @@
right-margin-width 1) right-margin-width 1)
(setq-default default-frame-alist (setq-default default-frame-alist
(append (append
(list (list
'(undecorated . t) ; no title bar, borders etc. '(undecorated . t) ; no title bar, borders etc.
'(background-color . "#1D252C") ; load doom-citylight colors to avoid white flash '(background-color . "#1D252C") ; load doom-citylight colors to avoid white flash
'(foreground-color . "#A0B3C5") ; load doom-citylight colors to avoid white flash '(foreground-color . "#A0B3C5") ; load doom-citylight colors to avoid white flash
'(vertical-scroll-bars . nil) '(vertical-scroll-bars . nil)
'(horizontal-scroll-bars . nil) '(horizontal-scroll-bars . nil)
'(internal-border-width . 5) '(internal-border-width . 5)
'(tool-bar-lines . 0) '(tool-bar-lines . 0)
'(menu-bar-lines . 0)))) '(menu-bar-lines . 0))))
(add-hook (add-hook
'after-make-frame-functions 'after-make-frame-functions
(lambda (frame) (lambda (frame)
(with-selected-frame frame (with-selected-frame frame
(when (display-graphic-p) (when (display-graphic-p)
(define-key input-decode-map (kbd "C-i") [DUMMY-i]) (define-key input-decode-map (kbd "C-i") [DUMMY-i])
(define-key input-decode-map (kbd "C-[") [DUMMY-lsb]) (define-key input-decode-map (kbd "C-[") [DUMMY-lsb])
(define-key input-decode-map (kbd "C-m") [DUMMY-m]) (define-key input-decode-map (kbd "C-m") [DUMMY-m])
)))) ))))

262
programs/emacs/init.el
View file

@ -57,19 +57,19 @@
(cons beg end))) (cons beg end)))
(defun crux-duplicate-current-line-or-region (arg) (defun crux-duplicate-current-line-or-region (arg)
"Duplicates the current line or region ARG times. "Duplicates the current line or region ARG times.
If there's no region, the current line will be duplicated. However, if If there's no region, the current line will be duplicated. However, if
there's a region, all lines that region covers will be duplicated." there's a region, all lines that region covers will be duplicated."
(interactive "p") (interactive "p")
(pcase-let* ((origin (point)) (pcase-let* ((origin (point))
(`(,beg . ,end) (crux-get-positions-of-line-or-region)) (`(,beg . ,end) (crux-get-positions-of-line-or-region))
(region (buffer-substring-no-properties beg end))) (region (buffer-substring-no-properties beg end)))
(dotimes (_i arg) (dotimes (_i arg)
(goto-char end) (goto-char end)
(newline) (newline)
(insert region) (insert region)
(setq end (point))) (setq end (point)))
(goto-char (+ origin (* (length region) arg) arg)))) (goto-char (+ origin (* (length region) arg) arg))))
(defun crux-duplicate-and-comment-current-line-or-region (arg) (defun crux-duplicate-and-comment-current-line-or-region (arg)
"Duplicates and comments the current line or region ARG times. "Duplicates and comments the current line or region ARG times.
@ -219,22 +219,22 @@ create a new one."
(evil-next-visual-line)) (evil-next-visual-line))
;; run the python inferior shell immediately upon entering a python buffer ;; run the python inferior shell immediately upon entering a python buffer
;; (add-hook 'python-mode-hook 'swarsel/run-python) ;; (add-hook 'python-mode-hook 'swarsel/run-python)
;; (defun swarsel/run-python () ;; (defun swarsel/run-python ()
;; (save-selected-window ;; (save-selected-window
;; (switch-to-buffer-other-window (process-buffer (python-shell-get-or-create-process (python-shell-parse-command)))))) ;; (switch-to-buffer-other-window (process-buffer (python-shell-get-or-create-process (python-shell-parse-command))))))
;; reload python shell automatically ;; reload python shell automatically
(defun my-python-shell-run () (defun my-python-shell-run ()
(interactive) (interactive)
(when (get-buffer-process "*Python*") (when (get-buffer-process "*Python*")
(set-process-query-on-exit-flag (get-buffer-process "*Python*") nil) (set-process-query-on-exit-flag (get-buffer-process "*Python*") nil)
(kill-process (get-buffer-process "*Python*")) (kill-process (get-buffer-process "*Python*"))
;; Uncomment If you want to clean the buffer too. ;; Uncomment If you want to clean the buffer too.
;;(kill-buffer "*Python*") ;;(kill-buffer "*Python*")
;; Not so fast! ;; Not so fast!
(sleep-for 0.5)) (sleep-for 0.5))
(run-python (python-shell-parse-command) nil nil) (run-python (python-shell-parse-command) nil nil)
(python-shell-send-buffer) (python-shell-send-buffer)
;; Pop new window only if shell isnt visible ;; Pop new window only if shell isnt visible
@ -533,13 +533,13 @@ create a new one."
(setq forge-add-default-bindings nil)) (setq forge-add-default-bindings nil))
;; enables 2-char inline search ;; enables 2-char inline search
(use-package evil-snipe (use-package evil-snipe
:after evil :after evil
:demand :demand
:config :config
(evil-snipe-mode +1) (evil-snipe-mode +1)
;; replace 1-char searches (f&t) with this better UI ;; replace 1-char searches (f&t) with this better UI
(evil-snipe-override-mode +1)) (evil-snipe-override-mode +1))
;; for parentheses-heavy languades modify evil commands to keep balance of parantheses ;; for parentheses-heavy languades modify evil commands to keep balance of parantheses
(use-package evil-cleverparens) (use-package evil-cleverparens)
@ -770,7 +770,7 @@ create a new one."
:hook (org-mode . swarsel/org-mode-setup) :hook (org-mode . swarsel/org-mode-setup)
:bind :bind
(("C-<tab>" . org-fold-outer) (("C-<tab>" . org-fold-outer)
("C-c s" . org-store-link)) ("C-c s" . org-store-link))
:config :config
(setq org-ellipsis "" (setq org-ellipsis ""
org-link-descriptive t org-link-descriptive t
@ -914,7 +914,7 @@ create a new one."
(setq TeX-auto-save t) (setq TeX-auto-save t)
(setq TeX-save-query nil) (setq TeX-save-query nil)
(setq TeX-parse-self t) (setq TeX-parse-self t)
(setq-default TeX-master nil) (setq-default TeX-master nil)
(add-hook 'LaTeX-mode-hook 'visual-line-mode) (add-hook 'LaTeX-mode-hook 'visual-line-mode)
(add-hook 'LaTeX-mode-hook 'flyspell-mode) (add-hook 'LaTeX-mode-hook 'flyspell-mode)
@ -923,7 +923,7 @@ create a new one."
(setq LaTeX-electric-left-right-brace t) (setq LaTeX-electric-left-right-brace t)
(setq font-latex-fontify-script nil) (setq font-latex-fontify-script nil)
(setq TeX-electric-sub-and-superscript t) (setq TeX-electric-sub-and-superscript t)
;; (setq reftex-plug-into-AUCTeX t) ;; (setq reftex-plug-into-AUCTeX t)
(use-package org-download (use-package org-download
:after org :after org
@ -951,106 +951,106 @@ create a new one."
:hook (org-mode . org-modern-mode)) :hook (org-mode . org-modern-mode))
(use-package org-present (use-package org-present
:bind (:map org-present-mode-keymap :bind (:map org-present-mode-keymap
("q" . org-present-quit) ("q" . org-present-quit)
("<left>" . swarsel/org-present-prev) ("<left>" . swarsel/org-present-prev)
("<up>" . 'ignore) ("<up>" . 'ignore)
("<down>" . 'ignore) ("<down>" . 'ignore)
("<right>" . swarsel/org-present-next)) ("<right>" . swarsel/org-present-next))
:hook ((org-present-mode . swarsel/org-present-start) :hook ((org-present-mode . swarsel/org-present-start)
(org-present-mode-quit . swarsel/org-present-end)) (org-present-mode-quit . swarsel/org-present-end))
) )
(use-package hide-mode-line) (use-package hide-mode-line)
(defun swarsel/org-present-start () (defun swarsel/org-present-start ()
(setq-local face-remapping-alist '((default (:height 1.5) variable-pitch) (setq-local face-remapping-alist '((default (:height 1.5) variable-pitch)
(header-line (:height 4.0) variable-pitch) (header-line (:height 4.0) variable-pitch)
(org-document-title (:height 1.75) org-document-title) (org-document-title (:height 1.75) org-document-title)
(org-code (:height 1.55) org-code) (org-code (:height 1.55) org-code)
(org-verbatim (:height 1.55) org-verbatim) (org-verbatim (:height 1.55) org-verbatim)
(org-block (:height 1.25) org-block) (org-block (:height 1.25) org-block)
(org-block-begin-line (:height 0.7) org-block) (org-block-begin-line (:height 0.7) org-block)
)) ))
(dolist (face '((org-level-1 . 1.1) (dolist (face '((org-level-1 . 1.1)
(org-level-2 . 1.2) (org-level-2 . 1.2)
(org-level-3 . 1.2) (org-level-3 . 1.2)
(org-level-4 . 1.2) (org-level-4 . 1.2)
(org-level-5 . 1.2) (org-level-5 . 1.2)
(org-level-6 . 1.2) (org-level-6 . 1.2)
(org-level-7 . 1.2) (org-level-7 . 1.2)
(org-level-8 . 1.2))) (org-level-8 . 1.2)))
(set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face))) (set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face)))
(setq header-line-format " ") (setq header-line-format " ")
(setq visual-fill-column-width 90) (setq visual-fill-column-width 90)
(setq indicate-buffer-boundaries nil) (setq indicate-buffer-boundaries nil)
(setq inhibit-message nil) (setq inhibit-message nil)
(breadcrumb-mode 0) (breadcrumb-mode 0)
(org-display-inline-images) (org-display-inline-images)
(global-hl-line-mode 0) (global-hl-line-mode 0)
(display-line-numbers-mode 0) (display-line-numbers-mode 0)
(org-modern-mode 0) (org-modern-mode 0)
(evil-insert-state 1) (evil-insert-state 1)
(beginning-of-buffer) (beginning-of-buffer)
(org-present-read-only) (org-present-read-only)
;; (org-present-hide-cursor) ;; (org-present-hide-cursor)
(swarsel/org-present-slide) (swarsel/org-present-slide)
) )
(defun swarsel/org-present-end () (defun swarsel/org-present-end ()
(setq-local face-remapping-alist '((default variable-pitch default))) (setq-local face-remapping-alist '((default variable-pitch default)))
(dolist (face '((org-level-1 . 1.1) (dolist (face '((org-level-1 . 1.1)
(org-level-2 . 0.9) (org-level-2 . 0.9)
(org-level-3 . 0.9) (org-level-3 . 0.9)
(org-level-4 . 0.9) (org-level-4 . 0.9)
(org-level-5 . 0.9) (org-level-5 . 0.9)
(org-level-6 . 0.9) (org-level-6 . 0.9)
(org-level-7 . 0.9) (org-level-7 . 0.9)
(org-level-8 . 0.9))) (org-level-8 . 0.9)))
(set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face))) (set-face-attribute (car face) nil :font swarsel-alt-font :weight 'medium :height (cdr face)))
(setq header-line-format nil) (setq header-line-format nil)
(setq visual-fill-column-width 150) (setq visual-fill-column-width 150)
(setq indicate-buffer-boundaries t) (setq indicate-buffer-boundaries t)
(setq inhibit-message nil) (setq inhibit-message nil)
(breadcrumb-mode 1) (breadcrumb-mode 1)
(global-hl-line-mode 1) (global-hl-line-mode 1)
(display-line-numbers-mode 1) (display-line-numbers-mode 1)
(org-remove-inline-images) (org-remove-inline-images)
(org-modern-mode 1) (org-modern-mode 1)
(evil-normal-state 1) (evil-normal-state 1)
;; (org-present-show-cursor) ;; (org-present-show-cursor)
) )
(defun swarsel/org-present-slide () (defun swarsel/org-present-slide ()
(org-overview) (org-overview)
(org-show-entry) (org-show-entry)
(org-show-children) (org-show-children)
) )
(defun swarsel/org-present-prev () (defun swarsel/org-present-prev ()
(interactive) (interactive)
(org-present-prev) (org-present-prev)
(swarsel/org-present-slide)) (swarsel/org-present-slide))
(defun swarsel/org-present-next () (defun swarsel/org-present-next ()
(interactive) (interactive)
(unless (eobp) (unless (eobp)
(org-next-visible-heading 1) (org-next-visible-heading 1)
(org-fold-show-entry)) (org-fold-show-entry))
(when (eobp) (when (eobp)
(org-present-next) (org-present-next)
(swarsel/org-present-slide) (swarsel/org-present-slide)
)) ))
(defun clojure-leave-clojure-mode-function () (defun clojure-leave-clojure-mode-function ()
) )
(add-hook 'buffer-list-update-hook #'clojure-leave-clojure-mode-function) (add-hook 'buffer-list-update-hook #'clojure-leave-clojure-mode-function)
(add-hook 'org-present-mode-hook 'swarsel/org-present-start) (add-hook 'org-present-mode-hook 'swarsel/org-present-start)
(add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end) (add-hook 'org-present-mode-quit-hook 'swarsel/org-present-end)
(add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide) (add-hook 'org-present-after-navigate-functions 'swarsel/org-present-slide)
(use-package nix-mode (use-package nix-mode
:mode "\\.nix\\'") :mode "\\.nix\\'")
@ -1129,21 +1129,21 @@ create a new one."
(use-package devdocs) (use-package devdocs)
(add-hook 'python-mode-hook (add-hook 'python-mode-hook
(lambda () (setq-local devdocs-current-docs '("python~3.12" "numpy~1.23" "matplotlib~3.7" "pandas~1")))) (lambda () (setq-local devdocs-current-docs '("python~3.12" "numpy~1.23" "matplotlib~3.7" "pandas~1"))))
(add-hook 'python-ts-mode-hook (add-hook 'python-ts-mode-hook
(lambda () (setq-local devdocs-current-docs '("python~3.12" "numpy~1.23" "matplotlib~3.7" "pandas~1")))) (lambda () (setq-local devdocs-current-docs '("python~3.12" "numpy~1.23" "matplotlib~3.7" "pandas~1"))))
(add-hook 'c-mode-hook (add-hook 'c-mode-hook
(lambda () (setq-local devdocs-current-docs '("c")))) (lambda () (setq-local devdocs-current-docs '("c"))))
(add-hook 'c-ts-mode-hook (add-hook 'c-ts-mode-hook
(lambda () (setq-local devdocs-current-docs '("c")))) (lambda () (setq-local devdocs-current-docs '("c"))))
(add-hook 'c++-mode-hook (add-hook 'c++-mode-hook
(lambda () (setq-local devdocs-current-docs '("cpp")))) (lambda () (setq-local devdocs-current-docs '("cpp"))))
(add-hook 'c++-ts-mode-hook (add-hook 'c++-ts-mode-hook
(lambda () (setq-local devdocs-current-docs '("cpp")))) (lambda () (setq-local devdocs-current-docs '("cpp"))))
; (devdocs-update-all) ; (devdocs-update-all)
(use-package projectile (use-package projectile
:diminish projectile-mode :diminish projectile-mode
@ -1155,7 +1155,7 @@ create a new one."
;; NOTE: Set this to the folder where you keep your Git repos! ;; NOTE: Set this to the folder where you keep your Git repos!
(when (file-directory-p swarsel-projects-directory) (when (file-directory-p swarsel-projects-directory)
(setq projectile-project-search-path (list swarsel-projects-directory))) (setq projectile-project-search-path (list swarsel-projects-directory)))
(setq projectile-switch-project-action #'magit-status)) (setq projectile-switch-project-action #'magit-status))
(use-package magit (use-package magit
:config :config
@ -1184,8 +1184,8 @@ create a new one."
forge-gitea-repository))) forge-gitea-repository)))
(use-package git-timemachine (use-package git-timemachine
:hook (git-time-machine-mode . evil-normalize-keymaps) :hook (git-time-machine-mode . evil-normalize-keymaps)
:init (setq git-timemachine-show-minibuffer-details t)) :init (setq git-timemachine-show-minibuffer-details t))
(use-package rainbow-delimiters (use-package rainbow-delimiters
:hook (prog-mode . rainbow-delimiters-mode)) :hook (prog-mode . rainbow-delimiters-mode))
@ -1294,7 +1294,7 @@ create a new one."
;; (add-to-list 'completion-at-point-functions #'cape-dict) ;; (add-to-list 'completion-at-point-functions #'cape-dict)
;; (add-to-list 'completion-at-point-functions #'cape-elisp-symbol) ;; (add-to-list 'completion-at-point-functions #'cape-elisp-symbol)
;; (add-to-list 'completion-at-point-functions #'cape-line) ;; (add-to-list 'completion-at-point-functions #'cape-line)
) )
(use-package rustic (use-package rustic
:init :init
@ -1328,7 +1328,7 @@ create a new one."
(concat (concat
"-o ControlPath=/tmp/ssh-tramp-%%r@%%h:%%p " "-o ControlPath=/tmp/ssh-tramp-%%r@%%h:%%p "
"-o ControlMaster=auto -o ControlPersist=yes")) "-o ControlMaster=auto -o ControlPersist=yes"))
) )
(use-package diff-hl (use-package diff-hl
:hook :hook
@ -1642,19 +1642,19 @@ create a new one."
(:maildir "/Drafts" :key ?d) (:maildir "/Drafts" :key ?d)
(:maildir "/All Mail" :key ?a))) (:maildir "/All Mail" :key ?a)))
(setq user-mail-address "leon@swarsel.win" (setq user-mail-address "leon@swarsel.win"
user-full-name "Leon Schwarzäugl") user-full-name "Leon Schwarzäugl")
(setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com))) (setq mu4e-user-mail-address-list '(leon.schwarzaeugl@gmail.com leon@swarsel.win nautilus.dw@gmail.com mrswarsel@gmail.com)))
(add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address) (add-hook 'mu4e-compose-mode-hook #'swarsel/mu4e-send-from-correct-address)
(add-hook 'mu4e-compose-post-hook #'swarsel/mu4e-restore-default) (add-hook 'mu4e-compose-post-hook #'swarsel/mu4e-restore-default)
(use-package mu4e-alert (use-package mu4e-alert
:config :config
(setq mu4e-alert-set-default-style 'libnotify)) (setq mu4e-alert-set-default-style 'libnotify))
(add-hook 'after-init-hook #'mu4e-alert-enable-notifications) (add-hook 'after-init-hook #'mu4e-alert-enable-notifications)

1
templates/cu_flake.nix
View file

@ -8,7 +8,6 @@
outputs = {nixpkgs, ...}: let outputs = {nixpkgs, ...}: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
llvm = pkgs.llvmPackages_latest;
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {

2
templates/rust_flake.nix
View file

@ -5,7 +5,7 @@
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
}; };
outputs = {self, nixpkgs, rust-overlay, ...}: let outputs = { nixpkgs, rust-overlay, ...}: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;