swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: Add automatic formatting for .nix files

Browse source
This commit is contained in:
Swarsel 2024-07-19 00:45:48 +02:00
parent 9dc9a1fe1b
commit 72d321f478
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
46 changed files with 3204 additions and 3164 deletions
Download patch file Download diff file Expand all files Collapse all files

79
profiles/TEMPLATE/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -11,11 +11,11 @@
defaultCacheTtl = 600;
maxCacheTtl = 7200;
extraConfig = ''
allow-loopback-pinentry
allow-emacs-pinentry
allow-loopback-pinentry
allow-emacs-pinentry
'';
};
};
home = {
username = "TEMPLATE";
homeDirectory = "/home/TEMPLATE";
@ -29,7 +29,7 @@
];
};
# update path if the sops private key is stored somewhere else
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -40,7 +40,7 @@
# -----------------------------------------------------------------
# is this machine always connected to power? If yes, use this block:
#
#
# programs.waybar.settings.mainBar."custom/pseudobat"= {
# format= "";
# on-click-right= "wlogout -p layer-shell";
@ -61,32 +61,33 @@
# "custom/left-arrow-dark"
# "clock#1"
# ];
#
#
# -----------------------------------------------------------------
# -----------------------------------------------------------------
# if not always connected to power (laptop), use this (default):
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
# -----------------------------------------------------------------
wayland.windowManager.sway= {
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
input = {
@ -94,7 +95,8 @@
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
"1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
# xkb_options = "ctrl:nocaps,grp:win_space_toggle";
@ -106,7 +108,6 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -126,14 +127,12 @@
};
startup = [
{ command = "nextcloud --background";}
{ command = "discord --start-minimized";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
];
};
};

32
profiles/TEMPLATE/nixos.nix
View file

@ -1,17 +1,11 @@
{ pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
{pkgs, ...}: {
imports = [
./hardware-configuration.nix
];
services = {
getty.autologinUser = "TEMPLATE";
greetd.settings.initial_session.user="TEMPLATE";
greetd.settings.initial_session.user = "TEMPLATE";
};
# Bootloader
@ -37,7 +31,7 @@
networking.hostName = "TEMPLATE"; # Define your hostname.
stylix.image = ../../wallpaper/TEMPLATEwp.png;
stylix = {
enable = true;
base16Scheme = ../../wallpaper/swarsel.yaml;
@ -62,7 +56,7 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
@ -71,21 +65,18 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
# Configure keymap in X11 (only used for login)
services.xserver = {
@ -96,7 +87,7 @@
users.users.TEMPLATE = {
isNormalUser = true;
description = "TEMPLATE";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; [];
};
@ -104,5 +95,4 @@
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

2592
profiles/common/home.nix
View file

File diff suppressed because it is too large Load diff

939
profiles/common/nixos.nix
View file

@ -1,511 +1,508 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
};
services.xserver = {
xkb = {
layout = "us";
variant = "altgr-intl";
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
users.mutableUsers = false;
environment = {
wordlist.enable = true;
sessionVariables = {
NIXOS_OZONE_WL = "1";
GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
]);
};
};
# gstreamer plugins for nautilus (used for file metadata)
time.hardwareClockInLocalTime = true;
# dont style GRUB with stylix
stylix.targets.grub.enable = false; # the styling makes grub more ugly
security.polkit.enable = true;
nix.gc = {
automatic = true;
randomizedDelaySec = "14m";
dates = "weekly";
options = "--delete-older-than 10d";
};
nix.optimise = {
automatic = true;
dates = [ "weekly" ];
};
# systemd
systemd.extraConfig = ''
DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s
'';
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
pulseaudio= {
enable = true;
package = pkgs.pulseaudioFull;
};
enableAllFirmware = true;
bluetooth = {
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
services.xserver = {
xkb = {
layout = "us";
variant = "altgr-intl";
};
};
};
networking.networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
];
profiles = {
"Ernest Routerford" = {
connection = {
id = "Ernest Routerford";
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = "Ernest Routerford";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$ERNEST";
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
eduroam = {
"802-1x" = {
eap = "ttls;";
identity = "$EDUID";
password = "$EDUPASS";
phase2-auth = "mschapv2";
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
};
ethernet = { };
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
};
HH40V_39F5 = {
connection = {
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
wifi = {
band = "bg";
mode = "infrastructure";
ssid = "HH40V_39F5";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$FRAUNS";
};
};
magicant = {
connection = {
id = "magicant";
type = "wifi";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = { };
wifi = {
mode = "infrastructure";
ssid = "magicant";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HANDYHOTSPOT";
};
};
"sweden-aes-128-cbc-udp-dns" = {
connection = {
autoconnect = "false";
id = "PIA Sweden";
type = "vpn";
};
ipv4 = { method = "auto"; };
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = { };
vpn = {
auth = "sha1";
ca =
"${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
connection-type = "password";
crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
dev = "tun";
password-flags = "0";
remote = "sweden.privacy.network:1198";
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = { password = "$VPNPASS"; };
};
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
};
ipv4 = { method = "shared"; };
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = { };
wifi = {
mode = "ap";
ssid = "Hotspot-fourside";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$HOTSPOT";
};
};
users.mutableUsers = false;
environment = {
wordlist.enable = true;
sessionVariables = {
NIXOS_OZONE_WL = "1";
GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good
gst-plugins-bad
gst-plugins-ugly
gst-libav
]);
};
};
};
# gstreamer plugins for nautilus (used for file metadata)
systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.service" ];
time.hardwareClockInLocalTime = true;
time.timeZone = "Europe/Vienna";
# dont style GRUB with stylix
stylix.targets.grub.enable = false; # the styling makes grub more ugly
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
security.polkit.enable = true;
nix.gc = {
automatic = true;
randomizedDelaySec = "14m";
dates = "weekly";
options = "--delete-older-than 10d";
};
};
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
swarseluser = {neededForUsers = true;};
ernest = {};
frauns = {};
hotspot = {};
eduid = {};
edupass = {};
handyhotspot = {};
vpnuser = {};
vpnpass = {};
nix.optimise = {
automatic = true;
dates = ["weekly"];
};
templates = {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
# systemd
systemd.extraConfig = ''
DefaultTimeoutStartSec=60s
DefaultTimeoutStopSec=15s
'';
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
pulseaudio = {
enable = true;
package = pkgs.pulseaudioFull;
};
enableAllFirmware = true;
bluetooth = {
powerOnBoot = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
};
};
environment.systemPackages = with pkgs; [
# yubikey packages
gnupg
yubikey-personalization
yubikey-personalization-gui
yubico-pam
yubioath-flutter
yubikey-manager
yubikey-manager-qt
yubico-piv-tool
cfssl
pcsctools
pcscliteWithPolkit.out
networking.networkmanager = {
enable = true;
ensureProfiles = {
environmentFiles = [
"${config.sops.templates."network-manager.env".path}"
];
profiles = {
"Ernest Routerford" = {
connection = {
id = "Ernest Routerford";
permissions = "";
type = "wifi";
};
ipv4 = {
dns-search = "";
method = "auto";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
dns-search = "";
method = "auto";
};
wifi = {
mac-address-blacklist = "";
mode = "infrastructure";
ssid = "Ernest Routerford";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$ERNEST";
};
};
# ledger packages
ledger-live-desktop
LAN-Party = {
connection = {
autoconnect = "false";
id = "LAN-Party";
type = "ethernet";
};
ethernet = {
auto-negotiate = "true";
cloned-mac-address = "preserve";
mac-address = "90:2E:16:D0:A1:87";
};
ipv4 = {method = "shared";};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
};
# pinentry
eduroam = {
"802-1x" = {
eap = "ttls;";
identity = "$EDUID";
password = "$EDUPASS";
phase2-auth = "mschapv2";
};
connection = {
id = "eduroam";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = {};
wifi = {
mode = "infrastructure";
ssid = "eduroam";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-eap";
};
};
# theme related
adwaita-icon-theme
local = {
connection = {
autoconnect = "false";
id = "local";
type = "ethernet";
};
ethernet = {};
ipv4 = {
address1 = "10.42.1.1/24";
method = "shared";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
};
# kde-connect
xdg-desktop-portal
HH40V_39F5 = {
connection = {
id = "HH40V_39F5";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
wifi = {
band = "bg";
mode = "infrastructure";
ssid = "HH40V_39F5";
};
wifi-security = {
key-mgmt = "wpa-psk";
psk = "$FRAUNS";
};
};
# bluetooth
bluez
magicant = {
connection = {
id = "magicant";
type = "wifi";
};
ipv4 = {method = "auto";};
ipv6 = {
addr-gen-mode = "default";
method = "auto";
};
proxy = {};
wifi = {
mode = "infrastructure";
ssid = "magicant";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HANDYHOTSPOT";
};
};
# lsp-related -------------------------------
# nix
# latex
texlab
ghostscript_headless
# wireguard
wireguard-tools
# rust
rust-analyzer
clippy
rustfmt
# go
go
gopls
# zig
zig
zls
# cpp
clang-tools
# + cuda
cudatoolkit
#lsp-bridge / python
gcc
gdb
(python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
"sweden-aes-128-cbc-udp-dns" = {
connection = {
autoconnect = "false";
id = "PIA Sweden";
type = "vpn";
};
ipv4 = {method = "auto";};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "auto";
};
proxy = {};
vpn = {
auth = "sha1";
ca = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-ca.pem";
challenge-response-flags = "2";
cipher = "aes-128-cbc";
compress = "yes";
connection-type = "password";
crl-verify-file = "${config.users.users.swarsel.home}/.dotfiles/secrets/certs/sweden-aes-128-cbc-udp-dns-crl-verify.pem";
dev = "tun";
password-flags = "0";
remote = "sweden.privacy.network:1198";
remote-cert-tls = "server";
reneg-seconds = "0";
service-type = "org.freedesktop.NetworkManager.openvpn";
username = "$VPNUSER";
};
vpn-secrets = {password = "$VPNPASS";};
};
(stdenv.mkDerivation {
name = "oama";
Hotspot = {
connection = {
autoconnect = "false";
id = "Hotspot";
type = "wifi";
};
ipv4 = {method = "shared";};
ipv6 = {
addr-gen-mode = "default";
method = "ignore";
};
proxy = {};
wifi = {
mode = "ap";
ssid = "Hotspot-fourside";
};
wifi-security = {
group = "ccmp;";
key-mgmt = "wpa-psk";
pairwise = "ccmp;";
proto = "rsn;";
psk = "$HOTSPOT";
};
};
};
};
};
src = pkgs.fetchurl {
systemd.services.NetworkManager-ensure-profiles.after = ["NetworkManager.service"];
time.timeZone = "Europe/Vienna";
i18n = {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8";
LC_MONETARY = "de_AT.UTF-8";
LC_NAME = "de_AT.UTF-8";
LC_NUMERIC = "de_AT.UTF-8";
LC_PAPER = "de_AT.UTF-8";
LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8";
};
};
sops = {
defaultSopsFile = "${config.users.users.swarsel.home}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
swarseluser = {neededForUsers = true;};
ernest = {};
frauns = {};
hotspot = {};
eduid = {};
edupass = {};
handyhotspot = {};
vpnuser = {};
vpnpass = {};
};
templates = {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
HOTSPOT=${config.sops.placeholder.hotspot}
EDUID=${config.sops.placeholder.eduid}
EDUPASS=${config.sops.placeholder.edupass}
HANDYHOTSPOT=${config.sops.placeholder.handyhotspot}
VPNUSER=${config.sops.placeholder.vpnuser}
VPNPASS=${config.sops.placeholder.vpnpass}
'';
};
};
environment.systemPackages = with pkgs; [
# yubikey packages
gnupg
yubikey-personalization
yubikey-personalization-gui
yubico-pam
yubioath-flutter
yubikey-manager
yubikey-manager-qt
yubico-piv-tool
cfssl
pcsctools
pcscliteWithPolkit.out
# ledger packages
ledger-live-desktop
# pinentry
# theme related
adwaita-icon-theme
# kde-connect
xdg-desktop-portal
# bluetooth
bluez
# lsp-related -------------------------------
# nix
# latex
texlab
ghostscript_headless
# wireguard
wireguard-tools
# rust
rust-analyzer
clippy
rustfmt
# go
go
gopls
# zig
zig
zls
# cpp
clang-tools
# + cuda
cudatoolkit
#lsp-bridge / python
gcc
gdb
(python3.withPackages (ps: with ps; [jupyter ipython pyqt5 epc orjson sexpdata six setuptools paramiko numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# (python3.withPackages(ps: with ps; [ jupyter ipython pyqt5 numpy pandas scipy matplotlib requests debugpy flake8 gnureadline python-lsp-server]))
# --------------------------------------------
(stdenv.mkDerivation {
name = "oama";
url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
};
phases = [
"unpackPhase"
];
src = pkgs.fetchurl {
name = "oama";
url = "https://github.com/pdobsan/oama/releases/download/0.13.1/oama-0.13.1-Linux-x86_64-static.tgz";
sha256 = "sha256-OTdCObVfnMPhgZxVtZqehgUXtKT1iyqozdkPIV+i3Gc=";
};
unpackPhase = ''
mkdir -p $out/bin
tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
'';
phases = [
"unpackPhase"
];
})
];
programs = {
dconf.enable = true;
evince.enable = true;
kdeconnect.enable = true;
};
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ];
services.blueman.enable = true;
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [ pkgs.sane-airscan ];
};
# enable discovery and usage of network devices (esp. printers)
services.printing = {
enable = true;
drivers = [
pkgs.gutenprint
pkgs.gutenprintBin
unpackPhase = ''
mkdir -p $out/bin
tar xvf $src -C $out/
mv $out/oama-0.13.1-Linux-x86_64-static/oama $out/bin/
'';
})
];
browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.gvfs.enable = true;
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig = let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in ''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
programs.ssh.startAgent = false;
services.pcscd.enable = true;
hardware.ledger.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
ledger-udev-rules
];
services.greetd = {
enable = true;
settings = {
initial_session.command = "sway";
# initial_session.user ="swarsel";
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
'';
programs = {
dconf.enable = true;
evince.enable = true;
kdeconnect.enable = true;
};
};
environment.etc."greetd/environments".text = ''
sway
'';
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [zsh];
environment.pathsToLink = ["/share/zsh"];
services.blueman.enable = true;
# enable scanners over network
hardware.sane = {
enable = true;
extraBackends = [pkgs.sane-airscan];
};
# enable discovery and usage of network devices (esp. printers)
services.printing = {
enable = true;
drivers = [
pkgs.gutenprint
pkgs.gutenprintBin
];
browsedConf = ''
BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all
BrowseRemoteProtocols all
CreateIPPPrinterQueues All
BrowseProtocols all
'';
};
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.gvfs.enable = true;
# Make CAPS work as a dual function ESC/CTRL key
services.interception-tools = {
enable = true;
udevmonConfig = let
dualFunctionKeysConfig = builtins.toFile "dual-function-keys.yaml" ''
TIMING:
TAP_MILLISEC: 200
DOUBLE_TAP_MILLISEC: 0
MAPPINGS:
- KEY: KEY_CAPSLOCK
TAP: KEY_ESC
HOLD: KEY_LEFTCTRL
'';
in ''
- JOB: |
${pkgs.interception-tools}/bin/intercept -g $DEVNODE \
| ${pkgs.interception-tools-plugins.dual-function-keys}/bin/dual-function-keys -c ${dualFunctionKeysConfig} \
| ${pkgs.interception-tools}/bin/uinput -d $DEVNODE
DEVICE:
EVENTS:
EV_KEY: [KEY_CAPSLOCK]
'';
};
programs.ssh.startAgent = false;
services.pcscd.enable = true;
hardware.ledger.enable = true;
services.udev.packages = with pkgs; [
yubikey-personalization
ledger-udev-rules
];
services.greetd = {
enable = true;
settings = {
initial_session.command = "sway";
# initial_session.user ="swarsel";
default_session.command = ''
${pkgs.greetd.tuigreet}/bin/tuigreet \
--time \
--asterisks \
--user-menu \
--cmd sway
'';
};
};
environment.etc."greetd/environments".text = ''
sway
'';
}

43
profiles/fourside/hardware-configuration.nix
View file

@ -1,31 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/55eee3d2-4125-4aba-a326-10cde2abdf26";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/BC7A-F7D9";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/BC7A-F7D9";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/0a74b04a-99e0-48cd-afcf-6ca849f6f85a";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

88
profiles/fourside/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -11,11 +11,11 @@
defaultCacheTtl = 600;
maxCacheTtl = 7200;
extraConfig = ''
allow-loopback-pinentry
allow-emacs-pinentry
allow-loopback-pinentry
allow-emacs-pinentry
'';
};
};
home = {
username = "swarsel";
homeDirectory = "/home/swarsel";
@ -24,7 +24,7 @@
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -34,26 +34,25 @@
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
wayland.windowManager.sway= {
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
input = {
@ -61,7 +60,8 @@
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
"1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
xkb_variant = "altgr-intl";
@ -72,7 +72,6 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -91,17 +90,22 @@
};
workspaceOutputAssign = [
{ output = "eDP-1"; workspace = "1:";}
{ output = "DP-4"; workspace = "2:";}
{
output = "eDP-1";
workspace = "1:";
}
{
output = "DP-4";
workspace = "2:";
}
];
keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown"= "exec brightnessctl set 5%-";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86Display" = "exec wl-mirror eDP-1";
# these are left open to use
# "XF86WLAN" = "exec wl-mirror eDP-1";
@ -115,14 +119,12 @@
};
startup = [
{ command = "nextcloud --background";}
{ command = "discord --start-minimized";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
];
};
};

115
profiles/fourside/nixos.nix
View file

@ -1,21 +1,21 @@
{ config, pkgs, ... }:
{
#
config,
pkgs,
...
}: {
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports =
[
./hardware-configuration.nix
];
#
imports = [
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
greetd.settings.initial_session.user="swarsel";
greetd.settings.initial_session.user = "swarsel";
};
boot = {
@ -24,7 +24,7 @@
# kernelPackages = pkgs.linuxPackages_latest;
};
sops.age.sshKeyPaths = [ "${config.users.users.swarsel.home}/.ssh/sops" ];
sops.age.sshKeyPaths = ["${config.users.users.swarsel.home}/.ssh/sops"];
networking = {
hostName = "fourside"; # Define your hostname.
@ -33,32 +33,44 @@
firewall.checkReversePath = false;
firewall = {
enable = true;
allowedUDPPorts = [ 4380 27036 14242 34197 51820 ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedUDPPorts = [4380 27036 14242 34197 51820]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPorts = []; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
allowedTCPPortRanges = [
{from = 27015; to = 27030;} # barotrauma
{from = 27036; to = 27037;} # barotrauma
{
from = 27015;
to = 27030;
} # barotrauma
{
from = 27036;
to = 27037;
} # barotrauma
];
allowedUDPPortRanges = [
{from = 27000; to = 27031;} # barotrauma
{from = 58962; to = 58964;} # barotrauma
{
from = 27000;
to = 27031;
} # barotrauma
{
from = 58962;
to = 58964;
} # barotrauma
];
};
};
virtualisation.virtualbox = {
host = {
enable = true;
enableExtensionPack = true;
enable = true;
enableExtensionPack = true;
};
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
guest = {
enable = false;
};
};
};
stylix.image = ../../wallpaper/lenovowp.png;
stylix = {
enable = true;
base16Scheme = ../../wallpaper/swarsel.yaml;
@ -83,7 +95,7 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
@ -92,38 +104,35 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
vulkan-loader
vulkan-validation-layers
vulkan-extension-layer
];
};
bluetooth.enable = true;
trackpoint = {
enable = true;
device = "TPPS/2 Elan TrackPoint";
};
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
vulkan-loader
vulkan-validation-layers
vulkan-extension-layer
];
};
bluetooth.enable = true;
trackpoint = {
enable = true;
device = "TPPS/2 Elan TrackPoint";
};
};
programs.steam = {
enable = true;
@ -132,7 +141,7 @@
];
};
# Configure keymap in X11 (only used for login)
# Configure keymap in X11 (only used for login)
services.thinkfan = {
enable = false;
@ -143,7 +152,7 @@
services.nswitch-rcm = {
enable = true;
package = pkgs.fetchurl {
package = pkgs.fetchurl {
url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
};
@ -153,21 +162,19 @@
isNormalUser = true;
description = "Leon S";
hashedPasswordFile = config.sops.secrets.swarseluser.path;
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; [];
};
environment.systemPackages = with pkgs; [
# gog games installing
heroic
# minecraft
temurin-bin-17
(prismlauncher.override {
glfw = pkgs.glfw-wayland-minecraft;
})
# gog games installing
heroic
# minecraft
temurin-bin-17
(prismlauncher.override {
glfw = pkgs.glfw-wayland-minecraft;
})
];
system.stateVersion = "23.05";
}

5
profiles/mysticant/configuration.nix
View file

@ -1,6 +1,4 @@
{ pkgs, ... }:
{
{pkgs, ...}: {
environment.packages = with pkgs; [
vim
git
@ -18,5 +16,4 @@
nix.extraOptions = ''
experimental-features = nix-command flakes
'';
}

20
profiles/remote/oracle/matrix/hardware-configuration.nix
View file

@ -1,14 +1,18 @@
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
{modulesPath, ...}: {
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
fileSystems."/boot" = { device = "/dev/disk/by-uuid/A1B2-7E6F"; fsType = "vfat"; };
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; };
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A1B2-7E6F";
fsType = "vfat";
};
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = {
device = "/dev/mapper/ocivolume-root";
fsType = "xfs";
};
}

128
profiles/remote/oracle/matrix/nixos.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, sops, ... }: let
{
config,
pkgs,
sops,
...
}: let
matrixDomain = "swatrix.swarsel.win";
in {
imports = [
./hardware-configuration.nix
];
@ -23,24 +27,24 @@ in {
nix.settings.experimental-features = ["nix-command" "flakes"];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
dnstokenfull = {owner="acme";};
matrixsharedsecret = {owner="matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";};
dnstokenfull = {owner = "acme";};
matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner = "matrix-synapse";};
};
templates = {
"certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
mautrixtelegram = {
owner = "matrix-synapse";
content = ''
@ -48,13 +52,13 @@ in {
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
'';
};
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
'';
};
};
};
@ -78,7 +82,6 @@ in {
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"swatrix.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -87,8 +90,8 @@ in {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://localhost:8008";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -102,13 +105,13 @@ in {
enableIPv6 = false;
domain = "swarsel.win";
firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
'';
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29317 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
'';
};
services.openssh = {
enable = true;
@ -129,27 +132,27 @@ in {
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.matrix-synapse = {
settings.app_service_config_files = [
@ -164,14 +167,15 @@ in {
public_baseurl = "https://${matrixDomain}";
};
listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
{
port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
names = ["client" "federation"];
compress = true;
}
];
@ -191,7 +195,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29317";
address = "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
@ -220,16 +224,16 @@ in {
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
services.mautrix-whatsapp = {
@ -240,7 +244,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29318";
address = "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
@ -287,8 +291,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29328";
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
@ -314,7 +317,7 @@ in {
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -324,14 +327,13 @@ in {
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

43
profiles/remote/oracle/sync/hardware-configuration.nix
View file

@ -1,28 +1,31 @@
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a";
fsType = "xfs";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/4b47378a-02eb-4548-bab8-59cbf379252a";
fsType = "xfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2B75-2AD5";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2B75-2AD5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/f0126a93-753e-4769-ada8-7499a1efb3a9";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

44
profiles/remote/oracle/sync/nixos.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
];
@ -19,13 +21,13 @@
nix.settings.experimental-features = ["nix-command" "flakes"];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
validateSopsFiles = false;
secrets.swarsel = { owner = "root";};
secrets.dnstokenfull = {owner="acme";};
secrets.swarsel = {owner = "root";};
secrets.dnstokenfull = {owner = "acme";};
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
@ -44,7 +46,6 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"synki.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -53,8 +54,8 @@
"/" = {
proxyPass = "http://localhost:27701";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -67,8 +68,8 @@
"/" = {
proxyPass = "http://localhost:8384/";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -81,8 +82,8 @@
"/" = {
proxyPass = "http://localhost:3000";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -96,14 +97,14 @@
enableIPv6 = false;
domain = "subnet03112148.vcn03112148.oraclevcn.com";
firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8384 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 3000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 22000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
'';
};
services.openssh = {
@ -160,5 +161,4 @@
};
};
};
}

31
profiles/sandbox/hardware-configuration.nix
View file

@ -1,24 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ata_piix" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/147e3682-eb15-4e96-9cac-4f2fb5888a69";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

413
profiles/sandbox/nixos.nix
View file

@ -1,7 +1,11 @@
{ config, pkgs, sops, ... }: let
{
config,
pkgs,
sops,
...
}: let
matrixDomain = "swatrix.swarsel.win";
in {
imports = [
./hardware-configuration.nix
];
@ -10,9 +14,9 @@ in {
enable = true;
device = "/dev/sda";
useOSProber = true;
supportedFilesystems = [ "zfs" ];
supportedFilesystems = ["zfs"];
zfs.forceImportRoot = false;
kernelModules = [ "tun" ];
kernelModules = ["tun"];
kernel.sysctl = {
"net.ipv4.conf.all.rp_filter" = 2;
"net.ipv4.conf.default.rp_filter" = 2;
@ -26,13 +30,13 @@ in {
enableIPv6 = true;
firewall.enable = false;
firewall.extraCommands = ''
sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
'';
sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
'';
iproute2 = {
enable = true;
rttablesExtraConfig = ''
200 vpn
'';
200 vpn
'';
};
};
@ -41,7 +45,7 @@ in {
hardware.enableAllFirmware = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
@ -64,7 +68,7 @@ in {
};
users = {
jellyfin = {
extraGroups = [ "video" "render" ];
extraGroups = ["video" "render"];
};
vpn = {
isNormalUser = true;
@ -75,23 +79,23 @@ in {
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = [ "audio" "utmp" ];
extraGroups = ["audio" "utmp"];
};
spotifyd = {
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = [ "audio" "utmp" ];
extraGroups = ["audio" "utmp"];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = [ "audio" "utmp" ];
extraGroups = ["audio" "utmp"];
};
swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp"];
extraGroups = ["networkmanager" "wheel" "lp"];
packages = with pkgs; [];
};
root = {
@ -133,26 +137,26 @@ in {
zfs
];
etc = {
"openvpn/iptables.sh" =
{ source = ../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{ source = ../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{ source = ../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{ source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{ source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
"openvpn/iptables.sh" = {
source = ../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" = {
source = ../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" = {
source = ../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" = {
source = ../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" = {
source = ../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
shellAliases = {
nswitch = "cd ~/.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
@ -161,7 +165,7 @@ in {
systemd = {
timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -171,10 +175,10 @@ in {
services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
@ -190,19 +194,19 @@ in {
};
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/sandbox/secrets.yaml";
validateSopsFiles = false;
secrets = {
dnstokenfull = {owner="acme";};
kavita = { owner = "kavita";};
dnstokenfull = {owner = "acme";};
kavita = {owner = "kavita";};
vpnuser = {};
rpcuser = {owner="vpn";};
rpcuser = {owner = "vpn";};
vpnpass = {};
rpcpass = {owner="vpn";};
rpcpass = {owner = "vpn";};
vpnprot = {};
vpnloc = {};
mpdpass = { owner = "mpd";};
mpdpass = {owner = "mpd";};
};
templates = {
"transmission-rpc" = {
@ -214,37 +218,37 @@ in {
};
pia.content = ''
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
vpn.content = ''
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
'';
disable-occ
'';
"certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
};
@ -265,10 +269,12 @@ in {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
};
nginx = {
@ -278,7 +284,6 @@ in {
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -287,8 +292,8 @@ in {
"/" = {
proxyPass = "https://192.168.1.5";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
"/.well-known/carddav" = {
return = "301 $scheme://$host/remote.php/dav";
@ -307,13 +312,12 @@ in {
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://127.0.0.1:8008";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -323,13 +327,13 @@ in {
proxyPass = "http://127.0.0.1:4040";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
};
};
};
@ -342,8 +346,8 @@ in {
"/" = {
proxyPass = "http://127.0.0.1:28981";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -356,8 +360,8 @@ in {
"/" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -370,8 +374,8 @@ in {
"/" = {
proxyPass = "http://127.0.0.1:8080";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -417,74 +421,74 @@ in {
credentialsFile = config.sops.templates."transmission-rpc".path;
user = "vpn";
settings = {
alt-speed-down= 8000;
alt-speed-enabled= false;
alt-speed-time-begin= 0;
alt-speed-time-day= 127;
alt-speed-time-enabled= true;
alt-speed-time-end= 360;
alt-speed-up= 2000;
bind-address-ipv4= "0.0.0.0";
bind-address-ipv6= "::";
blocklist-enabled= false;
blocklist-url= "http://www.example.com/blocklist";
cache-size-mb= 256;
dht-enabled= false;
download-dir= "/test";
download-limit= 100;
download-limit-enabled= 0;
download-queue-enabled= true;
download-queue-size= 5;
encryption= 2;
idle-seeding-limit= 30;
idle-seeding-limit-enabled= false;
incomplete-dir= "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled= false;
lpd-enabled= false;
max-peers-global= 200;
message-level= 1;
peer-congestion-algorithm= "";
peer-id-ttl-hours= 6;
peer-limit-global= 100;
peer-limit-per-torrent= 40;
peer-port= 22371;
peer-port-random-high= 65535;
peer-port-random-low= 49152;
peer-port-random-on-start= false;
peer-socket-tos= "default";
pex-enabled= false;
port-forwarding-enabled= false;
preallocation= 1;
prefetch-enabled= true;
queue-stalled-enabled= true;
queue-stalled-minutes= 30;
ratio-limit= 2;
ratio-limit-enabled= false;
rename-partial-files= true;
rpc-authentication-required= true;
rpc-bind-address= "0.0.0.0";
rpc-enabled= true;
rpc-host-whitelist= "";
rpc-host-whitelist-enabled= true;
rpc-port= 9091;
rpc-url= "/transmission/";
rpc-whitelist= "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled= true;
scrape-paused-torrents-enabled= true;
script-torrent-done-enabled= false;
seed-queue-enabled= false;
seed-queue-size= 10;
speed-limit-down= 6000;
speed-limit-down-enabled= true;
speed-limit-up= 500;
speed-limit-up-enabled= true;
start-added-torrents= true;
trash-original-torrent-files= false;
umask= 2;
upload-limit= 100;
upload-limit-enabled= 0;
upload-slots-per-torrent= 14;
utp-enabled= false;
alt-speed-down = 8000;
alt-speed-enabled = false;
alt-speed-time-begin = 0;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 360;
alt-speed-up = 2000;
bind-address-ipv4 = "0.0.0.0";
bind-address-ipv6 = "::";
blocklist-enabled = false;
blocklist-url = "http://www.example.com/blocklist";
cache-size-mb = 256;
dht-enabled = false;
download-dir = "/test";
download-limit = 100;
download-limit-enabled = 0;
download-queue-enabled = true;
download-queue-size = 5;
encryption = 2;
idle-seeding-limit = 30;
idle-seeding-limit-enabled = false;
incomplete-dir = "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled = false;
lpd-enabled = false;
max-peers-global = 200;
message-level = 1;
peer-congestion-algorithm = "";
peer-id-ttl-hours = 6;
peer-limit-global = 100;
peer-limit-per-torrent = 40;
peer-port = 22371;
peer-port-random-high = 65535;
peer-port-random-low = 49152;
peer-port-random-on-start = false;
peer-socket-tos = "default";
pex-enabled = false;
port-forwarding-enabled = false;
preallocation = 1;
prefetch-enabled = true;
queue-stalled-enabled = true;
queue-stalled-minutes = 30;
ratio-limit = 2;
ratio-limit-enabled = false;
rename-partial-files = true;
rpc-authentication-required = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-host-whitelist = "";
rpc-host-whitelist-enabled = true;
rpc-port = 9091;
rpc-url = "/transmission/";
rpc-whitelist = "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled = true;
scrape-paused-torrents-enabled = true;
script-torrent-done-enabled = false;
seed-queue-enabled = false;
seed-queue-size = 10;
speed-limit-down = 6000;
speed-limit-down-enabled = true;
speed-limit-up = 500;
speed-limit-up-enabled = true;
start-added-torrents = true;
trash-original-torrent-files = false;
umask = 2;
upload-limit = 100;
upload-limit-enabled = 0;
upload-slots-per-torrent = 14;
utp-enabled = false;
};
};
@ -508,9 +512,6 @@ in {
# MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
# '';
# ----------------
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
@ -521,27 +522,27 @@ in {
postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
matrix-synapse = {
settings.app_service_config_files = [
@ -557,14 +558,15 @@ in {
config.sops.templates.matrixshared.path
];
settings.listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
{
port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
names = ["client" "federation"];
compress = true;
}
];
@ -581,7 +583,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29317";
address = "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
@ -613,8 +615,8 @@ in {
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
@ -630,7 +632,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29318";
address = "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
@ -676,8 +678,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29328";
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
@ -740,7 +741,6 @@ in {
];
};
spotifyd = {
enable = true;
settings = {
@ -760,18 +760,18 @@ in {
samba = {
package = pkgs.samba4Full;
extraConfig = ''
workgroup = WORKGROUP
server role = standalone server
dns proxy = no
workgroup = WORKGROUP
server role = standalone server
dns proxy = no
pam password change = yes
map to guest = bad user
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
follow symlinks = yes
'';
pam password change = yes
map to guest = bad user
create mask = 0664
force create mode = 0664
directory mask = 0775
force directory mode = 0775
follow symlinks = yes
'';
# ^^ `samba4Full` is compiled with avahi, ldap, AD etc support compared to the default package, `samba`
# Required for samba to register mDNS records for auto discovery
@ -789,7 +789,6 @@ in {
};
};
avahi = {
publish.enable = true;
publish.userServices = true;

74
profiles/server1/TEMPLATE/nixos.nix
View file

@ -1,41 +1,43 @@
{ pkgs, modulesPath, ... }:
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
];
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
nix.settings.experimental-features = ["nix-command" "flakes"];
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "TEMPLATE"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "TEMPLATE"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
# users.users.root.password = "TEMPLATE";
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
}

24
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--120--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

125
profiles/server1/calibre/nixos.nix
View file

@ -1,70 +1,71 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
calibre
];
users.groups.lxc_shares = {
gid = 10000;
members = [
"kavita"
"calibre-web"
"root"
];
};
environment.systemPackages = with pkgs; [
git
gnupg
ssh-to-age
calibre
];
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
users.groups.lxc_shares = {
gid = 10000;
members = [
"kavita"
"calibre-web"
"root"
];
};
nix.settings.experimental-features = ["nix-command" "flakes"];
services.xserver = {
layout = "us";
xkbVariant = "altgr-intl";
};
sops = {
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false;
secrets.kavita = {owner = "kavita";};
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "calibre"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
nix.settings.experimental-features = ["nix-command" "flakes"];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
validateSopsFiles = false;
secrets.kavita = { owner = "kavita";};
};
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
hostName = "calibre"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}
services.kavita = {
enable = true;
user = "kavita";
port = 8080;
tokenKeyFile = config.sops.secrets.kavita.path;
};
}

32
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,27 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--121--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--121--disk--0";
fsType = "ext4";
};
fileSystems."/media/Videos" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
fileSystems."/media/Videos" =
{ device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

14
profiles/server1/jellyfin/nixos.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -21,7 +24,7 @@
};
users.users.jellyfin = {
extraGroups = [ "video" "render" ];
extraGroups = ["video" "render"];
};
services.xserver = {
@ -56,13 +59,13 @@
};
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
vaapiIntel = pkgs.vaapiIntel.override {enableHybridCodec = true;};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
@ -73,5 +76,4 @@
user = "jellyfin";
# openFirewall = true; # this works only for the default ports
};
}

24
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--102--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

128
profiles/server1/matrix/nixos.nix
View file

@ -1,8 +1,12 @@
{ config, pkgs, modulesPath, sops, ... }: let
{
config,
pkgs,
modulesPath,
sops,
...
}: let
matrixDomain = "matrix2.swarsel.win";
in {
services = {
xserver = {
layout = "us";
@ -11,35 +15,36 @@ in {
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
@ -62,25 +67,25 @@ in {
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
validateSopsFiles = false;
secrets = {
matrixsharedsecret = {owner="matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";};
matrixsharedsecret = {owner = "matrix-synapse";};
mautrixtelegram_as = {owner = "matrix-synapse";};
mautrixtelegram_hs = {owner = "matrix-synapse";};
mautrixtelegram_api_id = {owner = "matrix-synapse";};
mautrixtelegram_api_hash = {owner = "matrix-synapse";};
};
templates = {
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
'';
};
mautrixtelegram = {
owner = "matrix-synapse";
@ -89,7 +94,7 @@ in {
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
'';
};
};
};
@ -97,27 +102,27 @@ in {
services.postgresql = {
enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-telegram" WITH LOGIN PASSWORD 'telegram';
CREATE DATABASE "mautrix-telegram" WITH OWNER "mautrix-telegram"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-whatsapp" WITH LOGIN PASSWORD 'whatsapp';
CREATE DATABASE "mautrix-whatsapp" WITH OWNER "mautrix-whatsapp"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
CREATE ROLE "mautrix-signal" WITH LOGIN PASSWORD 'signal';
CREATE DATABASE "mautrix-signal" WITH OWNER "mautrix-signal"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
};
services.matrix-synapse = {
@ -132,14 +137,15 @@ in {
server_name = matrixDomain;
public_baseurl = "https://${matrixDomain}";
listeners = [
{ port = 8008;
bind_addresses = [ "0.0.0.0" ];
{
port = 8008;
bind_addresses = ["0.0.0.0"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [ "client" "federation" ];
names = ["client" "federation"];
compress = true;
}
];
@ -160,7 +166,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29317";
address = "http://localhost:29317";
hostname = "0.0.0.0";
port = "29317";
provisioning.enabled = true;
@ -189,16 +195,16 @@ in {
args = {
width = 256;
height = 256;
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
fps = 30; # only for webm
background = "020202"; # only for gif, transparency not supported
};
};
};
};
};
systemd.services.mautrix-telegram.path = with pkgs; [
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
lottieconverter # for animated stickers conversion, unfree package
ffmpeg # if converting animated stickers to webm (very slow!)
];
services.mautrix-whatsapp = {
@ -209,7 +215,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29318";
address = "http://localhost:29318";
hostname = "0.0.0.0";
port = 29318;
database = {
@ -255,8 +261,7 @@ in {
domain = matrixDomain;
};
appservice = {
address= "http://localhost:29328";
address = "http://localhost:29328";
hostname = "0.0.0.0";
port = 29328;
database = {
@ -282,7 +287,7 @@ in {
# messages out after a while.
systemd.timers."restart-bridges" = {
wantedBy = [ "timers.target" ];
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "1d";
OnUnitActiveSec = "1d";
@ -292,14 +297,13 @@ in {
systemd.services."restart-bridges" = {
script = ''
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
systemctl restart mautrix-whatsapp.service
systemctl restart mautrix-signal.service
systemctl restart mautrix-telegram.service
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

24
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--119--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

56
profiles/server1/nginx/nixos.nix
View file

@ -1,5 +1,9 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -21,12 +25,12 @@
nix.settings.experimental-features = ["nix-command" "flakes"];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
validateSopsFiles = false;
secrets.dnstokenfull = {owner="acme";};
secrets.dnstokenfull = {owner = "acme";};
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
'';
};
proxmoxLXC = {
@ -69,7 +73,6 @@
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"stash.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -79,7 +82,7 @@
proxyPass = "https://192.168.1.5";
extraConfig = ''
client_max_body_size 0;
'';
'';
};
# "/push/" = {
# proxyPass = "http://192.168.2.5:7867";
@ -101,13 +104,12 @@
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.23:8008";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
"sound.swarsel.win" = {
enableACME = true;
forceSSL = true;
@ -117,13 +119,13 @@
proxyPass = "http://192.168.1.13:4040";
proxyWebsockets = true;
extraConfig = ''
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
proxy_redirect http:// https://;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
proxy_buffering off;
proxy_request_buffering off;
client_max_body_size 0;
'';
};
};
};
@ -136,8 +138,8 @@
"/" = {
proxyPass = "http://192.168.1.24:28981";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -150,8 +152,8 @@
"/" = {
proxyPass = "http://192.168.1.16:8096";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -164,8 +166,8 @@
"~ ^(/_matrix|/_synapse/client)" = {
proxyPass = "http://192.168.1.20:8008";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -178,8 +180,8 @@
"/" = {
proxyPass = "http://192.168.1.22:8080";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
@ -192,13 +194,11 @@
"/" = {
proxyPass = "https://192.168.1.7";
extraConfig = ''
client_max_body_size 0;
'';
client_max_body_size 0;
'';
};
};
};
};
};
}

24
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--117--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

41
profiles/server1/paperless/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,36 +17,36 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
users.groups.lxc_shares = {
gid = 10000;
@ -68,10 +68,10 @@
};
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
validateSopsFiles = false;
secrets.admin = { owner = "paperless";};
secrets.admin = {owner = "paperless";};
};
services.paperless = {
@ -90,5 +90,4 @@
};
};
};
}

34
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,28 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4";
options = ["loop"];
};
fileSystems."/" =
{ device = "/mnt/data/images/118/vm-118-disk-0.raw";
fsType = "ext4";
options = [ "loop" ];
};
fileSystems."/media" = {
device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
fileSystems."/media" =
{ device = "//192.168.1.3/Eternor";
fsType = "cifs";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

44
profiles/server1/sound/nixos.nix
View file

@ -1,14 +1,14 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,36 +17,36 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
@ -73,13 +73,13 @@
isSystemUser = true;
uid = 61593;
group = "navidrome";
extraGroups = [ "audio" "utmp" ];
extraGroups = ["audio" "utmp"];
};
mpd = {
isSystemUser = true;
group = "mpd";
extraGroups = [ "audio" "utmp" ];
extraGroups = ["audio" "utmp"];
};
};
};
@ -103,10 +103,10 @@
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
validateSopsFiles = false;
secrets.mpdpass = { owner = "mpd";};
secrets.mpdpass = {owner = "mpd";};
};
services.navidrome = {

24
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--123--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

38
profiles/server1/spotifyd/nixos.nix
View file

@ -1,14 +1,13 @@
{ pkgs, modulesPath, ... }:
{
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
];
services = {
xserver = {
layout = "us";
@ -17,36 +16,36 @@
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
};
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
];
system.stateVersion = "23.05"; # TEMPLATE - but probably no need to change
environment.shellAliases = {
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
};
proxmoxLXC.privileged = true; # manage hostname myself
@ -58,7 +57,7 @@
isSystemUser = true;
uid = 65136;
group = "spotifyd";
extraGroups = [ "audio" "utmp" ];
extraGroups = ["audio" "utmp"];
};
sound = {
@ -89,5 +88,4 @@
};
};
};
}

24
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,22 +1,20 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ lib, ... }:
{lib, ...}: {
imports = [];
{
imports = [ ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "vfio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "vfio_pci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4";
};
fileSystems."/" =
{ device = "/dev/mapper/pve-vm--122--disk--0";
fsType = "ext4";
};
swapDevices = [ ];
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

262
profiles/server1/transmission/nixos.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, modulesPath, ... }:
{
config,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
./hardware-configuration.nix
@ -45,12 +48,12 @@
nix.settings.experimental-features = ["nix-command" "flakes"];
sops = {
age.sshKeyPaths = [ "/etc/ssh/sops" ];
age.sshKeyPaths = ["/etc/ssh/sops"];
defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = [ "tun" ];
boot.kernelModules = ["tun"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
@ -83,38 +86,40 @@
networking.iproute2 = {
enable = true;
rttablesExtraConfig = ''
200 vpn
'';
200 vpn
'';
};
environment.etc = {
"openvpn/iptables.sh" =
{ source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" =
{ source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" =
{ source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" =
{ source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" =
{ source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
"openvpn/iptables.sh" = {
source = ../../../scripts/server1/iptables.sh;
mode = "0755";
};
"openvpn/update-resolv-conf" = {
source = ../../../scripts/server1/update-resolv-conf;
mode = "0755";
};
"openvpn/routing.sh" = {
source = ../../../scripts/server1/routing.sh;
mode = "0755";
};
"openvpn/ca.rsa.2048.crt" = {
source = ../../../secrets/certs/ca.rsa.2048.crt;
mode = "0644";
};
"openvpn/crl.rsa.2048.pem" = {
source = ../../../secrets/certs/crl.rsa.2048.pem;
mode = "0644";
};
};
services.openssh = {
enable = true;
settings.PermitRootLogin = "yes";
listenAddresses = [{
port = 22;
addr = "0.0.0.0";
}];
listenAddresses = [
{
port = 22;
addr = "0.0.0.0";
}
];
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys
@ -138,44 +143,44 @@
};
pia.content = ''
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass}
'';
vpn.content = ''
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
client
dev tun
proto ${config.sops.placeholder.vpnprot}
remote ${config.sops.placeholder.vpnloc}
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
auth-user-pass ${config.sops.templates.pia.path}
compress
verb 1
reneg-sec 0
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
crl-verify /etc/openvpn/crl.rsa.2048.pem
ca /etc/openvpn/ca.rsa.2048.crt
disable-occ
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
dhcp-option DNS 8.8.8.8
route-noexec
'';
disable-occ
dhcp-option DNS 209.222.18.222
dhcp-option DNS 209.222.18.218
dhcp-option DNS 8.8.8.8
route-noexec
'';
};
secrets = {
vpnuser = {};
rpcuser = {owner="vpn";};
rpcuser = {owner = "vpn";};
vpnpass = {};
rpcpass = {owner="vpn";};
rpcpass = {owner = "vpn";};
vpnprot = {};
vpnloc = {};
};
@ -194,77 +199,74 @@
user = "vpn";
group = "lxc_shares";
settings = {
alt-speed-down= 8000;
alt-speed-enabled= false;
alt-speed-time-begin= 0;
alt-speed-time-day= 127;
alt-speed-time-enabled= true;
alt-speed-time-end= 360;
alt-speed-up= 2000;
bind-address-ipv4= "0.0.0.0";
bind-address-ipv6= "::";
blocklist-enabled= false;
blocklist-url= "http://www.example.com/blocklist";
cache-size-mb= 4;
dht-enabled= false;
download-dir= "/media/Eternor/New";
download-limit= 100;
download-limit-enabled= 0;
download-queue-enabled= true;
download-queue-size= 5;
encryption= 2;
idle-seeding-limit= 30;
idle-seeding-limit-enabled= false;
incomplete-dir= "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled= false;
lpd-enabled= false;
max-peers-global= 200;
message-level= 1;
peer-congestion-algorithm= "";
peer-id-ttl-hours= 6;
peer-limit-global= 100;
peer-limit-per-torrent= 40;
peer-port= 22371;
peer-port-random-high= 65535;
peer-port-random-low= 49152;
peer-port-random-on-start= false;
peer-socket-tos= "default";
pex-enabled= false;
port-forwarding-enabled= false;
preallocation= 1;
prefetch-enabled= true;
queue-stalled-enabled= true;
queue-stalled-minutes= 30;
ratio-limit= 2;
ratio-limit-enabled= false;
rename-partial-files= true;
rpc-authentication-required= true;
rpc-bind-address= "0.0.0.0";
rpc-enabled= true;
rpc-host-whitelist= "";
rpc-host-whitelist-enabled= true;
rpc-port= 9091;
rpc-url= "/transmission/";
rpc-whitelist= "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled= true;
scrape-paused-torrents-enabled= true;
script-torrent-done-enabled= false;
seed-queue-enabled= false;
seed-queue-size= 10;
speed-limit-down= 6000;
speed-limit-down-enabled= true;
speed-limit-up= 500;
speed-limit-up-enabled= true;
start-added-torrents= true;
trash-original-torrent-files= false;
umask= 2;
upload-limit= 100;
upload-limit-enabled= 0;
upload-slots-per-torrent= 14;
utp-enabled= false;
alt-speed-down = 8000;
alt-speed-enabled = false;
alt-speed-time-begin = 0;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 360;
alt-speed-up = 2000;
bind-address-ipv4 = "0.0.0.0";
bind-address-ipv6 = "::";
blocklist-enabled = false;
blocklist-url = "http://www.example.com/blocklist";
cache-size-mb = 4;
dht-enabled = false;
download-dir = "/media/Eternor/New";
download-limit = 100;
download-limit-enabled = 0;
download-queue-enabled = true;
download-queue-size = 5;
encryption = 2;
idle-seeding-limit = 30;
idle-seeding-limit-enabled = false;
incomplete-dir = "/var/lib/transmission-daemon/Downloads";
incomplete-dir-enabled = false;
lpd-enabled = false;
max-peers-global = 200;
message-level = 1;
peer-congestion-algorithm = "";
peer-id-ttl-hours = 6;
peer-limit-global = 100;
peer-limit-per-torrent = 40;
peer-port = 22371;
peer-port-random-high = 65535;
peer-port-random-low = 49152;
peer-port-random-on-start = false;
peer-socket-tos = "default";
pex-enabled = false;
port-forwarding-enabled = false;
preallocation = 1;
prefetch-enabled = true;
queue-stalled-enabled = true;
queue-stalled-minutes = 30;
ratio-limit = 2;
ratio-limit-enabled = false;
rename-partial-files = true;
rpc-authentication-required = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-host-whitelist = "";
rpc-host-whitelist-enabled = true;
rpc-port = 9091;
rpc-url = "/transmission/";
rpc-whitelist = "127.0.0.1,192.168.3.2";
rpc-whitelist-enabled = true;
scrape-paused-torrents-enabled = true;
script-torrent-done-enabled = false;
seed-queue-enabled = false;
seed-queue-size = 10;
speed-limit-down = 6000;
speed-limit-down-enabled = true;
speed-limit-up = 500;
speed-limit-up-enabled = true;
start-added-torrents = true;
trash-original-torrent-files = false;
umask = 2;
upload-limit = 100;
upload-limit-enabled = 0;
upload-slots-per-torrent = 14;
utp-enabled = false;
};
};
}

43
profiles/threed/hardware-configuration.nix
View file

@ -1,31 +1,34 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/4a590cad-28d9-4153-bdb8-e424ec3bd5c8";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C67D-61AD";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C67D-61AD";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/b07aac27-a443-489c-9fdb-01c1ef633699";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

73
profiles/threed/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -11,11 +11,10 @@
defaultCacheTtl = 600;
maxCacheTtl = 7200;
extraConfig = ''
allow-loopback-pinentry
allow-emacs-pinentry
allow-loopback-pinentry
allow-emacs-pinentry
'';
};
};
home = {
username = "swarsel";
@ -26,32 +25,32 @@
];
};
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
programs.waybar.settings.mainBar = {
cpu.format = "{icon0} {icon1} {icon2} {icon3}";
temperature.hwmon-path = "/sys/devices/platform/coretemp.0/hwmon/hwmon1/temp3_input";
};
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
wayland.windowManager.sway= {
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
wayland.windowManager.sway = {
config = rec {
input = {
"*" = {
@ -78,8 +77,8 @@
keybindings = let
inherit (config.wayland.windowManager.sway.config) modifier;
in {
"${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1"= "exec brightnessctl set 5%-";
"${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1" = "exec brightnessctl set 5%-";
"${modifier}+n" = "exec sway output eDP-1 transform normal, splith";
"${modifier}+Ctrl+p" = "exec wl-mirror eDP-1";
"${modifier}+t" = "exec sway output eDP-1 transform 90, splitv";
@ -89,14 +88,12 @@
};
startup = [
{ command = "nextcloud --background";}
{ command = "discord --start-minimized";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
];
keycodebindings = {

33
profiles/threed/nixos.nix
View file

@ -1,16 +1,15 @@
{ lib, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
];
lib,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
greetd.settings.initial_session.user="swarsel";
greetd.settings.initial_session.user = "swarsel";
};
hardware.bluetooth.enable = true;
@ -35,7 +34,7 @@
};
stylix.image = ../../wallpaper/surfacewp.png;
stylix = {
enable = true;
base16Scheme = ../../wallpaper/swarsel.yaml;
@ -60,7 +59,7 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
@ -69,26 +68,23 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" ];
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video"];
packages = with pkgs; [];
};
@ -96,5 +92,4 @@
];
system.stateVersion = "23.05";
}

84
profiles/winters/home.nix
View file

@ -1,8 +1,8 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
services.gpg-agent = {
enable = true;
enableSshSupport = true;
@ -11,11 +11,11 @@
defaultCacheTtl = 600;
maxCacheTtl = 7200;
extraConfig = ''
allow-loopback-pinentry
allow-emacs-pinentry
allow-loopback-pinentry
allow-emacs-pinentry
'';
};
};
home = {
username = "swarsel";
homeDirectory = "/home/swarsel";
@ -24,7 +24,7 @@
packages = with pkgs; [
];
};
sops.age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/sops" ];
sops.age.sshKeyPaths = ["${config.home.homeDirectory}/.ssh/sops"];
# waybar config - TEMPLATE - update for cores and temp
programs.waybar.settings.mainBar = {
@ -34,26 +34,25 @@
temperature.input-filename = "temp1_input";
};
programs.waybar.settings.mainBar.modules-right = ["custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
programs.waybar.settings.mainBar.modules-right = [
"custom/outer-left-arrow-dark"
"mpris"
"custom/left-arrow-light"
"network"
"custom/left-arrow-dark"
"pulseaudio"
"custom/left-arrow-light"
"custom/pseudobat"
"battery"
"custom/left-arrow-dark"
"group/hardware"
"custom/left-arrow-light"
"clock#2"
"custom/left-arrow-dark"
"clock#1"
];
wayland.windowManager.sway= {
wayland.windowManager.sway = {
config = rec {
# update for actual inputs here,
input = {
@ -61,7 +60,8 @@
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
"1:1:AT_Translated_Set_2_keyboard" = { # TEMPLATE
"1:1:AT_Translated_Set_2_keyboard" = {
# TEMPLATE
xkb_layout = "us";
xkb_options = "grp:win_space_toggle";
xkb_variant = "altgr-intl";
@ -72,7 +72,6 @@
natural_scroll = "enabled";
middle_emulation = "enabled";
};
};
output = {
@ -92,11 +91,16 @@
};
workspaceOutputAssign = [
{ output = "eDP-1"; workspace = "1:";}
{ output = "HDMI-A-1"; workspace = "2:";}
{
output = "eDP-1";
workspace = "1:";
}
{
output = "HDMI-A-1";
workspace = "2:";
}
];
# keybindings = let
# inherit (config.wayland.windowManager.sway.config) modifier;
# in {
@ -104,14 +108,12 @@
# };
startup = [
{ command = "nextcloud --background";}
{ command = "discord --start-minimized";}
{ command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{ command = "ANKI_WAYLAND=1 anki";}
{ command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{ command = "nm-applet";}
{command = "nextcloud --background";}
{command = "discord --start-minimized";}
{command = "element-desktop --hidden -enable-features=UseOzonePlatform -ozone-platform=wayland --disable-gpu-driver-bug-workarounds";}
{command = "ANKI_WAYLAND=1 anki";}
{command = "OBSIDIAN_USE_WAYLAND=1 obsidian";}
{command = "nm-applet";}
];
};
};

59
profiles/winters/nixos.nix
View file

@ -1,21 +1,17 @@
{ pkgs, ... }:
{
#
{pkgs, ...}: {
#
# imports =
# [
# ./hardware-configuration.nix
# ];
#
imports =
[
./hardware-configuration.nix
];
#
imports = [
./hardware-configuration.nix
];
services = {
getty.autologinUser = "swarsel";
greetd.settings.initial_session.user="swarsel";
greetd.settings.initial_session.user = "swarsel";
};
boot = {
@ -31,8 +27,8 @@
firewall.checkReversePath = "strict";
firewall = {
enable = true;
allowedUDPPorts = [ ];
allowedTCPPorts = [ ];
allowedUDPPorts = [];
allowedTCPPorts = [];
allowedTCPPortRanges = [
];
allowedUDPPortRanges = [
@ -42,17 +38,17 @@
virtualisation.virtualbox = {
host = {
enable = true;
enableExtensionPack = true;
enable = true;
enableExtensionPack = true;
};
# leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
guest = {
enable = false;
};
};
};
stylix.image = ../../wallpaper/lenovowp.png;
stylix = {
enable = true;
base16Scheme = ../../wallpaper/swarsel.yaml;
@ -77,7 +73,7 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
sansSerif = {
# package = (pkgs.nerdfonts.override { fonts = [ "FiraMono" "FiraCode"]; });
package = pkgs.cantarell-fonts;
@ -86,31 +82,28 @@
# name = "FiraCode Nerd Font Propo";
# name = "Montserrat";
};
monospace = {
package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
package = pkgs.nerdfonts.override {fonts = ["FiraCode"];};
name = "FiraCode Nerd Font Mono";
};
emoji = {
package = pkgs.noto-fonts-emoji;
name = "Noto Color Emoji";
};
};
};
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
];
};
bluetooth.enable = true;
graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
];
};
bluetooth.enable = true;
};
programs.steam = {
enable = true;
@ -124,7 +117,7 @@
users.users.swarsel = {
isNormalUser = true;
description = "Leon S";
extraGroups = [ "networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner" ];
extraGroups = ["networkmanager" "wheel" "lp" "audio" "video" "vboxusers" "scanner"];
packages = with pkgs; [];
};
@ -140,6 +133,4 @@
];
system.stateVersion = "23.05";
}