kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:Kropatz/dotfiles

Browse Source
This commit is contained in:
Kopatz
2024-04-02 09:04:58 +02:00
parent 97f8733d5d 3ed4d6262c
commit 1ebda6348b
54 changed files with 498 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
flake.lock generated
View File

@@ -121,11 +121,11 @@
]
},
"locked": {
"lastModified": 1710532761,
"narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
"lastModified": 1711604890,
"narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
"rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df",
"type": "github"
},
"original": {
@@ -142,11 +142,11 @@
]
},
"locked": {
"lastModified": 1706981411,
"narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"lastModified": 1710888565,
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"type": "github"
},
"original": {
@@ -177,11 +177,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1710622004,
"narHash": "sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0=",
"lastModified": 1711352745,
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "968952f950a59dee9ed1e8799dda38c6dfa1bad3",
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
"type": "github"
},
"original": {
@@ -246,11 +246,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1710451336,
"narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
"lastModified": 1711523803,
"narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d691274a972b3165335d261cc4671335f5c67de9",
"rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
"type": "github"
},
"original": {
@@ -261,11 +261,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710565619,
"narHash": "sha256-xu/EnZCNdIj7m/QjCNIG5vrCA4TYg5uwFReb9XDxET0=",
"lastModified": 1711460390,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8ac30a39abc5ea67037dfbf090d6e89f187c6e50",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"type": "github"
},
"original": {

122
flake.nix
View File

@@ -31,51 +31,18 @@
nix-colors,
}@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
};
in {
overlays = import ./overlays.nix {inherit inputs;};
nixosConfigurations.server = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
### User specific ###
./users/anon
### System sepecific ###
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./modules/collections/server.nix
./systems/server/configuration.nix
### Modules ###
./modules/cli-tools.nix
./modules/static-ip.nix
./modules/hdd-spindown.nix
./modules/firewall.nix
./modules/motd.nix
./modules/postgres.nix
./modules/fail2ban.nix
./modules/nix/settings.nix
./modules/adguard.nix
./modules/git.nix
./modules/github-runner.nix
./modules/nextcloud.nix
./modules/acme.nix
./modules/samba.nix
./modules/backup.nix
./modules/nginx.nix
./modules/ssh.nix
./modules/docker.nix
./modules/wireguard.nix
./modules/cron.nix
./modules/kavita.nix
./modules/netdata.nix
./modules/step-ca.nix
./modules/tmpfs.nix
#./modules/games/palworld.nix
./modules/logging.nix
### Hardware ###
./modules/hardware/ssd.nix
({ config, outputs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
home-manager.nixosModules.home-manager
agenix.nixosModules.default
];
@@ -83,7 +50,7 @@
## Custom variables (e.g. ip, interface, etc)
vars = import ./systems/userdata-default.nix // import ./systems/server/userdata.nix;
pkgsVersion = nixpkgs;
inherit inputs ;
inherit inputs outputs;
};
};
nixosConfigurations."kop-pc" = nixpkgs-unstable.lib.nixosSystem {
@@ -91,44 +58,13 @@
specialArgs = {
vars = import ./systems/userdata-default.nix // import ./systems/pc/userdata.nix;
pkgsVersion = nixpkgs-unstable;
inherit inputs ;
inherit inputs outputs;
};
modules = [
### User specific ###
./users/kopatz
### System modules ###
./modules/graphical/plasma.nix
#./modules/graphical/hyprland.nix
./modules/graphical/emulators.nix
./modules/graphical/gamemode.nix
./modules/graphical/obs.nix
./modules/graphical/audio.nix
./modules/graphical/games.nix
./modules/graphical/ime.nix
./modules/graphical/code.nix
./modules/graphical/shared.nix
#./modules/fh/forensik.nix
./modules/hardware/nvidia.nix
./modules/hardware/ssd.nix
./modules/hardware/firmware.nix
./modules/kernel.nix # use latest kernel
./modules/nix/settings.nix
./modules/nix/index.nix
./modules/nix/ld.nix
./modules/cli-tools.nix
./modules/gpg.nix
./modules/virt-manager.nix
#./modules/hardware/vfio.nix too stupid for this
./modules/flatpak.nix
./modules/docker.nix
./modules/nftables.nix
./modules/noise-supression.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./modules/wooting.nix
./modules/wireshark.nix
./modules/tmpfs.nix
./modules/support/ntfs.nix
./modules/collections/desktop.nix
./systems/pc/configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
agenix.nixosModules.default
home-manager-unstable.nixosModules.home-manager
];
@@ -145,33 +81,31 @@
modules = [
### User specific ###
./users/kopatz
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./modules/graphical/hyprland.nix
./modules/graphical/emulators.nix
./modules/graphical/gamemode.nix
./modules/graphical/audio.nix
./modules/graphical/games.nix
./modules/graphical/ime.nix
./modules/graphical/code.nix
./modules/graphical/shared.nix
#./modules/fh/forensik.nix
./systems/laptop/configuration.nix
./modules/cli-tools.nix
./modules/ecryptfs.nix
./modules/pentest.nix
./modules/graphical/audio.nix
./modules/graphical/code.nix
./modules/graphical/emulators.nix
./modules/graphical/gamemode.nix
./modules/graphical/games.nix
./modules/graphical/hyprland.nix
./modules/graphical/ime.nix
./modules/graphical/shared.nix
./modules/nix/ld.nix
./modules/nix/settings.nix
./modules/support/ntfs.nix
./modules/thunderbolt.nix
./modules/tmpfs.nix
./modules/virt-manager.nix
./modules/vmware-host.nix
./modules/nix/ld.nix
./modules/ssh.nix
./modules/wireshark.nix
#./modules/static-ip.nix
./systems/laptop/configuration.nix
#./modules/fh/forensik.nix
#./modules/no-sleep-lid-closed.nix
#./modules/static-ip.nix
#./modules/wake-on-lan.nix
./modules/thunderbolt.nix
./modules/rdp.nix
./modules/tmpfs.nix
./modules/support/ntfs.nix
./modules/nix/settings.nix
({ config, outputs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
agenix.nixosModules.default
home-manager.nixosModules.home-manager
@@ -186,10 +120,10 @@
modules = [
#"${nixpkgs}/nixos/modules/profiles/minimal.nix"
./users/anon
./modules/nix/settings.nix
./modules/cli-tools.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./modules/nix/settings.nix
./systems/wsl/configuration.nix
({ config, outputs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
nixos-wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
];

19
home-manager/browser.nix Normal file
View File

@@ -0,0 +1,19 @@
{ config, pkgs, inputs, ...}:
{
programs.chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
extensions = [
{ id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; } # Dark-Reader
{ id = "ldpochfccmkkmhdbclfhpagapcfdljkj"; } # Decentraleyes
{ id = "bkdgflcldnnnapblkhphbgpggdiikppg"; } # DuckDuckGo
{
id = "dcpihecpambacapedldabdbpakmachpb";
updateUrl =
"https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
}
{ id = "dbepggeogbaibhgnhhndojpepiihcmeb"; } # Vimium
{ id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # Sponsorblock
];
};
}

2
home-manager/zsh.nix
View File

@@ -11,6 +11,8 @@
updateOffline = "sudo nixos-rebuild switch --option substitute false";
checkTime = "(cd ~/Nextcloud/work_drive/TS && nix run)";
checkWaylandWindowsKDE = "qdbus org.kde.KWin /KWin org.kde.KWin.showDebugConsole";
backupNoita = "cp -r ~/.local/share/Steam/steamapps/compatdata/881100/pfx/drive_c/users/steamuser/AppData/LocalLow/Nolla_Games_Noita/save00 ~/Nextcloud/backups/noita_save";
# TODO: gifsicle -O3 --lossy=30 noita-20240328-191617-1612416266-00316616.gif -o noita-20240328-191617-1612416266.gif
ssh = "TERM=xterm-256color ssh";
};
oh-my-zsh = {

6
modules/backup.nix
View File

@@ -1,6 +1,7 @@
{ config, pkgs, lib, inputs, ... }:
let
kavita = "/mnt/1tbssd/kavita";
gitolite = "/var/lib/gitolite";
in
{
age.secrets.restic-pw = {
@@ -31,6 +32,7 @@ in
"/mnt/250ssd/nextcloud"
"/mnt/250ssd/paperless"
kavita
gitolite
"/var/lib/palworld/Pal/Saved"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
@@ -53,6 +55,7 @@ in
"/mnt/250ssd/nextcloud"
"/mnt/250ssd/paperless"
kavita
gitolite
"/var/lib/palworld/Pal/Saved"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
@@ -68,6 +71,7 @@ in
"/mnt/250ssd/nextcloud"
"/mnt/250ssd/paperless"
kavita
gitolite
"/var/lib/palworld/Pal/Saved"
];
exclude = [
@@ -93,6 +97,7 @@ in
"/mnt/250ssd/matrix-synapse/media_store/"
"/mnt/250ssd/nextcloud"
"/mnt/250ssd/paperless"
gitolite
];
exclude = [
"/home/**/Cache"
@@ -127,6 +132,7 @@ in
"/home"
"/var/backup/postgresql"
"/var/lib/palworld/Pal/Saved"
gitolite
];
pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
timerConfig = {

1
modules/cli-tools.nix
View File

@@ -26,5 +26,6 @@
unzip
lsof
screen
tmux
];
}

38
modules/collections/desktop.nix Normal file
View File

@@ -0,0 +1,38 @@
{pkgs, ...}:
{
imports = [
### System modules ###
../cli-tools.nix
../docker.nix
../fh/scanning.nix
../flatpak.nix
../gpg.nix
../graphical/audio.nix
../graphical/code.nix
../graphical/emulators.nix
../graphical/gamemode.nix
../graphical/games.nix
../graphical/ime.nix
../graphical/obs.nix
#../graphical/lxqt.nix
../graphical/plasma.nix
../graphical/shared.nix
../hardware/firmware.nix
../hardware/nvidia.nix
../hardware/ssd.nix
../hardware/wooting.nix
../kernel.nix # use latest kernel
../nftables.nix
../nix/index.nix
../nix/ld.nix
../nix/settings.nix
../noise-supression.nix
../support/ntfs.nix
../tmpfs.nix
../virt-manager.nix
../wireshark.nix
#../fh/forensik.nix
#../graphical/hyprland.nix
#../hardware/vfio.nix too stupid for this
];
}

36
modules/collections/server.nix Normal file
View File

@@ -0,0 +1,36 @@
{pkgs, ...}:
{
imports = [
### Services ###
../services/acme.nix
../services/adguard.nix
../services/github-runner.nix
../services/gitolite.nix
../services/kavita.nix
../services/netdata.nix
../services/nextcloud.nix
../services/nginx.nix
../services/postgres.nix
../services/samba.nix
../services/ssh.nix
../services/step-ca.nix
../services/wireguard.nix
### Other Modules ###
#../games/palworld.nix
../backup.nix
../cli-tools.nix
../cron.nix
../docker.nix
../fail2ban.nix
../firewall.nix
../git.nix
../hdd-spindown.nix
../logging.nix
../motd.nix
../nix/settings.nix
../static-ip.nix
../tmpfs.nix
### Hardware ###
../hardware/ssd.nix
];
}

1
modules/docker.nix
View File

@@ -1,6 +1,7 @@
{ config, pkgs, lib, inputs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.docker.daemon.settings = { ip = "127.0.0.1"; };
environment.systemPackages = with pkgs; [
docker-compose
];

9
modules/fh/scanning.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ...} :
{
environment.systemPackages = with pkgs; [
nmap
gobuster
thc-hydra
seclists
];
}

4
modules/graphical/docker.nix
View File

@@ -1,4 +0,0 @@
{
### docker
virtualisation.docker.enable = true;
}

6
modules/graphical/gnome.nix
View File

@@ -1,9 +1,9 @@
{ config, pkgs, ... }:
{ config, pkgs, mainUser, ... }:
{
services.xserver = {
layout = "at";
xkbVariant = "";
layout = mainUser.layout;
xkbVariant = mainUser.variant;
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;

10
modules/graphical/lxqt.nix Normal file
View File

@@ -0,0 +1,10 @@
{ config, pkgs, ...}:
{
services.xserver = {
xkb.layout = config.mainUser.layout;
xkb.variant = config.mainUser.variant;
enable = true;
displayManager.sddm.enable = true;
desktopManager.lxqt.enable = true;
};
}

5
modules/graphical/plasma.nix
View File

@@ -2,11 +2,12 @@
{
services.xserver = {
xkb.layout = "at";
xkb.variant = "";
xkb.layout = config.mainUser.layout;
xkb.variant = config.mainUser.variant;
enable = true;
displayManager.sddm.enable = true;
#displayManager.sddm.wayland.enable = true;
};
services.desktopManager.plasma6.enable = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ ocean-sound-theme spectacle ];
}

9
modules/graphical/shared.nix
View File

@@ -4,13 +4,8 @@ let
screenshot = pkgs.writeShellScriptBin "screenshot.sh" ''
${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
'';
tetrioPlus = pkgs.unstable.tetrio-desktop.overrideAttrs (old: {
withTetrioPlus = true;
});
in
{
programs.dconf.enable = true;
programs.kdeconnect.enable = true;
@@ -25,7 +20,7 @@ in
];
networking.firewall = {
enable = false;
enable = true;
allowedTCPPorts = [ 53317 ]; #localsend
allowedUDPPorts = [ 1194 53317 ]; #openvpn, localsend
allowedTCPPortRanges = [
@@ -51,7 +46,7 @@ in
rofi
localsend
element-desktop
tetrioPlus
tetrio
krita
unstable.libreoffice-fresh
mangohud

0
modules/wooting.nix → modules/hardware/wooting.nix
View File

0
modules/wooting.rules → modules/hardware/wooting.rules
View File

99
modules/nix/ld.nix
View File

@@ -1,40 +1,67 @@
{ pkgs, ... }:
{
programs.nix-ld.enable = true;
# programs.nix-ld.libraries = with pkgs; [
# nspr
# xorg.libXrandr
# xorg.libX11
# xorg.libXcomposite
# xorg.libXdamage
# xorg.libXfixes
# xorg.libXrender
# xorg.libXtst
# xorg.libXau
# xorg.libXdmcp
# expat
# libgcc.lib
# libglvnd
# zlib
# zstd
# stdenv.cc.cc
# curl
# openssl
# attr
# libssh
# bzip2
# libxml2
# acl
# libsodium
# util-linux
# xz
# systemd
# libkrb5
# glib
# nss
# freetype
# fontconfig.lib
# dbus.lib
# alsa-lib
# ];
programs.nix-ld.libraries = with pkgs; [
acl
alsa-lib
at-spi2-atk
at-spi2-core
atk
attr
bzip2
cairo
cups
curl
dbus.lib
expat
fontconfig.lib
freetype
gdk-pixbuf
glib
gtk3
icu
libGL
libappindicator-gtk3
libdrm
libgcc.lib
libglvnd
libkrb5
libnotify
libpulseaudio
libsodium
libssh
libusb1
libuuid
libxkbcommon
libxml2
mesa
nspr
nspr
nss
openssl
pango
pipewire
stdenv.cc.cc
systemd
util-linux
xorg.libX11
xorg.libXScrnSaver
xorg.libXau
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXdmcp
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxcb
xorg.libxkbfile
xorg.libxshmfence
xz
zlib
zstd
];
}

0
modules/acme.nix → modules/services/acme.nix
View File

0
modules/adguard.nix → modules/services/adguard.nix
View File

2
modules/coturn.nix → modules/services/coturn.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, lib, inputs, ... }:
{
age.secrets.coturn-secret = {
file = ../secrets/coturn-secret.age;
file = ../../secrets/coturn-secret.age;
owner = "turnserver";
group = "turnserver";
};

2
modules/dyndns.nix → modules/services/dyndns.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, lib, inputs, ... }:
{
age.secrets.duckdns = {
file = ../secrets/duckdns.age;
file = ../../secrets/duckdns.age;
};
services.ddclient = {
enable = true;

4
modules/github-runner.nix → modules/services/github-runner.nix
View File

@@ -12,12 +12,12 @@
extraGroups = [ "docker" ];
};
age.secrets.github-runner-token = {
file = ../secrets/github-runner-token.age;
file = ../../secrets/github-runner-token.age;
owner = "github-actions-runner";
group = "github-actions-runner";
};
age.secrets.github-runner-pw = {
file = ../secrets/github-runner-pw.age;
file = ../../secrets/github-runner-pw.age;
owner = "github-actions-runner";
group = "github-actions-runner";
};

9
modules/services/gitolite.nix Normal file
View File

@@ -0,0 +1,9 @@
{ config, ...}:
{
# configure git clone gitolite@server:gitolite-admin
# help ssh gitolite@server help
services.gitolite = {
enable = true;
adminPubkey = config.mainUser.sshKey;
};
}

0
modules/home-assistant.nix → modules/services/home-assistant.nix
View File

2
modules/invidious.nix → modules/services/invidious.nix
View File

@@ -5,7 +5,7 @@ let
in
{
age.secrets.invidious-extra-settings = {
file = ../secrets/invidious-extra-settings.age;
file = ../../secrets/invidious-extra-settings.age;
mode = "444";
};

32
modules/kavita.nix → modules/services/kavita.nix
View File

@@ -2,11 +2,17 @@
let
fqdn = "kavita.home.arpa";
useHttps = config.services.step-ca.enable;
baseDir = "/mnt/1tbssd/kavita";
mangal = "${pkgs.mangal}/bin/mangal";
in
{
networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [
"d ${baseDir} 0770 kavita kavita -"
"d ${baseDir}/manga 0770 kavita kavita -"
];
age.secrets.kavita = {
file = ../secrets/kavita.age;
file = ../../secrets/kavita.age;
owner = "kavita";
group = "kavita";
};
@@ -14,9 +20,10 @@ in
enable = true;
user = "kavita";
port = 5000;
dataDir = "/mnt/1tbssd/kavita";
dataDir = baseDir;
tokenKeyFile = config.age.secrets.kavita.path;
};
#todo: base url needs new kavita version
systemd.services.kavita = {
preStart = ''
@@ -32,6 +39,27 @@ in
'';
};
systemd.services.download-manga = {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
startAt = "*-*-* 19:00:00";
script = ''
${mangal} inline -S Mangapill -q omniscient -m first -d
${mangal} inline -S Mangapill --query "oshi-no-ko" --manga first --download
${mangal} inline -S Mangapill --query "Frieren" --manga first --download
${mangal} inline -S Mangapill --query "Chainsaw" --manga first --download
'';
serviceConfig = {
PrivateTmp = true;
User = "kavita";
Group = "kavita";
Type = "oneshot";
WorkingDirectory = "${baseDir}/manga";
};
};
security.acme.certs."${fqdn}".server = "https://127.0.0.1:8443/acme/acme/directory";
services.nginx.virtualHosts."${fqdn}" = {
forceSSL = useHttps;

0
modules/minecraft-server.nix → modules/services/minecraft-server.nix
View File

0
modules/netdata.nix → modules/services/netdata.nix
View File

2
modules/nextcloud.nix → modules/services/nextcloud.nix
View File

@@ -33,7 +33,7 @@ in
};
age.secrets.nextcloud-admin = {
file = ../secrets/nextcloud-admin.age;
file = ../../secrets/nextcloud-admin.age;
owner = "nextcloud";
group = "nextcloud";
};

0
modules/nginx.nix → modules/services/nginx.nix
View File

2
modules/paperless.nix → modules/services/paperless.nix
View File

@@ -6,7 +6,7 @@ in
{
networking.firewall.allowedTCPPorts = [ 28981 ];
age.secrets.paperless = {
file = ../secrets/paperless.age;
file = ../../secrets/paperless.age;
owner = "paperless";
group = "paperless";
};

0
modules/postgres.nix → modules/services/postgres.nix
View File

0
modules/rdp.nix → modules/services/rdp.nix
View File

0
modules/samba.nix → modules/services/samba.nix
View File

8
modules/ssh.nix → modules/services/ssh.nix
View File

@@ -2,9 +2,15 @@
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
allowSFTP = false;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.X11Forwarding = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
extraConfig = ''
AllowAgentForwarding no
AllowStreamLocalForwarding no
AuthenticationMethods publickey
'';
};
}

4
modules/step-ca.nix → modules/services/step-ca.nix
View File

@@ -34,12 +34,12 @@ in
{
security.pki.certificates = [ root_ca ];
age.secrets.step-ca-pw = {
file = ../secrets/step-ca-pw.age;
file = ../../secrets/step-ca-pw.age;
owner = "step-ca";
group = "step-ca";
};
age.secrets.step-ca-key = {
file = ../secrets/step-ca-key.age;
file = ../../secrets/step-ca-key.age;
owner = "step-ca";
group = "step-ca";
};

2
modules/synapse.nix → modules/services/synapse.nix
View File

@@ -59,7 +59,7 @@ in {
};
age.secrets.matrix-registration = {
file = ../secrets/matrix-registration.age;
file = ../../secrets/matrix-registration.age;
owner = "matrix-synapse";
group = "matrix-synapse";
};

2
modules/wireguard.nix → modules/services/wireguard.nix
View File

@@ -5,7 +5,7 @@ in
{
age.secrets.wireguard-private = {
file = ../secrets/wireguard-private.age;
file = ../../secrets/wireguard-private.age;
};
networking.nat.enable = true;

23
overlays.nix Normal file
View File

@@ -0,0 +1,23 @@
# This file defines overlays
{inputs, ...}: {
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ./pkgs {pkgs = final;};
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
modifications = final: prev: {
# example = prev.example.overrideAttrs (oldAttrs: rec {
# ...
# });
};
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

3
pkgs/default.nix Normal file
View File

@@ -0,0 +1,3 @@
{pkgs, ...}: {
tetrio = pkgs.callPackage ./tetrio-desktop/package.nix { };
}

97
pkgs/tetrio-desktop/package.nix Normal file
View File

@@ -0,0 +1,97 @@
{ stdenv
, lib
, fetchurl
, dpkg
, autoPatchelfHook
, wrapGAppsHook
, alsa-lib
, cups
, libGL
, libX11
, libXScrnSaver
, libXtst
, mesa
, nss
, gtk3
, libpulseaudio
, systemd
, callPackage
, withTetrioPlus ? true
, tetrio-plus ? callPackage ./tetrio-plus.nix { }
, ...
}:
let
libPath = lib.makeLibraryPath [
libGL
libpulseaudio
systemd
];
in
stdenv.mkDerivation (finalAttrs: {
pname = "tetrio-desktop";
version = "9.0.0";
src = fetchurl {
url = "https://tetr.io/about/desktop/builds/${lib.versions.major finalAttrs.version}/TETR.IO%20Setup.deb";
hash = "sha256-UriLwMB8D+/T32H4rPbkJAy/F/FFhNpd++0AR1lwEfs=";
};
nativeBuildInputs = [
dpkg
autoPatchelfHook
wrapGAppsHook
];
dontWrapGApps = true;
buildInputs = [
alsa-lib
cups
libX11
libXScrnSaver
libXtst
mesa
nss
gtk3
];
unpackCmd = "dpkg -x $curSrc src";
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cp -r opt/ usr/share/ $out
ln -s $out/opt/TETR.IO/TETR.IO $out/bin/tetrio
substituteInPlace $out/share/applications/TETR.IO.desktop \
--replace-fail "Exec=/opt/TETR.IO/TETR.IO" "Exec=$out/bin/tetrio"
runHook postInstall
'';
postInstall = lib.strings.optionalString withTetrioPlus ''
cp ${tetrio-plus} $out/opt/TETR.IO/resources/app.asar
'';
postFixup = ''
wrapProgram $out/opt/TETR.IO/TETR.IO \
--prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/TETR.IO \
''${gappsWrapperArgs[@]}
'';
meta = {
description = "TETR.IO desktop client";
downloadPage = "https://tetr.io/about/desktop/";
homepage = "https://tetr.io";
license = lib.licenses.unfree;
longDescription = ''
TETR.IO is a modern yet familiar online stacker.
Play against friends and foes all over the world, or claim a spot on the leaderboards - the stacker future is yours!
'';
mainProgram = "tetrio";
maintainers = with lib.maintainers; [ wackbyte ];
platforms = [ "x86_64-linux" ];
};
})

26
pkgs/tetrio-desktop/tetrio-plus.nix Normal file
View File

@@ -0,0 +1,26 @@
{ lib, stdenv, fetchzip }:
stdenv.mkDerivation rec {
pname = "tetrio-plus";
version = "0.25.3";
src = fetchzip {
url = "https://gitlab.com/UniQMG/tetrio-plus/-/jobs/6465395934/artifacts/raw/app.asar.zip";
hash = "sha256-24AD63YEypK7XUW6QnqJt56cUExIMrA2WgDi8jS5IFE=";
};
installPhase = ''
runHook preInstall
install app.asar $out
runHook postInstall
'';
meta = with lib; {
description = "TETR.IO customization toolkit";
homepage = "https://gitlab.com/UniQMG/tetrio-plus";
license = licenses.mit;
maintainers = with maintainers; [ huantian ];
platforms = [ "x86_64-linux" ];
};
}

6
systems/pc/configuration.nix
View File

@@ -54,12 +54,6 @@
# Enable the X11 windowing system.
services.xserver.enable = true;
# Configure keymap in X11
services.xserver = {
xkb.layout = lib.mkForce "de";
xkb.variant = lib.mkForce "us";
};
# Configure console keymap
console.keyMap = "de";

1
users/anon/default.nix
View File

@@ -7,6 +7,7 @@
{
imports = [ ../default.nix ];
mainUser.name = "anon";
mainUser.sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 kopatz";
home-manager = {
users.${config.mainUser.name} = import ./home.nix;

2
.gitconfig → users/kopatz/.gitconfig
View File

@@ -34,3 +34,5 @@
path = .gitconfig-gitlabfh
[includeIf "gitdir/i:~/projects/evolit/**"]
path = .gitconfig-evolit
[includeIf "gitdir/i:~/projects/selfhosted/**"]
path = .gitconfig-selfhosted

0
.gitconfig-evolit → users/kopatz/.gitconfig-evolit
View File

0
.gitconfig-gitea → users/kopatz/.gitconfig-gitea
View File

0
.gitconfig-github → users/kopatz/.gitconfig-github
View File

0
.gitconfig-gitlabfh → users/kopatz/.gitconfig-gitlabfh
View File

18
users/kopatz/.gitconfig-selfhosted Normal file
View File

@@ -0,0 +1,18 @@
[push]
default = upstream
[core]
repositoryformatversion = 0
filemode = false
bare = false
logallrefupdates = true
symlinks = false
ignorecase = true
[mergetool]
keeptemporaries = false
keepbackups = false
prompt = false
trustexitcode = false
[user]
name = Kopatz
email = lukas.kopatz111@gmail.com

5
users/kopatz/default.nix
View File

@@ -7,6 +7,7 @@
{
imports = [ ../default.nix ];
mainUser.name = "kopatz";
mainUser.sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 kopatz";
home-manager = {
users.${config.mainUser.name} = import ./home.nix;
@@ -23,8 +24,6 @@
firefox
brave
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas"
];
openssh.authorizedKeys.keys = [ config.mainUser.sshKey ];
};
}

27
users/kopatz/home.nix
View File

@@ -15,6 +15,7 @@
imports = [
../../home-manager/nvim.nix
../../home-manager/code.nix
#../../home-manager/browser.nix extensions dont work with ungoogled chromium sadly
../../home-manager/zsh.nix
../../home-manager/gtk-theme.nix
../../home-manager/direnv.nix
@@ -25,5 +26,31 @@
inputs.nix-colors.homeManagerModule
];
home.file.".gitconfig" = {
enable = true;
source = ./.gitconfig;
target = ".gitconfig";
};
home.file.".gitconfig-gitea" = {
enable = true;
source = ./.gitconfig-gitea;
target = ".gitconfig-gitea";
};
home.file.".gitconfig-github" = {
enable = true;
source = ./.gitconfig-github;
target = ".gitconfig-github";
};
home.file.".gitconfig-selfhosted" = {
enable = true;
source = ./.gitconfig-selfhosted;
target = ".gitconfig-selfhosted";
};
home.file.".gitconfig-gitlabfh" = {
enable = true;
source = ./.gitconfig-gitlabfh;
target = ".gitconfig-gitlabfh";
};
colorScheme = import ../../home-manager/themes/yorha/colors.nix;
}

4
users/option.nix
View File

@@ -15,5 +15,9 @@
default = "";
description = "keyboard variant";
};
sshKey = lib.mkOption {
default = throw "No ssh key specified";
description = "Public key of the user";
};
};
}