Merge branch 'master' of github.com:Kropatz/dotfiles

flake.lock

@@ -121,11 +121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1710532761,
-        "narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
+        "lastModified": 1711604890,
+        "narHash": "sha256-vbI/gxRTq/gHW1Q8z6D/7JG/qGNl3JTimUDX+MwnC3A=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
+        "rev": "3142bdcc470e1e291e1fbe942fd69e06bd00c5df",
         "type": "github"
       },
       "original": {
@@ -142,11 +142,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706981411,
-        "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
+        "lastModified": 1710888565,
+        "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
+        "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
         "type": "github"
       },
       "original": {
@@ -177,11 +177,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1710622004,
-        "narHash": "sha256-6zR642tXcZzzk3C8BHxlCrR0yh8z8zMXLiuXpWDIpX0=",
+        "lastModified": 1711352745,
+        "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "968952f950a59dee9ed1e8799dda38c6dfa1bad3",
+        "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
         "type": "github"
       },
       "original": {
@@ -246,11 +246,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1710451336,
-        "narHash": "sha256-pP86Pcfu3BrAvRO7R64x7hs+GaQrjFes+mEPowCfkxY=",
+        "lastModified": 1711523803,
+        "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d691274a972b3165335d261cc4671335f5c67de9",
+        "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
         "type": "github"
       },
       "original": {
@@ -261,11 +261,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1710565619,
-        "narHash": "sha256-xu/EnZCNdIj7m/QjCNIG5vrCA4TYg5uwFReb9XDxET0=",
+        "lastModified": 1711460390,
+        "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "8ac30a39abc5ea67037dfbf090d6e89f187c6e50",
+        "rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
         "type": "github"
       },
       "original": {

flake.nix

@@ -31,51 +31,18 @@
               nix-colors,
             }@inputs:
     let
+      inherit (self) outputs;
       system = "x86_64-linux";
-      overlay-unstable = final: prev: {
-        unstable = import nixpkgs-unstable {
-          inherit system;
-          config.allowUnfree = true;
-        };
-      };
     in {
+    overlays = import ./overlays.nix {inherit inputs;};
+
     nixosConfigurations.server = nixpkgs.lib.nixosSystem {
       inherit system;
       modules = [
-        ### User specific ###
         ./users/anon
-        ### System sepecific ###
-        ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
+        ./modules/collections/server.nix
         ./systems/server/configuration.nix
-        ### Modules ###
-        ./modules/cli-tools.nix
-        ./modules/static-ip.nix
-        ./modules/hdd-spindown.nix
-        ./modules/firewall.nix
-        ./modules/motd.nix
-        ./modules/postgres.nix
-        ./modules/fail2ban.nix
-        ./modules/nix/settings.nix
-        ./modules/adguard.nix
-        ./modules/git.nix
-        ./modules/github-runner.nix
-        ./modules/nextcloud.nix
-        ./modules/acme.nix
-        ./modules/samba.nix
-        ./modules/backup.nix
-        ./modules/nginx.nix
-        ./modules/ssh.nix
-        ./modules/docker.nix
-        ./modules/wireguard.nix
-        ./modules/cron.nix
-        ./modules/kavita.nix
-        ./modules/netdata.nix
-        ./modules/step-ca.nix
-        ./modules/tmpfs.nix
-        #./modules/games/palworld.nix
-        ./modules/logging.nix
-        ### Hardware ###
-        ./modules/hardware/ssd.nix
+        ({ config, outputs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
         home-manager.nixosModules.home-manager
         agenix.nixosModules.default
       ];
@@ -83,7 +50,7 @@
         ## Custom variables (e.g. ip, interface, etc)
         vars = import ./systems/userdata-default.nix // import ./systems/server/userdata.nix;
         pkgsVersion = nixpkgs;
-        inherit inputs ;
+        inherit inputs outputs;
       };
     };
     nixosConfigurations."kop-pc" = nixpkgs-unstable.lib.nixosSystem {
@@ -91,44 +58,13 @@
         specialArgs = {
           vars = import ./systems/userdata-default.nix // import ./systems/pc/userdata.nix;
           pkgsVersion = nixpkgs-unstable;
-          inherit inputs ;
+          inherit inputs outputs;
         };
         modules = [
-          ### User specific ###
           ./users/kopatz
-          ### System modules ###
-          ./modules/graphical/plasma.nix
-          #./modules/graphical/hyprland.nix
-          ./modules/graphical/emulators.nix
-          ./modules/graphical/gamemode.nix
-          ./modules/graphical/obs.nix
-          ./modules/graphical/audio.nix
-          ./modules/graphical/games.nix
-          ./modules/graphical/ime.nix
-          ./modules/graphical/code.nix
-          ./modules/graphical/shared.nix
-          #./modules/fh/forensik.nix
-          ./modules/hardware/nvidia.nix
-          ./modules/hardware/ssd.nix
-          ./modules/hardware/firmware.nix
-          ./modules/kernel.nix # use latest kernel
-          ./modules/nix/settings.nix
-          ./modules/nix/index.nix
-          ./modules/nix/ld.nix
-          ./modules/cli-tools.nix
-          ./modules/gpg.nix
-          ./modules/virt-manager.nix
-          #./modules/hardware/vfio.nix too stupid for this
-          ./modules/flatpak.nix
-          ./modules/docker.nix
-          ./modules/nftables.nix
-          ./modules/noise-supression.nix
-          ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
-          ./modules/wooting.nix
-          ./modules/wireshark.nix
-          ./modules/tmpfs.nix
-          ./modules/support/ntfs.nix
+          ./modules/collections/desktop.nix
           ./systems/pc/configuration.nix
+         ({ config, pkgs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
           agenix.nixosModules.default
           home-manager-unstable.nixosModules.home-manager
         ];
@@ -145,33 +81,31 @@
         modules = [
           ### User specific ###
           ./users/kopatz
-          ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
-          ./modules/graphical/hyprland.nix
-          ./modules/graphical/emulators.nix
-          ./modules/graphical/gamemode.nix
-          ./modules/graphical/audio.nix
-          ./modules/graphical/games.nix
-          ./modules/graphical/ime.nix
-          ./modules/graphical/code.nix
-          ./modules/graphical/shared.nix
-          #./modules/fh/forensik.nix
-          ./systems/laptop/configuration.nix
           ./modules/cli-tools.nix
           ./modules/ecryptfs.nix
           ./modules/pentest.nix
+          ./modules/graphical/audio.nix
+          ./modules/graphical/code.nix
+          ./modules/graphical/emulators.nix
+          ./modules/graphical/gamemode.nix
+          ./modules/graphical/games.nix
+          ./modules/graphical/hyprland.nix
+          ./modules/graphical/ime.nix
+          ./modules/graphical/shared.nix
+          ./modules/nix/ld.nix
+          ./modules/nix/settings.nix
+          ./modules/support/ntfs.nix
+          ./modules/thunderbolt.nix
+          ./modules/tmpfs.nix
           ./modules/virt-manager.nix
           ./modules/vmware-host.nix
-          ./modules/nix/ld.nix
-          ./modules/ssh.nix
           ./modules/wireshark.nix
-          #./modules/static-ip.nix
+          ./systems/laptop/configuration.nix
+          #./modules/fh/forensik.nix
           #./modules/no-sleep-lid-closed.nix
+          #./modules/static-ip.nix
           #./modules/wake-on-lan.nix
-          ./modules/thunderbolt.nix
-          ./modules/rdp.nix
-          ./modules/tmpfs.nix
-          ./modules/support/ntfs.nix
-          ./modules/nix/settings.nix
+          ({ config, outputs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
           nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
           agenix.nixosModules.default
           home-manager.nixosModules.home-manager
@@ -186,10 +120,10 @@
         modules = [
           #"${nixpkgs}/nixos/modules/profiles/minimal.nix"
           ./users/anon
-          ./modules/nix/settings.nix
           ./modules/cli-tools.nix
-          ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
+          ./modules/nix/settings.nix
           ./systems/wsl/configuration.nix
+          ({ config, outputs, ... }: { nixpkgs.overlays = with outputs.overlays; [additions modifications unstable-packages]; })
           nixos-wsl.nixosModules.wsl
           home-manager.nixosModules.home-manager
         ];

home-manager/browser.nix

@@ -0,0 +1,19 @@
+{ config, pkgs, inputs, ...}:
+{
+  programs.chromium = {
+      enable = true;
+      package = pkgs.ungoogled-chromium;
+      extensions = [
+        { id = "eimadpbcbfnmbkopoojfekhnkhdbieeh"; } # Dark-Reader
+        { id = "ldpochfccmkkmhdbclfhpagapcfdljkj"; } # Decentraleyes
+        { id = "bkdgflcldnnnapblkhphbgpggdiikppg"; } # DuckDuckGo
+        {
+          id = "dcpihecpambacapedldabdbpakmachpb";
+          updateUrl =
+            "https://raw.githubusercontent.com/iamadamdev/bypass-paywalls-chrome/master/updates.xml";
+        }
+        { id = "dbepggeogbaibhgnhhndojpepiihcmeb"; } # Vimium
+        { id = "mnjggcdmjocbbbhaepdhchncahnbgone"; } # Sponsorblock
+      ];
+  };
+}

home-manager/zsh.nix

@@ -11,6 +11,8 @@
           updateOffline = "sudo nixos-rebuild switch --option substitute false";
           checkTime = "(cd ~/Nextcloud/work_drive/TS && nix run)";
           checkWaylandWindowsKDE = "qdbus org.kde.KWin /KWin org.kde.KWin.showDebugConsole";
+          backupNoita = "cp -r ~/.local/share/Steam/steamapps/compatdata/881100/pfx/drive_c/users/steamuser/AppData/LocalLow/Nolla_Games_Noita/save00 ~/Nextcloud/backups/noita_save";
+          # TODO: gifsicle -O3 --lossy=30 noita-20240328-191617-1612416266-00316616.gif -o noita-20240328-191617-1612416266.gif 
           ssh = "TERM=xterm-256color ssh";
       };
       oh-my-zsh = {

modules/backup.nix

@@ -1,6 +1,7 @@
 { config, pkgs, lib, inputs, ... }:
 let 
     kavita = "/mnt/1tbssd/kavita";
+    gitolite = "/var/lib/gitolite";
 in
 {
   age.secrets.restic-pw = {
@@ -31,6 +32,7 @@ in
                 "/mnt/250ssd/nextcloud"
                 "/mnt/250ssd/paperless"
                 kavita
+                gitolite
                 "/var/lib/palworld/Pal/Saved"
             ];
             pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
@@ -53,6 +55,7 @@ in
                 "/mnt/250ssd/nextcloud"
                 "/mnt/250ssd/paperless"
                 kavita
+                gitolite
                 "/var/lib/palworld/Pal/Saved"
             ];
             pruneOpts = [ "--keep-daily 7" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
@@ -68,6 +71,7 @@ in
                 "/mnt/250ssd/nextcloud"
                 "/mnt/250ssd/paperless"
                 kavita
+                gitolite
                 "/var/lib/palworld/Pal/Saved"
             ];
             exclude = [
@@ -93,6 +97,7 @@ in
                 "/mnt/250ssd/matrix-synapse/media_store/"
                 "/mnt/250ssd/nextcloud"
                 "/mnt/250ssd/paperless"
+                gitolite
             ];
             exclude = [
                 "/home/**/Cache"
@@ -127,6 +132,7 @@ in
                 "/home"
                 "/var/backup/postgresql"
                 "/var/lib/palworld/Pal/Saved"
+                gitolite
             ];
             pruneOpts = [ "--keep-daily 5" "--keep-weekly 3" "--keep-monthly 3" "--keep-yearly 3" ];
             timerConfig = {

modules/cli-tools.nix

@@ -26,5 +26,6 @@
     unzip
     lsof
     screen
+    tmux
   ];
 }

modules/collections/desktop.nix

@@ -0,0 +1,38 @@
+{pkgs, ...}:
+{
+  imports = [
+    ### System modules ###
+    ../cli-tools.nix
+    ../docker.nix
+    ../fh/scanning.nix
+    ../flatpak.nix
+    ../gpg.nix
+    ../graphical/audio.nix
+    ../graphical/code.nix
+    ../graphical/emulators.nix
+    ../graphical/gamemode.nix
+    ../graphical/games.nix
+    ../graphical/ime.nix
+    ../graphical/obs.nix
+    #../graphical/lxqt.nix
+    ../graphical/plasma.nix
+    ../graphical/shared.nix
+    ../hardware/firmware.nix
+    ../hardware/nvidia.nix
+    ../hardware/ssd.nix
+    ../hardware/wooting.nix
+    ../kernel.nix # use latest kernel
+    ../nftables.nix
+    ../nix/index.nix
+    ../nix/ld.nix
+    ../nix/settings.nix
+    ../noise-supression.nix
+    ../support/ntfs.nix
+    ../tmpfs.nix
+    ../virt-manager.nix
+    ../wireshark.nix
+    #../fh/forensik.nix
+    #../graphical/hyprland.nix
+    #../hardware/vfio.nix too stupid for this
+  ];
+}

modules/collections/server.nix

@@ -0,0 +1,36 @@
+{pkgs, ...}:
+{
+  imports = [
+    ### Services ###
+    ../services/acme.nix
+    ../services/adguard.nix
+    ../services/github-runner.nix
+    ../services/gitolite.nix
+    ../services/kavita.nix
+    ../services/netdata.nix
+    ../services/nextcloud.nix
+    ../services/nginx.nix
+    ../services/postgres.nix
+    ../services/samba.nix
+    ../services/ssh.nix
+    ../services/step-ca.nix
+    ../services/wireguard.nix
+    ### Other Modules ###
+    #../games/palworld.nix
+    ../backup.nix
+    ../cli-tools.nix
+    ../cron.nix
+    ../docker.nix
+    ../fail2ban.nix
+    ../firewall.nix
+    ../git.nix
+    ../hdd-spindown.nix
+    ../logging.nix
+    ../motd.nix
+    ../nix/settings.nix
+    ../static-ip.nix
+    ../tmpfs.nix
+    ### Hardware ###
+    ../hardware/ssd.nix
+  ];
+}

modules/docker.nix

@@ -1,7 +1,8 @@
 { config, pkgs, lib, inputs, ... }:
 {
     virtualisation.docker.enable = true;
+    virtualisation.docker.daemon.settings = { ip = "127.0.0.1"; };
     environment.systemPackages = with pkgs; [
         docker-compose
     ];
-}
+}

modules/fh/scanning.nix

@@ -0,0 +1,9 @@
+{ pkgs, ...} :
+{
+    environment.systemPackages = with pkgs; [
+        nmap
+        gobuster
+        thc-hydra
+        seclists
+    ];
+}

modules/graphical/docker.nix

@@ -1,4 +0,0 @@
-{
-  ### docker
-  virtualisation.docker.enable = true;
-}

modules/graphical/gnome.nix

@@ -1,9 +1,9 @@
-{ config, pkgs, ... }:
+{ config, pkgs, mainUser, ... }:
 
 {
   services.xserver = {
-    layout = "at";
-    xkbVariant = "";
+    layout = mainUser.layout;
+    xkbVariant = mainUser.variant;
     enable = true;
     displayManager.gdm.enable = true;
     desktopManager.gnome.enable = true;

modules/graphical/lxqt.nix

@@ -0,0 +1,10 @@
+{ config, pkgs, ...}: 
+{
+  services.xserver = {
+    xkb.layout = config.mainUser.layout; 
+    xkb.variant = config.mainUser.variant;
+    enable = true;
+    displayManager.sddm.enable = true;
+    desktopManager.lxqt.enable = true;
+  };
+}

modules/graphical/plasma.nix

@@ -2,11 +2,12 @@
 
 {
   services.xserver = {
-    xkb.layout = "at";
-    xkb.variant = "";
+    xkb.layout = config.mainUser.layout; 
+    xkb.variant = config.mainUser.variant;
     enable = true;
     displayManager.sddm.enable = true;
     #displayManager.sddm.wayland.enable = true;
   };
   services.desktopManager.plasma6.enable = true;
+  environment.plasma6.excludePackages = with pkgs.kdePackages; [ ocean-sound-theme spectacle ];
 }

modules/graphical/shared.nix

@@ -4,13 +4,8 @@ let
   screenshot = pkgs.writeShellScriptBin "screenshot.sh" ''
     ${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
   '';
-  tetrioPlus = pkgs.unstable.tetrio-desktop.overrideAttrs (old: {
-      withTetrioPlus = true;
-  });
 in
 {
-
-
   programs.dconf.enable = true;
   programs.kdeconnect.enable = true;
 
@@ -25,7 +20,7 @@ in
   ];
 
   networking.firewall = {
-    enable = false;
+    enable = true;
     allowedTCPPorts = [ 53317 ]; #localsend
     allowedUDPPorts = [ 1194 53317 ]; #openvpn, localsend
     allowedTCPPortRanges = [
@@ -51,7 +46,7 @@ in
     rofi
     localsend
     element-desktop
-    tetrioPlus
+    tetrio
     krita
     unstable.libreoffice-fresh
     mangohud

modules/nix/ld.nix

@@ -1,40 +1,67 @@
 { pkgs, ... }:
 {
   programs.nix-ld.enable = true;
-#  programs.nix-ld.libraries = with pkgs; [
-#    nspr
-#    xorg.libXrandr
-#    xorg.libX11
-#    xorg.libXcomposite
-#    xorg.libXdamage
-#    xorg.libXfixes
-#    xorg.libXrender
-#    xorg.libXtst
-#    xorg.libXau
-#    xorg.libXdmcp
-#    expat
-#    libgcc.lib
-#    libglvnd
-#    zlib
-#    zstd
-#    stdenv.cc.cc
-#    curl
-#    openssl
-#    attr
-#    libssh
-#    bzip2
-#    libxml2
-#    acl
-#    libsodium
-#    util-linux
-#    xz
-#    systemd
-#    libkrb5
-#    glib
-#    nss
-#    freetype
-#    fontconfig.lib
-#    dbus.lib
-#    alsa-lib
-#  ];
+  programs.nix-ld.libraries = with pkgs; [
+    acl
+    alsa-lib
+    at-spi2-atk
+    at-spi2-core
+    atk
+    attr
+    bzip2
+    cairo
+    cups
+    curl
+    dbus.lib
+    expat
+    fontconfig.lib
+    freetype
+    gdk-pixbuf
+    glib
+    gtk3
+    icu
+    libGL
+    libappindicator-gtk3
+    libdrm
+    libgcc.lib
+    libglvnd
+    libkrb5
+    libnotify
+    libpulseaudio
+    libsodium
+    libssh
+    libusb1
+    libuuid
+    libxkbcommon
+    libxml2
+    mesa
+    nspr
+    nspr
+    nss
+    openssl
+    pango
+    pipewire
+    stdenv.cc.cc
+    systemd
+    util-linux
+    xorg.libX11
+    xorg.libXScrnSaver
+    xorg.libXau
+    xorg.libXcomposite
+    xorg.libXcursor
+    xorg.libXdamage
+    xorg.libXdmcp
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXi
+    xorg.libXrandr
+    xorg.libXrender
+    xorg.libXtst
+    xorg.libxcb
+    xorg.libxkbfile
+    xorg.libxshmfence
+    xz
+    zlib
+    zstd
+  ];
 }

modules/services/coturn.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, inputs, ... }:
 {
     age.secrets.coturn-secret = {
-        file = ../secrets/coturn-secret.age;
+        file = ../../secrets/coturn-secret.age;
 	owner = "turnserver";
 	group = "turnserver";
     };

modules/services/dyndns.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, inputs, ... }:
 {
     age.secrets.duckdns = {
-        file = ../secrets/duckdns.age;
+        file = ../../secrets/duckdns.age;
     };
     services.ddclient = {
         enable = true;
@@ -9,4 +9,4 @@
         passwordFile = config.age.secrets.duckdns.path;
         domains = ["wachbirn.duckdns.org"];
   };
-}
+}

modules/services/github-runner.nix

@@ -12,12 +12,12 @@
         extraGroups = [ "docker" ];
     };
     age.secrets.github-runner-token = {
-        file = ../secrets/github-runner-token.age;
+        file = ../../secrets/github-runner-token.age;
         owner = "github-actions-runner";
         group = "github-actions-runner";
     };
     age.secrets.github-runner-pw = {
-        file = ../secrets/github-runner-pw.age;
+        file = ../../secrets/github-runner-pw.age;
         owner = "github-actions-runner";
         group = "github-actions-runner";
     };

modules/services/gitolite.nix

@@ -0,0 +1,9 @@
+{ config, ...}:
+{
+  # configure git clone gitolite@server:gitolite-admin
+  # help ssh gitolite@server help
+  services.gitolite = {
+    enable = true;
+    adminPubkey = config.mainUser.sshKey;
+  };
+}

modules/services/invidious.nix

@@ -5,7 +5,7 @@ let
 in
 {
   age.secrets.invidious-extra-settings = {
-    file = ../secrets/invidious-extra-settings.age;
+    file = ../../secrets/invidious-extra-settings.age;
     mode = "444";
   };
 

modules/services/kavita.nix

@@ -2,11 +2,17 @@
 let
   fqdn = "kavita.home.arpa";
   useHttps = config.services.step-ca.enable;
+  baseDir = "/mnt/1tbssd/kavita";
+  mangal = "${pkgs.mangal}/bin/mangal";
 in
 {
   networking.firewall.allowedTCPPorts = [ 5000 ];
+  systemd.tmpfiles.rules = [
+      "d ${baseDir} 0770 kavita kavita -"
+      "d ${baseDir}/manga 0770 kavita kavita -"
+  ];
   age.secrets.kavita = {
-    file = ../secrets/kavita.age;
+    file = ../../secrets/kavita.age;
     owner = "kavita";
     group = "kavita";
   };
@@ -14,9 +20,10 @@ in
     enable = true;
     user = "kavita";
     port = 5000;
-    dataDir = "/mnt/1tbssd/kavita";
+    dataDir = baseDir;
     tokenKeyFile = config.age.secrets.kavita.path;
   };
+
   #todo: base url needs new kavita version
   systemd.services.kavita = {
       preStart = ''
@@ -32,6 +39,27 @@ in
       '';
   };
 
+  systemd.services.download-manga = {
+    wantedBy = [ "multi-user.target" ];
+    
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    startAt = "*-*-* 19:00:00";
+    script = ''
+      ${mangal} inline -S Mangapill -q omniscient -m first -d
+      ${mangal} inline -S Mangapill --query "oshi-no-ko" --manga first --download
+      ${mangal} inline -S Mangapill --query "Frieren" --manga first --download
+      ${mangal} inline -S Mangapill --query "Chainsaw" --manga first --download
+    '';
+    serviceConfig = {
+    	PrivateTmp = true;
+    	User = "kavita";
+    	Group = "kavita";
+        Type = "oneshot";
+    	WorkingDirectory = "${baseDir}/manga";
+    };
+  };
+
   security.acme.certs."${fqdn}".server = "https://127.0.0.1:8443/acme/acme/directory";
   services.nginx.virtualHosts."${fqdn}" = {
     forceSSL = useHttps;

modules/services/nextcloud.nix

@@ -33,7 +33,7 @@ in
     };
 
     age.secrets.nextcloud-admin = {
-        file = ../secrets/nextcloud-admin.age;
+        file = ../../secrets/nextcloud-admin.age;
         owner = "nextcloud";
         group = "nextcloud";
     };

modules/services/paperless.nix

@@ -6,7 +6,7 @@ in
 {
     networking.firewall.allowedTCPPorts = [ 28981 ];
     age.secrets.paperless = {
-        file = ../secrets/paperless.age;
+        file = ../../secrets/paperless.age;
         owner = "paperless";
         group = "paperless";
     };

modules/services/ssh.nix

@@ -2,9 +2,15 @@
     networking.firewall.allowedTCPPorts = [ 22 ];
     services.openssh = {
         enable = true;
+        allowSFTP = false;
         settings.PasswordAuthentication = false;
         settings.KbdInteractiveAuthentication = false;
+        settings.X11Forwarding = false;
         settings.PermitRootLogin = "no";
-        settings.X11Forwarding = true;
+        extraConfig = ''
+            AllowAgentForwarding no
+            AllowStreamLocalForwarding no
+            AuthenticationMethods publickey
+        '';
     };
 }

modules/services/step-ca.nix

@@ -34,12 +34,12 @@ in
 {
   security.pki.certificates = [ root_ca ];
   age.secrets.step-ca-pw = {
-    file = ../secrets/step-ca-pw.age;
+    file = ../../secrets/step-ca-pw.age;
     owner = "step-ca";
     group = "step-ca";
   };
   age.secrets.step-ca-key = {
-    file = ../secrets/step-ca-key.age;
+    file = ../../secrets/step-ca-key.age;
     owner = "step-ca";
     group = "step-ca";
   };

modules/services/synapse.nix

@@ -59,7 +59,7 @@ in {
   };
 
   age.secrets.matrix-registration = {
-      file = ../secrets/matrix-registration.age;
+      file = ../../secrets/matrix-registration.age;
       owner = "matrix-synapse";
       group = "matrix-synapse";
   };

modules/services/wireguard.nix

@@ -5,7 +5,7 @@ in
 {
 
   age.secrets.wireguard-private = {
-    file = ../secrets/wireguard-private.age;
+    file = ../../secrets/wireguard-private.age;
   };
 
   networking.nat.enable = true;

overlays.nix

@@ -0,0 +1,23 @@
+# This file defines overlays
+{inputs, ...}: {
+  # This one brings our custom packages from the 'pkgs' directory
+  additions = final: _prev: import ./pkgs {pkgs = final;};
+
+  # This one contains whatever you want to overlay
+  # You can change versions, add patches, set compilation flags, anything really.
+  # https://nixos.wiki/wiki/Overlays
+  modifications = final: prev: {
+    # example = prev.example.overrideAttrs (oldAttrs: rec {
+    # ...
+    # });
+  };
+
+  # When applied, the unstable nixpkgs set (declared in the flake inputs) will
+  # be accessible through 'pkgs.unstable'
+  unstable-packages = final: _prev: {
+    unstable = import inputs.nixpkgs-unstable {
+      system = final.system;
+      config.allowUnfree = true;
+    };
+  };
+}

pkgs/default.nix

@@ -0,0 +1,3 @@
+{pkgs, ...}: {
+  tetrio = pkgs.callPackage ./tetrio-desktop/package.nix { };
+}

pkgs/tetrio-desktop/package.nix

@@ -0,0 +1,97 @@
+{ stdenv
+, lib
+, fetchurl
+, dpkg
+, autoPatchelfHook
+, wrapGAppsHook
+, alsa-lib
+, cups
+, libGL
+, libX11
+, libXScrnSaver
+, libXtst
+, mesa
+, nss
+, gtk3
+, libpulseaudio
+, systemd
+, callPackage
+, withTetrioPlus ? true
+, tetrio-plus ? callPackage ./tetrio-plus.nix { }
+, ...
+}:
+
+let
+  libPath = lib.makeLibraryPath [
+    libGL
+    libpulseaudio
+    systemd
+  ];
+in
+stdenv.mkDerivation (finalAttrs: {
+  pname = "tetrio-desktop";
+  version = "9.0.0";
+
+  src = fetchurl {
+    url = "https://tetr.io/about/desktop/builds/${lib.versions.major finalAttrs.version}/TETR.IO%20Setup.deb";
+    hash = "sha256-UriLwMB8D+/T32H4rPbkJAy/F/FFhNpd++0AR1lwEfs=";
+  };
+
+  nativeBuildInputs = [
+    dpkg
+    autoPatchelfHook
+    wrapGAppsHook
+  ];
+
+  dontWrapGApps = true;
+
+  buildInputs = [
+    alsa-lib
+    cups
+    libX11
+    libXScrnSaver
+    libXtst
+    mesa
+    nss
+    gtk3
+  ];
+
+  unpackCmd = "dpkg -x $curSrc src";
+
+  installPhase = ''
+    runHook preInstall
+
+    mkdir -p $out/bin
+    cp -r opt/ usr/share/ $out
+    ln -s $out/opt/TETR.IO/TETR.IO $out/bin/tetrio
+
+    substituteInPlace $out/share/applications/TETR.IO.desktop \
+      --replace-fail "Exec=/opt/TETR.IO/TETR.IO" "Exec=$out/bin/tetrio"
+
+    runHook postInstall
+  '';
+
+  postInstall = lib.strings.optionalString withTetrioPlus ''
+    cp ${tetrio-plus} $out/opt/TETR.IO/resources/app.asar
+  '';
+
+  postFixup = ''
+    wrapProgram $out/opt/TETR.IO/TETR.IO \
+      --prefix LD_LIBRARY_PATH : ${libPath}:$out/opt/TETR.IO \
+      ''${gappsWrapperArgs[@]}
+  '';
+
+  meta = {
+    description = "TETR.IO desktop client";
+    downloadPage = "https://tetr.io/about/desktop/";
+    homepage = "https://tetr.io";
+    license = lib.licenses.unfree;
+    longDescription = ''
+      TETR.IO is a modern yet familiar online stacker.
+      Play against friends and foes all over the world, or claim a spot on the leaderboards - the stacker future is yours!
+    '';
+    mainProgram = "tetrio";
+    maintainers = with lib.maintainers; [ wackbyte ];
+    platforms = [ "x86_64-linux" ];
+  };
+})

pkgs/tetrio-desktop/tetrio-plus.nix

@@ -0,0 +1,26 @@
+{ lib, stdenv, fetchzip }:
+stdenv.mkDerivation rec {
+  pname = "tetrio-plus";
+  version = "0.25.3";
+
+  src = fetchzip {
+    url = "https://gitlab.com/UniQMG/tetrio-plus/-/jobs/6465395934/artifacts/raw/app.asar.zip";
+    hash = "sha256-24AD63YEypK7XUW6QnqJt56cUExIMrA2WgDi8jS5IFE=";
+  };
+
+  installPhase = ''
+    runHook preInstall
+
+    install app.asar $out
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "TETR.IO customization toolkit";
+    homepage = "https://gitlab.com/UniQMG/tetrio-plus";
+    license = licenses.mit;
+    maintainers = with maintainers; [ huantian ];
+    platforms = [ "x86_64-linux" ];
+  };
+}

systems/pc/configuration.nix

@@ -54,12 +54,6 @@
   # Enable the X11 windowing system.
   services.xserver.enable = true;
 
-  # Configure keymap in X11
-  services.xserver = {
-    xkb.layout = lib.mkForce "de";
-    xkb.variant = lib.mkForce "us";
-  };
-
   # Configure console keymap
   console.keyMap = "de";
 

users/anon/default.nix

@@ -7,6 +7,7 @@
 {
   imports = [ ../default.nix ]; 
   mainUser.name = "anon";
+  mainUser.sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 kopatz";
 
   home-manager = {
     users.${config.mainUser.name} = import ./home.nix;

users/kopatz/.gitconfig

@@ -34,3 +34,5 @@
     path = .gitconfig-gitlabfh
 [includeIf "gitdir/i:~/projects/evolit/**"]
     path = .gitconfig-evolit
+[includeIf "gitdir/i:~/projects/selfhosted/**"]
+    path = .gitconfig-selfhosted

users/kopatz/.gitconfig-selfhosted

@@ -0,0 +1,18 @@
+
+[push]
+	default = upstream
+[core]
+	repositoryformatversion = 0
+	filemode = false
+	bare = false
+	logallrefupdates = true
+	symlinks = false
+	ignorecase = true
+[mergetool]
+	keeptemporaries = false
+	keepbackups = false
+	prompt = false
+	trustexitcode = false
+[user]
+	name = Kopatz
+	email = lukas.kopatz111@gmail.com

users/kopatz/default.nix

@@ -7,6 +7,7 @@
 {
   imports = [ ../default.nix ]; 
   mainUser.name = "kopatz";
+  mainUser.sshKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 kopatz";
 
   home-manager = {
     users.${config.mainUser.name} = import ./home.nix;
@@ -23,8 +24,6 @@
       firefox
       brave
     ];
-    openssh.authorizedKeys.keys = [
-       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas"
-    ];
+    openssh.authorizedKeys.keys = [ config.mainUser.sshKey ];
   };
 }

users/kopatz/home.nix

@@ -15,6 +15,7 @@
   imports = [
     ../../home-manager/nvim.nix
     ../../home-manager/code.nix
+    #../../home-manager/browser.nix extensions dont work with ungoogled chromium sadly
     ../../home-manager/zsh.nix
     ../../home-manager/gtk-theme.nix
     ../../home-manager/direnv.nix
@@ -25,5 +26,31 @@
     inputs.nix-colors.homeManagerModule
   ];
 
+  home.file.".gitconfig" = {
+    enable = true;
+    source = ./.gitconfig;
+    target = ".gitconfig";
+  };
+  home.file.".gitconfig-gitea" = {
+    enable = true;
+    source = ./.gitconfig-gitea;
+    target = ".gitconfig-gitea";
+  };
+  home.file.".gitconfig-github" = {
+    enable = true;
+    source = ./.gitconfig-github;
+    target = ".gitconfig-github";
+  };
+  home.file.".gitconfig-selfhosted" = {
+    enable = true;
+    source = ./.gitconfig-selfhosted;
+    target = ".gitconfig-selfhosted";
+  };
+  home.file.".gitconfig-gitlabfh" = {
+    enable = true;
+    source = ./.gitconfig-gitlabfh;
+    target = ".gitconfig-gitlabfh";
+  };
+
   colorScheme = import ../../home-manager/themes/yorha/colors.nix;
 }

users/option.nix

@@ -15,5 +15,9 @@
       default = "";
       description = "keyboard variant";
     };
+    sshKey = lib.mkOption {
+      default = throw "No ssh key specified";
+      description = "Public key of the user";
+    };
   };
 }