kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master' into ente-public

Browse Source
This commit is contained in:
bayram-budak
2023-11-22 20:41:35 +01:00
parent 805d625491 111eba4651
commit 8fb62c010d
112 changed files with 2399 additions and 652 deletions
Download Patch File Download Diff File Expand all files Collapse all files

566
.config/nvim/init.lua Normal file
View File

@@ -0,0 +1,566 @@
--[[
=====================================================================
==================== READ THIS BEFORE CONTINUING ====================
=====================================================================
Kickstart.nvim is *not* a distribution.
Kickstart.nvim is a template for your own configuration.
The goal is that you can read every line of code, top-to-bottom, understand
what your configuration is doing, and modify it to suit your needs.
Once you've done that, you should start exploring, configuring and tinkering to
explore Neovim!
If you don't know anything about Lua, I recommend taking some time to read through
a guide. One possible example:
- https://learnxinyminutes.com/docs/lua/
And then you can explore or search through `:help lua-guide`
Kickstart Guide:
I have left several `:help X` comments throughout the init.lua
You should run that command and read that help section for more information.
In addition, I have some `NOTE:` items throughout the file.
These are for you, the reader to help understand what is happening. Feel free to delete
them once you know what you're doing, but they should serve as a guide for when you
are first encountering a few different constructs in your nvim config.
--]]
-- Set <space> as the leader key
-- See `:help mapleader`
-- NOTE: Must happen before plugins are required (otherwise wrong leader will be used)
vim.g.mapleader = ' '
vim.g.maplocalleader = ' '
-- Install package manager
-- https://github.com/folke/lazy.nvim
-- `:help lazy.nvim.txt` for more info
local lazypath = vim.fn.stdpath 'data' .. '/lazy/lazy.nvim'
if not vim.loop.fs_stat(lazypath) then
vim.fn.system {
'git',
'clone',
'--filter=blob:none',
'https://github.com/folke/lazy.nvim.git',
'--branch=stable', -- latest stable release
lazypath,
}
end
vim.opt.rtp:prepend(lazypath)
-- NOTE: Here is where you install your plugins.
-- You can configure plugins using the `config` key.
--
-- You can also configure plugins after the setup call,
-- as they will be available in your neovim runtime.
require('lazy').setup({
-- NOTE: First, some plugins that don't require any configuration
-- Git related plugins
'tpope/vim-fugitive',
'tpope/vim-rhubarb',
-- Detect tabstop and shiftwidth automatically
'tpope/vim-sleuth',
-- NOTE: This is where your plugins related to LSP can be installed.
-- The configuration is done below. Search for lspconfig to find it below.
{
-- LSP Configuration & Plugins
'neovim/nvim-lspconfig',
dependencies = {
-- Automatically install LSPs to stdpath for neovim
{ 'williamboman/mason.nvim', config = true },
'williamboman/mason-lspconfig.nvim',
-- Useful status updates for LSP
-- NOTE: `opts = {}` is the same as calling `require('fidget').setup({})`
{ 'j-hui/fidget.nvim', tag = 'legacy', opts = {} },
-- Additional lua configuration, makes nvim stuff amazing!
'folke/neodev.nvim',
},
},
{
-- Autocompletion
'hrsh7th/nvim-cmp',
dependencies = {
-- Snippet Engine & its associated nvim-cmp source
'L3MON4D3/LuaSnip',
'saadparwaiz1/cmp_luasnip',
-- Adds LSP completion capabilities
'hrsh7th/cmp-nvim-lsp',
-- Adds a number of user-friendly snippets
'rafamadriz/friendly-snippets',
},
},
-- Useful plugin to show you pending keybinds.
{ 'folke/which-key.nvim', opts = {} },
{
-- Adds git releated signs to the gutter, as well as utilities for managing changes
'lewis6991/gitsigns.nvim',
opts = {
-- See `:help gitsigns.txt`
signs = {
add = { text = '+' },
change = { text = '~' },
delete = { text = '_' },
topdelete = { text = '' },
changedelete = { text = '~' },
},
on_attach = function(bufnr)
vim.keymap.set('n', '<leader>gp', require('gitsigns').prev_hunk,
{ buffer = bufnr, desc = '[G]o to [P]revious Hunk' })
vim.keymap.set('n', '<leader>gn', require('gitsigns').next_hunk, { buffer = bufnr, desc = '[G]o to [N]ext Hunk' })
vim.keymap.set('n', '<leader>ph', require('gitsigns').preview_hunk, { buffer = bufnr, desc = '[P]review [H]unk' })
end,
},
},
{
-- Theme inspired by Atom
'navarasu/onedark.nvim',
priority = 1000,
config = function()
vim.cmd.colorscheme 'onedark'
end,
},
{
-- Set lualine as statusline
'nvim-lualine/lualine.nvim',
-- See `:help lualine.txt`
opts = {
options = {
icons_enabled = false,
theme = 'onedark',
component_separators = '|',
section_separators = '',
},
},
},
{
-- Add indentation guides even on blank lines
'lukas-reineke/indent-blankline.nvim',
version = "2.20.8",
-- Enable `lukas-reineke/indent-blankline.nvim`
-- See `:help indent_blankline.txt`
opts = {
char = '',
show_trailing_blankline_indent = false,
},
},
-- "gc" to comment visual regions/lines
{ 'numToStr/Comment.nvim', opts = {} },
-- Fuzzy Finder (files, lsp, etc)
{
'nvim-telescope/telescope.nvim',
branch = '0.1.x',
dependencies = {
'nvim-lua/plenary.nvim' }
},
-- Fuzzy Finder Algorithm which requires local dependencies to be built.
-- Only load if `make` is available. Make sure you have the system
-- requirements installed.
{
'nvim-telescope/telescope-fzf-native.nvim',
build =
'cmake -S. -Bbuild -DCMAKE_BUILD_TYPE=Release && cmake --build build --config Release && cmake --install build --prefix build'
},
{
-- Highlight, edit, and navigate code
'nvim-treesitter/nvim-treesitter',
dependencies = {
'nvim-treesitter/nvim-treesitter-textobjects',
},
build = ':TSUpdate',
},
{'romgrk/barbar.nvim',
dependencies = {
'lewis6991/gitsigns.nvim', -- OPTIONAL: for git status
'nvim-tree/nvim-web-devicons', -- OPTIONAL: for file icons
},
init = function() vim.g.barbar_auto_setup = false end,
opts = {
-- lazy.nvim will automatically call setup for you. put your options here, anything missing will use the default:
-- animation = true,
-- insert_at_start = true,
-- …etc.
},
version = '^1.0.0', -- optional: only update when a new 1.x version is released
},
-- NOTE: Next Step on Your Neovim Journey: Add/Configure additional "plugins" for kickstart
-- These are some example plugins that I've included in the kickstart repository.
-- Uncomment any of the lines below to enable them.
require 'kickstart.plugins.autoformat',
require 'kickstart.plugins.debug',
-- NOTE: The import below can automatically add your own plugins, configuration, etc from `lua/custom/plugins/*.lua`
-- You can use this folder to prevent any conflicts with this init.lua if you're interested in keeping
-- up-to-date with whatever is in the kickstart repo.
-- Uncomment the following line and add your plugins to `lua/custom/plugins/*.lua` to get going.
--
-- For additional information see: https://github.com/folke/lazy.nvim#-structuring-your-plugins
{ import = 'custom.plugins' },
}, {})
-- [[ Setting options ]]
-- See `:help vim.o`
-- NOTE: You can change these options as you wish!
vim.cmd [[highlight Normal ctermbg=none guibg=none]]
vim.cmd [[highlight EndOfBuffer ctermbg=none guibg=none]]
vim.cmd [[highlight NvimTreeEndOfBuffer ctermbg=none guibg=none]]
vim.cmd [[highlight NvimTreeNormal ctermbg=none guibg=none]]
-- Set highlight on search
vim.o.hlsearch = false
-- Make line numbers default
vim.wo.number = true
vim.wo.relativenumber = true
-- Enable mouse mode
vim.o.mouse = 'a'
-- Sync clipboard between OS and Neovim.
-- Remove this option if you want your OS clipboard to remain independent.
-- See `:help 'clipboard'`
vim.o.clipboard = 'unnamedplus'
-- Enable break indent
vim.o.breakindent = true
-- Save undo history
vim.o.undofile = true
-- Case-insensitive searching UNLESS \C or capital in search
vim.o.ignorecase = true
vim.o.smartcase = true
-- Keep signcolumn on by default
vim.wo.signcolumn = 'yes'
-- Decrease update time
vim.o.updatetime = 250
vim.o.timeoutlen = 300
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect'
-- NOTE: You should make sure your terminal supports this
vim.o.termguicolors = true
vim.o.smartindent = true
vim.o.scrolloff = 8
vim.o.list = false
vim.opt.listchars = {
tab = "",
space = "·",
nbsp = "",
trail = "",
precedes = "«",
extends = "»",
}
-- [[ Basic Keymaps ]]
-- Keymaps for better default experience
-- See `:help vim.keymap.set()`
vim.keymap.set({ 'n', 'v' }, '<Space>', '<Nop>', { silent = true })
-- Remap for dealing with word wrap
vim.keymap.set('n', 'k', "v:count == 0 ? 'gk' : 'k'", { expr = true, silent = true })
vim.keymap.set('n', 'j', "v:count == 0 ? 'gj' : 'j'", { expr = true, silent = true })
vim.keymap.set("n", "<leader>ss", [[:%s/\<<C-r><C-w>\>/<C-r><C-w>/gI<Left><Left><Left>]])
vim.keymap.set("x", "<leader>p", [["_dP]])
vim.keymap.set("n", "J", "mzJ`z")
vim.keymap.set("v", "J", ":m '>+1<CR>gv=gv")
vim.keymap.set("v", "K", ":m '<-2<CR>gv=gv")
vim.keymap.set("n", "Y", "yy");
-- nvim-tree
vim.keymap.set("n", "<leader>f", ":NvimTreeToggle<CR>");
-- [[ Highlight on yank ]]
-- See `:help vim.highlight.on_yank()`
local highlight_group = vim.api.nvim_create_augroup('YankHighlight', { clear = true })
vim.api.nvim_create_autocmd('TextYankPost', {
callback = function()
vim.highlight.on_yank()
end,
group = highlight_group,
pattern = '*',
})
-- [[ Configure Telescope ]]
-- See `:help telescope` and `:help telescope.setup()`
require('telescope').setup {
defaults = {
mappings = {
n = {
['<C-d>'] = require('telescope.actions').delete_buffer
},
i = {
['<C-u>'] = false,
['<C-d>'] = false,
},
},
},
}
-- Enable telescope fzf native, if installed
pcall(require('telescope').load_extension, 'fzf')
-- See `:help telescope.builtin`
vim.keymap.set('n', '<leader>?', require('telescope.builtin').oldfiles, { desc = '[?] Find recently opened files' })
vim.keymap.set('n', '<leader><space>', require('telescope.builtin').buffers, { desc = '[ ] Find existing buffers' })
vim.keymap.set('n', '<leader>/', function()
-- You can pass additional configuration to telescope to change theme, layout, etc.
require('telescope.builtin').current_buffer_fuzzy_find(require('telescope.themes').get_dropdown {
winblend = 10,
previewer = false,
})
end, { desc = '[/] Fuzzily search in current buffer' })
vim.keymap.set('n', '<leader>gf', require('telescope.builtin').git_files, { desc = 'Search [G]it [F]iles' })
vim.keymap.set('n', '<leader>sf', require('telescope.builtin').find_files, { desc = '[S]earch [F]iles' })
vim.keymap.set('n', '<leader>sh', require('telescope.builtin').help_tags, { desc = '[S]earch [H]elp' })
vim.keymap.set('n', '<leader>sw', require('telescope.builtin').grep_string, { desc = '[S]earch current [W]ord' })
vim.keymap.set('n', '<leader>sg', require('telescope.builtin').live_grep, { desc = '[S]earch by [G]rep' })
vim.keymap.set('n', '<leader>sd', require('telescope.builtin').diagnostics, { desc = '[S]earch [D]iagnostics' })
vim.keymap.set('n', '<leader>sr', require('telescope.builtin').lsp_references, { desc = '[S]earch [R]eferences' })
-- [[ Configure Treesitter ]]
-- See `:help nvim-treesitter`
require('nvim-treesitter.configs').setup {
-- Add languages to be installed here that you want installed for treesitter
ensure_installed = { 'c', 'cpp', 'go', 'lua', 'python', 'rust', 'tsx', 'typescript', 'vimdoc', 'vim' },
-- Autoinstall languages that are not installed. Defaults to false (but you can change for yourself!)
auto_install = true,
highlight = { enable = true },
indent = { enable = true },
incremental_selection = {
enable = true,
keymaps = {
init_selection = '<c-space>',
node_incremental = '<c-space>',
scope_incremental = '<c-s>',
node_decremental = '<M-space>',
},
},
textobjects = {
select = {
enable = true,
lookahead = true, -- Automatically jump forward to textobj, similar to targets.vim
keymaps = {
-- You can use the capture groups defined in textobjects.scm
['aa'] = '@parameter.outer',
['ia'] = '@parameter.inner',
['af'] = '@function.outer',
['if'] = '@function.inner',
['ac'] = '@class.outer',
['ic'] = '@class.inner',
},
},
move = {
enable = true,
set_jumps = true, -- whether to set jumps in the jumplist
goto_next_start = {
[']m'] = '@function.outer',
[']]'] = '@class.outer',
},
goto_next_end = {
[']M'] = '@function.outer',
[']['] = '@class.outer',
},
goto_previous_start = {
['[m'] = '@function.outer',
['[['] = '@class.outer',
},
goto_previous_end = {
['[M'] = '@function.outer',
['[]'] = '@class.outer',
},
},
swap = {
enable = true,
swap_next = {
['<leader>a'] = '@parameter.inner',
},
swap_previous = {
['<leader>A'] = '@parameter.inner',
},
},
},
}
-- Diagnostic keymaps
vim.keymap.set('n', '[d', vim.diagnostic.goto_prev, { desc = 'Go to previous diagnostic message' })
vim.keymap.set('n', ']d', vim.diagnostic.goto_next, { desc = 'Go to next diagnostic message' })
vim.keymap.set('n', '<leader>e', vim.diagnostic.open_float, { desc = 'Open floating diagnostic message' })
vim.keymap.set('n', '<leader>q', vim.diagnostic.setloclist, { desc = 'Open diagnostics list' })
-- [[ Configure LSP ]]
-- This function gets run when an LSP connects to a particular buffer.
local on_attach = function(_, bufnr)
-- NOTE: Remember that lua is a real programming language, and as such it is possible
-- to define small helper and utility functions so you don't have to repeat yourself
-- many times.
--
-- In this case, we create a function that lets us more easily define mappings specific
-- for LSP related items. It sets the mode, buffer and description for us each time.
local nmap = function(keys, func, desc)
if desc then
desc = 'LSP: ' .. desc
end
vim.keymap.set('n', keys, func, { buffer = bufnr, desc = desc })
end
nmap('<leader>rn', vim.lsp.buf.rename, '[R]e[n]ame')
nmap('<leader>ca', vim.lsp.buf.code_action, '[C]ode [A]ction')
nmap('gd', vim.lsp.buf.definition, '[G]oto [D]efinition')
nmap('gr', require('telescope.builtin').lsp_references, '[G]oto [R]eferences')
nmap('gI', vim.lsp.buf.implementation, '[G]oto [I]mplementation')
nmap('<leader>D', vim.lsp.buf.type_definition, 'Type [D]efinition')
nmap('<leader>ds', require('telescope.builtin').lsp_document_symbols, '[D]ocument [S]ymbols')
nmap('<leader>ws', require('telescope.builtin').lsp_dynamic_workspace_symbols, '[W]orkspace [S]ymbols')
-- See `:help K` for why this keymap
nmap('K', vim.lsp.buf.hover, 'Hover Documentation')
nmap('<C-k>', vim.lsp.buf.signature_help, 'Signature Documentation')
-- Lesser used LSP functionality
nmap('gD', vim.lsp.buf.declaration, '[G]oto [D]eclaration')
nmap('<leader>wa', vim.lsp.buf.add_workspace_folder, '[W]orkspace [A]dd Folder')
nmap('<leader>wr', vim.lsp.buf.remove_workspace_folder, '[W]orkspace [R]emove Folder')
nmap('<leader>wl', function()
print(vim.inspect(vim.lsp.buf.list_workspace_folders()))
end, '[W]orkspace [L]ist Folders')
-- Create a command `:Format` local to the LSP buffer
vim.api.nvim_buf_create_user_command(bufnr, 'Format', function(_)
vim.lsp.buf.format()
end, { desc = 'Format current buffer with LSP' })
end
-- Enable the following language servers
-- Feel free to add/remove any LSPs that you want here. They will automatically be installed.
--
-- Add any additional override configuration in the following tables. They will be passed to
-- the `settings` field of the server config. You must look up that documentation yourself.
local servers = {
-- clangd = {},
-- gopls = {},
-- pyright = {},
rust_analyzer = {},
jdtls = {},
-- tsserver = {},
lua_ls = {
Lua = {
workspace = { checkThirdParty = false },
telemetry = { enable = false },
},
},
}
-- Setup neovim lua configuration
require('neodev').setup()
-- nvim-cmp supports additional completion capabilities, so broadcast that to servers
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
-- Ensure the servers above are installed
local mason_lspconfig = require 'mason-lspconfig'
mason_lspconfig.setup {
ensure_installed = vim.tbl_keys(servers),
}
mason_lspconfig.setup_handlers {
function(server_name)
require('lspconfig')[server_name].setup {
capabilities = capabilities,
on_attach = on_attach,
settings = servers[server_name],
}
end,
}
-- [[ Configure nvim-cmp ]]
-- See `:help cmp`
local cmp = require 'cmp'
local luasnip = require 'luasnip'
require('luasnip.loaders.from_vscode').lazy_load()
luasnip.config.setup {}
cmp.setup {
snippet = {
expand = function(args)
luasnip.lsp_expand(args.body)
end,
},
mapping = cmp.mapping.preset.insert {
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete {},
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_locally_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end, { 'i', 's' }),
['<S-Tab>'] = cmp.mapping(function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.locally_jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end, { 'i', 's' }),
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
},
}
-- disable netrw at the very start of your init.lua
vim.g.loaded_netrw = 1
vim.g.loaded_netrwPlugin = 1
-- set termguicolors to enable highlight groups
vim.opt.termguicolors = true
-- The line beneath this is called `modeline`. See `:help modeline`
-- vim: ts=2 sts=2 sw=2 et

25
.config/nvim/lua/custom/plugins/copilot.lua Normal file
View File

@@ -0,0 +1,25 @@
return {
{
"zbirenbaum/copilot.lua",
enabled = false,
cmd = "Copilot",
event = "InsertEnter",
config = function()
require("copilot").setup({
suggestion = {
enabled = true,
auto_trigger = true,
debounce = 75,
keymap = {
accept = "<M-l>",
next = "<M-,>",
prev = "<M-.>"
}
},
filetypes = {
["."] = true
}
})
end,
}
}

5
.config/nvim/lua/custom/plugins/init.lua Normal file
View File

@@ -0,0 +1,5 @@
-- You can add your own plugins here or in other files in this directory!
-- I promise not to create any merge conflicts in this directory :)
--
-- See the kickstart.nvim README for more information
return {}

28
.config/nvim/lua/custom/plugins/llm.lua Normal file
View File

@@ -0,0 +1,28 @@
return {
cond = false,
'huggingface/llm.nvim',
opts = {
api_token = "monkey",
-- cf Setup
model = "http://localhost:8080/generate",
query_params = {
max_new_tokens = 60,
temperature = 0.2,
top_p = 0.95,
stop_token = "<EOT>",
},
fim = {
enabled = true,
prefix = "<PRE>",
middle = "<MID>",
suffix = "<SUF>",
},
debounce_ms = 150,
accept_keymap = "<M-l>",
dismiss_keymap = "<M-n>",
max_context_after = 5000,
max_context_before = 5000,
tls_skip_verify_insecure = false,
context_window = 8192, -- max number of tokens for the context window
}
};

90
.config/nvim/lua/custom/plugins/nvim-tree.lua Normal file
View File

@@ -0,0 +1,90 @@
local function my_on_attach(bufnr)
local api = require('nvim-tree.api')
local function opts(desc)
return { desc = 'nvim-tree: ' .. desc, buffer = bufnr, noremap = true, silent = true, nowait = true }
end
-- copy default mappings here from defaults in next section
vim.keymap.set('n', '<leader>tc', api.tree.change_root_to_node, opts('CD'))
vim.keymap.set('n', '<leader>te', api.node.open.replace_tree_buffer, opts('Open: In Place'))
vim.keymap.set('n', '<leader>tk', api.node.show_info_popup, opts('Info'))
vim.keymap.set('n', '<leader>tr', api.fs.rename_sub, opts('Rename: Omit Filename'))
vim.keymap.set('n', '<leader>tt', api.node.open.tab, opts('Open: New Tab'))
vim.keymap.set('n', '<leader>tv', api.node.open.vertical, opts('Open: Vertical Split'))
vim.keymap.set('n', '<leader>th', api.node.open.horizontal, opts('Open: Horizontal Split'))
vim.keymap.set('n', '<BS>', api.node.navigate.parent_close, opts('Close Directory'))
vim.keymap.set('n', '<CR>', api.node.open.edit, opts('Open'))
vim.keymap.set('n', '<Tab>', api.node.open.preview, opts('Open Preview'))
vim.keymap.set('n', '>', api.node.navigate.sibling.next, opts('Next Sibling'))
vim.keymap.set('n', '<', api.node.navigate.sibling.prev, opts('Previous Sibling'))
vim.keymap.set('n', '.', api.node.run.cmd, opts('Run Command'))
vim.keymap.set('n', '-', api.tree.change_root_to_parent, opts('Up'))
vim.keymap.set('n', 'a', api.fs.create, opts('Create'))
vim.keymap.set('n', 'bd', api.marks.bulk.delete, opts('Delete Bookmarked'))
vim.keymap.set('n', 'bmv', api.marks.bulk.move, opts('Move Bookmarked'))
vim.keymap.set('n', 'B', api.tree.toggle_no_buffer_filter, opts('Toggle Filter: No Buffer'))
vim.keymap.set('n', 'c', api.fs.copy.node, opts('Copy'))
vim.keymap.set('n', 'C', api.tree.toggle_git_clean_filter, opts('Toggle Filter: Git Clean'))
vim.keymap.set('n', '[c', api.node.navigate.git.prev, opts('Prev Git'))
vim.keymap.set('n', ']c', api.node.navigate.git.next, opts('Next Git'))
vim.keymap.set('n', 'd', api.fs.remove, opts('Delete'))
vim.keymap.set('n', 'D', api.fs.trash, opts('Trash'))
vim.keymap.set('n', 'E', api.tree.expand_all, opts('Expand All'))
vim.keymap.set('n', 'e', api.fs.rename_basename, opts('Rename: Basename'))
vim.keymap.set('n', ']e', api.node.navigate.diagnostics.next, opts('Next Diagnostic'))
vim.keymap.set('n', '[e', api.node.navigate.diagnostics.prev, opts('Prev Diagnostic'))
vim.keymap.set('n', 'F', api.live_filter.clear, opts('Clean Filter'))
vim.keymap.set('n', 'f', api.live_filter.start, opts('Filter'))
vim.keymap.set('n', 'g?', api.tree.toggle_help, opts('Help'))
vim.keymap.set('n', 'gy', api.fs.copy.absolute_path, opts('Copy Absolute Path'))
vim.keymap.set('n', '<leader>t.', api.tree.toggle_hidden_filter, opts('Toggle Filter: Dotfiles'))
vim.keymap.set('n', '<leader>ti', api.tree.toggle_gitignore_filter, opts('Toggle Filter: Git Ignore'))
vim.keymap.set('n', 'J', api.node.navigate.sibling.last, opts('Last Sibling'))
vim.keymap.set('n', 'K', api.node.navigate.sibling.first, opts('First Sibling'))
vim.keymap.set('n', 'm', api.marks.toggle, opts('Toggle Bookmark'))
vim.keymap.set('n', 'o', api.node.open.edit, opts('Open'))
vim.keymap.set('n', 'O', api.node.open.no_window_picker, opts('Open: No Window Picker'))
vim.keymap.set('n', 'p', api.fs.paste, opts('Paste'))
vim.keymap.set('n', 'P', api.node.navigate.parent, opts('Parent Directory'))
vim.keymap.set('n', 'q', api.tree.close, opts('Close'))
vim.keymap.set('n', 'r', api.fs.rename, opts('Rename'))
vim.keymap.set('n', 'R', api.tree.reload, opts('Refresh'))
vim.keymap.set('n', 's', api.node.run.system, opts('Run System'))
vim.keymap.set('n', 'S', api.tree.search_node, opts('Search'))
vim.keymap.set('n', 'U', api.tree.toggle_custom_filter, opts('Toggle Filter: Hidden'))
vim.keymap.set('n', 'W', api.tree.collapse_all, opts('Collapse'))
vim.keymap.set('n', 'x', api.fs.cut, opts('Cut'))
vim.keymap.set('n', 'y', api.fs.copy.filename, opts('Copy Name'))
vim.keymap.set('n', 'Y', api.fs.copy.relative_path, opts('Copy Relative Path'))
vim.keymap.set('n', '<2-LeftMouse>', api.node.open.edit, opts('Open'))
end
return {
"nvim-tree/nvim-tree.lua",
version = "*",
lazy = false,
dependencies = {
"nvim-tree/nvim-web-devicons",
},
config = function()
require("nvim-tree").setup({
sort_by = "case_sensitive",
on_attach = my_on_attach,
view = {
width = 30,
},
renderer = {
group_empty = true,
},
filters = {
dotfiles = true,
},
update_focused_file = {
enable = true,
},
})
end,
}

17
.config/nvim/lua/custom/plugins/nvterm.lua Normal file
View File

@@ -0,0 +1,17 @@
local toggle_modes = { 'n', 't' }
local mappings = {
{ toggle_modes, '<A-h>', function() require("nvterm.terminal").toggle('horizontal') end },
{ toggle_modes, '<A-v>', function() require("nvterm.terminal").toggle('vertical') end },
{ toggle_modes, '<A-i>', function() require("nvterm.terminal").toggle('float') end },
}
local opts = { noremap = true, silent = true }
for _, mapping in ipairs(mappings) do
vim.keymap.set(mapping[1], mapping[2], mapping[3], opts)
end
return {
"NvChad/nvterm",
config = function()
require("nvterm").setup()
end,
}

21
.config/nvim/lua/custom/plugins/treesitter-context.lua Normal file
View File

@@ -0,0 +1,21 @@
return {
"nvim-treesitter/nvim-treesitter-context",
version = "*",
lazy = false,
config = function()
require('treesitter-context').setup{
enable = true, -- Enable this plugin (Can be enabled/disabled later via commands)
max_lines = 0, -- How many lines the window should span. Values <= 0 mean no limit.
min_window_height = 0, -- Minimum editor window height to enable context. Values <= 0 mean no limit.
line_numbers = true,
multiline_threshold = 20, -- Maximum number of lines to collapse for a single context line
trim_scope = 'outer', -- Which context lines to discard if `max_lines` is exceeded. Choices: 'inner', 'outer'
mode = 'cursor', -- Line used to calculate context. Choices: 'cursor', 'topline'
-- Separator between context and content. Should be a single character string, like '-'.
-- When separator is set, the context will only show up when there are at least 2 lines above cursorline.
separator = nil,
zindex = 20, -- The Z-index of the context window
on_attach = nil, -- (fun(buf: integer): boolean) return false to disable attaching
}
end,
}

1
.config/nvim/lua/custom/plugins/undotree.lua Normal file
View File

@@ -0,0 +1 @@
return {}

74
.config/nvim/lua/kickstart/plugins/autoformat.lua Normal file
View File

@@ -0,0 +1,74 @@
-- autoformat.lua
--
-- Use your language server to automatically format your code on save.
-- Adds additional commands as well to manage the behavior
return {
'neovim/nvim-lspconfig',
config = function()
-- Switch for controlling whether you want autoformatting.
-- Use :KickstartFormatToggle to toggle autoformatting on or off
local format_is_enabled = true
vim.api.nvim_create_user_command('KickstartFormatToggle', function()
format_is_enabled = not format_is_enabled
print('Setting autoformatting to: ' .. tostring(format_is_enabled))
end, {})
-- Create an augroup that is used for managing our formatting autocmds.
-- We need one augroup per client to make sure that multiple clients
-- can attach to the same buffer without interfering with each other.
local _augroups = {}
local get_augroup = function(client)
if not _augroups[client.id] then
local group_name = 'kickstart-lsp-format-' .. client.name
local id = vim.api.nvim_create_augroup(group_name, { clear = true })
_augroups[client.id] = id
end
return _augroups[client.id]
end
-- Whenever an LSP attaches to a buffer, we will run this function.
--
-- See `:help LspAttach` for more information about this autocmd event.
vim.api.nvim_create_autocmd('LspAttach', {
group = vim.api.nvim_create_augroup('kickstart-lsp-attach-format', { clear = true }),
-- This is where we attach the autoformatting for reasonable clients
callback = function(args)
local client_id = args.data.client_id
local client = vim.lsp.get_client_by_id(client_id)
local bufnr = args.buf
-- Only attach to clients that support document formatting
if not client.server_capabilities.documentFormattingProvider then
return
end
-- Tsserver usually works poorly. Sorry you work with bad languages
-- You can remove this line if you know what you're doing :)
if client.name == 'tsserver' then
return
end
-- Create an autocmd that will run *before* we save the buffer.
-- Run the formatting command for the LSP that has just attached.
vim.api.nvim_create_autocmd('BufWritePre', {
group = get_augroup(client),
buffer = bufnr,
callback = function()
if not format_is_enabled then
return
end
vim.lsp.buf.format {
async = false,
filter = function(c)
return c.id == client.id
end,
}
end,
})
end,
})
end,
}

87
.config/nvim/lua/kickstart/plugins/debug.lua Normal file
View File

@@ -0,0 +1,87 @@
-- debug.lua
--
-- Shows how to use the DAP plugin to debug your code.
--
-- Primarily focused on configuring the debugger for Go, but can
-- be extended to other languages as well. That's why it's called
-- kickstart.nvim and not kitchen-sink.nvim ;)
return {
-- NOTE: Yes, you can install new plugins here!
'mfussenegger/nvim-dap',
-- NOTE: And you can specify dependencies as well
dependencies = {
-- Creates a beautiful debugger UI
'rcarriga/nvim-dap-ui',
-- Installs the debug adapters for you
'williamboman/mason.nvim',
'jay-babu/mason-nvim-dap.nvim',
-- Add your own debuggers here
'leoluz/nvim-dap-go',
},
config = function()
local dap = require 'dap'
local dapui = require 'dapui'
require('mason-nvim-dap').setup {
-- Makes a best effort to setup the various debuggers with
-- reasonable debug configurations
automatic_setup = true,
-- You can provide additional configuration to the handlers,
-- see mason-nvim-dap README for more information
handlers = {},
-- You'll need to check that you have the required things installed
-- online, please don't ask me how to install them :)
ensure_installed = {
-- Update this to ensure that you have the debuggers for the langs you want
'delve',
},
}
-- Basic debugging keymaps, feel free to change to your liking!
vim.keymap.set('n', '<F5>', dap.continue, { desc = 'Debug: Start/Continue' })
vim.keymap.set('n', '<F1>', dap.step_into, { desc = 'Debug: Step Into' })
vim.keymap.set('n', '<F2>', dap.step_over, { desc = 'Debug: Step Over' })
vim.keymap.set('n', '<F3>', dap.step_out, { desc = 'Debug: Step Out' })
vim.keymap.set('n', '<leader>b', dap.toggle_breakpoint, { desc = 'Debug: Toggle Breakpoint' })
vim.keymap.set('n', '<leader>B', function()
dap.set_breakpoint(vim.fn.input 'Breakpoint condition: ')
end, { desc = 'Debug: Set Breakpoint' })
-- Dap UI setup
-- For more information, see |:help nvim-dap-ui|
dapui.setup {
-- Set icons to characters that are more likely to work in every terminal.
-- Feel free to remove or use ones that you like more! :)
-- Don't feel like these are good choices.
icons = { expanded = '', collapsed = '', current_frame = '*' },
controls = {
icons = {
pause = '',
play = '',
step_into = '',
step_over = '',
step_out = '',
step_back = 'b',
run_last = '▶▶',
terminate = '',
disconnect = '',
},
},
}
-- Toggle to see last session result. Without this, you can't see session output in case of unhandled exception.
vim.keymap.set('n', '<F7>', dapui.toggle, { desc = 'Debug: See last session result.' })
dap.listeners.after.event_initialized['dapui_config'] = dapui.open
dap.listeners.before.event_terminated['dapui_config'] = dapui.close
dap.listeners.before.event_exited['dapui_config'] = dapui.close
-- Install golang specific config
require('dap-go').setup()
end,
}

2
.gitconfig
View File

@@ -25,5 +25,3 @@
path = .gitconfig-gitea
[includeIf "gitdir/i:~/projects/fh/**"]
path = .gitconfig-gitlabfh
[core]
editor = kate

269
flake.lock generated Normal file
View File

@@ -0,0 +1,269 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1695108154,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1688141737,
"narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
"owner": "matthewcroughan",
"repo": "nixinate",
"rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
"type": "github"
},
"original": {
"owner": "matthewcroughan",
"repo": "nixinate",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1699159446,
"narHash": "sha256-cL63IjsbPl2otS7R4kdXbVOJOXYMpGw5KGZoWgdCuCM=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "627bc9b88256379578885a7028c9e791c29fb581",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-wsl": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1698222534,
"narHash": "sha256-iF9C7C7eT8LVVWx5IOZ/8KKJT8AIw9A5aBA6vqS18l8=",
"owner": "nix-community",
"repo": "NixOS-WSL",
"rev": "a058cff4b09b3a398d8caa379b4dc96cfedd98c9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "NixOS-WSL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1699099776,
"narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1699110214,
"narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixinate": "nixinate",
"nixos-hardware": "nixos-hardware",
"nixos-wsl": "nixos-wsl",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

169
flake.nix Normal file
View File

@@ -0,0 +1,169 @@
{
description = "Kop's NixOS Flake";
inputs = {
# secrets management
agenix.url = "github:ryantm/agenix";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-wsl = {
url = "github:nix-community/NixOS-WSL";
inputs.nixpkgs.follows = "nixpkgs";
};
nixinate.url = "github:matthewcroughan/nixinate";
};
outputs = { self,
nixpkgs,
nixos-hardware,
nixos-wsl,
nixpkgs-unstable,
agenix,
home-manager,
nixinate
}@inputs:
let
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = nixpkgs-unstable.legacyPackages.${prev.system};
};
in {
apps = nixinate.nixinate.${system} self;
nixosConfigurations.server = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
### User specific ###
./users/anon.nix
### System sepecific ###
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./systems/server/configuration.nix
### Modules ###
./modules/static-ip.nix
./modules/hdd-spindown.nix
./modules/firewall.nix
./modules/wireshark.nix
./modules/minecraft-server.nix
./modules/motd.nix
./modules/postgres.nix
./modules/fail2ban.nix
./modules/nix/settings.nix
./modules/adguard.nix
./modules/git.nix
./modules/github-runner.nix
./modules/synapse.nix
./modules/nextcloud.nix
./modules/acme.nix
./modules/samba.nix
./modules/backup.nix
./modules/nginx.nix
./modules/ssh.nix
./modules/rdp.nix
./modules/docker.nix
./modules/wireguard.nix
./modules/cron.nix
./modules/paperless.nix
./modules/kavita.nix
./modules/netdata.nix
home-manager.nixosModules.home-manager
agenix.nixosModules.default
{
_module.args.nixinate = {
host = "192.168.2.1";
sshUser = "anon";
buildOn = "remote"; # valid args are "local" or "remote"
substituteOnTarget = true; # if buildOn is "local" then it will substitute on the target, "-s"
hermetic = false;
};
}
];
specialArgs = {
## Custom variables (e.g. ip, interface, etc)
vars = (import ./systems/server/userdata.nix);
inherit inputs ;
};
};
nixosConfigurations."kop-pc" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs ;
};
modules = [
./users/kopatz.nix
./modules/graphical/plasma.nix
./modules/graphical/shared.nix
./modules/nix/settings.nix
./modules/nix/index.nix
./modules/nix/ld.nix
./modules/gpg.nix
./modules/virt-manager.nix
./modules/flatpak.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./modules/wooting.nix
./modules/support/ntfs.nix
./systems/pc/configuration.nix
agenix.nixosModules.default
home-manager.nixosModules.home-manager
];
};
nixosConfigurations."nix-laptop" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
## Custom variables (e.g. ip, interface, etc)
vars = (import ./systems/laptop/userdata.nix);
inherit inputs ;
};
modules = [
./users/kopatz.nix
# Todo: refactor file layout
./modules/graphical/gnome.nix
./laptop/configuration.nix
./modules/virt-manager.nix
./modules/ssh.nix
#./modules/static-ip.nix
#./modules/no-sleep-lid-closed.nix
#./modules/wake-on-lan.nix
./modules/thunderbolt.nix
./modules/rdp.nix
nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
agenix.nixosModules.default
home-manager.nixosModules.home-manager
];
};
nixosConfigurations."nix-laptop-no-gpu" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {
## Custom variables (e.g. ip, interface, etc)
vars = (import ./systems/laptop/userdata.nix);
inherit inputs ;
};
modules = [
./users/kopatz.nix
./laptop/configuration.nix
./modules/virt-manager.nix
./modules/ssh.nix
./modules/wake-on-lan.nix
./modules/static-ip.nix
./modules/no-sleep-lid-closed.nix
./modules/thunderbolt.nix
nixos-hardware.nixosModules.dell-xps-15-7590
agenix.nixosModules.default
home-manager.nixosModules.home-manager
];
};
nixosConfigurations."wsl" = nixpkgs.lib.nixosSystem {
inherit system;
specialArgs = {inherit inputs ;};
modules = [
#"${nixpkgs}/nixos/modules/profiles/minimal.nix"
./users/anon.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./systems/wsl/configuration.nix
nixos-wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
];
};
};
}

1
laptop/configuration.nix
View File

@@ -54,5 +54,6 @@
gnomeExtensions.backslide
gnomeExtensions.nextcloud-folder
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.blur-my-shell
];
}

1
laptop/gnome.nix
View File

@@ -54,5 +54,6 @@
gnomeExtensions.backslide
gnomeExtensions.nextcloud-folder
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.blur-my-shell
];
}

62
laptop/main.nix
View File

@@ -18,7 +18,6 @@ in
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./modules/battery.nix
./modules/ssh.nix
#./modules/wireguard.nix
## -- set in flake.nix
#<nixos-hardware/dell/xps/15-7590/nvidia>
@@ -32,7 +31,7 @@ in
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "nix-laptop-no-gpu"; # Define your hostname.
networking.hostName = "nix-laptop"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Enable networking
@@ -84,32 +83,6 @@ in
# Enable touchpad support (enabled default in most desktopManager).
services.xserver.libinput.enable = true;
#users.mutableUsers=false;
# Define a user account. Don't forget to set a password with passwd.
users.users.kopatz = {
isNormalUser = true;
description = "kopatz";
extraGroups = [ "networkmanager" "wheel" "docker"];
#password = "test";
packages = with pkgs; [
#firefox
# thunderbird
discord
librewolf
ungoogled-chromium
];
};
# home manager
#home-manager.useGlobalPkgs = true;
# home-manager.users.kopatz = { pkgs, ... }: {
# The state version is required and should stay at the version you
# originally installed.
# system.stateVersion = "23.05";
#};
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
@@ -169,6 +142,11 @@ in
neofetch
thunderbird
rofi
pdfgrep
taisei
ncdu
localsend
element-desktop
];
environment.sessionVariables = {
@@ -199,28 +177,6 @@ in
"d /docker-data 0755 kopatz users"
];
#virtualisation.oci-containers.containers.mssql = {
# image = "mcr.microsoft.com/mssql/server:2022-latest";
# volumes = [ "/docker-data/mssql/data:/var/opt/mssql/data" ];
# environment = {
# ACCEPT_EULA = "Y";
# MSSQL_SA_PASSWORD="ufhaiufhashfshfklslwkhebwejhvtjhqwvrhp23508v3z8pt";
# };
#};
#module = [ arion.nixosModules.arion ];
#virtualisation.arion = {
# backend = "docker";
# projects.mssql.settings = {
# services.mssql.service = {
# image = "mcr.microsoft.com/mssql/server:2022-latest";
# restart = "unless-stopped";
# #volumes = { /docker-data/mssql/data:/var/opt/mssql/data; };
# environment = { ACCEPT_EULA = "Y"; MSSQL_SA_PASSWORD="ufhaiufhashfshfklslwkhebwejhvtjhqwvrhp23508v3z8pt"; };
# };
# };
#};
### end docker
# Some programs need SUID wrappers, can be configured further or are
@@ -236,12 +192,6 @@ in
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

11
laptop/modules/ssh.nix
View File

@@ -1,11 +0,0 @@
{
services.openssh = {
enable = true;
ports = [];
openFirewall = false;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
};
};
}

0
server/modules/acme.nix → modules/acme.nix
View File

17
server/modules/adguard.nix → modules/adguard.nix
View File

@@ -1,3 +1,8 @@
{ config, pkgs, inputs, vars, ... }:
let
ip = vars.ipv4;
wireguardIp = vars.wireguardIp;
in
{
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
@@ -12,7 +17,7 @@
}
];
dns = {
bind_hosts = [ "127.0.0.1" "192.168.0.6" ]; # "192.168.2.1" ];
bind_hosts = [ "127.0.0.1" ip wireguardIp ];
port = 53;
protection_enabled = true;
filtering_enabled = true;
@@ -26,23 +31,23 @@
rewrites = [
{
"domain" = "kopatz.ddns.net";
"answer" = "192.168.0.6";
"answer" = ip;
}
{
"domain" = "server.home";
"answer" = "192.168.0.6";
"answer" = ip;
}
{
"domain" = "server.local";
"answer" = "192.168.0.6";
"answer" = ip;
}
{
"domain" = "adguard.local";
"answer" = "192.168.0.6";
"answer" = ip;
}
{
"domain" = "nextcloud.local";
"answer" = "192.168.0.6";
"answer" = ip;
}
{
"domain" = "turnserver.local";

2
server/modules/backup.nix → modules/backup.nix
View File

@@ -27,6 +27,7 @@
"/mnt/250ssd/matrix-synapse/media_store/"
"/mnt/250ssd/nextcloud"
"/mnt/250ssd/paperless"
"/mnt/250ssd/kavita"
];
pruneOpts = [ "--keep-daily 7" "--keep-weekly 10" "--keep-monthly 12" "--keep-yearly 75" ];
repository = "/mnt/2tb/restic";
@@ -40,6 +41,7 @@
"/mnt/250ssd/matrix-synapse/media_store/"
"/mnt/250ssd/nextcloud"
"/mnt/250ssd/paperless"
"/mnt/250ssd/kavita"
];
exclude = [
"/home/**/Cache"

0
server/modules/coturn.nix → modules/coturn.nix
View File

0
server/modules/cron.nix → modules/cron.nix
View File

0
server/modules/docker.nix → modules/docker.nix
View File

0
server/modules/dyndns.nix → modules/dyndns.nix
View File

0
server/modules/fail2ban.nix → modules/fail2ban.nix
View File

7
modules/firewall.nix Normal file
View File

@@ -0,0 +1,7 @@
{ config, pkgs, lib, inputs, vars, ... }:
let
allowedUDPPortRanges = vars.udpRanges;
in
{
networking.firewall.allowedUDPPortRanges = allowedUDPPortRanges;
}

3
modules/flatpak.nix Normal file
View File

@@ -0,0 +1,3 @@
{
services.flatpak.enable = true;
}

0
server/modules/git.nix → modules/git.nix
View File

0
server/modules/github-runner.nix → modules/github-runner.nix
View File

13
modules/gpg.nix Normal file
View File

@@ -0,0 +1,13 @@
{pkgs, ...}:
{
#services.pcscd.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryFlavor = "qt";
};
#environment.systemPackages = with pkgs; [
# pinentry-curses
# ];
}

59
modules/graphical/gnome.nix Normal file
View File

@@ -0,0 +1,59 @@
{ config, pkgs, ... }:
{
services.xserver = {
layout = "at";
xkbVariant = "";
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
# Workaround for GNOME autologin: https://github.com/NixOS/nixpkgs/issues/103746#issuecomment-945091229
systemd.services."getty@tty1".enable = false;
systemd.services."autovt@tty1".enable = false;
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.gnome.excludePackages = (with pkgs; [
gnome-photos
gnome-tour
]) ++ (with pkgs.gnome; [
cheese # webcam tool
gnome-music
gnome-terminal
gedit # text editor
epiphany # web browser
#geary # email reader
evince # document viewer
gnome-characters
totem # video player
tali # poker game
iagno # go game
hitori # sudoku game
atomix # puzzle game
]);
environment.systemPackages = with pkgs; [
wmctrl
gnome.mutter
gnome.adwaita-icon-theme
gnome.gnome-settings-daemon
gnome.gnome-tweaks
gnome.dconf-editor
gruvbox-gtk-theme
colloid-icon-theme
gnomeExtensions.appindicator
gnomeExtensions.just-perfection
gnomeExtensions.system-monitor
gnomeExtensions.dash2dock-lite
gnomeExtensions.dash-to-dock
gnomeExtensions.vitals
gnomeExtensions.rounded-window-corners
gnomeExtensions.wallpaper-switcher
gnomeExtensions.backslide
gnomeExtensions.nextcloud-folder
gnomeExtensions.tray-icons-reloaded
gnomeExtensions.blur-my-shell
];
}

11
modules/graphical/plasma.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
services.xserver = {
layout = "at";
xkbVariant = "";
enable = true;
displayManager.sddm.enable = true;
desktopManager.plasma5.enable = true;
};
}

83
modules/graphical/shared.nix Normal file
View File

@@ -0,0 +1,83 @@
{ config, pkgs, inputs, ... }:
let
keepassWithPlugins = pkgs.keepass.override {
plugins = [
pkgs.keepass-keepassrpc
];
};
in
{
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
programs.kdeconnect.enable = true;
fonts.fontDir.enable = true;
fonts.fonts = with pkgs; [
nerdfonts
];
networking.firewall = {
enable = true;
allowedTCPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
allowedUDPPortRanges = [
{ from = 1714; to = 1764; } # KDE Connect
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
wget
nixos-option
kate
keepassWithPlugins
jetbrains.idea-ultimate
jetbrains.rider
dotnet-sdk_7
dotnet-runtime_7
neovim
htop
btop
git
xfce.thunar
killall
xclip
usbutils
bun
inputs.agenix.packages."x86_64-linux".default
insomnia
remmina
nextcloud-client
#podman-compose
#arion # docker
neofetch
thunderbird
rofi
pdfgrep
taisei
ncdu
localsend
element-desktop
tetrio-desktop
];
environment.sessionVariables = {
DOTNET_ROOT = "${pkgs.dotnet-sdk_7}";
};
### docker
virtualisation.docker.enable = true;
}

0
server/modules/hdd-spindown.nix → modules/hdd-spindown.nix
View File

0
server/modules/home-assistant.nix → modules/home-assistant.nix
View File

31
modules/kavita.nix Normal file
View File

@@ -0,0 +1,31 @@
{ config, pkgs, lib, inputs, ... }:
{
networking.firewall.allowedTCPPorts = [ 5000 ];
age.secrets.kavita = {
file = ../secrets/kavita.age;
owner = "kavita";
group = "kavita";
};
services.kavita = {
enable = true;
user = "kavita";
port = 5000;
dataDir = "/mnt/250ssd/kavita";
tokenKeyFile = config.age.secrets.kavita.path;
};
#todo: base url needs new kavita version
systemd.services.kavita = {
preStart = ''
umask u=rwx,g=rx,o=
cat > "/mnt/250ssd/kavita/config/appsettings.json" <<EOF
{
"TokenKey": "$(cat ${config.age.secrets.kavita.path})",
"Port": 5000,
"BaseUrl" : "/books",
"IpAddresses": "${lib.concatStringsSep "," ["0.0.0.0" "::"]}"
}
EOF
'';
};
}

9
modules/minecraft-server.nix Normal file
View File

@@ -0,0 +1,9 @@
{ pkgs, ...}:
{
services.minecraft-server = {
enable = true;
eula = true;
openFirewall = true;
package = pkgs.unstable.papermc;
};
}

0
server/modules/motd.nix → modules/motd.nix
View File

59
modules/netdata.nix Normal file
View File

@@ -0,0 +1,59 @@
{ vars, ... }:
let
ip = vars.ipv4;
wireguardIp = vars.wireguardIp;
in
{
networking.firewall.allowedTCPPorts = [ 19999 ];
services.netdata = {
enable = true;
configText = ''
[global]
update every = 2
[web]
default port = 19999
bind to = ${ip} ${wireguardIp}
allow connections from = localhost 192.168.0.* 192.168.2.*
[db]
# number of tiers used (1 to 5, 3 being default)
storage tiers = 3
# Tier 0, per second data
dbengine multihost disk space MB = 256
# Tier 1, per minute data
dbengine tier 1 multihost disk space MB = 128
dbengine tier 1 update every iterations = 60
# Tier 2, per hour data
dbengine tier 2 multihost disk space MB = 64
dbengine tier 2 update every iterations = 60
[logs]
error = syslog
[plugins]
timex = no
idlejitter = no
# netdata monitoring = yes
tc = no
# diskspace = yes
# proc = yes
# cgroups = yes
statsd = no
#enable running new plugins = yes
#check for new plugins every = 60
slabinfo = no
nfacct = no
charts.d = no
python.d = no
go.d = no
ioping = no
perf = no
freeipmi = no
apps = yes
'';
};
}

0
server/modules/networkmanager.nix → modules/networkmanager.nix
View File

10
server/modules/nextcloud.nix → modules/nextcloud.nix
View File

@@ -1,4 +1,7 @@
{ config, pkgs, lib, inputs, ... }:
{ config, pkgs, lib, inputs, vars, ... }:
let
wireguardIp = vars.wireguardIp;
in
{
age.secrets.nextcloud-cert = {
file = ../secrets/nextcloud-cert.age;
@@ -26,7 +29,7 @@
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"nextcloud.local" = {
serverAliases = [ "192.168.2.1" ];
serverAliases = [ wireguardIp ];
## Force HTTP redirect to HTTPS
forceSSL = true;
locations."~ ^\\/(?:index|remote|public|cron|core\\/ajax\\/update|status|ocs\\/v[12]|updater\\/.+|oc[s]-provider\\/.+|.+\\/richdocumentscode\\/proxy)\\.php(?:$|\\/)".extraConfig = ''
@@ -54,9 +57,8 @@
config.adminpassFile = config.age.secrets.nextcloud-admin.path;
config.dbtype = "pgsql";
database.createLocally = true;
config.extraTrustedDomains = [ "192.168.2.1" ];
config.extraTrustedDomains = [ wireguardIp ];
home = "/mnt/250ssd/nextcloud";
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit keeweb onlyoffice calendar mail;
spreed = pkgs.fetchNextcloudApp rec {

93
modules/nginx.nix Normal file
View File

@@ -0,0 +1,93 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.tmpfiles.rules = [
"d /data 0770 github-actions-runner nginx -"
"d /data/website 0770 github-actions-runner nginx -"
];
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"kopatz.ddns.net" = {
#serverAliases = [
# "www.kopatz.ddns.net"
# "server.home"
# "server.local"
# "192.168.0.6"
#];
root = "/data/website";
forceSSL = true;
enableACME = true;
locations."~* \\.(jpg)$".extraConfig= ''
add_header Access-Control-Allow-Origin *;
'';
locations."~ ^/(stash|resources|css)".extraConfig=''
client_max_body_size 5000M;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5091;
'';
locations."/tracker-site" = {
tryFiles = "$uri $uri/ /tracker-site/index.html =404";
};
locations."/tracker-site/api" = {
extraConfig =''
rewrite /tracker-site/api/(.*) /$1 break;
'';
proxyPass = "http://127.0.0.1:8080";
};
#locations."~/books(.*)$" = {
# proxyPass = "http://127.0.0.1:5000";
#};
},
#discord bot for tracking useractivity public version
"activitytracker.site" = {
root = "/data/website";
forceSSL = true;
enableACME = true;
locations."~* \\.(jpg)$".extraConfig= ''
add_header Access-Control-Allow-Origin *;
'';
locations."~ ^/(stash|resources|css)".extraConfig=''
client_max_body_size 5000M;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5092;
'';
locations."/" = {
tryFiles = "$uri $uri/ /tracker-site/index.html =404";
};
locations."/api" = {
extraConfig =''
rewrite /api/(.*) /$1 break;
'';
proxyPass = "http://127.0.0.1:8080";
};
};
"adguard.local" = {
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
};
}

7
modules/nix/index.nix Normal file
View File

@@ -0,0 +1,7 @@
{
programs.command-not-found.enable = false;
programs.nix-index = {
enable = true;
enableZshIntegration=true;
};
}

3
modules/nix/ld.nix Normal file
View File

@@ -0,0 +1,3 @@
{
programs.nix-ld.enable = true;
}

0
server/modules/nix-settings.nix → modules/nix/settings.nix
View File

4
modules/no-sleep-lid-closed.nix Normal file
View File

@@ -0,0 +1,4 @@
{
services.logind.lidSwitchExternalPower = "ignore";
}

8
server/modules/paperless.nix → modules/paperless.nix
View File

@@ -1,4 +1,8 @@
{ config, pkgs, lib, inputs, ... }:
{ config, pkgs, lib, inputs, vars, ... }:
let
ip = vars.ipv4;
wireguardIp = vars.wireguardIp;
in
{
networking.firewall.allowedTCPPorts = [ 28981 ];
age.secrets.paperless = {
@@ -10,7 +14,7 @@
enable = true;
port = 28981;
passwordFile = config.age.secrets.paperless.path;
address = "192.168.2.1";
address = wireguardIp;
mediaDir = "/mnt/250ssd/paperless";
};
}

0
server/modules/postgres.nix → modules/postgres.nix
View File

9
modules/rdp.nix Normal file
View File

@@ -0,0 +1,9 @@
{ config, pkgs, lib, vars, ... }:
let
wm = vars.wm;
in
{
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = wm;
services.xrdp.openFirewall = true;
}

0
server/modules/samba.nix → modules/samba.nix
View File

10
modules/ssh.nix Normal file
View File

@@ -0,0 +1,10 @@
{
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
};
}

12
server/modules/static-ip-server.nix → modules/static-ip.nix
View File

@@ -1,3 +1,9 @@
{ config, vars, ...}:
let
ip = vars.ipv4;
dns = vars.dns;
interface = vars.interface;
in
{
networking = {
defaultGateway = "192.168.0.1";
@@ -7,14 +13,14 @@
allowedUDPPorts = [ 5000 ];
};
nameservers = [
"127.0.0.1"
dns
"1.1.1.1"
];
interfaces = {
"enp0s31f6" = {
${interface} = {
name = "eth0";
ipv4.addresses = [{
address = "192.168.0.6";
address = ip;
prefixLength = 24;
}];
};

3
modules/support/ntfs.nix Normal file
View File

@@ -0,0 +1,3 @@
{
boot.supportedFilesystems = [ "ntfs" ];
}

0
server/modules/synapse.nix → modules/synapse.nix
View File

7
modules/thunderbolt.nix Normal file
View File

@@ -0,0 +1,7 @@
{
services.udev.extraRules = ''
# Always authorize thunderbolt connections when they are plugged in.
# This is to make sure the USB hub of Thunderbolt is working.
ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
'';
}

6
modules/virt-manager.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }:
{
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true; # virt-manager requires dconf to remember settings
environment.systemPackages = with pkgs; [ virt-manager virtiofsd ];
}

0
server/modules/vmware-guest.nix → modules/vmware-guest.nix
View File

7
modules/wake-on-lan.nix Normal file
View File

@@ -0,0 +1,7 @@
{ config, pkgs, lib, vars, ... }:
let
interface = vars.interface;
in
{
networking.interfaces.${interface}.wakeOnLan.enable = true;
}

14
server/modules/wireguard.nix → modules/wireguard.nix
View File

@@ -1,4 +1,7 @@
{ config, pkgs, lib, inputs, ... }:
{ config, pkgs, lib, inputs, vars, ... }:
let
wireguardIp = vars.wireguardIp;
in
{
age.secrets.wireguard-private = {
@@ -15,7 +18,7 @@
autostart = true;
listenPort = 51820;
address = [
"192.168.2.1/24"
"${wireguardIp}/24"
];
peers = [
{
@@ -81,6 +84,13 @@
persistentKeepalive = 25;
publicKey = "g5uTlA1IciXgtSbECjhVis0dajRAc53Oa7Hz6dUI+0Q=";
}
{
allowedIPs = [
"192.168.2.6/32"
];
persistentKeepalive = 25;
publicKey = "5ClF2HcqndpXS7nVgDn2unWFUYcKo5fbudV6xX2OIVE=";
}
];
privateKeyFile = config.age.secrets.wireguard-private.path;
};

5
modules/wireshark.nix Normal file
View File

@@ -0,0 +1,5 @@
{ config, pkgs, ... }:
{
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
}

31
modules/wooting.nix Normal file
View File

@@ -0,0 +1,31 @@
{ pkgs, lib, ...}:
let
wooting-udev = pkgs.stdenv.mkDerivation rec {
pname = "wooting-udev-rules";
version = "unstable-2023-03-31";
# Source: https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/
src = [ ./wooting.rules ];
dontUnpack = true;
installPhase = ''
install -Dpm644 $src $out/lib/udev/rules.d/70-wooting.rules
'';
meta = with lib; {
homepage = "https://help.wooting.io/en/article/wootility-configuring-device-access-for-wootility-under-linux-udev-rules-r6lb2o/";
description = "udev rules that give NixOS permission to communicate with Wooting keyboards";
platforms = platforms.linux;
license = "unknown";
maintainers = with maintainers; [ davidtwco ];
};
};
in
{
services.udev.packages = [ wooting-udev ];
environment.systemPackages = with pkgs; [
wootility
];
}

12
modules/wooting.rules Normal file
View File

@@ -0,0 +1,12 @@
# Wooting Two HE (ARM)
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1230", MODE:="0666", GROUP="input"
SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1230", MODE:="0666", GROUP="input"
# Wooting Two HE Alt-gamepad mode
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1231", MODE:="0666", GROUP="input"
SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1231", MODE:="0666", GROUP="input"
# Wooting Two HE 2nd Alt-gamepad mode
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1232", MODE:="0666", GROUP="input"
SUBSYSTEM=="usb", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="1232", MODE:="0666", GROUP="input"
# Wooting Two HE (ARM) update mode
SUBSYSTEM=="hidraw", ATTRS{idVendor}=="31e3", ATTRS{idProduct}=="123f", MODE:="0666", GROUP="input"

BIN
secrets/coturn-secret.age Normal file
View File

Binary file not shown.

0
server/secrets/create_secrets.md → secrets/create_secrets.md
View File

11
secrets/duckdns.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw bknEVINSpmzqbs669XXGW10WlRU2eYqM21nCra4Grm0
UH/rieabfARVLfMojUzRpMV8OgQQegmkERr3OsudizI
-> ssh-ed25519 IV3DkQ ae0X4te6ZevvoybUP20LgE4ymTiisoBMfrZQBm0LHEo
f9VxOHjo6W349d/T9DuH0KbQRHj+EXa+yascxnG/oEA
-> ssh-ed25519 DCzi1A vBpgN1TwpEv+mJNIMoHitLshG0q1RDTz3WrvRbRGnno
Nc9I8WWXDDzCfOHkcbhqXjk0Fvp23f8QxiW6bdPix3Q
-> 5-grease ;gX' KVd. S[Du |%f:LC8
g5R1yuzS9892Jf0N+RsaVg77389vLxeowKKcD/PM962AMYCe4iHdCw
--- u/d/x8qCopx23d4TiecnfbaL+l+JJu5i+yJqmU6XH/c
4n„~¡Xv€6ŒÉjÌ80ÄÚã} _=$H@ÒuÕ{Àqú·É/<2F>¬^+vÔ¹Á Oyˆ³E—p¢K3ª<33>L²âZ

BIN
secrets/github-runner-pw.age Normal file
View File

Binary file not shown.

BIN
secrets/github-runner-token.age Normal file
View File

Binary file not shown.

12
secrets/kavita.age Normal file
View File

@@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw jL+B4j2QGanksP4x+jj0ZeAe57ufHIqURXGoaB1rqWE
Q2wNCrQ/TiAIRkb9p7MMLo7SmOVpsMkO4AEQkSAPHpc
-> ssh-ed25519 IV3DkQ jfdSR8lRuMlFrVxMg+6P37kVS9v3zvxKGO2R90t8XGs
gLP7UsYyY/HnPJpXB9z9mtc/8GfSpGZhSf16voFKaaE
-> ssh-ed25519 DCzi1A Ks6trkFOVgidCX+LFkxCMQ6xPBz6/dXc3CfiijhMwE4
joziP64UOp0WIywkum11BLMiwR3Gc+AFNRsFXxU/AiU
-> |3-grease dr@v"
6c/WH73DJlanYVJtocLLZ4MjsFVFHc0jg2HKxEh90m4rymXWlmucnXU5tuVkAKuF
ngzhdErYIbRk7C9Bc0otbi8KbqzD7jrHUA
--- mxzTEu81P3EeKZoa8/817c1hj6sVgO20YyViBxHbGWs
©™ªîd g\í™aβþ<C2B2>Iªï4gþ<07>/6F¸·ÔzO˳'vR\èJ•åhèvF+ áÜ#ÈWî°fã1i‘þ;2m<E2809A>Ø

12
secrets/matrix-registration.age Normal file
View File

@@ -0,0 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw xrDKLBFHoh635bYYw5FlL2WnRPzzEM5EFIipjunDQ3A
Wfkj09/KylBGszWXViglOfQnzEPy2JhOqyq6/cDXqiI
-> ssh-ed25519 IV3DkQ +F9cs8sm432eoBD3sshRyo1GIy8/YwdanqRX/c4Y7B8
LHpRwgpI2Np9iDvJQIb6khmWJqehHFetw2DjthvWN5E
-> ssh-ed25519 DCzi1A PVEn4M1Q0P6HOWLUHQ0g1oFwWwrfhKkc0ptBSPVvoDk
VXDdSofM0bMv5Rh8dHkboL/+cq8yQbvK/SZkwOaEQzY
-> (-grease >Tbe
9FPVr0dmrUWP7dKYoJ3tlegb7knPZlUTRFrZ3trG7Lwv30NHSYnMLtxSj3aushEM
Izg
--- FC8cLZftv1tiIbIr5c0gM/Gllni1PBt06Pl5HaZw520
µœ ›œÕNóꘜe©Ç ÝH¥Ï&°àC¾Í0­[`†=*:&ë ºi/*Vá"+ç}:

BIN
secrets/nextcloud-admin.age Normal file
View File

Binary file not shown.

BIN
secrets/nextcloud-cert.age Normal file
View File

Binary file not shown.

BIN
secrets/nextcloud-key.age Normal file
View File

Binary file not shown.

BIN
secrets/paperless.age Normal file
View File

Binary file not shown.

BIN
secrets/restic-gdrive.age Normal file
View File

Binary file not shown.

BIN
secrets/restic-pw.age Normal file
View File

Binary file not shown.

BIN
secrets/restic-s3.age Normal file
View File

Binary file not shown.

23
secrets/secrets.nix Normal file
View File

@@ -0,0 +1,23 @@
let
kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
nix-test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVqEb1U1c9UX3AF8otNyYKpIUMjc7XSjZY3IkIPGOqi root@server";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
users = [ kop ];
systems = [ nix-test-vm server ];
in
{
"github-runner-token.age".publicKeys = [ nix-test-vm server kop ];
"github-runner-pw.age".publicKeys = [ nix-test-vm server kop ];
"duckdns.age".publicKeys = [ nix-test-vm server kop ];
"nextcloud-admin.age".publicKeys = [ nix-test-vm server kop ];
"nextcloud-cert.age".publicKeys = [ nix-test-vm server kop ];
"nextcloud-key.age".publicKeys = [ nix-test-vm server kop ];
"restic-pw.age".publicKeys = [ nix-test-vm server kop ];
"restic-s3.age".publicKeys = [ nix-test-vm server kop ];
"restic-gdrive.age".publicKeys = [ nix-test-vm server kop ];
"wireguard-private.age".publicKeys = [ nix-test-vm server kop ];
"coturn-secret.age".publicKeys = [ nix-test-vm server kop ];
"matrix-registration.age".publicKeys = [ nix-test-vm server kop ];
"paperless.age".publicKeys = [ nix-test-vm server kop ];
"kavita.age".publicKeys = [ nix-test-vm server kop ];
}

0
server/secrets/selfsigned-cert.sh → secrets/selfsigned-cert.sh
View File

11
secrets/wireguard-private.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw HoX1AI2rIYDJbfKRDRXr1ZRsNM1OVRVrr0XRnBD29FQ
aM3HP0kxq9ACb2TFcb7f9rxKXFoT2Y9nEjL+XD3nHIM
-> ssh-ed25519 IV3DkQ EKn/xr5EWEev3stYXDGrzfLtwt2thJ+34e5eP1v4l0g
raaOM6zpmokVCBKNWx9xHpsQJSpTbHHQeRbz2+wC3+0
-> ssh-ed25519 DCzi1A mVLJ1c2e1UOsTuDCKIwLliBz3OVBH8vGp/gICb8cyQY
dXok0Tr56SdW5sf74IYk7rDnim/s7vZI/PZIGKvNuaM
-> ;mHckk.i-grease [&? MW78 %Ee4m
LebJ6ZshTkkY+fM5zI/sbQzGpcKN5oGiEu5tWSPnmeQQxJrjT7Utqf3KAfI
--- 6HedZR4VvouzHmjeV9DY6BsybKcainxK9fro9MSjpxg
hÔqÂÇ<3<>:7{,Á9'Ä<1A>š„öw¾(FVGuLAA0“̽üÿa| ½õKwµ?–¥!\Z-\¼³$ü<>ä6yÖÖ§¿xý

145
server/flake.lock generated
View File

@@ -1,145 +0,0 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1696775529,
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm",
"repo": "agenix",
"rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1673295039,
"narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1682203081,
"narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1695108154,
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "07682fff75d41f18327a871088d20af2710d4744",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.05",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1677676435,
"narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1698924604,
"narHash": "sha256-GCFbkl2tj8fEZBZCw3Tc0AkGo0v+YrQlohhEGJ/X4s0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa804edfb7869c9fb230e174182a8a1a7e512c40",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1698942558,
"narHash": "sha256-/UmnB+mEd6Eg3mJBrAgqRcyZX//RSjHphcCO7Ig9Bpk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "621f51253edffa1d6f08d5fce4f08614c852d17e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable"
}
}
},
"root": "root",
"version": 7
}

58
server/flake.nix
View File

@@ -1,58 +0,0 @@
{
description = "A very basic flake";
inputs = {
# secrets management
agenix.url = "github:ryantm/agenix";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, agenix, home-manager }@inputs:
let
system = "x86_64-linux";
overlay-unstable = final: prev: {
unstable = nixpkgs-unstable.legacyPackages.${prev.system};
};
in {
nixosConfigurations.server = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
./modules/static-ip-server.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./configuration.nix
./modules/hdd-spindown.nix
./modules/motd.nix
./modules/postgres.nix
./modules/fail2ban.nix
./modules/nix-settings.nix
./modules/adguard.nix
./modules/git.nix
#./modules/vmware-guest.nix
./modules/github-runner.nix
./modules/synapse.nix
./modules/nextcloud.nix
#./modules/coturn.nix
./modules/acme.nix
./modules/samba.nix
./modules/backup.nix
./modules/nginx.nix
./modules/ssh.nix
./modules/rdp.nix
./modules/docker.nix
./modules/wireguard.nix
./modules/cron.nix
./modules/paperless.nix
#./modules/dyndns.nix i think ddclient is deprecated
#./modules/home-assistant.nix idk dont like this
home-manager.nixosModules.home-manager
agenix.nixosModules.default
];
specialArgs = { inherit inputs; };
};
};
}

89
server/modules/nginx.nix
View File

@@ -1,89 +0,0 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.tmpfiles.rules = [
"d /data 0770 github-actions-runner nginx -"
"d /data/website 0770 github-actions-runner nginx -"
];
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"kopatz.ddns.net" = {
#serverAliases = [
# "www.kopatz.ddns.net"
# "server.home"
# "server.local"
# "192.168.0.6"
#];
root = "/data/website";
forceSSL = true;
enableACME = true;
locations."~* \\.(jpg)$".extraConfig= ''
add_header Access-Control-Allow-Origin *;
'';
locations."~ ^/(stash|resources|css)".extraConfig=''
client_max_body_size 5000M;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5091;
'';
locations."/tracker-site" = {
tryFiles = "$uri $uri/ /tracker-site/index.html =404";
};
locations."/tracker-site/api" = {
extraConfig =''
rewrite /tracker-site/api/(.*) /$1 break;
'';
proxyPass = "http://127.0.0.1:8080";
};
},
#discord bot for tracking useractivity public version
"activitytracker.site" = {
root = "/data/website";
forceSSL = true;
enableACME = true;
locations."~* \\.(jpg)$".extraConfig= ''
add_header Access-Control-Allow-Origin *;
'';
locations."~ ^/(stash|resources|css)".extraConfig=''
client_max_body_size 5000M;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:5092;
'';
locations."/" = {
tryFiles = "$uri $uri/ /tracker-site/index.html =404";
};
locations."/api" = {
extraConfig =''
rewrite /api/(.*) /$1 break;
'';
proxyPass = "http://127.0.0.1:8080";
};
};
"adguard.local" = {
locations."/".proxyPass = "http://127.0.0.1:3000";
};
};
};
}

5
server/modules/rdp.nix
View File

@@ -1,5 +0,0 @@
{
services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "startplasma-x11";
services.xrdp.openFirewall = true;
}

15
server/modules/ssh.nix
View File

@@ -1,15 +0,0 @@
{
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
settings.X11Forwarding = true;
};
users.users.anon.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDb14svyGa2WprTNrtaI5yRl9KP+wzmLueFsHQww0Y6D2CZ5ZEEwoGFg7PrjWzVa/tXYn5AO1ng5eMCRbZPjtX03of448HTAEV8B0BFV9BuemoIBf14TRZ6lhGfQvD7BlTVZ5jKGUUJBfRdf0CZ8Ed5dk77u0xGV8+p3dYAQXowOmOyYFiDg6baKQcLM5Pz2zVxK1GySehEJ4n7GYNjyv7hJhfWMbaE10rIB0V0TuM8yeYvBvIxfGfMzlm4izOHbuSYR1v6RCuQKn1JOQiYqAkYCsXG/4XssMXpl2KxGvp67OJNotIHzap8zRDr7KH8Sk8jHuBFCnqbxDEqzs72Qtan Kopatz@Kopatz-PC"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsicFT8H/XHR3c0nN6f3dmChxLlkIYalUEQPqP2qROkX7Na6cMXoFiRvegvVPBCgR+DKagp7G2fttZVZ51yBBZ4G/rzDMgKIFgTDNaDeyGWx2n2zCHM5/wletoqTU6ezOUKOEvOfpsZnpcUqVmYtxlrMpakItrtSO+5mawlTKiDTqtazxLfFuyQFzlXVfVcJacxEupd+Ilmp8Y/e8pp6+jGYZ9asNuQKuGDaCepkhsPEGq/cK9AqaATdx/F81H1metV+kf6A3eDlcyzZy+x41GSofiR6HFgUzYafe5uddMVtL7JIKHHPQVpMMqPxkD3tphozh0fq3C9v8aThcqkvoU9eFD7PcN+8U6guA6Qf7cysGXb3pnvrfSeKGlxxpUAxLcpHlJnP66c7/TVRe2buAYFQqykrmRmJfLwqpY2UHoshpcGTwULslEHCMC5/wgc3BPgVGUB148d7F36bS1jTJlRGqwzf712CKnwW122xTZawgybrr8A5Q/bSRFtpz5wys= kopatz@Kopatz-PC2"
];
}

10
server/secrets/coturn-secret.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw 4ZpkTSszkAJIbBs211PZAuWyYlsbYGx+kh+fIa/X8Q4
zlDBNm+2ykfiugTcPWGgLKsBBCVRDiLkp/GSX8stVnQ
-> ssh-ed25519 IV3DkQ jvo0WmLvaOpAHASPs5Qb4HblklPs7l+wuiZIIapbm2c
KiPkiZMwPF4q5s2Ity1DBiPxDrEpMNEW6p9P7DOBVIY
-> NJJFW+-grease
vUz0h2kED8aYuu4hT4AJw89LzscD0jiKUVlkrhO0IN7n5do6dUkXm5h7wNwnybTl
FoV3HBxV3xAr6tD++Uv8/ej/XqG0jBhd
--- h2fQyC4ajeEOyuzxzt7gf23wJMBoLQSXcc8uKewGyuY
Õ¨ßUD6j==(ž¹>8ôÅ"#Êdþ`‚Ô†bmUù·ß­kk&䦔çžDÌùè­€Ã`1m?W¡Ó¨°¥¹L¢jÖ°ûà5{ý÷ÛLäÏ©©.çÔÊîD½²:vÞÆtQ<74>K

9
server/secrets/duckdns.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw qWHcQHXaRWumJlWydl0VLTNR2y4j5uVb3Sbjb0iO9Hk
LrQOKE3+nYVEM9cg3gT+nInpdTBocmVXSBSD7EBb1MQ
-> ssh-ed25519 IV3DkQ QR2R+mQSrk0UBV4GSATs0NQkkgbQzFai7ms5xQX3RTc
sndWMq89BmXeoyE+le7tHJQ6oSjzfhCbas5EpcJIzdc
-> 2/3Ux/5c-grease k;>AI5|g &JI / .{c
kY1TBMB2l6gMU+1aHPbBTCad537N1aa8d0Wi8bYGMmeC9+8PV18a
--- eKaZ9bddh3SF6hitwAHBldIFpUh3s2R6pI9eDstHdk8
·E¦·g˜v:½ô¦ü!µàÆOGy½ïg%ӂĬ

11
server/secrets/github-runner-pw.age
View File

@@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw wQOSX5WnvkxmKl4xtbD62v312Sj9/g7SoMfQVdS1Q0o
Vv0byaVj1ptj08mDoEI6Go6h55gPVj1Gb0YJc+KhzuM
-> ssh-ed25519 IV3DkQ cAZHkdeXW2UyjIamz0Ab/NQhWhlxwFrj951KIVIRjyw
AV4rahLaZVem+nQDMIv6kMeIhjUAc7/F1wO20g89Eyk
-> e'`r-grease 5rS.MW
/smMPjLrxnS0QF2hU6axJMQlD0m8t9L15JK2CilAElDNVwMf35aynhvQqvCiQ3Sv
ueSLjeLVmEc8QZLORIFUabQAh59QqK3NCm/FVYSLwVZimytMH4/QksjN
--- mSjoAgLw84jJjQYlOf9ZfAvjw8b/2LFA55pM2uYEl2U
Ïåðc“س:I<>ø‰¢:Z{ŠòE@ŽH‡äß~á±Omaê
ñúÄa”A´°<yR]& Í_$|€6Rq“88ÊYí¹µ&¢ Ö<5]B­D/6™í°¿môÉ!4n

12
server/secrets/github-runner-token.age
View File

@@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw rvIxniIy9V9MEusfISoYDZACLPHWIXlpeTDCsXhbxQ4
Fh5jIyimXuB1xwfsYS5TeTI5yXPxF9K/M7YlBW9DSMw
-> ssh-ed25519 IV3DkQ XzdSfWvjKSu6RiUV5BWvOasK6QFB2uOHybtYEYnDnwg
BhtquDcngJfnGhfb4kHgfuQAZyXLKzm8518zXvwki0o
-> 'Xd:O-grease sG
Z4FSpQUYvPvA3YAf9NoXPQ30KwLYEL0XNJLXtbGESfllNc7cM5tOTn+szfotRwVI
3wGBWkTzE5g0rfLhVGUybFJIlMguXvZVl2EQ
--- xu2w56OhLGufb9mMXZQ/8Y/xTD0Ke8Yvf8h6zVE0p7g
ØJô$ÇC7<43>
¼Í¥ïF˜çßE
I+

10
server/secrets/matrix-registration.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw cm1Rv6pG2jv5YL2a3jejL3oHyp3w5AdOOkPUuC1RiTQ
OPfb5CCkGwV1wBjxSM63i7YSWzwZrwh2GbIaIMgbnLo
-> ssh-ed25519 IV3DkQ mqIItqMdUx2rypN38qZc2MluanXzEyW82BoRvJRnmgE
FiODCU94Dv0MRhhMjcRxtM8vSzcfWbCiQza6P3iRFK0
-> .H0wQ-grease /9 WqdeDrv> )IMX{vvR >^?
AY2rOa0e0RS1
--- rQj2qpVKjSI/ptv2PUp2kMoAtko06QQw64Fgx46/10s
öfÅ_¬A¤hÂêfþÄÝخފ<C39E>úfg~sv‘ˆ³£&L²IpÑ,Cy-9ϪªRÄi
D%Y와N3Y!Ã><3E>©Ž˜ÿ ¯4òU<C3B2>Š#ìIi(å¬`Êc.ä¯U×ÿº.óáôT#ÛÃwNžªÀô‡øl^x§$œÅƒ€×É-_¶L[6†ÛÍÊB ƒ—å2ã&”vqáX<C3A1>ç¦ö|woìê˜BéP„'ýíRhOD>Å·éÎľIóËW

9
server/secrets/nextcloud-admin.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw mo8zrkfdjLd7ojLCZZ8XL0fDQwr4Z5t8pqnbmXykXxQ
bpPiBgz/w14vqnvS8YuXJTo1pDuqdbHEfqXEgdHXs0Q
-> ssh-ed25519 IV3DkQ 3IzYm/7tlIH4hQs2M1fqkeoz7mKw5idUHm6z5TaHTxw
BHnYTqatni/UzwBJSghGiXqWUwuPpHW4HBVjjP1UXjI
-> 9/q5f-grease 3j `{O $R )*.
NPSQgfHqIJIHr8herACNiV+BwRf03K8G8RBDb5/6oZym
--- QTd5uVu6AZspmxpuZ7w32gyICcrKQKkP1www6qnjoDw
Áô;ÞªÍÌOãÍ@!éÝò!½Þb

BIN
server/secrets/nextcloud-cert.age
View File

Binary file not shown.

BIN
server/secrets/nextcloud-key.age
View File

Binary file not shown.

BIN
server/secrets/paperless.age
View File

Binary file not shown.

BIN
server/secrets/restic-gdrive.age
View File

Binary file not shown.

10
server/secrets/restic-pw.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw fr9bTdi5DqM3+gHEZLQeYv22HJTnafbicFi8kQxLU1I
THTt5YssgKZyqTukphvhT/XLCp9EnWUoh2LLi1sv25E
-> ssh-ed25519 IV3DkQ 7m6HtNWFwXuVUPBr7GRbk+UopzQ8wdXOSyXL23B0xTE
gXvUsoDrmB9tKRyFIX/ATOCej8hIvwHSuun9A9Q+i+8
-> nuYl73-grease nU#N,Cb8 jdR=c0` eKcsi
G+zZUpeeSiaE8wkzK9tv80hj7wbZScXMbOVHaSYZeFhEfXhEJliFP60X2ZNQTkUG
ArOKaDwOY/zByBc+Jf1P5JLZinVeTLBQRnBN+RrZE20
--- wL204i5S+VYFP+C7JwZsSWSXRC+a4FejQoxFGEnV5Io
tí~õ—ÕˆÃ?nô6f©Y@<>$D½óB¦Ô‡Â<E28093>îNGØá^â\mÚ6cƒAóãhÑ^˜lh;CŸŒÊ!^>tœS¨ ì9Ö

10
server/secrets/restic-s3.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw kIAiiVGrxQLT8tNcIehkSwAl0RIR8yCblKcJutHKfio
LlI57U6z2Rmzau3yGP7GwgE7axUSHazMZB87CUuvZIo
-> ssh-ed25519 IV3DkQ Lig+2cAx34B1GK28qm8dxfcdjezyjHgusJW4i1JiLFM
FPjcmohS8mLlNLhZsXXlYJB10nnUYZOJonnIQoxcfuY
-> T$pF-grease vM&|GOOo k"jB.( '3~O-3rS
+sxTmNCBIo/fFeSCisPlgGYrIJNZVh/ykKig7UonRDBNYCIq9GoC8MViYEtTOcfF
o13P+1O2apmVg84VclReTiEZOy96TgjUe8A6uc9+
--- ah7cAYBdupOvrBoaJx1m8fTmSceC5Cq/2PPQOvZRTGA
µÞ£ ?4Ðîb®h<C2AE>×>m ö;‡"û”üeµGŸ¦ËNÚÄÍäèéåLD¼¯I{eþ™\”W¸Ó™`éSºÌ;¥2¹½VywÀNW_º<5F>Éó<C389>éU<7F>FžÌS2CðXS<d¹dèëðѧxDˆjôìÛ—T™.œ¹ŽK@<40>E"ö

20
server/secrets/secrets.nix
View File

@@ -1,20 +0,0 @@
let
nix-test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVqEb1U1c9UX3AF8otNyYKpIUMjc7XSjZY3IkIPGOqi root@server";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
systems = [ nix-test-vm server ];
in
{
"github-runner-token.age".publicKeys = [ nix-test-vm server ];
"github-runner-pw.age".publicKeys = [ nix-test-vm server ];
"duckdns.age".publicKeys = [ nix-test-vm server ];
"nextcloud-admin.age".publicKeys = [ nix-test-vm server ];
"nextcloud-cert.age".publicKeys = [ nix-test-vm server ];
"nextcloud-key.age".publicKeys = [ nix-test-vm server ];
"restic-pw.age".publicKeys = [ nix-test-vm server ];
"restic-s3.age".publicKeys = [ nix-test-vm server ];
"restic-gdrive.age".publicKeys = [ nix-test-vm server ];
"wireguard-private.age".publicKeys = [ nix-test-vm server ];
"coturn-secret.age".publicKeys = [ nix-test-vm server ];
"matrix-registration.age".publicKeys = [ nix-test-vm server ];
"paperless.age".publicKeys = [ nix-test-vm server ];
}

10
server/secrets/wireguard-private.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 yfCCMw 8R//RguE7Om0PFjixliXpwEchVwPcm9COYTz7TIZxTE
81yMA9B/T6tbZfw6mU4TlYfCd6BEUC3UlBz1hNUXZ30
-> ssh-ed25519 IV3DkQ 0kS9JOiAPfLi8Zoj6BM0pVwSmDr+BnWvIh7rGwZ21G0
jbMIkFk8DEQ2tWgOWho1JrZkwKWW93GW9dzS3fTKMF4
-> $ByN}E,-grease O$8`|NT 17d} %u)^D-
x6SEG984W9vUAb0FCiZP0R4kQkYFOr3BGLpHP8HF8fj9LHWwxNb3PrntcOPJuvf7
oep4FMyBFHchh6RhyrdRlOf6hCLnmybNKzs
--- fCozYj+thQdIGXzdVLgLpLup9CI0QIEdgoMxfFVHGgs
­<EFBFBD>WV”ožEil3õ—ñz`¡†´ø<C2B4>®ð¤ , oسe-ÿºZüAtoOk¬@1åb¢.U<>NrB¢«zrZY…ëÚý

40
server/users/anon.nix
View File

@@ -1,40 +0,0 @@
{ pkgs, inputs, ... }:
{
imports = [ ./home-manager/nvim.nix ];
home-manager = {
useGlobalPkgs = true;
extraSpecialArgs = {
inherit inputs;
headless = false;
};
useUserPackages = true;
users.anon = {
programs.zsh = {
enable = true;
enableCompletion = true;
enableAutosuggestions = true;
shellAliases = {
ll = "ls -l";
update = "sudo nixos-rebuild switch";
};
oh-my-zsh = {
enable = true;
plugins = [ "git" ];
theme = "eastwood";
};
};
home.stateVersion = "23.05";
};
};
programs.zsh.enable = true;
users.users.anon = {
isNormalUser = true;
description = "anon";
shell = pkgs.zsh;
extraGroups = [ "networkmanager" "wheel" "docker" ];
packages = with pkgs; [
firefox
];
};
}

45
server/users/home-manager/nvim.nix
View File

@@ -1,45 +0,0 @@
{
home-manager.users.anon = { pkgs, ...}: {
programs.neovim = {
enable = true;
defaultEditor = true;
viAlias = true;
vimAlias = true;
plugins = with pkgs.vimPlugins; [
(nvim-treesitter.withAllGrammars)
];
extraPackages = with pkgs;
[];
extraConfig = ''
set autoindent expandtab tabstop=4 shiftwidth=4
set clipboard=unnamed
syntax on
set cc=80
colorscheme habamax
set list
set listchars=tab:\ ,space:·,nbsp:,trail:,precedes:«,extends:»
'';
coc.enable = true;
coc.settings = ''
"suggest.noselect" = true;
"suggest.enablePreview" = true;
"suggest.enablePreselect" = false;
"suggest.disableKind" = true;
"languageserver": {
"nix": {
"command": "${pkgs.nil}/bin/nil",
"filetypes": ["nix"],
"rootPatterns": ["flake.nix"],
// Uncomment these to tweak settings.
// "settings": {
// "nil": {
// "formatting": { "command": ["nixpkgs-fmt"] }
// }
// }
}
}
'';
};
};
}

Some files were not shown because too many files have changed in this diff Show More