kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'master' of github.com:Kropatz/dotfiles

Browse Source
This commit is contained in:
Kopatz
2023-11-20 15:37:30 +00:00
parent 0bbe5e771d 7eb2c4b5fe
commit adbfd24240
30 changed files with 107 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitconfig
View File

@@ -25,5 +25,3 @@
path = .gitconfig-gitea path = .gitconfig-gitea
[includeIf "gitdir/i:~/projects/fh/**"] [includeIf "gitdir/i:~/projects/fh/**"]
path = .gitconfig-gitlabfh path = .gitconfig-gitlabfh
[core]
editor = kate

12
flake.nix
View File

@@ -38,7 +38,10 @@
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; }) ({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
./systems/server/configuration.nix ./systems/server/configuration.nix
### Modules ### ### Modules ###
./modules/static-ip.nix
./modules/hdd-spindown.nix ./modules/hdd-spindown.nix
./modules/firewall.nix
./modules/wireshark.nix
./modules/minecraft-server.nix ./modules/minecraft-server.nix
./modules/motd.nix ./modules/motd.nix
./modules/postgres.nix ./modules/postgres.nix
@@ -83,7 +86,11 @@
./laptop/configuration.nix ./laptop/configuration.nix
./modules/virt-manager.nix ./modules/virt-manager.nix
./modules/ssh.nix ./modules/ssh.nix
./modules/wake-on-lan.nix #./modules/static-ip.nix
#./modules/no-sleep-lid-closed.nix
#./modules/wake-on-lan.nix
./modules/thunderbolt.nix
./modules/rdp.nix
nixos-hardware.nixosModules.dell-xps-15-7590-nvidia nixos-hardware.nixosModules.dell-xps-15-7590-nvidia
agenix.nixosModules.default agenix.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
@@ -102,6 +109,9 @@
./modules/virt-manager.nix ./modules/virt-manager.nix
./modules/ssh.nix ./modules/ssh.nix
./modules/wake-on-lan.nix ./modules/wake-on-lan.nix
./modules/static-ip.nix
./modules/no-sleep-lid-closed.nix
./modules/thunderbolt.nix
nixos-hardware.nixosModules.dell-xps-15-7590 nixos-hardware.nixosModules.dell-xps-15-7590
agenix.nixosModules.default agenix.nixosModules.default
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager

7
modules/firewall.nix Normal file
View File

@@ -0,0 +1,7 @@
{ config, pkgs, lib, inputs, vars, ... }:
let
allowedUDPPortRanges = vars.udpRanges;
in
{
networking.firewall.allowedUDPPortRanges = allowedUDPPortRanges;
}

4
modules/no-sleep-lid-closed.nix Normal file
View File

@@ -0,0 +1,4 @@
{
services.logind.lidSwitchExternalPower = "ignore";
}

8
modules/rdp.nix
View File

@@ -1,5 +1,9 @@
{ config, pkgs, lib, vars, ... }:
let
wm = vars.wm;
in
{ {
services.xrdp.enable = true; services.xrdp.enable = true;
services.xrdp.defaultWindowManager = "startplasma-x11"; services.xrdp.defaultWindowManager = wm;
services.xrdp.openFirewall = true; services.xrdp.openFirewall = true;
} }

3
systems/server/static-ip.nix → modules/static-ip.nix
View File

@@ -1,6 +1,7 @@
{ config, vars, ...}: { config, vars, ...}:
let let
ip = vars.ipv4; ip = vars.ipv4;
dns = vars.dns;
interface = vars.interface; interface = vars.interface;
in in
{ {
@@ -12,7 +13,7 @@ in
allowedUDPPorts = [ 5000 ]; allowedUDPPorts = [ 5000 ];
}; };
nameservers = [ nameservers = [
"127.0.0.1" dns
"1.1.1.1" "1.1.1.1"
]; ];
interfaces = { interfaces = {

7
modules/thunderbolt.nix Normal file
View File

@@ -0,0 +1,7 @@
{
services.udev.extraRules = ''
# Always authorize thunderbolt connections when they are plugged in.
# This is to make sure the USB hub of Thunderbolt is working.
ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
'';
}

2
modules/wake-on-lan.nix
View File

@@ -3,5 +3,5 @@ let
interface = vars.interface; interface = vars.interface;
in in
{ {
networking.interfaces.${interface}.wakeOnLan.enable; networking.interfaces.${interface}.wakeOnLan.enable = true;
} }

5
modules/wireshark.nix Normal file
View File

@@ -0,0 +1,5 @@
{ config, pkgs, ... }:
{
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
}

BIN
secrets/coturn-secret.age
View File

Binary file not shown.

18
secrets/duckdns.age
View File

@@ -1,9 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 yfCCMw qWHcQHXaRWumJlWydl0VLTNR2y4j5uVb3Sbjb0iO9Hk -> ssh-ed25519 yfCCMw bknEVINSpmzqbs669XXGW10WlRU2eYqM21nCra4Grm0
LrQOKE3+nYVEM9cg3gT+nInpdTBocmVXSBSD7EBb1MQ UH/rieabfARVLfMojUzRpMV8OgQQegmkERr3OsudizI
-> ssh-ed25519 IV3DkQ QR2R+mQSrk0UBV4GSATs0NQkkgbQzFai7ms5xQX3RTc -> ssh-ed25519 IV3DkQ ae0X4te6ZevvoybUP20LgE4ymTiisoBMfrZQBm0LHEo
sndWMq89BmXeoyE+le7tHJQ6oSjzfhCbas5EpcJIzdc f9VxOHjo6W349d/T9DuH0KbQRHj+EXa+yascxnG/oEA
-> 2/3Ux/5c-grease k;>AI5|g &JI / .{c -> ssh-ed25519 DCzi1A vBpgN1TwpEv+mJNIMoHitLshG0q1RDTz3WrvRbRGnno
kY1TBMB2l6gMU+1aHPbBTCad537N1aa8d0Wi8bYGMmeC9+8PV18a Nc9I8WWXDDzCfOHkcbhqXjk0Fvp23f8QxiW6bdPix3Q
--- eKaZ9bddh3SF6hitwAHBldIFpUh3s2R6pI9eDstHdk8 -> 5-grease ;gX' KVd. S[Du |%f:LC8
·E¦·g˜v:½ô¦ü!µàÆOGy½ïg%ӂĬ g5R1yuzS9892Jf0N+RsaVg77389vLxeowKKcD/PM962AMYCe4iHdCw
--- u/d/x8qCopx23d4TiecnfbaL+l+JJu5i+yJqmU6XH/c
4n„~¡Xv€6ŒÉjÌ80ÄÚã} _=$H@ÒuÕ{Àqú·É/<2F>¬^+vÔ¹Á Oyˆ³E—p¢K3ª<33>L²âZ

BIN
secrets/github-runner-pw.age
View File

Binary file not shown.

BIN
secrets/github-runner-token.age
View File

Binary file not shown.

BIN
secrets/kavita.age
View File

Binary file not shown.

20
secrets/matrix-registration.age
View File

@@ -1,10 +1,12 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 yfCCMw cm1Rv6pG2jv5YL2a3jejL3oHyp3w5AdOOkPUuC1RiTQ -> ssh-ed25519 yfCCMw xrDKLBFHoh635bYYw5FlL2WnRPzzEM5EFIipjunDQ3A
OPfb5CCkGwV1wBjxSM63i7YSWzwZrwh2GbIaIMgbnLo Wfkj09/KylBGszWXViglOfQnzEPy2JhOqyq6/cDXqiI
-> ssh-ed25519 IV3DkQ mqIItqMdUx2rypN38qZc2MluanXzEyW82BoRvJRnmgE -> ssh-ed25519 IV3DkQ +F9cs8sm432eoBD3sshRyo1GIy8/YwdanqRX/c4Y7B8
FiODCU94Dv0MRhhMjcRxtM8vSzcfWbCiQza6P3iRFK0 LHpRwgpI2Np9iDvJQIb6khmWJqehHFetw2DjthvWN5E
-> .H0wQ-grease /9 WqdeDrv> )IMX{vvR >^? -> ssh-ed25519 DCzi1A PVEn4M1Q0P6HOWLUHQ0g1oFwWwrfhKkc0ptBSPVvoDk
AY2rOa0e0RS1 VXDdSofM0bMv5Rh8dHkboL/+cq8yQbvK/SZkwOaEQzY
--- rQj2qpVKjSI/ptv2PUp2kMoAtko06QQw64Fgx46/10s -> (-grease >Tbe
öfÅ_¬A¤hÂêfþÄÝخފ<C39E>úfg~sv‘ˆ³£&L²IpÑ,Cy-9ϪªRÄi 9FPVr0dmrUWP7dKYoJ3tlegb7knPZlUTRFrZ3trG7Lwv30NHSYnMLtxSj3aushEM
D%Y와N3Y!Ã><3E>©Ž˜ÿ ¯4òU<C3B2>Š#ìIi(å¬`Êc.ä¯U×ÿº.óáôT#ÛÃwNžªÀô‡øl^x§$œÅƒ€×É-_¶L[6†ÛÍÊB ƒ—å2ã&”vqáX<C3A1>ç¦ö|woìê˜BéP„'ýíRhOD>Å·éÎľIóËW Izg
--- FC8cLZftv1tiIbIr5c0gM/Gllni1PBt06Pl5HaZw520
µœ ›œÕNóꘜe©Ç ÝH¥Ï&°àC¾Í0­[`†=*:&ë ºi/*Vá"+ç}:

BIN
secrets/nextcloud-admin.age
View File

Binary file not shown.

BIN
secrets/nextcloud-cert.age
View File

Binary file not shown.

BIN
secrets/nextcloud-key.age
View File

Binary file not shown.

BIN
secrets/paperless.age
View File

Binary file not shown.

BIN
secrets/restic-gdrive.age
View File

Binary file not shown.

BIN
secrets/restic-pw.age
View File

Binary file not shown.

BIN
secrets/restic-s3.age
View File

Binary file not shown.

30
secrets/secrets.nix
View File

@@ -1,21 +1,23 @@
let let
kop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas@Kopatz-PC2";
nix-test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVqEb1U1c9UX3AF8otNyYKpIUMjc7XSjZY3IkIPGOqi root@server"; nix-test-vm = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVqEb1U1c9UX3AF8otNyYKpIUMjc7XSjZY3IkIPGOqi root@server";
server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server"; server = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUA7uVKXAF2UcwaIDSJP2Te8Fi++2zkKzSPoRx1vQrI root@server";
users = [ kop ];
systems = [ nix-test-vm server ]; systems = [ nix-test-vm server ];
in in
{ {
"github-runner-token.age".publicKeys = [ nix-test-vm server ]; "github-runner-token.age".publicKeys = [ nix-test-vm server kop ];
"github-runner-pw.age".publicKeys = [ nix-test-vm server ]; "github-runner-pw.age".publicKeys = [ nix-test-vm server kop ];
"duckdns.age".publicKeys = [ nix-test-vm server ]; "duckdns.age".publicKeys = [ nix-test-vm server kop ];
"nextcloud-admin.age".publicKeys = [ nix-test-vm server ]; "nextcloud-admin.age".publicKeys = [ nix-test-vm server kop ];
"nextcloud-cert.age".publicKeys = [ nix-test-vm server ]; "nextcloud-cert.age".publicKeys = [ nix-test-vm server kop ];
"nextcloud-key.age".publicKeys = [ nix-test-vm server ]; "nextcloud-key.age".publicKeys = [ nix-test-vm server kop ];
"restic-pw.age".publicKeys = [ nix-test-vm server ]; "restic-pw.age".publicKeys = [ nix-test-vm server kop ];
"restic-s3.age".publicKeys = [ nix-test-vm server ]; "restic-s3.age".publicKeys = [ nix-test-vm server kop ];
"restic-gdrive.age".publicKeys = [ nix-test-vm server ]; "restic-gdrive.age".publicKeys = [ nix-test-vm server kop ];
"wireguard-private.age".publicKeys = [ nix-test-vm server ]; "wireguard-private.age".publicKeys = [ nix-test-vm server kop ];
"coturn-secret.age".publicKeys = [ nix-test-vm server ]; "coturn-secret.age".publicKeys = [ nix-test-vm server kop ];
"matrix-registration.age".publicKeys = [ nix-test-vm server ]; "matrix-registration.age".publicKeys = [ nix-test-vm server kop ];
"paperless.age".publicKeys = [ nix-test-vm server ]; "paperless.age".publicKeys = [ nix-test-vm server kop ];
"kavita.age".publicKeys = [ nix-test-vm server ]; "kavita.age".publicKeys = [ nix-test-vm server kop ];
} }

19
secrets/wireguard-private.age
View File

@@ -1,10 +1,11 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 yfCCMw 8R//RguE7Om0PFjixliXpwEchVwPcm9COYTz7TIZxTE -> ssh-ed25519 yfCCMw HoX1AI2rIYDJbfKRDRXr1ZRsNM1OVRVrr0XRnBD29FQ
81yMA9B/T6tbZfw6mU4TlYfCd6BEUC3UlBz1hNUXZ30 aM3HP0kxq9ACb2TFcb7f9rxKXFoT2Y9nEjL+XD3nHIM
-> ssh-ed25519 IV3DkQ 0kS9JOiAPfLi8Zoj6BM0pVwSmDr+BnWvIh7rGwZ21G0 -> ssh-ed25519 IV3DkQ EKn/xr5EWEev3stYXDGrzfLtwt2thJ+34e5eP1v4l0g
jbMIkFk8DEQ2tWgOWho1JrZkwKWW93GW9dzS3fTKMF4 raaOM6zpmokVCBKNWx9xHpsQJSpTbHHQeRbz2+wC3+0
-> $ByN}E,-grease O$8`|NT 17d} %u)^D- -> ssh-ed25519 DCzi1A mVLJ1c2e1UOsTuDCKIwLliBz3OVBH8vGp/gICb8cyQY
x6SEG984W9vUAb0FCiZP0R4kQkYFOr3BGLpHP8HF8fj9LHWwxNb3PrntcOPJuvf7 dXok0Tr56SdW5sf74IYk7rDnim/s7vZI/PZIGKvNuaM
oep4FMyBFHchh6RhyrdRlOf6hCLnmybNKzs -> ;mHckk.i-grease [&? MW78 %Ee4m
--- fCozYj+thQdIGXzdVLgLpLup9CI0QIEdgoMxfFVHGgs LebJ6ZshTkkY+fM5zI/sbQzGpcKN5oGiEu5tWSPnmeQQxJrjT7Utqf3KAfI
­<EFBFBD>WV”ožEil3õ—ñz`¡†´ø<C2B4>®ð¤ , oسe-ÿºZüAtoOk¬@1åb¢.U<>NrB¢«zrZY…ëÚý --- 6HedZR4VvouzHmjeV9DY6BsybKcainxK9fro9MSjpxg
hÔqÂÇ<3<>:7{,Á9'Ä<1A>š„öw¾(FVGuLAA0“̽üÿa| ½õKwµ?–¥!\Z-\¼³$ü<>ä6yÖÖ§¿xý

5
systems/laptop/userdata.nix
View File

@@ -1,4 +1,7 @@
{ {
interface = "enp0s31f6"; interface = "enp10s0u1u2";
ipv4 = "192.168.0.4";
dns = "192.168.0.6";
wm = "gnome-shell";
} }

1
systems/server/configuration.nix
View File

@@ -12,7 +12,6 @@ in{
imports = imports =
[ # Include the results of the hardware scan. [ # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./static-ip.nix
]; ];
# Bootloader. # Bootloader.

8
systems/server/userdata.nix
View File

@@ -1,5 +1,13 @@
{ {
interface = "enp0s31f6"; interface = "enp0s31f6";
ipv4 = "192.168.0.6"; ipv4 = "192.168.0.6";
dns = "127.0.0.1";
wireguardIp = "192.168.2.1"; wireguardIp = "192.168.2.1";
wm = "startplasma-x11";
udpRanges = [
#{
# from = 52000;
# to = 52100;
#}
];
} }

4
users/anon.nix
View File

@@ -40,12 +40,14 @@ in
isNormalUser = true; isNormalUser = true;
description = user; description = user;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ "networkmanager" "wheel" "docker" ]; extraGroups = [ "networkmanager" "wheel" "docker" "wireshark"];
packages = with pkgs; [ packages = with pkgs; [
firefox firefox
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeP6qtVqE/gu72ZUZE8cdRi3INiUW9NqDR7SjXIzTw2 lukas"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCuRAKtoU5rjSbjDxlac6oAww/XHgsVRFHwIVnVm/TrTtDNqRyAkr6fIUiSKTHrpBPyJjIKCzkHS8QhbS2zZo4wjcgAyMyK33q/CzLs8DPQMWX0RKxR+OaVNwh90iWHr663a5x7ztTag3oPGOAYjeqCoIJWyQRlvIKflriJnAjWE8nvw4QkErpRWo4JJnhS61GQMrPT6VK0yXzq3zQs2t3cXTvGMmeLjBuluvJ6yiDk2bAGdY2UWnbs1y2M1TD3xn0pHzITeQnoWLfy+cwPHnEulciVqyr4pp6LDygmIPI1rxKAIQUnwo09n/A1eIcqlUo8aKy7ZDyrssuGWKZ/U4FC258NWwdUPbjyQvzNdcZjXC4+AmQTb+DwiECYOCfF7O/uRRqoFl7jfVfKqHJ7DKebt20QKwDCH/d5qfDs6xA0Krl2dgu3vePhsOkmpnIfPk9Cxl+YHGfmpCOVQHhxCwpkQs0Oh7NerO3idnG1enckjCuzCotnL8vDhczdL4eZmus= kopatz@nix-laptop
"
]; ];
}; };
} }

2
users/home-manager/nvim/nvim.nix
View File

@@ -9,7 +9,7 @@
}; };
programs.neovim = { programs.neovim = {
enable = true; enable = true;
defaultEditor = true; defaultEditor = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
rnix-lsp rnix-lsp
gcc gcc

2
users/kopatz.nix
View File

@@ -44,7 +44,7 @@ in
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" ]; extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" ];
packages = with pkgs; [ packages = with pkgs; [
discord (discord.override { withVencord = true; })
librewolf librewolf
ungoogled-chromium ungoogled-chromium
]; ];