diff --git a/.gitignore b/.gitignore index 7424c8d..e57d8e4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,2 @@ /result - .direnv -!.envrc diff --git a/desktops/anubis/default.nix b/desktops/anubis/default.nix index 02ffde0..d591a03 100644 --- a/desktops/anubis/default.nix +++ b/desktops/anubis/default.nix @@ -3,6 +3,7 @@ { imports = [ ../../shared/modules + ../../shared/global ../../shared/programs ../../shared/services @@ -25,27 +26,30 @@ libvirt = { enable = config.personal.services.enable; }; - tailscale = { + printing = { enable = config.personal.services.enable; }; - printing = { + tailscale = { enable = config.personal.services.enable; }; }; programs = { - mail = { - enable = config.personal.programs.enable; - }; browser = { enable = config.personal.programs.enable; }; - steam = { + lutris = { + enable = config.personal.programs.enable; + }; + mail = { enable = config.personal.programs.enable; }; password = { enable = config.personal.programs.enable; }; + steam = { + enable = config.personal.programs.enable; + }; }; }; diff --git a/desktops/anubis/networking.nix b/desktops/anubis/networking.nix index b410747..6270af6 100644 --- a/desktops/anubis/networking.nix +++ b/desktops/anubis/networking.nix @@ -7,5 +7,12 @@ networkmanager = { enable = true; }; + + # nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-+" ]; + # externalInterface = ""; + # }; }; } diff --git a/desktops/chnum/default.nix b/desktops/chnum/default.nix index 02ffde0..d591a03 100644 --- a/desktops/chnum/default.nix +++ b/desktops/chnum/default.nix @@ -3,6 +3,7 @@ { imports = [ ../../shared/modules + ../../shared/global ../../shared/programs ../../shared/services @@ -25,27 +26,30 @@ libvirt = { enable = config.personal.services.enable; }; - tailscale = { + printing = { enable = config.personal.services.enable; }; - printing = { + tailscale = { enable = config.personal.services.enable; }; }; programs = { - mail = { - enable = config.personal.programs.enable; - }; browser = { enable = config.personal.programs.enable; }; - steam = { + lutris = { + enable = config.personal.programs.enable; + }; + mail = { enable = config.personal.programs.enable; }; password = { enable = config.personal.programs.enable; }; + steam = { + enable = config.personal.programs.enable; + }; }; }; diff --git a/desktops/chnum/networking.nix b/desktops/chnum/networking.nix index c65ed10..2e3efd0 100644 --- a/desktops/chnum/networking.nix +++ b/desktops/chnum/networking.nix @@ -7,5 +7,12 @@ networkmanager = { enable = true; }; + + # nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-+" ]; + # externalInterface = "enp0s25"; + # }; }; } diff --git a/flake.lock b/flake.lock index 3f3716c..eccfb56 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1703433843, - "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "lastModified": 1720546205, + "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "owner": "ryantm", "repo": "agenix", - "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "type": "github" }, "original": { @@ -52,11 +52,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1704875591, - "narHash": "sha256-eWRLbqRcrILgztU/m/k7CYLzETKNbv0OsT2GjkaNm8A=", + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", "owner": "serokell", "repo": "deploy-rs", - "rev": "1776009f1f3fb2b5d236b84d9815f2edee463a9b", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", "type": "github" }, "original": { @@ -71,11 +71,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1705332421, - "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -91,11 +91,11 @@ ] }, "locked": { - "lastModified": 1706491084, - "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", + "lastModified": 1719733833, + "narHash": "sha256-6h2EqZU9bL9rHlXE+2LCBgnDImejzbS+4dYsNDDFlkY=", "owner": "nix-community", "repo": "disko", - "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", + "rev": "d185770ea261fb5cf81aa5ad1791b93a7834d12c", "type": "github" }, "original": { @@ -140,11 +140,11 @@ }, "hardware": { "locked": { - "lastModified": 1706182238, - "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -174,26 +174,6 @@ "type": "github" } }, - "homeage": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1669234151, - "narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=", - "owner": "jordanisaacs", - "repo": "homeage", - "rev": "02bfe4ca06962d222e522fff0240c93946b20278", - "type": "github" - }, - "original": { - "owner": "jordanisaacs", - "repo": "homeage", - "type": "github" - } - }, "homemanager": { "inputs": { "nixpkgs": [ @@ -201,11 +181,11 @@ ] }, "locked": { - "lastModified": 1706473109, - "narHash": "sha256-iyuAvpKTsq2u23Cr07RcV5XlfKExrG8gRpF75hf1uVc=", + "lastModified": 1719827439, + "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d634c3abafa454551f2083b054cd95c3f287be61", + "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d", "type": "github" }, "original": { @@ -248,11 +228,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1706371002, - "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=", + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", "type": "github" }, "original": { @@ -269,7 +249,6 @@ "devshell": "devshell", "disko": "disko", "hardware": "hardware", - "homeage": "homeage", "homemanager": "homemanager", "nixpkgs": "nixpkgs_3", "utils": "utils_2" @@ -358,11 +337,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 94f7161..4f36f38 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - homeage = { - url = "github:jordanisaacs/homeage"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -43,7 +38,7 @@ }; }; - outputs = { self, nixpkgs, utils, devshell, deploy-rs, disko, homemanager, homeage, agenix, hardware, ... }@inputs: + outputs = { self, nixpkgs, utils, devshell, deploy-rs, disko, homemanager, agenix, hardware, ... }@inputs: let inherit (self) outputs; @@ -100,25 +95,25 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; anna = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/anna ]; }; adrian = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/adrian ]; }; tabea = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/tabea ]; }; @@ -146,25 +141,25 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; anna = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/anna ]; }; adrian = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/adrian ]; }; tabea = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/tabea ]; }; @@ -189,7 +184,7 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; @@ -214,7 +209,7 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; @@ -239,7 +234,7 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; @@ -264,7 +259,7 @@ # users = { # thomas = { # imports = [ - # homeage.homeManagerModules.homeage + # agenix.homeManagerModules.default # ./home/thomas # ]; # }; @@ -276,6 +271,30 @@ deploy = { nodes = { + anubis = { + sshOpts = [ "-p" "22" ]; + hostname = "anubis"; + fastConnection = true; + profiles = { + system = { + sshUser = "thomas"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.anubis; + user = "root"; + }; + }; + }; + chnum = { + sshOpts = [ "-p" "22" ]; + hostname = "chnum"; + fastConnection = true; + profiles = { + system = { + sshUser = "thomas"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.chnum; + user = "root"; + }; + }; + }; asgard = { sshOpts = [ "-p" "22" ]; hostname = "asgard.boerger.ws"; @@ -368,11 +387,11 @@ packages = with pkgs; [ inputs.agenix.packages.${system}.default inputs.deploy-rs.packages.${system}.default + git gnumake home-manager nixpkgs-fmt - nixUnstable rage ]; }; diff --git a/home/adrian/desktop/gnome.nix b/home/adrian/desktop/gnome.nix index 15f82c1..da745c7 100644 --- a/home/adrian/desktop/gnome.nix +++ b/home/adrian/desktop/gnome.nix @@ -19,22 +19,28 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + xclip gnome.adwaita-icon-theme + + gnomeExtensions.alphabetical-app-grid + gnomeExtensions.calc + gnomeExtensions.custom-hot-corners-extended gnomeExtensions.espresso + gnomeExtensions.vitals ]; }; dconf = { settings = { - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - "org/gnome/desktop/input-sources" = { sources = [ (lib.hm.gvariant.mkTuple [ "xkb" "de" ]) ]; xkb-options = [ "eurosign:e" ]; }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { clock-show-weekday = true; show-battery-percentage = true; @@ -49,6 +55,25 @@ in button-layout = "appmenu:minimize,maximize,close"; }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + + "org/gnome/desktop/privacy" = { + old-files-age = lib.hm.gvariant.mkUint32 1; + remember-recent-files = false; + remove-old-temp-files = true; + remove-old-trash-files = true; + report-technical-problems = false; + }; + + "org/gnome/settings-daemon/peripherals/touchpad" = { + natural-scroll = true; + disable-while-typing = false; + tap-to-click = true; + touchpad-enabled = true; + }; + "org/gnome/mutter" = { attach-modal-dialogs = true; dynamic-workspaces = true; @@ -58,8 +83,17 @@ in }; "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Calendar.desktop" + "org.gnome.Nautilus.desktop" + ]; + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" + "calc@danigm.wadobo.com" + "custom-hot-corners-extended@G-dH.github.com" "espresso@coadmunkee.github.com" + "Vitals@CoreCoding.com" ]; }; @@ -67,6 +101,85 @@ in has-battery = true; }; + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { + show-osd-monitor-indexes = false; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-right-0" = { + action = "toggle-overview"; + }; + "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/anna/desktop/gnome.nix b/home/anna/desktop/gnome.nix index 15f82c1..da745c7 100644 --- a/home/anna/desktop/gnome.nix +++ b/home/anna/desktop/gnome.nix @@ -19,22 +19,28 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + xclip gnome.adwaita-icon-theme + + gnomeExtensions.alphabetical-app-grid + gnomeExtensions.calc + gnomeExtensions.custom-hot-corners-extended gnomeExtensions.espresso + gnomeExtensions.vitals ]; }; dconf = { settings = { - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - "org/gnome/desktop/input-sources" = { sources = [ (lib.hm.gvariant.mkTuple [ "xkb" "de" ]) ]; xkb-options = [ "eurosign:e" ]; }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { clock-show-weekday = true; show-battery-percentage = true; @@ -49,6 +55,25 @@ in button-layout = "appmenu:minimize,maximize,close"; }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + + "org/gnome/desktop/privacy" = { + old-files-age = lib.hm.gvariant.mkUint32 1; + remember-recent-files = false; + remove-old-temp-files = true; + remove-old-trash-files = true; + report-technical-problems = false; + }; + + "org/gnome/settings-daemon/peripherals/touchpad" = { + natural-scroll = true; + disable-while-typing = false; + tap-to-click = true; + touchpad-enabled = true; + }; + "org/gnome/mutter" = { attach-modal-dialogs = true; dynamic-workspaces = true; @@ -58,8 +83,17 @@ in }; "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Calendar.desktop" + "org.gnome.Nautilus.desktop" + ]; + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" + "calc@danigm.wadobo.com" + "custom-hot-corners-extended@G-dH.github.com" "espresso@coadmunkee.github.com" + "Vitals@CoreCoding.com" ]; }; @@ -67,6 +101,85 @@ in has-battery = true; }; + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { + show-osd-monitor-indexes = false; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-right-0" = { + action = "toggle-overview"; + }; + "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/shared/global/default.nix b/home/shared/global/default.nix index e1487ce..9e71850 100644 --- a/home/shared/global/default.nix +++ b/home/shared/global/default.nix @@ -1,31 +1,15 @@ { pkgs, lib, config, options, ... }: { - # nixpkgs = { - # config = { - # allowUnfree = true; - # allowUnfreePredicate = (_: true); - # }; - - # overlays = [ - # (import ../../../overlays) - # ]; - # }; - - homeage = { - identityPaths = [ "~/.ssh/id_ed25519" ]; - installationType = "activation"; - }; - - programs = { - home-manager = { - enable = true; - }; - }; - - systemd = { - user = { - startServices = "sd-switch"; - }; - }; + imports = [ + ./dircolors.nix + ./direnv.nix + ./fzf.nix + ./general.nix + ./lsd.nix + ./neovim.nix + ./readline.nix + ./starship.nix + ./tmux.nix + ]; } diff --git a/home/shared/global/dircolors.nix b/home/shared/global/dircolors.nix new file mode 100644 index 0000000..579581e --- /dev/null +++ b/home/shared/global/dircolors.nix @@ -0,0 +1,196 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + dircolors = { + enable = true; + enableZshIntegration = true; + + settings = { + RESET = "0"; + DIR = "00;38;5;33"; + LINK = "01;38;5;37"; + MULTIHARDLINK = "00"; + FIFO = "48;5;230;38;5;136;01"; + SOCK = "48;5;230;38;5;136;01"; + DOOR = "48;5;230;38;5;136;01"; + BLK = "48;5;230;38;5;244;01"; + CHR = "48;5;230;38;5;244;01"; + ORPHAN = "48;5;235;38;5;160"; + MISSING = "00"; + SETUID = "48;5;160;38;5;230"; + SETGID = "48;5;136;38;5;230"; + CAPABILITY = "30;41"; + STICKY_OTHER_WRITABLE = "48;5;64;38;5;230"; + OTHER_WRITABLE = "48;5;235;38;5;33"; + STICKY = "48;5;33;38;5;230"; + EXEC = "01;38;5;64"; + ".tar" = "00;38;5;61"; + ".tgz" = "01;38;5;61"; + ".arj" = "01;38;5;61"; + ".taz" = "01;38;5;61"; + ".lzh" = "01;38;5;61"; + ".lzma" = "01;38;5;61"; + ".tlz" = "01;38;5;61"; + ".txz" = "01;38;5;61"; + ".zip" = "01;38;5;61"; + ".zst" = "01;38;5;61"; + ".z" = "01;38;5;61"; + ".Z" = "01;38;5;61"; + ".dz" = "01;38;5;61"; + ".gz" = "01;38;5;61"; + ".lz" = "01;38;5;61"; + ".xz" = "01;38;5;61"; + ".bz2" = "01;38;5;61"; + ".bz" = "01;38;5;61"; + ".tbz" = "01;38;5;61"; + ".tbz2" = "01;38;5;61"; + ".tz" = "01;38;5;61"; + ".deb" = "01;38;5;61"; + ".rpm" = "01;38;5;61"; + ".jar" = "01;38;5;61"; + ".rar" = "01;38;5;61"; + ".ace" = "01;38;5;61"; + ".zoo" = "01;38;5;61"; + ".cpio" = "01;38;5;61"; + ".7z" = "01;38;5;61"; + ".rz" = "01;38;5;61"; + ".apk" = "01;38;5;61"; + ".gem" = "01;38;5;61"; + ".jpg" = "00;38;5;136"; + ".JPG" = "00;38;5;136"; + ".jpeg" = "00;38;5;136"; + ".gif" = "00;38;5;136"; + ".bmp" = "00;38;5;136"; + ".pbm" = "00;38;5;136"; + ".pgm" = "00;38;5;136"; + ".ppm" = "00;38;5;136"; + ".tga" = "00;38;5;136"; + ".xbm" = "00;38;5;136"; + ".xpm" = "00;38;5;136"; + ".tif" = "00;38;5;136"; + ".tiff" = "00;38;5;136"; + ".png" = "00;38;5;136"; + ".PNG" = "00;38;5;136"; + ".svg" = "00;38;5;136"; + ".svgz" = "00;38;5;136"; + ".mng" = "00;38;5;136"; + ".pcx" = "00;38;5;136"; + ".dl" = "00;38;5;136"; + ".xcf" = "00;38;5;136"; + ".xwd" = "00;38;5;136"; + ".yuv" = "00;38;5;136"; + ".cgm" = "00;38;5;136"; + ".emf" = "00;38;5;136"; + ".eps" = "00;38;5;136"; + ".CR2" = "00;38;5;136"; + ".ico" = "00;38;5;136"; + ".nef" = "00;38;5;136"; + ".NEF" = "00;38;5;136"; + ".webp" = "00;38;5;136"; + ".tex" = "01;38;5;245"; + ".rdf" = "01;38;5;245"; + ".owl" = "01;38;5;245"; + ".n3" = "01;38;5;245"; + ".ttl" = "01;38;5;245"; + ".nt" = "01;38;5;245"; + ".torrent" = "01;38;5;245"; + ".xml" = "01;38;5;245"; + "*Makefile" = "01;38;5;245"; + "*Rakefile" = "01;38;5;245"; + "*Dockerfile" = "01;38;5;245"; + "*build.xml" = "01;38;5;245"; + "*rc" = "01;38;5;245"; + "*1" = "01;38;5;245"; + ".nfo" = "01;38;5;245"; + "*README" = "01;38;5;245"; + "*README.txt" = "01;38;5;245"; + "*readme.txt" = "01;38;5;245"; + ".md" = "01;38;5;245"; + "*README.markdown" = "01;38;5;245"; + ".ini" = "01;38;5;245"; + ".yml" = "01;38;5;245"; + ".cfg" = "01;38;5;245"; + ".conf" = "01;38;5;245"; + ".h" = "01;38;5;245"; + ".hpp" = "01;38;5;245"; + ".c" = "01;38;5;245"; + ".cpp" = "01;38;5;245"; + ".cxx" = "01;38;5;245"; + ".cc" = "01;38;5;245"; + ".objc" = "01;38;5;245"; + ".sqlite" = "01;38;5;245"; + ".go" = "01;38;5;245"; + ".sql" = "01;38;5;245"; + ".csv" = "01;38;5;245"; + ".log" = "00;38;5;240"; + ".bak" = "00;38;5;240"; + ".aux" = "00;38;5;240"; + ".lof" = "00;38;5;240"; + ".lol" = "00;38;5;240"; + ".lot" = "00;38;5;240"; + ".out" = "00;38;5;240"; + ".toc" = "00;38;5;240"; + ".bbl" = "00;38;5;240"; + ".blg" = "00;38;5;240"; + "*~" = "00;38;5;240"; + "*#" = "00;38;5;240"; + ".part" = "00;38;5;240"; + ".incomplete" = "00;38;5;240"; + ".swp" = "00;38;5;240"; + ".tmp" = "00;38;5;240"; + ".temp" = "00;38;5;240"; + ".o" = "00;38;5;240"; + ".pyc" = "00;38;5;240"; + ".class" = "00;38;5;240"; + ".cache" = "00;38;5;240"; + ".aac" = "00;38;5;166"; + ".au" = "00;38;5;166"; + ".flac" = "00;38;5;166"; + ".mid" = "00;38;5;166"; + ".midi" = "00;38;5;166"; + ".mka" = "00;38;5;166"; + ".mp3" = "00;38;5;166"; + ".mpc" = "00;38;5;166"; + ".ogg" = "00;38;5;166"; + ".opus" = "00;38;5;166"; + ".ra" = "00;38;5;166"; + ".wav" = "00;38;5;166"; + ".m4a" = "00;38;5;166"; + ".axa" = "00;38;5;166"; + ".oga" = "00;38;5;166"; + ".spx" = "00;38;5;166"; + ".xspf" = "00;38;5;166"; + ".mov" = "01;38;5;166"; + ".MOV" = "01;38;5;166"; + ".mpg" = "01;38;5;166"; + ".mpeg" = "01;38;5;166"; + ".m2v" = "01;38;5;166"; + ".mkv" = "01;38;5;166"; + ".ogm" = "01;38;5;166"; + ".mp4" = "01;38;5;166"; + ".m4v" = "01;38;5;166"; + ".mp4v" = "01;38;5;166"; + ".vob" = "01;38;5;166"; + ".qt" = "01;38;5;166"; + ".nuv" = "01;38;5;166"; + ".wmv" = "01;38;5;166"; + ".asf" = "01;38;5;166"; + ".rm" = "01;38;5;166"; + ".rmvb" = "01;38;5;166"; + ".flc" = "01;38;5;166"; + ".avi" = "01;38;5;166"; + ".fli" = "01;38;5;166"; + ".flv" = "01;38;5;166"; + ".gl" = "01;38;5;166"; + ".m2ts" = "01;38;5;166"; + ".divx" = "01;38;5;166"; + ".webm" = "01;38;5;166"; + ".axv" = "01;38;5;166"; + ".anx" = "01;38;5;166"; + ".ogv" = "01;38;5;166"; + ".ogx" = "01;38;5;166"; + }; + }; + }; +} diff --git a/home/shared/global/direnv.nix b/home/shared/global/direnv.nix new file mode 100644 index 0000000..e36b2ab --- /dev/null +++ b/home/shared/global/direnv.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + direnv = { + enable = true; + enableBashIntegration = true; + enableZshIntegration = true; + + nix-direnv = { + enable = true; + }; + }; + }; +} diff --git a/home/shared/global/fzf.nix b/home/shared/global/fzf.nix new file mode 100644 index 0000000..56df987 --- /dev/null +++ b/home/shared/global/fzf.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + fzf = { + enable = true; + enableZshIntegration = true; + }; + }; +} diff --git a/home/shared/global/general.nix b/home/shared/global/general.nix new file mode 100644 index 0000000..f78fb73 --- /dev/null +++ b/home/shared/global/general.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, options, ... }: + +{ + # nixpkgs = { + # config = { + # allowUnfree = true; + # allowUnfreePredicate = (_: true); + # }; + + # overlays = [ + # (import ../../../overlays) + # ]; + # }; + + programs = { + home-manager = { + enable = true; + }; + }; + + systemd = { + user = { + startServices = "sd-switch"; + }; + }; +} diff --git a/home/shared/global/lsd.nix b/home/shared/global/lsd.nix new file mode 100644 index 0000000..0ac2f2a --- /dev/null +++ b/home/shared/global/lsd.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + lsd = { + enable = true; + enableAliases = true; + }; + }; +} diff --git a/home/shared/global/neovim.nix b/home/shared/global/neovim.nix new file mode 100644 index 0000000..2a6a7a5 --- /dev/null +++ b/home/shared/global/neovim.nix @@ -0,0 +1,138 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + neovim = { + enable = true; + vimAlias = true; + + plugins = with pkgs.vimPlugins; [ + delimitMate + dockerfile-vim + supertab + vim-airline + vim-better-whitespace + vim-easy-align + vim-nix + vim-vividchalk + ]; + + extraConfig = '' + " filetype config { + filetype plugin on + filetype indent on + "} + + " misc stuff { + set nocompatible + set modeline + set history=1000 + set backspace=indent,eol,start + set selection=inclusive + set completeopt=longest,menu,preview + set diffopt+=vertical + set autoread + "} + + " tab related { + set shiftwidth=2 + set tabstop=2 + set expandtab + set smarttab + set cindent + "} + + " status related { + set ruler + set showcmd + set nonumber + set shortmess=aoOtTI + set laststatus=1 + "} + + " search related { + set hlsearch + set incsearch + set ignorecase + set smartcase + set scrolloff=3 + set sidescrolloff=5 + "} + + " bell related { + set noerrorbells + set vb t_vb= + "} + + " backup related { + set nobackup + "} + + " swap related { + set swapfile + "} + + " grep related { + set grepprg=grep\ -nH\ $* + "} + + " folding related { + set foldcolumn=0 + set foldmethod=indent + set foldnestmax=100 + set nofoldenable + set foldlevel=1 + "} + + " coloring related { + set background=dark + set t_Co=256 + "} + + " show syntax { + syntax on + "} + + " select scheme { + colorscheme vividchalk + "} + + " folding mapping { + map zo + map zc + map zR + map zM + "} + + " switch tabs { + map gT + map gt + "} + + " past switch { + set pastetoggle= + "} + + " incsearch plugin { + hi search ctermfg=red ctermbg=yellow + map / (incsearch-forward) + map ? (incsearch-backward) + map g/ (incsearch-stay) + "} + + " airline plugin { + let g:airline#extensions#branch#enable=1 + let g:airline#extensions#modified#enable=1 + let g:airline#extensions#paste#enable=1 + let g:airline#extensions#whitespace#enable=1 + "} + + " easyalign plugin { + vmap (EasyAlign) + nmap a (EasyAlign) + vmap . (EasyAlignRepeat) + "} + ''; + }; + }; +} diff --git a/home/shared/global/readline.nix b/home/shared/global/readline.nix new file mode 100644 index 0000000..5065bc4 --- /dev/null +++ b/home/shared/global/readline.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + readline = { + enable = true; + + bindings = { + "\e[5~" = "history-search-backward"; + "\e[6~" = "history-search-forward"; + }; + }; + }; +} diff --git a/home/shared/global/starship.nix b/home/shared/global/starship.nix new file mode 100644 index 0000000..7b1d307 --- /dev/null +++ b/home/shared/global/starship.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + starship = { + enable = true; + + settings = { + add_newline = true; + + battery = { + disabled = true; + }; + + directory = { + truncation_length = 5; + truncate_to_repo = false; + truncation_symbol = "…/"; + }; + }; + }; + }; +} diff --git a/home/shared/global/tmux.nix b/home/shared/global/tmux.nix new file mode 100644 index 0000000..67e912c --- /dev/null +++ b/home/shared/global/tmux.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + tmux = { + enable = true; + clock24 = true; + + tmuxinator = { + enable = true; + }; + }; + }; +} diff --git a/home/shared/programs/yed.nix b/home/shared/programs/citrix.nix similarity index 64% rename from home/shared/programs/yed.nix rename to home/shared/programs/citrix.nix index 417aacc..a7918e3 100644 --- a/home/shared/programs/yed.nix +++ b/home/shared/programs/citrix.nix @@ -2,15 +2,15 @@ with lib; let - cfg = config.profile.programs.yed; + cfg = config.profile.programs.citrix; in { options = { profile = { programs = { - yed = { - enable = mkEnableOption "Yed"; + citrix = { + enable = mkEnableOption "Citrix"; }; }; }; @@ -19,7 +19,7 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ - yed + citrix_workspace ]; }; }; diff --git a/home/shared/programs/default.nix b/home/shared/programs/default.nix index 6bb4b3f..c0afcb3 100644 --- a/home/shared/programs/default.nix +++ b/home/shared/programs/default.nix @@ -3,16 +3,14 @@ { imports = [ ./act.nix - ./authy.nix ./banking.nix + ./citrix.nix ./clouds.nix ./develop.nix - ./dircolors.nix - ./direnv.nix - ./fzf.nix ./gnupg.nix ./golang.nix ./gomplate.nix + ./graphics.nix ./helm.nix ./joplin.nix ./jq.nix @@ -21,22 +19,17 @@ ./kustomize.nix ./latex.nix ./lens.nix - ./lsd.nix ./messages.nix ./minecraft.nix - ./neovim.nix ./network.nix ./ngrok.nix ./nodejs.nix ./office.nix - ./readline.nix ./shortwave.nix - ./starship.nix + ./streaming.nix ./terminal.nix ./terraform.nix - ./tmux.nix ./wine.nix - ./yed.nix ./yq.nix ./zathura.nix ]; diff --git a/home/shared/programs/develop.nix b/home/shared/programs/develop.nix index 8c8a15c..22b3af4 100644 --- a/home/shared/programs/develop.nix +++ b/home/shared/programs/develop.nix @@ -34,8 +34,11 @@ in ansible-later cfssl + gettext graphviz + ipcalc mediainfo + mediawriter neofetch reflex shellcheck diff --git a/home/shared/programs/dircolors.nix b/home/shared/programs/dircolors.nix deleted file mode 100644 index 44efb60..0000000 --- a/home/shared/programs/dircolors.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.dircolors; - -in -{ - options = { - profile = { - programs = { - dircolors = { - enable = mkEnableOption "Dircolors" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - dircolors = { - enable = true; - enableZshIntegration = true; - - settings = { - RESET = "0"; - DIR = "00;38;5;33"; - LINK = "01;38;5;37"; - MULTIHARDLINK = "00"; - FIFO = "48;5;230;38;5;136;01"; - SOCK = "48;5;230;38;5;136;01"; - DOOR = "48;5;230;38;5;136;01"; - BLK = "48;5;230;38;5;244;01"; - CHR = "48;5;230;38;5;244;01"; - ORPHAN = "48;5;235;38;5;160"; - MISSING = "00"; - SETUID = "48;5;160;38;5;230"; - SETGID = "48;5;136;38;5;230"; - CAPABILITY = "30;41"; - STICKY_OTHER_WRITABLE = "48;5;64;38;5;230"; - OTHER_WRITABLE = "48;5;235;38;5;33"; - STICKY = "48;5;33;38;5;230"; - EXEC = "01;38;5;64"; - ".tar" = "00;38;5;61"; - ".tgz" = "01;38;5;61"; - ".arj" = "01;38;5;61"; - ".taz" = "01;38;5;61"; - ".lzh" = "01;38;5;61"; - ".lzma" = "01;38;5;61"; - ".tlz" = "01;38;5;61"; - ".txz" = "01;38;5;61"; - ".zip" = "01;38;5;61"; - ".zst" = "01;38;5;61"; - ".z" = "01;38;5;61"; - ".Z" = "01;38;5;61"; - ".dz" = "01;38;5;61"; - ".gz" = "01;38;5;61"; - ".lz" = "01;38;5;61"; - ".xz" = "01;38;5;61"; - ".bz2" = "01;38;5;61"; - ".bz" = "01;38;5;61"; - ".tbz" = "01;38;5;61"; - ".tbz2" = "01;38;5;61"; - ".tz" = "01;38;5;61"; - ".deb" = "01;38;5;61"; - ".rpm" = "01;38;5;61"; - ".jar" = "01;38;5;61"; - ".rar" = "01;38;5;61"; - ".ace" = "01;38;5;61"; - ".zoo" = "01;38;5;61"; - ".cpio" = "01;38;5;61"; - ".7z" = "01;38;5;61"; - ".rz" = "01;38;5;61"; - ".apk" = "01;38;5;61"; - ".gem" = "01;38;5;61"; - ".jpg" = "00;38;5;136"; - ".JPG" = "00;38;5;136"; - ".jpeg" = "00;38;5;136"; - ".gif" = "00;38;5;136"; - ".bmp" = "00;38;5;136"; - ".pbm" = "00;38;5;136"; - ".pgm" = "00;38;5;136"; - ".ppm" = "00;38;5;136"; - ".tga" = "00;38;5;136"; - ".xbm" = "00;38;5;136"; - ".xpm" = "00;38;5;136"; - ".tif" = "00;38;5;136"; - ".tiff" = "00;38;5;136"; - ".png" = "00;38;5;136"; - ".PNG" = "00;38;5;136"; - ".svg" = "00;38;5;136"; - ".svgz" = "00;38;5;136"; - ".mng" = "00;38;5;136"; - ".pcx" = "00;38;5;136"; - ".dl" = "00;38;5;136"; - ".xcf" = "00;38;5;136"; - ".xwd" = "00;38;5;136"; - ".yuv" = "00;38;5;136"; - ".cgm" = "00;38;5;136"; - ".emf" = "00;38;5;136"; - ".eps" = "00;38;5;136"; - ".CR2" = "00;38;5;136"; - ".ico" = "00;38;5;136"; - ".nef" = "00;38;5;136"; - ".NEF" = "00;38;5;136"; - ".webp" = "00;38;5;136"; - ".tex" = "01;38;5;245"; - ".rdf" = "01;38;5;245"; - ".owl" = "01;38;5;245"; - ".n3" = "01;38;5;245"; - ".ttl" = "01;38;5;245"; - ".nt" = "01;38;5;245"; - ".torrent" = "01;38;5;245"; - ".xml" = "01;38;5;245"; - "*Makefile" = "01;38;5;245"; - "*Rakefile" = "01;38;5;245"; - "*Dockerfile" = "01;38;5;245"; - "*build.xml" = "01;38;5;245"; - "*rc" = "01;38;5;245"; - "*1" = "01;38;5;245"; - ".nfo" = "01;38;5;245"; - "*README" = "01;38;5;245"; - "*README.txt" = "01;38;5;245"; - "*readme.txt" = "01;38;5;245"; - ".md" = "01;38;5;245"; - "*README.markdown" = "01;38;5;245"; - ".ini" = "01;38;5;245"; - ".yml" = "01;38;5;245"; - ".cfg" = "01;38;5;245"; - ".conf" = "01;38;5;245"; - ".h" = "01;38;5;245"; - ".hpp" = "01;38;5;245"; - ".c" = "01;38;5;245"; - ".cpp" = "01;38;5;245"; - ".cxx" = "01;38;5;245"; - ".cc" = "01;38;5;245"; - ".objc" = "01;38;5;245"; - ".sqlite" = "01;38;5;245"; - ".go" = "01;38;5;245"; - ".sql" = "01;38;5;245"; - ".csv" = "01;38;5;245"; - ".log" = "00;38;5;240"; - ".bak" = "00;38;5;240"; - ".aux" = "00;38;5;240"; - ".lof" = "00;38;5;240"; - ".lol" = "00;38;5;240"; - ".lot" = "00;38;5;240"; - ".out" = "00;38;5;240"; - ".toc" = "00;38;5;240"; - ".bbl" = "00;38;5;240"; - ".blg" = "00;38;5;240"; - "*~" = "00;38;5;240"; - "*#" = "00;38;5;240"; - ".part" = "00;38;5;240"; - ".incomplete" = "00;38;5;240"; - ".swp" = "00;38;5;240"; - ".tmp" = "00;38;5;240"; - ".temp" = "00;38;5;240"; - ".o" = "00;38;5;240"; - ".pyc" = "00;38;5;240"; - ".class" = "00;38;5;240"; - ".cache" = "00;38;5;240"; - ".aac" = "00;38;5;166"; - ".au" = "00;38;5;166"; - ".flac" = "00;38;5;166"; - ".mid" = "00;38;5;166"; - ".midi" = "00;38;5;166"; - ".mka" = "00;38;5;166"; - ".mp3" = "00;38;5;166"; - ".mpc" = "00;38;5;166"; - ".ogg" = "00;38;5;166"; - ".opus" = "00;38;5;166"; - ".ra" = "00;38;5;166"; - ".wav" = "00;38;5;166"; - ".m4a" = "00;38;5;166"; - ".axa" = "00;38;5;166"; - ".oga" = "00;38;5;166"; - ".spx" = "00;38;5;166"; - ".xspf" = "00;38;5;166"; - ".mov" = "01;38;5;166"; - ".MOV" = "01;38;5;166"; - ".mpg" = "01;38;5;166"; - ".mpeg" = "01;38;5;166"; - ".m2v" = "01;38;5;166"; - ".mkv" = "01;38;5;166"; - ".ogm" = "01;38;5;166"; - ".mp4" = "01;38;5;166"; - ".m4v" = "01;38;5;166"; - ".mp4v" = "01;38;5;166"; - ".vob" = "01;38;5;166"; - ".qt" = "01;38;5;166"; - ".nuv" = "01;38;5;166"; - ".wmv" = "01;38;5;166"; - ".asf" = "01;38;5;166"; - ".rm" = "01;38;5;166"; - ".rmvb" = "01;38;5;166"; - ".flc" = "01;38;5;166"; - ".avi" = "01;38;5;166"; - ".fli" = "01;38;5;166"; - ".flv" = "01;38;5;166"; - ".gl" = "01;38;5;166"; - ".m2ts" = "01;38;5;166"; - ".divx" = "01;38;5;166"; - ".webm" = "01;38;5;166"; - ".axv" = "01;38;5;166"; - ".anx" = "01;38;5;166"; - ".ogv" = "01;38;5;166"; - ".ogx" = "01;38;5;166"; - }; - }; - }; - }; -} diff --git a/home/shared/programs/direnv.nix b/home/shared/programs/direnv.nix deleted file mode 100644 index c24cdc6..0000000 --- a/home/shared/programs/direnv.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.direnv; - -in -{ - options = { - profile = { - programs = { - direnv = { - enable = mkEnableOption "Direnv" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - direnv = { - enable = true; - enableBashIntegration = true; - enableZshIntegration = true; - - nix-direnv = { - enable = true; - }; - }; - }; - }; -} diff --git a/home/shared/programs/fzf.nix b/home/shared/programs/fzf.nix deleted file mode 100644 index 1ec69ef..0000000 --- a/home/shared/programs/fzf.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.fzf; - -in -{ - options = { - profile = { - programs = { - fzf = { - enable = mkEnableOption "Fzf" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - fzf = { - enable = true; - enableZshIntegration = true; - }; - }; - }; -} diff --git a/home/shared/programs/authy.nix b/home/shared/programs/graphics.nix similarity index 65% rename from home/shared/programs/authy.nix rename to home/shared/programs/graphics.nix index 072f946..e1562f9 100644 --- a/home/shared/programs/authy.nix +++ b/home/shared/programs/graphics.nix @@ -2,15 +2,15 @@ with lib; let - cfg = config.profile.programs.authy; + cfg = config.profile.programs.graphics; in { options = { profile = { programs = { - authy = { - enable = mkEnableOption "Authy"; + graphics = { + enable = mkEnableOption "Graphics"; }; }; }; @@ -19,7 +19,7 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ - authy + gimp ]; }; }; diff --git a/home/shared/programs/lsd.nix b/home/shared/programs/lsd.nix deleted file mode 100644 index 2808448..0000000 --- a/home/shared/programs/lsd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.lsd; - -in -{ - options = { - profile = { - programs = { - lsd = { - enable = mkEnableOption "Lsd" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - lsd = { - enable = true; - enableAliases = true; - }; - }; - }; -} diff --git a/home/shared/programs/messages.nix b/home/shared/programs/messages.nix index e38e935..9dfe299 100644 --- a/home/shared/programs/messages.nix +++ b/home/shared/programs/messages.nix @@ -20,13 +20,17 @@ in home = { packages = with pkgs; [ discord + element-desktop ferdium mattermost-desktop revolt-desktop rocketchat-desktop signal-desktop + skypeforlinux slack teams-for-linux + telegram-desktop + whatsapp-for-linux ]; }; }; diff --git a/home/shared/programs/minecraft.nix b/home/shared/programs/minecraft.nix index 5f63710..4bcacd9 100644 --- a/home/shared/programs/minecraft.nix +++ b/home/shared/programs/minecraft.nix @@ -21,7 +21,6 @@ in packages = with pkgs; [ mcrcon packwiz - ferium prismlauncher ]; }; diff --git a/home/shared/programs/neovim.nix b/home/shared/programs/neovim.nix deleted file mode 100644 index 7246270..0000000 --- a/home/shared/programs/neovim.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.neovim; - -in -{ - options = { - profile = { - programs = { - neovim = { - enable = mkEnableOption "Neovim" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - neovim = { - enable = true; - vimAlias = true; - - plugins = with pkgs.vimPlugins; [ - delimitMate - dockerfile-vim - supertab - vim-airline - vim-better-whitespace - vim-easy-align - vim-nix - vim-vividchalk - ]; - - extraConfig = '' - " filetype config { - filetype plugin on - filetype indent on - "} - - " misc stuff { - set nocompatible - set modeline - set history=1000 - set backspace=indent,eol,start - set selection=inclusive - set completeopt=longest,menu,preview - set diffopt+=vertical - set autoread - "} - - " tab related { - set shiftwidth=2 - set tabstop=2 - set expandtab - set smarttab - set cindent - "} - - " status related { - set ruler - set showcmd - set nonumber - set shortmess=aoOtTI - set laststatus=1 - "} - - " search related { - set hlsearch - set incsearch - set ignorecase - set smartcase - set scrolloff=3 - set sidescrolloff=5 - "} - - " bell related { - set noerrorbells - set vb t_vb= - "} - - " backup related { - set nobackup - "} - - " swap related { - set swapfile - "} - - " grep related { - set grepprg=grep\ -nH\ $* - "} - - " folding related { - set foldcolumn=0 - set foldmethod=indent - set foldnestmax=100 - set nofoldenable - set foldlevel=1 - "} - - " coloring related { - set background=dark - set t_Co=256 - "} - - " show syntax { - syntax on - "} - - " select scheme { - colorscheme vividchalk - "} - - " folding mapping { - map zo - map zc - map zR - map zM - "} - - " switch tabs { - map gT - map gt - "} - - " past switch { - set pastetoggle= - "} - - " incsearch plugin { - hi search ctermfg=red ctermbg=yellow - map / (incsearch-forward) - map ? (incsearch-backward) - map g/ (incsearch-stay) - "} - - " airline plugin { - let g:airline#extensions#branch#enable=1 - let g:airline#extensions#modified#enable=1 - let g:airline#extensions#paste#enable=1 - let g:airline#extensions#whitespace#enable=1 - "} - - " easyalign plugin { - vmap (EasyAlign) - nmap a (EasyAlign) - vmap . (EasyAlignRepeat) - "} - ''; - }; - }; - }; -} diff --git a/home/shared/programs/readline.nix b/home/shared/programs/readline.nix deleted file mode 100644 index 7e8334f..0000000 --- a/home/shared/programs/readline.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.readline; - -in -{ - options = { - profile = { - programs = { - readline = { - enable = mkEnableOption "Readline" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - readline = { - enable = true; - - bindings = { - "\e[5~" = "history-search-backward"; - "\e[6~" = "history-search-forward"; - }; - }; - }; - }; -} diff --git a/home/shared/programs/starship.nix b/home/shared/programs/starship.nix deleted file mode 100644 index 808b005..0000000 --- a/home/shared/programs/starship.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.starship; - -in -{ - options = { - profile = { - programs = { - starship = { - enable = mkEnableOption "Starship" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - starship = { - enable = true; - - settings = { - add_newline = true; - - battery = { - disabled = true; - }; - - directory = { - truncation_length = 5; - truncate_to_repo = false; - truncation_symbol = "…/"; - }; - }; - }; - }; - }; -} diff --git a/home/shared/programs/streaming.nix b/home/shared/programs/streaming.nix new file mode 100644 index 0000000..a170402 --- /dev/null +++ b/home/shared/programs/streaming.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +let + cfg = config.profile.programs.streaming; + +in +{ + options = { + profile = { + programs = { + streaming = { + enable = mkEnableOption "Streaming"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + home = { + packages = with pkgs; [ + obs-studio + ]; + }; + }; +} diff --git a/home/shared/programs/terminal.nix b/home/shared/programs/terminal.nix index f0b347d..2442dd4 100644 --- a/home/shared/programs/terminal.nix +++ b/home/shared/programs/terminal.nix @@ -19,7 +19,9 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + blackbox wezterm + zellij ]; }; }; diff --git a/home/shared/programs/tmux.nix b/home/shared/programs/tmux.nix deleted file mode 100644 index f5769b3..0000000 --- a/home/shared/programs/tmux.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.tmux; - -in -{ - options = { - profile = { - programs = { - tmux = { - enable = mkEnableOption "Tmux" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - tmux = { - enable = true; - clock24 = true; - - tmuxinator = { - enable = true; - }; - }; - }; - }; -} diff --git a/home/tabea/desktop/gnome.nix b/home/tabea/desktop/gnome.nix index 15f82c1..da745c7 100644 --- a/home/tabea/desktop/gnome.nix +++ b/home/tabea/desktop/gnome.nix @@ -19,22 +19,28 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + xclip gnome.adwaita-icon-theme + + gnomeExtensions.alphabetical-app-grid + gnomeExtensions.calc + gnomeExtensions.custom-hot-corners-extended gnomeExtensions.espresso + gnomeExtensions.vitals ]; }; dconf = { settings = { - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - "org/gnome/desktop/input-sources" = { sources = [ (lib.hm.gvariant.mkTuple [ "xkb" "de" ]) ]; xkb-options = [ "eurosign:e" ]; }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { clock-show-weekday = true; show-battery-percentage = true; @@ -49,6 +55,25 @@ in button-layout = "appmenu:minimize,maximize,close"; }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + + "org/gnome/desktop/privacy" = { + old-files-age = lib.hm.gvariant.mkUint32 1; + remember-recent-files = false; + remove-old-temp-files = true; + remove-old-trash-files = true; + report-technical-problems = false; + }; + + "org/gnome/settings-daemon/peripherals/touchpad" = { + natural-scroll = true; + disable-while-typing = false; + tap-to-click = true; + touchpad-enabled = true; + }; + "org/gnome/mutter" = { attach-modal-dialogs = true; dynamic-workspaces = true; @@ -58,8 +83,17 @@ in }; "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Calendar.desktop" + "org.gnome.Nautilus.desktop" + ]; + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" + "calc@danigm.wadobo.com" + "custom-hot-corners-extended@G-dH.github.com" "espresso@coadmunkee.github.com" + "Vitals@CoreCoding.com" ]; }; @@ -67,6 +101,85 @@ in has-battery = true; }; + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { + show-osd-monitor-indexes = false; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-right-0" = { + action = "toggle-overview"; + }; + "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/thomas/default.nix b/home/thomas/default.nix index 83e8346..52f7a63 100644 --- a/home/thomas/default.nix +++ b/home/thomas/default.nix @@ -22,7 +22,7 @@ in profile = { desktop = { - sway = { + gnome = { enable = desktop; }; }; @@ -31,10 +31,10 @@ in act = { enable = desktop; }; - authy = { + banking = { enable = desktop; }; - banking = { + citrix = { enable = desktop; }; clouds = { @@ -43,19 +43,16 @@ in develop = { enable = desktop; }; - git = { - enable = desktop; - }; - github = { - enable = desktop; - }; gnupg = { enable = desktop; }; golang = { enable = desktop; }; - gopass = { + gomplate = { + enable = desktop; + }; + graphics = { enable = desktop; }; helm = { @@ -64,6 +61,9 @@ in joplin = { enable = desktop; }; + jq = { + enable = desktop; + }; jsonnet = { enable = desktop; }; @@ -85,10 +85,7 @@ in minecraft = { enable = desktop; }; - minio = { - enable = desktop; - }; - netrc = { + network = { enable = desktop; }; ngrok = { @@ -103,7 +100,7 @@ in shortwave = { enable = desktop; }; - ssh = { + streaming = { enable = desktop; }; terminal = { @@ -112,27 +109,39 @@ in terraform = { enable = desktop; }; - vscode = { - enable = desktop; - }; wine = { enable = desktop; }; - yed = { + yq = { enable = desktop; }; zathura = { enable = desktop; }; - jq = { - enable = true; + autorandr = { + enable = desktop; }; - network = { - enable = true; + git = { + enable = desktop; }; - yq = { - enable = true; + github = { + enable = desktop; + }; + gopass = { + enable = desktop; + }; + minio = { + enable = desktop; + }; + netrc = { + enable = desktop; + }; + ssh = { + enable = desktop; + }; + vscode = { + enable = desktop; }; }; @@ -140,10 +149,10 @@ in nextcloud = { enable = desktop; }; - udiskie = { + syncthing = { enable = desktop; }; - syncthing = { + udiskie = { enable = desktop; }; }; @@ -158,6 +167,20 @@ in LC_ALL = "en_US.UTF-8"; }; + shellAliases = { + ".." = "cd .."; + "..." = "cd ../.."; + + netstat = "sudo netstat -tulpen"; + + rgrep = "grep -Rn"; + hgrep = "fc -El 0 | grep"; + history = "fc -l 1"; + sha256sum = "shasum -a 256"; + + # molecule = "docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):$(pwd) -w $(pwd) toolhippie/molecule:latest molecule"; + }; + file = { ".local/bin/git-gh-pages" = { executable = true; @@ -219,4 +242,79 @@ in stateVersion = "23.11"; }; + + programs = { + bash = { + enable = true; + enableCompletion = true; + + profileExtra = '' + [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh + ''; + + logoutExtra = '' + + ''; + + sessionVariables = { + EDITOR = "vim"; + PAGER = "less"; + CLICOLOR = "1"; + GREP_COLOR = "mt=1;33"; + IGNOREEOF = "1"; + }; + }; + + zsh = { + enable = true; + enableCompletion = true; + + autosuggestion = { + enable = true; + }; + + syntaxHighlighting = { + enable = true; + }; + + profileExtra = '' + [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh + ''; + + history = { + size = 10000000; + save = 10000000; + extended = true; + path = "${config.home.homeDirectory}/.zhistory"; + }; + + sessionVariables = { + EDITOR = "vim"; + PAGER = "less"; + CLICOLOR = "1"; + GREP_COLOR = "mt=1;33"; + IGNOREEOF = "1"; + }; + + oh-my-zsh = { + enable = true; + custom = "${pkgs.zcustom}"; + theme = "tboerger"; + + plugins = [ + "direnv" + "encode64" + "git-prompt" + "history-substring-search" + "kube-ps1" + "rsync" + "sudo" + "systemd" + "tfenv" + "tmux" + "transfer" + ]; + }; + }; + }; } diff --git a/home/thomas/desktop/gnome.nix b/home/thomas/desktop/gnome.nix index 5a763e3..dfa0167 100644 --- a/home/thomas/desktop/gnome.nix +++ b/home/thomas/desktop/gnome.nix @@ -20,6 +20,7 @@ in home = { packages = with pkgs; [ xclip + gnome.adwaita-icon-theme gnomeExtensions.alphabetical-app-grid gnomeExtensions.app-icons-taskbar @@ -38,10 +39,6 @@ in ]; }; - programs = { }; - - services = { }; - dconf = { settings = { "org/gnome/desktop/input-sources" = { @@ -70,17 +67,17 @@ in "org/gnome/desktop/background" = { color-shading-type = "solid"; picture-options = "zoom"; - picture-uri = "file://${config.home.homeDirectory}/.wallpapers/tower.jpg"; - picture-uri-dark = "file://${home.homedirectory}/.wallpapers/tower.jpg"; + picture-uri = "file:///home/thomas/.wallpapers/tower.jpg"; + picture-uri-dark = "file:///home/thomas/.wallpapers/tower.jpg"; show-desktop-icons = true; }; "org/gnome/desktop/screensaver" = { color-shading-type = "solid"; picture-options = "zoom"; - picture-uri = "file://${config.home.homeDirectory}/.wallpapers/tower.jpg"; - picture-uri-dark = "file://${home.homedirectory}/.wallpapers/tower.jpg"; - lock-delay = mkUint32 0; + picture-uri = "file:///home/thomas/.wallpapers/tower.jpg"; + picture-uri-dark = "file:///home/thomas/.wallpapers/tower.jpg"; + lock-delay = lib.hm.gvariant.mkUint32 0; }; "org/gnome/desktop/notifications" = { @@ -88,7 +85,7 @@ in }; "org/gnome/desktop/privacy" = { - old-files-age = mkUint32 1; + old-files-age = lib.hm.gvariant.mkUint32 1; remember-recent-files = false; remove-old-temp-files = true; remove-old-trash-files = true; @@ -116,24 +113,44 @@ in "org.gnome.Nautilus.desktop" ]; - enabled-extensions = with pkgs; [ - gnomeExtensions.alphabetical-app-grid.uuid # AlphabeticalAppGrid@stuarthayhurst - gnomeExtensions.app-icons-taskbar.uuid # "aztaskbar@aztaskbar.gitlab.com" - gnomeExtensions.auto-move-windows.uuid # "auto-move-windows@gnome-shell-extensions.gcampax.github.com" - gnomeExtensions.calc.uuid # "calc@danigm.wadobo.com" - gnomeExtensions.clipboard-indicator # "clipboard-indicator@tudmotu.com" - gnomeExtensions.custom-hot-corners-extended.uuid # "custom-hot-corners-extended@G-dH.github.com" - gnomeExtensions.espresso.uuid # "espresso@coadmunkee.github.com" - gnomeExtensions.gtile.uuid # "gTile@vibou" - gnomeExtensions.removable-drive-menu.uuid # "drive-menu@gnome-shell-extensions.gcampax.github.com" - gnomeExtensions.tailscale-status.uuid # "tailscale-status@maxgallup.github.com" - gnomeExtensions.tray-icons-reloaded.uuid # "trayIconsReloaded@selfmade.pl" - gnomeExtensions.vitals # "Vitals@CoreCoding.com" + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" # gnomeExtensions.alphabetical-app-grid + "auto-move-windows@gnome-shell-extensions.gcampax.github.com" # gnomeExtensions.auto-move-windows + "aztaskbar@aztaskbar.gitlab.com" # gnomeExtensions.app-icons-taskbar + "calc@danigm.wadobo.com" # gnomeExtensions.calc + "clipboard-indicator@tudmotu.com" # gnomeExtensions.clipboard-indicator + "custom-hot-corners-extended@G-dH.github.com" # gnomeExtensions.custom-hot-corners-extended + "drive-menu@gnome-shell-extensions.gcampax.github.com" # gnomeExtensions.removable-drive-menu + "espresso@coadmunkee.github.com" # gnomeExtensions.espresso + "gTile@vibou" # gnomeExtensions.gtile + "tailscale-status@maxgallup.github.com" # gnomeExtensions.tailscale-status + "trayIconsReloaded@selfmade.pl" # gnomeExtensions.tray-icons-reloaded + "Vitals@CoreCoding.com" # gnomeExtensions.vitals - # gnomeExtensions.appindicator.uuid # "appindicatorsupport@rgcjonas.gmail.com" + # "appindicatorsupport@rgcjonas.gmail.com" # gnomeExtensions.appindicator ]; }; + "org/gnome/shell/extensions/aztaskbar" = { + main-panel-height = (lib.hm.gvariant.mkTuple [ true 40 ]); + show-apps-button = (lib.hm.gvariant.mkTuple [ true 0 ]); + }; + + "org/gnome/shell/extensions/espresso" = { + has-battery = true; + }; + + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { show-osd-monitor-indexes = false; }; @@ -202,26 +219,6 @@ in action = "toggle-overview"; }; - "org/gnome/shell/extensions/aztaskbar" = { - main-panel-height = (lib.hm.gvariant.mkTuple [ true 40 ]); - show-apps-button = (lib.hm.gvariant.mkTuple [ true 0 ]); - }; - - "org/gnome/shell/extensions/espresso" = { - has-battery = true; - }; - - "org/gnome/shell/extensions/vitals" = { - show-fan = true; - show-storage = false; - show-temperature = true; - show-voltage = true; - }; - - "org/gnome/shell/weather" = { - automatic-location = true; - }; - "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/thomas/desktop/i3.nix b/home/thomas/desktop/i3.nix index 865ba2d..a128037 100644 --- a/home/thomas/desktop/i3.nix +++ b/home/thomas/desktop/i3.nix @@ -68,10 +68,6 @@ in enable = true; }; - autorandr = { - enable = true; - }; - rofi = { enable = true; @@ -117,9 +113,6 @@ in enable = true; }; - autorandr = { - enable = true; - }; betterlockscreen = { enable = true; arguments = [ "--update ${home.homeDirectory}/.wallpapers/tower.jpg" ]; diff --git a/home/thomas/programs/autorandr.nix b/home/thomas/programs/autorandr.nix new file mode 100644 index 0000000..b9d4945 --- /dev/null +++ b/home/thomas/programs/autorandr.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +let + cfg = config.profile.programs.autorandr; + +in +{ + options = { + profile = { + programs = { + autorandr = { + enable = mkEnableOption "Autorandr"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + programs = { + autorandr = { + enable = true; + + profiles = { }; + }; + }; + + services = { + autorandr = { + enable = true; + }; + }; + }; +} diff --git a/home/thomas/programs/default.nix b/home/thomas/programs/default.nix index 0553cae..9dbe6d7 100644 --- a/home/thomas/programs/default.nix +++ b/home/thomas/programs/default.nix @@ -2,12 +2,12 @@ { imports = [ + ./autorandr.nix ./git.nix ./github.nix ./gopass.nix ./minio.nix ./netrc.nix - ./shell.nix ./ssh.nix ./vscode.nix ]; diff --git a/home/thomas/programs/git.nix b/home/thomas/programs/git.nix index 0d7ca23..e6a2042 100644 --- a/home/thomas/programs/git.nix +++ b/home/thomas/programs/git.nix @@ -18,6 +18,10 @@ in config = mkIf cfg.enable { home = { + packages = with pkgs; [ + lazygit + ]; + shellAliases = { gs = "git status"; gc = "git commit"; @@ -36,7 +40,7 @@ in enable = true; enableBashIntegration = true; enableZshIntegration = true; - pinentryFlavor = "gnome3"; + pinentryPackage = pkgs.pinentry-gnome3; }; }; @@ -74,6 +78,10 @@ in fap = "fetch --all --prune"; + sma = "submodule add"; + smi = "submodule init"; + smu = "submodule update --init --recursive"; + hist = "log --pretty=format:'%h %ad | %s%d [%an]' --graph --date=short"; amend = "commit --amend -C HEAD"; diff --git a/home/thomas/programs/github.nix b/home/thomas/programs/github.nix index fbb5180..64c4a03 100644 --- a/home/thomas/programs/github.nix +++ b/home/thomas/programs/github.nix @@ -35,13 +35,13 @@ in }; }; - homeage = { - file."ghtoken" = { - source = ../secrets/gh.age; - symlinks = [ "${config.home.homeDirectory}/.ghtoken" ]; - owner = "thomas"; - group = "users"; - mode = "0600"; + age = { + secrets = { + github = { + file = ../secrets/github.age; + path = "${config.home.homeDirectory}/.ghtoken"; + mode = "0600"; + }; }; }; }; diff --git a/home/thomas/programs/gopass.nix b/home/thomas/programs/gopass.nix index 87c12e8..2d495a0 100644 --- a/home/thomas/programs/gopass.nix +++ b/home/thomas/programs/gopass.nix @@ -45,15 +45,7 @@ in [mounts "cloudpunks"] path = ${config.xdg.dataHome}/gopass/stores/cloudpunks - [mounts "restlos"] - path = ${config.xdg.dataHome}/gopass/stores/restlos - [mounts "adorsys"] - path = ${config.xdg.dataHome}/gopass/stores/adorsys - [mounts "webhippie"] - path = ${config.xdg.dataHome}/gopass/stores/webhippie - [mounts "boerger"] - path = ${config.xdg.dataHome}/gopass/stores/boerger [mounts "gopad"] path = ${config.xdg.dataHome}/gopass/stores/gopad [mounts "kleister"] diff --git a/home/thomas/programs/minio.nix b/home/thomas/programs/minio.nix index 88da4a6..3ddd47f 100644 --- a/home/thomas/programs/minio.nix +++ b/home/thomas/programs/minio.nix @@ -23,13 +23,13 @@ in ]; }; - homeage = { - file."minio" = { - source = ../secrets/minio.age; - symlinks = [ "${config.home.homeDirectory}/.mc/config.json" ]; - owner = "thomas"; - group = "users"; - mode = "0600"; + age = { + secrets = { + minio = { + file = ../secrets/minio.age; + path = "${config.home.homeDirectory}/.mc/config.json"; + mode = "0600"; + }; }; }; }; diff --git a/home/thomas/programs/netrc.nix b/home/thomas/programs/netrc.nix index 7902a66..a1e39a8 100644 --- a/home/thomas/programs/netrc.nix +++ b/home/thomas/programs/netrc.nix @@ -17,13 +17,13 @@ in }; config = mkIf cfg.enable { - homeage = { - file."netrc" = { - source = ../secrets/netrc.age; - symlinks = [ "${config.home.homeDirectory}/.netrc" ]; - owner = "thomas"; - group = "users"; - mode = "0600"; + age = { + secrets = { + netrc = { + file = ../secrets/netrc.age; + path = "${config.home.homeDirectory}/.netrc"; + mode = "0600"; + }; }; }; }; diff --git a/home/thomas/programs/shell.nix b/home/thomas/programs/shell.nix deleted file mode 100644 index 41dfc8d..0000000 --- a/home/thomas/programs/shell.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.shell; - -in -{ - options = { - profile = { - programs = { - shell = { - enable = mkEnableOption "Shell" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - home = { - shellAliases = { - ".." = "cd .."; - "..." = "cd ../.."; - - netstat = "sudo netstat -tulpen"; - - rgrep = "grep -Rn"; - hgrep = "fc -El 0 | grep"; - history = "fc -l 1"; - sha256sum = "shasum -a 256"; - }; - }; - - programs = { - bash = { - enable = true; - enableCompletion = true; - - profileExtra = '' - [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh - ''; - - logoutExtra = '' - - ''; - - sessionVariables = { - EDITOR = "vim"; - PAGER = "less"; - CLICOLOR = "1"; - GREP_COLOR = "mt=1;33"; - IGNOREEOF = "1"; - }; - }; - - zsh = { - enable = true; - enableCompletion = true; - enableAutosuggestions = true; - - syntaxHighlighting = { - enable = true; - }; - - profileExtra = '' - [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh - ''; - - history = { - size = 10000000; - save = 10000000; - extended = true; - path = "${config.home.homeDirectory}/.zhistory"; - }; - - sessionVariables = { - EDITOR = "vim"; - PAGER = "less"; - CLICOLOR = "1"; - GREP_COLOR = "mt=1;33"; - IGNOREEOF = "1"; - }; - - oh-my-zsh = { - enable = true; - custom = "${pkgs.zcustom}"; - theme = "tboerger"; - - plugins = [ - "direnv" - "encode64" - "git-prompt" - "history-substring-search" - "kube-ps1" - "rsync" - "sudo" - "systemd" - "tfenv" - "tmux" - "transfer" - ]; - }; - }; - }; - }; -} diff --git a/home/thomas/programs/vscode.nix b/home/thomas/programs/vscode.nix index e424ef6..a631ab4 100644 --- a/home/thomas/programs/vscode.nix +++ b/home/thomas/programs/vscode.nix @@ -35,7 +35,7 @@ in ms-python.python ms-vscode-remote.remote-ssh naumovs.color-highlight - octref.vetur + Vue.volar redhat.vscode-yaml shakram02.bash-beautify signageos.signageos-vscode-sops @@ -53,6 +53,7 @@ in "editor.renderControlCharacters" = true; "editor.renderWhitespace" = "all"; + "editor.minimap.enabled" = false; "editor.rulers" = [ 80 @@ -62,12 +63,13 @@ in "files.trimTrailingWhitespace" = true; "go.useLanguageServer" = true; + "go.toolsManagement.autoUpdate" = true; "[python]" = { "editor.formatOnType" = true; }; "[vue]" = { - "editor.defaultFormatter" = "octref.vetur"; + "editor.defaultFormatter" = "Vue.volar"; }; "[yaml]" = { "editor.defaultFormatter" = "redhat.vscode-yaml"; diff --git a/home/thomas/secrets/gh.age b/home/thomas/secrets/gh.age deleted file mode 100644 index 6de2ef9..0000000 --- a/home/thomas/secrets/gh.age +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHB0VDFPUSAzS1hq -M0F2NDVCanhEcCsrVmtWN3NKaVQ4NWF4Rlk4OXlVUXNZZWE4Y2tVCkRsNkJrK0JE -cG80U2cxZEdPUkhEcmFENGU0cW1yMkkrMkY3NHlzSjVITnMKLT4gLnVbODAtXC1n -cmVhc2UgTSU3ViBnN1ggMH4yLWhodQowRVQxVFV4d21VRmY1S1J4K3Q1QjArbHZK -clpwSHY3OWVHOXFTUjQvWFlhV1lpTTN4N1BSQTBYMjZwbzdnaCt4CkxmWTc1dHNu -MStrQgotLS0gT3I3Nkw4RHNwcXUrV3h2U1o1VXlvTGFLbkEyRUtVNFJ3Mnl1VTRY -MXJaMAo7vjfTwaTgpEMPgSmXjFoWJDxkL29O5W/pxKmRH3bW33MVpSmO1sM+AypG -dLMa7fvHbWZozSMLpT19num5Ufj28BJCjN0fhd0m ------END AGE ENCRYPTED FILE----- diff --git a/home/thomas/secrets/github.age b/home/thomas/secrets/github.age new file mode 100644 index 0000000..3f1af13 --- /dev/null +++ b/home/thomas/secrets/github.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ XIHtmD92NOYVItTC1L891g2iw2Ndhryjs9CM3X2eAmw +s6jN22brCaZRcm7U4KChoUGQd+E9p2y7hyullCVFL/4 +-> D-grease 4__ 0}`' +SewNcDOTIxXXeb/gIiUnVkW8HvP4fAutXORixw07ZRe3csUBH5Qhg5VQrh+RGKji +EdXyeHsIOfXNM95C93K0U0Y0 +--- pB4b+FCzZ5lPi5Hv8W4XlTpQx98miOw8z5g54moH01M +OVtSŰhBόecvE?>x)[;Xxu8PubWa \ No newline at end of file diff --git a/home/thomas/secrets/minio.age b/home/thomas/secrets/minio.age index fe5f0d5..b38ecad 100644 Binary files a/home/thomas/secrets/minio.age and b/home/thomas/secrets/minio.age differ diff --git a/home/thomas/secrets/netrc.age b/home/thomas/secrets/netrc.age index a0f1fa4..dde2c94 100644 --- a/home/thomas/secrets/netrc.age +++ b/home/thomas/secrets/netrc.age @@ -1,13 +1,8 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHB0VDFPUSA3czg0 -azRIaGgvVXMyQTFuaXVGYjNoUlJFcU03d3RxLzY2REQxYVl1SndBClg0M0dQeW0v -Z3pGN0tPVUo4OWVmZ0N6SGVETHJpc01TMzhLeHczR3RkQkEKLT4gaUBYVWVeUi1n -cmVhc2UKekVpYkJwOHpPZW8yd1kwY3NpYjhPQnVRRE1DZ0xqYXQzaks0dlE5SDRX -VDVNTmR4ZklpQVd5elF1MmtDSmxsYwo5LzV2M2xsSFlxZGYzOVlzRzFIK2lDQjdx -NGdVVGczWDlNUlZhQ1pZWWZNc3hJNU02WC9uOVlPOUw5STFMUQotLS0gSVhpK1NJ -NEZFVWZBWDhTM0FUVHZMTTBSd2hVQmlUejRnaUUvSjArVTA4NAq8OnZmEhnySiGS -NXOHYtCrY0hOtWowI/fKTyCQg+2ttsgANRTOPQokr3m8N6NP0VpEHgTZ63ViRvnu -XP+DXK0xoztypOWIxg0R9XYtFazVvRUFTal1qY7U3wzwDplz5AYGwJZBv+tTJot+ -7OojRKWzmg3CLAnCYciwFA2/tkgYP4sFGqQ9iCSY6nt6DL/zuILbUP38s/8pYEPg -yRY+408oomBqyG04ORGa1NIH9DHKxfmLc/h2w8flB/eyvw== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ Asu1kzCEtQmXGuPOZNbOJqmshYQRsWXSjlwuBQ6Y5mk +N5Ydknr2H1SHw8Y8BKNn+j3J/L5MVovqkHsbQFa6Rv4 +-> p4*9mI9U-grease \7ZD]9w0 +FqfyFIz/blFfEtBAwGYAmA6Wkv3GeMcTe8bTCBkmEcPpZyQ0XcYSUb9peUtl +--- 6HFThIK/yZAkX9XoLs8PWKjagjnIz8+YjBjWxDeFAVo +NnNaF|LkC5^@/WM8wKݯWrgMGKzTM,Oob q>X=XS]+P%"Y=.Y0vGR XJ#/7FJm +&OiPy9F5x@ \ No newline at end of file diff --git a/overlays/default.nix b/overlays/default.nix index 65b823e..b26ae87 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,6 +1,14 @@ self: super: { + citrix_workspace = super.citrix_workspace.overrideAttrs (old: { + src = super.fetchurl { + name = "linuxx64-24.2.0.65.tar.gz"; + url = "https://dl.webhippie.de/misc/citrix-workspace-x64-24.2.0.65.tar.gz"; + hash = "sha256-6utdO9B51OXJcH2mf196Jct2XhnDbQGGEpBlXb8qruQ="; + }; + }); + vscode-extensions = self.lib.recursiveUpdate super.vscode-extensions { dzhavat.bracket-pair-toggler = self.vscode-utils.extensionFromVscodeMarketplace { name = "bracket-pair-toggler"; @@ -17,8 +25,14 @@ self: super: signageos.signageos-vscode-sops = self.vscode-utils.extensionFromVscodeMarketplace { name = "signageos-vscode-sops"; publisher = "signageos"; - version = "0.8.0"; - sha256 = "sha256-LcbbKvYQxob2zKnmAlylIedQkJ1INl/i9DSK7MemW9Y="; + version = "0.9.1"; + sha256 = "sha256-b1Gp+tL5/e97xMuqkz4EvN0PxI7cJOObusEkcp+qKfM="; + }; + Vue.volar = self.vscode-utils.extensionFromVscodeMarketplace { + name = "volar"; + publisher = "Vue"; + version = "2.0.11"; + sha256 = "sha256-EyULg2yS/aqf0ipUQKFjW1WJIHECr26/JIQ+UuTPSLk="; }; }; @@ -49,16 +63,23 @@ self: super: gh-markdown-preview = super.callPackage ./gh-markdown-preview { }; gh-poi = super.callPackage ./gh-poi { }; + kubectl-deprecations = super.callPackage ./kubectl-deprecations { }; kubectl-get-all = super.callPackage ./kubectl-get-all { }; kubectl-images = super.callPackage ./kubectl-images { }; kubectl-ktop = super.callPackage ./kubectl-ktop { }; + kubectl-moco = super.callPackage ./kubectl-moco { }; kubectl-neat = super.callPackage ./kubectl-neat { }; kubectl-oomd = super.callPackage ./kubectl-oomd { }; + kubectl-outdated = super.callPackage ./kubectl-outdated { }; kubectl-pexec = super.callPackage ./kubectl-pexec { }; + kubectl-pod-lens = super.callPackage ./kubectl-pod-lens { }; + kubectl-rakkess = super.callPackage ./kubectl-rakkess { }; kubectl-realname-diff = super.callPackage ./kubectl-realname-diff { }; kubectl-resource-versions = super.callPackage ./kubectl-resource-versions { }; + kubectl-rolesum = super.callPackage ./kubectl-rolesum { }; kubectl-split-yaml = super.callPackage ./kubectl-split-yaml { }; kubectl-view-secret = super.callPackage ./kubectl-view-secret { }; + kubectl-who-can = super.callPackage ./kubectl-who-can { }; kubectl-whoami = super.callPackage ./kubectl-whoami { }; khelm = super.callPackage ./khelm { }; diff --git a/overlays/gh-dash/default.nix b/overlays/gh-dash/default.nix index ac2e922..ac78238 100644 --- a/overlays/gh-dash/default.nix +++ b/overlays/gh-dash/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gh-dash"; - version = "3.7.9"; + version = "3.14.0"; src = fetchFromGitHub { owner = "dlvhdr"; repo = "gh-dash"; rev = "v${version}"; - sha256 = "sha256-loAtRXns7plBeVOM+d/euyRS86MG+NRhGB4WpHT7KlM="; + sha256 = "sha256-6YPUGOQ2KBfu+3XAgub9Cpz0QBrU2kV+gq13tUtzY+w="; }; - vendorHash = "sha256-0ySTcQDM7Dole6ojnhr7vwUWOM4p6kFN69VqMP0jAY0="; + vendorHash = "sha256-jCf9FWAhZK5hTzyy8N4r5dfUYTgESmsn8iKxCccgWiM="; ldflags = [ "-s" diff --git a/overlays/gh-markdown-preview/default.nix b/overlays/gh-markdown-preview/default.nix index 6c730f4..d93da39 100644 --- a/overlays/gh-markdown-preview/default.nix +++ b/overlays/gh-markdown-preview/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "gh-markdown-preview"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "yusukebe"; repo = "gh-markdown-preview"; rev = "v${version}"; - sha256 = "sha256-Q+e3j+X/ZsLdkTBkuu028Rl4iw+oES2w6CDQiwN+CtU="; + sha256 = "sha256-UBveXL4/3GxxIVjqG0GuTbkGkzXFc/stew2s+dTj9BI="; }; vendorHash = "sha256-O6Q9h5zcYAoKLjuzGu7f7UZY0Y5rL2INqFyJT2QZJ/E="; diff --git a/overlays/gh-poi/default.nix b/overlays/gh-poi/default.nix index 6015287..cc4ae66 100644 --- a/overlays/gh-poi/default.nix +++ b/overlays/gh-poi/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "gh-poi"; - version = "0.9.3"; + version = "0.9.8"; src = fetchFromGitHub { owner = "seachicken"; repo = "gh-poi"; rev = "v${version}"; - sha256 = "sha256-Oh0l+WUj2G6EBhyhF1YVlyTsbH9eyK0R5heAfp6zUUc="; + sha256 = "sha256-QpUZxho9hzmgbCFgNxwwKi6hhfyqc4b/JYKH3rP4Eb8="; }; vendorHash = "sha256-D/YZLwwGJWCekq9mpfCECzJyJ/xSlg7fC6leJh+e8i0="; diff --git a/overlays/khelm/default.nix b/overlays/khelm/default.nix index 5c248e0..f57625e 100644 --- a/overlays/khelm/default.nix +++ b/overlays/khelm/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "khelm"; - version = "2.3.0"; + version = "2.3.3"; src = fetchFromGitHub { owner = "mgoltzsche"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Rh3goHrtoB/cPDcQqGTCCY9FHtoxCD/wJX7EtsY1KA4="; + sha256 = "sha256-S4+aNte+L5aPQga3543AeRuorpVtsTFHWGmcl5Djxd8="; }; - vendorHash = "sha256-LN6Jnv/XBgHeogJoi+jcgNVG9/WDb9d/UgyuUzhiafw="; + vendorHash = "sha256-lpJ+qcUnTW32j00/5MtwTojtfrlLysSkAArnUnjJQmU="; doCheck = false; diff --git a/overlays/ksops/default.nix b/overlays/ksops/default.nix index b3cd17b..9c15a14 100644 --- a/overlays/ksops/default.nix +++ b/overlays/ksops/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ksops"; - version = "4.2.1"; + version = "4.3.1"; src = fetchFromGitHub { owner = "viaduct-ai"; repo = "kustomize-sops"; rev = "v${version}"; - sha256 = "sha256-Jm4mA91fyXQ8eScvRGDAmCBFVqT2GP57XIBZQo/bApg="; + sha256 = "sha256-zEiRbbQzUqFHNtrzyZDNEaXT/T+TfB6KqOXkdjrCiW4="; }; - vendorHash = "sha256-tNYPgXFDJuNRlrVE0ywg77goNzfoWHFVzOG9mHqK3q8="; + vendorHash = "sha256-aNrhS4oCG5DB3yjolWL49DtNqZA5dNRqQ2YPBeKQzWI="; postInstall = '' mv $out/bin/kustomize-sops $out/bin/ksops diff --git a/overlays/kubectl-deprecations/default.nix b/overlays/kubectl-deprecations/default.nix new file mode 100644 index 0000000..8616f41 --- /dev/null +++ b/overlays/kubectl-deprecations/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-deprecations"; + version = "1.7.1"; + + src = fetchFromGitHub { + owner = "kubepug"; + repo = "kubepug"; + rev = "v${version}"; + sha256 = "sha256-VNxaYQy81U0JWd6KS0jCvMexpyWL4v1cKpjxLRkxBLE="; + }; + + vendorHash = "sha256-HVsaQBd7fSZp2fOpOOmlDhYrHcHqWKiYWPFLQX0azEw="; + + doCheck = false; + subPackages = [ "." ]; + + postInstall = '' + mv $out/bin/kubepug $out/bin/kubectl-deprecations + ''; + + meta = with lib; { + description = "A kubectl plugin to preupgrade checks"; + homepage = "https://github.com/kubepug/kubepug/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-moco/default.nix b/overlays/kubectl-moco/default.nix new file mode 100644 index 0000000..213f783 --- /dev/null +++ b/overlays/kubectl-moco/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-moco"; + version = "0.20.2"; + + src = fetchFromGitHub { + owner = "cybozu-go"; + repo = "moco"; + rev = "v${version}"; + sha256 = "sha256-AubGcEFogKNJI6fDyc95yKdMzqAaQ4rEH+etJ1tTmB4="; + }; + + vendorHash = "sha256-Njy+oGu7TBShDjFd06ijRv6x6xlsYYdy2upvLL1MBwQ="; + + doCheck = false; + subPackages = [ "cmd/kubectl-moco" ]; + + meta = with lib; { + description = "A kubectl plugin that interacts with the Moco MySQL operator"; + homepage = "https://github.com/cybozu-go/moco/"; + license = licenses.asl20; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-outdated/default.nix b/overlays/kubectl-outdated/default.nix new file mode 100644 index 0000000..5f960af --- /dev/null +++ b/overlays/kubectl-outdated/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-outdated"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "replicatedhq"; + repo = "outdated"; + rev = "v${version}"; + sha256 = "sha256-01rQAGSoAD/lMHSth4FvYXnvpW2zyXGQNKq70HQKPFU="; + }; + + vendorHash = "sha256-EbLIsOqg4uQB6ER/H05zaFC6sTxCPIQUZUhRgW1i9KQ="; + + doCheck = false; + subPackages = [ "cmd/outdated" ]; + + postInstall = '' + mv $out/bin/outdated $out/bin/kubectl-outdated + ''; + + meta = with lib; { + description = "A kubectl plugin to find and report outdated images"; + homepage = "https://github.com/replicatedhq/outdated/"; + license = licenses.asl20; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-pod-lens/default.nix b/overlays/kubectl-pod-lens/default.nix new file mode 100644 index 0000000..0cb594b --- /dev/null +++ b/overlays/kubectl-pod-lens/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-pod-lens"; + version = "0.3.1"; + + src = fetchFromGitHub { + owner = "sunny0826"; + repo = "kubectl-pod-lens"; + rev = "v${version}"; + sha256 = "sha256-KoNQWAKdHcdkyMR1lr8CrLc0AxK4WszWqw0zKP2n9sY="; + }; + + vendorHash = "sha256-V6iHO+eNDWP+IEcG2PnCAyGISw/VU8yz5UTe4JZCZKk="; + + doCheck = false; + subPackages = [ "cmd/plugin" ]; + + postInstall = '' + mv $out/bin/plugin $out/bin/kubectl-pod_lens + ''; + + meta = with lib; { + description = "A kubectl plugin to show pod-related resources"; + homepage = "https://github.com/sunny0826/kubectl-pod-lens/"; + license = licenses.asl20; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-rakkess/default.nix b/overlays/kubectl-rakkess/default.nix new file mode 100644 index 0000000..47c212b --- /dev/null +++ b/overlays/kubectl-rakkess/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-rakkess"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "corneliusweig"; + repo = "rakkess"; + rev = "v${version}"; + sha256 = "sha256-igovWWk8GfNmOS/NbZWfv9kox6QLNIbM09jdvA/lL3A="; + }; + + vendorHash = "sha256-lVxJ4wFBhHc8JVpkmqphLYPE9Z8Cr6o+aAHvC1naqyE="; + + doCheck = false; + subPackages = [ "." ]; + + postInstall = '' + mv $out/bin/rakkess $out/bin/kubectl-rakkess + ''; + + meta = with lib; { + description = "A kubectl plugin to show an access matrix"; + homepage = "https://github.com/corneliusweig/rakkess/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-realname-diff/default.nix b/overlays/kubectl-realname-diff/default.nix index d5890b6..e53ad24 100644 --- a/overlays/kubectl-realname-diff/default.nix +++ b/overlays/kubectl-realname-diff/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kubectl-realname-diff"; - version = "0.2.3"; + version = "0.3.0"; src = fetchFromGitHub { owner = "hhiroshell"; repo = "kubectl-realname-diff"; rev = "v${version}"; - sha256 = "sha256-H9+a7nb90AI2VUiii0LbDdik+Ihe1blSdLYwJRVRE8w="; + sha256 = "sha256-VgcG5Hptu65O2+WqUl6nsSvfJ4MN8TrlgoKKV3iMUss="; }; - vendorHash = "sha256-Hw7f9nJvcslr6wbmjz9XtMxAm2XYVb4yhW2LssQOxrQ="; + vendorHash = "sha256-XJZ9/JKj+WT3TffNP1Z0y5jws2wqZotzzV/1pk+AJkU="; doCheck = false; subPackages = [ "cmd/kubectl-realname_diff" ]; diff --git a/overlays/kubectl-rolesum/default.nix b/overlays/kubectl-rolesum/default.nix new file mode 100644 index 0000000..f145f5c --- /dev/null +++ b/overlays/kubectl-rolesum/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-rolesum"; + version = "1.5.5"; + + src = fetchFromGitHub { + owner = "Ladicle"; + repo = "kubectl-rolesum"; + rev = "v${version}"; + sha256 = "sha256-IO0QMDTbQXxs6UvaiobmrqVTHdmBTnUA3kMYKMgc+A8="; + }; + + vendorHash = "sha256-gQrMTD5toSeMPJb9LEbLaU1pB7DzOzSsVqDaL+cPvcw="; + + doCheck = false; + subPackages = [ "." ]; + + meta = with lib; { + description = "A kubectl plugin to summarize RBAC roles"; + homepage = "https://github.com/Ladicle/kubectl-rolesum/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-view-secret/default.nix b/overlays/kubectl-view-secret/default.nix index e019063..e6dfa42 100644 --- a/overlays/kubectl-view-secret/default.nix +++ b/overlays/kubectl-view-secret/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kubectl-view-secret"; - version = "0.11.0"; + version = "0.12.0"; src = fetchFromGitHub { owner = "elsesiy"; repo = "kubectl-view-secret"; rev = "v${version}"; - sha256 = "sha256-IdbJQ3YCIPcp09/NORWGezqjbwktObN7TuQdq5uAN4A="; + sha256 = "sha256-5X5rOoERx6HoG3cOBpYm12anMXXDjTtHZzQOOlJeJSs="; }; - vendorHash = "sha256-Q6OosaHDzq9a2Nt18LGiGJ1C2i1/BRYGaNEBeK0Ohiw="; + vendorHash = "sha256-oQvmS05nev+ypfkKAlTN+JbzPux5iAzHsojW8SxtB70="; doCheck = false; subPackages = [ "cmd" ]; diff --git a/overlays/kubectl-who-can/default.nix b/overlays/kubectl-who-can/default.nix new file mode 100644 index 0000000..0317ec7 --- /dev/null +++ b/overlays/kubectl-who-can/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-who-can"; + version = "0.4.0"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = "kubectl-who-can"; + rev = "v${version}"; + sha256 = "sha256-nyUDzNxlizSr3P3dh9Cz/9CaMfmjeE9qSJkCLo4lBqw="; + }; + + vendorHash = "sha256-KWLuS29aI3XqqyJAY9DVX+ldFU53vEumpBKUwinhYGQ="; + + doCheck = false; + subPackages = [ "cmd/kubectl-who-can" ]; + + postInstall = '' + mv $out/bin/kubectl-who-can $out/bin/kubectl-who_can + ''; + + meta = with lib; { + description = "A kubectl plugin to show who has RBAC permissions"; + homepage = "https://github.com/aquasecurity/kubectl-who-can/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1082bc5..1835d06 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,13 +12,14 @@ let in { "services/acme/credentials.age".publicKeys = users ++ systems; - + "services/cloud/password.age".publicKeys = users ++ systems; + "services/gallery/password.age".publicKeys = users ++ systems; "services/tailscale/authkey.age".publicKeys = users ++ systems; - "services/shares/printer.age".publicKeys = users ++ systems; - "services/shares/media.age".publicKeys = users ++ systems; - "users/root/password.age".publicKeys = users ++ systems; + "users/printer/password.age".publicKeys = users ++ systems; + "users/media/password.age".publicKeys = users ++ systems; + "users/thomas/password.age".publicKeys = users ++ systems; "users/anna/password.age".publicKeys = users ++ systems; "users/adrian/password.age".publicKeys = users ++ systems; diff --git a/secrets/services/acme/credentials.age b/secrets/services/acme/credentials.age index 1842e2c..8d846ea 100644 Binary files a/secrets/services/acme/credentials.age and b/secrets/services/acme/credentials.age differ diff --git a/secrets/services/cloud/password.age b/secrets/services/cloud/password.age new file mode 100644 index 0000000..b5782f8 --- /dev/null +++ b/secrets/services/cloud/password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ 4CPxY5rGtjoYVereenuG6JUcWtyE9WaXXgdkXAKhuEg +EjXFUF7omJsPJV3GfuR0OwViMgMK3VYYH/vSyQ2vgQg +-> ssh-ed25519 dHPgHQ X1eBYMbvHsB8K/uU+FYtRPKmeHDTV+nrwuXMTEyB7Gg +qn4vjH7hGHFK4eLUQ9IMEIlh3NYup009gA232pIWqNE +-> ssh-ed25519 w/1rQA 0S0LLqSY3nb730Hp4jY1JX1wZrXk4OI5Wd+FGoXUuEE +EeH8s5D8jqAReq14TG8vtob7vfaWXVcXSkJ7DgBiDSg +--- 3RkU2mfoiTxtY4UyImzwq9IUouuB9Cmpd88zjaePEmg +ud5M3NfъcHn0Kf# \ No newline at end of file diff --git a/secrets/services/gallery/password.age b/secrets/services/gallery/password.age new file mode 100644 index 0000000..26c5d59 Binary files /dev/null and b/secrets/services/gallery/password.age differ diff --git a/secrets/services/shares/media.age b/secrets/services/shares/media.age deleted file mode 100644 index b3ac76f..0000000 Binary files a/secrets/services/shares/media.age and /dev/null differ diff --git a/secrets/services/shares/printer.age b/secrets/services/shares/printer.age deleted file mode 100644 index 9b82ec2..0000000 Binary files a/secrets/services/shares/printer.age and /dev/null differ diff --git a/secrets/services/tailscale/authkey.age b/secrets/services/tailscale/authkey.age index 023b0a2..0948559 100644 --- a/secrets/services/tailscale/authkey.age +++ b/secrets/services/tailscale/authkey.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 ptT1OQ twHQbNhYqtvZb77QWHhmPF2iTMO0h0lOGldTfBpcllY -XERC8DFb1TpQrZWFkQPOdTlbRXnvIGIwRKME45ToVG0 --> ssh-ed25519 dHPgHQ 016ufoJK5rw9z2pn+8GSvm1KwiYPJsvOLxvzTvzbbDI -oB9byoHjfvqY3nYNRWjMuK8midNq2J7VmpljIJJPazQ --> ssh-ed25519 w/1rQA 3BkJ/r0V12Gt5GT8egr1Nh06d45gJPsyUeE86b2bjDU -f4lcVlWv/KKw3qiw5Eu9+iyjA6cpX6R8bwW6Fxg+bC4 ---- 9JnuaZljT4YxTNhTyJWHFPEC3GDMetmlCMYEUOH6qrg -noYEGd&[BiRWSRB:l0C @51À @Ҩ+#tC U+ \ No newline at end of file +-> ssh-ed25519 ptT1OQ J3kDmGc+jH6NRrOhS4Dr4zsu1/z42GLr5NdDRv+iTXk +DdlUq0WeflALAlJUOP5ijsfVQR09o5pbtQaALhgeIvQ +-> ssh-ed25519 dHPgHQ haumlPX9NC//HJGLfhfwNRHUK8R1KSomkJl8Xzh5tSE +HDsnHyF46OFkDuBX0FFzHO7y5PcW933h7rAr4Gl8Dgs +-> ssh-ed25519 w/1rQA P700mlIIgIYJIJfGVfaJnMQLIUC8L1wSDXgk9W6hez4 +wh4/Yod+VR5FpPHre4MlLxgpXPY58pqqcTeERf0oHvM +--- O76vmmBpuhj02EeYLnFTq5FkY5F+xn77GlOfQ1fBIAU +kE 47 +cT_Yl10gLp q&*$2:`k%;~t#g̫xW*. \ No newline at end of file diff --git a/secrets/users/adrian/password.age b/secrets/users/adrian/password.age index 70063c0..9241faa 100644 --- a/secrets/users/adrian/password.age +++ b/secrets/users/adrian/password.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 ptT1OQ VORR85HHMDD3b0/TkoEDTzYmiQ4Yr+d/xXdOWr+ZIig -TLkJIQT9y3SI4n4KPzN+k8rglqmdjaR/U8CgxxiOTZQ --> ssh-ed25519 dHPgHQ dP7NziVF30ixfk/n13aW5il4n58DYv0ohmPXEh65dSs -losq32Ll313RSmaZ3YxNw9sdN7WdjtOXZMBKYG1z+74 --> ssh-ed25519 w/1rQA PxWEgRM7o5L9ohNdnqlsv8nT/q4X8RT0gNnyrFlrNCc -ZP99FPSYXGU3qh/2W4R8X3NU/mGo5PGcW/atJJFsmV0 ---- WEJtbLTrcHwvTt/T2kGkmVf2pZ/NFFQM44BNwJfWmvs -'TGLMB;`%}6 0Jբw_P"r0pFIWڀ7,hT<1LRpR0 ݽ|įUn=FjceITrI{0U \ No newline at end of file +-> ssh-ed25519 ptT1OQ QoDPjPsAk+20bxAtbBzFxtbI5jtSi5b9GsyjQFNSxk0 +sKe/Ens+2jmR9nICcdn98GTFTOO99mTGUZzwHGhDoCs +-> ssh-ed25519 dHPgHQ sgh+q8g1ReG0n612l10LdJygH54AFV+W2rKwpMtfLjs +QeY8CdCdDBj4hbiLxB3drxmXKi3vE+y0uAoC5vQrNuE +-> ssh-ed25519 w/1rQA KmJ1MxNJpoBeJnFqRh+sd5bsZP9OqUv4fYU8ly1KDxA +KRk9CN1SWYEEivH0yoaiQWqupkvbSqT/gG0+FG/yDKY +--- 2624wRYJu+XLPBrxW5C9J30cszA5VcmGRMp09ppoNSU +#^eGŠ)$r f*!" epqSYj3:{OEu A 0&`xOCl[~*CǍ \ No newline at end of file diff --git a/secrets/users/anna/password.age b/secrets/users/anna/password.age index 2971cad..a8d7cf7 100644 Binary files a/secrets/users/anna/password.age and b/secrets/users/anna/password.age differ diff --git a/secrets/users/media/password.age b/secrets/users/media/password.age new file mode 100644 index 0000000..e4fa9a5 --- /dev/null +++ b/secrets/users/media/password.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ 7bC/2+XflpTuYo8koiAWL3KKQtS51KrVFBd2X0DTB2Y +uYN4u4HSBrPRc9sBBsB0Egf53X2SHtj9ixLLQOlwS58 +-> ssh-ed25519 dHPgHQ 1XqbRk0MY6YwrVXtlaMWaanehgq/IlX92fdV4i3k2Ww +QrToCQ8700Ilzsp6kYoYq1FYozVC8b4gYF7hy47ums4 +-> ssh-ed25519 w/1rQA xdjSzVT43SL5c9b2jdZ5bxy0vdSGuvgf4q38FCgBzmI +/dLUn6z5I0/2PyvK5Jiu5EGjjGMcgkOwjk3pABvXFPU +--- 7NDsWPIH0wisLzVhB+PDgkFHM0FyPd0ESfw4xUoE1l0 +iSzI)R#(je?igk=CZ+N +muEB=M/_l \ No newline at end of file diff --git a/secrets/users/printer/password.age b/secrets/users/printer/password.age new file mode 100644 index 0000000..5a9ff40 --- /dev/null +++ b/secrets/users/printer/password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ pc5hBofqsAf+D+0P4BxDR6IB5e9/5unEvKM3HQjueVM +eDCuxl53nfEBUXiVyp9kft29RWcNhw+kudh2wpxT5f4 +-> ssh-ed25519 dHPgHQ OjZ6YrxcAM2DhOiCofp9JCS9r9zw83AyGifAInL0E1w +Uu2InQepA0Cj0huvH7q6En/Iutb2yYNE3GitnsUeT4U +-> ssh-ed25519 w/1rQA CtF7xUrSASoNaO8mFFkLdNi7ONCySCnV0Omy0QZUQTs +XZh3RQXbMwUwAylESS4MGLmYiuZ0biw1pcxv8CNvZgg +--- vhR54M/zUWdos8VZ4SjLKbVntLrbZ4tS1FurTInUqcw +, ssh-ed25519 ptT1OQ ISOzPTpYzFoBqKXm1cYZf5FvQTriHZ4MWQUquGSuRWQ -9vkCwopdCGdgQKJ4KY4KW6S4M/VcjtE5DLxUOBvMGbk --> ssh-ed25519 dHPgHQ Pi4Hygk5IIehm6MxmA1Q858W7iCVhprEtu5BscXsrRk -rvfOAQhh615eO3X/XVVcKNJ56JPbl3m/KsyaQjjOn2s --> ssh-ed25519 w/1rQA RhwaABja0y+FOhd37gdPHNb8E34ClEZnyfSLp14WSAo -D2aMBABbl1HDTF074mFMQHz4GWwW19YQWe5rq3YyKN8 ---- s+H5xZvp+QMz9aRbvB91J2/ZSAbUOv3MRaob3hCBMXM -|El)fz̃M*J>փ*^1ac6tK@n=/o:-ĩ]upRJpF0l3NvɀG݉Vswdd<%Mlqa)a&ɳl \ No newline at end of file +-> ssh-ed25519 ptT1OQ pLVG/B8QnT7etJ9VGZ4bMpGehghllItNnCTqlfgNJDU +XQcgUSW51h5qE552Dgdn2S5nZpm4E5n6UhExXZSsppI +-> ssh-ed25519 dHPgHQ kRFbRxq9bxH0eBNWbQGlJWfsMod/QC6LhyJZxTBhVEw +hJrMpfCn0JwHrvyZQ/IxL8juPWfL7RIgNNm2Gu2gB2k +-> ssh-ed25519 w/1rQA pReAFyMQ/4OWGer+4NMHUAIlthSI3zVVfB63uZD4HC8 +ciLgOvAQ6I+Pcz+aWFqTwWwGgdrUF0oEK8tph4OBV84 +--- bDzDGZrV/i+deG81OgQoIdf7NXkz2lclWwsT1aB9H1E +լE4 3O + I :Ydڂ|_٠Q7(f91}Ʊ-u-7Btr|Q%CW` CgiHd2J=;%]∻4 \ No newline at end of file diff --git a/servers/vanaheim/default.nix b/servers/vanaheim/default.nix index c30b99c..f7c98cd 100644 --- a/servers/vanaheim/default.nix +++ b/servers/vanaheim/default.nix @@ -15,18 +15,21 @@ personal = { services = { + cloud = { + enable = config.personal.services.enable; + }; gallery = { enable = config.personal.services.enable; }; - media = { - enable = config.personal.services.enable; - }; - minecraft = { + archive = { enable = config.personal.services.enable; }; auth = { enable = config.personal.services.enable; }; + minecraft = { + enable = config.personal.services.enable; + }; tailscale = { enable = config.personal.services.enable; }; diff --git a/servers/vanaheim/disko.nix b/servers/vanaheim/disko.nix index dcc1d19..19911f9 100644 --- a/servers/vanaheim/disko.nix +++ b/servers/vanaheim/disko.nix @@ -147,6 +147,21 @@ }; }; + nextcloud = { + size = "100G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/var/lib/nextcloud"; + }; + }; + + + + + + + kanidm = { size = "5G"; content = { @@ -327,14 +342,7 @@ }; }; - nextcloud = { - size = "1G"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/var/lib/nextcloud"; - }; - }; + minecraft = { size = "1G"; diff --git a/servers/vanaheim/networking.nix b/servers/vanaheim/networking.nix index c8c57c3..dcf6096 100644 --- a/servers/vanaheim/networking.nix +++ b/servers/vanaheim/networking.nix @@ -21,5 +21,12 @@ }; }; }; + + nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "eth0"; + }; }; } diff --git a/shared/global/default.nix b/shared/global/default.nix new file mode 100644 index 0000000..826783a --- /dev/null +++ b/shared/global/default.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, options, ... }: + +{ + imports = [ + ./general.nix + ./haveged.nix + ./network.nix + ./nixpkgs.nix + ./openssh.nix + ./shells.nix + ./sudo.nix + ./timesyncd.nix + ./users.nix + ]; +} diff --git a/shared/modules/global.nix b/shared/global/general.nix similarity index 100% rename from shared/modules/global.nix rename to shared/global/general.nix diff --git a/shared/global/haveged.nix b/shared/global/haveged.nix new file mode 100644 index 0000000..744bb4a --- /dev/null +++ b/shared/global/haveged.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +{ + config = { + services = { + haveged = { + enable = true; + }; + }; + }; +} diff --git a/shared/modules/network.nix b/shared/global/network.nix similarity index 100% rename from shared/modules/network.nix rename to shared/global/network.nix diff --git a/shared/modules/nixpkgs.nix b/shared/global/nixpkgs.nix similarity index 100% rename from shared/modules/nixpkgs.nix rename to shared/global/nixpkgs.nix diff --git a/shared/services/openssh.nix b/shared/global/openssh.nix similarity index 74% rename from shared/services/openssh.nix rename to shared/global/openssh.nix index ded1f2f..ba408cc 100644 --- a/shared/services/openssh.nix +++ b/shared/global/openssh.nix @@ -1,24 +1,8 @@ { pkgs, lib, config, options, ... }: with lib; -let - cfg = config.personal.services.openssh; - -in { - options = { - personal = { - services = { - openssh = { - enable = mkEnableOption "Openssh" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { + config = { services = { openssh = { enable = true; diff --git a/shared/modules/shells.nix b/shared/global/shells.nix similarity index 100% rename from shared/modules/shells.nix rename to shared/global/shells.nix diff --git a/shared/modules/sudo.nix b/shared/global/sudo.nix similarity index 100% rename from shared/modules/sudo.nix rename to shared/global/sudo.nix diff --git a/shared/global/timesyncd.nix b/shared/global/timesyncd.nix new file mode 100644 index 0000000..9ca2121 --- /dev/null +++ b/shared/global/timesyncd.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +{ + config = { + services = { + timesyncd = { + enable = true; + }; + }; + }; +} diff --git a/shared/modules/users.nix b/shared/global/users.nix similarity index 100% rename from shared/modules/users.nix rename to shared/global/users.nix diff --git a/shared/modules/default.nix b/shared/modules/default.nix index 1963ccb..65335a7 100644 --- a/shared/modules/default.nix +++ b/shared/modules/default.nix @@ -2,11 +2,7 @@ { imports = [ - ./global.nix - ./network.nix - ./nixpkgs.nix - ./shells.nix - ./sudo.nix - ./users.nix + ./filebrowser.nix + ./prowlarr.nix ]; } diff --git a/shared/modules/filebrowser.nix b/shared/modules/filebrowser.nix new file mode 100644 index 0000000..9048ad5 --- /dev/null +++ b/shared/modules/filebrowser.nix @@ -0,0 +1,98 @@ +{ config, pkgs, lib, ... }: +with lib; + +let + cfg = config.services.filebrowser; + settingsFormat = pkgs.formats.json { }; +in +{ + options = { + services.filebrowser = { + enable = mkEnableOption "Filebrowser"; + + settings = mkOption rec { + type = settingsFormat.type; + apply = recursiveUpdate default; + default = { + address = "127.0.0.1"; + port = 8080; + log = "stdout"; + database = "/var/lib/filebrowser/database.db"; + }; + example = { + root = "/usr/share/filebrowser"; + }; + description = "Configuration for Filebrowser."; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the Filebrowser interface."; + }; + + user = mkOption { + type = types.str; + default = "filebrowser"; + description = "User under which Filebrowser runs."; + }; + + group = mkOption { + type = types.str; + default = "filebrowser"; + description = "Group under which Filebrowser runs."; + }; + + package = mkOption { + type = types.package; + default = pkgs.filebrowser; + defaultText = literalExpression "pkgs.filebrowser"; + description = "Filebrowser package to use."; + }; + }; + }; + + config = mkIf cfg.enable { + ids.uids = { + filebrowser = 327; + }; + + ids.gids = { + filebrowser = 327; + }; + + systemd.tmpfiles.rules = [ + "d '${dirOf cfg.settings.database}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.filebrowser = { + description = "Filebrowser"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${cfg.package}/bin/filebrowser --config ${settingsFormat.generate "filebrowser.json" cfg.settings}"; + Restart = "on-failure"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.settings.port ]; + }; + + users.users = mkIf (cfg.user == "filebrowser") { + filebrowser = { + group = cfg.group; + home = dirOf cfg.settings.database; + uid = config.ids.uids.filebrowser; + }; + }; + + users.groups = mkIf (cfg.group == "filebrowser") { + filebrowser.gid = config.ids.gids.filebrowser; + }; + }; +} diff --git a/shared/modules/prowlarr.nix b/shared/modules/prowlarr.nix new file mode 100644 index 0000000..d9db0b1 --- /dev/null +++ b/shared/modules/prowlarr.nix @@ -0,0 +1,65 @@ +{ config, pkgs, lib, ... }: +with lib; + +let + cfg = config.services.prowlarr; +in +{ + options = { + services.prowlarr = { + dataDir = mkOption { + type = types.str; + default = "/var/lib/prowlarr/.config/NzbDrone"; + description = lib.mdDoc "The directory where Prowlarr stores its data files."; + }; + + user = mkOption { + type = types.str; + default = "prowlarr"; + description = lib.mdDoc "User account under which Prowlarr runs."; + }; + + group = mkOption { + type = types.str; + default = "prowlarr"; + description = lib.mdDoc "Group under which Prowlarr runs."; + }; + }; + }; + + config = mkIf cfg.enable { + ids.uids = { + prowlarr = 328; + }; + + ids.gids = { + prowlarr = 328; + }; + + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.prowlarr = { + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${lib.getExe cfg.package} -nobrowser -data='${cfg.dataDir}'"; + Restart = "on-failure"; + }; + }; + + users.users = mkIf (cfg.user == "prowlarr") { + prowlarr = { + group = cfg.group; + home = cfg.dataDir; + uid = config.ids.uids.prowlarr; + }; + }; + + users.groups = mkIf (cfg.group == "prowlarr") { + prowlarr.gid = config.ids.gids.prowlarr; + }; + }; +} diff --git a/shared/programs/default.nix b/shared/programs/default.nix index 9c4661b..f3d0a2d 100644 --- a/shared/programs/default.nix +++ b/shared/programs/default.nix @@ -4,6 +4,7 @@ with lib; { imports = [ ./browser.nix + ./lutris.nix ./mail.nix ./password.nix ./steam.nix diff --git a/shared/programs/lutris.nix b/shared/programs/lutris.nix new file mode 100644 index 0000000..fe75603 --- /dev/null +++ b/shared/programs/lutris.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +let + cfg = config.personal.programs.lutris; + +in +{ + options = { + personal = { + programs = { + lutris = { + enable = mkEnableOption "Lutris"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + lutris + ]; + }; + }; +} diff --git a/shared/programs/mail.nix b/shared/programs/mail.nix index 6eda62f..75b04e2 100644 --- a/shared/programs/mail.nix +++ b/shared/programs/mail.nix @@ -19,6 +19,7 @@ in config = mkIf cfg.enable { environment = { systemPackages = with pkgs; [ + # betterbird mailspring ]; }; diff --git a/shared/services/acme.nix b/shared/services/acme.nix index c6a5bdd..93b943f 100644 --- a/shared/services/acme.nix +++ b/shared/services/acme.nix @@ -17,6 +17,22 @@ in }; config = mkIf cfg.enable { + ids.uids = { + acme = 400; + }; + + ids.gids = { + acme = 400; + }; + + users.users.acme = { + uid = config.ids.uids.acme; + }; + + users.groups.acme = { + gid = config.ids.gids.acme; + }; + security = { acme = { acceptTerms = true; diff --git a/shared/services/archive/bazarr.nix b/shared/services/archive/bazarr.nix new file mode 100644 index 0000000..c1b5543 --- /dev/null +++ b/shared/services/archive/bazarr.nix @@ -0,0 +1,20 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-bazarr = { + enable = true; + }; + }; + }; + + bazarr = { + enable = true; + user = "media"; + group = "users"; + }; + }; +} diff --git a/shared/services/archive/default.nix b/shared/services/archive/default.nix new file mode 100644 index 0000000..a1e79f4 --- /dev/null +++ b/shared/services/archive/default.nix @@ -0,0 +1,149 @@ +{ pkgs, lib, config, options, fetchurl, ... }: +with lib; + +let + cfg = config.personal.services.archive; + hostAddress = "192.168.100.30"; + containerAddress = "192.168.100.31"; + +in +{ + options = { + personal = { + services = { + archive = { + enable = mkEnableOption "Archive"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + system = { + activationScripts = { + makeArchiveDir = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/nextcloud/{server,postgres,redis,backups} + ''; + }; + }; + + containers = { + archive = { + autoStart = true; + privateNetwork = true; + ephemeral = true; + + hostAddress = hostAddress; + localAddress = localAddress; + + bindMounts = { + + + + "/var/lib/sabnzbd" = { + hostPath = "/var/lib/sabnzbd"; + isReadOnly = false; + }; + "/var/lib/radarr" = { + hostPath = "/var/lib/radarr"; + isReadOnly = false; + }; + "/var/lib/sonarr" = { + hostPath = "/var/lib/sonarr"; + isReadOnly = false; + }; + "/var/lib/lidarr" = { + hostPath = "/var/lib/lidarr"; + isReadOnly = false; + }; + "/var/lib/prowlarr" = { + hostPath = "/var/lib/prowlarr"; + isReadOnly = false; + }; + "/var/lib/bazarr" = { + hostPath = "/var/lib/bazarr"; + isReadOnly = false; + }; + "/var/lib/filebrowser" = { + hostPath = "/var/lib/filebrowser"; + isReadOnly = false; + }; + "/var/lib/music" = { + hostPath = "/var/lib/music"; + isReadOnly = false; + }; + + + + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + imports = [ + ./networking.nix + ./tmpfiles.nix + ./jellyfin.nix + ./jellyseer.nix + ./sabnzbd.nix + ./radarr.nix + ./sonarr.nix + ./lidarr.nix + ./prowlarr.nix + ./bazarr.nix + ./filebrowser.nix + ]; + }; + }; + }; + + personal = { + services = { + webserver = { + enable = true; + + hosts = [ + { + domain = "request.boerger.ws"; + proxy = "http://${containerAddress}:5055"; + } + { + domain = "jellyfin.boerger.ws"; + proxy = "http://${containerAddress}:8096"; + } + { + domain = "sabnzbd.boerger.ws"; + proxy = "http://${containerAddress}:8080"; + } + { + domain = "radarr.boerger.ws"; + proxy = "http://${containerAddress}:7878"; + } + { + domain = "sonarr.boerger.ws"; + proxy = "http://${containerAddress}:8989"; + } + { + domain = "lidarr.boerger.ws"; + proxy = "http://${containerAddress}:8686"; + } + { + domain = "bazarr.boerger.ws"; + proxy = "http://${containerAddress}:6767"; + } + { + domain = "prowlarr.boerger.ws"; + proxy = "http://${containerAddress}:9696"; + } + { + domain = "music.boerger.ws"; + proxy = "http://${containerAddress}:8080"; + } + ]; + }; + }; + }; + }; +} diff --git a/shared/services/archive/filebrowser.nix b/shared/services/archive/filebrowser.nix new file mode 100644 index 0000000..3af8328 --- /dev/null +++ b/shared/services/archive/filebrowser.nix @@ -0,0 +1,16 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + filebrowser = { + enable = true; + user = "media"; + group = "users"; + + settings = { + root = "/var/lib/music"; + }; + }; + }; +} diff --git a/shared/services/archive/jellyfin.nix b/shared/services/archive/jellyfin.nix new file mode 100644 index 0000000..0f7bd85 --- /dev/null +++ b/shared/services/archive/jellyfin.nix @@ -0,0 +1,12 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + jellyfin = { + enable = true; + user = "media"; + group = "users"; + }; + }; +} diff --git a/shared/services/archive/jellyseer.nix b/shared/services/archive/jellyseer.nix new file mode 100644 index 0000000..a800945 --- /dev/null +++ b/shared/services/archive/jellyseer.nix @@ -0,0 +1,10 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + jellyseerr = { + enable = true; + }; + }; +} diff --git a/shared/services/archive/lidarr.nix b/shared/services/archive/lidarr.nix new file mode 100644 index 0000000..cd8f8ac --- /dev/null +++ b/shared/services/archive/lidarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-lidarr = { + enable = true; + }; + }; + }; + + lidarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/lidarr"; + }; + }; +} diff --git a/shared/services/archive/networking.nix b/shared/services/archive/networking.nix new file mode 100644 index 0000000..fd1555e --- /dev/null +++ b/shared/services/archive/networking.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ + + ]; + }; + }; + + services = { + resolved = { + enable = true; + }; + }; +} diff --git a/shared/services/archive/prowlarr.nix b/shared/services/archive/prowlarr.nix new file mode 100644 index 0000000..e199955 --- /dev/null +++ b/shared/services/archive/prowlarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-prowlarr = { + enable = true; + }; + }; + }; + + prowlarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/prowlarr"; + }; + }; +} diff --git a/shared/services/archive/radarr.nix b/shared/services/archive/radarr.nix new file mode 100644 index 0000000..f1ce877 --- /dev/null +++ b/shared/services/archive/radarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-radarr = { + enable = true; + }; + }; + }; + + radarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/radarr"; + }; + }; +} diff --git a/shared/services/archive/sabnzbd.nix b/shared/services/archive/sabnzbd.nix new file mode 100644 index 0000000..622d37e --- /dev/null +++ b/shared/services/archive/sabnzbd.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + sabnzbd = { + enable = true; + user = "media"; + group = "users"; + configFile = "/var/lib/sabnzbd/sabnzbd.ini"; + }; + }; +} diff --git a/shared/services/archive/sonarr.nix b/shared/services/archive/sonarr.nix new file mode 100644 index 0000000..e224a18 --- /dev/null +++ b/shared/services/archive/sonarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-sonarr = { + enable = true; + }; + }; + }; + + sonarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/sonarr"; + }; + }; +} diff --git a/shared/services/archive/tmpfiles.nix b/shared/services/archive/tmpfiles.nix new file mode 100644 index 0000000..99c0d39 --- /dev/null +++ b/shared/services/archive/tmpfiles.nix @@ -0,0 +1,26 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + systemd = { + tmpfiles = { + rules = [ + + + + "d /var/lib/sabnzbd 0700 media users" + "d /var/lib/radarr 0700 media users" + "d /var/lib/sonarr 0700 media users" + "d /var/lib/lidarr 0700 media users" + "d /var/lib/prowlarr 0700 media users" + "d /var/lib/bazarr 0700 media users" + "d /var/lib/filebrowser 0700 media users" + + "d /var/lib/music 0700 media users" + + + + ]; + }; + }; +} diff --git a/shared/services/auth.nix b/shared/services/auth.nix index 8232bc4..c3f9558 100644 --- a/shared/services/auth.nix +++ b/shared/services/auth.nix @@ -3,6 +3,8 @@ with lib; let cfg = config.personal.services.auth; + hostAddress = "192.168.100.40"; + containerAddress = "192.168.100.41"; in { @@ -17,29 +19,119 @@ in }; config = mkIf cfg.enable { - services = { + networking.firewall = { + allowedTCPPorts = [ 636 ]; + }; - # TDB + containers = { + auth = { + autoStart = true; + privateNetwork = true; + ephemeral = true; - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; + hostAddress = hostAddress; + localAddress = containerAddress; - useACMEHost = "boerger.ws"; - forceSSL = true; + forwardPorts = [{ + protocol = "tcp"; + hostPort = 636; + containerPort = 636; + }]; + + bindMounts = { + "/var/lib/acme" = { + hostPath = "/var/lib/acme"; + isReadOnly = true; + }; + "/var/lib/kanidm" = { + hostPath = "/var/lib/kanidm"; + isReadOnly = false; + }; + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + systemd = { + tmpfiles = { + rules = [ "d /var/lib/kanidm 0700 kanidm kanidm" ]; }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; + }; + + environment = { + systemPackages = with pkgs; [ + sqlite + ]; + }; + + services = { + resolved = { + enable = true; + }; + + kanidm = { + enableServer = true; + + serverSettings = { + bindaddress = "0.0.0.0:8443"; + ldapbindaddress = "0.0.0.0:636"; + domain = "auth.boerger.ws"; + origin = "https://auth.boerger.ws"; + log_level = "info"; + tls_key = "/var/lib/acme/boerger.ws/key.pem"; + tls_chain = "/var/lib/acme/boerger.ws/fullchain.pem"; + }; + + enableClient = true; + + clientSettings = { + uri = "https://auth.boerger.ws"; }; }; - in - { - "auth.boerger.ws" = proxy 2342; }; + + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ 636 8443 ]; + }; + }; + + ids.uids = { + acme = 400; + }; + + ids.gids = { + acme = 400; + }; + + users = { + users = { + acme = { + home = "/var/lib/acme"; + group = "acme"; + isSystemUser = true; + uid = config.ids.uids.acme; + }; + + kanidm = { + extraGroups = [ + "acme" + ]; + }; + }; + }; + + users.groups = { + acme = { + gid = config.ids.gids.acme; + }; + }; + }; }; }; @@ -51,6 +143,13 @@ in webserver = { enable = true; + + hosts = [ + { + domain = "auth.boerger.ws"; + proxy = "https://${containerAddress}:8443"; + } + ]; }; }; }; diff --git a/shared/services/cloud.nix b/shared/services/cloud.nix deleted file mode 100644 index 6acb8c3..0000000 --- a/shared/services/cloud.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.cloud; - -in -{ - options = { - personal = { - services = { - cloud = { - enable = mkEnableOption "Cloud"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - nextcloud = { - enable = true; - hostName = "cloud.boerger.ws"; - webfinger = true; - https = true; - - # config = { - # overwriteProtocol = "https"; - # adminuser = "devops"; - # adminpassFile = ""; - # defaultPhoneRegion = "DE"; - # }; - - extraApps = { }; - }; - }; - }; -} diff --git a/shared/services/cloud/default.nix b/shared/services/cloud/default.nix new file mode 100644 index 0000000..00088f0 --- /dev/null +++ b/shared/services/cloud/default.nix @@ -0,0 +1,99 @@ +{ pkgs, lib, config, options, fetchurl, ... }: +with lib; + +let + cfg = config.personal.services.cloud; + hostAddress = "192.168.100.10"; + containerAddress = "192.168.100.11"; + +in +{ + options = { + personal = { + services = { + cloud = { + enable = mkEnableOption "Cloud"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + system = { + activationScripts = { + makeCloudDir = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/nextcloud/{server,postgres,redis,backups} + ''; + }; + }; + + containers = { + cloud = { + autoStart = true; + privateNetwork = true; + ephemeral = true; + + hostAddress = hostAddress; + localAddress = containerAddress; + + bindMounts = { + "/var/lib/nextcloud" = { + hostPath = "/var/lib/nextcloud-server"; + isReadOnly = false; + }; + "/var/lib/postgresql" = { + hostPath = "/var/lib/nextcloud-postgres"; + isReadOnly = false; + }; + "/var/lib/redis-nextcloud" = { + hostPath = "/var/lib/nextcloud-redis"; + isReadOnly = false; + }; + "/var/backups" = { + hostPath = "/var/lib/nextcloud-backups"; + isReadOnly = false; + }; + + "${config.age.secrets."services/cloud/password".path}" = { + isReadOnly = true; + }; + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + imports = [ + ./networking.nix + ./tmpfiles.nix + ./postgres.nix + ./redis.nix + ./nextcloud.nix + ]; + }; + }; + }; + + personal = { + services = { + webserver = { + enable = true; + + hosts = [ + { + domain = "cloud.boerger.ws"; + proxy = "http://${containerAddress}:80"; + } + ]; + }; + }; + }; + + age.secrets."services/cloud/password" = { + file = ../../../secrets/services/cloud/password.age; + owner = "999"; + group = "999"; + }; + }; +} diff --git a/shared/services/cloud/networking.nix b/shared/services/cloud/networking.nix new file mode 100644 index 0000000..f1fdf71 --- /dev/null +++ b/shared/services/cloud/networking.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ + 80 + ]; + }; + }; + + services = { + resolved = { + enable = true; + }; + }; +} diff --git a/shared/services/cloud/nextcloud.nix b/shared/services/cloud/nextcloud.nix new file mode 100644 index 0000000..9a8cc26 --- /dev/null +++ b/shared/services/cloud/nextcloud.nix @@ -0,0 +1,67 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + nextcloud = { + enable = true; + openFirewall = true; + user = "nextcloud"; + group = "nextcloud"; + url = "https://cloud.boerger.ws"; + username = "devops"; + passwordFile = "/run/agenix/services/cloud/password"; + }; + }; + }; + + nextcloud = { + enable = true; + + package = pkgs.nextcloud28; + + https = true; + hostName = "cloud.boerger.ws"; + + maxUploadSize = "1024M"; + + configureRedis = true; + webfinger = true; + extraAppsEnable = true; + + config = { + adminuser = "devops"; + adminpassFile = "/run/agenix/services/cloud/password"; + + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbuser = "nextcloud"; + dbname = "nextcloud"; + }; + + settings = { + trusted_proxies = [ ]; + + default_phone_region = "DE"; + overwriteProtocol = "https"; + + loglevel = 2; + logtype = "systemd"; + }; + + notify_push = { + enable = true; + }; + + autoUpdateApps = { + enable = true; + }; + + extraApps = { + inherit (pkgs.nextcloud28Packages.apps) calendar contacts cookbook groupfolders impersonate notify_push polls; + }; + }; + }; +} diff --git a/shared/services/cloud/postgres.nix b/shared/services/cloud/postgres.nix new file mode 100644 index 0000000..f536134 --- /dev/null +++ b/shared/services/cloud/postgres.nix @@ -0,0 +1,46 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + postgres = { + enable = true; + openFirewall = true; + runAsLocalSuperUser = true; + }; + }; + }; + + postgresql = { + enable = true; + + ensureDatabases = [ + "nextcloud" + ]; + + ensureUsers = [{ + name = "nextcloud"; + ensureDBOwnership = true; + }]; + }; + + postgresqlBackup = { + enable = true; + + databases = [ + "nextcloud" + ]; + }; + }; + + systemd = { + services = { + nextcloud-setup = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + }; + }; + }; +} diff --git a/shared/services/cloud/redis.nix b/shared/services/cloud/redis.nix new file mode 100644 index 0000000..8299e3f --- /dev/null +++ b/shared/services/cloud/redis.nix @@ -0,0 +1,25 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + redis = { + enable = true; + openFirewall = true; + }; + }; + }; + + redis = { + vmOverCommit = true; + + servers = { + nextcloud = { + port = 6379; + }; + }; + }; + }; +} diff --git a/shared/services/cloud/tmpfiles.nix b/shared/services/cloud/tmpfiles.nix new file mode 100644 index 0000000..e68b736 --- /dev/null +++ b/shared/services/cloud/tmpfiles.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + systemd = { + tmpfiles = { + rules = [ + "d /var/lib/postgresql 0750 postgres postgres" + "d /var/lib/redis 0750 redis-nextcloud redis-nextcloud" + ]; + }; + }; +} diff --git a/shared/services/default.nix b/shared/services/default.nix index 66afe9b..8d0b494 100644 --- a/shared/services/default.nix +++ b/shared/services/default.nix @@ -7,19 +7,18 @@ with lib; ./auth.nix ./desktop.nix ./docker.nix - ./gallery.nix ./hass.nix - ./haveged.nix ./homedns.nix ./libvirt.nix - ./media.nix ./minecraft.nix - ./openssh.nix ./printing.nix ./shares.nix ./tailscale.nix - ./timesyncd.nix ./webserver.nix + + ./archive + ./cloud + ./gallery ]; options = { diff --git a/shared/services/desktop.nix b/shared/services/desktop.nix index c44455f..ef6d719 100644 --- a/shared/services/desktop.nix +++ b/shared/services/desktop.nix @@ -57,7 +57,7 @@ in }; hardware = { - opengl = { + graphics = { enable = true; }; @@ -110,6 +110,7 @@ in # - org.gnome.Lollypop # - org.gnome.TextEditor # - org.gnome.Totem + # - org.gnome.Geary services = { # gnome = { @@ -165,23 +166,26 @@ in enable = true; }; + libinput = { + enable = true; + + touchpad = { + disableWhileTyping = false; + tapping = true; + tappingDragLock = false; + middleEmulation = true; + naturalScrolling = true; + scrollMethod = "twofinger"; + }; + }; + xserver = { enable = true; autorun = true; - layout = "de"; - xkbOptions = "eurosign:e"; - libinput = { - enable = true; - - touchpad = { - disableWhileTyping = false; - tapping = true; - tappingDragLock = false; - middleEmulation = true; - naturalScrolling = true; - scrollMethod = "twofinger"; - }; + xkb = { + options = "eurosign:e"; + layout = "de"; }; displayManager = { diff --git a/shared/services/docker.nix b/shared/services/docker.nix index 4fd1974..45558e8 100644 --- a/shared/services/docker.nix +++ b/shared/services/docker.nix @@ -17,6 +17,12 @@ in }; config = mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + lazydocker + ]; + }; + virtualisation = { docker = { enable = true; @@ -26,6 +32,10 @@ in dates = "weekly"; }; }; + + oci-containers = { + backend = "docker"; + }; }; }; } diff --git a/shared/services/gallery.nix b/shared/services/gallery.nix deleted file mode 100644 index ab40518..0000000 --- a/shared/services/gallery.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.gallery; - -in -{ - options = { - personal = { - services = { - gallery = { - enable = mkEnableOption "Gallery"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - # photoprism = { - # enable = true; - - # settings = { }; - # }; - - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; - - useACMEHost = "boerger.ws"; - forceSSL = true; - }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; - }; - }; - in - { - "gallery.boerger.ws" = proxy 2342; - }; - }; - }; - - personal = { - services = { - acme = { - enable = true; - }; - - webserver = { - enable = true; - }; - }; - }; - }; -} diff --git a/shared/services/gallery/default.nix b/shared/services/gallery/default.nix new file mode 100644 index 0000000..dabd8a7 --- /dev/null +++ b/shared/services/gallery/default.nix @@ -0,0 +1,91 @@ +{ pkgs, lib, config, options, fetchurl, ... }: +with lib; + +let + cfg = config.personal.services.gallery; + hostAddress = "192.168.100.20"; + containerAddress = "192.168.100.21"; + +in +{ + options = { + personal = { + services = { + gallery = { + enable = mkEnableOption "Gallery"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + system = { + activationScripts = { + makeGalleryDir = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/photoprism /var/lib/photos /var/lib/videos + ''; + }; + }; + + containers = { + gallery = { + autoStart = true; + privateNetwork = true; + ephemeral = true; + + hostAddress = hostAddress; + localAddress = containerAddress; + + bindMounts = { + "/var/lib/photoprism" = { + hostPath = "/var/lib/photoprism"; + isReadOnly = false; + }; + "/var/lib/originals/photos" = { + hostPath = "/var/lib/photos"; + isReadOnly = false; + }; + "/var/lib/originals/videos" = { + hostPath = "/var/lib/videos"; + isReadOnly = false; + }; + + "${config.age.secrets."services/gallery/password".path}" = { + isReadOnly = true; + }; + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + imports = [ + ./networking.nix + ./tmpfiles.nix + ./photoprism.nix + ]; + }; + }; + }; + + personal = { + services = { + webserver = { + enable = true; + + hosts = [ + { + domain = "gallery.boerger.ws"; + proxy = "http://${containerAddress}:2342"; + } + ]; + }; + }; + }; + + age.secrets."services/gallery/password" = { + file = ../../../secrets/services/gallery/password.age; + }; + }; +} diff --git a/shared/services/gallery/networking.nix b/shared/services/gallery/networking.nix new file mode 100644 index 0000000..a7e196d --- /dev/null +++ b/shared/services/gallery/networking.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ + 2342 + ]; + }; + }; + + services = { + resolved = { + enable = true; + }; + }; +} diff --git a/shared/services/gallery/photoprism.nix b/shared/services/gallery/photoprism.nix new file mode 100644 index 0000000..17ac771 --- /dev/null +++ b/shared/services/gallery/photoprism.nix @@ -0,0 +1,54 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + photoprism = { + enable = true; + address = "0.0.0.0"; + storagePath = "/var/lib/photoprism"; + originalsPath = "/var/lib/originals"; + + passwordFile = "/run/agenix/services/gallery/password"; + + settings = { + PHOTOPRISM_ADMIN_USER = "devops"; + + PHOTOPRISM_SITE_URL = "https://gallery.boerger.ws"; + PHOTOPRISM_SITE_AUTHOR = "Thomas Boerger"; + PHOTOPRISM_SITE_TITLE = "Boergers"; + PHOTOPRISM_SITE_CAPTION = "Everything totally uncensored"; + PHOTOPRISM_SITE_DESCRIPTION = "Family photos and videos of the Boergers"; + + PHOTOPRISM_WORKERS = "4"; + PHOTOPRISM_EXPERIMENTAL = "true"; + PHOTOPRISM_DETECT_NSFW = "false"; + PHOTOPRISM_UPLOAD_NSFW = "true"; + }; + }; + }; + + systemd = { + services = { + photoprism = { + serviceConfig = { + DynamicUser = mkForce false; + }; + }; + }; + }; + + users = { + users = { + photoprism = { + home = "/var/lib/photoprism"; + group = "photoprism"; + isSystemUser = true; + }; + }; + + groups = { + photoprism = { }; + }; + }; +} diff --git a/shared/services/gallery/tmpfiles.nix b/shared/services/gallery/tmpfiles.nix new file mode 100644 index 0000000..3ed0fdd --- /dev/null +++ b/shared/services/gallery/tmpfiles.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + systemd = { + tmpfiles = { + rules = [ + "d /var/lib/photoprism 0700 photoprism photoprism" + "d /var/lib/originals 0700 photoprism photoprism" + ]; + }; + }; +} diff --git a/shared/services/haveged.nix b/shared/services/haveged.nix deleted file mode 100644 index 323ef94..0000000 --- a/shared/services/haveged.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.personal.services.haveged; - -in -{ - options = { - personal = { - services = { - haveged = { - enable = mkEnableOption "Haveged" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - haveged = { - enable = true; - }; - }; - }; -} diff --git a/shared/services/libvirt.nix b/shared/services/libvirt.nix index 22565ef..447f287 100644 --- a/shared/services/libvirt.nix +++ b/shared/services/libvirt.nix @@ -17,6 +17,15 @@ in }; config = mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + cdrkit + cloud-utils + guestfs-tools + virt-viewer + ]; + }; + virtualisation = { libvirtd = { enable = true; diff --git a/shared/services/media.nix b/shared/services/media.nix deleted file mode 100644 index 001921e..0000000 --- a/shared/services/media.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.media; - -in -{ - options = { - personal = { - services = { - media = { - enable = mkEnableOption "Media"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - - # TDB - - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; - - useACMEHost = "boerger.ws"; - forceSSL = true; - }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; - }; - }; - in - { - "sabnzbd.boerger.ws" = proxy 2342; - "jellyfin.boerger.ws" = proxy 2342; - "request.boerger.ws" = proxy 2342; - "sonarr.boerger.ws" = proxy 2342; - "radarr.boerger.ws" = proxy 2342; - "prowlarr.boerger.ws" = proxy 2342; - "lidarr.boerger.ws" = proxy 2342; - "bazarr.boerger.ws" = proxy 2342; - "music.boerger.ws" = proxy 2342; - }; - }; - }; - - personal = { - services = { - acme = { - enable = true; - }; - - webserver = { - enable = true; - }; - }; - }; - }; -} diff --git a/shared/services/minecraft.nix b/shared/services/minecraft.nix index 2115878..fd20876 100644 --- a/shared/services/minecraft.nix +++ b/shared/services/minecraft.nix @@ -10,47 +10,60 @@ in personal = { services = { minecraft = { - enable = mkEnableOption "Media"; + enable = mkEnableOption "Minecraft"; }; }; }; }; config = mkIf cfg.enable { - services = { + networking = { + firewall = { + allowedTCPPorts = [ 25565 ]; + }; + }; - # TDB + virtualisation = { + oci-containers = { + containers = { + minecraft-boergers = { + hostname = "minecraft"; + image = "ghcr.io/crafthippie/boergers:1.1.2"; + autoStart = true; + workdir = "/var/lib/minecraft/boergers"; - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; - - useACMEHost = "boerger.ws"; - forceSSL = true; + environment = { + MINECRAFT_DIFFICULTY = "1"; + MINECRAFT_MAX_PLAYERS = "20"; + MINECRAFT_MAXHEAP = "4096M"; + MINECRAFT_MOTD = "Welcome to the Boergers"; + MINECRAFT_WHITE_LIST = "true"; }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; - }; - }; - in - { - "minecraft.boerger.ws" = proxy 2342; + + ports = [ + "25565:25565" + "127.0.0.1:8123:8123" + ]; + + volumes = [ + "/var/lib/minecraft/boergers:/var/lib/minecraft" + ]; }; + }; }; }; personal = { services = { - acme = { - enable = true; - }; - webserver = { enable = true; + + hosts = [ + { + domain = "minecraft.boerger.ws"; + proxy = "http://localhost:8123"; + } + ]; }; }; }; diff --git a/shared/services/shares.nix b/shared/services/shares.nix index 461d719..fd2fb97 100644 --- a/shared/services/shares.nix +++ b/shared/services/shares.nix @@ -26,7 +26,7 @@ in isSystemUser = true; group = "media"; home = "/var/lib/media"; - hashedPasswordFile = config.age.secrets."services/shares/media".path; + hashedPasswordFile = config.age.secrets."users/media/password".path; }; printer = { uid = 20001; @@ -35,7 +35,7 @@ in isSystemUser = true; group = "printer"; home = "/var/lib/printer"; - hashedPasswordFile = config.age.secrets."services/shares/printer".path; + hashedPasswordFile = config.age.secrets."users/printer/password".path; }; }; @@ -130,12 +130,12 @@ in }; }; - age.secrets."services/shares/printer" = { - file = ../../secrets/services/shares/printer.age; + age.secrets."users/media/password" = { + file = ../../secrets/users/media/password.age; }; - age.secrets."services/shares/media" = { - file = ../../secrets/services/shares/media.age; + age.secrets."users/printer/password" = { + file = ../../secrets/users/printer/password.age; }; }; } diff --git a/shared/services/timesyncd.nix b/shared/services/timesyncd.nix deleted file mode 100644 index a0d5780..0000000 --- a/shared/services/timesyncd.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.personal.services.timesyncd; - -in -{ - options = { - personal = { - services = { - timesyncd = { - enable = mkEnableOption "Timesyncd" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - timesyncd = { - enable = true; - }; - }; - }; -} diff --git a/shared/services/webserver.nix b/shared/services/webserver.nix index 23c2637..2559428 100644 --- a/shared/services/webserver.nix +++ b/shared/services/webserver.nix @@ -66,6 +66,10 @@ in }; config = mkIf cfg.enable { + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + }; + services = { nginx = { enable = true; @@ -119,8 +123,12 @@ in }; }; - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; + personal = { + services = { + acme = { + enable = true; + }; + }; }; }; }