From 221c398a5f600853bed27989bfac0c05a95610be Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Wed, 17 Jul 2024 16:05:33 +0200 Subject: [PATCH] feat: integrate most required services --- .gitignore | 2 - desktops/anubis/default.nix | 16 +- desktops/anubis/networking.nix | 7 + desktops/chnum/default.nix | 16 +- desktops/chnum/networking.nix | 7 + flake.lock | 69 ++---- flake.nix | 57 +++-- home/adrian/desktop/gnome.nix | 121 +++++++++- home/anna/desktop/gnome.nix | 121 +++++++++- home/shared/global/default.nix | 38 +--- home/shared/global/dircolors.nix | 196 ++++++++++++++++ home/shared/global/direnv.nix | 15 ++ home/shared/global/fzf.nix | 10 + home/shared/global/general.nix | 26 +++ home/shared/global/lsd.nix | 10 + home/shared/global/neovim.nix | 138 +++++++++++ home/shared/global/readline.nix | 14 ++ home/shared/global/starship.nix | 23 ++ home/shared/global/tmux.nix | 14 ++ home/shared/programs/{yed.nix => citrix.nix} | 8 +- home/shared/programs/default.nix | 13 +- home/shared/programs/develop.nix | 3 + home/shared/programs/dircolors.nix | 215 ------------------ home/shared/programs/direnv.nix | 34 --- home/shared/programs/fzf.nix | 29 --- .../programs/{authy.nix => graphics.nix} | 8 +- home/shared/programs/lsd.nix | 29 --- home/shared/programs/messages.nix | 4 + home/shared/programs/minecraft.nix | 1 - home/shared/programs/neovim.nix | 157 ------------- home/shared/programs/readline.nix | 33 --- home/shared/programs/starship.nix | 42 ---- home/shared/programs/streaming.nix | 26 +++ home/shared/programs/terminal.nix | 2 + home/shared/programs/tmux.nix | 33 --- home/tabea/desktop/gnome.nix | 121 +++++++++- home/thomas/default.nix | 152 ++++++++++--- home/thomas/desktop/gnome.nix | 85 ++++--- home/thomas/desktop/i3.nix | 7 - home/thomas/programs/autorandr.nix | 34 +++ home/thomas/programs/default.nix | 2 +- home/thomas/programs/git.nix | 10 +- home/thomas/programs/github.nix | 14 +- home/thomas/programs/gopass.nix | 8 - home/thomas/programs/minio.nix | 14 +- home/thomas/programs/netrc.nix | 14 +- home/thomas/programs/shell.nix | 108 --------- home/thomas/programs/vscode.nix | 6 +- home/thomas/secrets/gh.age | 10 - home/thomas/secrets/github.age | 8 + home/thomas/secrets/minio.age | Bin 3745 -> 1394 bytes home/thomas/secrets/netrc.age | 21 +- overlays/default.nix | 25 +- overlays/gh-dash/default.nix | 6 +- overlays/gh-markdown-preview/default.nix | 4 +- overlays/gh-poi/default.nix | 4 +- overlays/khelm/default.nix | 6 +- overlays/ksops/default.nix | 6 +- overlays/kubectl-deprecations/default.nix | 29 +++ overlays/kubectl-moco/default.nix | 25 ++ overlays/kubectl-outdated/default.nix | 29 +++ overlays/kubectl-pod-lens/default.nix | 29 +++ overlays/kubectl-rakkess/default.nix | 29 +++ overlays/kubectl-realname-diff/default.nix | 6 +- overlays/kubectl-rolesum/default.nix | 25 ++ overlays/kubectl-view-secret/default.nix | 6 +- overlays/kubectl-who-can/default.nix | 29 +++ secrets/secrets.nix | 9 +- secrets/services/acme/credentials.age | Bin 526 -> 526 bytes secrets/services/cloud/password.age | 9 + secrets/services/gallery/password.age | Bin 0 -> 447 bytes secrets/services/shares/media.age | Bin 506 -> 0 bytes secrets/services/shares/printer.age | Bin 506 -> 0 bytes secrets/services/tailscale/authkey.age | 17 +- secrets/users/adrian/password.age | 16 +- secrets/users/anna/password.age | Bin 539 -> 506 bytes secrets/users/media/password.age | 10 + secrets/users/printer/password.age | 9 + secrets/users/root/password.age | Bin 539 -> 506 bytes secrets/users/tabea/password.age | Bin 539 -> 506 bytes secrets/users/thomas/password.age | 17 +- servers/vanaheim/default.nix | 11 +- servers/vanaheim/disko.nix | 24 +- servers/vanaheim/networking.nix | 7 + shared/global/default.nix | 15 ++ .../global.nix => global/general.nix} | 0 shared/global/haveged.nix | 12 + shared/{modules => global}/network.nix | 0 shared/{modules => global}/nixpkgs.nix | 0 shared/{services => global}/openssh.nix | 18 +- shared/{modules => global}/shells.nix | 0 shared/{modules => global}/sudo.nix | 0 shared/global/timesyncd.nix | 12 + shared/{modules => global}/users.nix | 0 shared/modules/default.nix | 8 +- shared/modules/filebrowser.nix | 98 ++++++++ shared/modules/prowlarr.nix | 65 ++++++ shared/programs/default.nix | 1 + shared/programs/lutris.nix | 26 +++ shared/programs/mail.nix | 1 + shared/services/acme.nix | 16 ++ shared/services/archive/bazarr.nix | 20 ++ shared/services/archive/default.nix | 149 ++++++++++++ shared/services/archive/filebrowser.nix | 16 ++ shared/services/archive/jellyfin.nix | 12 + shared/services/archive/jellyseer.nix | 10 + shared/services/archive/lidarr.nix | 21 ++ shared/services/archive/networking.nix | 21 ++ shared/services/archive/prowlarr.nix | 21 ++ shared/services/archive/radarr.nix | 21 ++ shared/services/archive/sabnzbd.nix | 13 ++ shared/services/archive/sonarr.nix | 21 ++ shared/services/archive/tmpfiles.nix | 26 +++ shared/services/auth.nix | 131 +++++++++-- shared/services/cloud.nix | 38 ---- shared/services/cloud/default.nix | 99 ++++++++ shared/services/cloud/networking.nix | 21 ++ shared/services/cloud/nextcloud.nix | 67 ++++++ shared/services/cloud/postgres.nix | 46 ++++ shared/services/cloud/redis.nix | 25 ++ shared/services/cloud/tmpfiles.nix | 13 ++ shared/services/default.nix | 9 +- shared/services/desktop.nix | 32 +-- shared/services/docker.nix | 10 + shared/services/gallery.nix | 61 ----- shared/services/gallery/default.nix | 91 ++++++++ shared/services/gallery/networking.nix | 21 ++ shared/services/gallery/photoprism.nix | 54 +++++ shared/services/gallery/tmpfiles.nix | 13 ++ shared/services/haveged.nix | 28 --- shared/services/libvirt.nix | 9 + shared/services/media.nix | 66 ------ shared/services/minecraft.nix | 61 +++-- shared/services/shares.nix | 12 +- shared/services/timesyncd.nix | 28 --- shared/services/webserver.nix | 12 +- 136 files changed, 2786 insertions(+), 1322 deletions(-) create mode 100644 home/shared/global/dircolors.nix create mode 100644 home/shared/global/direnv.nix create mode 100644 home/shared/global/fzf.nix create mode 100644 home/shared/global/general.nix create mode 100644 home/shared/global/lsd.nix create mode 100644 home/shared/global/neovim.nix create mode 100644 home/shared/global/readline.nix create mode 100644 home/shared/global/starship.nix create mode 100644 home/shared/global/tmux.nix rename home/shared/programs/{yed.nix => citrix.nix} (64%) delete mode 100644 home/shared/programs/dircolors.nix delete mode 100644 home/shared/programs/direnv.nix delete mode 100644 home/shared/programs/fzf.nix rename home/shared/programs/{authy.nix => graphics.nix} (65%) delete mode 100644 home/shared/programs/lsd.nix delete mode 100644 home/shared/programs/neovim.nix delete mode 100644 home/shared/programs/readline.nix delete mode 100644 home/shared/programs/starship.nix create mode 100644 home/shared/programs/streaming.nix delete mode 100644 home/shared/programs/tmux.nix create mode 100644 home/thomas/programs/autorandr.nix delete mode 100644 home/thomas/programs/shell.nix delete mode 100644 home/thomas/secrets/gh.age create mode 100644 home/thomas/secrets/github.age create mode 100644 overlays/kubectl-deprecations/default.nix create mode 100644 overlays/kubectl-moco/default.nix create mode 100644 overlays/kubectl-outdated/default.nix create mode 100644 overlays/kubectl-pod-lens/default.nix create mode 100644 overlays/kubectl-rakkess/default.nix create mode 100644 overlays/kubectl-rolesum/default.nix create mode 100644 overlays/kubectl-who-can/default.nix create mode 100644 secrets/services/cloud/password.age create mode 100644 secrets/services/gallery/password.age delete mode 100644 secrets/services/shares/media.age delete mode 100644 secrets/services/shares/printer.age create mode 100644 secrets/users/media/password.age create mode 100644 secrets/users/printer/password.age create mode 100644 shared/global/default.nix rename shared/{modules/global.nix => global/general.nix} (100%) create mode 100644 shared/global/haveged.nix rename shared/{modules => global}/network.nix (100%) rename shared/{modules => global}/nixpkgs.nix (100%) rename shared/{services => global}/openssh.nix (74%) rename shared/{modules => global}/shells.nix (100%) rename shared/{modules => global}/sudo.nix (100%) create mode 100644 shared/global/timesyncd.nix rename shared/{modules => global}/users.nix (100%) create mode 100644 shared/modules/filebrowser.nix create mode 100644 shared/modules/prowlarr.nix create mode 100644 shared/programs/lutris.nix create mode 100644 shared/services/archive/bazarr.nix create mode 100644 shared/services/archive/default.nix create mode 100644 shared/services/archive/filebrowser.nix create mode 100644 shared/services/archive/jellyfin.nix create mode 100644 shared/services/archive/jellyseer.nix create mode 100644 shared/services/archive/lidarr.nix create mode 100644 shared/services/archive/networking.nix create mode 100644 shared/services/archive/prowlarr.nix create mode 100644 shared/services/archive/radarr.nix create mode 100644 shared/services/archive/sabnzbd.nix create mode 100644 shared/services/archive/sonarr.nix create mode 100644 shared/services/archive/tmpfiles.nix delete mode 100644 shared/services/cloud.nix create mode 100644 shared/services/cloud/default.nix create mode 100644 shared/services/cloud/networking.nix create mode 100644 shared/services/cloud/nextcloud.nix create mode 100644 shared/services/cloud/postgres.nix create mode 100644 shared/services/cloud/redis.nix create mode 100644 shared/services/cloud/tmpfiles.nix delete mode 100644 shared/services/gallery.nix create mode 100644 shared/services/gallery/default.nix create mode 100644 shared/services/gallery/networking.nix create mode 100644 shared/services/gallery/photoprism.nix create mode 100644 shared/services/gallery/tmpfiles.nix delete mode 100644 shared/services/haveged.nix delete mode 100644 shared/services/media.nix delete mode 100644 shared/services/timesyncd.nix diff --git a/.gitignore b/.gitignore index 7424c8d..e57d8e4 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,2 @@ /result - .direnv -!.envrc diff --git a/desktops/anubis/default.nix b/desktops/anubis/default.nix index 02ffde0..d591a03 100644 --- a/desktops/anubis/default.nix +++ b/desktops/anubis/default.nix @@ -3,6 +3,7 @@ { imports = [ ../../shared/modules + ../../shared/global ../../shared/programs ../../shared/services @@ -25,27 +26,30 @@ libvirt = { enable = config.personal.services.enable; }; - tailscale = { + printing = { enable = config.personal.services.enable; }; - printing = { + tailscale = { enable = config.personal.services.enable; }; }; programs = { - mail = { - enable = config.personal.programs.enable; - }; browser = { enable = config.personal.programs.enable; }; - steam = { + lutris = { + enable = config.personal.programs.enable; + }; + mail = { enable = config.personal.programs.enable; }; password = { enable = config.personal.programs.enable; }; + steam = { + enable = config.personal.programs.enable; + }; }; }; diff --git a/desktops/anubis/networking.nix b/desktops/anubis/networking.nix index b410747..6270af6 100644 --- a/desktops/anubis/networking.nix +++ b/desktops/anubis/networking.nix @@ -7,5 +7,12 @@ networkmanager = { enable = true; }; + + # nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-+" ]; + # externalInterface = ""; + # }; }; } diff --git a/desktops/chnum/default.nix b/desktops/chnum/default.nix index 02ffde0..d591a03 100644 --- a/desktops/chnum/default.nix +++ b/desktops/chnum/default.nix @@ -3,6 +3,7 @@ { imports = [ ../../shared/modules + ../../shared/global ../../shared/programs ../../shared/services @@ -25,27 +26,30 @@ libvirt = { enable = config.personal.services.enable; }; - tailscale = { + printing = { enable = config.personal.services.enable; }; - printing = { + tailscale = { enable = config.personal.services.enable; }; }; programs = { - mail = { - enable = config.personal.programs.enable; - }; browser = { enable = config.personal.programs.enable; }; - steam = { + lutris = { + enable = config.personal.programs.enable; + }; + mail = { enable = config.personal.programs.enable; }; password = { enable = config.personal.programs.enable; }; + steam = { + enable = config.personal.programs.enable; + }; }; }; diff --git a/desktops/chnum/networking.nix b/desktops/chnum/networking.nix index c65ed10..2e3efd0 100644 --- a/desktops/chnum/networking.nix +++ b/desktops/chnum/networking.nix @@ -7,5 +7,12 @@ networkmanager = { enable = true; }; + + # nat = { + # enable = true; + # enableIPv6 = true; + # internalInterfaces = [ "ve-+" ]; + # externalInterface = "enp0s25"; + # }; }; } diff --git a/flake.lock b/flake.lock index 3f3716c..eccfb56 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1703433843, - "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=", + "lastModified": 1720546205, + "narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "owner": "ryantm", "repo": "agenix", - "rev": "417caa847f9383e111d1397039c9d4337d024bf0", + "rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "type": "github" }, "original": { @@ -52,11 +52,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1704875591, - "narHash": "sha256-eWRLbqRcrILgztU/m/k7CYLzETKNbv0OsT2GjkaNm8A=", + "lastModified": 1718194053, + "narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=", "owner": "serokell", "repo": "deploy-rs", - "rev": "1776009f1f3fb2b5d236b84d9815f2edee463a9b", + "rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a", "type": "github" }, "original": { @@ -71,11 +71,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1705332421, - "narHash": "sha256-USpGLPme1IuqG78JNqSaRabilwkCyHmVWY0M9vYyqEA=", + "lastModified": 1717408969, + "narHash": "sha256-Q0OEFqe35fZbbRPPRdrjTUUChKVhhWXz3T9ZSKmaoVY=", "owner": "numtide", "repo": "devshell", - "rev": "83cb93d6d063ad290beee669f4badf9914cc16ec", + "rev": "1ebbe68d57457c8cae98145410b164b5477761f4", "type": "github" }, "original": { @@ -91,11 +91,11 @@ ] }, "locked": { - "lastModified": 1706491084, - "narHash": "sha256-eaEv+orTmr2arXpoE4aFZQMVPOYXCBEbLgK22kOtkhs=", + "lastModified": 1719733833, + "narHash": "sha256-6h2EqZU9bL9rHlXE+2LCBgnDImejzbS+4dYsNDDFlkY=", "owner": "nix-community", "repo": "disko", - "rev": "f67ba6552845ea5d7f596a24d57c33a8a9dc8de9", + "rev": "d185770ea261fb5cf81aa5ad1791b93a7834d12c", "type": "github" }, "original": { @@ -140,11 +140,11 @@ }, "hardware": { "locked": { - "lastModified": 1706182238, - "narHash": "sha256-Ti7CerGydU7xyrP/ow85lHsOpf+XMx98kQnPoQCSi1g=", + "lastModified": 1719681865, + "narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "f84eaffc35d1a655e84749228cde19922fcf55f1", + "rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", "type": "github" }, "original": { @@ -174,26 +174,6 @@ "type": "github" } }, - "homeage": { - "inputs": { - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1669234151, - "narHash": "sha256-TwT87E3m2TZLgwYJESlype14HxUOrRGojPM5C2akrMg=", - "owner": "jordanisaacs", - "repo": "homeage", - "rev": "02bfe4ca06962d222e522fff0240c93946b20278", - "type": "github" - }, - "original": { - "owner": "jordanisaacs", - "repo": "homeage", - "type": "github" - } - }, "homemanager": { "inputs": { "nixpkgs": [ @@ -201,11 +181,11 @@ ] }, "locked": { - "lastModified": 1706473109, - "narHash": "sha256-iyuAvpKTsq2u23Cr07RcV5XlfKExrG8gRpF75hf1uVc=", + "lastModified": 1719827439, + "narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=", "owner": "nix-community", "repo": "home-manager", - "rev": "d634c3abafa454551f2083b054cd95c3f287be61", + "rev": "59ce796b2563e19821361abbe2067c3bb4143a7d", "type": "github" }, "original": { @@ -248,11 +228,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1706371002, - "narHash": "sha256-dwuorKimqSYgyu8Cw6ncKhyQjUDOyuXoxDTVmAXq88s=", + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c002c6aa977ad22c60398daaa9be52f2203d0006", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", "type": "github" }, "original": { @@ -269,7 +249,6 @@ "devshell": "devshell", "disko": "disko", "hardware": "hardware", - "homeage": "homeage", "homemanager": "homemanager", "nixpkgs": "nixpkgs_3", "utils": "utils_2" @@ -358,11 +337,11 @@ "systems": "systems_4" }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 94f7161..4f36f38 100644 --- a/flake.nix +++ b/flake.nix @@ -28,11 +28,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - homeage = { - url = "github:jordanisaacs/homeage"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - agenix = { url = "github:ryantm/agenix"; inputs.nixpkgs.follows = "nixpkgs"; @@ -43,7 +38,7 @@ }; }; - outputs = { self, nixpkgs, utils, devshell, deploy-rs, disko, homemanager, homeage, agenix, hardware, ... }@inputs: + outputs = { self, nixpkgs, utils, devshell, deploy-rs, disko, homemanager, agenix, hardware, ... }@inputs: let inherit (self) outputs; @@ -100,25 +95,25 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; anna = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/anna ]; }; adrian = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/adrian ]; }; tabea = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/tabea ]; }; @@ -146,25 +141,25 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; anna = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/anna ]; }; adrian = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/adrian ]; }; tabea = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/tabea ]; }; @@ -189,7 +184,7 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; @@ -214,7 +209,7 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; @@ -239,7 +234,7 @@ users = { thomas = { imports = [ - homeage.homeManagerModules.homeage + agenix.homeManagerModules.default ./home/thomas ]; }; @@ -264,7 +259,7 @@ # users = { # thomas = { # imports = [ - # homeage.homeManagerModules.homeage + # agenix.homeManagerModules.default # ./home/thomas # ]; # }; @@ -276,6 +271,30 @@ deploy = { nodes = { + anubis = { + sshOpts = [ "-p" "22" ]; + hostname = "anubis"; + fastConnection = true; + profiles = { + system = { + sshUser = "thomas"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.anubis; + user = "root"; + }; + }; + }; + chnum = { + sshOpts = [ "-p" "22" ]; + hostname = "chnum"; + fastConnection = true; + profiles = { + system = { + sshUser = "thomas"; + path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.chnum; + user = "root"; + }; + }; + }; asgard = { sshOpts = [ "-p" "22" ]; hostname = "asgard.boerger.ws"; @@ -368,11 +387,11 @@ packages = with pkgs; [ inputs.agenix.packages.${system}.default inputs.deploy-rs.packages.${system}.default + git gnumake home-manager nixpkgs-fmt - nixUnstable rage ]; }; diff --git a/home/adrian/desktop/gnome.nix b/home/adrian/desktop/gnome.nix index 15f82c1..da745c7 100644 --- a/home/adrian/desktop/gnome.nix +++ b/home/adrian/desktop/gnome.nix @@ -19,22 +19,28 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + xclip gnome.adwaita-icon-theme + + gnomeExtensions.alphabetical-app-grid + gnomeExtensions.calc + gnomeExtensions.custom-hot-corners-extended gnomeExtensions.espresso + gnomeExtensions.vitals ]; }; dconf = { settings = { - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - "org/gnome/desktop/input-sources" = { sources = [ (lib.hm.gvariant.mkTuple [ "xkb" "de" ]) ]; xkb-options = [ "eurosign:e" ]; }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { clock-show-weekday = true; show-battery-percentage = true; @@ -49,6 +55,25 @@ in button-layout = "appmenu:minimize,maximize,close"; }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + + "org/gnome/desktop/privacy" = { + old-files-age = lib.hm.gvariant.mkUint32 1; + remember-recent-files = false; + remove-old-temp-files = true; + remove-old-trash-files = true; + report-technical-problems = false; + }; + + "org/gnome/settings-daemon/peripherals/touchpad" = { + natural-scroll = true; + disable-while-typing = false; + tap-to-click = true; + touchpad-enabled = true; + }; + "org/gnome/mutter" = { attach-modal-dialogs = true; dynamic-workspaces = true; @@ -58,8 +83,17 @@ in }; "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Calendar.desktop" + "org.gnome.Nautilus.desktop" + ]; + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" + "calc@danigm.wadobo.com" + "custom-hot-corners-extended@G-dH.github.com" "espresso@coadmunkee.github.com" + "Vitals@CoreCoding.com" ]; }; @@ -67,6 +101,85 @@ in has-battery = true; }; + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { + show-osd-monitor-indexes = false; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-right-0" = { + action = "toggle-overview"; + }; + "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/anna/desktop/gnome.nix b/home/anna/desktop/gnome.nix index 15f82c1..da745c7 100644 --- a/home/anna/desktop/gnome.nix +++ b/home/anna/desktop/gnome.nix @@ -19,22 +19,28 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + xclip gnome.adwaita-icon-theme + + gnomeExtensions.alphabetical-app-grid + gnomeExtensions.calc + gnomeExtensions.custom-hot-corners-extended gnomeExtensions.espresso + gnomeExtensions.vitals ]; }; dconf = { settings = { - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - "org/gnome/desktop/input-sources" = { sources = [ (lib.hm.gvariant.mkTuple [ "xkb" "de" ]) ]; xkb-options = [ "eurosign:e" ]; }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { clock-show-weekday = true; show-battery-percentage = true; @@ -49,6 +55,25 @@ in button-layout = "appmenu:minimize,maximize,close"; }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + + "org/gnome/desktop/privacy" = { + old-files-age = lib.hm.gvariant.mkUint32 1; + remember-recent-files = false; + remove-old-temp-files = true; + remove-old-trash-files = true; + report-technical-problems = false; + }; + + "org/gnome/settings-daemon/peripherals/touchpad" = { + natural-scroll = true; + disable-while-typing = false; + tap-to-click = true; + touchpad-enabled = true; + }; + "org/gnome/mutter" = { attach-modal-dialogs = true; dynamic-workspaces = true; @@ -58,8 +83,17 @@ in }; "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Calendar.desktop" + "org.gnome.Nautilus.desktop" + ]; + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" + "calc@danigm.wadobo.com" + "custom-hot-corners-extended@G-dH.github.com" "espresso@coadmunkee.github.com" + "Vitals@CoreCoding.com" ]; }; @@ -67,6 +101,85 @@ in has-battery = true; }; + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { + show-osd-monitor-indexes = false; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-right-0" = { + action = "toggle-overview"; + }; + "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/shared/global/default.nix b/home/shared/global/default.nix index e1487ce..9e71850 100644 --- a/home/shared/global/default.nix +++ b/home/shared/global/default.nix @@ -1,31 +1,15 @@ { pkgs, lib, config, options, ... }: { - # nixpkgs = { - # config = { - # allowUnfree = true; - # allowUnfreePredicate = (_: true); - # }; - - # overlays = [ - # (import ../../../overlays) - # ]; - # }; - - homeage = { - identityPaths = [ "~/.ssh/id_ed25519" ]; - installationType = "activation"; - }; - - programs = { - home-manager = { - enable = true; - }; - }; - - systemd = { - user = { - startServices = "sd-switch"; - }; - }; + imports = [ + ./dircolors.nix + ./direnv.nix + ./fzf.nix + ./general.nix + ./lsd.nix + ./neovim.nix + ./readline.nix + ./starship.nix + ./tmux.nix + ]; } diff --git a/home/shared/global/dircolors.nix b/home/shared/global/dircolors.nix new file mode 100644 index 0000000..579581e --- /dev/null +++ b/home/shared/global/dircolors.nix @@ -0,0 +1,196 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + dircolors = { + enable = true; + enableZshIntegration = true; + + settings = { + RESET = "0"; + DIR = "00;38;5;33"; + LINK = "01;38;5;37"; + MULTIHARDLINK = "00"; + FIFO = "48;5;230;38;5;136;01"; + SOCK = "48;5;230;38;5;136;01"; + DOOR = "48;5;230;38;5;136;01"; + BLK = "48;5;230;38;5;244;01"; + CHR = "48;5;230;38;5;244;01"; + ORPHAN = "48;5;235;38;5;160"; + MISSING = "00"; + SETUID = "48;5;160;38;5;230"; + SETGID = "48;5;136;38;5;230"; + CAPABILITY = "30;41"; + STICKY_OTHER_WRITABLE = "48;5;64;38;5;230"; + OTHER_WRITABLE = "48;5;235;38;5;33"; + STICKY = "48;5;33;38;5;230"; + EXEC = "01;38;5;64"; + ".tar" = "00;38;5;61"; + ".tgz" = "01;38;5;61"; + ".arj" = "01;38;5;61"; + ".taz" = "01;38;5;61"; + ".lzh" = "01;38;5;61"; + ".lzma" = "01;38;5;61"; + ".tlz" = "01;38;5;61"; + ".txz" = "01;38;5;61"; + ".zip" = "01;38;5;61"; + ".zst" = "01;38;5;61"; + ".z" = "01;38;5;61"; + ".Z" = "01;38;5;61"; + ".dz" = "01;38;5;61"; + ".gz" = "01;38;5;61"; + ".lz" = "01;38;5;61"; + ".xz" = "01;38;5;61"; + ".bz2" = "01;38;5;61"; + ".bz" = "01;38;5;61"; + ".tbz" = "01;38;5;61"; + ".tbz2" = "01;38;5;61"; + ".tz" = "01;38;5;61"; + ".deb" = "01;38;5;61"; + ".rpm" = "01;38;5;61"; + ".jar" = "01;38;5;61"; + ".rar" = "01;38;5;61"; + ".ace" = "01;38;5;61"; + ".zoo" = "01;38;5;61"; + ".cpio" = "01;38;5;61"; + ".7z" = "01;38;5;61"; + ".rz" = "01;38;5;61"; + ".apk" = "01;38;5;61"; + ".gem" = "01;38;5;61"; + ".jpg" = "00;38;5;136"; + ".JPG" = "00;38;5;136"; + ".jpeg" = "00;38;5;136"; + ".gif" = "00;38;5;136"; + ".bmp" = "00;38;5;136"; + ".pbm" = "00;38;5;136"; + ".pgm" = "00;38;5;136"; + ".ppm" = "00;38;5;136"; + ".tga" = "00;38;5;136"; + ".xbm" = "00;38;5;136"; + ".xpm" = "00;38;5;136"; + ".tif" = "00;38;5;136"; + ".tiff" = "00;38;5;136"; + ".png" = "00;38;5;136"; + ".PNG" = "00;38;5;136"; + ".svg" = "00;38;5;136"; + ".svgz" = "00;38;5;136"; + ".mng" = "00;38;5;136"; + ".pcx" = "00;38;5;136"; + ".dl" = "00;38;5;136"; + ".xcf" = "00;38;5;136"; + ".xwd" = "00;38;5;136"; + ".yuv" = "00;38;5;136"; + ".cgm" = "00;38;5;136"; + ".emf" = "00;38;5;136"; + ".eps" = "00;38;5;136"; + ".CR2" = "00;38;5;136"; + ".ico" = "00;38;5;136"; + ".nef" = "00;38;5;136"; + ".NEF" = "00;38;5;136"; + ".webp" = "00;38;5;136"; + ".tex" = "01;38;5;245"; + ".rdf" = "01;38;5;245"; + ".owl" = "01;38;5;245"; + ".n3" = "01;38;5;245"; + ".ttl" = "01;38;5;245"; + ".nt" = "01;38;5;245"; + ".torrent" = "01;38;5;245"; + ".xml" = "01;38;5;245"; + "*Makefile" = "01;38;5;245"; + "*Rakefile" = "01;38;5;245"; + "*Dockerfile" = "01;38;5;245"; + "*build.xml" = "01;38;5;245"; + "*rc" = "01;38;5;245"; + "*1" = "01;38;5;245"; + ".nfo" = "01;38;5;245"; + "*README" = "01;38;5;245"; + "*README.txt" = "01;38;5;245"; + "*readme.txt" = "01;38;5;245"; + ".md" = "01;38;5;245"; + "*README.markdown" = "01;38;5;245"; + ".ini" = "01;38;5;245"; + ".yml" = "01;38;5;245"; + ".cfg" = "01;38;5;245"; + ".conf" = "01;38;5;245"; + ".h" = "01;38;5;245"; + ".hpp" = "01;38;5;245"; + ".c" = "01;38;5;245"; + ".cpp" = "01;38;5;245"; + ".cxx" = "01;38;5;245"; + ".cc" = "01;38;5;245"; + ".objc" = "01;38;5;245"; + ".sqlite" = "01;38;5;245"; + ".go" = "01;38;5;245"; + ".sql" = "01;38;5;245"; + ".csv" = "01;38;5;245"; + ".log" = "00;38;5;240"; + ".bak" = "00;38;5;240"; + ".aux" = "00;38;5;240"; + ".lof" = "00;38;5;240"; + ".lol" = "00;38;5;240"; + ".lot" = "00;38;5;240"; + ".out" = "00;38;5;240"; + ".toc" = "00;38;5;240"; + ".bbl" = "00;38;5;240"; + ".blg" = "00;38;5;240"; + "*~" = "00;38;5;240"; + "*#" = "00;38;5;240"; + ".part" = "00;38;5;240"; + ".incomplete" = "00;38;5;240"; + ".swp" = "00;38;5;240"; + ".tmp" = "00;38;5;240"; + ".temp" = "00;38;5;240"; + ".o" = "00;38;5;240"; + ".pyc" = "00;38;5;240"; + ".class" = "00;38;5;240"; + ".cache" = "00;38;5;240"; + ".aac" = "00;38;5;166"; + ".au" = "00;38;5;166"; + ".flac" = "00;38;5;166"; + ".mid" = "00;38;5;166"; + ".midi" = "00;38;5;166"; + ".mka" = "00;38;5;166"; + ".mp3" = "00;38;5;166"; + ".mpc" = "00;38;5;166"; + ".ogg" = "00;38;5;166"; + ".opus" = "00;38;5;166"; + ".ra" = "00;38;5;166"; + ".wav" = "00;38;5;166"; + ".m4a" = "00;38;5;166"; + ".axa" = "00;38;5;166"; + ".oga" = "00;38;5;166"; + ".spx" = "00;38;5;166"; + ".xspf" = "00;38;5;166"; + ".mov" = "01;38;5;166"; + ".MOV" = "01;38;5;166"; + ".mpg" = "01;38;5;166"; + ".mpeg" = "01;38;5;166"; + ".m2v" = "01;38;5;166"; + ".mkv" = "01;38;5;166"; + ".ogm" = "01;38;5;166"; + ".mp4" = "01;38;5;166"; + ".m4v" = "01;38;5;166"; + ".mp4v" = "01;38;5;166"; + ".vob" = "01;38;5;166"; + ".qt" = "01;38;5;166"; + ".nuv" = "01;38;5;166"; + ".wmv" = "01;38;5;166"; + ".asf" = "01;38;5;166"; + ".rm" = "01;38;5;166"; + ".rmvb" = "01;38;5;166"; + ".flc" = "01;38;5;166"; + ".avi" = "01;38;5;166"; + ".fli" = "01;38;5;166"; + ".flv" = "01;38;5;166"; + ".gl" = "01;38;5;166"; + ".m2ts" = "01;38;5;166"; + ".divx" = "01;38;5;166"; + ".webm" = "01;38;5;166"; + ".axv" = "01;38;5;166"; + ".anx" = "01;38;5;166"; + ".ogv" = "01;38;5;166"; + ".ogx" = "01;38;5;166"; + }; + }; + }; +} diff --git a/home/shared/global/direnv.nix b/home/shared/global/direnv.nix new file mode 100644 index 0000000..e36b2ab --- /dev/null +++ b/home/shared/global/direnv.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + direnv = { + enable = true; + enableBashIntegration = true; + enableZshIntegration = true; + + nix-direnv = { + enable = true; + }; + }; + }; +} diff --git a/home/shared/global/fzf.nix b/home/shared/global/fzf.nix new file mode 100644 index 0000000..56df987 --- /dev/null +++ b/home/shared/global/fzf.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + fzf = { + enable = true; + enableZshIntegration = true; + }; + }; +} diff --git a/home/shared/global/general.nix b/home/shared/global/general.nix new file mode 100644 index 0000000..f78fb73 --- /dev/null +++ b/home/shared/global/general.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, options, ... }: + +{ + # nixpkgs = { + # config = { + # allowUnfree = true; + # allowUnfreePredicate = (_: true); + # }; + + # overlays = [ + # (import ../../../overlays) + # ]; + # }; + + programs = { + home-manager = { + enable = true; + }; + }; + + systemd = { + user = { + startServices = "sd-switch"; + }; + }; +} diff --git a/home/shared/global/lsd.nix b/home/shared/global/lsd.nix new file mode 100644 index 0000000..0ac2f2a --- /dev/null +++ b/home/shared/global/lsd.nix @@ -0,0 +1,10 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + lsd = { + enable = true; + enableAliases = true; + }; + }; +} diff --git a/home/shared/global/neovim.nix b/home/shared/global/neovim.nix new file mode 100644 index 0000000..2a6a7a5 --- /dev/null +++ b/home/shared/global/neovim.nix @@ -0,0 +1,138 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + neovim = { + enable = true; + vimAlias = true; + + plugins = with pkgs.vimPlugins; [ + delimitMate + dockerfile-vim + supertab + vim-airline + vim-better-whitespace + vim-easy-align + vim-nix + vim-vividchalk + ]; + + extraConfig = '' + " filetype config { + filetype plugin on + filetype indent on + "} + + " misc stuff { + set nocompatible + set modeline + set history=1000 + set backspace=indent,eol,start + set selection=inclusive + set completeopt=longest,menu,preview + set diffopt+=vertical + set autoread + "} + + " tab related { + set shiftwidth=2 + set tabstop=2 + set expandtab + set smarttab + set cindent + "} + + " status related { + set ruler + set showcmd + set nonumber + set shortmess=aoOtTI + set laststatus=1 + "} + + " search related { + set hlsearch + set incsearch + set ignorecase + set smartcase + set scrolloff=3 + set sidescrolloff=5 + "} + + " bell related { + set noerrorbells + set vb t_vb= + "} + + " backup related { + set nobackup + "} + + " swap related { + set swapfile + "} + + " grep related { + set grepprg=grep\ -nH\ $* + "} + + " folding related { + set foldcolumn=0 + set foldmethod=indent + set foldnestmax=100 + set nofoldenable + set foldlevel=1 + "} + + " coloring related { + set background=dark + set t_Co=256 + "} + + " show syntax { + syntax on + "} + + " select scheme { + colorscheme vividchalk + "} + + " folding mapping { + map zo + map zc + map zR + map zM + "} + + " switch tabs { + map gT + map gt + "} + + " past switch { + set pastetoggle= + "} + + " incsearch plugin { + hi search ctermfg=red ctermbg=yellow + map / (incsearch-forward) + map ? (incsearch-backward) + map g/ (incsearch-stay) + "} + + " airline plugin { + let g:airline#extensions#branch#enable=1 + let g:airline#extensions#modified#enable=1 + let g:airline#extensions#paste#enable=1 + let g:airline#extensions#whitespace#enable=1 + "} + + " easyalign plugin { + vmap (EasyAlign) + nmap a (EasyAlign) + vmap . (EasyAlignRepeat) + "} + ''; + }; + }; +} diff --git a/home/shared/global/readline.nix b/home/shared/global/readline.nix new file mode 100644 index 0000000..5065bc4 --- /dev/null +++ b/home/shared/global/readline.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + readline = { + enable = true; + + bindings = { + "\e[5~" = "history-search-backward"; + "\e[6~" = "history-search-forward"; + }; + }; + }; +} diff --git a/home/shared/global/starship.nix b/home/shared/global/starship.nix new file mode 100644 index 0000000..7b1d307 --- /dev/null +++ b/home/shared/global/starship.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + starship = { + enable = true; + + settings = { + add_newline = true; + + battery = { + disabled = true; + }; + + directory = { + truncation_length = 5; + truncate_to_repo = false; + truncation_symbol = "…/"; + }; + }; + }; + }; +} diff --git a/home/shared/global/tmux.nix b/home/shared/global/tmux.nix new file mode 100644 index 0000000..67e912c --- /dev/null +++ b/home/shared/global/tmux.nix @@ -0,0 +1,14 @@ +{ pkgs, lib, config, options, ... }: + +{ + programs = { + tmux = { + enable = true; + clock24 = true; + + tmuxinator = { + enable = true; + }; + }; + }; +} diff --git a/home/shared/programs/yed.nix b/home/shared/programs/citrix.nix similarity index 64% rename from home/shared/programs/yed.nix rename to home/shared/programs/citrix.nix index 417aacc..a7918e3 100644 --- a/home/shared/programs/yed.nix +++ b/home/shared/programs/citrix.nix @@ -2,15 +2,15 @@ with lib; let - cfg = config.profile.programs.yed; + cfg = config.profile.programs.citrix; in { options = { profile = { programs = { - yed = { - enable = mkEnableOption "Yed"; + citrix = { + enable = mkEnableOption "Citrix"; }; }; }; @@ -19,7 +19,7 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ - yed + citrix_workspace ]; }; }; diff --git a/home/shared/programs/default.nix b/home/shared/programs/default.nix index 6bb4b3f..c0afcb3 100644 --- a/home/shared/programs/default.nix +++ b/home/shared/programs/default.nix @@ -3,16 +3,14 @@ { imports = [ ./act.nix - ./authy.nix ./banking.nix + ./citrix.nix ./clouds.nix ./develop.nix - ./dircolors.nix - ./direnv.nix - ./fzf.nix ./gnupg.nix ./golang.nix ./gomplate.nix + ./graphics.nix ./helm.nix ./joplin.nix ./jq.nix @@ -21,22 +19,17 @@ ./kustomize.nix ./latex.nix ./lens.nix - ./lsd.nix ./messages.nix ./minecraft.nix - ./neovim.nix ./network.nix ./ngrok.nix ./nodejs.nix ./office.nix - ./readline.nix ./shortwave.nix - ./starship.nix + ./streaming.nix ./terminal.nix ./terraform.nix - ./tmux.nix ./wine.nix - ./yed.nix ./yq.nix ./zathura.nix ]; diff --git a/home/shared/programs/develop.nix b/home/shared/programs/develop.nix index 8c8a15c..22b3af4 100644 --- a/home/shared/programs/develop.nix +++ b/home/shared/programs/develop.nix @@ -34,8 +34,11 @@ in ansible-later cfssl + gettext graphviz + ipcalc mediainfo + mediawriter neofetch reflex shellcheck diff --git a/home/shared/programs/dircolors.nix b/home/shared/programs/dircolors.nix deleted file mode 100644 index 44efb60..0000000 --- a/home/shared/programs/dircolors.nix +++ /dev/null @@ -1,215 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.dircolors; - -in -{ - options = { - profile = { - programs = { - dircolors = { - enable = mkEnableOption "Dircolors" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - dircolors = { - enable = true; - enableZshIntegration = true; - - settings = { - RESET = "0"; - DIR = "00;38;5;33"; - LINK = "01;38;5;37"; - MULTIHARDLINK = "00"; - FIFO = "48;5;230;38;5;136;01"; - SOCK = "48;5;230;38;5;136;01"; - DOOR = "48;5;230;38;5;136;01"; - BLK = "48;5;230;38;5;244;01"; - CHR = "48;5;230;38;5;244;01"; - ORPHAN = "48;5;235;38;5;160"; - MISSING = "00"; - SETUID = "48;5;160;38;5;230"; - SETGID = "48;5;136;38;5;230"; - CAPABILITY = "30;41"; - STICKY_OTHER_WRITABLE = "48;5;64;38;5;230"; - OTHER_WRITABLE = "48;5;235;38;5;33"; - STICKY = "48;5;33;38;5;230"; - EXEC = "01;38;5;64"; - ".tar" = "00;38;5;61"; - ".tgz" = "01;38;5;61"; - ".arj" = "01;38;5;61"; - ".taz" = "01;38;5;61"; - ".lzh" = "01;38;5;61"; - ".lzma" = "01;38;5;61"; - ".tlz" = "01;38;5;61"; - ".txz" = "01;38;5;61"; - ".zip" = "01;38;5;61"; - ".zst" = "01;38;5;61"; - ".z" = "01;38;5;61"; - ".Z" = "01;38;5;61"; - ".dz" = "01;38;5;61"; - ".gz" = "01;38;5;61"; - ".lz" = "01;38;5;61"; - ".xz" = "01;38;5;61"; - ".bz2" = "01;38;5;61"; - ".bz" = "01;38;5;61"; - ".tbz" = "01;38;5;61"; - ".tbz2" = "01;38;5;61"; - ".tz" = "01;38;5;61"; - ".deb" = "01;38;5;61"; - ".rpm" = "01;38;5;61"; - ".jar" = "01;38;5;61"; - ".rar" = "01;38;5;61"; - ".ace" = "01;38;5;61"; - ".zoo" = "01;38;5;61"; - ".cpio" = "01;38;5;61"; - ".7z" = "01;38;5;61"; - ".rz" = "01;38;5;61"; - ".apk" = "01;38;5;61"; - ".gem" = "01;38;5;61"; - ".jpg" = "00;38;5;136"; - ".JPG" = "00;38;5;136"; - ".jpeg" = "00;38;5;136"; - ".gif" = "00;38;5;136"; - ".bmp" = "00;38;5;136"; - ".pbm" = "00;38;5;136"; - ".pgm" = "00;38;5;136"; - ".ppm" = "00;38;5;136"; - ".tga" = "00;38;5;136"; - ".xbm" = "00;38;5;136"; - ".xpm" = "00;38;5;136"; - ".tif" = "00;38;5;136"; - ".tiff" = "00;38;5;136"; - ".png" = "00;38;5;136"; - ".PNG" = "00;38;5;136"; - ".svg" = "00;38;5;136"; - ".svgz" = "00;38;5;136"; - ".mng" = "00;38;5;136"; - ".pcx" = "00;38;5;136"; - ".dl" = "00;38;5;136"; - ".xcf" = "00;38;5;136"; - ".xwd" = "00;38;5;136"; - ".yuv" = "00;38;5;136"; - ".cgm" = "00;38;5;136"; - ".emf" = "00;38;5;136"; - ".eps" = "00;38;5;136"; - ".CR2" = "00;38;5;136"; - ".ico" = "00;38;5;136"; - ".nef" = "00;38;5;136"; - ".NEF" = "00;38;5;136"; - ".webp" = "00;38;5;136"; - ".tex" = "01;38;5;245"; - ".rdf" = "01;38;5;245"; - ".owl" = "01;38;5;245"; - ".n3" = "01;38;5;245"; - ".ttl" = "01;38;5;245"; - ".nt" = "01;38;5;245"; - ".torrent" = "01;38;5;245"; - ".xml" = "01;38;5;245"; - "*Makefile" = "01;38;5;245"; - "*Rakefile" = "01;38;5;245"; - "*Dockerfile" = "01;38;5;245"; - "*build.xml" = "01;38;5;245"; - "*rc" = "01;38;5;245"; - "*1" = "01;38;5;245"; - ".nfo" = "01;38;5;245"; - "*README" = "01;38;5;245"; - "*README.txt" = "01;38;5;245"; - "*readme.txt" = "01;38;5;245"; - ".md" = "01;38;5;245"; - "*README.markdown" = "01;38;5;245"; - ".ini" = "01;38;5;245"; - ".yml" = "01;38;5;245"; - ".cfg" = "01;38;5;245"; - ".conf" = "01;38;5;245"; - ".h" = "01;38;5;245"; - ".hpp" = "01;38;5;245"; - ".c" = "01;38;5;245"; - ".cpp" = "01;38;5;245"; - ".cxx" = "01;38;5;245"; - ".cc" = "01;38;5;245"; - ".objc" = "01;38;5;245"; - ".sqlite" = "01;38;5;245"; - ".go" = "01;38;5;245"; - ".sql" = "01;38;5;245"; - ".csv" = "01;38;5;245"; - ".log" = "00;38;5;240"; - ".bak" = "00;38;5;240"; - ".aux" = "00;38;5;240"; - ".lof" = "00;38;5;240"; - ".lol" = "00;38;5;240"; - ".lot" = "00;38;5;240"; - ".out" = "00;38;5;240"; - ".toc" = "00;38;5;240"; - ".bbl" = "00;38;5;240"; - ".blg" = "00;38;5;240"; - "*~" = "00;38;5;240"; - "*#" = "00;38;5;240"; - ".part" = "00;38;5;240"; - ".incomplete" = "00;38;5;240"; - ".swp" = "00;38;5;240"; - ".tmp" = "00;38;5;240"; - ".temp" = "00;38;5;240"; - ".o" = "00;38;5;240"; - ".pyc" = "00;38;5;240"; - ".class" = "00;38;5;240"; - ".cache" = "00;38;5;240"; - ".aac" = "00;38;5;166"; - ".au" = "00;38;5;166"; - ".flac" = "00;38;5;166"; - ".mid" = "00;38;5;166"; - ".midi" = "00;38;5;166"; - ".mka" = "00;38;5;166"; - ".mp3" = "00;38;5;166"; - ".mpc" = "00;38;5;166"; - ".ogg" = "00;38;5;166"; - ".opus" = "00;38;5;166"; - ".ra" = "00;38;5;166"; - ".wav" = "00;38;5;166"; - ".m4a" = "00;38;5;166"; - ".axa" = "00;38;5;166"; - ".oga" = "00;38;5;166"; - ".spx" = "00;38;5;166"; - ".xspf" = "00;38;5;166"; - ".mov" = "01;38;5;166"; - ".MOV" = "01;38;5;166"; - ".mpg" = "01;38;5;166"; - ".mpeg" = "01;38;5;166"; - ".m2v" = "01;38;5;166"; - ".mkv" = "01;38;5;166"; - ".ogm" = "01;38;5;166"; - ".mp4" = "01;38;5;166"; - ".m4v" = "01;38;5;166"; - ".mp4v" = "01;38;5;166"; - ".vob" = "01;38;5;166"; - ".qt" = "01;38;5;166"; - ".nuv" = "01;38;5;166"; - ".wmv" = "01;38;5;166"; - ".asf" = "01;38;5;166"; - ".rm" = "01;38;5;166"; - ".rmvb" = "01;38;5;166"; - ".flc" = "01;38;5;166"; - ".avi" = "01;38;5;166"; - ".fli" = "01;38;5;166"; - ".flv" = "01;38;5;166"; - ".gl" = "01;38;5;166"; - ".m2ts" = "01;38;5;166"; - ".divx" = "01;38;5;166"; - ".webm" = "01;38;5;166"; - ".axv" = "01;38;5;166"; - ".anx" = "01;38;5;166"; - ".ogv" = "01;38;5;166"; - ".ogx" = "01;38;5;166"; - }; - }; - }; - }; -} diff --git a/home/shared/programs/direnv.nix b/home/shared/programs/direnv.nix deleted file mode 100644 index c24cdc6..0000000 --- a/home/shared/programs/direnv.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.direnv; - -in -{ - options = { - profile = { - programs = { - direnv = { - enable = mkEnableOption "Direnv" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - direnv = { - enable = true; - enableBashIntegration = true; - enableZshIntegration = true; - - nix-direnv = { - enable = true; - }; - }; - }; - }; -} diff --git a/home/shared/programs/fzf.nix b/home/shared/programs/fzf.nix deleted file mode 100644 index 1ec69ef..0000000 --- a/home/shared/programs/fzf.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.fzf; - -in -{ - options = { - profile = { - programs = { - fzf = { - enable = mkEnableOption "Fzf" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - fzf = { - enable = true; - enableZshIntegration = true; - }; - }; - }; -} diff --git a/home/shared/programs/authy.nix b/home/shared/programs/graphics.nix similarity index 65% rename from home/shared/programs/authy.nix rename to home/shared/programs/graphics.nix index 072f946..e1562f9 100644 --- a/home/shared/programs/authy.nix +++ b/home/shared/programs/graphics.nix @@ -2,15 +2,15 @@ with lib; let - cfg = config.profile.programs.authy; + cfg = config.profile.programs.graphics; in { options = { profile = { programs = { - authy = { - enable = mkEnableOption "Authy"; + graphics = { + enable = mkEnableOption "Graphics"; }; }; }; @@ -19,7 +19,7 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ - authy + gimp ]; }; }; diff --git a/home/shared/programs/lsd.nix b/home/shared/programs/lsd.nix deleted file mode 100644 index 2808448..0000000 --- a/home/shared/programs/lsd.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.lsd; - -in -{ - options = { - profile = { - programs = { - lsd = { - enable = mkEnableOption "Lsd" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - lsd = { - enable = true; - enableAliases = true; - }; - }; - }; -} diff --git a/home/shared/programs/messages.nix b/home/shared/programs/messages.nix index e38e935..9dfe299 100644 --- a/home/shared/programs/messages.nix +++ b/home/shared/programs/messages.nix @@ -20,13 +20,17 @@ in home = { packages = with pkgs; [ discord + element-desktop ferdium mattermost-desktop revolt-desktop rocketchat-desktop signal-desktop + skypeforlinux slack teams-for-linux + telegram-desktop + whatsapp-for-linux ]; }; }; diff --git a/home/shared/programs/minecraft.nix b/home/shared/programs/minecraft.nix index 5f63710..4bcacd9 100644 --- a/home/shared/programs/minecraft.nix +++ b/home/shared/programs/minecraft.nix @@ -21,7 +21,6 @@ in packages = with pkgs; [ mcrcon packwiz - ferium prismlauncher ]; }; diff --git a/home/shared/programs/neovim.nix b/home/shared/programs/neovim.nix deleted file mode 100644 index 7246270..0000000 --- a/home/shared/programs/neovim.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.neovim; - -in -{ - options = { - profile = { - programs = { - neovim = { - enable = mkEnableOption "Neovim" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - neovim = { - enable = true; - vimAlias = true; - - plugins = with pkgs.vimPlugins; [ - delimitMate - dockerfile-vim - supertab - vim-airline - vim-better-whitespace - vim-easy-align - vim-nix - vim-vividchalk - ]; - - extraConfig = '' - " filetype config { - filetype plugin on - filetype indent on - "} - - " misc stuff { - set nocompatible - set modeline - set history=1000 - set backspace=indent,eol,start - set selection=inclusive - set completeopt=longest,menu,preview - set diffopt+=vertical - set autoread - "} - - " tab related { - set shiftwidth=2 - set tabstop=2 - set expandtab - set smarttab - set cindent - "} - - " status related { - set ruler - set showcmd - set nonumber - set shortmess=aoOtTI - set laststatus=1 - "} - - " search related { - set hlsearch - set incsearch - set ignorecase - set smartcase - set scrolloff=3 - set sidescrolloff=5 - "} - - " bell related { - set noerrorbells - set vb t_vb= - "} - - " backup related { - set nobackup - "} - - " swap related { - set swapfile - "} - - " grep related { - set grepprg=grep\ -nH\ $* - "} - - " folding related { - set foldcolumn=0 - set foldmethod=indent - set foldnestmax=100 - set nofoldenable - set foldlevel=1 - "} - - " coloring related { - set background=dark - set t_Co=256 - "} - - " show syntax { - syntax on - "} - - " select scheme { - colorscheme vividchalk - "} - - " folding mapping { - map zo - map zc - map zR - map zM - "} - - " switch tabs { - map gT - map gt - "} - - " past switch { - set pastetoggle= - "} - - " incsearch plugin { - hi search ctermfg=red ctermbg=yellow - map / (incsearch-forward) - map ? (incsearch-backward) - map g/ (incsearch-stay) - "} - - " airline plugin { - let g:airline#extensions#branch#enable=1 - let g:airline#extensions#modified#enable=1 - let g:airline#extensions#paste#enable=1 - let g:airline#extensions#whitespace#enable=1 - "} - - " easyalign plugin { - vmap (EasyAlign) - nmap a (EasyAlign) - vmap . (EasyAlignRepeat) - "} - ''; - }; - }; - }; -} diff --git a/home/shared/programs/readline.nix b/home/shared/programs/readline.nix deleted file mode 100644 index 7e8334f..0000000 --- a/home/shared/programs/readline.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.readline; - -in -{ - options = { - profile = { - programs = { - readline = { - enable = mkEnableOption "Readline" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - readline = { - enable = true; - - bindings = { - "\e[5~" = "history-search-backward"; - "\e[6~" = "history-search-forward"; - }; - }; - }; - }; -} diff --git a/home/shared/programs/starship.nix b/home/shared/programs/starship.nix deleted file mode 100644 index 808b005..0000000 --- a/home/shared/programs/starship.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.starship; - -in -{ - options = { - profile = { - programs = { - starship = { - enable = mkEnableOption "Starship" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - starship = { - enable = true; - - settings = { - add_newline = true; - - battery = { - disabled = true; - }; - - directory = { - truncation_length = 5; - truncate_to_repo = false; - truncation_symbol = "…/"; - }; - }; - }; - }; - }; -} diff --git a/home/shared/programs/streaming.nix b/home/shared/programs/streaming.nix new file mode 100644 index 0000000..a170402 --- /dev/null +++ b/home/shared/programs/streaming.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +let + cfg = config.profile.programs.streaming; + +in +{ + options = { + profile = { + programs = { + streaming = { + enable = mkEnableOption "Streaming"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + home = { + packages = with pkgs; [ + obs-studio + ]; + }; + }; +} diff --git a/home/shared/programs/terminal.nix b/home/shared/programs/terminal.nix index f0b347d..2442dd4 100644 --- a/home/shared/programs/terminal.nix +++ b/home/shared/programs/terminal.nix @@ -19,7 +19,9 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + blackbox wezterm + zellij ]; }; }; diff --git a/home/shared/programs/tmux.nix b/home/shared/programs/tmux.nix deleted file mode 100644 index f5769b3..0000000 --- a/home/shared/programs/tmux.nix +++ /dev/null @@ -1,33 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.tmux; - -in -{ - options = { - profile = { - programs = { - tmux = { - enable = mkEnableOption "Tmux" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - programs = { - tmux = { - enable = true; - clock24 = true; - - tmuxinator = { - enable = true; - }; - }; - }; - }; -} diff --git a/home/tabea/desktop/gnome.nix b/home/tabea/desktop/gnome.nix index 15f82c1..da745c7 100644 --- a/home/tabea/desktop/gnome.nix +++ b/home/tabea/desktop/gnome.nix @@ -19,22 +19,28 @@ in config = mkIf cfg.enable { home = { packages = with pkgs; [ + xclip gnome.adwaita-icon-theme + + gnomeExtensions.alphabetical-app-grid + gnomeExtensions.calc + gnomeExtensions.custom-hot-corners-extended gnomeExtensions.espresso + gnomeExtensions.vitals ]; }; dconf = { settings = { - "org/gnome/desktop/calendar" = { - show-weekdate = true; - }; - "org/gnome/desktop/input-sources" = { sources = [ (lib.hm.gvariant.mkTuple [ "xkb" "de" ]) ]; xkb-options = [ "eurosign:e" ]; }; + "org/gnome/desktop/calendar" = { + show-weekdate = true; + }; + "org/gnome/desktop/interface" = { clock-show-weekday = true; show-battery-percentage = true; @@ -49,6 +55,25 @@ in button-layout = "appmenu:minimize,maximize,close"; }; + "org/gnome/desktop/notifications" = { + show-in-lock-screen = false; + }; + + "org/gnome/desktop/privacy" = { + old-files-age = lib.hm.gvariant.mkUint32 1; + remember-recent-files = false; + remove-old-temp-files = true; + remove-old-trash-files = true; + report-technical-problems = false; + }; + + "org/gnome/settings-daemon/peripherals/touchpad" = { + natural-scroll = true; + disable-while-typing = false; + tap-to-click = true; + touchpad-enabled = true; + }; + "org/gnome/mutter" = { attach-modal-dialogs = true; dynamic-workspaces = true; @@ -58,8 +83,17 @@ in }; "org/gnome/shell" = { + favorite-apps = [ + "org.gnome.Calendar.desktop" + "org.gnome.Nautilus.desktop" + ]; + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" + "calc@danigm.wadobo.com" + "custom-hot-corners-extended@G-dH.github.com" "espresso@coadmunkee.github.com" + "Vitals@CoreCoding.com" ]; }; @@ -67,6 +101,85 @@ in has-battery = true; }; + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { + show-osd-monitor-indexes = false; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-0-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-1-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-2-top-right-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-left-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-bottom-right-0" = { + action = "show-desktop"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-left-0" = { + action = "toggle-overview"; + }; + + "org/gnome/shell/extensions/custom-hot-corners-extended/monitor-3-top-right-0" = { + action = "toggle-overview"; + }; + "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/thomas/default.nix b/home/thomas/default.nix index 83e8346..52f7a63 100644 --- a/home/thomas/default.nix +++ b/home/thomas/default.nix @@ -22,7 +22,7 @@ in profile = { desktop = { - sway = { + gnome = { enable = desktop; }; }; @@ -31,10 +31,10 @@ in act = { enable = desktop; }; - authy = { + banking = { enable = desktop; }; - banking = { + citrix = { enable = desktop; }; clouds = { @@ -43,19 +43,16 @@ in develop = { enable = desktop; }; - git = { - enable = desktop; - }; - github = { - enable = desktop; - }; gnupg = { enable = desktop; }; golang = { enable = desktop; }; - gopass = { + gomplate = { + enable = desktop; + }; + graphics = { enable = desktop; }; helm = { @@ -64,6 +61,9 @@ in joplin = { enable = desktop; }; + jq = { + enable = desktop; + }; jsonnet = { enable = desktop; }; @@ -85,10 +85,7 @@ in minecraft = { enable = desktop; }; - minio = { - enable = desktop; - }; - netrc = { + network = { enable = desktop; }; ngrok = { @@ -103,7 +100,7 @@ in shortwave = { enable = desktop; }; - ssh = { + streaming = { enable = desktop; }; terminal = { @@ -112,27 +109,39 @@ in terraform = { enable = desktop; }; - vscode = { - enable = desktop; - }; wine = { enable = desktop; }; - yed = { + yq = { enable = desktop; }; zathura = { enable = desktop; }; - jq = { - enable = true; + autorandr = { + enable = desktop; }; - network = { - enable = true; + git = { + enable = desktop; }; - yq = { - enable = true; + github = { + enable = desktop; + }; + gopass = { + enable = desktop; + }; + minio = { + enable = desktop; + }; + netrc = { + enable = desktop; + }; + ssh = { + enable = desktop; + }; + vscode = { + enable = desktop; }; }; @@ -140,10 +149,10 @@ in nextcloud = { enable = desktop; }; - udiskie = { + syncthing = { enable = desktop; }; - syncthing = { + udiskie = { enable = desktop; }; }; @@ -158,6 +167,20 @@ in LC_ALL = "en_US.UTF-8"; }; + shellAliases = { + ".." = "cd .."; + "..." = "cd ../.."; + + netstat = "sudo netstat -tulpen"; + + rgrep = "grep -Rn"; + hgrep = "fc -El 0 | grep"; + history = "fc -l 1"; + sha256sum = "shasum -a 256"; + + # molecule = "docker run -ti --rm -v /var/run/docker.sock:/var/run/docker.sock -v $(pwd):$(pwd) -w $(pwd) toolhippie/molecule:latest molecule"; + }; + file = { ".local/bin/git-gh-pages" = { executable = true; @@ -219,4 +242,79 @@ in stateVersion = "23.11"; }; + + programs = { + bash = { + enable = true; + enableCompletion = true; + + profileExtra = '' + [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh + ''; + + logoutExtra = '' + + ''; + + sessionVariables = { + EDITOR = "vim"; + PAGER = "less"; + CLICOLOR = "1"; + GREP_COLOR = "mt=1;33"; + IGNOREEOF = "1"; + }; + }; + + zsh = { + enable = true; + enableCompletion = true; + + autosuggestion = { + enable = true; + }; + + syntaxHighlighting = { + enable = true; + }; + + profileExtra = '' + [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh + ''; + + history = { + size = 10000000; + save = 10000000; + extended = true; + path = "${config.home.homeDirectory}/.zhistory"; + }; + + sessionVariables = { + EDITOR = "vim"; + PAGER = "less"; + CLICOLOR = "1"; + GREP_COLOR = "mt=1;33"; + IGNOREEOF = "1"; + }; + + oh-my-zsh = { + enable = true; + custom = "${pkgs.zcustom}"; + theme = "tboerger"; + + plugins = [ + "direnv" + "encode64" + "git-prompt" + "history-substring-search" + "kube-ps1" + "rsync" + "sudo" + "systemd" + "tfenv" + "tmux" + "transfer" + ]; + }; + }; + }; } diff --git a/home/thomas/desktop/gnome.nix b/home/thomas/desktop/gnome.nix index 5a763e3..dfa0167 100644 --- a/home/thomas/desktop/gnome.nix +++ b/home/thomas/desktop/gnome.nix @@ -20,6 +20,7 @@ in home = { packages = with pkgs; [ xclip + gnome.adwaita-icon-theme gnomeExtensions.alphabetical-app-grid gnomeExtensions.app-icons-taskbar @@ -38,10 +39,6 @@ in ]; }; - programs = { }; - - services = { }; - dconf = { settings = { "org/gnome/desktop/input-sources" = { @@ -70,17 +67,17 @@ in "org/gnome/desktop/background" = { color-shading-type = "solid"; picture-options = "zoom"; - picture-uri = "file://${config.home.homeDirectory}/.wallpapers/tower.jpg"; - picture-uri-dark = "file://${home.homedirectory}/.wallpapers/tower.jpg"; + picture-uri = "file:///home/thomas/.wallpapers/tower.jpg"; + picture-uri-dark = "file:///home/thomas/.wallpapers/tower.jpg"; show-desktop-icons = true; }; "org/gnome/desktop/screensaver" = { color-shading-type = "solid"; picture-options = "zoom"; - picture-uri = "file://${config.home.homeDirectory}/.wallpapers/tower.jpg"; - picture-uri-dark = "file://${home.homedirectory}/.wallpapers/tower.jpg"; - lock-delay = mkUint32 0; + picture-uri = "file:///home/thomas/.wallpapers/tower.jpg"; + picture-uri-dark = "file:///home/thomas/.wallpapers/tower.jpg"; + lock-delay = lib.hm.gvariant.mkUint32 0; }; "org/gnome/desktop/notifications" = { @@ -88,7 +85,7 @@ in }; "org/gnome/desktop/privacy" = { - old-files-age = mkUint32 1; + old-files-age = lib.hm.gvariant.mkUint32 1; remember-recent-files = false; remove-old-temp-files = true; remove-old-trash-files = true; @@ -116,24 +113,44 @@ in "org.gnome.Nautilus.desktop" ]; - enabled-extensions = with pkgs; [ - gnomeExtensions.alphabetical-app-grid.uuid # AlphabeticalAppGrid@stuarthayhurst - gnomeExtensions.app-icons-taskbar.uuid # "aztaskbar@aztaskbar.gitlab.com" - gnomeExtensions.auto-move-windows.uuid # "auto-move-windows@gnome-shell-extensions.gcampax.github.com" - gnomeExtensions.calc.uuid # "calc@danigm.wadobo.com" - gnomeExtensions.clipboard-indicator # "clipboard-indicator@tudmotu.com" - gnomeExtensions.custom-hot-corners-extended.uuid # "custom-hot-corners-extended@G-dH.github.com" - gnomeExtensions.espresso.uuid # "espresso@coadmunkee.github.com" - gnomeExtensions.gtile.uuid # "gTile@vibou" - gnomeExtensions.removable-drive-menu.uuid # "drive-menu@gnome-shell-extensions.gcampax.github.com" - gnomeExtensions.tailscale-status.uuid # "tailscale-status@maxgallup.github.com" - gnomeExtensions.tray-icons-reloaded.uuid # "trayIconsReloaded@selfmade.pl" - gnomeExtensions.vitals # "Vitals@CoreCoding.com" + enabled-extensions = [ + "AlphabeticalAppGrid@stuarthayhurst" # gnomeExtensions.alphabetical-app-grid + "auto-move-windows@gnome-shell-extensions.gcampax.github.com" # gnomeExtensions.auto-move-windows + "aztaskbar@aztaskbar.gitlab.com" # gnomeExtensions.app-icons-taskbar + "calc@danigm.wadobo.com" # gnomeExtensions.calc + "clipboard-indicator@tudmotu.com" # gnomeExtensions.clipboard-indicator + "custom-hot-corners-extended@G-dH.github.com" # gnomeExtensions.custom-hot-corners-extended + "drive-menu@gnome-shell-extensions.gcampax.github.com" # gnomeExtensions.removable-drive-menu + "espresso@coadmunkee.github.com" # gnomeExtensions.espresso + "gTile@vibou" # gnomeExtensions.gtile + "tailscale-status@maxgallup.github.com" # gnomeExtensions.tailscale-status + "trayIconsReloaded@selfmade.pl" # gnomeExtensions.tray-icons-reloaded + "Vitals@CoreCoding.com" # gnomeExtensions.vitals - # gnomeExtensions.appindicator.uuid # "appindicatorsupport@rgcjonas.gmail.com" + # "appindicatorsupport@rgcjonas.gmail.com" # gnomeExtensions.appindicator ]; }; + "org/gnome/shell/extensions/aztaskbar" = { + main-panel-height = (lib.hm.gvariant.mkTuple [ true 40 ]); + show-apps-button = (lib.hm.gvariant.mkTuple [ true 0 ]); + }; + + "org/gnome/shell/extensions/espresso" = { + has-battery = true; + }; + + "org/gnome/shell/extensions/vitals" = { + show-fan = true; + show-storage = false; + show-temperature = true; + show-voltage = true; + }; + + "org/gnome/shell/weather" = { + automatic-location = true; + }; + "org/gnome/shell/extensions/custom-hot-corners-extended/misc" = { show-osd-monitor-indexes = false; }; @@ -202,26 +219,6 @@ in action = "toggle-overview"; }; - "org/gnome/shell/extensions/aztaskbar" = { - main-panel-height = (lib.hm.gvariant.mkTuple [ true 40 ]); - show-apps-button = (lib.hm.gvariant.mkTuple [ true 0 ]); - }; - - "org/gnome/shell/extensions/espresso" = { - has-battery = true; - }; - - "org/gnome/shell/extensions/vitals" = { - show-fan = true; - show-storage = false; - show-temperature = true; - show-voltage = true; - }; - - "org/gnome/shell/weather" = { - automatic-location = true; - }; - "system/locale" = { region = "de_DE.UTF-8"; }; diff --git a/home/thomas/desktop/i3.nix b/home/thomas/desktop/i3.nix index 865ba2d..a128037 100644 --- a/home/thomas/desktop/i3.nix +++ b/home/thomas/desktop/i3.nix @@ -68,10 +68,6 @@ in enable = true; }; - autorandr = { - enable = true; - }; - rofi = { enable = true; @@ -117,9 +113,6 @@ in enable = true; }; - autorandr = { - enable = true; - }; betterlockscreen = { enable = true; arguments = [ "--update ${home.homeDirectory}/.wallpapers/tower.jpg" ]; diff --git a/home/thomas/programs/autorandr.nix b/home/thomas/programs/autorandr.nix new file mode 100644 index 0000000..b9d4945 --- /dev/null +++ b/home/thomas/programs/autorandr.nix @@ -0,0 +1,34 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +let + cfg = config.profile.programs.autorandr; + +in +{ + options = { + profile = { + programs = { + autorandr = { + enable = mkEnableOption "Autorandr"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + programs = { + autorandr = { + enable = true; + + profiles = { }; + }; + }; + + services = { + autorandr = { + enable = true; + }; + }; + }; +} diff --git a/home/thomas/programs/default.nix b/home/thomas/programs/default.nix index 0553cae..9dbe6d7 100644 --- a/home/thomas/programs/default.nix +++ b/home/thomas/programs/default.nix @@ -2,12 +2,12 @@ { imports = [ + ./autorandr.nix ./git.nix ./github.nix ./gopass.nix ./minio.nix ./netrc.nix - ./shell.nix ./ssh.nix ./vscode.nix ]; diff --git a/home/thomas/programs/git.nix b/home/thomas/programs/git.nix index 0d7ca23..e6a2042 100644 --- a/home/thomas/programs/git.nix +++ b/home/thomas/programs/git.nix @@ -18,6 +18,10 @@ in config = mkIf cfg.enable { home = { + packages = with pkgs; [ + lazygit + ]; + shellAliases = { gs = "git status"; gc = "git commit"; @@ -36,7 +40,7 @@ in enable = true; enableBashIntegration = true; enableZshIntegration = true; - pinentryFlavor = "gnome3"; + pinentryPackage = pkgs.pinentry-gnome3; }; }; @@ -74,6 +78,10 @@ in fap = "fetch --all --prune"; + sma = "submodule add"; + smi = "submodule init"; + smu = "submodule update --init --recursive"; + hist = "log --pretty=format:'%h %ad | %s%d [%an]' --graph --date=short"; amend = "commit --amend -C HEAD"; diff --git a/home/thomas/programs/github.nix b/home/thomas/programs/github.nix index fbb5180..64c4a03 100644 --- a/home/thomas/programs/github.nix +++ b/home/thomas/programs/github.nix @@ -35,13 +35,13 @@ in }; }; - homeage = { - file."ghtoken" = { - source = ../secrets/gh.age; - symlinks = [ "${config.home.homeDirectory}/.ghtoken" ]; - owner = "thomas"; - group = "users"; - mode = "0600"; + age = { + secrets = { + github = { + file = ../secrets/github.age; + path = "${config.home.homeDirectory}/.ghtoken"; + mode = "0600"; + }; }; }; }; diff --git a/home/thomas/programs/gopass.nix b/home/thomas/programs/gopass.nix index 87c12e8..2d495a0 100644 --- a/home/thomas/programs/gopass.nix +++ b/home/thomas/programs/gopass.nix @@ -45,15 +45,7 @@ in [mounts "cloudpunks"] path = ${config.xdg.dataHome}/gopass/stores/cloudpunks - [mounts "restlos"] - path = ${config.xdg.dataHome}/gopass/stores/restlos - [mounts "adorsys"] - path = ${config.xdg.dataHome}/gopass/stores/adorsys - [mounts "webhippie"] - path = ${config.xdg.dataHome}/gopass/stores/webhippie - [mounts "boerger"] - path = ${config.xdg.dataHome}/gopass/stores/boerger [mounts "gopad"] path = ${config.xdg.dataHome}/gopass/stores/gopad [mounts "kleister"] diff --git a/home/thomas/programs/minio.nix b/home/thomas/programs/minio.nix index 88da4a6..3ddd47f 100644 --- a/home/thomas/programs/minio.nix +++ b/home/thomas/programs/minio.nix @@ -23,13 +23,13 @@ in ]; }; - homeage = { - file."minio" = { - source = ../secrets/minio.age; - symlinks = [ "${config.home.homeDirectory}/.mc/config.json" ]; - owner = "thomas"; - group = "users"; - mode = "0600"; + age = { + secrets = { + minio = { + file = ../secrets/minio.age; + path = "${config.home.homeDirectory}/.mc/config.json"; + mode = "0600"; + }; }; }; }; diff --git a/home/thomas/programs/netrc.nix b/home/thomas/programs/netrc.nix index 7902a66..a1e39a8 100644 --- a/home/thomas/programs/netrc.nix +++ b/home/thomas/programs/netrc.nix @@ -17,13 +17,13 @@ in }; config = mkIf cfg.enable { - homeage = { - file."netrc" = { - source = ../secrets/netrc.age; - symlinks = [ "${config.home.homeDirectory}/.netrc" ]; - owner = "thomas"; - group = "users"; - mode = "0600"; + age = { + secrets = { + netrc = { + file = ../secrets/netrc.age; + path = "${config.home.homeDirectory}/.netrc"; + mode = "0600"; + }; }; }; }; diff --git a/home/thomas/programs/shell.nix b/home/thomas/programs/shell.nix deleted file mode 100644 index 41dfc8d..0000000 --- a/home/thomas/programs/shell.nix +++ /dev/null @@ -1,108 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.profile.programs.shell; - -in -{ - options = { - profile = { - programs = { - shell = { - enable = mkEnableOption "Shell" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - home = { - shellAliases = { - ".." = "cd .."; - "..." = "cd ../.."; - - netstat = "sudo netstat -tulpen"; - - rgrep = "grep -Rn"; - hgrep = "fc -El 0 | grep"; - history = "fc -l 1"; - sha256sum = "shasum -a 256"; - }; - }; - - programs = { - bash = { - enable = true; - enableCompletion = true; - - profileExtra = '' - [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh - ''; - - logoutExtra = '' - - ''; - - sessionVariables = { - EDITOR = "vim"; - PAGER = "less"; - CLICOLOR = "1"; - GREP_COLOR = "mt=1;33"; - IGNOREEOF = "1"; - }; - }; - - zsh = { - enable = true; - enableCompletion = true; - enableAutosuggestions = true; - - syntaxHighlighting = { - enable = true; - }; - - profileExtra = '' - [ -r ~/.nix-profile/etc/profile.d/nix.sh ] && source ~/.nix-profile/etc/profile.d/nix.sh - ''; - - history = { - size = 10000000; - save = 10000000; - extended = true; - path = "${config.home.homeDirectory}/.zhistory"; - }; - - sessionVariables = { - EDITOR = "vim"; - PAGER = "less"; - CLICOLOR = "1"; - GREP_COLOR = "mt=1;33"; - IGNOREEOF = "1"; - }; - - oh-my-zsh = { - enable = true; - custom = "${pkgs.zcustom}"; - theme = "tboerger"; - - plugins = [ - "direnv" - "encode64" - "git-prompt" - "history-substring-search" - "kube-ps1" - "rsync" - "sudo" - "systemd" - "tfenv" - "tmux" - "transfer" - ]; - }; - }; - }; - }; -} diff --git a/home/thomas/programs/vscode.nix b/home/thomas/programs/vscode.nix index e424ef6..a631ab4 100644 --- a/home/thomas/programs/vscode.nix +++ b/home/thomas/programs/vscode.nix @@ -35,7 +35,7 @@ in ms-python.python ms-vscode-remote.remote-ssh naumovs.color-highlight - octref.vetur + Vue.volar redhat.vscode-yaml shakram02.bash-beautify signageos.signageos-vscode-sops @@ -53,6 +53,7 @@ in "editor.renderControlCharacters" = true; "editor.renderWhitespace" = "all"; + "editor.minimap.enabled" = false; "editor.rulers" = [ 80 @@ -62,12 +63,13 @@ in "files.trimTrailingWhitespace" = true; "go.useLanguageServer" = true; + "go.toolsManagement.autoUpdate" = true; "[python]" = { "editor.formatOnType" = true; }; "[vue]" = { - "editor.defaultFormatter" = "octref.vetur"; + "editor.defaultFormatter" = "Vue.volar"; }; "[yaml]" = { "editor.defaultFormatter" = "redhat.vscode-yaml"; diff --git a/home/thomas/secrets/gh.age b/home/thomas/secrets/gh.age deleted file mode 100644 index 6de2ef9..0000000 --- a/home/thomas/secrets/gh.age +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHB0VDFPUSAzS1hq -M0F2NDVCanhEcCsrVmtWN3NKaVQ4NWF4Rlk4OXlVUXNZZWE4Y2tVCkRsNkJrK0JE -cG80U2cxZEdPUkhEcmFENGU0cW1yMkkrMkY3NHlzSjVITnMKLT4gLnVbODAtXC1n -cmVhc2UgTSU3ViBnN1ggMH4yLWhodQowRVQxVFV4d21VRmY1S1J4K3Q1QjArbHZK -clpwSHY3OWVHOXFTUjQvWFlhV1lpTTN4N1BSQTBYMjZwbzdnaCt4CkxmWTc1dHNu -MStrQgotLS0gT3I3Nkw4RHNwcXUrV3h2U1o1VXlvTGFLbkEyRUtVNFJ3Mnl1VTRY -MXJaMAo7vjfTwaTgpEMPgSmXjFoWJDxkL29O5W/pxKmRH3bW33MVpSmO1sM+AypG -dLMa7fvHbWZozSMLpT19num5Ufj28BJCjN0fhd0m ------END AGE ENCRYPTED FILE----- diff --git a/home/thomas/secrets/github.age b/home/thomas/secrets/github.age new file mode 100644 index 0000000..3f1af13 --- /dev/null +++ b/home/thomas/secrets/github.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ XIHtmD92NOYVItTC1L891g2iw2Ndhryjs9CM3X2eAmw +s6jN22brCaZRcm7U4KChoUGQd+E9p2y7hyullCVFL/4 +-> D-grease 4__ 0}`' +SewNcDOTIxXXeb/gIiUnVkW8HvP4fAutXORixw07ZRe3csUBH5Qhg5VQrh+RGKji +EdXyeHsIOfXNM95C93K0U0Y0 +--- pB4b+FCzZ5lPi5Hv8W4XlTpQx98miOw8z5g54moH01M +OVtSŰhBόecvE?>x)[;Xxu8PubWa \ No newline at end of file diff --git a/home/thomas/secrets/minio.age b/home/thomas/secrets/minio.age index fe5f0d5f3a43ec8b12156df777c07325e42e9e5b..b38ecadb1ad944e7d2d0ef50abb8f23473225089 100644 GIT binary patch literal 1394 zcmV-&1&#V)XJsvAZewzJaCB*JZZ2gEacP}?#T1RbDD_AgRRdhl~bZ{_ccSKKG zc3MGLa|&vzEE_q7XJ8J#$B;A)F`M4Acb>t|P~;7EdtxT+WNx^qZO#V08j42QL@;D5 zc{8%ybpWMM&m4ne31S7Vqd8S4uc1LDlgrzW?)7>SjSyA5(CJbx0`52+B=BuJ0ZI2oCmM2#3 z)H+$Q!vq22vBYhD_`^9oz9~UceRsC-L>QY|K|qQWT8@-WWIK@(Osk`YfEGfUy_~2X z>$8-pz1#Nyey}F+kB!BGUh^}}a%v`EW4+)PQ~dAFAHPo@y! zAPgymSKevlqD^KrUcy}pjl^NaA4hKoJ^hV1g=Eu1@-zSlpQO`V+XHm*ab1lftSie4 z59naA3$a8I%$_EXca^-`hVQ`sn2bw+4E&*cIJVJf%>1*j*b~qh$&2h>l6XT&^$S%^ zSVFXODgzRQhMR1 zVsm;z!YQe0Pjs{_St|>5%$Ck=CBwya&g||lrQ zg5PK0DQ$ExiDxTdBf*90x`DM|4yY31Pk6m_6H#23*r}LVH`FRprPGsb*l)*gQa|j8 z;z;LxKj1r>=!jl?nL&Q4asBtI9gi?RYPtj1Wt-^;z_F)u8OuaXxoILLVhfcQR=b@0B*V~5_GzX5UWhlH>RS^Wnf>ptM~aJqMvcu5xQxp}k8kv0)s1*_ z!T1ZZR8@xJTsd<}U1~BY+_`V5^|0l8V@)jPYhwJDx_cKlF#kMCt7-S?a*YgczMhY< z6b4rTBfVaC{_b#nuej?(5A_^$Y%(=8f4TOz%L}itP#atM0`6};6K%IFRa|pU(TeSi*uEk-s3!WE&+#?YvIP$HpwxY;g!PQj<`HiDL2XMw1~1iw)E|fUauTS4<}1%V_PWAWjJ1 zlRslf__cyQFeDdwu3IA62h@#vmvuXO77p8)#p@D@p_qIz#H2s!_6V3B{|I6v_oMH^ z_^xfrz}QkzbO^*IH&uIwPOh?>W>xtVMfcV4;0cVc$|<%Q3$LrOllB(cLSRMYRo#6O zSbqVUgY%2Xi4aU`dt)U2t)XiZ`?4*rBh>Uq6N2gM55435BpEb)tUsr-NvxW3#)>HP zR2ilI-yuYQycVhPV$d1(@PhTNwi(TIZZmvh;+|c0Nc|=qaS|e&yy5~SiZ1*&_Ad~JMX!g!5o78nmz_C7@gu|3QODw&YhX~3%{S$cKH(L_ z^n{Nhvv9zRw(qjH(~C3Uw*BA=J0Cy$ouZ%NixrxNI8%Ur_%tdaLrVIGuVHr-3>w#`9w)3Dr)8UOC)~cUqbXKAzTCrp%X-0JXu5}2 ze)!2fUZH*xwF3#J_HktPig;CuA1~%LYdL(!<=A_tV~K*$hdL%yTX$@bAB5FHRuVCc2*~tO_yGzd#Ci zn$EgbW#-=v=fLn6{Iu}S`Im$y>9q|q#jgs;lBjyXZPbFSdKoW$;P9?nqxRbeNVgwn%u&G%Q9 zT+7jX!k!L4V_Pi-5mM4Ey`XWS7w>3>+Qn_WNb#W~mC%`|ix=o*?WNFtz>z4@ba?v9 zk9M@1T7yTZ;CxlvFS3_tTfae2jV(*Yes7d?#EwM84xNOy* zR|&|gEshpZ)=1}|OzwB{?n?PHECn}vPBKzWU2)C|e7bbeRlix@BL6-962@fTGpTuD zodp@qkI|jEWyKiIX!?9B0*=}BBy{B6maNo02go7?MAhzAHeG&6qc>M8WO$?WLPS)f zm#lUzuk@}DaWGZ5zf^BEETp{^5RH#I83SM%?+?@at+My0S!K0}FiE2_{=9M+uMd7-CXYlPwm>D7cF|lEcjN!$b?DuT)ZbHxZaX z1FIe8yXRLB8@GQyZDSj^5(rzCYo*8puX$W|$tliFj09H{BZYSIl-aNmJae)2mjlA< z1+Y6ecF49)S&RBaLC=DI+5x1PNT*aSk6?2N+Gp|p&Np|n9KOOG8TmJAogSc?axv0_ z;wf1;r@tR=5uje3_iEnTPIL%n@%gfRT|s*>pTJqtYV)wU0*E(9v=+ z)TOnzPctfD7B0GN=wDYw6gUC96+|SEUNy3n_E+tY_0xZf<&iZWs2o?#Lhr65oToEJ z?zzw(P(w`nP*=f9@80gEALkWwrGKk~ z|GATvXvFJhGUsgmU9g)2JR1m>uSz+t1a-5a&YK<&1;l-rg zKKc4zAMyh5tWOQe;HBVaTv?EYt{=Bi|NPpNR`0Lbt|no>G={L__d1w4LZzvFZb?^A zUn42k1*WFDgu%|x+<3B&yT)?kV##yc*S{& z1_)@*BW{JWVe<5an$Tbn1~)6C-2ES>bI6WdHpNheGP=YfViw^~YYmFO?TIP#4_7;2 z#&v@}!d;TwLo|~Ke=;lRhxdpgtg;!Qc+L>t$BFv@5(^~rg#&cU9B*ME**?rYJPPUuiOrlg(wpJ|TDM|!KElK`#S*H_#s z(!G8Rg%4V6EP?;3{1~3~*|Jo!ND2jUAGBNEm1EtYY6ZmZcLB7Qo*w`%K$bzuAf8Nh zsCa)f?0oRVW>n%?R@-KXFQ$GW?W5QS*dbk%EuUE;{t%DvXeRnxz(f@+$*9Ze4yZI& z{KBBrM-+QRuop{)6B#$CyGF>mnUY(eAp7*nLv=(eG#-V7UjTPImkNIyiz@aSm(k+D zQ*nXB+Z!OmwzGh#^~F9ZH;COMlmtK1;?094M;C2{+&hpmAeYNtWsHT7bK&n%1nI=! z;~4l2?8yr2d_!{v+HQsLxcP><2HR415{&4N2X| za`s|CZd9@$SG|5vNJ*`nE=yPqkEek(Nq$%A07!Hf)WAvB0NqTTNJHv{%%Z)ofa#@& zRP8tS!|}Yo1!*38zfoqfjUv`5Br%Sen**P0)bWw0zn<1e(bM^^T;0=romkwJ1D;u- zxFgk*b39rxdw=wCv)*k;On0*U&_6~hg2_e+s(En2{8(Y5LW3yO2_X&4Yc?O$u6!e1y04?$lO{(dSL(a33u)41py$ZeD)m{_ZOy$=j!2d=}!Q}t%^!Xo_ C>B;y2 diff --git a/home/thomas/secrets/netrc.age b/home/thomas/secrets/netrc.age index a0f1fa4..dde2c94 100644 --- a/home/thomas/secrets/netrc.age +++ b/home/thomas/secrets/netrc.age @@ -1,13 +1,8 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHB0VDFPUSA3czg0 -azRIaGgvVXMyQTFuaXVGYjNoUlJFcU03d3RxLzY2REQxYVl1SndBClg0M0dQeW0v -Z3pGN0tPVUo4OWVmZ0N6SGVETHJpc01TMzhLeHczR3RkQkEKLT4gaUBYVWVeUi1n -cmVhc2UKekVpYkJwOHpPZW8yd1kwY3NpYjhPQnVRRE1DZ0xqYXQzaks0dlE5SDRX -VDVNTmR4ZklpQVd5elF1MmtDSmxsYwo5LzV2M2xsSFlxZGYzOVlzRzFIK2lDQjdx -NGdVVGczWDlNUlZhQ1pZWWZNc3hJNU02WC9uOVlPOUw5STFMUQotLS0gSVhpK1NJ -NEZFVWZBWDhTM0FUVHZMTTBSd2hVQmlUejRnaUUvSjArVTA4NAq8OnZmEhnySiGS -NXOHYtCrY0hOtWowI/fKTyCQg+2ttsgANRTOPQokr3m8N6NP0VpEHgTZ63ViRvnu -XP+DXK0xoztypOWIxg0R9XYtFazVvRUFTal1qY7U3wzwDplz5AYGwJZBv+tTJot+ -7OojRKWzmg3CLAnCYciwFA2/tkgYP4sFGqQ9iCSY6nt6DL/zuILbUP38s/8pYEPg -yRY+408oomBqyG04ORGa1NIH9DHKxfmLc/h2w8flB/eyvw== ------END AGE ENCRYPTED FILE----- +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ Asu1kzCEtQmXGuPOZNbOJqmshYQRsWXSjlwuBQ6Y5mk +N5Ydknr2H1SHw8Y8BKNn+j3J/L5MVovqkHsbQFa6Rv4 +-> p4*9mI9U-grease \7ZD]9w0 +FqfyFIz/blFfEtBAwGYAmA6Wkv3GeMcTe8bTCBkmEcPpZyQ0XcYSUb9peUtl +--- 6HFThIK/yZAkX9XoLs8PWKjagjnIz8+YjBjWxDeFAVo +NnNaF|LkC5^@/WM8wKݯWrgMGKzTM,Oob q>X=XS]+P%"Y=.Y0vGR XJ#/7FJm +&OiPy9F5x@ \ No newline at end of file diff --git a/overlays/default.nix b/overlays/default.nix index 65b823e..b26ae87 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,6 +1,14 @@ self: super: { + citrix_workspace = super.citrix_workspace.overrideAttrs (old: { + src = super.fetchurl { + name = "linuxx64-24.2.0.65.tar.gz"; + url = "https://dl.webhippie.de/misc/citrix-workspace-x64-24.2.0.65.tar.gz"; + hash = "sha256-6utdO9B51OXJcH2mf196Jct2XhnDbQGGEpBlXb8qruQ="; + }; + }); + vscode-extensions = self.lib.recursiveUpdate super.vscode-extensions { dzhavat.bracket-pair-toggler = self.vscode-utils.extensionFromVscodeMarketplace { name = "bracket-pair-toggler"; @@ -17,8 +25,14 @@ self: super: signageos.signageos-vscode-sops = self.vscode-utils.extensionFromVscodeMarketplace { name = "signageos-vscode-sops"; publisher = "signageos"; - version = "0.8.0"; - sha256 = "sha256-LcbbKvYQxob2zKnmAlylIedQkJ1INl/i9DSK7MemW9Y="; + version = "0.9.1"; + sha256 = "sha256-b1Gp+tL5/e97xMuqkz4EvN0PxI7cJOObusEkcp+qKfM="; + }; + Vue.volar = self.vscode-utils.extensionFromVscodeMarketplace { + name = "volar"; + publisher = "Vue"; + version = "2.0.11"; + sha256 = "sha256-EyULg2yS/aqf0ipUQKFjW1WJIHECr26/JIQ+UuTPSLk="; }; }; @@ -49,16 +63,23 @@ self: super: gh-markdown-preview = super.callPackage ./gh-markdown-preview { }; gh-poi = super.callPackage ./gh-poi { }; + kubectl-deprecations = super.callPackage ./kubectl-deprecations { }; kubectl-get-all = super.callPackage ./kubectl-get-all { }; kubectl-images = super.callPackage ./kubectl-images { }; kubectl-ktop = super.callPackage ./kubectl-ktop { }; + kubectl-moco = super.callPackage ./kubectl-moco { }; kubectl-neat = super.callPackage ./kubectl-neat { }; kubectl-oomd = super.callPackage ./kubectl-oomd { }; + kubectl-outdated = super.callPackage ./kubectl-outdated { }; kubectl-pexec = super.callPackage ./kubectl-pexec { }; + kubectl-pod-lens = super.callPackage ./kubectl-pod-lens { }; + kubectl-rakkess = super.callPackage ./kubectl-rakkess { }; kubectl-realname-diff = super.callPackage ./kubectl-realname-diff { }; kubectl-resource-versions = super.callPackage ./kubectl-resource-versions { }; + kubectl-rolesum = super.callPackage ./kubectl-rolesum { }; kubectl-split-yaml = super.callPackage ./kubectl-split-yaml { }; kubectl-view-secret = super.callPackage ./kubectl-view-secret { }; + kubectl-who-can = super.callPackage ./kubectl-who-can { }; kubectl-whoami = super.callPackage ./kubectl-whoami { }; khelm = super.callPackage ./khelm { }; diff --git a/overlays/gh-dash/default.nix b/overlays/gh-dash/default.nix index ac2e922..ac78238 100644 --- a/overlays/gh-dash/default.nix +++ b/overlays/gh-dash/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "gh-dash"; - version = "3.7.9"; + version = "3.14.0"; src = fetchFromGitHub { owner = "dlvhdr"; repo = "gh-dash"; rev = "v${version}"; - sha256 = "sha256-loAtRXns7plBeVOM+d/euyRS86MG+NRhGB4WpHT7KlM="; + sha256 = "sha256-6YPUGOQ2KBfu+3XAgub9Cpz0QBrU2kV+gq13tUtzY+w="; }; - vendorHash = "sha256-0ySTcQDM7Dole6ojnhr7vwUWOM4p6kFN69VqMP0jAY0="; + vendorHash = "sha256-jCf9FWAhZK5hTzyy8N4r5dfUYTgESmsn8iKxCccgWiM="; ldflags = [ "-s" diff --git a/overlays/gh-markdown-preview/default.nix b/overlays/gh-markdown-preview/default.nix index 6c730f4..d93da39 100644 --- a/overlays/gh-markdown-preview/default.nix +++ b/overlays/gh-markdown-preview/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "gh-markdown-preview"; - version = "1.4.1"; + version = "1.4.2"; src = fetchFromGitHub { owner = "yusukebe"; repo = "gh-markdown-preview"; rev = "v${version}"; - sha256 = "sha256-Q+e3j+X/ZsLdkTBkuu028Rl4iw+oES2w6CDQiwN+CtU="; + sha256 = "sha256-UBveXL4/3GxxIVjqG0GuTbkGkzXFc/stew2s+dTj9BI="; }; vendorHash = "sha256-O6Q9h5zcYAoKLjuzGu7f7UZY0Y5rL2INqFyJT2QZJ/E="; diff --git a/overlays/gh-poi/default.nix b/overlays/gh-poi/default.nix index 6015287..cc4ae66 100644 --- a/overlays/gh-poi/default.nix +++ b/overlays/gh-poi/default.nix @@ -2,13 +2,13 @@ buildGoModule rec { pname = "gh-poi"; - version = "0.9.3"; + version = "0.9.8"; src = fetchFromGitHub { owner = "seachicken"; repo = "gh-poi"; rev = "v${version}"; - sha256 = "sha256-Oh0l+WUj2G6EBhyhF1YVlyTsbH9eyK0R5heAfp6zUUc="; + sha256 = "sha256-QpUZxho9hzmgbCFgNxwwKi6hhfyqc4b/JYKH3rP4Eb8="; }; vendorHash = "sha256-D/YZLwwGJWCekq9mpfCECzJyJ/xSlg7fC6leJh+e8i0="; diff --git a/overlays/khelm/default.nix b/overlays/khelm/default.nix index 5c248e0..f57625e 100644 --- a/overlays/khelm/default.nix +++ b/overlays/khelm/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "khelm"; - version = "2.3.0"; + version = "2.3.3"; src = fetchFromGitHub { owner = "mgoltzsche"; repo = pname; rev = "v${version}"; - sha256 = "sha256-Rh3goHrtoB/cPDcQqGTCCY9FHtoxCD/wJX7EtsY1KA4="; + sha256 = "sha256-S4+aNte+L5aPQga3543AeRuorpVtsTFHWGmcl5Djxd8="; }; - vendorHash = "sha256-LN6Jnv/XBgHeogJoi+jcgNVG9/WDb9d/UgyuUzhiafw="; + vendorHash = "sha256-lpJ+qcUnTW32j00/5MtwTojtfrlLysSkAArnUnjJQmU="; doCheck = false; diff --git a/overlays/ksops/default.nix b/overlays/ksops/default.nix index b3cd17b..9c15a14 100644 --- a/overlays/ksops/default.nix +++ b/overlays/ksops/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "ksops"; - version = "4.2.1"; + version = "4.3.1"; src = fetchFromGitHub { owner = "viaduct-ai"; repo = "kustomize-sops"; rev = "v${version}"; - sha256 = "sha256-Jm4mA91fyXQ8eScvRGDAmCBFVqT2GP57XIBZQo/bApg="; + sha256 = "sha256-zEiRbbQzUqFHNtrzyZDNEaXT/T+TfB6KqOXkdjrCiW4="; }; - vendorHash = "sha256-tNYPgXFDJuNRlrVE0ywg77goNzfoWHFVzOG9mHqK3q8="; + vendorHash = "sha256-aNrhS4oCG5DB3yjolWL49DtNqZA5dNRqQ2YPBeKQzWI="; postInstall = '' mv $out/bin/kustomize-sops $out/bin/ksops diff --git a/overlays/kubectl-deprecations/default.nix b/overlays/kubectl-deprecations/default.nix new file mode 100644 index 0000000..8616f41 --- /dev/null +++ b/overlays/kubectl-deprecations/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-deprecations"; + version = "1.7.1"; + + src = fetchFromGitHub { + owner = "kubepug"; + repo = "kubepug"; + rev = "v${version}"; + sha256 = "sha256-VNxaYQy81U0JWd6KS0jCvMexpyWL4v1cKpjxLRkxBLE="; + }; + + vendorHash = "sha256-HVsaQBd7fSZp2fOpOOmlDhYrHcHqWKiYWPFLQX0azEw="; + + doCheck = false; + subPackages = [ "." ]; + + postInstall = '' + mv $out/bin/kubepug $out/bin/kubectl-deprecations + ''; + + meta = with lib; { + description = "A kubectl plugin to preupgrade checks"; + homepage = "https://github.com/kubepug/kubepug/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-moco/default.nix b/overlays/kubectl-moco/default.nix new file mode 100644 index 0000000..213f783 --- /dev/null +++ b/overlays/kubectl-moco/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-moco"; + version = "0.20.2"; + + src = fetchFromGitHub { + owner = "cybozu-go"; + repo = "moco"; + rev = "v${version}"; + sha256 = "sha256-AubGcEFogKNJI6fDyc95yKdMzqAaQ4rEH+etJ1tTmB4="; + }; + + vendorHash = "sha256-Njy+oGu7TBShDjFd06ijRv6x6xlsYYdy2upvLL1MBwQ="; + + doCheck = false; + subPackages = [ "cmd/kubectl-moco" ]; + + meta = with lib; { + description = "A kubectl plugin that interacts with the Moco MySQL operator"; + homepage = "https://github.com/cybozu-go/moco/"; + license = licenses.asl20; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-outdated/default.nix b/overlays/kubectl-outdated/default.nix new file mode 100644 index 0000000..5f960af --- /dev/null +++ b/overlays/kubectl-outdated/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-outdated"; + version = "0.4.1"; + + src = fetchFromGitHub { + owner = "replicatedhq"; + repo = "outdated"; + rev = "v${version}"; + sha256 = "sha256-01rQAGSoAD/lMHSth4FvYXnvpW2zyXGQNKq70HQKPFU="; + }; + + vendorHash = "sha256-EbLIsOqg4uQB6ER/H05zaFC6sTxCPIQUZUhRgW1i9KQ="; + + doCheck = false; + subPackages = [ "cmd/outdated" ]; + + postInstall = '' + mv $out/bin/outdated $out/bin/kubectl-outdated + ''; + + meta = with lib; { + description = "A kubectl plugin to find and report outdated images"; + homepage = "https://github.com/replicatedhq/outdated/"; + license = licenses.asl20; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-pod-lens/default.nix b/overlays/kubectl-pod-lens/default.nix new file mode 100644 index 0000000..0cb594b --- /dev/null +++ b/overlays/kubectl-pod-lens/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-pod-lens"; + version = "0.3.1"; + + src = fetchFromGitHub { + owner = "sunny0826"; + repo = "kubectl-pod-lens"; + rev = "v${version}"; + sha256 = "sha256-KoNQWAKdHcdkyMR1lr8CrLc0AxK4WszWqw0zKP2n9sY="; + }; + + vendorHash = "sha256-V6iHO+eNDWP+IEcG2PnCAyGISw/VU8yz5UTe4JZCZKk="; + + doCheck = false; + subPackages = [ "cmd/plugin" ]; + + postInstall = '' + mv $out/bin/plugin $out/bin/kubectl-pod_lens + ''; + + meta = with lib; { + description = "A kubectl plugin to show pod-related resources"; + homepage = "https://github.com/sunny0826/kubectl-pod-lens/"; + license = licenses.asl20; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-rakkess/default.nix b/overlays/kubectl-rakkess/default.nix new file mode 100644 index 0000000..47c212b --- /dev/null +++ b/overlays/kubectl-rakkess/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-rakkess"; + version = "0.5.1"; + + src = fetchFromGitHub { + owner = "corneliusweig"; + repo = "rakkess"; + rev = "v${version}"; + sha256 = "sha256-igovWWk8GfNmOS/NbZWfv9kox6QLNIbM09jdvA/lL3A="; + }; + + vendorHash = "sha256-lVxJ4wFBhHc8JVpkmqphLYPE9Z8Cr6o+aAHvC1naqyE="; + + doCheck = false; + subPackages = [ "." ]; + + postInstall = '' + mv $out/bin/rakkess $out/bin/kubectl-rakkess + ''; + + meta = with lib; { + description = "A kubectl plugin to show an access matrix"; + homepage = "https://github.com/corneliusweig/rakkess/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-realname-diff/default.nix b/overlays/kubectl-realname-diff/default.nix index d5890b6..e53ad24 100644 --- a/overlays/kubectl-realname-diff/default.nix +++ b/overlays/kubectl-realname-diff/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kubectl-realname-diff"; - version = "0.2.3"; + version = "0.3.0"; src = fetchFromGitHub { owner = "hhiroshell"; repo = "kubectl-realname-diff"; rev = "v${version}"; - sha256 = "sha256-H9+a7nb90AI2VUiii0LbDdik+Ihe1blSdLYwJRVRE8w="; + sha256 = "sha256-VgcG5Hptu65O2+WqUl6nsSvfJ4MN8TrlgoKKV3iMUss="; }; - vendorHash = "sha256-Hw7f9nJvcslr6wbmjz9XtMxAm2XYVb4yhW2LssQOxrQ="; + vendorHash = "sha256-XJZ9/JKj+WT3TffNP1Z0y5jws2wqZotzzV/1pk+AJkU="; doCheck = false; subPackages = [ "cmd/kubectl-realname_diff" ]; diff --git a/overlays/kubectl-rolesum/default.nix b/overlays/kubectl-rolesum/default.nix new file mode 100644 index 0000000..f145f5c --- /dev/null +++ b/overlays/kubectl-rolesum/default.nix @@ -0,0 +1,25 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-rolesum"; + version = "1.5.5"; + + src = fetchFromGitHub { + owner = "Ladicle"; + repo = "kubectl-rolesum"; + rev = "v${version}"; + sha256 = "sha256-IO0QMDTbQXxs6UvaiobmrqVTHdmBTnUA3kMYKMgc+A8="; + }; + + vendorHash = "sha256-gQrMTD5toSeMPJb9LEbLaU1pB7DzOzSsVqDaL+cPvcw="; + + doCheck = false; + subPackages = [ "." ]; + + meta = with lib; { + description = "A kubectl plugin to summarize RBAC roles"; + homepage = "https://github.com/Ladicle/kubectl-rolesum/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/overlays/kubectl-view-secret/default.nix b/overlays/kubectl-view-secret/default.nix index e019063..e6dfa42 100644 --- a/overlays/kubectl-view-secret/default.nix +++ b/overlays/kubectl-view-secret/default.nix @@ -2,16 +2,16 @@ buildGoModule rec { pname = "kubectl-view-secret"; - version = "0.11.0"; + version = "0.12.0"; src = fetchFromGitHub { owner = "elsesiy"; repo = "kubectl-view-secret"; rev = "v${version}"; - sha256 = "sha256-IdbJQ3YCIPcp09/NORWGezqjbwktObN7TuQdq5uAN4A="; + sha256 = "sha256-5X5rOoERx6HoG3cOBpYm12anMXXDjTtHZzQOOlJeJSs="; }; - vendorHash = "sha256-Q6OosaHDzq9a2Nt18LGiGJ1C2i1/BRYGaNEBeK0Ohiw="; + vendorHash = "sha256-oQvmS05nev+ypfkKAlTN+JbzPux5iAzHsojW8SxtB70="; doCheck = false; subPackages = [ "cmd" ]; diff --git a/overlays/kubectl-who-can/default.nix b/overlays/kubectl-who-can/default.nix new file mode 100644 index 0000000..0317ec7 --- /dev/null +++ b/overlays/kubectl-who-can/default.nix @@ -0,0 +1,29 @@ +{ lib, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "kubectl-who-can"; + version = "0.4.0"; + + src = fetchFromGitHub { + owner = "aquasecurity"; + repo = "kubectl-who-can"; + rev = "v${version}"; + sha256 = "sha256-nyUDzNxlizSr3P3dh9Cz/9CaMfmjeE9qSJkCLo4lBqw="; + }; + + vendorHash = "sha256-KWLuS29aI3XqqyJAY9DVX+ldFU53vEumpBKUwinhYGQ="; + + doCheck = false; + subPackages = [ "cmd/kubectl-who-can" ]; + + postInstall = '' + mv $out/bin/kubectl-who-can $out/bin/kubectl-who_can + ''; + + meta = with lib; { + description = "A kubectl plugin to show who has RBAC permissions"; + homepage = "https://github.com/aquasecurity/kubectl-who-can/"; + license = licenses.mit; + maintainers = with maintainers; [ tboerger ]; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1082bc5..1835d06 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -12,13 +12,14 @@ let in { "services/acme/credentials.age".publicKeys = users ++ systems; - + "services/cloud/password.age".publicKeys = users ++ systems; + "services/gallery/password.age".publicKeys = users ++ systems; "services/tailscale/authkey.age".publicKeys = users ++ systems; - "services/shares/printer.age".publicKeys = users ++ systems; - "services/shares/media.age".publicKeys = users ++ systems; - "users/root/password.age".publicKeys = users ++ systems; + "users/printer/password.age".publicKeys = users ++ systems; + "users/media/password.age".publicKeys = users ++ systems; + "users/thomas/password.age".publicKeys = users ++ systems; "users/anna/password.age".publicKeys = users ++ systems; "users/adrian/password.age".publicKeys = users ++ systems; diff --git a/secrets/services/acme/credentials.age b/secrets/services/acme/credentials.age index 1842e2c0fa1f756b5ca133ea7f6364e58d315cfa..8d846ea4aeee1450d4f9fa05e0bc58b26f297e0d 100644 GIT binary patch delta 473 zcmV;~0Ve*A1dardEPq8)SV3WIX-jlscuq?-Pj+!kYFAP>ZbC3tb2e}{RA*5ycu7%c zN^MC|a|%R7RCi}aYFRI3XhvyKNHu9#b4O$=PgPh$Oe;`BIcjryYGzt`V=F^ANeV4K zAaiqQEoEdfH8n9gAY@2TXGl>XP-sngRAWU?GImQ@VR}ML3CD2LP=OiZc;L0GeUG&Oip4eX>@RBYf5N$cP}^!EiEk|O?gpq zNlax`P%~+GNia!qR7PlSSWqu#MrSZiGHz~7M|o|3RZ(ncX;w2)3a=}}BV;)0QhLMs zMdKe^IMEk_$Wvowpm3X(Gt@l8hLC>#MedpH+1eob`^1n6^FT^GRjgi887QQ29}3zJ zmpk6yij@lK+ZP&SDecuHA{S3<-#N6MHs0i7_&bUwl*b)H{kVQwQADBK3SutH0%P_N Pw70Mb3Z%DAB0HO92qdr- delta 473 zcmV;~0Ve*A1dardEPpjeaB^o(cu_Y-WJhFBOjK`pH$-)8Ni;G?RYNi>YBFY1Z#Xnn zK`UfuX9`9&SYsXNi}#>NmVsDR%Ka4V^U!=Q$|%mLojD`HbO{tZZt(^ zX?S*ZX-#iXVP-^G3T8}4YAw1-QbuZYZ8I-9W-C&4Gf#9>YA|?fHbF%S zFjjFyRz^=acxp3pWO;XDLU?&sS4l)~c1>e8bw@TaM|DjvZE-_pH#BPsEiEk|Wie=a zRB%d4aB(q2cX)GYMloSkR!4SvM{-YCGD1;AZca~sS5#SMHc4_(3bCd^;QKsK3M*Qh z9=x3;yrdIWe=yx6ZO3Z5J?s$LNN!CQxQmp>OJ;Q)wmHuQ_v`M}q}~YO;$BWxQ^kG$ z`u9kVlhXNc#4%h_<{CNp`j6J2XT4Z_yYNZOFtWKBg3b?u$G4tTi$65QF$=GDc>dj6 PX4!`blb_N&0PMCB@Mp3@ diff --git a/secrets/services/cloud/password.age b/secrets/services/cloud/password.age new file mode 100644 index 0000000..b5782f8 --- /dev/null +++ b/secrets/services/cloud/password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ 4CPxY5rGtjoYVereenuG6JUcWtyE9WaXXgdkXAKhuEg +EjXFUF7omJsPJV3GfuR0OwViMgMK3VYYH/vSyQ2vgQg +-> ssh-ed25519 dHPgHQ X1eBYMbvHsB8K/uU+FYtRPKmeHDTV+nrwuXMTEyB7Gg +qn4vjH7hGHFK4eLUQ9IMEIlh3NYup009gA232pIWqNE +-> ssh-ed25519 w/1rQA 0S0LLqSY3nb730Hp4jY1JX1wZrXk4OI5Wd+FGoXUuEE +EeH8s5D8jqAReq14TG8vtob7vfaWXVcXSkJ7DgBiDSg +--- 3RkU2mfoiTxtY4UyImzwq9IUouuB9Cmpd88zjaePEmg +ud5M3NfъcHn0Kf# \ No newline at end of file diff --git a/secrets/services/gallery/password.age b/secrets/services/gallery/password.age new file mode 100644 index 0000000000000000000000000000000000000000..26c5d5944f4b995c29f779378ecbdaf51ab7aaf0 GIT binary patch literal 447 zcmZ9{%Z`&!002-|Cd0zSm77T1-fcC ztnJe7E43J*a+2+Leq38Hl*c8qaySZ*biy@v!m+GHS>Jnv-fS&8M>-G-g@oGLU*9AO#2|ZPP%jNSb!!UFcFOuTK^Xl>c_q8$Yu!R>!uqwM_9cl0s8SRb1ZWqrjg?eP-$DgUu u-P@nu-OC@pzT6J;XHWjVdzzg6`Tg+x!TIH<_x{D#%a3o)Zohx)KKug~IF$+j literal 0 HcmV?d00001 diff --git a/secrets/services/shares/media.age b/secrets/services/shares/media.age deleted file mode 100644 index b3ac76f8f299447475eee099c16ea6b1ba2abdea..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 506 zcmZ9_yNlCs003Y&F(59=fi79j!4QAVtNGxVbr95#gM4aS(iRgOlJY90+pzegD8W^gY~*M(HxiCvkK=PJOT-5d0>Z zWdZKFB*PFKn&dsAZKBQHgaQ?%YU+T|ZMAO}X3*3$yY9+GthQl5(M9SwMq7Z$gi3f> zH|M%#M7-AyX9O6Ldf*6rE^QZjE_Kt`!ulPMmZvvY?)b8aG7WOL@J(jwC?O~r)dzwY zv0xVn>WHe_jszD5bo=|9x-~(%6NDkYY zo!&}7q-F!96Lw5ylw>nYdM8s17?W009Pko=E*(}&sJD5ya-rRi5k+f6t=y@Xnlqf) zSP90uIl84~HIc0?#g+%BSf1MnmdZ4O<2VXo+EF^3nslQIo7lQ?n*n4ityRsb$W{U7 z%(|G(kun&U$p3R+QL%vQXMg|E$M@5-kK<22xmOR~{5c+6{4ibZp^vUT-P{tm&db+F zS8jaak;8*C-ygn>dfm^IpsrWFcOTzxZXd<_7kpPP1{P*GNV8i_eo~-U>+NBql N?`@P@zxMa8o&bFpuDAdI diff --git a/secrets/services/shares/printer.age b/secrets/services/shares/printer.age deleted file mode 100644 index 9b82ec25c262dd2b4d42fcae23cc2ff395f65870..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 506 zcmZ9_J&V&|007`~@g%E*laNiN#C%=SbWxkPAMd3}+cZfp4TsPsX__WY)1*n-+;O0; z-ck@jTwENK!o{Sv>Fr2d6vS@A(5y-?1?}Fr#HScc;PaY2@H3iC}lo zI38iPMKKInLc_UAwq(>$p;6EXsn(HIht4%|5Z8G&=yeqnxNKr56{AN2K4iNbVi`rA zhoz2Sx=Gtm3}W&529dzONr@BM-q~5%|jh5vZ2EB zS+F3?CeZbcJ6p<k4A*zqyrNU9XbXzsuL2{eE|Hw)W@lkK>2h_G0JB@`1Vfx%c_> z%bws~m*@Ab)BfK}_5GQ#>u*1ParWrw)k^!+KX?ufneV@fg{L>a9UUCg_nIG_m+AV( Qhu3T8{^9EF*OT}E0SY#?FaQ7m diff --git a/secrets/services/tailscale/authkey.age b/secrets/services/tailscale/authkey.age index 023b0a2..0948559 100644 --- a/secrets/services/tailscale/authkey.age +++ b/secrets/services/tailscale/authkey.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 ptT1OQ twHQbNhYqtvZb77QWHhmPF2iTMO0h0lOGldTfBpcllY -XERC8DFb1TpQrZWFkQPOdTlbRXnvIGIwRKME45ToVG0 --> ssh-ed25519 dHPgHQ 016ufoJK5rw9z2pn+8GSvm1KwiYPJsvOLxvzTvzbbDI -oB9byoHjfvqY3nYNRWjMuK8midNq2J7VmpljIJJPazQ --> ssh-ed25519 w/1rQA 3BkJ/r0V12Gt5GT8egr1Nh06d45gJPsyUeE86b2bjDU -f4lcVlWv/KKw3qiw5Eu9+iyjA6cpX6R8bwW6Fxg+bC4 ---- 9JnuaZljT4YxTNhTyJWHFPEC3GDMetmlCMYEUOH6qrg -noYEGd&[BiRWSRB:l0C @51À @Ҩ+#tC U+ \ No newline at end of file +-> ssh-ed25519 ptT1OQ J3kDmGc+jH6NRrOhS4Dr4zsu1/z42GLr5NdDRv+iTXk +DdlUq0WeflALAlJUOP5ijsfVQR09o5pbtQaALhgeIvQ +-> ssh-ed25519 dHPgHQ haumlPX9NC//HJGLfhfwNRHUK8R1KSomkJl8Xzh5tSE +HDsnHyF46OFkDuBX0FFzHO7y5PcW933h7rAr4Gl8Dgs +-> ssh-ed25519 w/1rQA P700mlIIgIYJIJfGVfaJnMQLIUC8L1wSDXgk9W6hez4 +wh4/Yod+VR5FpPHre4MlLxgpXPY58pqqcTeERf0oHvM +--- O76vmmBpuhj02EeYLnFTq5FkY5F+xn77GlOfQ1fBIAU +kE 47 +cT_Yl10gLp q&*$2:`k%;~t#g̫xW*. \ No newline at end of file diff --git a/secrets/users/adrian/password.age b/secrets/users/adrian/password.age index 70063c0..9241faa 100644 --- a/secrets/users/adrian/password.age +++ b/secrets/users/adrian/password.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 ptT1OQ VORR85HHMDD3b0/TkoEDTzYmiQ4Yr+d/xXdOWr+ZIig -TLkJIQT9y3SI4n4KPzN+k8rglqmdjaR/U8CgxxiOTZQ --> ssh-ed25519 dHPgHQ dP7NziVF30ixfk/n13aW5il4n58DYv0ohmPXEh65dSs -losq32Ll313RSmaZ3YxNw9sdN7WdjtOXZMBKYG1z+74 --> ssh-ed25519 w/1rQA PxWEgRM7o5L9ohNdnqlsv8nT/q4X8RT0gNnyrFlrNCc -ZP99FPSYXGU3qh/2W4R8X3NU/mGo5PGcW/atJJFsmV0 ---- WEJtbLTrcHwvTt/T2kGkmVf2pZ/NFFQM44BNwJfWmvs -'TGLMB;`%}6 0Jբw_P"r0pFIWڀ7,hT<1LRpR0 ݽ|įUn=FjceITrI{0U \ No newline at end of file +-> ssh-ed25519 ptT1OQ QoDPjPsAk+20bxAtbBzFxtbI5jtSi5b9GsyjQFNSxk0 +sKe/Ens+2jmR9nICcdn98GTFTOO99mTGUZzwHGhDoCs +-> ssh-ed25519 dHPgHQ sgh+q8g1ReG0n612l10LdJygH54AFV+W2rKwpMtfLjs +QeY8CdCdDBj4hbiLxB3drxmXKi3vE+y0uAoC5vQrNuE +-> ssh-ed25519 w/1rQA KmJ1MxNJpoBeJnFqRh+sd5bsZP9OqUv4fYU8ly1KDxA +KRk9CN1SWYEEivH0yoaiQWqupkvbSqT/gG0+FG/yDKY +--- 2624wRYJu+XLPBrxW5C9J30cszA5VcmGRMp09ppoNSU +#^eGŠ)$r f*!" epqSYj3:{OEu A 0&`xOCl[~*CǍ \ No newline at end of file diff --git a/secrets/users/anna/password.age b/secrets/users/anna/password.age index 2971cadbbf0e59d50e098f4f1eadb9e3df937c37..a8d7cf7325d3885007aa60f64600031e647f313c 100644 GIT binary patch delta 452 zcmV;#0XzPi1o{JzEPrNAXKqJ&D|R+XV@hX4W@1EoLPbzwD`#kQV@7vTXhBprbu>mXL3w9k zM>%$8N@G+{VRBV#3QKBvSZ+{vPIpx+a8Y_~D{5nJaz#%>Gf!7JQf4btW=L#FQF3!D zXfS4Hk?|LQIYDq{HCQ=TP)Ax#XEb9rQ87VjN;N@aSZ6nDa6x8dG(|9VOG{)iW>zo? zZDD6{OiON5IB-%(Mk`uMHcWI^PI^N&N^fjxHY-p|NH#JxO;2rdb9GG$EiEk|PjV}C zSu{mVYiN0Ga8+?qRA^6BNNPhjHF#@obxT!ELw0p@Wp`smdQ4G43gkUVmZy(L2ZSq* z+N2F*!4GXKFNRY*bimLTPSJQ3@?S zAaiqQEoEdfH8n9gAY@2TXGl>XZA?&AdQnI*YHL_>O*wB_Z$@)OQBqS{OL1~xSV>fP zY*JEfRcUEtQ&L!G3Qj9?WleBpZ*Xo-WL0iuOfPe3Of_OLY-d7wW@t5LYb$nbIWaVC zGiWhYk?|LQQZ+?oSxskFV^(c7axYjmFjF@{YBpwfdNf0KMr$iZG(u)%H7iJ2SVUtA zNNG@UcUE~rX>f2zK~h>ZZgOgEOF1uadbxJ}nVM9VmHbF~qc33Mhbwz7fFmY;lax_SPPkBjLQ$=WR3Vloe&z8pANrn6- z<`ZrP;Tu;-nPYssnq!nBHkG;hem1`j(+1miSBXLFOFHoZOY}h2Tr0o^Tzdm#b7(?=y?rlsQ4t cJMU{1Oz ssh-ed25519 ptT1OQ 7bC/2+XflpTuYo8koiAWL3KKQtS51KrVFBd2X0DTB2Y +uYN4u4HSBrPRc9sBBsB0Egf53X2SHtj9ixLLQOlwS58 +-> ssh-ed25519 dHPgHQ 1XqbRk0MY6YwrVXtlaMWaanehgq/IlX92fdV4i3k2Ww +QrToCQ8700Ilzsp6kYoYq1FYozVC8b4gYF7hy47ums4 +-> ssh-ed25519 w/1rQA xdjSzVT43SL5c9b2jdZ5bxy0vdSGuvgf4q38FCgBzmI +/dLUn6z5I0/2PyvK5Jiu5EGjjGMcgkOwjk3pABvXFPU +--- 7NDsWPIH0wisLzVhB+PDgkFHM0FyPd0ESfw4xUoE1l0 +iSzI)R#(je?igk=CZ+N +muEB=M/_l \ No newline at end of file diff --git a/secrets/users/printer/password.age b/secrets/users/printer/password.age new file mode 100644 index 0000000..5a9ff40 --- /dev/null +++ b/secrets/users/printer/password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 ptT1OQ pc5hBofqsAf+D+0P4BxDR6IB5e9/5unEvKM3HQjueVM +eDCuxl53nfEBUXiVyp9kft29RWcNhw+kudh2wpxT5f4 +-> ssh-ed25519 dHPgHQ OjZ6YrxcAM2DhOiCofp9JCS9r9zw83AyGifAInL0E1w +Uu2InQepA0Cj0huvH7q6En/Iutb2yYNE3GitnsUeT4U +-> ssh-ed25519 w/1rQA CtF7xUrSASoNaO8mFFkLdNi7ONCySCnV0Omy0QZUQTs +XZh3RQXbMwUwAylESS4MGLmYiuZ0biw1pcxv8CNvZgg +--- vhR54M/zUWdos8VZ4SjLKbVntLrbZ4tS1FurTInUqcw +,YWOeXR4+D6GifqMZfkl+GgLBcM@DmUPfK=nRc$e2F>7}) zX+u$MFl}#dc1=?>3V3ovY)V;0Q+PCOXl`eAVs}?{LT592Mm2h8bxLz;Xj61CRAe+s zdUk1Jk?|LQHA{4Jcr|xqGtPBU^zXGm#USx75OLNIn}Qh7y7ZaHsyIYdZSHZNvRa71?sEiEk|F>6so zSz<43b#F6gGe=c4D_L|@N?21cD>HC6b4p`HbYXOJLuhYfGD1mN3K1n;se!){SH$sO zTk#e8siS}9Y%Q1!FE2TmpBfW#x((2)^_+g0L%KTQNT2=K#C$T9aPHld>HQ66AiXPJ u#Y(CHNOY)VlwT0^C>bZgC&E|_p(uy_&?Zt0XS=wRr{O~QkOrau>_WH#YN!7I delta 486 zcmVFH1smVo7LBQ88CHT32F9SXgjMMs!#& zVR}t?a|&xsS8QT2Oj30>VK7WtGHp3?X-r{yOHoX3cw}T_YjXV@zQ-RZvxEWqLw1NijxQG)7NpZEb2vPc~3gbaPT> zZc1}bGGc33R4`~!3TiS!HAgc`OhRa6YfVFXPEuMgT2pdYD>h1cSuiwhQEo$VV@7XC zcvDhYk?|LQN;ySVc}8ntG%!a+R7qNHH%nMYVohd6P)u}bOifueHbq2LRYYuOZ*4^i zYeYF!RycZbO><{YH*Q5&N^3J~SW;S9Q8`z2HdlMNf8VbZ%8ka8Y+!d1`BKYDrmtY#9I_Y-#45Y)Ok1ed>SG=FkmX`UCSq*u59;R)E7CHKtNyK4-dW(l5%wgUhb cXt^~N;Cb9C(>S4$WBEa<_BahthX&@IqK?$K8~^|S diff --git a/secrets/users/tabea/password.age b/secrets/users/tabea/password.age index 698d8d75175788be2769fd6e7d58e26097c8348d..4d6b826e536e97d16743246dd6b6940129d78036 100644 GIT binary patch delta 452 zcmV;#0XzPi1o{JzEPq3EO?fwDac4$QNlsdGP;h86I5B2uNN{<0R!1^PNLXoDZgECz zdTnTGQ3^$Hcr!6>GB-^#IWti+M>bh{F?dFBYgBbHRY7cWdO>zKHdSm|dM{^1NeV4K zAaiqQEoEdfH8n9gAY@2TXGl>XP-{tcSYOFgI~wYg&183Q$NiYEEfGH*!rfRcl0bax_jWH&$X#XF+Q*H7{0hOH4#-c`sy1 zbWkxtk?|LQMMp7OZBBGXWI;ntR9SXSQ&(niZ)`MpklYGgfN~ zaW8LBQ%P-1W=TU!O?EhVWlnTyb4N>IMM`xrb23CvQ!iv?Mo2*%4XR06)R}mB#-!{3 delta 486 zcmVXGIe2VZe~YCOmjjrNoZ7dXhw5SRZKEDRWC(yZZB|9 zZF)<0ZdGYCZERRL3RYKeGf`u9LPlD1R&!W)VPiLHVN`EdP%>dONNI0HVOmNtW_NHi zX-G#jk?|LQN=PtfFi%!8GBsl|ae6UAIXQ4odQ@g|Pik~)SZ**dVQN%MVnaqGAlPzM`2M4EiEk|Fi}QQ zFG6=VF=lsRLo!QgH8wVIaBxLdFL!e|W=S$nV_{~0MPq4kD{3%f3Jb9Qi(VlRk>%Q`Xrc%Pqfs0s zeWavf?CbUAL47ylui=`t8k}e%>b{1mUj_A=VP9Jt9b8g_L|i~4k1#>Zx$pHLhB~*$ clha`pzQbQTCU5(Y!SCOf*v=w3tHui)cYc?)!2kdN diff --git a/secrets/users/thomas/password.age b/secrets/users/thomas/password.age index 5083c4c..0d62e05 100644 --- a/secrets/users/thomas/password.age +++ b/secrets/users/thomas/password.age @@ -1,9 +1,10 @@ age-encryption.org/v1 --> ssh-ed25519 ptT1OQ ISOzPTpYzFoBqKXm1cYZf5FvQTriHZ4MWQUquGSuRWQ -9vkCwopdCGdgQKJ4KY4KW6S4M/VcjtE5DLxUOBvMGbk --> ssh-ed25519 dHPgHQ Pi4Hygk5IIehm6MxmA1Q858W7iCVhprEtu5BscXsrRk -rvfOAQhh615eO3X/XVVcKNJ56JPbl3m/KsyaQjjOn2s --> ssh-ed25519 w/1rQA RhwaABja0y+FOhd37gdPHNb8E34ClEZnyfSLp14WSAo -D2aMBABbl1HDTF074mFMQHz4GWwW19YQWe5rq3YyKN8 ---- s+H5xZvp+QMz9aRbvB91J2/ZSAbUOv3MRaob3hCBMXM -|El)fz̃M*J>փ*^1ac6tK@n=/o:-ĩ]upRJpF0l3NvɀG݉Vswdd<%Mlqa)a&ɳl \ No newline at end of file +-> ssh-ed25519 ptT1OQ pLVG/B8QnT7etJ9VGZ4bMpGehghllItNnCTqlfgNJDU +XQcgUSW51h5qE552Dgdn2S5nZpm4E5n6UhExXZSsppI +-> ssh-ed25519 dHPgHQ kRFbRxq9bxH0eBNWbQGlJWfsMod/QC6LhyJZxTBhVEw +hJrMpfCn0JwHrvyZQ/IxL8juPWfL7RIgNNm2Gu2gB2k +-> ssh-ed25519 w/1rQA pReAFyMQ/4OWGer+4NMHUAIlthSI3zVVfB63uZD4HC8 +ciLgOvAQ6I+Pcz+aWFqTwWwGgdrUF0oEK8tph4OBV84 +--- bDzDGZrV/i+deG81OgQoIdf7NXkz2lclWwsT1aB9H1E +լE4 3O + I :Ydڂ|_٠Q7(f91}Ʊ-u-7Btr|Q%CW` CgiHd2J=;%]∻4 \ No newline at end of file diff --git a/servers/vanaheim/default.nix b/servers/vanaheim/default.nix index c30b99c..f7c98cd 100644 --- a/servers/vanaheim/default.nix +++ b/servers/vanaheim/default.nix @@ -15,18 +15,21 @@ personal = { services = { + cloud = { + enable = config.personal.services.enable; + }; gallery = { enable = config.personal.services.enable; }; - media = { - enable = config.personal.services.enable; - }; - minecraft = { + archive = { enable = config.personal.services.enable; }; auth = { enable = config.personal.services.enable; }; + minecraft = { + enable = config.personal.services.enable; + }; tailscale = { enable = config.personal.services.enable; }; diff --git a/servers/vanaheim/disko.nix b/servers/vanaheim/disko.nix index dcc1d19..19911f9 100644 --- a/servers/vanaheim/disko.nix +++ b/servers/vanaheim/disko.nix @@ -147,6 +147,21 @@ }; }; + nextcloud = { + size = "100G"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/var/lib/nextcloud"; + }; + }; + + + + + + + kanidm = { size = "5G"; content = { @@ -327,14 +342,7 @@ }; }; - nextcloud = { - size = "1G"; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/var/lib/nextcloud"; - }; - }; + minecraft = { size = "1G"; diff --git a/servers/vanaheim/networking.nix b/servers/vanaheim/networking.nix index c8c57c3..dcf6096 100644 --- a/servers/vanaheim/networking.nix +++ b/servers/vanaheim/networking.nix @@ -21,5 +21,12 @@ }; }; }; + + nat = { + enable = true; + enableIPv6 = true; + internalInterfaces = [ "ve-+" ]; + externalInterface = "eth0"; + }; }; } diff --git a/shared/global/default.nix b/shared/global/default.nix new file mode 100644 index 0000000..826783a --- /dev/null +++ b/shared/global/default.nix @@ -0,0 +1,15 @@ +{ pkgs, lib, config, options, ... }: + +{ + imports = [ + ./general.nix + ./haveged.nix + ./network.nix + ./nixpkgs.nix + ./openssh.nix + ./shells.nix + ./sudo.nix + ./timesyncd.nix + ./users.nix + ]; +} diff --git a/shared/modules/global.nix b/shared/global/general.nix similarity index 100% rename from shared/modules/global.nix rename to shared/global/general.nix diff --git a/shared/global/haveged.nix b/shared/global/haveged.nix new file mode 100644 index 0000000..744bb4a --- /dev/null +++ b/shared/global/haveged.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +{ + config = { + services = { + haveged = { + enable = true; + }; + }; + }; +} diff --git a/shared/modules/network.nix b/shared/global/network.nix similarity index 100% rename from shared/modules/network.nix rename to shared/global/network.nix diff --git a/shared/modules/nixpkgs.nix b/shared/global/nixpkgs.nix similarity index 100% rename from shared/modules/nixpkgs.nix rename to shared/global/nixpkgs.nix diff --git a/shared/services/openssh.nix b/shared/global/openssh.nix similarity index 74% rename from shared/services/openssh.nix rename to shared/global/openssh.nix index ded1f2f..ba408cc 100644 --- a/shared/services/openssh.nix +++ b/shared/global/openssh.nix @@ -1,24 +1,8 @@ { pkgs, lib, config, options, ... }: with lib; -let - cfg = config.personal.services.openssh; - -in { - options = { - personal = { - services = { - openssh = { - enable = mkEnableOption "Openssh" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { + config = { services = { openssh = { enable = true; diff --git a/shared/modules/shells.nix b/shared/global/shells.nix similarity index 100% rename from shared/modules/shells.nix rename to shared/global/shells.nix diff --git a/shared/modules/sudo.nix b/shared/global/sudo.nix similarity index 100% rename from shared/modules/sudo.nix rename to shared/global/sudo.nix diff --git a/shared/global/timesyncd.nix b/shared/global/timesyncd.nix new file mode 100644 index 0000000..9ca2121 --- /dev/null +++ b/shared/global/timesyncd.nix @@ -0,0 +1,12 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +{ + config = { + services = { + timesyncd = { + enable = true; + }; + }; + }; +} diff --git a/shared/modules/users.nix b/shared/global/users.nix similarity index 100% rename from shared/modules/users.nix rename to shared/global/users.nix diff --git a/shared/modules/default.nix b/shared/modules/default.nix index 1963ccb..65335a7 100644 --- a/shared/modules/default.nix +++ b/shared/modules/default.nix @@ -2,11 +2,7 @@ { imports = [ - ./global.nix - ./network.nix - ./nixpkgs.nix - ./shells.nix - ./sudo.nix - ./users.nix + ./filebrowser.nix + ./prowlarr.nix ]; } diff --git a/shared/modules/filebrowser.nix b/shared/modules/filebrowser.nix new file mode 100644 index 0000000..9048ad5 --- /dev/null +++ b/shared/modules/filebrowser.nix @@ -0,0 +1,98 @@ +{ config, pkgs, lib, ... }: +with lib; + +let + cfg = config.services.filebrowser; + settingsFormat = pkgs.formats.json { }; +in +{ + options = { + services.filebrowser = { + enable = mkEnableOption "Filebrowser"; + + settings = mkOption rec { + type = settingsFormat.type; + apply = recursiveUpdate default; + default = { + address = "127.0.0.1"; + port = 8080; + log = "stdout"; + database = "/var/lib/filebrowser/database.db"; + }; + example = { + root = "/usr/share/filebrowser"; + }; + description = "Configuration for Filebrowser."; + }; + + openFirewall = mkOption { + type = types.bool; + default = false; + description = "Open ports in the firewall for the Filebrowser interface."; + }; + + user = mkOption { + type = types.str; + default = "filebrowser"; + description = "User under which Filebrowser runs."; + }; + + group = mkOption { + type = types.str; + default = "filebrowser"; + description = "Group under which Filebrowser runs."; + }; + + package = mkOption { + type = types.package; + default = pkgs.filebrowser; + defaultText = literalExpression "pkgs.filebrowser"; + description = "Filebrowser package to use."; + }; + }; + }; + + config = mkIf cfg.enable { + ids.uids = { + filebrowser = 327; + }; + + ids.gids = { + filebrowser = 327; + }; + + systemd.tmpfiles.rules = [ + "d '${dirOf cfg.settings.database}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.filebrowser = { + description = "Filebrowser"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${cfg.package}/bin/filebrowser --config ${settingsFormat.generate "filebrowser.json" cfg.settings}"; + Restart = "on-failure"; + }; + }; + + networking.firewall = mkIf cfg.openFirewall { + allowedTCPPorts = [ cfg.settings.port ]; + }; + + users.users = mkIf (cfg.user == "filebrowser") { + filebrowser = { + group = cfg.group; + home = dirOf cfg.settings.database; + uid = config.ids.uids.filebrowser; + }; + }; + + users.groups = mkIf (cfg.group == "filebrowser") { + filebrowser.gid = config.ids.gids.filebrowser; + }; + }; +} diff --git a/shared/modules/prowlarr.nix b/shared/modules/prowlarr.nix new file mode 100644 index 0000000..d9db0b1 --- /dev/null +++ b/shared/modules/prowlarr.nix @@ -0,0 +1,65 @@ +{ config, pkgs, lib, ... }: +with lib; + +let + cfg = config.services.prowlarr; +in +{ + options = { + services.prowlarr = { + dataDir = mkOption { + type = types.str; + default = "/var/lib/prowlarr/.config/NzbDrone"; + description = lib.mdDoc "The directory where Prowlarr stores its data files."; + }; + + user = mkOption { + type = types.str; + default = "prowlarr"; + description = lib.mdDoc "User account under which Prowlarr runs."; + }; + + group = mkOption { + type = types.str; + default = "prowlarr"; + description = lib.mdDoc "Group under which Prowlarr runs."; + }; + }; + }; + + config = mkIf cfg.enable { + ids.uids = { + prowlarr = 328; + }; + + ids.gids = { + prowlarr = 328; + }; + + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' 0700 ${cfg.user} ${cfg.group} - -" + ]; + + systemd.services.prowlarr = { + serviceConfig = { + Type = "simple"; + User = cfg.user; + Group = cfg.group; + ExecStart = "${lib.getExe cfg.package} -nobrowser -data='${cfg.dataDir}'"; + Restart = "on-failure"; + }; + }; + + users.users = mkIf (cfg.user == "prowlarr") { + prowlarr = { + group = cfg.group; + home = cfg.dataDir; + uid = config.ids.uids.prowlarr; + }; + }; + + users.groups = mkIf (cfg.group == "prowlarr") { + prowlarr.gid = config.ids.gids.prowlarr; + }; + }; +} diff --git a/shared/programs/default.nix b/shared/programs/default.nix index 9c4661b..f3d0a2d 100644 --- a/shared/programs/default.nix +++ b/shared/programs/default.nix @@ -4,6 +4,7 @@ with lib; { imports = [ ./browser.nix + ./lutris.nix ./mail.nix ./password.nix ./steam.nix diff --git a/shared/programs/lutris.nix b/shared/programs/lutris.nix new file mode 100644 index 0000000..fe75603 --- /dev/null +++ b/shared/programs/lutris.nix @@ -0,0 +1,26 @@ +{ pkgs, lib, config, options, ... }: +with lib; + +let + cfg = config.personal.programs.lutris; + +in +{ + options = { + personal = { + programs = { + lutris = { + enable = mkEnableOption "Lutris"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + lutris + ]; + }; + }; +} diff --git a/shared/programs/mail.nix b/shared/programs/mail.nix index 6eda62f..75b04e2 100644 --- a/shared/programs/mail.nix +++ b/shared/programs/mail.nix @@ -19,6 +19,7 @@ in config = mkIf cfg.enable { environment = { systemPackages = with pkgs; [ + # betterbird mailspring ]; }; diff --git a/shared/services/acme.nix b/shared/services/acme.nix index c6a5bdd..93b943f 100644 --- a/shared/services/acme.nix +++ b/shared/services/acme.nix @@ -17,6 +17,22 @@ in }; config = mkIf cfg.enable { + ids.uids = { + acme = 400; + }; + + ids.gids = { + acme = 400; + }; + + users.users.acme = { + uid = config.ids.uids.acme; + }; + + users.groups.acme = { + gid = config.ids.gids.acme; + }; + security = { acme = { acceptTerms = true; diff --git a/shared/services/archive/bazarr.nix b/shared/services/archive/bazarr.nix new file mode 100644 index 0000000..c1b5543 --- /dev/null +++ b/shared/services/archive/bazarr.nix @@ -0,0 +1,20 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-bazarr = { + enable = true; + }; + }; + }; + + bazarr = { + enable = true; + user = "media"; + group = "users"; + }; + }; +} diff --git a/shared/services/archive/default.nix b/shared/services/archive/default.nix new file mode 100644 index 0000000..a1e79f4 --- /dev/null +++ b/shared/services/archive/default.nix @@ -0,0 +1,149 @@ +{ pkgs, lib, config, options, fetchurl, ... }: +with lib; + +let + cfg = config.personal.services.archive; + hostAddress = "192.168.100.30"; + containerAddress = "192.168.100.31"; + +in +{ + options = { + personal = { + services = { + archive = { + enable = mkEnableOption "Archive"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + system = { + activationScripts = { + makeArchiveDir = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/nextcloud/{server,postgres,redis,backups} + ''; + }; + }; + + containers = { + archive = { + autoStart = true; + privateNetwork = true; + ephemeral = true; + + hostAddress = hostAddress; + localAddress = localAddress; + + bindMounts = { + + + + "/var/lib/sabnzbd" = { + hostPath = "/var/lib/sabnzbd"; + isReadOnly = false; + }; + "/var/lib/radarr" = { + hostPath = "/var/lib/radarr"; + isReadOnly = false; + }; + "/var/lib/sonarr" = { + hostPath = "/var/lib/sonarr"; + isReadOnly = false; + }; + "/var/lib/lidarr" = { + hostPath = "/var/lib/lidarr"; + isReadOnly = false; + }; + "/var/lib/prowlarr" = { + hostPath = "/var/lib/prowlarr"; + isReadOnly = false; + }; + "/var/lib/bazarr" = { + hostPath = "/var/lib/bazarr"; + isReadOnly = false; + }; + "/var/lib/filebrowser" = { + hostPath = "/var/lib/filebrowser"; + isReadOnly = false; + }; + "/var/lib/music" = { + hostPath = "/var/lib/music"; + isReadOnly = false; + }; + + + + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + imports = [ + ./networking.nix + ./tmpfiles.nix + ./jellyfin.nix + ./jellyseer.nix + ./sabnzbd.nix + ./radarr.nix + ./sonarr.nix + ./lidarr.nix + ./prowlarr.nix + ./bazarr.nix + ./filebrowser.nix + ]; + }; + }; + }; + + personal = { + services = { + webserver = { + enable = true; + + hosts = [ + { + domain = "request.boerger.ws"; + proxy = "http://${containerAddress}:5055"; + } + { + domain = "jellyfin.boerger.ws"; + proxy = "http://${containerAddress}:8096"; + } + { + domain = "sabnzbd.boerger.ws"; + proxy = "http://${containerAddress}:8080"; + } + { + domain = "radarr.boerger.ws"; + proxy = "http://${containerAddress}:7878"; + } + { + domain = "sonarr.boerger.ws"; + proxy = "http://${containerAddress}:8989"; + } + { + domain = "lidarr.boerger.ws"; + proxy = "http://${containerAddress}:8686"; + } + { + domain = "bazarr.boerger.ws"; + proxy = "http://${containerAddress}:6767"; + } + { + domain = "prowlarr.boerger.ws"; + proxy = "http://${containerAddress}:9696"; + } + { + domain = "music.boerger.ws"; + proxy = "http://${containerAddress}:8080"; + } + ]; + }; + }; + }; + }; +} diff --git a/shared/services/archive/filebrowser.nix b/shared/services/archive/filebrowser.nix new file mode 100644 index 0000000..3af8328 --- /dev/null +++ b/shared/services/archive/filebrowser.nix @@ -0,0 +1,16 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + filebrowser = { + enable = true; + user = "media"; + group = "users"; + + settings = { + root = "/var/lib/music"; + }; + }; + }; +} diff --git a/shared/services/archive/jellyfin.nix b/shared/services/archive/jellyfin.nix new file mode 100644 index 0000000..0f7bd85 --- /dev/null +++ b/shared/services/archive/jellyfin.nix @@ -0,0 +1,12 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + jellyfin = { + enable = true; + user = "media"; + group = "users"; + }; + }; +} diff --git a/shared/services/archive/jellyseer.nix b/shared/services/archive/jellyseer.nix new file mode 100644 index 0000000..a800945 --- /dev/null +++ b/shared/services/archive/jellyseer.nix @@ -0,0 +1,10 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + jellyseerr = { + enable = true; + }; + }; +} diff --git a/shared/services/archive/lidarr.nix b/shared/services/archive/lidarr.nix new file mode 100644 index 0000000..cd8f8ac --- /dev/null +++ b/shared/services/archive/lidarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-lidarr = { + enable = true; + }; + }; + }; + + lidarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/lidarr"; + }; + }; +} diff --git a/shared/services/archive/networking.nix b/shared/services/archive/networking.nix new file mode 100644 index 0000000..fd1555e --- /dev/null +++ b/shared/services/archive/networking.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ + + ]; + }; + }; + + services = { + resolved = { + enable = true; + }; + }; +} diff --git a/shared/services/archive/prowlarr.nix b/shared/services/archive/prowlarr.nix new file mode 100644 index 0000000..e199955 --- /dev/null +++ b/shared/services/archive/prowlarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-prowlarr = { + enable = true; + }; + }; + }; + + prowlarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/prowlarr"; + }; + }; +} diff --git a/shared/services/archive/radarr.nix b/shared/services/archive/radarr.nix new file mode 100644 index 0000000..f1ce877 --- /dev/null +++ b/shared/services/archive/radarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-radarr = { + enable = true; + }; + }; + }; + + radarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/radarr"; + }; + }; +} diff --git a/shared/services/archive/sabnzbd.nix b/shared/services/archive/sabnzbd.nix new file mode 100644 index 0000000..622d37e --- /dev/null +++ b/shared/services/archive/sabnzbd.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + sabnzbd = { + enable = true; + user = "media"; + group = "users"; + configFile = "/var/lib/sabnzbd/sabnzbd.ini"; + }; + }; +} diff --git a/shared/services/archive/sonarr.nix b/shared/services/archive/sonarr.nix new file mode 100644 index 0000000..e224a18 --- /dev/null +++ b/shared/services/archive/sonarr.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + exportarr-sonarr = { + enable = true; + }; + }; + }; + + sonarr = { + enable = true; + user = "media"; + group = "users"; + dataDir = "/var/lib/sonarr"; + }; + }; +} diff --git a/shared/services/archive/tmpfiles.nix b/shared/services/archive/tmpfiles.nix new file mode 100644 index 0000000..99c0d39 --- /dev/null +++ b/shared/services/archive/tmpfiles.nix @@ -0,0 +1,26 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + systemd = { + tmpfiles = { + rules = [ + + + + "d /var/lib/sabnzbd 0700 media users" + "d /var/lib/radarr 0700 media users" + "d /var/lib/sonarr 0700 media users" + "d /var/lib/lidarr 0700 media users" + "d /var/lib/prowlarr 0700 media users" + "d /var/lib/bazarr 0700 media users" + "d /var/lib/filebrowser 0700 media users" + + "d /var/lib/music 0700 media users" + + + + ]; + }; + }; +} diff --git a/shared/services/auth.nix b/shared/services/auth.nix index 8232bc4..c3f9558 100644 --- a/shared/services/auth.nix +++ b/shared/services/auth.nix @@ -3,6 +3,8 @@ with lib; let cfg = config.personal.services.auth; + hostAddress = "192.168.100.40"; + containerAddress = "192.168.100.41"; in { @@ -17,29 +19,119 @@ in }; config = mkIf cfg.enable { - services = { + networking.firewall = { + allowedTCPPorts = [ 636 ]; + }; - # TDB + containers = { + auth = { + autoStart = true; + privateNetwork = true; + ephemeral = true; - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; + hostAddress = hostAddress; + localAddress = containerAddress; - useACMEHost = "boerger.ws"; - forceSSL = true; + forwardPorts = [{ + protocol = "tcp"; + hostPort = 636; + containerPort = 636; + }]; + + bindMounts = { + "/var/lib/acme" = { + hostPath = "/var/lib/acme"; + isReadOnly = true; + }; + "/var/lib/kanidm" = { + hostPath = "/var/lib/kanidm"; + isReadOnly = false; + }; + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + systemd = { + tmpfiles = { + rules = [ "d /var/lib/kanidm 0700 kanidm kanidm" ]; }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; + }; + + environment = { + systemPackages = with pkgs; [ + sqlite + ]; + }; + + services = { + resolved = { + enable = true; + }; + + kanidm = { + enableServer = true; + + serverSettings = { + bindaddress = "0.0.0.0:8443"; + ldapbindaddress = "0.0.0.0:636"; + domain = "auth.boerger.ws"; + origin = "https://auth.boerger.ws"; + log_level = "info"; + tls_key = "/var/lib/acme/boerger.ws/key.pem"; + tls_chain = "/var/lib/acme/boerger.ws/fullchain.pem"; + }; + + enableClient = true; + + clientSettings = { + uri = "https://auth.boerger.ws"; }; }; - in - { - "auth.boerger.ws" = proxy 2342; }; + + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ 636 8443 ]; + }; + }; + + ids.uids = { + acme = 400; + }; + + ids.gids = { + acme = 400; + }; + + users = { + users = { + acme = { + home = "/var/lib/acme"; + group = "acme"; + isSystemUser = true; + uid = config.ids.uids.acme; + }; + + kanidm = { + extraGroups = [ + "acme" + ]; + }; + }; + }; + + users.groups = { + acme = { + gid = config.ids.gids.acme; + }; + }; + }; }; }; @@ -51,6 +143,13 @@ in webserver = { enable = true; + + hosts = [ + { + domain = "auth.boerger.ws"; + proxy = "https://${containerAddress}:8443"; + } + ]; }; }; }; diff --git a/shared/services/cloud.nix b/shared/services/cloud.nix deleted file mode 100644 index 6acb8c3..0000000 --- a/shared/services/cloud.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.cloud; - -in -{ - options = { - personal = { - services = { - cloud = { - enable = mkEnableOption "Cloud"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - nextcloud = { - enable = true; - hostName = "cloud.boerger.ws"; - webfinger = true; - https = true; - - # config = { - # overwriteProtocol = "https"; - # adminuser = "devops"; - # adminpassFile = ""; - # defaultPhoneRegion = "DE"; - # }; - - extraApps = { }; - }; - }; - }; -} diff --git a/shared/services/cloud/default.nix b/shared/services/cloud/default.nix new file mode 100644 index 0000000..00088f0 --- /dev/null +++ b/shared/services/cloud/default.nix @@ -0,0 +1,99 @@ +{ pkgs, lib, config, options, fetchurl, ... }: +with lib; + +let + cfg = config.personal.services.cloud; + hostAddress = "192.168.100.10"; + containerAddress = "192.168.100.11"; + +in +{ + options = { + personal = { + services = { + cloud = { + enable = mkEnableOption "Cloud"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + system = { + activationScripts = { + makeCloudDir = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/nextcloud/{server,postgres,redis,backups} + ''; + }; + }; + + containers = { + cloud = { + autoStart = true; + privateNetwork = true; + ephemeral = true; + + hostAddress = hostAddress; + localAddress = containerAddress; + + bindMounts = { + "/var/lib/nextcloud" = { + hostPath = "/var/lib/nextcloud-server"; + isReadOnly = false; + }; + "/var/lib/postgresql" = { + hostPath = "/var/lib/nextcloud-postgres"; + isReadOnly = false; + }; + "/var/lib/redis-nextcloud" = { + hostPath = "/var/lib/nextcloud-redis"; + isReadOnly = false; + }; + "/var/backups" = { + hostPath = "/var/lib/nextcloud-backups"; + isReadOnly = false; + }; + + "${config.age.secrets."services/cloud/password".path}" = { + isReadOnly = true; + }; + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + imports = [ + ./networking.nix + ./tmpfiles.nix + ./postgres.nix + ./redis.nix + ./nextcloud.nix + ]; + }; + }; + }; + + personal = { + services = { + webserver = { + enable = true; + + hosts = [ + { + domain = "cloud.boerger.ws"; + proxy = "http://${containerAddress}:80"; + } + ]; + }; + }; + }; + + age.secrets."services/cloud/password" = { + file = ../../../secrets/services/cloud/password.age; + owner = "999"; + group = "999"; + }; + }; +} diff --git a/shared/services/cloud/networking.nix b/shared/services/cloud/networking.nix new file mode 100644 index 0000000..f1fdf71 --- /dev/null +++ b/shared/services/cloud/networking.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ + 80 + ]; + }; + }; + + services = { + resolved = { + enable = true; + }; + }; +} diff --git a/shared/services/cloud/nextcloud.nix b/shared/services/cloud/nextcloud.nix new file mode 100644 index 0000000..9a8cc26 --- /dev/null +++ b/shared/services/cloud/nextcloud.nix @@ -0,0 +1,67 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + nextcloud = { + enable = true; + openFirewall = true; + user = "nextcloud"; + group = "nextcloud"; + url = "https://cloud.boerger.ws"; + username = "devops"; + passwordFile = "/run/agenix/services/cloud/password"; + }; + }; + }; + + nextcloud = { + enable = true; + + package = pkgs.nextcloud28; + + https = true; + hostName = "cloud.boerger.ws"; + + maxUploadSize = "1024M"; + + configureRedis = true; + webfinger = true; + extraAppsEnable = true; + + config = { + adminuser = "devops"; + adminpassFile = "/run/agenix/services/cloud/password"; + + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbuser = "nextcloud"; + dbname = "nextcloud"; + }; + + settings = { + trusted_proxies = [ ]; + + default_phone_region = "DE"; + overwriteProtocol = "https"; + + loglevel = 2; + logtype = "systemd"; + }; + + notify_push = { + enable = true; + }; + + autoUpdateApps = { + enable = true; + }; + + extraApps = { + inherit (pkgs.nextcloud28Packages.apps) calendar contacts cookbook groupfolders impersonate notify_push polls; + }; + }; + }; +} diff --git a/shared/services/cloud/postgres.nix b/shared/services/cloud/postgres.nix new file mode 100644 index 0000000..f536134 --- /dev/null +++ b/shared/services/cloud/postgres.nix @@ -0,0 +1,46 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + postgres = { + enable = true; + openFirewall = true; + runAsLocalSuperUser = true; + }; + }; + }; + + postgresql = { + enable = true; + + ensureDatabases = [ + "nextcloud" + ]; + + ensureUsers = [{ + name = "nextcloud"; + ensureDBOwnership = true; + }]; + }; + + postgresqlBackup = { + enable = true; + + databases = [ + "nextcloud" + ]; + }; + }; + + systemd = { + services = { + nextcloud-setup = { + after = [ "postgresql.service" ]; + requires = [ "postgresql.service" ]; + }; + }; + }; +} diff --git a/shared/services/cloud/redis.nix b/shared/services/cloud/redis.nix new file mode 100644 index 0000000..8299e3f --- /dev/null +++ b/shared/services/cloud/redis.nix @@ -0,0 +1,25 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + prometheus = { + exporters = { + redis = { + enable = true; + openFirewall = true; + }; + }; + }; + + redis = { + vmOverCommit = true; + + servers = { + nextcloud = { + port = 6379; + }; + }; + }; + }; +} diff --git a/shared/services/cloud/tmpfiles.nix b/shared/services/cloud/tmpfiles.nix new file mode 100644 index 0000000..e68b736 --- /dev/null +++ b/shared/services/cloud/tmpfiles.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + systemd = { + tmpfiles = { + rules = [ + "d /var/lib/postgresql 0750 postgres postgres" + "d /var/lib/redis 0750 redis-nextcloud redis-nextcloud" + ]; + }; + }; +} diff --git a/shared/services/default.nix b/shared/services/default.nix index 66afe9b..8d0b494 100644 --- a/shared/services/default.nix +++ b/shared/services/default.nix @@ -7,19 +7,18 @@ with lib; ./auth.nix ./desktop.nix ./docker.nix - ./gallery.nix ./hass.nix - ./haveged.nix ./homedns.nix ./libvirt.nix - ./media.nix ./minecraft.nix - ./openssh.nix ./printing.nix ./shares.nix ./tailscale.nix - ./timesyncd.nix ./webserver.nix + + ./archive + ./cloud + ./gallery ]; options = { diff --git a/shared/services/desktop.nix b/shared/services/desktop.nix index c44455f..ef6d719 100644 --- a/shared/services/desktop.nix +++ b/shared/services/desktop.nix @@ -57,7 +57,7 @@ in }; hardware = { - opengl = { + graphics = { enable = true; }; @@ -110,6 +110,7 @@ in # - org.gnome.Lollypop # - org.gnome.TextEditor # - org.gnome.Totem + # - org.gnome.Geary services = { # gnome = { @@ -165,23 +166,26 @@ in enable = true; }; + libinput = { + enable = true; + + touchpad = { + disableWhileTyping = false; + tapping = true; + tappingDragLock = false; + middleEmulation = true; + naturalScrolling = true; + scrollMethod = "twofinger"; + }; + }; + xserver = { enable = true; autorun = true; - layout = "de"; - xkbOptions = "eurosign:e"; - libinput = { - enable = true; - - touchpad = { - disableWhileTyping = false; - tapping = true; - tappingDragLock = false; - middleEmulation = true; - naturalScrolling = true; - scrollMethod = "twofinger"; - }; + xkb = { + options = "eurosign:e"; + layout = "de"; }; displayManager = { diff --git a/shared/services/docker.nix b/shared/services/docker.nix index 4fd1974..45558e8 100644 --- a/shared/services/docker.nix +++ b/shared/services/docker.nix @@ -17,6 +17,12 @@ in }; config = mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + lazydocker + ]; + }; + virtualisation = { docker = { enable = true; @@ -26,6 +32,10 @@ in dates = "weekly"; }; }; + + oci-containers = { + backend = "docker"; + }; }; }; } diff --git a/shared/services/gallery.nix b/shared/services/gallery.nix deleted file mode 100644 index ab40518..0000000 --- a/shared/services/gallery.nix +++ /dev/null @@ -1,61 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.gallery; - -in -{ - options = { - personal = { - services = { - gallery = { - enable = mkEnableOption "Gallery"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - # photoprism = { - # enable = true; - - # settings = { }; - # }; - - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; - - useACMEHost = "boerger.ws"; - forceSSL = true; - }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; - }; - }; - in - { - "gallery.boerger.ws" = proxy 2342; - }; - }; - }; - - personal = { - services = { - acme = { - enable = true; - }; - - webserver = { - enable = true; - }; - }; - }; - }; -} diff --git a/shared/services/gallery/default.nix b/shared/services/gallery/default.nix new file mode 100644 index 0000000..dabd8a7 --- /dev/null +++ b/shared/services/gallery/default.nix @@ -0,0 +1,91 @@ +{ pkgs, lib, config, options, fetchurl, ... }: +with lib; + +let + cfg = config.personal.services.gallery; + hostAddress = "192.168.100.20"; + containerAddress = "192.168.100.21"; + +in +{ + options = { + personal = { + services = { + gallery = { + enable = mkEnableOption "Gallery"; + }; + }; + }; + }; + + config = mkIf cfg.enable { + system = { + activationScripts = { + makeGalleryDir = lib.stringAfter [ "var" ] '' + mkdir -p /var/lib/photoprism /var/lib/photos /var/lib/videos + ''; + }; + }; + + containers = { + gallery = { + autoStart = true; + privateNetwork = true; + ephemeral = true; + + hostAddress = hostAddress; + localAddress = containerAddress; + + bindMounts = { + "/var/lib/photoprism" = { + hostPath = "/var/lib/photoprism"; + isReadOnly = false; + }; + "/var/lib/originals/photos" = { + hostPath = "/var/lib/photos"; + isReadOnly = false; + }; + "/var/lib/originals/videos" = { + hostPath = "/var/lib/videos"; + isReadOnly = false; + }; + + "${config.age.secrets."services/gallery/password".path}" = { + isReadOnly = true; + }; + }; + + config = { config, pkgs, ... }: { + system = { + stateVersion = "23.11"; + }; + + imports = [ + ./networking.nix + ./tmpfiles.nix + ./photoprism.nix + ]; + }; + }; + }; + + personal = { + services = { + webserver = { + enable = true; + + hosts = [ + { + domain = "gallery.boerger.ws"; + proxy = "http://${containerAddress}:2342"; + } + ]; + }; + }; + }; + + age.secrets."services/gallery/password" = { + file = ../../../secrets/services/gallery/password.age; + }; + }; +} diff --git a/shared/services/gallery/networking.nix b/shared/services/gallery/networking.nix new file mode 100644 index 0000000..a7e196d --- /dev/null +++ b/shared/services/gallery/networking.nix @@ -0,0 +1,21 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + networking = { + useHostResolvConf = mkForce false; + + firewall = { + enable = true; + allowedTCPPorts = [ + 2342 + ]; + }; + }; + + services = { + resolved = { + enable = true; + }; + }; +} diff --git a/shared/services/gallery/photoprism.nix b/shared/services/gallery/photoprism.nix new file mode 100644 index 0000000..17ac771 --- /dev/null +++ b/shared/services/gallery/photoprism.nix @@ -0,0 +1,54 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + services = { + photoprism = { + enable = true; + address = "0.0.0.0"; + storagePath = "/var/lib/photoprism"; + originalsPath = "/var/lib/originals"; + + passwordFile = "/run/agenix/services/gallery/password"; + + settings = { + PHOTOPRISM_ADMIN_USER = "devops"; + + PHOTOPRISM_SITE_URL = "https://gallery.boerger.ws"; + PHOTOPRISM_SITE_AUTHOR = "Thomas Boerger"; + PHOTOPRISM_SITE_TITLE = "Boergers"; + PHOTOPRISM_SITE_CAPTION = "Everything totally uncensored"; + PHOTOPRISM_SITE_DESCRIPTION = "Family photos and videos of the Boergers"; + + PHOTOPRISM_WORKERS = "4"; + PHOTOPRISM_EXPERIMENTAL = "true"; + PHOTOPRISM_DETECT_NSFW = "false"; + PHOTOPRISM_UPLOAD_NSFW = "true"; + }; + }; + }; + + systemd = { + services = { + photoprism = { + serviceConfig = { + DynamicUser = mkForce false; + }; + }; + }; + }; + + users = { + users = { + photoprism = { + home = "/var/lib/photoprism"; + group = "photoprism"; + isSystemUser = true; + }; + }; + + groups = { + photoprism = { }; + }; + }; +} diff --git a/shared/services/gallery/tmpfiles.nix b/shared/services/gallery/tmpfiles.nix new file mode 100644 index 0000000..3ed0fdd --- /dev/null +++ b/shared/services/gallery/tmpfiles.nix @@ -0,0 +1,13 @@ +{ pkgs, config, lib, ... }: +with lib; + +{ + systemd = { + tmpfiles = { + rules = [ + "d /var/lib/photoprism 0700 photoprism photoprism" + "d /var/lib/originals 0700 photoprism photoprism" + ]; + }; + }; +} diff --git a/shared/services/haveged.nix b/shared/services/haveged.nix deleted file mode 100644 index 323ef94..0000000 --- a/shared/services/haveged.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.personal.services.haveged; - -in -{ - options = { - personal = { - services = { - haveged = { - enable = mkEnableOption "Haveged" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - haveged = { - enable = true; - }; - }; - }; -} diff --git a/shared/services/libvirt.nix b/shared/services/libvirt.nix index 22565ef..447f287 100644 --- a/shared/services/libvirt.nix +++ b/shared/services/libvirt.nix @@ -17,6 +17,15 @@ in }; config = mkIf cfg.enable { + environment = { + systemPackages = with pkgs; [ + cdrkit + cloud-utils + guestfs-tools + virt-viewer + ]; + }; + virtualisation = { libvirtd = { enable = true; diff --git a/shared/services/media.nix b/shared/services/media.nix deleted file mode 100644 index 001921e..0000000 --- a/shared/services/media.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ pkgs, lib, config, options, fetchurl, ... }: -with lib; - -let - cfg = config.personal.services.media; - -in -{ - options = { - personal = { - services = { - media = { - enable = mkEnableOption "Media"; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - - # TDB - - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; - - useACMEHost = "boerger.ws"; - forceSSL = true; - }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; - }; - }; - in - { - "sabnzbd.boerger.ws" = proxy 2342; - "jellyfin.boerger.ws" = proxy 2342; - "request.boerger.ws" = proxy 2342; - "sonarr.boerger.ws" = proxy 2342; - "radarr.boerger.ws" = proxy 2342; - "prowlarr.boerger.ws" = proxy 2342; - "lidarr.boerger.ws" = proxy 2342; - "bazarr.boerger.ws" = proxy 2342; - "music.boerger.ws" = proxy 2342; - }; - }; - }; - - personal = { - services = { - acme = { - enable = true; - }; - - webserver = { - enable = true; - }; - }; - }; - }; -} diff --git a/shared/services/minecraft.nix b/shared/services/minecraft.nix index 2115878..fd20876 100644 --- a/shared/services/minecraft.nix +++ b/shared/services/minecraft.nix @@ -10,47 +10,60 @@ in personal = { services = { minecraft = { - enable = mkEnableOption "Media"; + enable = mkEnableOption "Minecraft"; }; }; }; }; config = mkIf cfg.enable { - services = { + networking = { + firewall = { + allowedTCPPorts = [ 25565 ]; + }; + }; - # TDB + virtualisation = { + oci-containers = { + containers = { + minecraft-boergers = { + hostname = "minecraft"; + image = "ghcr.io/crafthippie/boergers:1.1.2"; + autoStart = true; + workdir = "/var/lib/minecraft/boergers"; - nginx = { - virtualHosts = - let - base = locations: { - inherit locations; - - useACMEHost = "boerger.ws"; - forceSSL = true; + environment = { + MINECRAFT_DIFFICULTY = "1"; + MINECRAFT_MAX_PLAYERS = "20"; + MINECRAFT_MAXHEAP = "4096M"; + MINECRAFT_MOTD = "Welcome to the Boergers"; + MINECRAFT_WHITE_LIST = "true"; }; - proxy = port: base { - "/" = { - proxyPass = "http://127.0.0.1:" + toString (port) + "/"; - proxyWebsockets = true; - }; - }; - in - { - "minecraft.boerger.ws" = proxy 2342; + + ports = [ + "25565:25565" + "127.0.0.1:8123:8123" + ]; + + volumes = [ + "/var/lib/minecraft/boergers:/var/lib/minecraft" + ]; }; + }; }; }; personal = { services = { - acme = { - enable = true; - }; - webserver = { enable = true; + + hosts = [ + { + domain = "minecraft.boerger.ws"; + proxy = "http://localhost:8123"; + } + ]; }; }; }; diff --git a/shared/services/shares.nix b/shared/services/shares.nix index 461d719..fd2fb97 100644 --- a/shared/services/shares.nix +++ b/shared/services/shares.nix @@ -26,7 +26,7 @@ in isSystemUser = true; group = "media"; home = "/var/lib/media"; - hashedPasswordFile = config.age.secrets."services/shares/media".path; + hashedPasswordFile = config.age.secrets."users/media/password".path; }; printer = { uid = 20001; @@ -35,7 +35,7 @@ in isSystemUser = true; group = "printer"; home = "/var/lib/printer"; - hashedPasswordFile = config.age.secrets."services/shares/printer".path; + hashedPasswordFile = config.age.secrets."users/printer/password".path; }; }; @@ -130,12 +130,12 @@ in }; }; - age.secrets."services/shares/printer" = { - file = ../../secrets/services/shares/printer.age; + age.secrets."users/media/password" = { + file = ../../secrets/users/media/password.age; }; - age.secrets."services/shares/media" = { - file = ../../secrets/services/shares/media.age; + age.secrets."users/printer/password" = { + file = ../../secrets/users/printer/password.age; }; }; } diff --git a/shared/services/timesyncd.nix b/shared/services/timesyncd.nix deleted file mode 100644 index a0d5780..0000000 --- a/shared/services/timesyncd.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ pkgs, lib, config, options, ... }: -with lib; - -let - cfg = config.personal.services.timesyncd; - -in -{ - options = { - personal = { - services = { - timesyncd = { - enable = mkEnableOption "Timesyncd" // { - default = true; - }; - }; - }; - }; - }; - - config = mkIf cfg.enable { - services = { - timesyncd = { - enable = true; - }; - }; - }; -} diff --git a/shared/services/webserver.nix b/shared/services/webserver.nix index 23c2637..2559428 100644 --- a/shared/services/webserver.nix +++ b/shared/services/webserver.nix @@ -66,6 +66,10 @@ in }; config = mkIf cfg.enable { + networking.firewall = { + allowedTCPPorts = [ 80 443 ]; + }; + services = { nginx = { enable = true; @@ -119,8 +123,12 @@ in }; }; - networking.firewall = { - allowedTCPPorts = [ 80 443 ]; + personal = { + services = { + acme = { + enable = true; + }; + }; }; }; }