1
0
mirror of https://github.com/tboerger/nixos-config synced 2024-11-26 07:43:45 +01:00

chore: another big restructure

This commit is contained in:
Thomas Boerger 2022-11-10 16:01:39 +01:00
parent 46505832cd
commit da814f3a98
No known key found for this signature in database
GPG Key ID: 09745AFF9D63C79B
41 changed files with 771 additions and 975 deletions

@ -20,7 +20,7 @@ bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/ma
mkdir -p /mnt/etc/ssh
cp /etc/ssh/ssh_host_* /mnt/etc/ssh/
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum-bootstrap
nixos-install --no-root-password --root /mnt --flake github:tboerger/nixos-config#chnum
```
### Updates

@ -80,11 +80,11 @@
},
"hardware": {
"locked": {
"lastModified": 1665987993,
"narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=",
"lastModified": 1667768008,
"narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "0e6593630071440eb89cd97a52921497482b22c6",
"rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34",
"type": "github"
},
"original": {
@ -101,11 +101,11 @@
"utils": "utils_2"
},
"locked": {
"lastModified": 1666649150,
"narHash": "sha256-kINnLxC0KFalUk4tVO/H5hUU7FVAOYYcUSWrsBpnl+I=",
"lastModified": 1667708081,
"narHash": "sha256-FChEy05x4ed/pttjfTeKxjPCnHknMYrUtDyBiYbreT4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7dc4e4ebd71280842b4d30975439980baaac9db8",
"rev": "1ef0da321217c6c19b7a30509631c080a19321e5",
"type": "github"
},
"original": {
@ -116,11 +116,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1666539104,
"narHash": "sha256-jeuC+d375wHHxMOFLgu7etseCQVJuPNKoEc9X9CsErg=",
"lastModified": 1667629849,
"narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0e6df35f39651504249a05191f9a78d251707e22",
"rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"type": "github"
},
"original": {
@ -132,11 +132,11 @@
},
"nur": {
"locked": {
"lastModified": 1666676809,
"narHash": "sha256-oZ4ECJ7N+RRM/WZ4v5HlHpU2wXpLAFbHrTX3Xb0eRCM=",
"lastModified": 1668038359,
"narHash": "sha256-xsEG4/ZoUpG7VWymXgRD2MAN0nkKneeD84f4RUpsNic=",
"owner": "nix-community",
"repo": "NUR",
"rev": "f87ab9ff2ea215252532c9e7cf194c56fd8d6c38",
"rev": "71dadb246555d9acab72a953cdb051dcbd926464",
"type": "github"
},
"original": {
@ -174,11 +174,11 @@
},
"utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
@ -189,11 +189,11 @@
},
"utils_3": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {

@ -16,7 +16,7 @@
docker = {
enable = config.personal.services.enable;
};
samba = {
shares = {
enable = config.personal.services.enable;
};
tailscale = {

@ -29,7 +29,7 @@
];
};
fileSystems."/var/lib/media/shares" = {
fileSystems."/var/lib/shares" = {
device = "/dev/disk/by-label/shares";
fsType = "ext4";
options = [
@ -37,7 +37,12 @@
];
};
fileSystems."/var/lib/media/photos" = {
fileSystems."/exports/shares" = {
device = "/var/lib/shares";
options = [ "bind" ];
};
fileSystems."/var/lib/photos" = {
device = "/dev/disk/by-label/photos";
fsType = "ext4";
options = [
@ -45,7 +50,12 @@
];
};
fileSystems."/var/lib/media/videos" = {
fileSystems."/exports/photos" = {
device = "/var/lib/photos";
options = [ "bind" ];
};
fileSystems."/var/lib/videos" = {
device = "/dev/disk/by-label/videos";
fsType = "ext4";
options = [
@ -53,7 +63,12 @@
];
};
fileSystems."/var/lib/media/movies" = {
fileSystems."/exports/videos" = {
device = "/var/lib/videos";
options = [ "bind" ];
};
fileSystems."/var/lib/movies" = {
device = "/dev/disk/by-label/movies";
fsType = "ext4";
options = [
@ -61,7 +76,12 @@
];
};
fileSystems."/var/lib/media/shows" = {
fileSystems."/exports/movies" = {
device = "/var/lib/movies";
options = [ "bind" ];
};
fileSystems."/var/lib/shows" = {
device = "/dev/disk/by-label/shows";
fsType = "ext4";
options = [
@ -69,7 +89,12 @@
];
};
fileSystems."/var/lib/media/books" = {
fileSystems."/exports/shows" = {
device = "/var/lib/shows";
options = [ "bind" ];
};
fileSystems."/var/lib/books" = {
device = "/dev/disk/by-label/books";
fsType = "ext4";
options = [
@ -77,7 +102,12 @@
];
};
fileSystems."/var/lib/media/music" = {
fileSystems."/exports/books" = {
device = "/var/lib/books";
options = [ "bind" ];
};
fileSystems."/var/lib/music" = {
device = "/dev/disk/by-label/music";
fsType = "ext4";
options = [
@ -85,6 +115,11 @@
];
};
fileSystems."/exports/music" = {
device = "/var/lib/music";
options = [ "bind" ];
};
fileSystems."/var/lib/printer" = {
device = "/dev/disk/by-label/printer";
fsType = "ext4";
@ -93,6 +128,11 @@
];
};
fileSystems."/exports/printer" = {
device = "/var/lib/printer";
options = [ "bind" ];
};
fileSystems."/var/lib/backup" = {
device = "/dev/disk/by-label/backup";
fsType = "ext4";

@ -22,9 +22,15 @@
docker = {
enable = config.personal.services.enable;
};
hacking = {
enable = config.personal.services.enable;
};
libvirt = {
enable = config.personal.services.enable;
};
tailscale = {
enable = config.personal.services.enable;
};
};
};

@ -1,32 +1,24 @@
{ config, lib, pkgs, ... }:
{
boot = {
initrd = {
luks = {
devices = {
luks = {
name = "luks";
device = "/dev/disk/by-partlabel/data";
preLVM = true;
allowDiscards = true;
};
};
};
};
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
fileSystems."/" = {
device = "/dev/disk/by-label/root";
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/nix";
fsType = "ext4";
options = [
"noatime"
"discard"
];
};
@ -36,12 +28,12 @@
fsType = "ext4";
options = [
"noatime"
"nodiratime"
"discard"
];
};
swapDevices = [{
device = "/dev/disk/by-label/swap";
}];
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
}

@ -21,4 +21,10 @@
};
};
};
environment = {
systemPackages = with pkgs; [
intel-gpu-tools
];
};
}

@ -17,6 +17,7 @@ with lib;
jq
lsof
minio-client
nix-index
nmap
p7zip
pciutils

@ -1,310 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.unpackerr;
mkStarrOptions = { name, url }: {
url = mkOption {
type = types.str;
default = "";
example = "${url}";
description = ''
The URL to access ${name}
'';
};
apiKey = mkOption {
type = types.str;
default = "";
description = ''
The API key for accessing ${name}
'';
};
paths = mkOption {
type = types.str;
default = "";
example = "/downloads,/moreDownloads";
description = ''
List of paths where content is downloaded for ${name}
'';
};
protocols = mkOption {
type = types.str;
default = "torrent";
example = "torrent,usenet";
description = ''
Protocols to process
'';
};
timeout = mkOption {
type = types.str;
default = "10s";
description = ''
How long to wait for ${name} to respond
'';
};
deleteOrginal = mkOption {
type = types.bool;
default = false;
description = ''
Delete archives after import?
Recommend not setting this to true
'';
};
deleteDelay = mkOption {
type = types.str;
default = "5m";
description = ''
Extracts are deleted this long after import. `-1` to disable.
'';
};
};
in
{
options.services.unpackerr = {
enable = mkEnableOption "unpackerr";
user = mkOption {
default = "unpackerr";
type = types.str;
description = ''
User account under which unpackerr runs.
'';
};
group = mkOption {
type = types.str;
default = "unpackerr";
description = ''
Group under which unpackerr runs.
'';
};
package = mkOption {
type = types.package;
default = pkgs.unpackerr;
defaultText = "pkgs.unpackerr";
description = ''
The unpackerr package to use.
'';
};
debug = mkOption {
type = types.bool;
default = false;
description = ''
Turns on more logs.
'';
};
interval = mkOption {
type = types.str;
default = "2m";
description = ''
How often apps are polled, recommended 1m to 5m
'';
};
startDelay = mkOption {
type = types.str;
default = "1m";
description = ''
Files are queued at least this long before extraction
'';
};
retryDelay = mkOption {
type = types.str;
default = "5m";
description = ''
Failed extractions are retried after at least this long
'';
};
maxRetries = mkOption {
type = types.int;
default = 3;
description = ''
Times to retry failed extractions. `0` = unlimited.
'';
};
parallel = mkOption {
type = types.int;
default = 1;
description = ''
Concurrent extractions, 1 is recommended.
'';
};
fileMode = mkOption {
type = types.str;
default = "0644";
description = ''
Extracted files are written with this mode
'';
};
dirMode = mkOption {
type = types.str;
default = "0755";
description = ''
Extracted folders are written with this mode
'';
};
sonarr = mkStarrOptions { name = "Sonarr"; url = "http://localhost:8989"; };
radarr = mkStarrOptions { name = "Radarr"; url = "http://localhost:7878"; };
lidarr = mkStarrOptions { name = "Lidarr"; url = "http://localhost:8686"; };
readarr = mkStarrOptions { name = "Readarr"; url = "http://localhost:8787"; };
folder = {
path = mkOption {
type = types.str;
default = "";
description = ''
folder path, not for Starr apps.
'';
};
extractPath = mkOption {
type = types.str;
default = "";
description = ''
Where to extract to, Defaults to <option>services.unpackerr.folder.path</option>.
'';
};
deleteAfter = mkOption {
type = types.str;
default = "";
example = "10m";
description = ''
Delete extracted files and/or archives after this duration, `0` to disable.
'';
};
deleteOrginal = mkOption {
type = types.bool;
default = false;
description = ''
Delete archives after extraction
'';
};
deleteFiles = mkOption {
type = types.bool;
default = false;
description = ''
Delete extracted files after successful extraction
'';
};
moveBack = mkOption {
type = types.bool;
default = false;
description = ''
Move extracted items back into original folder
'';
};
};
extraConfig = mkOption {
type = types.attrs;
default = { };
description = ''
Extra environment variables
'';
example = {
UN_WEBHOOK_0_URL = "http://example.com";
};
};
};
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "unpackerr") {
unpackerr = { };
};
# Create user if set to default
users.users = mkIf (cfg.user == "unpackerr") {
unpackerr = {
group = cfg.group;
shell = pkgs.bashInteractive;
createHome = false;
description = "unpackerr Daemon user";
isSystemUser = true;
};
};
# The actual service
systemd.services.unpackerr = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "unpackerr system service";
# Filter out all unset variables else unpackerr complains
environment = filterAttrs (n: v: stringLength v > 0)
{
# General options
UN_DEBUG = "${toString cfg.debug}";
UN_INTERVAL = "${cfg.interval}";
UN_START_DELAY = "${cfg.startDelay}";
UN_RETRY_DELAY = "${cfg.retryDelay}";
UN_MAX_RETRIES = "${toString cfg.maxRetries}";
UN_PARALLEL = "${toString cfg.parallel}";
UN_FILE_MODE = "${cfg.fileMode}";
UN_DIR_MODE = "${cfg.dirMode}";
# Sonarr
UN_SONARR_0_URL = "${cfg.sonarr.url}";
UN_SONARR_0_API_KEY = "${cfg.sonarr.apiKey}";
UN_SONARR_0_PATHS_0 = "${cfg.sonarr.paths}";
UN_SONARR_0_PROTOCOLS = "${cfg.sonarr.protocols}";
UN_SONARR_0_TIMEOUT = "${cfg.sonarr.timeout}";
UN_SONARR_0_DELETE_ORIG = "${toString cfg.sonarr.deleteOrginal}";
UN_SONARR_0_DELETE_DELAY = "${cfg.sonarr.deleteDelay}";
# Radarr
UN_RADARR_0_URL = "${cfg.radarr.url}";
UN_RADARR_0_API_KEY = "${cfg.radarr.apiKey}";
UN_RADARR_0_PATHS_0 = "${cfg.radarr.paths}";
UN_RADARR_0_PROTOCOLS = "${cfg.radarr.protocols}";
UN_RADARR_0_TIMEOUT = "${cfg.radarr.timeout}";
UN_RADARR_0_DELETE_ORIG = "${toString cfg.radarr.deleteOrginal}";
UN_RADARR_0_DELETE_DELAY = "${cfg.radarr.deleteDelay}";
# Lidarr
UN_LIDARR_0_URL = "${cfg.lidarr.url}";
UN_LIDARR_0_API_KEY = "${cfg.lidarr.apiKey}";
UN_LIDARR_0_PATHS_0 = "${cfg.lidarr.paths}";
UN_LIDARR_0_PROTOCOLS = "${cfg.lidarr.protocols}";
UN_LIDARR_0_TIMEOUT = "${cfg.lidarr.timeout}";
UN_LIDARR_0_DELETE_ORIG = "${toString cfg.lidarr.deleteOrginal}";
UN_LIDARR_0_DELETE_DELAY = "${cfg.lidarr.deleteDelay}";
# Readarr
UN_READARR_0_URL = "${cfg.readarr.url}";
UN_READARR_0_API_KEY = "${cfg.readarr.apiKey}";
UN_READARR_0_PATHS_0 = "${cfg.readarr.paths}";
UN_READARR_0_PROTOCOLS = "${cfg.readarr.protocols}";
UN_READARR_0_TIMEOUT = "${cfg.readarr.timeout}";
UN_READARR_0_DELETE_ORIG = "${toString cfg.readarr.deleteOrginal}";
UN_READARR_0_DELETE_DELAY = "${cfg.readarr.deleteDelay}";
# Folder
UN_FOLDER_0_PATH = "${cfg.folder.path}";
UN_FOLDER_0_EXTRACT_PATH = "${cfg.folder.extractPath}";
UN_FOLDER_0_DELETE_AFTER = "${cfg.folder.deleteAfter}";
UN_FOLDER_0_DELETE_ORIGINAL = "${toString cfg.folder.deleteOrginal}";
UN_FOLDER_0_DELETE_FILES = "${toString cfg.folder.deleteFiles}";
UN_FOLDER_0_MOVE_BACK = "${toString cfg.folder.moveBack}";
} // cfg.extraConfig;
serviceConfig = {
User = cfg.user;
Group = cfg.group;
Type = "simple";
Restart = "on-failure";
ExecStart = "${cfg.package}/bin/unpackerr";
};
};
};
}

@ -9,13 +9,14 @@ with lib;
./coredns.nix
./desktop.nix
./docker.nix
./hacking.nix
./hass.nix
./haveged.nix
./libvirt.nix
./media.nix
./nixbuild.nix
./openssh.nix
./samba.nix
./shares.nix
./tailscale.nix
./timesyncd.nix
./webserver.nix

@ -146,24 +146,15 @@ in
};
};
desktopManager = {
xterm = {
enable = false;
};
};
displayManager = {
defaultSession = "none+i3";
lightdm = {
gdm = {
enable = true;
};
};
windowManager = {
i3 = {
desktopManager = {
gnome = {
enable = true;
package = pkgs.i3-gaps;
};
};
};

@ -0,0 +1,35 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.personal.services.hacking;
in
{
options = {
personal = {
services = {
hacking = {
enable = mkEnableOption "Hacking";
};
};
};
};
config = mkIf cfg.enable {
environment = {
systemPackages = with pkgs; [
burpsuite
chisel
chkrootkit
john
lynis
metasploit
nikto
nmap
thc-hydra
wireshark
];
};
};
}

@ -17,6 +17,12 @@ in
};
config = mkIf cfg.enable {
environment = {
systemPackages = with pkgs; [
nur.repos.tboerger.jellyseerr
];
};
users = {
users = {
media = {
@ -122,53 +128,37 @@ in
package = pkgs.prowlarr;
};
# unpackerr = {
# enable = true;
# user = "media";
# group = "media";
# # package = pkgs.unpackerr;
# };
nginx = {
virtualHosts = let
base = locations: {
inherit locations;
useACMEHost = "boerger.ws";
forceSSL = true;
};
proxy = port: base {
"/" = {
proxyPass = "http://127.0.0.1:" + toString(port) + "/";
proxyWebsockets = true;
};
};
in {
"nzbget.boerger.ws" = proxy 6789;
"jellyfin.boerger.ws" = proxy 8096;
"radarr.boerger.ws" = proxy 7878;
"sonarr.boerger.ws" = proxy 8989;
"lidarr.boerger.ws" = proxy 8686;
"readarr.boerger.ws" = proxy 8787;
"bazarr.boerger.ws" = proxy 6767;
"prowlarr.boerger.ws" = proxy 9696;
};
};
};
personal = {
services = {
webserver = {
enable = true;
hosts = [
{
domain = "nzbget.boerger.ws";
proxy = "http://localhost:6789";
}
{
domain = "jellyfin.boerger.ws";
proxy = "http://localhost:8096";
}
{
domain = "radarr.boerger.ws";
proxy = "http://localhost:7878";
}
{
domain = "sonarr.boerger.ws";
proxy = "http://localhost:8989";
}
{
domain = "lidarr.boerger.ws";
proxy = "http://localhost:8686";
}
{
domain = "readarr.boerger.ws";
proxy = "http://localhost:8787";
}
{
domain = "bazarr.boerger.ws";
proxy = "http://localhost:6767";
}
{
domain = "prowlarr.boerger.ws";
proxy = "http://localhost:9696";
}
];
};
};
};

@ -2,15 +2,15 @@
with lib;
let
cfg = config.personal.services.samba;
cfg = config.personal.services.shares;
in
{
options = {
personal = {
services = {
samba = {
enable = mkEnableOption "Samba";
shares = {
enable = mkEnableOption "Shares";
};
};
};
@ -52,6 +52,7 @@ in
networking = {
firewall = {
allowedTCPPorts = [
2049
5357
];
@ -62,8 +63,22 @@ in
};
services = {
samba-wsdd = {
nfs = {
server = {
enable = true;
exports = ''
/exports 192.168.1.0/255.255.255.0(rw,fsid=0,no_subtree_check)
/exports/shares 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/photos 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/videos 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/movies 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/shows 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/books 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/music 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
/exports/printer 192.168.1.0/255.255.255.0(rw,nohide,insecure,no_subtree_check)
'';
};
};
samba = {
@ -83,7 +98,7 @@ in
shares = {
shares = {
comment = "General shares";
path = "/var/lib/media/shares";
path = "/var/lib/shares";
"browseable" = "yes";
"read only" = "no";
@ -95,7 +110,7 @@ in
photos = {
comment = "Shared photos";
path = "/var/lib/media/photos";
path = "/var/lib/photos";
"browseable" = "yes";
"read only" = "no";
@ -107,7 +122,7 @@ in
videos = {
comment = "Shared videos";
path = "/var/lib/media/videos";
path = "/var/lib/videos";
"browseable" = "yes";
"read only" = "no";
@ -119,7 +134,7 @@ in
movies = {
comment = "Shared movies";
path = "/var/lib/media/movies";
path = "/var/lib/movies";
"browseable" = "no";
"read only" = "no";
@ -132,7 +147,7 @@ in
shows = {
comment = "Shared shows";
path = "/var/lib/media/shows";
path = "/var/lib/shows";
"browseable" = "no";
"read only" = "no";
@ -145,7 +160,7 @@ in
books = {
comment = "Shared books";
path = "/var/lib/media/books";
path = "/var/lib/books";
"browseable" = "no";
"read only" = "no";
@ -158,7 +173,7 @@ in
music = {
comment = "Shared music";
path = "/var/lib/media/music";
path = "/var/lib/music";
"browseable" = "no";
"read only" = "no";
@ -192,6 +207,10 @@ in
};
};
};
samba-wsdd = {
enable = true;
};
};
age.secrets."users/printer/password" = {

@ -1,23 +1,19 @@
{ config, lib, pkgs, ... }:
let
cifsServer = "//192.168.1.10";
cifsOptions = [
nfsOptions = [
"x-systemd.automount"
"noauto"
"x-systemd.idle-timeout=60"
"x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s"
"credentials=${config.age.secrets."users/media/smbpasswd".path}"
"uid=${toString config.users.users.media.uid}"
"gid=${toString config.users.groups.media.gid}"
"nfsvers=4.2"
];
in
{
environment = {
systemPackages = with pkgs; [
cifs-utils
nfs-utils
];
};
@ -157,30 +153,26 @@ in
};
fileSystems."/var/lib/movies" = {
device = "${cifsServer}/movies";
fsType = "cifs";
options = cifsOptions;
device = "192.168.1.10:/movies";
fsType = "nfs";
options = nfsOptions;
};
fileSystems."/var/lib/shows" = {
device = "${cifsServer}/shows";
fsType = "cifs";
options = cifsOptions;
device = "192.168.1.10:/shows";
fsType = "nfs";
options = nfsOptions;
};
fileSystems."/var/lib/books" = {
device = "${cifsServer}/books";
fsType = "cifs";
options = cifsOptions;
device = "192.168.1.10:/books";
fsType = "nfs";
options = nfsOptions;
};
fileSystems."/var/lib/music" = {
device = "${cifsServer}/music";
fsType = "cifs";
options = cifsOptions;
};
age.secrets."users/media/smbpasswd" = {
file = ../../secrets/users/media/smbpasswd.age;
device = "192.168.1.10:/music";
fsType = "nfs";
options = nfsOptions;
};
}

@ -18,7 +18,7 @@
environment = {
systemPackages = with pkgs; [
intel-media-driver
intel-gpu-tools
];
};
}

@ -23,7 +23,7 @@ in
username = username;
desktop = {
i3 = {
gnome = {
enable = desktop;
};
};
@ -126,9 +126,6 @@ in
autorandr = {
enable = desktop;
};
rofi = {
enable = desktop;
};
ssh = {
enable = desktop;
};
@ -159,13 +156,6 @@ in
udiskie = {
enable = desktop;
};
# dunst = {
# enable = desktop;
# };
polybar = {
enable = desktop;
};
};
};

@ -2,6 +2,7 @@
{
imports = [
./gnome.nix
./i3.nix
];

@ -0,0 +1,91 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.profile.desktop.gnome;
in
{
options = {
profile = {
desktop = {
gnome = {
enable = mkEnableOption "Gnome";
};
};
};
};
config = mkIf cfg.enable {
services = {
udev = {
packages = with pkgs; [
gnome.gnome-settings-daemon
];
};
xserver = {
displayManager = {
gdm = {
enable = true;
};
};
desktopManager = {
gnome = {
enable = true;
};
};
};
gnome = {
evolution-data-server = {
enable = true;
};
gnome-online-accounts = {
enable = true;
};
gnome-keyring = {
enable = true;
};
};
};
environment = {
systemPackages = with pkgs; [
gnome.adwaita-icon-theme
gnome.gnome-tweaks
gnomeExtensions.calc
gnomeExtensions.clipman
gnomeExtensions.ddterm
gnomeExtensions.docker
gnomeExtensions.gsnap
gnomeExtensions.gtile
gnomeExtensions.keyman
gnomeExtensions.vitals
gnomeExtensions.weather
gnomeExtensions.zilence
];
gnome = {
excludePackages = with pkgs; [
gnome-tour
gnome.atomix
gnome.cheese
gnome.epiphany
gnome.geary
gnome.gnome-music
gnome.gnome-terminal
gnome.hitori
gnome.iagno
gnome.tali
]
};
};
};
}

@ -92,6 +92,17 @@ in
};
config = mkIf cfg.enable {
services = {
xserver = {
windowManager = {
i3 = {
enable = true;
package = pkgs.i3-gaps;
};
};
};
};
home-manager.users."${config.profile.username}" = { config, ... }: {
home = {
packages = with pkgs; [
@ -107,7 +118,306 @@ in
];
};
programs = {
rofi = {
enable = true;
font = "DejaVu Sans Mono 14";
terminal = "alacritty";
theme = "solarized";
plugins = with pkgs; [
rofi-calc
rofi-file-browser
rofi-mpd
rofi-power-menu
rofi-pulse-select
rofi-systemd
rofi-vpn
];
extraConfig = {
modi = "window,drun,ssh";
};
};
};
services = {
dunst = {
enable = true;
iconTheme = {
name = "Numix";
package = pkgs.numix-icon-theme;
size = "64x64";
};
settings = {
global = {
font = "DejaVu Sans Mono 14";
frame_color = "#93a1a1";
separator_color = "#93a1a1";
};
urgency_normal = {
msg_urgency = "normal";
background = "#586e75";
foreground = "#93a1a1";
};
urgency_critical = {
msg_urgency = "critical";
background = "#dc322f";
foreground = "#eee8d5";
};
urgency_low = {
msg_urgency = "low";
background = "#073642";
foreground = "#657b83";
};
};
};
polybar = {
enable = true;
script = "polybar general &";
package = pkgs.polybar.override {
i3Support = true;
mpdSupport = true;
iwSupport = true;
pulseSupport = true;
githubSupport = true;
};
settings =
let
icons = {
powerOff = "";
xmark = "";
microchip = "";
memory = "";
batteryBolt = "";
batteryHalf = "";
batteryFull = "";
batteryExclamation = "";
volumeHigh = "";
volumeSlash = "";
wifi = "";
wifiSlash = "";
ethernet = "";
calendar = "";
clock = "";
terminal = "";
code = "";
chrome = "";
envelope = "";
music = "";
comment = "";
question = "?";
};
fonts = {
font-0 = "DejaVu Sans Mono:size=14:style=Regular;0";
font-1 = "Font Awesome 6 Free Solid:size=12:style=Solid;-1";
font-2 = "FontAwesome:size=12:style=Regular;-2";
};
in
{
"colors" = {
background = "#002b36";
background-alt = "#073642";
foreground = "#93a1a1";
foreground-alt = "#eee8d5";
primary = "#ffb52a";
secondary = "#e60053";
alert = "#bd2c40";
red = "#dc322f";
};
"bar/general" = fonts // {
width = "100%";
height = 43;
radius = 0;
fixed-center = true;
background = "\${colors.background}";
foreground = "\${colors.foreground}";
line-size = 3;
line-color = "#f00";
border-size = 5;
border-color = "#000000";
padding-left = 0;
padding-right = 2;
module-margin-left = 2;
module-margin-right = 2;
modules-left = "i3";
modules-center = "";
modules-right = "cpu memory volume wireless wired battery date";
tray-position = "right";
tray-padding = 2;
tray-background = "#0063ff";
wm-restack = "i3";
scroll-up = "i3wm-wsnext";
scroll-down = "i3wm-wsprev";
};
"module/i3" = {
type = "internal/i3";
strip-wsnumbers = true;
ws-icon-0 = "1;${icons.terminal}";
ws-icon-1 = "2;${icons.code}";
ws-icon-2 = "3;${icons.chrome}";
ws-icon-3 = "4;${icons.envelope}";
ws-icon-4 = "5;${icons.music}";
ws-icon-5 = "6;${icons.comment}";
ws-icon-6 = "7:${icons.question}";
ws-icon-7 = "8:${icons.question}";
ws-icon-8 = "9:${icons.question}";
ws-icon-default = "${icons.question}";
label-mode = "%mode%";
label-mode-padding = 2;
label-mode-underline = "\${colors.foreground}";
# label-mode-background = "#e60053";
label-focused = "%icon%";
label-focused-padding = 4;
label-focused-underline = "\${colors.foreground}";
# label-focused-foreground = "#ffffff";
# label-focused-background = "#3f3f3f";
label-unfocused = "%icon%";
label-unfocused-padding = 4;
label-unfocused-underline = "\${colors.foreground}";
label-visible = "%icon%";
label-visible-padding = 4;
label-visible-underline = "\${colors.foreground}";
label-urgent = "%icon%";
label-urgent-padding = 4;
label-urgent-underline = "\${colors.foreground}";
# label-urgent-foreground = "#000000";
# label-urgent-background = "#bd2c40";
label-separator = "";
label-separator-padding = 0;
label-separator-underline = "\${colors.foreground}";
# label-separator-foreground = "#ffb52a";
};
"module/cpu" = {
type = "internal/cpu";
format = "${icons.microchip} <label>";
format-underline = "\${colors.foreground}";
label = "%percentage%%";
label-warn = "%percentage%%";
};
"module/memory" = {
type = "internal/memory";
format = "${icons.memory} <label>";
format-underline = "\${colors.foreground}";
label = "%percentage_used%%";
label-warn = "%percentage_used%%";
};
"module/volume" = {
type = "internal/pulseaudio";
use-ui-max = true;
format-volume = "${icons.volumeHigh} <label-volume>";
format-volume-underline = "\${colors.foreground}";
label-volume = "%percentage%%";
format-muted = "${icons.volumeHigh} <label-muted>";
format-muted-underline = "\${colors.secondary}";
label-muted = "%percentage%%";
};
"module/wireless" = {
type = "internal/network";
interface = "wlp2s0";
interface-type = "wireless";
format-connected = "${icons.wifi} <label-connected>";
format-connected-underline = "\${colors.foreground}";
label-connected = "%signal%%";
format-disconnected = "${icons.wifiSlash} <label-disconnected>";
format-disconnected-underline = "\${colors.secondary}";
label-disconnected = "N/A";
};
"module/wired" = {
type = "internal/network";
interface = "enp0s25";
interface-type = "wired";
format-connected = "${icons.ethernet} <label-connected>";
format-connected-underline = "\${colors.foreground}";
label-connected = "%ifname%";
format-disconnected = "${icons.ethernet} <label-disconnected>";
format-disconnected-underline = "\${colors.secondary}";
label-disconnected = "N/A";
};
"module/battery" = {
type = "internal/battery";
full-at = 98;
low-at = 10;
battery = "CMB1";
adapter = "ADP1";
format-full = "${icons.batteryFull} <label-full>";
format-full-underline = "\${colors.foreground}";
label-full = "%percentage%%";
format-charging = "${icons.batteryBolt} <label-charging>";
format-charging-underline = "\${colors.foreground}";
label-charging = "%percentage%%";
format-discharging = "${icons.batteryHalf} <label-discharging>";
format-discharging-underline = "\${colors.foreground}";
label-discharging = "%percentage%%";
format-low = "${icons.batteryExclamation} <label-low>";
format-low-underline = "\${colors.secondary}";
label-low = "%percentage%%";
};
"module/date" = {
type = "internal/date";
date = "";
date-alt = "${icons.calendar} %Y-%m-%d ";
time = "${icons.clock} %H:%M";
time-alt = "${icons.clock} %H:%M:%S";
format-prefix = "";
format-prefix-foreground = "\${colors.foreground-alt}";
format-underline = "\${colors.foreground}";
label = "%date%%time%";
};
};
};
gnome-keyring = {
enable = true;
};

@ -6,7 +6,6 @@
./autorandr.nix
./dircolors.nix
./git.nix
./rofi.nix
./ssh.nix
./starship.nix
./vscode.nix

@ -1,46 +0,0 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.profile.programs.rofi;
in
{
options = {
profile = {
programs = {
rofi = {
enable = mkEnableOption "Rofi";
};
};
};
};
config = mkIf cfg.enable {
home-manager.users."${config.profile.username}" = { config, ... }: {
programs = {
rofi = {
enable = true;
font = "DejaVu Sans Mono 14";
terminal = "alacritty";
theme = "solarized";
plugins = [
pkgs.rofi-calc
pkgs.rofi-file-browser
pkgs.rofi-mpd
pkgs.rofi-power-menu
pkgs.rofi-pulse-select
pkgs.rofi-systemd
pkgs.rofi-vpn
];
extraConfig = {
modi = "window,drun,ssh";
};
};
};
};
};
}

@ -2,7 +2,6 @@
{
imports = [
./dunst.nix
./polybar.nix
];
}

@ -1,60 +0,0 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.profile.services.dunst;
in
{
options = {
profile = {
services = {
dunst = {
enable = mkEnableOption "Dunst";
};
};
};
};
config = mkIf cfg.enable {
home-manager.users."${config.profile.username}" = { config, ... }: {
services = {
dunst = {
enable = true;
iconTheme = {
name = "Numix";
package = pkgs.numix-icon-theme;
size = "64x64";
};
settings = {
global = {
font = "DejaVu Sans Mono 14";
frame_color = "#93a1a1";
separator_color = "#93a1a1";
};
urgency_normal = {
msg_urgency = "normal";
background = "#586e75";
foreground = "#93a1a1";
};
urgency_critical = {
msg_urgency = "critical";
background = "#dc322f";
foreground = "#eee8d5";
};
urgency_low = {
msg_urgency = "low";
background = "#073642";
foreground = "#657b83";
};
};
};
};
};
};
}

@ -1,263 +0,0 @@
{ pkgs, lib, config, options, ... }:
with lib;
let
cfg = config.profile.services.polybar;
in
{
options = {
profile = {
services = {
polybar = {
enable = mkEnableOption "Polybar";
};
};
};
};
config = mkIf cfg.enable {
home-manager.users."${config.profile.username}" = { config, ... }: {
services = {
polybar = {
enable = true;
script = "polybar general &";
package = pkgs.polybar.override {
i3Support = true;
mpdSupport = true;
iwSupport = true;
pulseSupport = true;
githubSupport = true;
};
settings =
let
icons = {
powerOff = "";
xmark = "";
microchip = "";
memory = "";
batteryBolt = "";
batteryHalf = "";
batteryFull = "";
batteryExclamation = "";
volumeHigh = "";
volumeSlash = "";
wifi = "";
wifiSlash = "";
ethernet = "";
calendar = "";
clock = "";
terminal = "";
code = "";
chrome = "";
envelope = "";
music = "";
comment = "";
question = "?";
};
fonts = {
font-0 = "DejaVu Sans Mono:size=14:style=Regular;0";
font-1 = "Font Awesome 6 Free Solid:size=12:style=Solid;-1";
font-2 = "FontAwesome:size=12:style=Regular;-2";
};
in
{
"colors" = {
background = "#002b36";
background-alt = "#073642";
foreground = "#93a1a1";
foreground-alt = "#eee8d5";
primary = "#ffb52a";
secondary = "#e60053";
alert = "#bd2c40";
red = "#dc322f";
};
"bar/general" = fonts // {
width = "100%";
height = 43;
radius = 0;
fixed-center = true;
background = "\${colors.background}";
foreground = "\${colors.foreground}";
line-size = 3;
line-color = "#f00";
border-size = 5;
border-color = "#000000";
padding-left = 0;
padding-right = 2;
module-margin-left = 2;
module-margin-right = 2;
modules-left = "i3";
modules-center = "";
modules-right = "cpu memory volume wireless wired battery date";
tray-position = "right";
tray-padding = 2;
tray-background = "#0063ff";
wm-restack = "i3";
scroll-up = "i3wm-wsnext";
scroll-down = "i3wm-wsprev";
};
"module/i3" = {
type = "internal/i3";
strip-wsnumbers = true;
ws-icon-0 = "1;${icons.terminal}";
ws-icon-1 = "2;${icons.code}";
ws-icon-2 = "3;${icons.chrome}";
ws-icon-3 = "4;${icons.envelope}";
ws-icon-4 = "5;${icons.music}";
ws-icon-5 = "6;${icons.comment}";
ws-icon-6 = "7:${icons.question}";
ws-icon-7 = "8:${icons.question}";
ws-icon-8 = "9:${icons.question}";
ws-icon-default = "${icons.question}";
label-mode = "%mode%";
label-mode-padding = 2;
label-mode-underline = "\${colors.foreground}";
# label-mode-background = "#e60053";
label-focused = "%icon%";
label-focused-padding = 4;
label-focused-underline = "\${colors.foreground}";
# label-focused-foreground = "#ffffff";
# label-focused-background = "#3f3f3f";
label-unfocused = "%icon%";
label-unfocused-padding = 4;
label-unfocused-underline = "\${colors.foreground}";
label-visible = "%icon%";
label-visible-padding = 4;
label-visible-underline = "\${colors.foreground}";
label-urgent = "%icon%";
label-urgent-padding = 4;
label-urgent-underline = "\${colors.foreground}";
# label-urgent-foreground = "#000000";
# label-urgent-background = "#bd2c40";
label-separator = "";
label-separator-padding = 0;
label-separator-underline = "\${colors.foreground}";
# label-separator-foreground = "#ffb52a";
};
"module/cpu" = {
type = "internal/cpu";
format = "${icons.microchip} <label>";
format-underline = "\${colors.foreground}";
label = "%percentage%%";
label-warn = "%percentage%%";
};
"module/memory" = {
type = "internal/memory";
format = "${icons.memory} <label>";
format-underline = "\${colors.foreground}";
label = "%percentage_used%%";
label-warn = "%percentage_used%%";
};
"module/volume" = {
type = "internal/pulseaudio";
use-ui-max = true;
format-volume = "${icons.volumeHigh} <label-volume>";
format-volume-underline = "\${colors.foreground}";
label-volume = "%percentage%%";
format-muted = "${icons.volumeHigh} <label-muted>";
format-muted-underline = "\${colors.secondary}";
label-muted = "%percentage%%";
};
"module/wireless" = {
type = "internal/network";
interface = "wlp2s0";
interface-type = "wireless";
format-connected = "${icons.wifi} <label-connected>";
format-connected-underline = "\${colors.foreground}";
label-connected = "%signal%%";
format-disconnected = "${icons.wifiSlash} <label-disconnected>";
format-disconnected-underline = "\${colors.secondary}";
label-disconnected = "N/A";
};
"module/wired" = {
type = "internal/network";
interface = "enp0s25";
interface-type = "wired";
format-connected = "${icons.ethernet} <label-connected>";
format-connected-underline = "\${colors.foreground}";
label-connected = "%ifname%";
format-disconnected = "${icons.ethernet} <label-disconnected>";
format-disconnected-underline = "\${colors.secondary}";
label-disconnected = "N/A";
};
"module/battery" = {
type = "internal/battery";
full-at = 98;
low-at = 10;
battery = "CMB1";
adapter = "ADP1";
format-full = "${icons.batteryFull} <label-full>";
format-full-underline = "\${colors.foreground}";
label-full = "%percentage%%";
format-charging = "${icons.batteryBolt} <label-charging>";
format-charging-underline = "\${colors.foreground}";
label-charging = "%percentage%%";
format-discharging = "${icons.batteryHalf} <label-discharging>";
format-discharging-underline = "\${colors.foreground}";
label-discharging = "%percentage%%";
format-low = "${icons.batteryExclamation} <label-low>";
format-low-underline = "\${colors.secondary}";
label-low = "%percentage%%";
};
"module/date" = {
type = "internal/date";
date = "";
date-alt = "${icons.calendar} %Y-%m-%d ";
time = "${icons.clock} %H:%M";
time-alt = "${icons.clock} %H:%M:%S";
format-prefix = "";
format-prefix-foreground = "\${colors.foreground-alt}";
format-underline = "\${colors.foreground}";
label = "%date%%time%";
};
};
};
};
};
};
}

@ -113,7 +113,7 @@ mkfs.ext4 -L boot /dev/disk/by-path/pci-0000:00:14.1-ata-1-part1
echo "-----> Mount boot filesystem"
mkdir /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
mount /dev/disk/by-path/pci-0000:00:14.1-ata-1-part1 /mnt/boot
echo "-----> Wait for filesystems"
sleep 3

@ -33,26 +33,24 @@ for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d"
done
echo "----> Drop existing partitions"
sgdisk --zap-all /dev/sda
sgdisk -og /dev/sda
sgdisk --zap-all /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0
sgdisk -og /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0
echo "-----> Wait for cleanup"
sleep 3
sync
echo "-----> Mark GPT disks"
echo yes | parted -s /dev/sda -- mklabel gpt
echo "-----> Create sda partitions"
parted -a opt --script /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0 \
mklabel gpt \
mkpart primary fat32 0% 1GiB \
mkpart primary 1GiB 100% \
set 1 esp on \
name 1 boot \
set 2 lvm on \
name 2 data
echo "-----> Create boot partition"
sgdisk -n 0:0:+1G -t 0:ef00 -c 0:boot /dev/sda
echo "-----> Enable legacy boot"
sgdisk -A 1:set:2 /dev/sda
echo "-----> Create root partition"
sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/sda
echo "-----> Wait for data"
echo "-----> Wait for partitions"
sleep 3
sync
@ -63,13 +61,16 @@ echo "-----> Create data vg"
vgcreate system /dev/disk/by-partlabel/data
echo "-----> Create swap volume"
lvcreate -y --size 24G --name swap system
lvcreate -y --size $(cat /proc/meminfo | grep MemTotal | cut -d':' -f2 | sed 's/ //g') --name swap system
echo "-----> Create root volume"
lvcreate -y --size 100G --name root system
lvcreate -y --size 20G --name root system
echo "-----> Create nix volume"
lvcreate -y --size 50G --name nix system
echo "-----> Create home volume"
lvcreate -y --size 100G --name home system
lvcreate -y --size 50G --name home system
echo "-----> Enable swap partition"
mkswap -L swap /dev/system/swap
@ -81,6 +82,13 @@ mkfs.ext4 -L root /dev/system/root
echo "-----> Mount root filesystem"
mount -t ext4 /dev/system/root /mnt
echo "-----> Create nix filesystem"
mkfs.ext4 -L nix /dev/system/nix
echo "-----> Mount nix filesystem"
mkdir /mnt/nix
mount -t ext4 /dev/system/nix /mnt/nix
echo "-----> Create home filesystem"
mkfs.ext4 -L home /dev/system/home
@ -89,12 +97,8 @@ mkdir /mnt/home
mount -t ext4 /dev/system/home /mnt/home
echo "-----> Create boot filesystem"
mkfs.vfat -n boot /dev/disk/by-partlabel/boot
mkfs.vfat -F32 -n boot /dev/disk/by-partlabel/boot
echo "-----> Mount boot filesystem"
mkdir /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
echo "-----> Wait for filesystems"
sleep 3
sync

@ -33,31 +33,33 @@ for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d"
done
echo "----> Drop existing partitions"
sgdisk --zap-all /dev/sda
sgdisk -og /dev/sda
sgdisk --zap-all /dev/sdb
sgdisk -og /dev/sdb
sgdisk --zap-all /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0
sgdisk -og /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0
sgdisk --zap-all /dev/disk/by-path/pci-0000:00:1f.2-ata-2.0
sgdisk -og /dev/disk/by-path/pci-0000:00:1f.2-ata-2.0
echo "-----> Wait for cleanup"
sleep 3
sync
echo "-----> Mark GPT disks"
echo yes | parted -s /dev/sda -- mklabel gpt
echo "-----> Create sda partitions"
parted -a opt --script /dev/disk/by-path/pci-0000:00:1f.2-ata-1.0 \
mklabel gpt \
mkpart primary fat32 0% 1GiB \
mkpart primary 1GiB 100% \
set 1 esp on \
name 1 boot \
set 2 lvm on \
name 2 data
echo "-----> Create boot partition"
sgdisk -n 0:0:+1G -t 0:ef00 -c 0:boot /dev/sda
echo "-----> Create sdb partitions"
parted -a opt --script /dev/disk/by-path/pci-0000:00:1f.2-ata-2.0 \
mklabel gpt \
mkpart primary 0% 100% \
set 1 lvm on \
name 1 tank1
echo "-----> Enable legacy boot"
sgdisk -A 1:set:2 /dev/sda
echo "-----> Create root partition"
sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/sda
echo "-----> Create tank partition"
sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdb
echo "-----> Wait for data"
echo "-----> Wait for partitions"
sleep 3
sync
@ -68,10 +70,13 @@ echo "-----> Create data vg"
vgcreate system /dev/disk/by-partlabel/data
echo "-----> Create swap volume"
lvcreate -y --size 24G --name swap system
lvcreate -y --size $(cat /proc/meminfo | grep MemTotal | cut -d':' -f2 | sed 's/ //g') --name swap system
echo "-----> Create root volume"
lvcreate -y --size 50G --name root system
lvcreate -y --size 20G --name root system
echo "-----> Create nix volume"
lvcreate -y --size 50G --name nix system
echo "-----> Create home volume"
lvcreate -y --size 50G --name home system
@ -86,6 +91,13 @@ mkfs.ext4 -L root /dev/system/root
echo "-----> Mount root filesystem"
mount -t ext4 /dev/system/root /mnt
echo "-----> Create nix filesystem"
mkfs.ext4 -L nix /dev/system/nix
echo "-----> Mount nix filesystem"
mkdir /mnt/nix
mount -t ext4 /dev/system/nix /mnt/nix
echo "-----> Create home filesystem"
mkfs.ext4 -L home /dev/system/home
@ -94,21 +106,17 @@ mkdir /mnt/home
mount -t ext4 /dev/system/home /mnt/home
echo "-----> Create boot filesystem"
mkfs.vfat -n boot /dev/disk/by-partlabel/boot
mkfs.vfat -F32 -n boot /dev/disk/by-partlabel/boot
echo "-----> Mount boot filesystem"
mkdir /mnt/boot
mount /dev/disk/by-label/boot /mnt/boot
echo "-----> Wait for filesystems"
sleep 3
sync
echo "-----> Create tank pv"
pvcreate /dev/disk/by-partlabel/tank
pvcreate /dev/disk/by-partlabel/tank1
echo "-----> Create tank vg"
vgcreate tank /dev/disk/by-partlabel/tank
vgcreate tank /dev/disk/by-partlabel/tank1
echo "-----> Create downloads volume"
lvcreate -y --size 200G --name downloads tank

@ -2,14 +2,14 @@ let
thomas = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINaQYR0/Oj6k1H03kshz2J7rlGCaDSuaGPhhOs9FcZfn";
users = [ thomas ];
chnum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4dZCcl+P+RPV+dwWNu+UAIKrnkyvcLHxN6N6YtFXfh";
midgard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICGC6aSeeKiMO9y3NMxPOh2JvvGYcyS4za+0+hSqI3Bj";
asgard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2yYJUssGAmPBv5QBQJTZfwyl0HSgYMQjssG2hjk63+";
utgard = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDv7Ua1agDUdEo+0uSr99qlhFGsyte+jgf1Z3M+veuq7";
systems = [ midgard asgard utgard ];
systems = [ chnum midgard asgard utgard ];
in
{
"services/acme/credentials.age".publicKeys = users ++ systems;
"services/frpc/token.age".publicKeys = users ++ systems;
"services/mopidy/jellyfin.age".publicKeys = users ++ systems;
"services/nixbuild/sshkey.age".publicKeys = users ++ systems;
"services/tailscale/authkey.age".publicKeys = users ++ systems;
@ -18,6 +18,7 @@ in
"users/media/password.age".publicKeys = users ++ systems;
"users/printer/password.age".publicKeys = users ++ systems;
"users/thomas/password.age".publicKeys = users ++ systems;
"users/anna/password.age".publicKeys = users ++ systems;
"users/adrian/password.age".publicKeys = users ++ systems;

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ rEWE9GwFQDYqvltjwLVrBiTqpOsc4/TWgH+Aobg7yC4
YOGEWy+Dsop3yLqy8fj56K8LwICnZ4am+m3cvfBoHm4
-> ssh-ed25519 vDK6kA cmzt1oSjNcm3aJ1OA8P0oMolYNpevKkMRV1h0xyyiB0
70OCazDWY+FetNma52Ge8PMfODqdF04dSwzgyNL/7NM
-> ssh-ed25519 mO4+dg Mik32+GR6MNzDBoKMc3bDX7e+nvXB9mSy6eOQn23528
QPA0LG/dFRcLmFv4DWOHlv//OTrlkp93IzpuhGOUq0U
-> ssh-ed25519 IYHv1g WloPoJTI1584EvleTSz0Ii/JYyn4NJOwKKHdpwBGsis
IbrpjQd3FfM7tZMUKeo4lNWeUqYwo3p7AhSwAk73Rjs
-> DPa<71Dz-grease
b4jiTJ1+9QsfTGu+HrRF4NrPXnbmKiC94Hw1jgY
--- FkfPpnNJsUOQ8r1Y16hLx1P7J40LuLhQB4U9hIVDLXg
¬-œD7pÞÚϾ*VÖ{嶻AŸ0ƒÅC¯¡?Ù/Ä"tY7|?Id8!7}ûìQ1YoV¹LyÉúe

Binary file not shown.

Binary file not shown.

@ -1,13 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ mYfXM6HiY9NrwbKv3/ilIMPs8F7oFxynIe1qXuumhEw
mTWfn+aLiv0VY9+PaVLNtiSoHDijG1z918xO81o+ct4
-> ssh-ed25519 vDK6kA oIYp38thi6N/EqUQmnjzBGqodQzTj3MtJPYKOH5e1kA
G3BMhnzdRuO/z2dUxfFCwU5WyjFnIJZfqV8WPlMW+ok
-> ssh-ed25519 mO4+dg wlMjNlU99D1htQN+H3HpnUNLdrH/Tb6I/0eaVlg5JzI
Fxg2AoUhfjYduM09PxFgTQkwuVEmswhn/AYZaw1T6qw
-> ssh-ed25519 IYHv1g AryXH803/vTxriUCRHEg3H5CbwKBIcGGAksj4PPCeUU
ZbR/kZ6mMDBB+9CAOQb3QOStv54eRq535O/WlrMp694
-> p;uvW~-grease rh>@PYQd U+'5Tnm\
NuEDaKxfK2SM85pUumZvGqnCZkeYDXcU62Wsq0fnHKypGL3drnzqDoM
--- 9/7qsFhYuCqAyKLRW87WUMF8RAw6gmPnogNQPahakI8
ç ®ÃÎGs:Š2…ÓB<D%<25>Cø6ö <20>˜Á<CB9C>£(Z[*ŽÐkþ`±O>ÝÜëŒl5nÄþ¯“1¥¯AùA¢^,¹Ê)Ö)@Ä®ýöÿ…àî銫h½råLc/
-> ssh-ed25519 ptT1OQ NFf19N7l5JToUkvjhDpq5CEzNcx4jHCywAO/NglztkE
jLyxjg0Ji6HuTJ5HaBqvDsA+NWUOlu5MM3VWym1typg
-> ssh-ed25519 O+OI0w 2jZVXeQzq7aFNPNnYPTj1HO3gP7nk05wjsH2L4J8CCA
O9LQLN1MErhCUl6QjEOqBwG1IMK4qUKKXYWMY0O7Uyc
-> ssh-ed25519 vDK6kA Q6qd3yA7gYsRwNZSFaAXYKfjFY0K+1lBcHIIrTrmJlQ
3V3qH9hXC98CEs9ArkQaFJA8PyX6gXIR5sZqDkmPZ0Y
-> ssh-ed25519 mO4+dg C3n2AAVvl2DCbHuqcVTM1llnpgTt2kWrTqBsvl4OERc
RwcMmR9SJnd1Iifk0kTyapPKXloDXrJfHph6qJ+BP7g
-> ssh-ed25519 IYHv1g ek6PHwB1084OKtxQdRe88uWX8dh8jCtC3Pvpo7pr2j8
Ttl08ri4BkzDHP8lsWPntzUNnznD75YKhib9MA9+u/I
-> `>C-grease
cI8yv/f0R//eaCqDjj6WAVv9
--- OC99qEyy7eQkMrCY/11kn97mJpVdY+f/naUvs6OZ0Lw
Ækq…ý<E280A6>äÙ"ÉW5ߎsdæbœzb¦ŒxβrØÌç-«mtÁ”€+•ô®Ô“3ê]Èšý±—iÈ„TªLk”“%<02>$ÇŽt£¢0wnR*Çà£ÎÐYˆ

Binary file not shown.

@ -1,15 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ NtRMFhbhY0R7wMDPgPRsrC/OKcCiMBG5+/05Jzlr0TU
+8CiepbxTuSJe1Vijkmk811Y9cSIMyMxIFJ/NHDQF6s
-> ssh-ed25519 vDK6kA LnJ7kFg48fbX5LTvGOOB08MXiO+VZkSMhdttyNLBNEI
RoJPq2+ymrJP/evE4YIfkWhtsoea5w/SY7bBIPYWOKw
-> ssh-ed25519 mO4+dg UdaRJJPYMOKYdfBDxJEkr5rt8C3UXmWBirTNrvlmSm0
6KftlUcPPkBmcx01SyTrKTnVmTFVI5Eg/68qoeEy/Ro
-> ssh-ed25519 IYHv1g 91ElPIAsm7ijBs+A9TwTHj7LwP1rgMoGpkWC8qyQeXc
jwovC3sIzVHMwHl/aAAdHXAHIJAPkkvaXODYYhPYM2Q
-> w-grease _z;Hl G
4bf0tDUouIdYic5EVCZmBPcgI5fiBqsq57NruMd+sWos2M33CD/MD59QOFEdAllG
U8IEHU/3ywy6bxo+E56yrbOIhScRHPtd
--- vh/QyKq+kBSD7kVorcBdt0tpAjtqBkZDGSSfn4uBvpM
Ó©HÐ[Îû– b9%éš/ç×QGy(£vD(¸ùTÒáñTUÞÂ[é
ÀN
-> ssh-ed25519 ptT1OQ M01CTsx8u+RGHrzOl6NxMg1xyS+XHDlfW70nu83PjGw
Z7RXoLWhMtwQUq1o1S52+LYIlKSp6ngUL1lYEO2ws0g
-> ssh-ed25519 O+OI0w H9lokStxsJGQe956ThhPMUIxEDVPzP+WN/hE6/FuBXs
zdiXD/u7ajq2jU8OlPz4AILMyVFkhqjJLmtMIwfoqn4
-> ssh-ed25519 vDK6kA 8FFDmtpWFBLFsAABmXuFJZAnwejBLe3pMzgqTehxmTA
QEIVWTai/ExUURlmZkYTAkHl6o0I/Y7HXuovnvs3G7I
-> ssh-ed25519 mO4+dg 1JSbDRKXkgD+rSmSP8DpliYfLMWVF+u4uAUAGILj4DU
IJI9pXWPXiQYvyi9hbxv1BTKs0ZJRwyUmQyxD/y3udo
-> ssh-ed25519 IYHv1g URhVTgRnMKmCQxAWLje55Y2Nc0SnYi74qW2fXeZYDCo
S64vdISjByUF1TXPdBESr9RdlYgRXv1fjj7uGkY5n3o
-> 0Q&GEWt-grease
B5eqX3Kpk7zu6JOSke3jI/iyyGeNsbN5cGbDek+hGgtBQo9AxwB2vC5qUtGtd0RD
NBTCtu5S5cA8anvosVfTB0AoDE5hsdSlVdU
--- gt3n3H687jWDDeU5fk1XNxJ0/Ll2aIm2LWc4qya2I30
ì{¿®wµL×øüa
öN5UÜPuû½JÇ*Z8ò¡¡œâ=ë24ÄGp˜¸é

@ -1,13 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ ETKyT0ZKxzlZRVhxQyUk4L4fKT47lA1meuKkDOkrxEk
ruK/hjCYjXu+bowXcJ9gnVLZPz+iqoY21LWVdA83Y3w
-> ssh-ed25519 vDK6kA YZqiHU+/jgm0SynE+j8V2yX0PddGMFVEJe0CDMkKES0
vM1i+wGjfsRrEkKcnVjXCrJbcEYIbMQOac3rdyUEpEY
-> ssh-ed25519 mO4+dg vkUlS0Y9p/qU3STX+1isCx4IwHYTJHVqwLpcpEwRoxo
SwdkF66+swdsub6kGA7DEl/vCEaALrxC1C2ILZOg6Ws
-> ssh-ed25519 IYHv1g 1xXBVayoy4BLFlShUF2+QzP0Fzxa7FWFawMEDAXFqXI
H9npCuam9L8bH+WMyaCvNb/+WMswVzR88WbPbFRn24A
-> b?5Ze`*-grease Xm3!9)Sb S[7. h=
k29SWuGX3a3zlfHE9tE6GJrkH4OWUFdH8Q4VKrXojPXakKM
--- Sd/VXekicbIat6NjwT1+vVBAPpYtoHfgD0Uu+D1N7m0
Egúÿ_ʈø.¬"®z—8w²*äÇ#ÿ!<21>5²Û顧ò@òÙÆUº…e!ár=f£Z;Ìac
-> ssh-ed25519 ptT1OQ FaJ8hSzTMc82d2diZ072OcIppLarVNg6RngCIuUVLgg
AER9hp4gA2tCWTs0+/uKaeKx3zqmiwMLsyY0Jzm3k3Q
-> ssh-ed25519 O+OI0w LmXIIBsx4IARl6E+7NESs4OBHR0zg0Bm1zNJgkAYpjY
qJKLb4UYsFZWPwooE+19eThP/RLJvgp7sDZlwkCbm8g
-> ssh-ed25519 vDK6kA bnQYYcPSRMdbfsszMRkTELtsyErXy02LLq09L0YSWx8
tknplv/j2KBgRuN+abjgXrWLl3fFwOO96y1JaZ1YcD4
-> ssh-ed25519 mO4+dg zvDzHP8stv4AJb7McBlaJ2BXs8m4nIeWNDNJJB8lzWw
tbA4ZQRLyrvW4H68DxpX3p2C6XcMt/cRzeLNmGqQR4M
-> ssh-ed25519 IYHv1g VLLjY0UxUA9iB/q8vn6qxhBB86dzpc+RNLG9TbMrQ0E
Pc2AbgzNi6yOpMx5dPtNuOM6t87gDk5IfMjewuPmIpM
-> im*I-grease
Fuodhm6zsJvcl0le47Lgs/74V2Bxx+2HrgkjBmqAkddAZS5du5qC/HdhatCOKpop
m+DC7QueZK+14A06XzUojiHhe+Fq/z1PE/e6HW8OoVvnWWLgZks6WK4J
--- +2wFKdi26ioeRdOsNSpwqsHuZsorAMVJ0Kgut9P8/Qo
ó\œ$Bû8ÍArôeÄßLÑÚŒ¥&w¯6žNT‰Ì®³ <0B>ñTñ•”^>iõuÃ"çóL(#íd¯÷@

Binary file not shown.

@ -1,14 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ JmaAjfb6zrdV3RL+zupDpalo6gbirAjiVSZaCCzrhGM
TAz2nLpGFuB/t2rBWAI+VTjEPtPz05XLlfgIsLNykLU
-> ssh-ed25519 vDK6kA k3015BovfyWFdkrGxPuzyYMRfpJ4yUyN1vxOnLGiKik
hyd7sX+nDU1uvNVGv2xAsCS9lSTuKJs9NBsZANqESYY
-> ssh-ed25519 mO4+dg pmrIUnjWwBI2qq06DNddzneJ62S1jiMof16ch2V1rnA
xAoi276YgyaE+P1dBdHYrA5bgnbYuX8Jn0jVsw9DB/k
-> ssh-ed25519 IYHv1g ct/Tf3twUfjcZlOk91DhvztN0RxXl3MIcgwQ3xcPpRg
HNuOku5+OwowK3s/6VRlh3nFBIGximE85lusoQe1XEI
-> :^=D\)*-grease I|~I;*c)
1zNCeSbmaCMXCIwvoniM0qrHqh8mIjXxKOeCyapcknXvfub190gM419BTzEPKE5R
qQ
--- 7TMiqfV1BjRDJAy227wgeMULsvOjd3Y3YptYWisXTZY
æw™˜e»Øöaí7óZ‡û8h~U駃a‰iO-ß‘nOg×[xÑðŠzp®ÆÍ yR<
-> ssh-ed25519 ptT1OQ fwzRZHpwGFSjIP3EXgGftXMMx8KhiaH6enl01t70hX0
iPoj0RrOmz0R7bSwN7UAJjUJ8dif8SRi/aMGIGO9q1s
-> ssh-ed25519 O+OI0w 22+It+bm+0MqX84wDd8XEJpEXCfxZZIB/pdASs5OBgU
7QN9m3lCuXuzL+d1b219+3HSgb/YfxUmI/hkoHTSh3c
-> ssh-ed25519 vDK6kA cs0NbyNtIoamOiVVrW58M36pw+9WWmaT8OSwZh2yGyQ
iJlbOEJKyb2hTLdqenCPynawPO/K/2HuA4nMRzjdRIU
-> ssh-ed25519 mO4+dg dpzUopNc8acj+VqnOdtisp8YI9/gb6WXbcpQ6Xrji0U
2s1smLiEg1G9a6HtleUk0APylGxzvBzd+mgOuILnTkE
-> ssh-ed25519 IYHv1g Qp4Q9cSXxZQaboh5ippld036PlEZflFx21qwmZ7K7TQ
T38aYj5o+YYmM0Ekbh4ZY90h6THfkOPQz8xzKKrNYaw
-> %E5-^j6Z-grease - }d |W.u[~/
2nijxQdQNlfO
--- Pk85wGS51mpDyKpcyZOELCMTfwmnzBaLOqw2ZoyaNJk
<EFBFBD>·Éi{¦»ÅÂÅ~,™ÖdM3ô4š8¼LXZÚ®Lˆj<CB86>([ ·å×…2"ü<>ŠW eLb

@ -1,13 +1,16 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ Y9YXWuCgLgYumHzDp94ItrF1/wHPgBVep84N7EpR73c
Pia8PgV+nE+Dd4hbN3Z17+8BPGjVNXH0si/un3rmlXM
-> ssh-ed25519 vDK6kA OLpyp1a2LbQr9jI+IG0AL42hDKTiQEIlm6Ykce4UQE0
naLTg0sXlr+4jHF8SrldWXe7PQgMHBv3+fjRO8ZR8SU
-> ssh-ed25519 mO4+dg M2ykrR8lgNjanpS0hfJSKsx3OqAiyEh3GRSJARmn8C4
A6beJsQVElc8HeXNnBd7uL5w6pzThQgQBNel+4qOXB0
-> ssh-ed25519 IYHv1g 50kwPbLLo/2va2dFnELlSFlDvQdDyQqMoRBWMxOYVTk
n7pyEFxTidyzrbb6q2RdOiPXAAeDnNSFXtt2yEnwWCY
-> ]?|n)b+-grease
fgoezOeqnNQ1oHR0zN/44oZ9mw3KD3uhPgFRdLX0GBT1pGcAeQbOH1T0cybyQA
--- I3pr06YOIwJP5VM4ZHlhH5B7bnAqlPDAD+Dgu3Ebz5A
äd8¬(ä€þãNׄ°ÍkÍ$òßãÞ¹·»ÎhK:P(ÓSRy<
-> ssh-ed25519 ptT1OQ iPBfO+G2B63EkQ7z9LlbAj6tdHZ02lJrT/4M3Iu8GDg
3srrzkJIDuJQ2clZEdCI76qxt/VvomzuMlomfxfMNNA
-> ssh-ed25519 O+OI0w S2g/dR+L+ZkAYFQba/JuiXwRSh0PEB80JoLbA9pjhnw
rLqate77aSfMFFfhr8f2QWVK/6Bl8mHVBSWaRqfm0Oc
-> ssh-ed25519 vDK6kA CRxC9c5UXWiU4r3+gn2ClndRjJhi+9LN8cryJnzktXM
86IzmpeVwXsFyJpAUqzCI3nMC2HbfPH4klqyRACjbgk
-> ssh-ed25519 mO4+dg ywNhA4x2N67RF70wP6vG+uT/PvP6Z6h9qRtvV7RF1yA
o5fQtOUqEPlae+71SiknVDhQafw3ZVonP4kiECZNR4A
-> ssh-ed25519 IYHv1g 5/j9yJvePeANFTiXvxZxDde4RChg+8gOo0TNmXA4FkM
9H23TtqvZxuOXFW26WsiVZZ/KN8x+QXYPrXm0OrX5yk
-> ^+=RusU-grease (Y T~ZPJ% l@fXB FAa
+/p6FzhGoOAHaunPOkG0eOYebMyEqQeAElcXKBNYBfl+ItGacTHK+RZjdh4LZ3F0
rS0EjgdHyWS3IZVrL4caSBoWQWWLkxOURsN3bzBvL6WLjjBE2lTHcw
--- UIEzYZWlGZ8XqLous1SM9DLg8s4KSl9VLWgPNFiB7nI
-s<>怬︾€繟Y'谿<1F>&-z 钛2灱!踯t:笞っQ″媵艕

@ -1,14 +1,15 @@
age-encryption.org/v1
-> ssh-ed25519 ptT1OQ 2y+VEFBIGv1FuDdn6asOZmBCAOi2e8gZu1J5Tt1WhHk
gFuyg3mYVBaxi11hL3rtRlzAouZwdfTPjIvk5BfdLCk
-> ssh-ed25519 vDK6kA bBWK7YvOSwUehPd2/sk7WU+lgbFRryAOA5+RY20juh0
xa9w9sjK4nGnxnAt8r8ddjLiKvYJPOhsrGASI3bZPCA
-> ssh-ed25519 mO4+dg UfcVGKUQG6OAxScSu6BdcjimLl/TOS8/B0WJN99C9zY
CBoEmH7ORcuyPX5T4rdq1jZcecL4zBKPSWHmi/TELNo
-> ssh-ed25519 IYHv1g ZbrIiRRGwjzk/jOrtnOIYbQMP2lulBaUdDw7oJ91OxE
OSvUCdYbrLTOc6rk2bLcFfzgOeVSijNRFJ11g/XQlu4
-> ?~-grease q ,o"uY"4{ Y?j= GQfBh6(
h1FnD/Lz9/BDj1NIpn23p690gFS/XLDMJzj93Svh0GXsBTSUjS4wDyOE8pxNpqc/
QLErRVHYjROTgA
--- tmGTB162h6yXOX8NGcSPe65fqhM1Z9apVxbI3LFHH2U
[7e<37>´ƒyI¸Nßµ@Î<>Mòâ úNœ¶ÊL„*ì3ƒÏ ûšðÇ5
-> ssh-ed25519 ptT1OQ aE9jcWvcpY116W4WeQKgkQqUf6VxPIFN4b4aDLBchQI
a6PICn1xctMH2cw4J9deieBPedybKW44SVvb6KvZgw4
-> ssh-ed25519 O+OI0w z0J/xWSs/YFYtCR/OA9pVS0H316KzIzQnqx5FYzrkFM
j6T5fUP4R4ftdTUs17UdQlpk/grztCNtMjGzGnDoiQU
-> ssh-ed25519 vDK6kA Tr1Sf1aGsVv6VHfsysJisAeE9utMGVb6w6fSxgWfWVw
gkmkPIQ0i3S9V/u1s/7j7XUorg8ehHsLz0iXjrmnN5Q
-> ssh-ed25519 mO4+dg X5w3jwsosTyTxZ1OgaoNHSRLPoud3p8zNXi9e/qvdkg
/3JRoDh8XLLGRPmIg2dhEVUb8fA1sM2xrs6BB0e7il0
-> ssh-ed25519 IYHv1g woIJnyKlAaFVvk71qJycgmDKWa/WPagbKebSjBA4dgY
BbuCla041aQgRmia6C8Vm+fUbAxMIbgbs+qO//tEwtg
-> gK$8\-grease >^n6 X
blRrROC0qVKuhmRX5lZJpMdz
--- CGGl77k/BJYTSqCWskqAt9aov9/CvS4g/QyN0no2y0A
wsäy¶/þ)ì×3h·Ü9yœÍMG`4amaÚ8õäQ"ò,RÆq—