Compare commits
No commits in common. "main" and "b24.05" have entirely different histories.
|
@ -1,31 +0,0 @@
|
||||||
coturn:
|
|
||||||
static-auth-secret: ENC[AES256_GCM,data:cYYpG6x0/7aaxCv+d5BYQqgEcEGz2U98CaECHjB5IJMZulcfuS7YimY6eaDqmd+JWqUynin2yA+puCKDNm+aEw==,iv:w5YWMucPSVNZSnJ6n3sjF+McIYN6Mz+wsLkl0J0h2bE=,tag:aO9jBxHfYWMAXH/0KQC1pQ==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaDFlMEYxM1B0QTBCblkv
|
|
||||||
dnlxR1pXZDZOamZhbXp4cW9QelFUNDY0alZ3CmJtZmU2YVpzMFh6eXhQWngwQXlz
|
|
||||||
VW5IK3B1MnBZWjR2cmZGRjByNmVOSnMKLS0tIFBpMUZIcDFJbU5DYzZKdzlyVmgy
|
|
||||||
c285MmZINC9TOFdEcWpjaEFnWnhuMnMKniLkzEuEBOcrGVVk3z93VtAzYKkud5nB
|
|
||||||
lhNhqW7KbvXC05u20yPtYpD8z6pH4iulPG+yyvhahWBmc7gdgTZKdQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNHYrVlJqeXVqQ0kzajlk
|
|
||||||
RmZ4SzRWOTlaUlpSV1dnM1VSQ25XTk1ydW5zCkgwcVhvVGhsdW5UNHdBVkkxQkdv
|
|
||||||
bXJVZjRSTzY5MjhoeXMzYlZqb1IrUGcKLS0tIHV6Y1AyV1hKZGdRZENEMlNlTlYw
|
|
||||||
WHRNMTY0WGVVWG1icFdqYVp1b2ZkR00KM5C2+YE99mWkIwaCLuGrdyymT7ujaxv4
|
|
||||||
MBU2TP2gYsN6bzt+LvyRC2OiOQcJ/2HgGimwK4FB5Y7L+uWiQIMpKA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-09-17T08:21:45Z"
|
|
||||||
mac: ENC[AES256_GCM,data:A8p487vIXqxZAaD9Gmr7DcU3BkRVPvJDpUtK1xgCrJzmPYko6E6eL+n4LY90JSDOPG6ab3ns4URjnE34tL+QG3/M2viw6LvrYRbfAyubwnkYUX0QWXa+x3XMCuqKv0gY7npW9dZXgUJQx6KIB5jKNiLP9CeCyFz0C0FQI34DGwI=,iv:k7kKcmaM5IBFl4Ickl+YKBfOPdqAFtmps5rgTMSFjmw=,tag:NVATG1TG9MS//ZAxdYOAXQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,30 +0,0 @@
|
||||||
forgejo-runner-token: ENC[AES256_GCM,data:nq8a/AQysWPehS7vuj4rpjxdoZWLqohvMjtu9hrQLbsrrOoJg/ZECsIQHQMbWPo=,iv:hComE0xi4SpeWgRMAtLY8rAHtlcY1/sF0gk7nMCqTME=,tag:YRIeWy0dFcM66giOTOFd3A==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOUVxRXduVWhjNHdnZCtH
|
|
||||||
U0VLWE01VkJaWmNDUzE1bmorRDN5RWNwTnhJClRkcDNzb1U2MzZ3TDhXSnI4Z252
|
|
||||||
a1A0dzQ5eUlScDhhYjl6WEdnYnlxUm8KLS0tIDczaXlvcDVwUzdQY1h6a01QM2p6
|
|
||||||
T3FBVWJqaHQwVnIrNFVsWVBub2djMG8KsbZb43UkVe1Up0O15UTC/PdsEkwwOnVW
|
|
||||||
9P4AGO097HfTLkAjKJHx5QYF02dJ+4xb6rgzUYt9Nr8h8+GD0xRAfQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdlhZbDhqamNGU2QrZDN5
|
|
||||||
MlY5RFgrV3NJUk1PYWJLSnpCZjhiTUF5b0RrCmRHV0JnYlBmL2p0WE9UTzJUcVhK
|
|
||||||
dkhiYlJtYWtDN0lseHRCNTUzb252TmsKLS0tIGZKbjA3dkVwcnZNK2djV1BvSkJo
|
|
||||||
a09FM1ZqSWdsdytjdVFCanVldHVoWUUKyy/LXNd/vZLdgXYXfloFkNviaddvrazw
|
|
||||||
4Z0bJ/fqGvRPlLkTUzZlhWKVXfZFGgo5nQSEvyphkIb6UCyd9VamnA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-06-27T11:07:00Z"
|
|
||||||
mac: ENC[AES256_GCM,data:A73eobLa3aPeHkW1scY/xWWejVnCcEPJW9Vnx03HzEhk8Gv2dYAA6Xvt7hXMTuYow4A2ixmAFjn5GltvvOo3dUgumvHBlf6Kt39bwumiNmLD4mcLAKGnL55hSFn0gInEL5xjiqvlIokbPZFJec7CsS2f8PsL52/cYe5u3aSsqmo=,iv:ch2quofqaCUT1EjsIoWAlQzswfxxAk/eTfjB2tWsAzg=,tag:BlNpCt9r6iZdzJASCWHThQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
21
README.md
21
README.md
|
@ -1,29 +1,28 @@
|
||||||
Install a system via nixos-anywhere
|
Install system via nixos-anywhere
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ nix run github:numtide/nixos-anywhere -- \
|
❯ nix run github:numtide/nixos-anywhere -- \
|
||||||
--flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
|
--flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
|
||||||
root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
|
root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
|
||||||
... enter disk password
|
... enter disk password
|
||||||
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
|
❯ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
|
||||||
```
|
```
|
||||||
|
|
||||||
nixos-rebuild remote git flake
|
nixos-rebuild remote git flake
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot
|
❯ sudo nixos-rebuild boot --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg
|
||||||
```
|
```
|
||||||
on darwin
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
home-manager remote git flake
|
home-manager remote git flake
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
|
❯ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
|
||||||
switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'
|
switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'
|
||||||
```
|
```
|
||||||
|
|
||||||
|
`command-not-found` unable to open database
|
||||||
|
|
||||||
|
```bash
|
||||||
|
❯ sudo nix-channel --update
|
||||||
|
```
|
||||||
|
|
332
flake.lock
332
flake.lock
|
@ -16,30 +16,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"attic": {
|
|
||||||
"inputs": {
|
|
||||||
"crane": "crane",
|
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"flake-utils": "flake-utils",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1717279440,
|
|
||||||
"narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
|
|
||||||
"owner": "zhaofengli",
|
|
||||||
"repo": "attic",
|
|
||||||
"rev": "717cc95983cdc357bc347d70be20ced21f935843",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "zhaofengli",
|
|
||||||
"repo": "attic",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"blobs": {
|
"blobs": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -297,27 +273,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"crane": {
|
"crane": {
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"attic",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1717025063,
|
|
||||||
"narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
|
|
||||||
"owner": "ipetkov",
|
|
||||||
"repo": "crane",
|
|
||||||
"rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "ipetkov",
|
|
||||||
"repo": "crane",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"crane_2": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": [
|
"flake-compat": [
|
||||||
"lanzaboote",
|
"lanzaboote",
|
||||||
|
@ -373,11 +328,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719128254,
|
"lastModified": 1716993688,
|
||||||
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
|
"narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "50581970f37f06a4719001735828519925ef8310",
|
"rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -442,11 +397,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719451710,
|
"lastModified": 1717378144,
|
||||||
"narHash": "sha256-h+bFEQHQ46pBkEsOXbxmmY6QNPPGrgpDbNlHtAKG49M=",
|
"narHash": "sha256-gwx3rVXnt2jNxl8L2DybYv41fA8QhWVGebe932pa2nw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "8767dbf5d723b1b6834f4d09b217da7c31580d58",
|
"rev": "39cd5a1fcd6d7a476eac2894b09122ead99f6efc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -569,22 +524,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_3": {
|
"flake-compat_3": {
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1673956053,
|
|
||||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_4": {
|
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1650374568,
|
"lastModified": 1650374568,
|
||||||
|
@ -600,14 +539,14 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_5": {
|
"flake-compat_4": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696426674,
|
"lastModified": 1668681692,
|
||||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||||
"owner": "edolstra",
|
"owner": "edolstra",
|
||||||
"repo": "flake-compat",
|
"repo": "flake-compat",
|
||||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -616,7 +555,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-compat_6": {
|
"flake-compat_5": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1650374568,
|
"lastModified": 1650374568,
|
||||||
|
@ -672,58 +611,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1667395993,
|
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils-plus": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils_5"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1715533576,
|
|
||||||
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
|
|
||||||
"owner": "gytis-ivaskevicius",
|
|
||||||
"repo": "flake-utils-plus",
|
|
||||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "gytis-ivaskevicius",
|
|
||||||
"repo": "flake-utils-plus",
|
|
||||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils-plus_2": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils_6"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1696331477,
|
|
||||||
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
|
||||||
"owner": "gytis-ivaskevicius",
|
|
||||||
"repo": "flake-utils-plus",
|
|
||||||
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "gytis-ivaskevicius",
|
|
||||||
"repo": "flake-utils-plus",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_2": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems"
|
"systems": "systems"
|
||||||
},
|
},
|
||||||
|
@ -741,7 +628,43 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_3": {
|
"flake-utils-plus": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_4"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696331477,
|
||||||
|
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils-plus_2": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_5"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1696331477,
|
||||||
|
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "gytis-ivaskevicius",
|
||||||
|
"repo": "flake-utils-plus",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_2"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
|
@ -759,7 +682,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_4": {
|
"flake-utils_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1659877975,
|
"lastModified": 1659877975,
|
||||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||||
|
@ -774,7 +697,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_5": {
|
"flake-utils_4": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_5"
|
"systems": "systems_5"
|
||||||
},
|
},
|
||||||
|
@ -792,9 +715,9 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_6": {
|
"flake-utils_5": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_7"
|
"systems": "systems_6"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694529238,
|
"lastModified": 1694529238,
|
||||||
|
@ -935,11 +858,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720042825,
|
"lastModified": 1716736833,
|
||||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1015,10 +938,10 @@
|
||||||
},
|
},
|
||||||
"lanzaboote": {
|
"lanzaboote": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane_2",
|
"crane": "crane",
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat",
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"flake-utils": "flake-utils_2",
|
"flake-utils": "flake-utils",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
|
@ -1265,7 +1188,7 @@
|
||||||
"elixir-tools": "elixir-tools",
|
"elixir-tools": "elixir-tools",
|
||||||
"fidget-nvim": "fidget-nvim",
|
"fidget-nvim": "fidget-nvim",
|
||||||
"flake-parts": "flake-parts_2",
|
"flake-parts": "flake-parts_2",
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_2",
|
||||||
"flutter-tools": "flutter-tools",
|
"flutter-tools": "flutter-tools",
|
||||||
"gesture-nvim": "gesture-nvim",
|
"gesture-nvim": "gesture-nvim",
|
||||||
"gitsigns-nvim": "gitsigns-nvim",
|
"gitsigns-nvim": "gitsigns-nvim",
|
||||||
|
@ -1404,18 +1327,33 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-24_05": {
|
"nixpkgs-23_05": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717144377,
|
"lastModified": 1704290814,
|
||||||
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"id": "nixpkgs",
|
"id": "nixpkgs",
|
||||||
"ref": "nixos-24.05",
|
"ref": "nixos-23.05",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nixpkgs-23_11": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1706098335,
|
||||||
|
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||||
|
"owner": "NixOS",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "nixpkgs",
|
||||||
|
"ref": "nixos-23.11",
|
||||||
"type": "indirect"
|
"type": "indirect"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -1438,22 +1376,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1711460390,
|
|
||||||
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-23.11",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-stable_2": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1678872516,
|
"lastModified": 1678872516,
|
||||||
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
|
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
|
||||||
|
@ -1469,13 +1391,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable_3": {
|
"nixpkgs-stable_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719099622,
|
"lastModified": 1717265169,
|
||||||
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
|
"narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
|
"rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1519,11 +1441,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1722221733,
|
"lastModified": 1717144377,
|
||||||
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
|
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "12bf09802d77264e441f48e25459c10c93eada2e",
|
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1535,16 +1457,16 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719707984,
|
"lastModified": 1710283656,
|
||||||
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
|
"narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
|
"rev": "51063ed4f2343a59fdeebb279bb81d87d453942b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"ref": "nixos-24.05",
|
"ref": "nixos-23.11",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -1555,11 +1477,11 @@
|
||||||
"snowfall-lib": "snowfall-lib"
|
"snowfall-lib": "snowfall-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1721741092,
|
"lastModified": 1716280284,
|
||||||
"narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=",
|
"narHash": "sha256-rofvtPgaYEW01OnKsD3DJv2B2j9QovRTWbw8h5lGjkE=",
|
||||||
"owner": "matter-labs",
|
"owner": "matter-labs",
|
||||||
"repo": "nixsgx",
|
"repo": "nixsgx",
|
||||||
"rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6",
|
"rev": "7151f63b1549b65633503f505df1e2a0b5ee844f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -2080,7 +2002,7 @@
|
||||||
"lanzaboote",
|
"lanzaboote",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681413034,
|
"lastModified": 1681413034,
|
||||||
|
@ -2150,7 +2072,6 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"attic": "attic",
|
|
||||||
"darwin": "darwin",
|
"darwin": "darwin",
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
@ -2267,24 +2188,25 @@
|
||||||
"simple-nixos-mailserver": {
|
"simple-nixos-mailserver": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"blobs": "blobs",
|
"blobs": "blobs",
|
||||||
"flake-compat": "flake-compat_5",
|
"flake-compat": "flake-compat_4",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixpkgs-24_05": "nixpkgs-24_05",
|
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||||
|
"nixpkgs-23_11": "nixpkgs-23_11",
|
||||||
"utils": "utils_3"
|
"utils": "utils_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1718084203,
|
"lastModified": 1706219574,
|
||||||
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
|
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||||
"owner": "simple-nixos-mailserver",
|
"owner": "simple-nixos-mailserver",
|
||||||
"repo": "nixos-mailserver",
|
"repo": "nixos-mailserver",
|
||||||
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
|
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "simple-nixos-mailserver",
|
"owner": "simple-nixos-mailserver",
|
||||||
"ref": "nixos-24.05",
|
"ref": "nixos-23.11",
|
||||||
"repo": "nixos-mailserver",
|
"repo": "nixos-mailserver",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
}
|
}
|
||||||
|
@ -2307,7 +2229,7 @@
|
||||||
},
|
},
|
||||||
"snowfall-lib": {
|
"snowfall-lib": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_4",
|
"flake-compat": "flake-compat_3",
|
||||||
"flake-utils-plus": "flake-utils-plus",
|
"flake-utils-plus": "flake-utils-plus",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixsgx-flake",
|
"nixsgx-flake",
|
||||||
|
@ -2315,11 +2237,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719005984,
|
"lastModified": 1696432959,
|
||||||
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
|
"narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
|
||||||
"owner": "snowfallorg",
|
"owner": "snowfallorg",
|
||||||
"repo": "lib",
|
"repo": "lib",
|
||||||
"rev": "c6238c83de101729c5de3a29586ba166a9a65622",
|
"rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -2330,7 +2252,7 @@
|
||||||
},
|
},
|
||||||
"snowfall-lib_2": {
|
"snowfall-lib_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_6",
|
"flake-compat": "flake-compat_5",
|
||||||
"flake-utils-plus": "flake-utils-plus_2",
|
"flake-utils-plus": "flake-utils-plus_2",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
|
@ -2356,14 +2278,14 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"nixpkgs-stable": "nixpkgs-stable_3"
|
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1719268571,
|
"lastModified": 1717297459,
|
||||||
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
|
"narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
|
"rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -2495,21 +2417,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems_7": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"tabular": {
|
"tabular": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -2649,11 +2556,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1722185531,
|
"lastModified": 1717196966,
|
||||||
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
|
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
|
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -2697,15 +2604,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils_3": {
|
"utils_3": {
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_6"
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1709126324,
|
"lastModified": 1605370193,
|
||||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -2861,8 +2765,8 @@
|
||||||
},
|
},
|
||||||
"zig": {
|
"zig": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat_3",
|
"flake-compat": "flake-compat_2",
|
||||||
"flake-utils": "flake-utils_4",
|
"flake-utils": "flake-utils_3",
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
|
|
@ -40,9 +40,6 @@
|
||||||
|
|
||||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||||
simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
|
simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
attic.url = "github:zhaofengli/attic";
|
|
||||||
attic.inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs:
|
outputs = inputs:
|
||||||
|
@ -76,7 +73,6 @@
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
simple-nixos-mailserver.nixosModule
|
simple-nixos-mailserver.nixosModule
|
||||||
attic.nixosModules.atticd
|
|
||||||
];
|
];
|
||||||
|
|
||||||
overlays = with inputs; [
|
overlays = with inputs; [
|
||||||
|
|
|
@ -8,22 +8,22 @@
|
||||||
username = "harald";
|
username = "harald";
|
||||||
homeDirectory = "/Users/${config.home.username}";
|
homeDirectory = "/Users/${config.home.username}";
|
||||||
stateVersion = "23.11"; # Please read the comment before changing.
|
stateVersion = "23.11"; # Please read the comment before changing.
|
||||||
# sessionPath = [ "$HOME/bin" ];
|
sessionPath = [ "$HOME/bin" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
metacfg = {
|
metacfg = {
|
||||||
|
|
||||||
cli-apps = {
|
cli-apps = {
|
||||||
bash.enable = true;
|
bash.enable = true;
|
||||||
fish.enable = true;
|
fish.enable = true;
|
||||||
neovim.enable = true;
|
neovim.enable = true;
|
||||||
|
tmux.enable = true;
|
||||||
bat.enable = true;
|
bat.enable = true;
|
||||||
starship.enable = true;
|
starship.enable = true;
|
||||||
#home-manager.enable = true;
|
home-manager.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
tools = {
|
tools = {
|
||||||
direnv.enable = true;
|
direnv.enable = true;
|
||||||
|
alacritty.enable = true;
|
||||||
ssh.enable = true;
|
ssh.enable = true;
|
||||||
git.enable = true;
|
git.enable = true;
|
||||||
};
|
};
|
||||||
|
|
|
@ -32,7 +32,6 @@
|
||||||
xdg.enable = true;
|
xdg.enable = true;
|
||||||
xdg.mime.enable = true;
|
xdg.mime.enable = true;
|
||||||
|
|
||||||
/* *****************************************
|
|
||||||
systemd.user.services = {
|
systemd.user.services = {
|
||||||
render_blog = {
|
render_blog = {
|
||||||
Service = {
|
Service = {
|
||||||
|
@ -69,6 +68,5 @@
|
||||||
Install.WantedBy = [ "timers.target" ];
|
Install.WantedBy = [ "timers.target" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
***************************** */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -12,10 +12,10 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ];
|
substituters = [ "https://cache.nixos.org" "https://nixsgx.cachix.org" ];
|
||||||
trusted-public-keys = [
|
trusted-public-keys = [
|
||||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||||
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="
|
"nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
"appindicatorsupport@rgcjonas.gmail.com"
|
"appindicatorsupport@rgcjonas.gmail.com"
|
||||||
"dash-to-panel@jderose9.github.com"
|
"dash-to-panel@jderose9.github.com"
|
||||||
"hibernate-status@dromi"
|
"hibernate-status@dromi"
|
||||||
"autohide-battery@sitnik.ru"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
favorite-apps = [
|
favorite-apps = [
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
"appindicatorsupport@rgcjonas.gmail.com"
|
"appindicatorsupport@rgcjonas.gmail.com"
|
||||||
"dash-to-panel@jderose9.github.com"
|
"dash-to-panel@jderose9.github.com"
|
||||||
"hibernate-status@dromi"
|
"hibernate-status@dromi"
|
||||||
"autohide-battery@sitnik.ru"
|
|
||||||
];
|
];
|
||||||
|
|
||||||
favorite-apps = [
|
favorite-apps = [
|
||||||
|
|
|
@ -11,7 +11,7 @@ in
|
||||||
{
|
{
|
||||||
options.metacfg.nix = with types; {
|
options.metacfg.nix = with types; {
|
||||||
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
|
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
|
||||||
package = mkOpt package pkgs.nix "Which nix package to use.";
|
package = mkOpt package pkgs.nixUnstable "Which nix package to use.";
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
|
|
@ -1,58 +0,0 @@
|
||||||
{ options
|
|
||||||
, config
|
|
||||||
, lib
|
|
||||||
, pkgs
|
|
||||||
, ...
|
|
||||||
}:
|
|
||||||
with lib;
|
|
||||||
with lib.metacfg;
|
|
||||||
let
|
|
||||||
cfg = config.metacfg.base;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.metacfg.base = with types; {
|
|
||||||
enable = mkBoolOpt false "Whether or not to enable the base config.";
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
environment = {
|
|
||||||
systemPackages = with pkgs; [
|
|
||||||
alacritty
|
|
||||||
age
|
|
||||||
delta
|
|
||||||
git
|
|
||||||
git-crypt
|
|
||||||
git-delete-merged-branches
|
|
||||||
home-manager
|
|
||||||
htop
|
|
||||||
mosh
|
|
||||||
nixpkgs-fmt
|
|
||||||
openssl
|
|
||||||
restic
|
|
||||||
rrsync
|
|
||||||
sops
|
|
||||||
tmux
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
starship
|
|
||||||
];
|
|
||||||
shells = [ pkgs.fish pkgs.bash ];
|
|
||||||
};
|
|
||||||
|
|
||||||
programs = {
|
|
||||||
bash = {
|
|
||||||
## shellInit = ''
|
|
||||||
interactiveShellInit = ''
|
|
||||||
bind '"\e[A": history-search-backward'
|
|
||||||
bind '"\e[B": history-search-forward'
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
fish.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security = {
|
|
||||||
pam.enableSudoTouchIdAuth = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -16,8 +16,6 @@ in
|
||||||
metacfg = {
|
metacfg = {
|
||||||
nix = enabled;
|
nix = enabled;
|
||||||
|
|
||||||
base = enabled;
|
|
||||||
|
|
||||||
system = {
|
system = {
|
||||||
fonts = enabled;
|
fonts = enabled;
|
||||||
#input = enabled;
|
#input = enabled;
|
||||||
|
|
|
@ -17,7 +17,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
fonts = {
|
fonts = {
|
||||||
packages = with pkgs;
|
fontDir = enabled;
|
||||||
|
|
||||||
|
fonts = with pkgs;
|
||||||
[
|
[
|
||||||
noto-fonts
|
noto-fonts
|
||||||
noto-fonts-cjk-sans
|
noto-fonts-cjk-sans
|
||||||
|
|
|
@ -60,7 +60,6 @@ in
|
||||||
clean = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
clean = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
||||||
smudge = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
smudge = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
||||||
};
|
};
|
||||||
http.sslCAinfo = "/etc/ssl/certs/ca-certificates.crt";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -51,7 +51,7 @@ in
|
||||||
users = [ "root" config.metacfg.user.name ] ++
|
users = [ "root" config.metacfg.user.name ] ++
|
||||||
optional config.services.hydra.enable "hydra";
|
optional config.services.hydra.enable "hydra";
|
||||||
extra-substituters = cfg.extra-substituters // {
|
extra-substituters = cfg.extra-substituters // {
|
||||||
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -83,8 +83,8 @@ in
|
||||||
|
|
||||||
gc = {
|
gc = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
dates = lib.mkDefault "weekly";
|
dates = "weekly";
|
||||||
options = lib.mkDefault "--delete-older-than 14d";
|
options = "--delete-older-than 30d";
|
||||||
};
|
};
|
||||||
|
|
||||||
# flake-utils-plus
|
# flake-utils-plus
|
||||||
|
|
|
@ -67,11 +67,6 @@ in
|
||||||
vim
|
vim
|
||||||
virt-manager
|
virt-manager
|
||||||
wget
|
wget
|
||||||
(pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
|
|
||||||
qemu-system-x86_64 \
|
|
||||||
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
|
|
||||||
"$@"
|
|
||||||
'')
|
|
||||||
];
|
];
|
||||||
shells = [ pkgs.fish pkgs.bash ];
|
shells = [ pkgs.fish pkgs.bash ];
|
||||||
};
|
};
|
||||||
|
@ -83,6 +78,7 @@ in
|
||||||
};
|
};
|
||||||
enableRedistributableFirmware = lib.mkDefault true;
|
enableRedistributableFirmware = lib.mkDefault true;
|
||||||
enableAllFirmware = true;
|
enableAllFirmware = true;
|
||||||
|
opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
|
||||||
};
|
};
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
|
@ -118,7 +114,7 @@ in
|
||||||
tpm2.abrmd.enable = lib.mkDefault true;
|
tpm2.abrmd.enable = lib.mkDefault true;
|
||||||
sudo = {
|
sudo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wheelNeedsPassword = lib.mkDefault true;
|
wheelNeedsPassword = false;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -160,13 +156,7 @@ in
|
||||||
environment.GIT_CONFIG_GLOBAL = toString gitconfig;
|
environment.GIT_CONFIG_GLOBAL = toString gitconfig;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.git.enable = true;
|
|
||||||
|
|
||||||
virtualisation.libvirtd.enable = true;
|
virtualisation.libvirtd.enable = true;
|
||||||
|
|
||||||
boot.tmp.useTmpfs = true;
|
|
||||||
systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
|
|
||||||
|
|
||||||
services.fstrim.enable = true;
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,7 +39,7 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
xserver = {
|
xserver = {
|
||||||
xkb.layout = lib.mkDefault "de+us";
|
layout = lib.mkDefault "de+us";
|
||||||
enable = true;
|
enable = true;
|
||||||
displayManager.gdm.enable = true;
|
displayManager.gdm.enable = true;
|
||||||
desktopManager.gnome.enable = true;
|
desktopManager.gnome.enable = true;
|
||||||
|
@ -58,27 +58,6 @@ in
|
||||||
# Enable sound with pipewire.
|
# Enable sound with pipewire.
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
hardware.pulseaudio.enable = false;
|
hardware.pulseaudio.enable = false;
|
||||||
hardware.opengl = {
|
|
||||||
enable = true;
|
|
||||||
extraPackages = with pkgs; [
|
|
||||||
onevpl-intel-gpu
|
|
||||||
intel-compute-runtime
|
|
||||||
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
|
||||||
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
|
||||||
libvdpau-va-gl
|
|
||||||
];
|
|
||||||
};
|
|
||||||
environment.sessionVariables = {
|
|
||||||
LIBVA_DRIVER_NAME = "iHD";
|
|
||||||
NIXOS_OZONE_WL = "1";
|
|
||||||
}; # Force intel-media-driver
|
|
||||||
|
|
||||||
metacfg.home.configFile."mpv/mpv.conf".text = ''
|
|
||||||
hwdec=auto-safe
|
|
||||||
vo=gpu
|
|
||||||
profile=gpu-hq
|
|
||||||
gpu-context=wayland
|
|
||||||
'';
|
|
||||||
|
|
||||||
security.rtkit.enable = true;
|
security.rtkit.enable = true;
|
||||||
|
|
||||||
|
@ -89,23 +68,19 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
#pcsctools
|
|
||||||
bat
|
bat
|
||||||
cardpeek
|
cardpeek
|
||||||
ccache
|
ccache
|
||||||
chromium
|
|
||||||
clang
|
clang
|
||||||
dive
|
dive
|
||||||
file
|
file
|
||||||
firefox
|
firefox
|
||||||
gh
|
gh
|
||||||
gimp
|
|
||||||
git
|
git
|
||||||
gnome-browser-connector
|
gimp
|
||||||
gnome.cheese
|
gnome.cheese
|
||||||
gnome.gnome-software
|
gnome.gnome-software
|
||||||
gnomeExtensions.appindicator
|
gnomeExtensions.appindicator
|
||||||
gnomeExtensions.autohide-battery
|
|
||||||
gnomeExtensions.dash-to-panel
|
gnomeExtensions.dash-to-panel
|
||||||
gnomeExtensions.hibernate-status-button
|
gnomeExtensions.hibernate-status-button
|
||||||
gnomeExtensions.vitals
|
gnomeExtensions.vitals
|
||||||
|
@ -120,11 +95,11 @@ in
|
||||||
nixpkgs-fmt
|
nixpkgs-fmt
|
||||||
opensc
|
opensc
|
||||||
pasystray
|
pasystray
|
||||||
|
#pcsctools
|
||||||
pinentry-gnome3
|
pinentry-gnome3
|
||||||
pkg-config
|
pkg-config
|
||||||
pstree
|
pstree
|
||||||
ripgrep
|
ripgrep
|
||||||
rustup
|
|
||||||
slack
|
slack
|
||||||
spotify
|
spotify
|
||||||
statix
|
statix
|
||||||
|
@ -132,9 +107,10 @@ in
|
||||||
tmux
|
tmux
|
||||||
vim
|
vim
|
||||||
wl-clipboard
|
wl-clipboard
|
||||||
yubikey-manager-qt
|
|
||||||
yubikey-personalization
|
yubikey-personalization
|
||||||
|
yubikey-manager-qt
|
||||||
zellij
|
zellij
|
||||||
|
rustup
|
||||||
];
|
];
|
||||||
|
|
||||||
#----=[ Fonts ]=----#
|
#----=[ Fonts ]=----#
|
||||||
|
|
|
@ -1,48 +0,0 @@
|
||||||
{ options, config, lib, pkgs, ... }:
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
with lib.metacfg;
|
|
||||||
let cfg = config.metacfg.homeprinter;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.metacfg.homeprinter = with types; {
|
|
||||||
enable = mkBoolOpt false "Whether or not to enable the home printers.";
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
services.printing.drivers = with pkgs; [
|
|
||||||
metacfg.dcpl2530dw-cups
|
|
||||||
gutenprintBin
|
|
||||||
gutenprint
|
|
||||||
];
|
|
||||||
|
|
||||||
hardware.printers.ensurePrinters = [
|
|
||||||
{
|
|
||||||
name = "Brother_DCP-L2530DW_series";
|
|
||||||
location = "Dach";
|
|
||||||
deviceUri = "dnssd://Brother%20DCP-L2530DW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-cc6b1e5cd0ea";
|
|
||||||
model = "brother-DCPL2530DW-cups-en.ppd";
|
|
||||||
ppdOptions = {
|
|
||||||
PageSize = "A4";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
|
||||||
name = "Canon_MG6300_series";
|
|
||||||
location = "Dach";
|
|
||||||
deviceUri = "dnssd://Canon%20MG6300%20series._ipp._tcp.local/?uuid=00000000-0000-1000-8000-2C9EFC9C7BA5";
|
|
||||||
model = "gutenprint.5.3://bjc-PIXMA-MG6350/expert";
|
|
||||||
ppdOptions = {
|
|
||||||
PageSize = "w283h425";
|
|
||||||
# StpFullBleed = "True";
|
|
||||||
MediaType = "PhotoPlusGloss2";
|
|
||||||
ColorModel = "CMYK";
|
|
||||||
StpColorCorrection = "Accurate";
|
|
||||||
StpColorPrecision = "Best";
|
|
||||||
StpInkType = "CMYKk";
|
|
||||||
StpImageType = "Photo";
|
|
||||||
StpDitherAlgorithm = "Adaptive";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -13,7 +13,7 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
metacfg = {
|
metacfg = {
|
||||||
nix.extra-substituters = {
|
nix.extra-substituters = {
|
||||||
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.aesmd = {
|
services.aesmd = {
|
||||||
|
|
|
@ -31,7 +31,7 @@ in
|
||||||
|
|
||||||
metacfg = {
|
metacfg = {
|
||||||
nix.extra-substituters = {
|
nix.extra-substituters = {
|
||||||
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -54,7 +54,6 @@ in
|
||||||
interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
|
interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
|
||||||
merge.conflictStyle = "diff3";
|
merge.conflictStyle = "diff3";
|
||||||
diff.colorMoved = "default";
|
diff.colorMoved = "default";
|
||||||
http.sslCAinfo = "/etc/ssl/certs/ca-certificates.crt";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -104,7 +104,7 @@ in
|
||||||
# system to select).
|
# system to select).
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
|
|
||||||
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
|
extraGroups = [ ] ++ cfg.extraGroups;
|
||||||
}
|
}
|
||||||
// cfg.extraOptions;
|
// cfg.extraOptions;
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,82 +0,0 @@
|
||||||
{ lib
|
|
||||||
, stdenv
|
|
||||||
, fetchurl
|
|
||||||
, makeWrapper
|
|
||||||
, cups
|
|
||||||
, dpkg
|
|
||||||
, a2ps
|
|
||||||
, ghostscript
|
|
||||||
, gnugrep
|
|
||||||
, gnused
|
|
||||||
, coreutils
|
|
||||||
, file
|
|
||||||
, perl
|
|
||||||
, which
|
|
||||||
}:
|
|
||||||
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "dcpl2530dw-cups";
|
|
||||||
version = "4.0.0";
|
|
||||||
|
|
||||||
src = fetchurl {
|
|
||||||
# The i386 part is a lie. There are x86, x86_64 and armv7l drivers.
|
|
||||||
# Though this builds only supports x86_64 for now.
|
|
||||||
url = "https://download.brother.com/welcome/dlf103518/dcpl2530dwpdrv-${version}-1.i386.deb";
|
|
||||||
sha256 = "sha256-f5lxwp7iu6gvmP7DU3xQMH8rOcuUT0vlxVTUiTg1eeo=";
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
|
||||||
buildInputs = [ cups ghostscript dpkg a2ps ];
|
|
||||||
|
|
||||||
dontUnpack = true;
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
dpkg-deb -x $src $out
|
|
||||||
|
|
||||||
substituteInPlace $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
|
|
||||||
--replace /opt "$out/opt" \
|
|
||||||
--replace /usr/bin/perl ${perl}/bin/perl \
|
|
||||||
--replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$out\"; #" \
|
|
||||||
--replace "PRINTER =~" "PRINTER = \"DCPL2530DW\"; #"
|
|
||||||
|
|
||||||
# FIXME : Allow i686 and armv7l variations to be setup instead.
|
|
||||||
_PLAT=x86_64
|
|
||||||
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
|
||||||
$out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/brprintconflsr3
|
|
||||||
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
|
||||||
$out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/rawtobr3
|
|
||||||
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/brprintconflsr3 $out/opt/brother/Printers/DCPL2530DW/lpd/brprintconflsr3
|
|
||||||
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/rawtobr3 $out/opt/brother/Printers/DCPL2530DW/lpd/rawtobr3
|
|
||||||
|
|
||||||
for f in \
|
|
||||||
$out/opt/brother/Printers/DCPL2530DW/cupswrapper/lpdwrapper \
|
|
||||||
$out/opt/brother/Printers/DCPL2530DW/cupswrapper/paperconfigml2 \
|
|
||||||
; do
|
|
||||||
#substituteInPlace $f \
|
|
||||||
wrapProgram $f \
|
|
||||||
--prefix PATH : ${lib.makeBinPath [
|
|
||||||
coreutils ghostscript gnugrep gnused
|
|
||||||
]}
|
|
||||||
done
|
|
||||||
|
|
||||||
mkdir -p $out/lib/cups/filter/
|
|
||||||
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter $out/lib/cups/filter/brother_lpdwrapper_DCPL2530DW
|
|
||||||
|
|
||||||
mkdir -p $out/share/cups/model
|
|
||||||
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
|
|
||||||
|
|
||||||
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
|
|
||||||
--prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] }
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
homepage = "http://www.brother.com/";
|
|
||||||
description = "Brother DCP-L2530DW combined print driver";
|
|
||||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
|
||||||
license = licenses.unfree;
|
|
||||||
platforms = [ "x86_64-linux" ];
|
|
||||||
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -8,73 +8,72 @@
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
defaults = {
|
defaults = {
|
||||||
email = "harald@hoyer.xyz";
|
email = "harald@hoyer.xyz";
|
||||||
dnsProvider = "cloudflare";
|
dnsProvider = "internetbs";
|
||||||
credentialsFile = config.sops.secrets.internetbs.path;
|
credentialsFile = config.sops.secrets.internetbs.path;
|
||||||
};
|
};
|
||||||
certs = {
|
certs = {
|
||||||
|
"mx.surfsite.org" = { };
|
||||||
|
|
||||||
"surfsite.org" = {
|
"surfsite.org" = {
|
||||||
extraDomainNames = [
|
extraDomainNames = [
|
||||||
"*.surfsite.org"
|
"*.surfsite.org"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"hoyer.xyz" = {
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
extraDomainNames = [
|
||||||
|
"*.hoyer.xyz"
|
||||||
|
"*.harald.hoyer.xyz"
|
||||||
|
"*.hartwin.hoyer.xyz"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"hoyer.world" = {
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
extraDomainNames = [
|
||||||
|
"*.hoyer.world"
|
||||||
|
"*.harald.hoyer.world"
|
||||||
|
"*.hartwin.hoyer.world"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"hoyer.social" = {
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
extraDomainNames = [
|
||||||
|
"*.hoyer.social"
|
||||||
|
"*.harald.hoyer.social"
|
||||||
|
"*.hartwin.hoyer.social"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
"hoyer.photos" = {
|
||||||
|
dnsProvider = "cloudflare";
|
||||||
|
extraDomainNames = [
|
||||||
|
"*.hoyer.photos"
|
||||||
|
"*.harald.hoyer.photos"
|
||||||
|
"*.hartwin.hoyer.photos"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
"harald-hoyer.de" = {
|
||||||
|
extraDomainNames = [
|
||||||
|
"*.harald-hoyer.de"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
"hartwin-hoyer.de" = {
|
"hartwin-hoyer.de" = {
|
||||||
extraDomainNames = [
|
extraDomainNames = [
|
||||||
"*.hartwin-hoyer.de"
|
"*.hartwin-hoyer.de"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"herward-hoyer.de" = {
|
|
||||||
extraDomainNames = [
|
|
||||||
"*.herward-hoyer.de"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"varlink.org" = {
|
"varlink.org" = {
|
||||||
extraDomainNames = [
|
extraDomainNames = [
|
||||||
"*.varlink.org"
|
"*.varlink.org"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
"meike-hoyer.de" = { };
|
|
||||||
|
|
||||||
"hoyer.xyz" = {
|
|
||||||
extraDomainNames = [
|
|
||||||
"*.hoyer.xyz"
|
|
||||||
"*.harald.hoyer.xyz"
|
|
||||||
"*.hartwin.hoyer.xyz"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"hoyer.world" = {
|
|
||||||
extraDomainNames = [
|
|
||||||
"*.hoyer.world"
|
|
||||||
"*.harald.hoyer.world"
|
|
||||||
"*.hartwin.hoyer.world"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"hoyer.social" = {
|
|
||||||
extraDomainNames = [
|
|
||||||
"*.hoyer.social"
|
|
||||||
"*.harald.hoyer.social"
|
|
||||||
"*.hartwin.hoyer.social"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"hoyer.photos" = {
|
|
||||||
extraDomainNames = [
|
|
||||||
"*.hoyer.photos"
|
|
||||||
"*.harald.hoyer.photos"
|
|
||||||
"*.hartwin.hoyer.photos"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
"harald-hoyer.de" = {
|
|
||||||
extraDomainNames = [
|
|
||||||
"*.harald-hoyer.de"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,56 +0,0 @@
|
||||||
{ pkgs, lib, config, ... }:
|
|
||||||
{
|
|
||||||
sops.secrets."coturn/static-auth-secret" = {
|
|
||||||
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
|
|
||||||
restartUnits = [ "coturn.service" ];
|
|
||||||
owner = "turnserver";
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall =
|
|
||||||
let
|
|
||||||
range = with config.services.coturn; [{
|
|
||||||
from = min-port;
|
|
||||||
to = max-port;
|
|
||||||
}];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
allowedUDPPortRanges = range;
|
|
||||||
allowedTCPPorts = [ 3478 3479 5349 ];
|
|
||||||
allowedUDPPorts = [ 3478 3479 5349 ];
|
|
||||||
};
|
|
||||||
|
|
||||||
# get a certificate
|
|
||||||
security.acme.certs.${config.services.coturn.realm} = {
|
|
||||||
/* insert here the right configuration to obtain a certificate */
|
|
||||||
postRun = "systemctl restart coturn.service";
|
|
||||||
group = "turnserver";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.coturn = rec {
|
|
||||||
enable = true;
|
|
||||||
realm = "turn.hoyer.xyz";
|
|
||||||
static-auth-secret-file = config.sops.secrets."coturn/static-auth-secret".path;
|
|
||||||
use-auth-secret = true;
|
|
||||||
lt-cred-mech = true;
|
|
||||||
min-port = 49000;
|
|
||||||
max-port = 50000;
|
|
||||||
no-cli = true;
|
|
||||||
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
|
|
||||||
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
|
|
||||||
extraConfig = ''
|
|
||||||
fingerprint
|
|
||||||
total-quota=100
|
|
||||||
bps-capacity=0
|
|
||||||
stale-nonce=600
|
|
||||||
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
|
|
||||||
no-loopback-peers
|
|
||||||
no-multicast-peers
|
|
||||||
no-tlsv1
|
|
||||||
no-tlsv1_1
|
|
||||||
# strongly encouraged options to decrease amplification attacks
|
|
||||||
no-rfc5780
|
|
||||||
no-stun-backward-compatibility
|
|
||||||
response-origin-only-with-rfc5780
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -3,7 +3,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./rspamd.nix
|
./rspamd.nix
|
||||||
# ./goaccess.nix
|
./goaccess.nix
|
||||||
./nextcloud.nix
|
./nextcloud.nix
|
||||||
./backup.nix
|
./backup.nix
|
||||||
./users.nix
|
./users.nix
|
||||||
|
@ -13,7 +13,6 @@
|
||||||
./forgejo.nix
|
./forgejo.nix
|
||||||
./nginx.nix
|
./nginx.nix
|
||||||
./network.nix
|
./network.nix
|
||||||
./coturn.nix
|
|
||||||
];
|
];
|
||||||
|
|
||||||
metacfg = {
|
metacfg = {
|
||||||
|
@ -36,13 +35,6 @@
|
||||||
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
||||||
};
|
};
|
||||||
|
|
||||||
nix.gc = {
|
|
||||||
dates = "daily";
|
|
||||||
options = "--delete-older-than 7d";
|
|
||||||
};
|
|
||||||
|
|
||||||
programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
age
|
age
|
||||||
apacheHttpd # for mkpasswd
|
apacheHttpd # for mkpasswd
|
||||||
|
|
|
@ -51,25 +51,4 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."forgejo-runner-token" = {
|
|
||||||
sopsFile = ../../../.secrets/hetzner/forgejo-runner-token.yaml; # bring your own password file
|
|
||||||
};
|
|
||||||
|
|
||||||
services.gitea-actions-runner = {
|
|
||||||
package = pkgs.forgejo-actions-runner;
|
|
||||||
instances.default = {
|
|
||||||
enable = true;
|
|
||||||
name = "base";
|
|
||||||
url = "https://git.hoyer.xyz";
|
|
||||||
tokenFile = config.sops.secrets.forgejo-runner-token.path;
|
|
||||||
settings.container.network = "host";
|
|
||||||
labels = [
|
|
||||||
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
|
||||||
"ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
|
|
||||||
"ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
|
|
||||||
"nix:docker://git.hoyer.xyz/harald/nix-runner:latest"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,4 +39,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [{ device = "/swapfile"; }];
|
swapDevices = [{ device = "/swapfile"; }];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,13 +5,12 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
fqdn = "mx.surfsite.org";
|
fqdn = "mx.surfsite.org";
|
||||||
sendingFqdn = "mx.surfsite.org";
|
sendingFqdn = "mx.surfsite.org";
|
||||||
certificateScheme = "acme";
|
|
||||||
acmeCertificateName = "surfsite.org";
|
|
||||||
domains = [
|
domains = [
|
||||||
"harald-hoyer.de"
|
"harald-hoyer.de"
|
||||||
"hartwin-hoyer.de"
|
"hartwin-hoyer.de"
|
||||||
"herward-hoyer.de"
|
"herward-hoyer.de"
|
||||||
"meike-hoyer.de"
|
"meike-knutz.de"
|
||||||
|
"gerlinde-hoyer.de"
|
||||||
|
|
||||||
"hoyer.xyz"
|
"hoyer.xyz"
|
||||||
"nc.hoyer.xyz"
|
"nc.hoyer.xyz"
|
||||||
|
@ -19,6 +18,7 @@
|
||||||
|
|
||||||
"varlink.org"
|
"varlink.org"
|
||||||
"surfsite.org"
|
"surfsite.org"
|
||||||
|
"myprivacy.tools"
|
||||||
"hoyer.social"
|
"hoyer.social"
|
||||||
"hoyer.world"
|
"hoyer.world"
|
||||||
"hoyer.photos"
|
"hoyer.photos"
|
||||||
|
@ -55,90 +55,73 @@
|
||||||
hashedPasswordFile = "/ubzr/unenyq/frpergf/zu@ublre.klm";
|
hashedPasswordFile = "/ubzr/unenyq/frpergf/zu@ublre.klm";
|
||||||
aliases = [
|
aliases = [
|
||||||
"zrvxr@unenyq-ublre.qr"
|
"zrvxr@unenyq-ublre.qr"
|
||||||
"zrvxr@ublre.fbpvny"
|
"zrvxr@zrvxr-xahgm.qr"
|
||||||
"zrvxr@ublre.jbeyq"
|
"zrvxr.ublre@zrvxr-xahgm.qr"
|
||||||
"zrvxr@ublre.klm"
|
"zrvxr@ublre.klm"
|
||||||
"zrvxr@zrvxr-ublre.qr"
|
|
||||||
"zrvxr@ap.ublre.klm"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"nyrk@ublre.klm" = {
|
"nyrk@ublre.klm" = {
|
||||||
hashedPasswordFile = "/home/hartwin/secrets/alex-mail";
|
hashedPasswordFile = "/home/hartwin/secrets/alex-mail";
|
||||||
aliases = [
|
aliases = [
|
||||||
"nyrk.ublre@unegjva-ublre.qr"
|
|
||||||
"nyrk.ublre@fhesfvgr.bet"
|
|
||||||
"nyrk@unegjva-ublre.qr"
|
"nyrk@unegjva-ublre.qr"
|
||||||
"nyrk@ublre.fbpvny"
|
"nyrk.ublre@unegjva-ublre.qr"
|
||||||
"nyrk@ublre.jbeyq"
|
|
||||||
"nyrk@fhesfvgr.bet"
|
"nyrk@fhesfvgr.bet"
|
||||||
"nyrknaqre@ublre.fbpvny"
|
"nyrk.ublre@fhesfvgr.bet"
|
||||||
"nyrknaqre@ublre.jbeyq"
|
|
||||||
"nyrknaqre@ublre.klm"
|
"nyrknaqre@ublre.klm"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"wna@ublre.klm" = {
|
"wna@ublre.klm" = {
|
||||||
hashedPasswordFile = "/home/hartwin/secrets/jan-mail";
|
hashedPasswordFile = "/home/hartwin/secrets/jan-mail";
|
||||||
aliases = [
|
aliases = [
|
||||||
"wna.ublre@unegjva-ublre.qr"
|
|
||||||
"wna.ublre@fhesfvgr.bet"
|
|
||||||
"wna@unegjva-ublre.qr"
|
"wna@unegjva-ublre.qr"
|
||||||
"wna@ublre.fbpvny"
|
"wna.ublre@unegjva-ublre.qr"
|
||||||
"wna@ublre.jbeyq"
|
|
||||||
"wna@fhesfvgr.bet"
|
"wna@fhesfvgr.bet"
|
||||||
|
"wna.ublre@fhesfvgr.bet"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"unaanu@ublre.klm" = {
|
"unaanu@ublre.klm" = {
|
||||||
hashedPasswordFile = "/home/hartwin/secrets/hannah-mail";
|
hashedPasswordFile = "/home/hartwin/secrets/hannah-mail";
|
||||||
aliases = [
|
aliases = [
|
||||||
"unaanu.ublre@unegjva-ublre.qr"
|
|
||||||
"unaanu.ublre@fhesfvgr.bet"
|
|
||||||
"unaanu@unegjva-ublre.qr"
|
"unaanu@unegjva-ublre.qr"
|
||||||
"unaanu@ublre.fbpvny"
|
"unaanu.ublre@unegjva-ublre.qr"
|
||||||
"unaanu@ublre.jbeyq"
|
|
||||||
"unaanu@fhesfvgr.bet"
|
"unaanu@fhesfvgr.bet"
|
||||||
|
"unaanu.ublre@fhesfvgr.bet"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"fgrssv@ublre.klm" = {
|
"fgrssv@ublre.klm" = {
|
||||||
hashedPasswordFile = "/home/hartwin/secrets/steffi-mail";
|
hashedPasswordFile = "/home/hartwin/secrets/steffi-mail";
|
||||||
aliases = [
|
aliases = [
|
||||||
"fgrsnavr.ublre@ublre.klm"
|
|
||||||
"fgrsnavr.ublre@fhesfvgr.bet"
|
|
||||||
"fgrsnavr@ublre.fbpvny"
|
|
||||||
"fgrsnavr@ublre.jbeyq"
|
|
||||||
"fgrsnavr@ublre.klm"
|
|
||||||
"fgrsnavrublre@fhesfvgr.bet"
|
|
||||||
"fgrssv@fhesfvgr.bet"
|
"fgrssv@fhesfvgr.bet"
|
||||||
|
"fgrsnavrublre@fhesfvgr.bet"
|
||||||
|
"fgrsnavr.ublre@fhesfvgr.bet"
|
||||||
|
"fgrsnavr.ublre@ublre.klm"
|
||||||
|
"fgrsnavr@ublre.klm"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"unegjva@ublre.klm" = {
|
"unegjva@ublre.klm" = {
|
||||||
hashedPasswordFile = "/home/hartwin/secrets/hartwin-mail";
|
hashedPasswordFile = "/home/hartwin/secrets/hartwin-mail";
|
||||||
aliases = [
|
aliases = [
|
||||||
"unegjva.ublre@unegjva-ublre.qr"
|
"unegjva.ublre@unegjva-ublre.qr"
|
||||||
"unegjva@unegjva-ublre.qr"
|
|
||||||
"unegjva@ublre.cubgbf"
|
|
||||||
"unegjva@ublre.fbpvny"
|
|
||||||
"unegjva@ublre.jbeyq"
|
|
||||||
"unegjva@ap.ublre.klm"
|
|
||||||
"znvy@unegjva-ublre.qr"
|
"znvy@unegjva-ublre.qr"
|
||||||
"jroznfgre@unegjva.ublre.cubgbf"
|
"unegjva@unegjva-ublre.qr"
|
||||||
"jroznfgre@unegjva.ublre.klm"
|
|
||||||
"lbhghor@unegjva-ublre.qr"
|
"lbhghor@unegjva-ublre.qr"
|
||||||
|
"unegjva@ap.ublre.klm"
|
||||||
|
"unegjva@ublre.cubgbf"
|
||||||
|
"jroznfgre@unegjva.ublre.cubgbf"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"uublre@urejneq-ublre.qr" = {
|
"uublre@urejneq-ublre.qr" = {
|
||||||
hashedPasswordFile = "/home/hhoyer/secrets/hhoyer-mail";
|
hashedPasswordFile = "/home/hhoyer/secrets/hhoyer-mail";
|
||||||
aliases = [
|
aliases = [
|
||||||
"thn808@urejneq-ublre.qr"
|
|
||||||
"urejneq.ublre@urejneq-ublre.qr"
|
|
||||||
"urejneq@urejneq-ublre.qr"
|
"urejneq@urejneq-ublre.qr"
|
||||||
"urejneq@ublre.fbpvny"
|
"urejneq@if189018.ifreire.qr"
|
||||||
"urejneq@ublre.jbeyq"
|
"thn808@urejneq-ublre.qr"
|
||||||
|
"znvy@urejneq-ublre.qr"
|
||||||
|
"urejneq.ublre@urejneq-ublre.qr"
|
||||||
|
"uublre@fhesfvgr.bet"
|
||||||
|
"uublre@ublre.klm"
|
||||||
"urejneq@ublre.klm"
|
"urejneq@ublre.klm"
|
||||||
"urejneq@ap.ublre.klm"
|
"urejneq@ap.ublre.klm"
|
||||||
"urejneq@if189018.ifreire.qr"
|
|
||||||
"uublre@ublre.klm"
|
|
||||||
"uublre@fhesfvgr.bet"
|
|
||||||
"znvy@urejneq-ublre.qr"
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
"unenyq@ublre.klm" = {
|
"unenyq@ublre.klm" = {
|
||||||
|
@ -149,12 +132,14 @@
|
||||||
|
|
||||||
"nohfr@zk.fhesfvgr.bet"
|
"nohfr@zk.fhesfvgr.bet"
|
||||||
"nohfr@fhesfvgr.bet"
|
"nohfr@fhesfvgr.bet"
|
||||||
"nohfr@zrvxr-ublre.qr"
|
|
||||||
"nohfr@unegjva-ublre.qr"
|
"nohfr@unegjva-ublre.qr"
|
||||||
"nohfr@urejneq-ublre.qr"
|
"nohfr@urejneq-ublre.qr"
|
||||||
|
"nohfr@zrvxr-xahgm.qr"
|
||||||
|
"nohfr@treyvaqr-ublre.qr"
|
||||||
"nohfr@ublre.klm"
|
"nohfr@ublre.klm"
|
||||||
"nohfr@unenyq.ublre.klm"
|
"nohfr@unenyq.ublre.klm"
|
||||||
"nohfr@ineyvax.bet"
|
"nohfr@ineyvax.bet"
|
||||||
|
"nohfr@zlcevinpl.gbbyf"
|
||||||
"nohfr@ublre.fbpvny"
|
"nohfr@ublre.fbpvny"
|
||||||
"nohfr@ublre.jbeyq"
|
"nohfr@ublre.jbeyq"
|
||||||
"nohfr@ublre.cubgbf"
|
"nohfr@ublre.cubgbf"
|
||||||
|
@ -163,10 +148,12 @@
|
||||||
"cbfgznfgre@fhesfvgr.bet"
|
"cbfgznfgre@fhesfvgr.bet"
|
||||||
"cbfgznfgre@unegjva-ublre.qr"
|
"cbfgznfgre@unegjva-ublre.qr"
|
||||||
"cbfgznfgre@urejneq-ublre.qr"
|
"cbfgznfgre@urejneq-ublre.qr"
|
||||||
"cbfgznfgre@zrvxr-ublre.qr"
|
"cbfgznfgre@zrvxr-xahgm.qr"
|
||||||
|
"cbfgznfgre@treyvaqr-ublre.qr"
|
||||||
"cbfgznfgre@ublre.klm"
|
"cbfgznfgre@ublre.klm"
|
||||||
"cbfgznfgre@unenyq.ublre.klm"
|
"cbfgznfgre@unenyq.ublre.klm"
|
||||||
"cbfgznfgre@ineyvax.bet"
|
"cbfgznfgre@ineyvax.bet"
|
||||||
|
"cbfgznfgre@zlcevinpl.gbbyf"
|
||||||
"cbfgznfgre@ublre.fbpvny"
|
"cbfgznfgre@ublre.fbpvny"
|
||||||
"cbfgznfgre@ublre.jbeyq"
|
"cbfgznfgre@ublre.jbeyq"
|
||||||
"cbfgznfgre@ublre.cubgbf"
|
"cbfgznfgre@ublre.cubgbf"
|
||||||
|
@ -175,6 +162,7 @@
|
||||||
"jroznfgre@fhesfvgr.bet"
|
"jroznfgre@fhesfvgr.bet"
|
||||||
"jroznfgre@unenyq.ublre.klm"
|
"jroznfgre@unenyq.ublre.klm"
|
||||||
"jroznfgre@ineyvax.bet"
|
"jroznfgre@ineyvax.bet"
|
||||||
|
"jroznfgre@zlcevinpl.gbbyf"
|
||||||
"jroznfgre@ublre.fbpvny"
|
"jroznfgre@ublre.fbpvny"
|
||||||
"jroznfgre@ublre.jbeyq"
|
"jroznfgre@ublre.jbeyq"
|
||||||
"jroznfgre@ublre.cubgbf"
|
"jroznfgre@ublre.cubgbf"
|
||||||
|
@ -192,10 +180,10 @@
|
||||||
"unenyq@ublre.klm"
|
"unenyq@ublre.klm"
|
||||||
"unenyq@ap.ublre.klm"
|
"unenyq@ap.ublre.klm"
|
||||||
"unenyq@ineyvax.bet"
|
"unenyq@ineyvax.bet"
|
||||||
|
"unenyq@zlcevinpl.gbbyf"
|
||||||
"unenyq@ublre.jbeyq"
|
"unenyq@ublre.jbeyq"
|
||||||
"unenyq@ublre.fbpvny"
|
"unenyq@ublre.fbpvny"
|
||||||
"unenyq@ublre.cubgbf"
|
"unenyq@ublre.cubgbf"
|
||||||
"unenyq@zrvxr-ublre.qr"
|
|
||||||
|
|
||||||
"@unenyq.ublre.klm"
|
"@unenyq.ublre.klm"
|
||||||
"@unenyq-ublre.qr"
|
"@unenyq-ublre.qr"
|
||||||
|
@ -226,6 +214,7 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
certificateScheme = "acme";
|
||||||
};
|
};
|
||||||
|
|
||||||
services.roundcube = {
|
services.roundcube = {
|
||||||
|
|
|
@ -2,19 +2,17 @@
|
||||||
{
|
{
|
||||||
systemd.services."nextcloud-setup".requires = [ "postgresql.service" ];
|
systemd.services."nextcloud-setup".requires = [ "postgresql.service" ];
|
||||||
systemd.services."nextcloud-setup".after = [ "postgresql.service" ];
|
systemd.services."nextcloud-setup".after = [ "postgresql.service" ];
|
||||||
environment.systemPackages = with pkgs; [ ffmpeg ];
|
|
||||||
|
|
||||||
environment.etc."nextcloud-admin-pass".text = "test123";
|
environment.etc."nextcloud-admin-pass".text = "test123";
|
||||||
services.nextcloud = {
|
services.nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nextcloud29;
|
package = pkgs.nextcloud28;
|
||||||
hostName = "nc.hoyer.xyz";
|
hostName = "nc.hoyer.xyz";
|
||||||
https = true;
|
https = true;
|
||||||
configureRedis = true;
|
configureRedis = true;
|
||||||
settings = {
|
extraOptions = {
|
||||||
mail_smtpmode = "sendmail";
|
mail_smtpmode = "sendmail";
|
||||||
mail_sendmailmode = "pipe";
|
mail_sendmailmode = "pipe";
|
||||||
default_phone_region = "DE";
|
|
||||||
};
|
};
|
||||||
phpOptions = {
|
phpOptions = {
|
||||||
upload_max_filesize = lib.mkForce "1G";
|
upload_max_filesize = lib.mkForce "1G";
|
||||||
|
@ -22,26 +20,10 @@
|
||||||
"opcache.interned_strings_buffer" = "16";
|
"opcache.interned_strings_buffer" = "16";
|
||||||
};
|
};
|
||||||
config.adminpassFile = "/etc/nextcloud-admin-pass";
|
config.adminpassFile = "/etc/nextcloud-admin-pass";
|
||||||
|
config.defaultPhoneRegion = "DE";
|
||||||
config.dbtype = "pgsql";
|
config.dbtype = "pgsql";
|
||||||
config.dbname = "nextcloud";
|
config.dbname = "nextcloud";
|
||||||
config.dbhost = "/run/postgresql";
|
config.dbhost = "/run/postgresql";
|
||||||
config.dbuser = "nextcloud";
|
config.dbuser = "nextcloud";
|
||||||
extraOptions.enabledPreviewProviders = [
|
|
||||||
"OC\\Preview\\BMP"
|
|
||||||
"OC\\Preview\\GIF"
|
|
||||||
"OC\\Preview\\HEIC"
|
|
||||||
"OC\\Preview\\JPEG"
|
|
||||||
"OC\\Preview\\Krita"
|
|
||||||
"OC\\Preview\\MP3"
|
|
||||||
"OC\\Preview\\MP4"
|
|
||||||
"OC\\Preview\\MarkDown"
|
|
||||||
"OC\\Preview\\Movie"
|
|
||||||
"OC\\Preview\\OpenDocument"
|
|
||||||
"OC\\Preview\\PDF"
|
|
||||||
"OC\\Preview\\PNG"
|
|
||||||
"OC\\Preview\\TXT"
|
|
||||||
"OC\\Preview\\WEBP"
|
|
||||||
"OC\\Preview\\XBitmap"
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
users.users.nginx.extraGroups = [ "acme" ];
|
users.users.nginx.extraGroups = [ "acme" ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
clientMaxBodySize = "1000M";
|
|
||||||
appendHttpConfig = ''
|
appendHttpConfig = ''
|
||||||
log_format vcombined '$host:$server_port '
|
log_format vcombined '$host:$server_port '
|
||||||
'$remote_addr - $remote_user [$time_local] '
|
'$remote_addr - $remote_user [$time_local] '
|
||||||
|
|
|
@ -1,36 +1,34 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }:
|
||||||
let
|
|
||||||
domains = ''
|
|
||||||
epicgames.com
|
|
||||||
dmail.ai
|
|
||||||
twitter.com
|
|
||||||
x.com
|
|
||||||
gmx.de
|
|
||||||
chess.com
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
services.rspamd.workers.controller.bindSockets = [{
|
services.rspamd.workers.controller.bindSockets = [{
|
||||||
socket = "/run/rspamd/worker-controller.sock";
|
socket = "/run/rspamd/worker-controller.sock";
|
||||||
mode = "0660";
|
mode = "0660";
|
||||||
}];
|
}];
|
||||||
services.rspamd.locals = {
|
services.rspamd.locals = {
|
||||||
"settings.conf".text = ''
|
"maps.d/spf_whitelist.inc.local" = {
|
||||||
bogenschiessen {
|
text = ''
|
||||||
from = "bogensport-jugend@gmx.de";
|
epicgames.com
|
||||||
apply {
|
dmail.ai
|
||||||
actions {
|
|
||||||
reject = 100.0;
|
|
||||||
greylist = null; # Disable greylisting (from 1.8.1)
|
|
||||||
"add header" = 100.0; # Please note the space, NOT an underscore
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
'';
|
||||||
"maps.d/spf_whitelist.inc.local".text = domains;
|
};
|
||||||
"maps.d/spf_dkim_whitelist.inc.local".text = domains;
|
"maps.d/spf_dkim_whitelist.inc.local" = {
|
||||||
"maps.d/dmarc_whitelist.inc.local".text = domains;
|
text = ''
|
||||||
"greylist-whitelist-domains.inc".text = domains;
|
epicgames.com
|
||||||
|
dmail.ai
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"maps.d/dmarc_whitelist.inc.local" = {
|
||||||
|
text = ''
|
||||||
|
epicgames.com
|
||||||
|
dmail.ai
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"greylist-whitelist-domains.inc" = {
|
||||||
|
text = ''
|
||||||
|
dmail.ai
|
||||||
|
epicgames.com
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
services.rspamd.extraConfig = ''
|
services.rspamd.extraConfig = ''
|
||||||
actions {
|
actions {
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
{ pkgs, lib, config, ... }:
|
|
||||||
{
|
|
||||||
services.postgresql = {
|
|
||||||
enable = true;
|
|
||||||
ensureDatabases = [ "attic" ];
|
|
||||||
ensureUsers = [{ name = "atticd"; }];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
|
||||||
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
|
|
||||||
'';
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
attic-client
|
|
||||||
];
|
|
||||||
services.atticd = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
# Replace with absolute path to your credentials file
|
|
||||||
credentialsFile = "/etc/atticd.env";
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
api-endpoint = "https://attic.teepot.org/";
|
|
||||||
|
|
||||||
garbage-collection.default-retention-period = "3 months";
|
|
||||||
|
|
||||||
database.url = "postgresql:///attic?host=/run/postgresql";
|
|
||||||
|
|
||||||
listen = "[::]:8080";
|
|
||||||
|
|
||||||
# Data chunking
|
|
||||||
#
|
|
||||||
# Warning: If you change any of the values here, it will be
|
|
||||||
# difficult to reuse existing chunks for newly-uploaded NARs
|
|
||||||
# since the cutpoints will be different. As a result, the
|
|
||||||
# deduplication ratio will suffer for a while after the change.
|
|
||||||
chunking = {
|
|
||||||
# The minimum NAR size to trigger chunking
|
|
||||||
#
|
|
||||||
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
|
||||||
# If 1, all NARs are chunked.
|
|
||||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
|
||||||
|
|
||||||
# The preferred minimum size of a chunk, in bytes
|
|
||||||
min-size = 16 * 1024; # 16 KiB
|
|
||||||
|
|
||||||
# The preferred average size of a chunk, in bytes
|
|
||||||
avg-size = 64 * 1024; # 64 KiB
|
|
||||||
|
|
||||||
# The preferred maximum size of a chunk, in bytes
|
|
||||||
max-size = 256 * 1024; # 256 KiB
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,36 +0,0 @@
|
||||||
{ pkgs, lib, config, ... }:
|
|
||||||
with lib;
|
|
||||||
with lib.metacfg;
|
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
./atticd.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
metacfg = {
|
|
||||||
base.enable = true;
|
|
||||||
nix.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation = {
|
|
||||||
docker.enable = true;
|
|
||||||
podman.dockerCompat = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
system.autoUpgrade = {
|
|
||||||
enable = true;
|
|
||||||
operation = "switch";
|
|
||||||
allowReboot = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security.tpm2.enable = false;
|
|
||||||
security.tpm2.abrmd.enable = false;
|
|
||||||
|
|
||||||
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
|
||||||
networking.firewall.allowedTCPPorts = [ 8080 ];
|
|
||||||
networking.firewall.allowPing = true;
|
|
||||||
|
|
||||||
powerManagement.cpuFreqGovernor = "ondemand";
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
}
|
|
|
@ -1,41 +0,0 @@
|
||||||
# USAGE in your configuration.nix.
|
|
||||||
# Update devices to match your hardware.
|
|
||||||
# {
|
|
||||||
# imports = [ ./disko-config.nix ];
|
|
||||||
# disko.devices.disk.main.device = "/dev/sda";
|
|
||||||
# }
|
|
||||||
{
|
|
||||||
config.disko.devices = {
|
|
||||||
disk = {
|
|
||||||
main = {
|
|
||||||
type = "disk";
|
|
||||||
content = {
|
|
||||||
type = "gpt";
|
|
||||||
partitions = {
|
|
||||||
boot = {
|
|
||||||
size = "1M";
|
|
||||||
type = "EF02"; # for grub MBR
|
|
||||||
};
|
|
||||||
ESP = {
|
|
||||||
size = "1G";
|
|
||||||
type = "EF00";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "vfat";
|
|
||||||
mountpoint = "/boot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
size = "100%";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "ext4";
|
|
||||||
mountpoint = "/";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
|
||||||
# and may be overwritten by future invocations. Please make changes
|
|
||||||
# to /etc/nixos/configuration.nix instead.
|
|
||||||
{ config, lib, pkgs, modulesPath, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[
|
|
||||||
./disko.nix
|
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
];
|
|
||||||
disko.devices.disk.main.device = "/dev/vda";
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
|
|
||||||
boot.initrd.kernelModules = [ ];
|
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
|
||||||
boot.extraModulePackages = [ ];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
|
||||||
# still possible to use this option, but it's recommended to use it in conjunction
|
|
||||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
|
||||||
networking.useDHCP = lib.mkDefault true;
|
|
||||||
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
}
|
|
|
@ -2,9 +2,7 @@
|
||||||
with lib;
|
with lib;
|
||||||
with lib.metacfg;
|
with lib.metacfg;
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [ ./hardware-configuration.nix ];
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
|
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
|
||||||
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
||||||
|
@ -52,8 +50,6 @@ with lib.metacfg;
|
||||||
|
|
||||||
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
networking.firewall.allowPing = true;
|
|
||||||
|
|
||||||
powerManagement.cpuFreqGovernor = "ondemand";
|
powerManagement.cpuFreqGovernor = "ondemand";
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
|
|
@ -72,14 +72,4 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
|
||||||
syncthing = {
|
|
||||||
enable = true;
|
|
||||||
user = "harald";
|
|
||||||
dataDir = "/mnt/raid/Qmultimedia/syncthing"; # Default folder for new synced folders
|
|
||||||
configDir = "/mnt/raid/Qmultimedia/syncthing/.config/syncthing"; # Folder for Syncthing's settings and keys
|
|
||||||
guiAddress = "0.0.0.0:8384";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -37,7 +37,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ];
|
networking.firewall.allowedTCPPorts = [ 548 ];
|
||||||
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
|
|
||||||
networking.firewall.allowPing = true;
|
networking.firewall.allowPing = true;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,6 @@
|
||||||
nix.enable = true;
|
nix.enable = true;
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
secureboot.enable = true;
|
secureboot.enable = true;
|
||||||
homeprinter.enable = true;
|
|
||||||
user.extraGroups = [ "docker" "dialout" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
system.autoUpgrade = {
|
system.autoUpgrade = {
|
||||||
|
@ -21,9 +19,6 @@
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
|
||||||
services.resolved.enable = true;
|
|
||||||
services.resolved.dnssec = "allow-downgrade";
|
|
||||||
|
|
||||||
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
|
||||||
sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
|
sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
|
||||||
sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
|
sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
|
||||||
|
@ -39,4 +34,5 @@
|
||||||
bits = 4096;
|
bits = 4096;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,7 +28,6 @@
|
||||||
"uas"
|
"uas"
|
||||||
];
|
];
|
||||||
boot.initrd.kernelModules = [ ];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
|
||||||
boot.kernelParams = [
|
boot.kernelParams = [
|
||||||
"lockdown=confidentiality"
|
"lockdown=confidentiality"
|
||||||
"intel_iommu=on"
|
"intel_iommu=on"
|
||||||
|
@ -80,9 +79,9 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
console.keyMap = "de-latin1-nodeadkeys";
|
console.keyMap = "de-latin1-nodeadkeys";
|
||||||
services.xserver.xkb = {
|
services.xserver = {
|
||||||
layout = "de,de+us";
|
layout = "de";
|
||||||
variant = "nodeadkeys,";
|
xkbVariant = "nodeadkeys";
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
|
|
@ -11,28 +11,9 @@ with lib.metacfg;
|
||||||
nix.enable = true;
|
nix.enable = true;
|
||||||
podman.enable = true;
|
podman.enable = true;
|
||||||
secureboot.enable = true;
|
secureboot.enable = true;
|
||||||
homeprinter.enable = true;
|
user.extraGroups = [ "docker" ];
|
||||||
user.extraGroups = [ "docker" "dialout" ];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
azure-cli
|
|
||||||
cloudflare-warp
|
|
||||||
desktop-file-utils
|
|
||||||
kubectl
|
|
||||||
kubectx
|
|
||||||
k9s
|
|
||||||
attic-client
|
|
||||||
];
|
|
||||||
|
|
||||||
services.resolved.enable = true;
|
|
||||||
services.resolved.dnssec = "allow-downgrade";
|
|
||||||
services.resolved.extraConfig = ''
|
|
||||||
ResolveUnicastSingleLabel=yes
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
|
|
||||||
|
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
docker.enable = true;
|
docker.enable = true;
|
||||||
libvirtd.enable = true;
|
libvirtd.enable = true;
|
||||||
|
@ -45,7 +26,5 @@ with lib.metacfg;
|
||||||
allowReboot = false;
|
allowReboot = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.trezord.enable = true;
|
|
||||||
|
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,15 +31,8 @@
|
||||||
options = [ "subvol=@" ];
|
options = [ "subvol=@" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = {
|
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502".device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
|
||||||
device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
|
boot.initrd.luks.devices."luks-280f2e07-e5fc-478e-b7ee-445c99bea415".device = "/dev/disk/by-uuid/280f2e07-e5fc-478e-b7ee-445c99bea415";
|
||||||
allowDiscards = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."luks-280f2e07-e5fc-478e-b7ee-445c99bea415" = {
|
|
||||||
device = "/dev/disk/by-uuid/280f2e07-e5fc-478e-b7ee-445c99bea415";
|
|
||||||
allowDiscards = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
fileSystems."/boot" =
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue