harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: harald:main
Branches Tags
harald:main
harald:b24.05
..
compare: harald:b24.05
Branches Tags
harald:main
harald:b24.05

No commits in common. "main" and "b24.05" have entirely different histories.
main ... b24.05

44 changed files with 276 additions and 988 deletions
Show stats Expand all files Collapse all files

31
.secrets/hetzner/coturn.yaml
View file

@ -1,31 +0,0 @@
coturn:
static-auth-secret: ENC[AES256_GCM,data:cYYpG6x0/7aaxCv+d5BYQqgEcEGz2U98CaECHjB5IJMZulcfuS7YimY6eaDqmd+JWqUynin2yA+puCKDNm+aEw==,iv:w5YWMucPSVNZSnJ6n3sjF+McIYN6Mz+wsLkl0J0h2bE=,tag:aO9jBxHfYWMAXH/0KQC1pQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaDFlMEYxM1B0QTBCblkv
dnlxR1pXZDZOamZhbXp4cW9QelFUNDY0alZ3CmJtZmU2YVpzMFh6eXhQWngwQXlz
VW5IK3B1MnBZWjR2cmZGRjByNmVOSnMKLS0tIFBpMUZIcDFJbU5DYzZKdzlyVmgy
c285MmZINC9TOFdEcWpjaEFnWnhuMnMKniLkzEuEBOcrGVVk3z93VtAzYKkud5nB
lhNhqW7KbvXC05u20yPtYpD8z6pH4iulPG+yyvhahWBmc7gdgTZKdQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNHYrVlJqeXVqQ0kzajlk
RmZ4SzRWOTlaUlpSV1dnM1VSQ25XTk1ydW5zCkgwcVhvVGhsdW5UNHdBVkkxQkdv
bXJVZjRSTzY5MjhoeXMzYlZqb1IrUGcKLS0tIHV6Y1AyV1hKZGdRZENEMlNlTlYw
WHRNMTY0WGVVWG1icFdqYVp1b2ZkR00KM5C2+YE99mWkIwaCLuGrdyymT7ujaxv4
MBU2TP2gYsN6bzt+LvyRC2OiOQcJ/2HgGimwK4FB5Y7L+uWiQIMpKA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-17T08:21:45Z"
mac: ENC[AES256_GCM,data:A8p487vIXqxZAaD9Gmr7DcU3BkRVPvJDpUtK1xgCrJzmPYko6E6eL+n4LY90JSDOPG6ab3ns4URjnE34tL+QG3/M2viw6LvrYRbfAyubwnkYUX0QWXa+x3XMCuqKv0gY7npW9dZXgUJQx6KIB5jKNiLP9CeCyFz0C0FQI34DGwI=,iv:k7kKcmaM5IBFl4Ickl+YKBfOPdqAFtmps5rgTMSFjmw=,tag:NVATG1TG9MS//ZAxdYOAXQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

30
.secrets/hetzner/forgejo-runner-token.yaml
View file

@ -1,30 +0,0 @@
forgejo-runner-token: ENC[AES256_GCM,data:nq8a/AQysWPehS7vuj4rpjxdoZWLqohvMjtu9hrQLbsrrOoJg/ZECsIQHQMbWPo=,iv:hComE0xi4SpeWgRMAtLY8rAHtlcY1/sF0gk7nMCqTME=,tag:YRIeWy0dFcM66giOTOFd3A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOUVxRXduVWhjNHdnZCtH
U0VLWE01VkJaWmNDUzE1bmorRDN5RWNwTnhJClRkcDNzb1U2MzZ3TDhXSnI4Z252
a1A0dzQ5eUlScDhhYjl6WEdnYnlxUm8KLS0tIDczaXlvcDVwUzdQY1h6a01QM2p6
T3FBVWJqaHQwVnIrNFVsWVBub2djMG8KsbZb43UkVe1Up0O15UTC/PdsEkwwOnVW
9P4AGO097HfTLkAjKJHx5QYF02dJ+4xb6rgzUYt9Nr8h8+GD0xRAfQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdlhZbDhqamNGU2QrZDN5
MlY5RFgrV3NJUk1PYWJLSnpCZjhiTUF5b0RrCmRHV0JnYlBmL2p0WE9UTzJUcVhK
dkhiYlJtYWtDN0lseHRCNTUzb252TmsKLS0tIGZKbjA3dkVwcnZNK2djV1BvSkJo
a09FM1ZqSWdsdytjdVFCanVldHVoWUUKyy/LXNd/vZLdgXYXfloFkNviaddvrazw
4Z0bJ/fqGvRPlLkTUzZlhWKVXfZFGgo5nQSEvyphkIb6UCyd9VamnA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-27T11:07:00Z"
mac: ENC[AES256_GCM,data:A73eobLa3aPeHkW1scY/xWWejVnCcEPJW9Vnx03HzEhk8Gv2dYAA6Xvt7hXMTuYow4A2ixmAFjn5GltvvOo3dUgumvHBlf6Kt39bwumiNmLD4mcLAKGnL55hSFn0gInEL5xjiqvlIokbPZFJec7CsS2f8PsL52/cYe5u3aSsqmo=,iv:ch2quofqaCUT1EjsIoWAlQzswfxxAk/eTfjB2tWsAzg=,tag:BlNpCt9r6iZdzJASCWHThQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

21
README.md
View file

@ -1,29 +1,28 @@
Install a system via nixos-anywhere Install system via nixos-anywhere
```bash ```bash
$ nix run github:numtide/nixos-anywhere -- \ nix run github:numtide/nixos-anywhere -- \
--flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \ --flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519 root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
... enter disk password ... enter disk password
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15 ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
``` ```
nixos-rebuild remote git flake nixos-rebuild remote git flake
```bash ```bash
$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot sudo nixos-rebuild boot --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg
``` ```
on darwin
```bash
$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch
```
home-manager remote git flake home-manager remote git flake
```bash ```bash
$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg' switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'
``` ```
`command-not-found` unable to open database
```bash
sudo nix-channel --update
```

332
flake.lock
View file

@ -16,30 +16,6 @@
"type": "github" "type": "github"
} }
}, },
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1717279440,
"narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "717cc95983cdc357bc347d70be20ced21f935843",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"blobs": { "blobs": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -297,27 +273,6 @@
} }
}, },
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717025063,
"narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
"owner": "ipetkov",
"repo": "crane",
"rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
"lanzaboote", "lanzaboote",
@ -373,11 +328,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719128254, "lastModified": 1716993688,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=", "narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310", "rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -442,11 +397,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719451710, "lastModified": 1717378144,
"narHash": "sha256-h+bFEQHQ46pBkEsOXbxmmY6QNPPGrgpDbNlHtAKG49M=", "narHash": "sha256-gwx3rVXnt2jNxl8L2DybYv41fA8QhWVGebe932pa2nw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "8767dbf5d723b1b6834f4d09b217da7c31580d58", "rev": "39cd5a1fcd6d7a476eac2894b09122ead99f6efc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -569,22 +524,6 @@
} }
}, },
"flake-compat_3": { "flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1650374568, "lastModified": 1650374568,
@ -600,14 +539,14 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1668681692,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "009399224d5e398d03b22badca40a37ac85412a1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -616,7 +555,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_6": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1650374568, "lastModified": 1650374568,
@ -672,58 +611,6 @@
} }
}, },
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_5"
},
"locked": {
"lastModified": 1715533576,
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_6"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems"
}, },
@ -741,7 +628,43 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": { "flake-utils-plus": {
"inputs": {
"flake-utils": "flake-utils_4"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils-plus_2": {
"inputs": {
"flake-utils": "flake-utils_5"
},
"locked": {
"lastModified": 1696331477,
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
"type": "github"
},
"original": {
"owner": "gytis-ivaskevicius",
"repo": "flake-utils-plus",
"type": "github"
}
},
"flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
}, },
@ -759,7 +682,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": { "flake-utils_3": {
"locked": { "locked": {
"lastModified": 1659877975, "lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
@ -774,7 +697,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_5": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_5" "systems": "systems_5"
}, },
@ -792,9 +715,9 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_6": { "flake-utils_5": {
"inputs": { "inputs": {
"systems": "systems_7" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -935,11 +858,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1716736833,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1015,10 +938,10 @@
}, },
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -1265,7 +1188,7 @@
"elixir-tools": "elixir-tools", "elixir-tools": "elixir-tools",
"fidget-nvim": "fidget-nvim", "fidget-nvim": "fidget-nvim",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"flutter-tools": "flutter-tools", "flutter-tools": "flutter-tools",
"gesture-nvim": "gesture-nvim", "gesture-nvim": "gesture-nvim",
"gitsigns-nvim": "gitsigns-nvim", "gitsigns-nvim": "gitsigns-nvim",
@ -1404,18 +1327,33 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-24_05": { "nixpkgs-23_05": {
"locked": { "locked": {
"lastModified": 1717144377, "lastModified": 1704290814,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547", "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.05", "ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-23_11": {
"locked": {
"lastModified": 1706098335,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect" "type": "indirect"
} }
}, },
@ -1438,22 +1376,6 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1711460390,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1678872516, "lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
@ -1469,13 +1391,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1719099622, "lastModified": 1717265169,
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=", "narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924", "rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1519,11 +1441,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1722221733, "lastModified": 1717144377,
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=", "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12bf09802d77264e441f48e25459c10c93eada2e", "rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1535,16 +1457,16 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1719707984, "lastModified": 1710283656,
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", "narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042", "rev": "51063ed4f2343a59fdeebb279bb81d87d453942b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -1555,11 +1477,11 @@
"snowfall-lib": "snowfall-lib" "snowfall-lib": "snowfall-lib"
}, },
"locked": { "locked": {
"lastModified": 1721741092, "lastModified": 1716280284,
"narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=", "narHash": "sha256-rofvtPgaYEW01OnKsD3DJv2B2j9QovRTWbw8h5lGjkE=",
"owner": "matter-labs", "owner": "matter-labs",
"repo": "nixsgx", "repo": "nixsgx",
"rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6", "rev": "7151f63b1549b65633503f505df1e2a0b5ee844f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2080,7 +2002,7 @@
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1681413034, "lastModified": 1681413034,
@ -2150,7 +2072,6 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"attic": "attic",
"darwin": "darwin", "darwin": "darwin",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -2267,24 +2188,25 @@
"simple-nixos-mailserver": { "simple-nixos-mailserver": {
"inputs": { "inputs": {
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-24_05": "nixpkgs-24_05", "nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils_3" "utils": "utils_3"
}, },
"locked": { "locked": {
"lastModified": 1718084203, "lastModified": 1706219574,
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", "narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", "rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
"owner": "simple-nixos-mailserver", "owner": "simple-nixos-mailserver",
"ref": "nixos-24.05", "ref": "nixos-23.11",
"repo": "nixos-mailserver", "repo": "nixos-mailserver",
"type": "gitlab" "type": "gitlab"
} }
@ -2307,7 +2229,7 @@
}, },
"snowfall-lib": { "snowfall-lib": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"flake-utils-plus": "flake-utils-plus", "flake-utils-plus": "flake-utils-plus",
"nixpkgs": [ "nixpkgs": [
"nixsgx-flake", "nixsgx-flake",
@ -2315,11 +2237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719005984, "lastModified": 1696432959,
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=", "narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
"owner": "snowfallorg", "owner": "snowfallorg",
"repo": "lib", "repo": "lib",
"rev": "c6238c83de101729c5de3a29586ba166a9a65622", "rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2330,7 +2252,7 @@
}, },
"snowfall-lib_2": { "snowfall-lib_2": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_5",
"flake-utils-plus": "flake-utils-plus_2", "flake-utils-plus": "flake-utils-plus_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -2356,14 +2278,14 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_3" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1719268571, "lastModified": 1717297459,
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=", "narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3", "rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2495,21 +2417,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tabular": { "tabular": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -2649,11 +2556,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1722185531, "lastModified": 1717196966,
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=", "narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d", "rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2697,15 +2604,12 @@
} }
}, },
"utils_3": { "utils_3": {
"inputs": {
"systems": "systems_6"
},
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1605370193,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605", "rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2861,8 +2765,8 @@
}, },
"zig": { "zig": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {

4
flake.nix
View file

@ -40,9 +40,6 @@
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs"; simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs: outputs = inputs:
@ -76,7 +73,6 @@
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
disko.nixosModules.disko disko.nixosModules.disko
simple-nixos-mailserver.nixosModule simple-nixos-mailserver.nixosModule
attic.nixosModules.atticd
]; ];
overlays = with inputs; [ overlays = with inputs; [

8
homes/x86_64-darwin/harald@mpro/default.nix
View file

@ -8,22 +8,22 @@
username = "harald"; username = "harald";
homeDirectory = "/Users/${config.home.username}"; homeDirectory = "/Users/${config.home.username}";
stateVersion = "23.11"; # Please read the comment before changing. stateVersion = "23.11"; # Please read the comment before changing.
# sessionPath = [ "$HOME/bin" ]; sessionPath = [ "$HOME/bin" ];
}; };
metacfg = { metacfg = {
cli-apps = { cli-apps = {
bash.enable = true; bash.enable = true;
fish.enable = true; fish.enable = true;
neovim.enable = true; neovim.enable = true;
tmux.enable = true;
bat.enable = true; bat.enable = true;
starship.enable = true; starship.enable = true;
#home-manager.enable = true; home-manager.enable = true;
}; };
tools = { tools = {
direnv.enable = true; direnv.enable = true;
alacritty.enable = true;
ssh.enable = true; ssh.enable = true;
git.enable = true; git.enable = true;
}; };

2
homes/x86_64-linux/harald@mx/default.nix
View file

@ -32,7 +32,6 @@
xdg.enable = true; xdg.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
/* *****************************************
systemd.user.services = { systemd.user.services = {
render_blog = { render_blog = {
Service = { Service = {
@ -69,6 +68,5 @@
Install.WantedBy = [ "timers.target" ]; Install.WantedBy = [ "timers.target" ];
}; };
}; };
***************************** */
} }

4
homes/x86_64-linux/harald@sgx-azure/default.nix
View file

@ -12,10 +12,10 @@
}; };
nix.settings = { nix.settings = {
substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ]; substituters = [ "https://cache.nixos.org" "https://nixsgx.cachix.org" ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=" "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="
]; ];
}; };

1
homes/x86_64-linux/harald@t15/default.nix
View file

@ -37,7 +37,6 @@
"appindicatorsupport@rgcjonas.gmail.com" "appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com" "dash-to-panel@jderose9.github.com"
"hibernate-status@dromi" "hibernate-status@dromi"
"autohide-battery@sitnik.ru"
]; ];
favorite-apps = [ favorite-apps = [

1
homes/x86_64-linux/harald@x1/default.nix
View file

@ -37,7 +37,6 @@
"appindicatorsupport@rgcjonas.gmail.com" "appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com" "dash-to-panel@jderose9.github.com"
"hibernate-status@dromi" "hibernate-status@dromi"
"autohide-battery@sitnik.ru"
]; ];
favorite-apps = [ favorite-apps = [

2
modules/darwin/nix/default.nix
View file

@ -11,7 +11,7 @@ in
{ {
options.metacfg.nix = with types; { options.metacfg.nix = with types; {
enable = mkBoolOpt true "Whether or not to manage nix configuration."; enable = mkBoolOpt true "Whether or not to manage nix configuration.";
package = mkOpt package pkgs.nix "Which nix package to use."; package = mkOpt package pkgs.nixUnstable "Which nix package to use.";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {

58
modules/darwin/services/base/default.nix
View file

@ -1,58 +0,0 @@
{ options
, config
, lib
, pkgs
, ...
}:
with lib;
with lib.metacfg;
let
cfg = config.metacfg.base;
in
{
options.metacfg.base = with types; {
enable = mkBoolOpt false "Whether or not to enable the base config.";
};
config = mkIf cfg.enable {
environment = {
systemPackages = with pkgs; [
alacritty
age
delta
git
git-crypt
git-delete-merged-branches
home-manager
htop
mosh
nixpkgs-fmt
openssl
restic
rrsync
sops
tmux
vim
wget
starship
];
shells = [ pkgs.fish pkgs.bash ];
};
programs = {
bash = {
## shellInit = ''
interactiveShellInit = ''
bind '"\e[A": history-search-backward'
bind '"\e[B": history-search-forward'
'';
};
fish.enable = true;
};
security = {
pam.enableSudoTouchIdAuth = true;
};
};
}

2
modules/darwin/suites/common/default.nix
View file

@ -16,8 +16,6 @@ in
metacfg = { metacfg = {
nix = enabled; nix = enabled;
base = enabled;
system = { system = {
fonts = enabled; fonts = enabled;
#input = enabled; #input = enabled;

4
modules/darwin/system/fonts/default.nix
View file

@ -17,7 +17,9 @@ in
}; };
fonts = { fonts = {
packages = with pkgs; fontDir = enabled;
fonts = with pkgs;
[ [
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans

1
modules/home/tools/git/default.nix
View file

@ -60,7 +60,6 @@ in
clean = "${pkgs.metacfg.rot8000}/bin/rot8000"; clean = "${pkgs.metacfg.rot8000}/bin/rot8000";
smudge = "${pkgs.metacfg.rot8000}/bin/rot8000"; smudge = "${pkgs.metacfg.rot8000}/bin/rot8000";
}; };
http.sslCAinfo = "/etc/ssl/certs/ca-certificates.crt";
}; };
}; };
}; };

6
modules/nixos/nix/default.nix
View file

@ -51,7 +51,7 @@ in
users = [ "root" config.metacfg.user.name ] ++ users = [ "root" config.metacfg.user.name ] ++
optional config.services.hydra.enable "hydra"; optional config.services.hydra.enable "hydra";
extra-substituters = cfg.extra-substituters // { extra-substituters = cfg.extra-substituters // {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
}; };
in in
{ {
@ -83,8 +83,8 @@ in
gc = { gc = {
automatic = true; automatic = true;
dates = lib.mkDefault "weekly"; dates = "weekly";
options = lib.mkDefault "--delete-older-than 14d"; options = "--delete-older-than 30d";
}; };
# flake-utils-plus # flake-utils-plus

14
modules/nixos/services/base/default.nix
View file

@ -67,11 +67,6 @@ in
vim vim
virt-manager virt-manager
wget wget
(pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
qemu-system-x86_64 \
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
"$@"
'')
]; ];
shells = [ pkgs.fish pkgs.bash ]; shells = [ pkgs.fish pkgs.bash ];
}; };
@ -83,6 +78,7 @@ in
}; };
enableRedistributableFirmware = lib.mkDefault true; enableRedistributableFirmware = lib.mkDefault true;
enableAllFirmware = true; enableAllFirmware = true;
opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
}; };
programs = { programs = {
@ -118,7 +114,7 @@ in
tpm2.abrmd.enable = lib.mkDefault true; tpm2.abrmd.enable = lib.mkDefault true;
sudo = { sudo = {
enable = true; enable = true;
wheelNeedsPassword = lib.mkDefault true; wheelNeedsPassword = false;
}; };
}; };
@ -160,13 +156,7 @@ in
environment.GIT_CONFIG_GLOBAL = toString gitconfig; environment.GIT_CONFIG_GLOBAL = toString gitconfig;
}; };
programs.git.enable = true;
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
boot.tmp.useTmpfs = true;
systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
services.fstrim.enable = true;
}; };
} }

34
modules/nixos/services/gui/default.nix
View file

@ -39,7 +39,7 @@ in
]; ];
xserver = { xserver = {
xkb.layout = lib.mkDefault "de+us"; layout = lib.mkDefault "de+us";
enable = true; enable = true;
displayManager.gdm.enable = true; displayManager.gdm.enable = true;
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
@ -58,27 +58,6 @@ in
# Enable sound with pipewire. # Enable sound with pipewire.
sound.enable = true; sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
onevpl-intel-gpu
intel-compute-runtime
intel-media-driver # LIBVA_DRIVER_NAME=iHD
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
libvdpau-va-gl
];
};
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
NIXOS_OZONE_WL = "1";
}; # Force intel-media-driver
metacfg.home.configFile."mpv/mpv.conf".text = ''
hwdec=auto-safe
vo=gpu
profile=gpu-hq
gpu-context=wayland
'';
security.rtkit.enable = true; security.rtkit.enable = true;
@ -89,23 +68,19 @@ in
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
#pcsctools
bat bat
cardpeek cardpeek
ccache ccache
chromium
clang clang
dive dive
file file
firefox firefox
gh gh
gimp
git git
gnome-browser-connector gimp
gnome.cheese gnome.cheese
gnome.gnome-software gnome.gnome-software
gnomeExtensions.appindicator gnomeExtensions.appindicator
gnomeExtensions.autohide-battery
gnomeExtensions.dash-to-panel gnomeExtensions.dash-to-panel
gnomeExtensions.hibernate-status-button gnomeExtensions.hibernate-status-button
gnomeExtensions.vitals gnomeExtensions.vitals
@ -120,11 +95,11 @@ in
nixpkgs-fmt nixpkgs-fmt
opensc opensc
pasystray pasystray
#pcsctools
pinentry-gnome3 pinentry-gnome3
pkg-config pkg-config
pstree pstree
ripgrep ripgrep
rustup
slack slack
spotify spotify
statix statix
@ -132,9 +107,10 @@ in
tmux tmux
vim vim
wl-clipboard wl-clipboard
yubikey-manager-qt
yubikey-personalization yubikey-personalization
yubikey-manager-qt
zellij zellij
rustup
]; ];
#----=[ Fonts ]=----# #----=[ Fonts ]=----#

48
modules/nixos/services/homeprinter/default.nix
View file

@ -1,48 +0,0 @@
{ options, config, lib, pkgs, ... }:
with lib;
with lib.metacfg;
let cfg = config.metacfg.homeprinter;
in
{
options.metacfg.homeprinter = with types; {
enable = mkBoolOpt false "Whether or not to enable the home printers.";
};
config = mkIf cfg.enable {
services.printing.drivers = with pkgs; [
metacfg.dcpl2530dw-cups
gutenprintBin
gutenprint
];
hardware.printers.ensurePrinters = [
{
name = "Brother_DCP-L2530DW_series";
location = "Dach";
deviceUri = "dnssd://Brother%20DCP-L2530DW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-cc6b1e5cd0ea";
model = "brother-DCPL2530DW-cups-en.ppd";
ppdOptions = {
PageSize = "A4";
};
}
{
name = "Canon_MG6300_series";
location = "Dach";
deviceUri = "dnssd://Canon%20MG6300%20series._ipp._tcp.local/?uuid=00000000-0000-1000-8000-2C9EFC9C7BA5";
model = "gutenprint.5.3://bjc-PIXMA-MG6350/expert";
ppdOptions = {
PageSize = "w283h425";
# StpFullBleed = "True";
MediaType = "PhotoPlusGloss2";
ColorModel = "CMYK";
StpColorCorrection = "Accurate";
StpColorPrecision = "Best";
StpInkType = "CMYKk";
StpImageType = "Photo";
StpDitherAlgorithm = "Adaptive";
};
}
];
};
}

2
modules/nixos/sgx/aesmd_dcap/default.nix
View file

@ -13,7 +13,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
metacfg = { metacfg = {
nix.extra-substituters = { nix.extra-substituters = {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
}; };
}; };
services.aesmd = { services.aesmd = {

2
modules/nixos/sgx/pccs/default.nix
View file

@ -31,7 +31,7 @@ in
metacfg = { metacfg = {
nix.extra-substituters = { nix.extra-substituters = {
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; "https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
}; };
}; };

1
modules/nixos/tools/git/default.nix
View file

@ -54,7 +54,6 @@ in
interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only"; interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
merge.conflictStyle = "diff3"; merge.conflictStyle = "diff3";
diff.colorMoved = "default"; diff.colorMoved = "default";
http.sslCAinfo = "/etc/ssl/certs/ca-certificates.crt";
}; };
}; };
}; };

2
modules/nixos/user/default.nix
View file

@ -104,7 +104,7 @@ in
# system to select). # system to select).
uid = 1000; uid = 1000;
extraGroups = [ "wheel" ] ++ cfg.extraGroups; extraGroups = [ ] ++ cfg.extraGroups;
} }
// cfg.extraOptions; // cfg.extraOptions;
}; };

82
packages/dcpl2530dw-cups/default.nix
View file

@ -1,82 +0,0 @@
{ lib
, stdenv
, fetchurl
, makeWrapper
, cups
, dpkg
, a2ps
, ghostscript
, gnugrep
, gnused
, coreutils
, file
, perl
, which
}:
stdenv.mkDerivation rec {
pname = "dcpl2530dw-cups";
version = "4.0.0";
src = fetchurl {
# The i386 part is a lie. There are x86, x86_64 and armv7l drivers.
# Though this builds only supports x86_64 for now.
url = "https://download.brother.com/welcome/dlf103518/dcpl2530dwpdrv-${version}-1.i386.deb";
sha256 = "sha256-f5lxwp7iu6gvmP7DU3xQMH8rOcuUT0vlxVTUiTg1eeo=";
};
nativeBuildInputs = [ makeWrapper ];
buildInputs = [ cups ghostscript dpkg a2ps ];
dontUnpack = true;
installPhase = ''
dpkg-deb -x $src $out
substituteInPlace $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
--replace /opt "$out/opt" \
--replace /usr/bin/perl ${perl}/bin/perl \
--replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$out\"; #" \
--replace "PRINTER =~" "PRINTER = \"DCPL2530DW\"; #"
# FIXME : Allow i686 and armv7l variations to be setup instead.
_PLAT=x86_64
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
$out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/brprintconflsr3
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
$out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/rawtobr3
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/brprintconflsr3 $out/opt/brother/Printers/DCPL2530DW/lpd/brprintconflsr3
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/rawtobr3 $out/opt/brother/Printers/DCPL2530DW/lpd/rawtobr3
for f in \
$out/opt/brother/Printers/DCPL2530DW/cupswrapper/lpdwrapper \
$out/opt/brother/Printers/DCPL2530DW/cupswrapper/paperconfigml2 \
; do
#substituteInPlace $f \
wrapProgram $f \
--prefix PATH : ${lib.makeBinPath [
coreutils ghostscript gnugrep gnused
]}
done
mkdir -p $out/lib/cups/filter/
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter $out/lib/cups/filter/brother_lpdwrapper_DCPL2530DW
mkdir -p $out/share/cups/model
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
--prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] }
'';
meta = with lib; {
homepage = "http://www.brother.com/";
description = "Brother DCP-L2530DW combined print driver";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
license = licenses.unfree;
platforms = [ "x86_64-linux" ];
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
};
}

93
systems/x86_64-linux/mx/acme.nix
View file

@ -8,73 +8,72 @@
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "harald@hoyer.xyz"; email = "harald@hoyer.xyz";
dnsProvider = "cloudflare"; dnsProvider = "internetbs";
credentialsFile = config.sops.secrets.internetbs.path; credentialsFile = config.sops.secrets.internetbs.path;
}; };
certs = { certs = {
"mx.surfsite.org" = { };
"surfsite.org" = { "surfsite.org" = {
extraDomainNames = [ extraDomainNames = [
"*.surfsite.org" "*.surfsite.org"
]; ];
}; };
"hoyer.xyz" = {
dnsProvider = "cloudflare";
extraDomainNames = [
"*.hoyer.xyz"
"*.harald.hoyer.xyz"
"*.hartwin.hoyer.xyz"
];
};
"hoyer.world" = {
dnsProvider = "cloudflare";
extraDomainNames = [
"*.hoyer.world"
"*.harald.hoyer.world"
"*.hartwin.hoyer.world"
];
};
"hoyer.social" = {
dnsProvider = "cloudflare";
extraDomainNames = [
"*.hoyer.social"
"*.harald.hoyer.social"
"*.hartwin.hoyer.social"
];
};
"hoyer.photos" = {
dnsProvider = "cloudflare";
extraDomainNames = [
"*.hoyer.photos"
"*.harald.hoyer.photos"
"*.hartwin.hoyer.photos"
];
};
"harald-hoyer.de" = {
extraDomainNames = [
"*.harald-hoyer.de"
];
};
"hartwin-hoyer.de" = { "hartwin-hoyer.de" = {
extraDomainNames = [ extraDomainNames = [
"*.hartwin-hoyer.de" "*.hartwin-hoyer.de"
]; ];
}; };
"herward-hoyer.de" = {
extraDomainNames = [
"*.herward-hoyer.de"
];
};
"varlink.org" = { "varlink.org" = {
extraDomainNames = [ extraDomainNames = [
"*.varlink.org" "*.varlink.org"
]; ];
}; };
"meike-hoyer.de" = { };
"hoyer.xyz" = {
extraDomainNames = [
"*.hoyer.xyz"
"*.harald.hoyer.xyz"
"*.hartwin.hoyer.xyz"
];
};
"hoyer.world" = {
extraDomainNames = [
"*.hoyer.world"
"*.harald.hoyer.world"
"*.hartwin.hoyer.world"
];
};
"hoyer.social" = {
extraDomainNames = [
"*.hoyer.social"
"*.harald.hoyer.social"
"*.hartwin.hoyer.social"
];
};
"hoyer.photos" = {
extraDomainNames = [
"*.hoyer.photos"
"*.harald.hoyer.photos"
"*.hartwin.hoyer.photos"
];
};
"harald-hoyer.de" = {
extraDomainNames = [
"*.harald-hoyer.de"
];
};
}; };
}; };
} }

56
systems/x86_64-linux/mx/coturn.nix
View file

@ -1,56 +0,0 @@
{ pkgs, lib, config, ... }:
{
sops.secrets."coturn/static-auth-secret" = {
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
restartUnits = [ "coturn.service" ];
owner = "turnserver";
};
networking.firewall =
let
range = with config.services.coturn; [{
from = min-port;
to = max-port;
}];
in
{
allowedUDPPortRanges = range;
allowedTCPPorts = [ 3478 3479 5349 ];
allowedUDPPorts = [ 3478 3479 5349 ];
};
# get a certificate
security.acme.certs.${config.services.coturn.realm} = {
/* insert here the right configuration to obtain a certificate */
postRun = "systemctl restart coturn.service";
group = "turnserver";
};
services.coturn = rec {
enable = true;
realm = "turn.hoyer.xyz";
static-auth-secret-file = config.sops.secrets."coturn/static-auth-secret".path;
use-auth-secret = true;
lt-cred-mech = true;
min-port = 49000;
max-port = 50000;
no-cli = true;
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
extraConfig = ''
fingerprint
total-quota=100
bps-capacity=0
stale-nonce=600
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
no-loopback-peers
no-multicast-peers
no-tlsv1
no-tlsv1_1
# strongly encouraged options to decrease amplification attacks
no-rfc5780
no-stun-backward-compatibility
response-origin-only-with-rfc5780
'';
};
}

10
systems/x86_64-linux/mx/default.nix
View file

@ -3,7 +3,7 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./rspamd.nix ./rspamd.nix
# ./goaccess.nix ./goaccess.nix
./nextcloud.nix ./nextcloud.nix
./backup.nix ./backup.nix
./users.nix ./users.nix
@ -13,7 +13,6 @@
./forgejo.nix ./forgejo.nix
./nginx.nix ./nginx.nix
./network.nix ./network.nix
./coturn.nix
]; ];
metacfg = { metacfg = {
@ -36,13 +35,6 @@
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx"; flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
}; };
nix.gc = {
dates = "daily";
options = "--delete-older-than 7d";
};
programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
age age
apacheHttpd # for mkpasswd apacheHttpd # for mkpasswd

21
systems/x86_64-linux/mx/forgejo.nix
View file

@ -51,25 +51,4 @@
} }
]; ];
}; };
sops.secrets."forgejo-runner-token" = {
sopsFile = ../../../.secrets/hetzner/forgejo-runner-token.yaml; # bring your own password file
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances.default = {
enable = true;
name = "base";
url = "https://git.hoyer.xyz";
tokenFile = config.sops.secrets.forgejo-runner-token.path;
settings.container.network = "host";
labels = [
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
"ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
"ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
"nix:docker://git.hoyer.xyz/harald/nix-runner:latest"
];
};
};
} }

3
systems/x86_64-linux/mx/hardware-configuration.nix
View file

@ -39,4 +39,7 @@
}; };
swapDevices = [{ device = "/swapfile"; }]; swapDevices = [{ device = "/swapfile"; }];
} }

79
systems/x86_64-linux/mx/mailserver.nix
View file

@ -5,13 +5,12 @@
enable = true; enable = true;
fqdn = "mx.surfsite.org"; fqdn = "mx.surfsite.org";
sendingFqdn = "mx.surfsite.org"; sendingFqdn = "mx.surfsite.org";
certificateScheme = "acme";
acmeCertificateName = "surfsite.org";
domains = [ domains = [
"harald-hoyer.de" "harald-hoyer.de"
"hartwin-hoyer.de" "hartwin-hoyer.de"
"herward-hoyer.de" "herward-hoyer.de"
"meike-hoyer.de" "meike-knutz.de"
"gerlinde-hoyer.de"
"hoyer.xyz" "hoyer.xyz"
"nc.hoyer.xyz" "nc.hoyer.xyz"
@ -19,6 +18,7 @@
"varlink.org" "varlink.org"
"surfsite.org" "surfsite.org"
"myprivacy.tools"
"hoyer.social" "hoyer.social"
"hoyer.world" "hoyer.world"
"hoyer.photos" "hoyer.photos"
@ -55,90 +55,73 @@
hashedPasswordFile = "/ubzr/unenyq/frpergf/zu@ublre.klm"; hashedPasswordFile = "/ubzr/unenyq/frpergf/zu@ublre.klm";
aliases = [ aliases = [
"zrvxr@unenyq-ublre.qr" "zrvxr@unenyq-ublre.qr"
"zrvxr@ublre.fbpvny" "zrvxr@zrvxr-xahgm.qr"
"zrvxr@ublre.jbeyq" "zrvxr.ublre@zrvxr-xahgm.qr"
"zrvxr@ublre.klm" "zrvxr@ublre.klm"
"zrvxr@zrvxr-ublre.qr"
"zrvxr@ap.ublre.klm"
]; ];
}; };
"nyrk@ublre.klm" = { "nyrk@ublre.klm" = {
hashedPasswordFile = "/home/hartwin/secrets/alex-mail"; hashedPasswordFile = "/home/hartwin/secrets/alex-mail";
aliases = [ aliases = [
"nyrk.ublre@unegjva-ublre.qr"
"nyrk.ublre@fhesfvgr.bet"
"nyrk@unegjva-ublre.qr" "nyrk@unegjva-ublre.qr"
"nyrk@ublre.fbpvny" "nyrk.ublre@unegjva-ublre.qr"
"nyrk@ublre.jbeyq"
"nyrk@fhesfvgr.bet" "nyrk@fhesfvgr.bet"
"nyrknaqre@ublre.fbpvny" "nyrk.ublre@fhesfvgr.bet"
"nyrknaqre@ublre.jbeyq"
"nyrknaqre@ublre.klm" "nyrknaqre@ublre.klm"
]; ];
}; };
"wna@ublre.klm" = { "wna@ublre.klm" = {
hashedPasswordFile = "/home/hartwin/secrets/jan-mail"; hashedPasswordFile = "/home/hartwin/secrets/jan-mail";
aliases = [ aliases = [
"wna.ublre@unegjva-ublre.qr"
"wna.ublre@fhesfvgr.bet"
"wna@unegjva-ublre.qr" "wna@unegjva-ublre.qr"
"wna@ublre.fbpvny" "wna.ublre@unegjva-ublre.qr"
"wna@ublre.jbeyq"
"wna@fhesfvgr.bet" "wna@fhesfvgr.bet"
"wna.ublre@fhesfvgr.bet"
]; ];
}; };
"unaanu@ublre.klm" = { "unaanu@ublre.klm" = {
hashedPasswordFile = "/home/hartwin/secrets/hannah-mail"; hashedPasswordFile = "/home/hartwin/secrets/hannah-mail";
aliases = [ aliases = [
"unaanu.ublre@unegjva-ublre.qr"
"unaanu.ublre@fhesfvgr.bet"
"unaanu@unegjva-ublre.qr" "unaanu@unegjva-ublre.qr"
"unaanu@ublre.fbpvny" "unaanu.ublre@unegjva-ublre.qr"
"unaanu@ublre.jbeyq"
"unaanu@fhesfvgr.bet" "unaanu@fhesfvgr.bet"
"unaanu.ublre@fhesfvgr.bet"
]; ];
}; };
"fgrssv@ublre.klm" = { "fgrssv@ublre.klm" = {
hashedPasswordFile = "/home/hartwin/secrets/steffi-mail"; hashedPasswordFile = "/home/hartwin/secrets/steffi-mail";
aliases = [ aliases = [
"fgrsnavr.ublre@ublre.klm"
"fgrsnavr.ublre@fhesfvgr.bet"
"fgrsnavr@ublre.fbpvny"
"fgrsnavr@ublre.jbeyq"
"fgrsnavr@ublre.klm"
"fgrsnavrublre@fhesfvgr.bet"
"fgrssv@fhesfvgr.bet" "fgrssv@fhesfvgr.bet"
"fgrsnavrublre@fhesfvgr.bet"
"fgrsnavr.ublre@fhesfvgr.bet"
"fgrsnavr.ublre@ublre.klm"
"fgrsnavr@ublre.klm"
]; ];
}; };
"unegjva@ublre.klm" = { "unegjva@ublre.klm" = {
hashedPasswordFile = "/home/hartwin/secrets/hartwin-mail"; hashedPasswordFile = "/home/hartwin/secrets/hartwin-mail";
aliases = [ aliases = [
"unegjva.ublre@unegjva-ublre.qr" "unegjva.ublre@unegjva-ublre.qr"
"unegjva@unegjva-ublre.qr"
"unegjva@ublre.cubgbf"
"unegjva@ublre.fbpvny"
"unegjva@ublre.jbeyq"
"unegjva@ap.ublre.klm"
"znvy@unegjva-ublre.qr" "znvy@unegjva-ublre.qr"
"jroznfgre@unegjva.ublre.cubgbf" "unegjva@unegjva-ublre.qr"
"jroznfgre@unegjva.ublre.klm"
"lbhghor@unegjva-ublre.qr" "lbhghor@unegjva-ublre.qr"
"unegjva@ap.ublre.klm"
"unegjva@ublre.cubgbf"
"jroznfgre@unegjva.ublre.cubgbf"
]; ];
}; };
"uublre@urejneq-ublre.qr" = { "uublre@urejneq-ublre.qr" = {
hashedPasswordFile = "/home/hhoyer/secrets/hhoyer-mail"; hashedPasswordFile = "/home/hhoyer/secrets/hhoyer-mail";
aliases = [ aliases = [
"thn808@urejneq-ublre.qr"
"urejneq.ublre@urejneq-ublre.qr"
"urejneq@urejneq-ublre.qr" "urejneq@urejneq-ublre.qr"
"urejneq@ublre.fbpvny" "urejneq@if189018.ifreire.qr"
"urejneq@ublre.jbeyq" "thn808@urejneq-ublre.qr"
"znvy@urejneq-ublre.qr"
"urejneq.ublre@urejneq-ublre.qr"
"uublre@fhesfvgr.bet"
"uublre@ublre.klm"
"urejneq@ublre.klm" "urejneq@ublre.klm"
"urejneq@ap.ublre.klm" "urejneq@ap.ublre.klm"
"urejneq@if189018.ifreire.qr"
"uublre@ublre.klm"
"uublre@fhesfvgr.bet"
"znvy@urejneq-ublre.qr"
]; ];
}; };
"unenyq@ublre.klm" = { "unenyq@ublre.klm" = {
@ -149,12 +132,14 @@
"nohfr@zk.fhesfvgr.bet" "nohfr@zk.fhesfvgr.bet"
"nohfr@fhesfvgr.bet" "nohfr@fhesfvgr.bet"
"nohfr@zrvxr-ublre.qr"
"nohfr@unegjva-ublre.qr" "nohfr@unegjva-ublre.qr"
"nohfr@urejneq-ublre.qr" "nohfr@urejneq-ublre.qr"
"nohfr@zrvxr-xahgm.qr"
"nohfr@treyvaqr-ublre.qr"
"nohfr@ublre.klm" "nohfr@ublre.klm"
"nohfr@unenyq.ublre.klm" "nohfr@unenyq.ublre.klm"
"nohfr@ineyvax.bet" "nohfr@ineyvax.bet"
"nohfr@zlcevinpl.gbbyf"
"nohfr@ublre.fbpvny" "nohfr@ublre.fbpvny"
"nohfr@ublre.jbeyq" "nohfr@ublre.jbeyq"
"nohfr@ublre.cubgbf" "nohfr@ublre.cubgbf"
@ -163,10 +148,12 @@
"cbfgznfgre@fhesfvgr.bet" "cbfgznfgre@fhesfvgr.bet"
"cbfgznfgre@unegjva-ublre.qr" "cbfgznfgre@unegjva-ublre.qr"
"cbfgznfgre@urejneq-ublre.qr" "cbfgznfgre@urejneq-ublre.qr"
"cbfgznfgre@zrvxr-ublre.qr" "cbfgznfgre@zrvxr-xahgm.qr"
"cbfgznfgre@treyvaqr-ublre.qr"
"cbfgznfgre@ublre.klm" "cbfgznfgre@ublre.klm"
"cbfgznfgre@unenyq.ublre.klm" "cbfgznfgre@unenyq.ublre.klm"
"cbfgznfgre@ineyvax.bet" "cbfgznfgre@ineyvax.bet"
"cbfgznfgre@zlcevinpl.gbbyf"
"cbfgznfgre@ublre.fbpvny" "cbfgznfgre@ublre.fbpvny"
"cbfgznfgre@ublre.jbeyq" "cbfgznfgre@ublre.jbeyq"
"cbfgznfgre@ublre.cubgbf" "cbfgznfgre@ublre.cubgbf"
@ -175,6 +162,7 @@
"jroznfgre@fhesfvgr.bet" "jroznfgre@fhesfvgr.bet"
"jroznfgre@unenyq.ublre.klm" "jroznfgre@unenyq.ublre.klm"
"jroznfgre@ineyvax.bet" "jroznfgre@ineyvax.bet"
"jroznfgre@zlcevinpl.gbbyf"
"jroznfgre@ublre.fbpvny" "jroznfgre@ublre.fbpvny"
"jroznfgre@ublre.jbeyq" "jroznfgre@ublre.jbeyq"
"jroznfgre@ublre.cubgbf" "jroznfgre@ublre.cubgbf"
@ -192,10 +180,10 @@
"unenyq@ublre.klm" "unenyq@ublre.klm"
"unenyq@ap.ublre.klm" "unenyq@ap.ublre.klm"
"unenyq@ineyvax.bet" "unenyq@ineyvax.bet"
"unenyq@zlcevinpl.gbbyf"
"unenyq@ublre.jbeyq" "unenyq@ublre.jbeyq"
"unenyq@ublre.fbpvny" "unenyq@ublre.fbpvny"
"unenyq@ublre.cubgbf" "unenyq@ublre.cubgbf"
"unenyq@zrvxr-ublre.qr"
"@unenyq.ublre.klm" "@unenyq.ublre.klm"
"@unenyq-ublre.qr" "@unenyq-ublre.qr"
@ -226,6 +214,7 @@
]; ];
}; };
}; };
certificateScheme = "acme";
}; };
services.roundcube = { services.roundcube = {

24
systems/x86_64-linux/mx/nextcloud.nix
View file

@ -2,19 +2,17 @@
{ {
systemd.services."nextcloud-setup".requires = [ "postgresql.service" ]; systemd.services."nextcloud-setup".requires = [ "postgresql.service" ];
systemd.services."nextcloud-setup".after = [ "postgresql.service" ]; systemd.services."nextcloud-setup".after = [ "postgresql.service" ];
environment.systemPackages = with pkgs; [ ffmpeg ];
environment.etc."nextcloud-admin-pass".text = "test123"; environment.etc."nextcloud-admin-pass".text = "test123";
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud29; package = pkgs.nextcloud28;
hostName = "nc.hoyer.xyz"; hostName = "nc.hoyer.xyz";
https = true; https = true;
configureRedis = true; configureRedis = true;
settings = { extraOptions = {
mail_smtpmode = "sendmail"; mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe"; mail_sendmailmode = "pipe";
default_phone_region = "DE";
}; };
phpOptions = { phpOptions = {
upload_max_filesize = lib.mkForce "1G"; upload_max_filesize = lib.mkForce "1G";
@ -22,26 +20,10 @@
"opcache.interned_strings_buffer" = "16"; "opcache.interned_strings_buffer" = "16";
}; };
config.adminpassFile = "/etc/nextcloud-admin-pass"; config.adminpassFile = "/etc/nextcloud-admin-pass";
config.defaultPhoneRegion = "DE";
config.dbtype = "pgsql"; config.dbtype = "pgsql";
config.dbname = "nextcloud"; config.dbname = "nextcloud";
config.dbhost = "/run/postgresql"; config.dbhost = "/run/postgresql";
config.dbuser = "nextcloud"; config.dbuser = "nextcloud";
extraOptions.enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MP3"
"OC\\Preview\\MP4"
"OC\\Preview\\MarkDown"
"OC\\Preview\\Movie"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PDF"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\WEBP"
"OC\\Preview\\XBitmap"
];
}; };
} }

1
systems/x86_64-linux/mx/nginx.nix
View file

@ -3,7 +3,6 @@
users.users.nginx.extraGroups = [ "acme" ]; users.users.nginx.extraGroups = [ "acme" ];
services.nginx = { services.nginx = {
enable = true; enable = true;
clientMaxBodySize = "1000M";
appendHttpConfig = '' appendHttpConfig = ''
log_format vcombined '$host:$server_port ' log_format vcombined '$host:$server_port '
'$remote_addr - $remote_user [$time_local] ' '$remote_addr - $remote_user [$time_local] '

48
systems/x86_64-linux/mx/rspamd.nix
View file

@ -1,36 +1,34 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
let
domains = ''
epicgames.com
dmail.ai
twitter.com
x.com
gmx.de
chess.com
'';
in
{ {
services.rspamd.workers.controller.bindSockets = [{ services.rspamd.workers.controller.bindSockets = [{
socket = "/run/rspamd/worker-controller.sock"; socket = "/run/rspamd/worker-controller.sock";
mode = "0660"; mode = "0660";
}]; }];
services.rspamd.locals = { services.rspamd.locals = {
"settings.conf".text = '' "maps.d/spf_whitelist.inc.local" = {
bogenschiessen { text = ''
from = "bogensport-jugend@gmx.de"; epicgames.com
apply { dmail.ai
actions {
reject = 100.0;
greylist = null; # Disable greylisting (from 1.8.1)
"add header" = 100.0; # Please note the space, NOT an underscore
}
}
}
''; '';
"maps.d/spf_whitelist.inc.local".text = domains; };
"maps.d/spf_dkim_whitelist.inc.local".text = domains; "maps.d/spf_dkim_whitelist.inc.local" = {
"maps.d/dmarc_whitelist.inc.local".text = domains; text = ''
"greylist-whitelist-domains.inc".text = domains; epicgames.com
dmail.ai
'';
};
"maps.d/dmarc_whitelist.inc.local" = {
text = ''
epicgames.com
dmail.ai
'';
};
"greylist-whitelist-domains.inc" = {
text = ''
dmail.ai
epicgames.com
'';
};
}; };
services.rspamd.extraConfig = '' services.rspamd.extraConfig = ''
actions { actions {

55
systems/x86_64-linux/sgx-attic/atticd.nix
View file

@ -1,55 +0,0 @@
{ pkgs, lib, config, ... }:
{
services.postgresql = {
enable = true;
ensureDatabases = [ "attic" ];
ensureUsers = [{ name = "atticd"; }];
};
systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
'';
environment.systemPackages = with pkgs; [
attic-client
];
services.atticd = {
enable = true;
# Replace with absolute path to your credentials file
credentialsFile = "/etc/atticd.env";
settings = {
api-endpoint = "https://attic.teepot.org/";
garbage-collection.default-retention-period = "3 months";
database.url = "postgresql:///attic?host=/run/postgresql";
listen = "[::]:8080";
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
}

36
systems/x86_64-linux/sgx-attic/default.nix
View file

@ -1,36 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
with lib.metacfg;
{
imports = [
./hardware-configuration.nix
./atticd.nix
];
metacfg = {
base.enable = true;
nix.enable = true;
};
virtualisation = {
docker.enable = true;
podman.dockerCompat = false;
};
system.autoUpgrade = {
enable = true;
operation = "switch";
allowReboot = true;
};
security.tpm2.enable = false;
security.tpm2.abrmd.enable = false;
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
networking.firewall.allowedTCPPorts = [ 8080 ];
networking.firewall.allowPing = true;
powerManagement.cpuFreqGovernor = "ondemand";
system.stateVersion = "24.05";
}

41
systems/x86_64-linux/sgx-attic/disko.nix
View file

@ -1,41 +0,0 @@
# USAGE in your configuration.nix.
# Update devices to match your hardware.
# {
# imports = [ ./disko-config.nix ];
# disko.devices.disk.main.device = "/dev/sda";
# }
{
config.disko.devices = {
disk = {
main = {
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

27
systems/x86_64-linux/sgx-attic/hardware-configuration.nix
View file

@ -1,27 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
./disko.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
disko.devices.disk.main.device = "/dev/vda";
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

6
systems/x86_64-linux/sgx-nixos/default.nix
View file

@ -2,9 +2,7 @@
with lib; with lib;
with lib.metacfg; with lib.metacfg;
{ {
imports = [ imports = [ ./hardware-configuration.nix ];
./hardware-configuration.nix
];
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1; boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
@ -52,8 +50,6 @@ with lib.metacfg;
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant. networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
networking.firewall.allowPing = true;
powerManagement.cpuFreqGovernor = "ondemand"; powerManagement.cpuFreqGovernor = "ondemand";
system.stateVersion = "23.11"; system.stateVersion = "23.11";

10
systems/x86_64-linux/sgx/fileserver.nix
View file

@ -72,14 +72,4 @@
}; };
}; };
}; };
services = {
syncthing = {
enable = true;
user = "harald";
dataDir = "/mnt/raid/Qmultimedia/syncthing"; # Default folder for new synced folders
configDir = "/mnt/raid/Qmultimedia/syncthing/.config/syncthing"; # Folder for Syncthing's settings and keys
guiAddress = "0.0.0.0:8384";
};
};
} }

3
systems/x86_64-linux/sgx/network.nix
View file

@ -37,7 +37,6 @@
}; };
}; };
networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ]; networking.firewall.allowedTCPPorts = [ 548 ];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
networking.firewall.allowPing = true; networking.firewall.allowPing = true;
} }

6
systems/x86_64-linux/t15/default.nix
View file

@ -9,8 +9,6 @@
nix.enable = true; nix.enable = true;
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true;
user.extraGroups = [ "docker" "dialout" ];
}; };
system.autoUpgrade = { system.autoUpgrade = {
@ -21,9 +19,6 @@
system.stateVersion = "23.11"; system.stateVersion = "23.11";
services.resolved.enable = true;
services.resolved.dnssec = "allow-downgrade";
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml; sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml; sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
@ -39,4 +34,5 @@
bits = 4096; bits = 4096;
} }
]; ];
} }

7
systems/x86_64-linux/t15/hardware-configuration.nix
View file

@ -28,7 +28,6 @@
"uas" "uas"
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
boot.kernelParams = [ boot.kernelParams = [
"lockdown=confidentiality" "lockdown=confidentiality"
"intel_iommu=on" "intel_iommu=on"
@ -80,9 +79,9 @@
}; };
console.keyMap = "de-latin1-nodeadkeys"; console.keyMap = "de-latin1-nodeadkeys";
services.xserver.xkb = { services.xserver = {
layout = "de,de+us"; layout = "de";
variant = "nodeadkeys,"; xkbVariant = "nodeadkeys";
}; };
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

23
systems/x86_64-linux/x1/default.nix
View file

@ -11,28 +11,9 @@ with lib.metacfg;
nix.enable = true; nix.enable = true;
podman.enable = true; podman.enable = true;
secureboot.enable = true; secureboot.enable = true;
homeprinter.enable = true; user.extraGroups = [ "docker" ];
user.extraGroups = [ "docker" "dialout" ];
}; };
environment.systemPackages = with pkgs; [
azure-cli
cloudflare-warp
desktop-file-utils
kubectl
kubectx
k9s
attic-client
];
services.resolved.enable = true;
services.resolved.dnssec = "allow-downgrade";
services.resolved.extraConfig = ''
ResolveUnicastSingleLabel=yes
'';
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
libvirtd.enable = true; libvirtd.enable = true;
@ -45,7 +26,5 @@ with lib.metacfg;
allowReboot = false; allowReboot = false;
}; };
services.trezord.enable = true;
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

11
systems/x86_64-linux/x1/hardware-configuration.nix
View file

@ -31,15 +31,8 @@
options = [ "subvol=@" ]; options = [ "subvol=@" ];
}; };
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = { boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502".device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502"; boot.initrd.luks.devices."luks-280f2e07-e5fc-478e-b7ee-445c99bea415".device = "/dev/disk/by-uuid/280f2e07-e5fc-478e-b7ee-445c99bea415";
allowDiscards = true;
};
boot.initrd.luks.devices."luks-280f2e07-e5fc-478e-b7ee-445c99bea415" = {
device = "/dev/disk/by-uuid/280f2e07-e5fc-478e-b7ee-445c99bea415";
allowDiscards = true;
};
fileSystems."/boot" = fileSystems."/boot" =
{ {