Compare commits
No commits in common. "main" and "b24.05" have entirely different histories.
|
@ -1,31 +0,0 @@
|
|||
coturn:
|
||||
static-auth-secret: ENC[AES256_GCM,data:cYYpG6x0/7aaxCv+d5BYQqgEcEGz2U98CaECHjB5IJMZulcfuS7YimY6eaDqmd+JWqUynin2yA+puCKDNm+aEw==,iv:w5YWMucPSVNZSnJ6n3sjF+McIYN6Mz+wsLkl0J0h2bE=,tag:aO9jBxHfYWMAXH/0KQC1pQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWaDFlMEYxM1B0QTBCblkv
|
||||
dnlxR1pXZDZOamZhbXp4cW9QelFUNDY0alZ3CmJtZmU2YVpzMFh6eXhQWngwQXlz
|
||||
VW5IK3B1MnBZWjR2cmZGRjByNmVOSnMKLS0tIFBpMUZIcDFJbU5DYzZKdzlyVmgy
|
||||
c285MmZINC9TOFdEcWpjaEFnWnhuMnMKniLkzEuEBOcrGVVk3z93VtAzYKkud5nB
|
||||
lhNhqW7KbvXC05u20yPtYpD8z6pH4iulPG+yyvhahWBmc7gdgTZKdQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqNHYrVlJqeXVqQ0kzajlk
|
||||
RmZ4SzRWOTlaUlpSV1dnM1VSQ25XTk1ydW5zCkgwcVhvVGhsdW5UNHdBVkkxQkdv
|
||||
bXJVZjRSTzY5MjhoeXMzYlZqb1IrUGcKLS0tIHV6Y1AyV1hKZGdRZENEMlNlTlYw
|
||||
WHRNMTY0WGVVWG1icFdqYVp1b2ZkR00KM5C2+YE99mWkIwaCLuGrdyymT7ujaxv4
|
||||
MBU2TP2gYsN6bzt+LvyRC2OiOQcJ/2HgGimwK4FB5Y7L+uWiQIMpKA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-17T08:21:45Z"
|
||||
mac: ENC[AES256_GCM,data:A8p487vIXqxZAaD9Gmr7DcU3BkRVPvJDpUtK1xgCrJzmPYko6E6eL+n4LY90JSDOPG6ab3ns4URjnE34tL+QG3/M2viw6LvrYRbfAyubwnkYUX0QWXa+x3XMCuqKv0gY7npW9dZXgUJQx6KIB5jKNiLP9CeCyFz0C0FQI34DGwI=,iv:k7kKcmaM5IBFl4Ickl+YKBfOPdqAFtmps5rgTMSFjmw=,tag:NVATG1TG9MS//ZAxdYOAXQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,30 +0,0 @@
|
|||
forgejo-runner-token: ENC[AES256_GCM,data:nq8a/AQysWPehS7vuj4rpjxdoZWLqohvMjtu9hrQLbsrrOoJg/ZECsIQHQMbWPo=,iv:hComE0xi4SpeWgRMAtLY8rAHtlcY1/sF0gk7nMCqTME=,tag:YRIeWy0dFcM66giOTOFd3A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1qur4kh3gay9ryk3jh2snvjp6x9eq94zdrmgkrfcv4fzsu7l6lumq4tr3uy
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOUVxRXduVWhjNHdnZCtH
|
||||
U0VLWE01VkJaWmNDUzE1bmorRDN5RWNwTnhJClRkcDNzb1U2MzZ3TDhXSnI4Z252
|
||||
a1A0dzQ5eUlScDhhYjl6WEdnYnlxUm8KLS0tIDczaXlvcDVwUzdQY1h6a01QM2p6
|
||||
T3FBVWJqaHQwVnIrNFVsWVBub2djMG8KsbZb43UkVe1Up0O15UTC/PdsEkwwOnVW
|
||||
9P4AGO097HfTLkAjKJHx5QYF02dJ+4xb6rgzUYt9Nr8h8+GD0xRAfQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1dwcz3fmp29ju4svy0t0wz4ylhpwlqa8xpw4l7t4gmgqr0ev37qrsfn840l
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBdlhZbDhqamNGU2QrZDN5
|
||||
MlY5RFgrV3NJUk1PYWJLSnpCZjhiTUF5b0RrCmRHV0JnYlBmL2p0WE9UTzJUcVhK
|
||||
dkhiYlJtYWtDN0lseHRCNTUzb252TmsKLS0tIGZKbjA3dkVwcnZNK2djV1BvSkJo
|
||||
a09FM1ZqSWdsdytjdVFCanVldHVoWUUKyy/LXNd/vZLdgXYXfloFkNviaddvrazw
|
||||
4Z0bJ/fqGvRPlLkTUzZlhWKVXfZFGgo5nQSEvyphkIb6UCyd9VamnA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-27T11:07:00Z"
|
||||
mac: ENC[AES256_GCM,data:A73eobLa3aPeHkW1scY/xWWejVnCcEPJW9Vnx03HzEhk8Gv2dYAA6Xvt7hXMTuYow4A2ixmAFjn5GltvvOo3dUgumvHBlf6Kt39bwumiNmLD4mcLAKGnL55hSFn0gInEL5xjiqvlIokbPZFJec7CsS2f8PsL52/cYe5u3aSsqmo=,iv:ch2quofqaCUT1EjsIoWAlQzswfxxAk/eTfjB2tWsAzg=,tag:BlNpCt9r6iZdzJASCWHThQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
21
README.md
21
README.md
|
@ -1,29 +1,28 @@
|
|||
Install a system via nixos-anywhere
|
||||
Install system via nixos-anywhere
|
||||
|
||||
```bash
|
||||
$ nix run github:numtide/nixos-anywhere -- \
|
||||
❯ nix run github:numtide/nixos-anywhere -- \
|
||||
--flake 'git+https://git.hoyer.xyz/harald/nixcfg'.#hostname \
|
||||
root@hostname --no-reboot --tty -i $HOME/.ssh/id_ed25519
|
||||
... enter disk password
|
||||
$ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
|
||||
❯ ssh -t root@hostname systemd-cryptenroll /dev/luksdev --wipe-slot=tpm2 --tpm2-device=auto --tpm2-pcrs=1,15
|
||||
```
|
||||
|
||||
nixos-rebuild remote git flake
|
||||
|
||||
```bash
|
||||
$ nixos-rebuild --use-remote-sudo -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg boot
|
||||
❯ sudo nixos-rebuild boot --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg
|
||||
```
|
||||
on darwin
|
||||
|
||||
```bash
|
||||
$ darwin-rebuild -L --show-trace --refresh --flake git+https://git.hoyer.xyz/harald/nixcfg switch
|
||||
```
|
||||
|
||||
|
||||
home-manager remote git flake
|
||||
|
||||
```bash
|
||||
$ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
|
||||
❯ nix --refresh run 'git+https://git.hoyer.xyz/harald/nixcfg' -- \
|
||||
switch -b backup --flake 'git+https://git.hoyer.xyz/harald/nixcfg'
|
||||
```
|
||||
|
||||
`command-not-found` unable to open database
|
||||
|
||||
```bash
|
||||
❯ sudo nix-channel --update
|
||||
```
|
||||
|
|
332
flake.lock
332
flake.lock
|
@ -16,30 +16,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"attic": {
|
||||
"inputs": {
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717279440,
|
||||
"narHash": "sha256-kH04ReTjxOpQumgWnqy40vvQLSnLGxWP6RF3nq5Esrk=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"rev": "717cc95983cdc357bc347d70be20ced21f935843",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "zhaofengli",
|
||||
"repo": "attic",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"blobs": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -297,27 +273,6 @@
|
|||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"attic",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717025063,
|
||||
"narHash": "sha256-dIubLa56W9sNNz0e8jGxrX3CAkPXsq7snuFA/Ie6dn8=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "480dff0be03dac0e51a8dfc26e882b0d123a450e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane_2": {
|
||||
"inputs": {
|
||||
"flake-compat": [
|
||||
"lanzaboote",
|
||||
|
@ -373,11 +328,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719128254,
|
||||
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
|
||||
"lastModified": 1716993688,
|
||||
"narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
|
||||
"owner": "lnl7",
|
||||
"repo": "nix-darwin",
|
||||
"rev": "50581970f37f06a4719001735828519925ef8310",
|
||||
"rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -442,11 +397,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719451710,
|
||||
"narHash": "sha256-h+bFEQHQ46pBkEsOXbxmmY6QNPPGrgpDbNlHtAKG49M=",
|
||||
"lastModified": 1717378144,
|
||||
"narHash": "sha256-gwx3rVXnt2jNxl8L2DybYv41fA8QhWVGebe932pa2nw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "8767dbf5d723b1b6834f4d09b217da7c31580d58",
|
||||
"rev": "39cd5a1fcd6d7a476eac2894b09122ead99f6efc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -569,22 +524,6 @@
|
|||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
|
@ -600,14 +539,14 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_5": {
|
||||
"flake-compat_4": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"lastModified": 1668681692,
|
||||
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -616,7 +555,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_6": {
|
||||
"flake-compat_5": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1650374568,
|
||||
|
@ -672,58 +611,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils-plus": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715533576,
|
||||
"narHash": "sha256-fT4ppWeCJ0uR300EH3i7kmgRZnAVxrH+XtK09jQWihk=",
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "3542fe9126dc492e53ddd252bb0260fe035f2c0f",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils-plus_2": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696331477,
|
||||
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
|
@ -741,7 +628,43 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"flake-utils-plus": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696331477,
|
||||
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils-plus_2": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696331477,
|
||||
"narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "gytis-ivaskevicius",
|
||||
"repo": "flake-utils-plus",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
},
|
||||
|
@ -759,7 +682,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1659877975,
|
||||
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
|
||||
|
@ -774,7 +697,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_5": {
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
},
|
||||
|
@ -792,9 +715,9 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_6": {
|
||||
"flake-utils_5": {
|
||||
"inputs": {
|
||||
"systems": "systems_7"
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
|
@ -935,11 +858,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1720042825,
|
||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
||||
"lastModified": 1716736833,
|
||||
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
||||
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1015,10 +938,10 @@
|
|||
},
|
||||
"lanzaboote": {
|
||||
"inputs": {
|
||||
"crane": "crane_2",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"crane": "crane",
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-parts": "flake-parts",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
|
@ -1265,7 +1188,7 @@
|
|||
"elixir-tools": "elixir-tools",
|
||||
"fidget-nvim": "fidget-nvim",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flutter-tools": "flutter-tools",
|
||||
"gesture-nvim": "gesture-nvim",
|
||||
"gitsigns-nvim": "gitsigns-nvim",
|
||||
|
@ -1404,18 +1327,33 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-24_05": {
|
||||
"nixpkgs-23_05": {
|
||||
"locked": {
|
||||
"lastModified": 1717144377,
|
||||
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
||||
"lastModified": 1704290814,
|
||||
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
||||
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-24.05",
|
||||
"ref": "nixos-23.05",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs-23_11": {
|
||||
"locked": {
|
||||
"lastModified": 1706098335,
|
||||
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-23.11",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
|
@ -1438,22 +1376,6 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1711460390,
|
||||
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1678872516,
|
||||
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
|
||||
|
@ -1469,13 +1391,13 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable_3": {
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1719099622,
|
||||
"narHash": "sha256-YzJECAxFt+U5LPYf/pCwW/e1iUd2PF21WITHY9B/BAs=",
|
||||
"lastModified": 1717265169,
|
||||
"narHash": "sha256-IITcGd6xpNoyq9SZBigCkv4+qMHSqot0RDPR4xsZ2CA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5e8e3b89adbd0be63192f6e645e0a54080004924",
|
||||
"rev": "3b1b4895b2c5f9f5544d02132896aeb9ceea77bc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1519,11 +1441,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1722221733,
|
||||
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
|
||||
"lastModified": 1717144377,
|
||||
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "12bf09802d77264e441f48e25459c10c93eada2e",
|
||||
"rev": "805a384895c696f802a9bf5bf4720f37385df547",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1535,16 +1457,16 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1719707984,
|
||||
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
|
||||
"lastModified": 1710283656,
|
||||
"narHash": "sha256-nI+AOy4uK6jLGBi9nsbHjL1EdSIzoo8oa+9oeVhbyFc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
|
||||
"rev": "51063ed4f2343a59fdeebb279bb81d87d453942b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.05",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
@ -1555,11 +1477,11 @@
|
|||
"snowfall-lib": "snowfall-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1721741092,
|
||||
"narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=",
|
||||
"lastModified": 1716280284,
|
||||
"narHash": "sha256-rofvtPgaYEW01OnKsD3DJv2B2j9QovRTWbw8h5lGjkE=",
|
||||
"owner": "matter-labs",
|
||||
"repo": "nixsgx",
|
||||
"rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6",
|
||||
"rev": "7151f63b1549b65633503f505df1e2a0b5ee844f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -2080,7 +2002,7 @@
|
|||
"lanzaboote",
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681413034,
|
||||
|
@ -2150,7 +2072,6 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"attic": "attic",
|
||||
"darwin": "darwin",
|
||||
"disko": "disko",
|
||||
"home-manager": "home-manager",
|
||||
|
@ -2267,24 +2188,25 @@
|
|||
"simple-nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
"flake-compat": "flake-compat_5",
|
||||
"flake-compat": "flake-compat_4",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-24_05": "nixpkgs-24_05",
|
||||
"nixpkgs-23_05": "nixpkgs-23_05",
|
||||
"nixpkgs-23_11": "nixpkgs-23_11",
|
||||
"utils": "utils_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1718084203,
|
||||
"narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=",
|
||||
"lastModified": 1706219574,
|
||||
"narHash": "sha256-qO+8UErk+bXCq2ybHU4GzXG4Ejk4Tk0rnnTPNyypW4g=",
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"repo": "nixos-mailserver",
|
||||
"rev": "29916981e7b3b5782dc5085ad18490113f8ff63b",
|
||||
"rev": "e47f3719f1db3e0961a4358d4cb234a0acaa7baf",
|
||||
"type": "gitlab"
|
||||
},
|
||||
"original": {
|
||||
"owner": "simple-nixos-mailserver",
|
||||
"ref": "nixos-24.05",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixos-mailserver",
|
||||
"type": "gitlab"
|
||||
}
|
||||
|
@ -2307,7 +2229,7 @@
|
|||
},
|
||||
"snowfall-lib": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_4",
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils-plus": "flake-utils-plus",
|
||||
"nixpkgs": [
|
||||
"nixsgx-flake",
|
||||
|
@ -2315,11 +2237,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719005984,
|
||||
"narHash": "sha256-mpFl3Jv4fKnn+5znYXG6SsBjfXHJdRG5FEqNSPx0GLA=",
|
||||
"lastModified": 1696432959,
|
||||
"narHash": "sha256-oJQZv2MYyJaVyVJY5IeevzqpGvMGKu5pZcCCJvb+xjc=",
|
||||
"owner": "snowfallorg",
|
||||
"repo": "lib",
|
||||
"rev": "c6238c83de101729c5de3a29586ba166a9a65622",
|
||||
"rev": "92803a029b5314d4436a8d9311d8707b71d9f0b6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -2330,7 +2252,7 @@
|
|||
},
|
||||
"snowfall-lib_2": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_6",
|
||||
"flake-compat": "flake-compat_5",
|
||||
"flake-utils-plus": "flake-utils-plus_2",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
|
@ -2356,14 +2278,14 @@
|
|||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable_3"
|
||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1719268571,
|
||||
"narHash": "sha256-pcUk2Fg5vPXLUEnFI97qaB8hto/IToRfqskFqsjvjb8=",
|
||||
"lastModified": 1717297459,
|
||||
"narHash": "sha256-cZC2f68w5UrJ1f+2NWGV9Gx0dEYmxwomWN2B0lx0QRA=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "c2ea1186c0cbfa4d06d406ae50f3e4b085ddc9b3",
|
||||
"rev": "ab2a43b0d21d1d37d4d5726a892f714eaeb4b075",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -2495,21 +2417,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_7": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"tabular": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -2649,11 +2556,11 @@
|
|||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1722185531,
|
||||
"narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=",
|
||||
"lastModified": 1717196966,
|
||||
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d",
|
||||
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -2697,15 +2604,12 @@
|
|||
}
|
||||
},
|
||||
"utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"lastModified": 1605370193,
|
||||
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -2861,8 +2765,8 @@
|
|||
},
|
||||
"zig": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
|
|
|
@ -40,9 +40,6 @@
|
|||
|
||||
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05";
|
||||
simple-nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
attic.url = "github:zhaofengli/attic";
|
||||
attic.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = inputs:
|
||||
|
@ -76,7 +73,6 @@
|
|||
sops-nix.nixosModules.sops
|
||||
disko.nixosModules.disko
|
||||
simple-nixos-mailserver.nixosModule
|
||||
attic.nixosModules.atticd
|
||||
];
|
||||
|
||||
overlays = with inputs; [
|
||||
|
|
|
@ -8,22 +8,22 @@
|
|||
username = "harald";
|
||||
homeDirectory = "/Users/${config.home.username}";
|
||||
stateVersion = "23.11"; # Please read the comment before changing.
|
||||
# sessionPath = [ "$HOME/bin" ];
|
||||
sessionPath = [ "$HOME/bin" ];
|
||||
};
|
||||
|
||||
metacfg = {
|
||||
|
||||
cli-apps = {
|
||||
bash.enable = true;
|
||||
fish.enable = true;
|
||||
neovim.enable = true;
|
||||
tmux.enable = true;
|
||||
bat.enable = true;
|
||||
starship.enable = true;
|
||||
#home-manager.enable = true;
|
||||
home-manager.enable = true;
|
||||
};
|
||||
|
||||
tools = {
|
||||
direnv.enable = true;
|
||||
alacritty.enable = true;
|
||||
ssh.enable = true;
|
||||
git.enable = true;
|
||||
};
|
||||
|
|
|
@ -32,7 +32,6 @@
|
|||
xdg.enable = true;
|
||||
xdg.mime.enable = true;
|
||||
|
||||
/* *****************************************
|
||||
systemd.user.services = {
|
||||
render_blog = {
|
||||
Service = {
|
||||
|
@ -69,6 +68,5 @@
|
|||
Install.WantedBy = [ "timers.target" ];
|
||||
};
|
||||
};
|
||||
***************************** */
|
||||
}
|
||||
|
||||
|
|
|
@ -12,10 +12,10 @@
|
|||
};
|
||||
|
||||
nix.settings = {
|
||||
substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ];
|
||||
substituters = [ "https://cache.nixos.org" "https://nixsgx.cachix.org" ];
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="
|
||||
"nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE="
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
"appindicatorsupport@rgcjonas.gmail.com"
|
||||
"dash-to-panel@jderose9.github.com"
|
||||
"hibernate-status@dromi"
|
||||
"autohide-battery@sitnik.ru"
|
||||
];
|
||||
|
||||
favorite-apps = [
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
"appindicatorsupport@rgcjonas.gmail.com"
|
||||
"dash-to-panel@jderose9.github.com"
|
||||
"hibernate-status@dromi"
|
||||
"autohide-battery@sitnik.ru"
|
||||
];
|
||||
|
||||
favorite-apps = [
|
||||
|
|
|
@ -11,7 +11,7 @@ in
|
|||
{
|
||||
options.metacfg.nix = with types; {
|
||||
enable = mkBoolOpt true "Whether or not to manage nix configuration.";
|
||||
package = mkOpt package pkgs.nix "Which nix package to use.";
|
||||
package = mkOpt package pkgs.nixUnstable "Which nix package to use.";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
{ options
|
||||
, config
|
||||
, lib
|
||||
, pkgs
|
||||
, ...
|
||||
}:
|
||||
with lib;
|
||||
with lib.metacfg;
|
||||
let
|
||||
cfg = config.metacfg.base;
|
||||
in
|
||||
{
|
||||
options.metacfg.base = with types; {
|
||||
enable = mkBoolOpt false "Whether or not to enable the base config.";
|
||||
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
alacritty
|
||||
age
|
||||
delta
|
||||
git
|
||||
git-crypt
|
||||
git-delete-merged-branches
|
||||
home-manager
|
||||
htop
|
||||
mosh
|
||||
nixpkgs-fmt
|
||||
openssl
|
||||
restic
|
||||
rrsync
|
||||
sops
|
||||
tmux
|
||||
vim
|
||||
wget
|
||||
starship
|
||||
];
|
||||
shells = [ pkgs.fish pkgs.bash ];
|
||||
};
|
||||
|
||||
programs = {
|
||||
bash = {
|
||||
## shellInit = ''
|
||||
interactiveShellInit = ''
|
||||
bind '"\e[A": history-search-backward'
|
||||
bind '"\e[B": history-search-forward'
|
||||
'';
|
||||
};
|
||||
fish.enable = true;
|
||||
};
|
||||
|
||||
security = {
|
||||
pam.enableSudoTouchIdAuth = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -16,8 +16,6 @@ in
|
|||
metacfg = {
|
||||
nix = enabled;
|
||||
|
||||
base = enabled;
|
||||
|
||||
system = {
|
||||
fonts = enabled;
|
||||
#input = enabled;
|
||||
|
|
|
@ -17,7 +17,9 @@ in
|
|||
};
|
||||
|
||||
fonts = {
|
||||
packages = with pkgs;
|
||||
fontDir = enabled;
|
||||
|
||||
fonts = with pkgs;
|
||||
[
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
|
|
|
@ -60,7 +60,6 @@ in
|
|||
clean = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
||||
smudge = "${pkgs.metacfg.rot8000}/bin/rot8000";
|
||||
};
|
||||
http.sslCAinfo = "/etc/ssl/certs/ca-certificates.crt";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -51,7 +51,7 @@ in
|
|||
users = [ "root" config.metacfg.user.name ] ++
|
||||
optional config.services.hydra.enable "hydra";
|
||||
extra-substituters = cfg.extra-substituters // {
|
||||
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
||||
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -83,8 +83,8 @@ in
|
|||
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = lib.mkDefault "weekly";
|
||||
options = lib.mkDefault "--delete-older-than 14d";
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
# flake-utils-plus
|
||||
|
|
|
@ -67,11 +67,6 @@ in
|
|||
vim
|
||||
virt-manager
|
||||
wget
|
||||
(pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" ''
|
||||
qemu-system-x86_64 \
|
||||
-bios ${pkgs.OVMF.fd}/FV/OVMF.fd \
|
||||
"$@"
|
||||
'')
|
||||
];
|
||||
shells = [ pkgs.fish pkgs.bash ];
|
||||
};
|
||||
|
@ -83,6 +78,7 @@ in
|
|||
};
|
||||
enableRedistributableFirmware = lib.mkDefault true;
|
||||
enableAllFirmware = true;
|
||||
opengl.extraPackages = with pkgs; [ intel-compute-runtime ];
|
||||
};
|
||||
|
||||
programs = {
|
||||
|
@ -118,7 +114,7 @@ in
|
|||
tpm2.abrmd.enable = lib.mkDefault true;
|
||||
sudo = {
|
||||
enable = true;
|
||||
wheelNeedsPassword = lib.mkDefault true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -160,13 +156,7 @@ in
|
|||
environment.GIT_CONFIG_GLOBAL = toString gitconfig;
|
||||
};
|
||||
|
||||
programs.git.enable = true;
|
||||
|
||||
virtualisation.libvirtd.enable = true;
|
||||
|
||||
boot.tmp.useTmpfs = true;
|
||||
systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";
|
||||
|
||||
services.fstrim.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
];
|
||||
|
||||
xserver = {
|
||||
xkb.layout = lib.mkDefault "de+us";
|
||||
layout = lib.mkDefault "de+us";
|
||||
enable = true;
|
||||
displayManager.gdm.enable = true;
|
||||
desktopManager.gnome.enable = true;
|
||||
|
@ -58,27 +58,6 @@ in
|
|||
# Enable sound with pipewire.
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = false;
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
onevpl-intel-gpu
|
||||
intel-compute-runtime
|
||||
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||
#intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
libvdpau-va-gl
|
||||
];
|
||||
};
|
||||
environment.sessionVariables = {
|
||||
LIBVA_DRIVER_NAME = "iHD";
|
||||
NIXOS_OZONE_WL = "1";
|
||||
}; # Force intel-media-driver
|
||||
|
||||
metacfg.home.configFile."mpv/mpv.conf".text = ''
|
||||
hwdec=auto-safe
|
||||
vo=gpu
|
||||
profile=gpu-hq
|
||||
gpu-context=wayland
|
||||
'';
|
||||
|
||||
security.rtkit.enable = true;
|
||||
|
||||
|
@ -89,23 +68,19 @@ in
|
|||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
#pcsctools
|
||||
bat
|
||||
cardpeek
|
||||
ccache
|
||||
chromium
|
||||
clang
|
||||
dive
|
||||
file
|
||||
firefox
|
||||
gh
|
||||
gimp
|
||||
git
|
||||
gnome-browser-connector
|
||||
gimp
|
||||
gnome.cheese
|
||||
gnome.gnome-software
|
||||
gnomeExtensions.appindicator
|
||||
gnomeExtensions.autohide-battery
|
||||
gnomeExtensions.dash-to-panel
|
||||
gnomeExtensions.hibernate-status-button
|
||||
gnomeExtensions.vitals
|
||||
|
@ -120,11 +95,11 @@ in
|
|||
nixpkgs-fmt
|
||||
opensc
|
||||
pasystray
|
||||
#pcsctools
|
||||
pinentry-gnome3
|
||||
pkg-config
|
||||
pstree
|
||||
ripgrep
|
||||
rustup
|
||||
slack
|
||||
spotify
|
||||
statix
|
||||
|
@ -132,9 +107,10 @@ in
|
|||
tmux
|
||||
vim
|
||||
wl-clipboard
|
||||
yubikey-manager-qt
|
||||
yubikey-personalization
|
||||
yubikey-manager-qt
|
||||
zellij
|
||||
rustup
|
||||
];
|
||||
|
||||
#----=[ Fonts ]=----#
|
||||
|
|
|
@ -1,48 +0,0 @@
|
|||
{ options, config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
with lib.metacfg;
|
||||
let cfg = config.metacfg.homeprinter;
|
||||
in
|
||||
{
|
||||
options.metacfg.homeprinter = with types; {
|
||||
enable = mkBoolOpt false "Whether or not to enable the home printers.";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.printing.drivers = with pkgs; [
|
||||
metacfg.dcpl2530dw-cups
|
||||
gutenprintBin
|
||||
gutenprint
|
||||
];
|
||||
|
||||
hardware.printers.ensurePrinters = [
|
||||
{
|
||||
name = "Brother_DCP-L2530DW_series";
|
||||
location = "Dach";
|
||||
deviceUri = "dnssd://Brother%20DCP-L2530DW%20series._ipp._tcp.local/?uuid=e3248000-80ce-11db-8000-cc6b1e5cd0ea";
|
||||
model = "brother-DCPL2530DW-cups-en.ppd";
|
||||
ppdOptions = {
|
||||
PageSize = "A4";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "Canon_MG6300_series";
|
||||
location = "Dach";
|
||||
deviceUri = "dnssd://Canon%20MG6300%20series._ipp._tcp.local/?uuid=00000000-0000-1000-8000-2C9EFC9C7BA5";
|
||||
model = "gutenprint.5.3://bjc-PIXMA-MG6350/expert";
|
||||
ppdOptions = {
|
||||
PageSize = "w283h425";
|
||||
# StpFullBleed = "True";
|
||||
MediaType = "PhotoPlusGloss2";
|
||||
ColorModel = "CMYK";
|
||||
StpColorCorrection = "Accurate";
|
||||
StpColorPrecision = "Best";
|
||||
StpInkType = "CMYKk";
|
||||
StpImageType = "Photo";
|
||||
StpDitherAlgorithm = "Adaptive";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -13,7 +13,7 @@ in
|
|||
config = mkIf cfg.enable {
|
||||
metacfg = {
|
||||
nix.extra-substituters = {
|
||||
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
||||
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
||||
};
|
||||
};
|
||||
services.aesmd = {
|
||||
|
|
|
@ -31,7 +31,7 @@ in
|
|||
|
||||
metacfg = {
|
||||
nix.extra-substituters = {
|
||||
"https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=";
|
||||
"https://nixsgx.cachix.org".key = "nixsgx.cachix.org-1:tGi36DlY2joNsIXOlGnSgWW0+E094V6hW0umQRo/KoE=";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -54,7 +54,6 @@ in
|
|||
interactive.diffFilter = "${pkgs.delta}/bin/delta --color-only";
|
||||
merge.conflictStyle = "diff3";
|
||||
diff.colorMoved = "default";
|
||||
http.sslCAinfo = "/etc/ssl/certs/ca-certificates.crt";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -104,7 +104,7 @@ in
|
|||
# system to select).
|
||||
uid = 1000;
|
||||
|
||||
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
|
||||
extraGroups = [ ] ++ cfg.extraGroups;
|
||||
}
|
||||
// cfg.extraOptions;
|
||||
};
|
||||
|
|
|
@ -1,82 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, fetchurl
|
||||
, makeWrapper
|
||||
, cups
|
||||
, dpkg
|
||||
, a2ps
|
||||
, ghostscript
|
||||
, gnugrep
|
||||
, gnused
|
||||
, coreutils
|
||||
, file
|
||||
, perl
|
||||
, which
|
||||
}:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "dcpl2530dw-cups";
|
||||
version = "4.0.0";
|
||||
|
||||
src = fetchurl {
|
||||
# The i386 part is a lie. There are x86, x86_64 and armv7l drivers.
|
||||
# Though this builds only supports x86_64 for now.
|
||||
url = "https://download.brother.com/welcome/dlf103518/dcpl2530dwpdrv-${version}-1.i386.deb";
|
||||
sha256 = "sha256-f5lxwp7iu6gvmP7DU3xQMH8rOcuUT0vlxVTUiTg1eeo=";
|
||||
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
buildInputs = [ cups ghostscript dpkg a2ps ];
|
||||
|
||||
dontUnpack = true;
|
||||
|
||||
installPhase = ''
|
||||
dpkg-deb -x $src $out
|
||||
|
||||
substituteInPlace $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
|
||||
--replace /opt "$out/opt" \
|
||||
--replace /usr/bin/perl ${perl}/bin/perl \
|
||||
--replace "BR_PRT_PATH =~" "BR_PRT_PATH = \"$out\"; #" \
|
||||
--replace "PRINTER =~" "PRINTER = \"DCPL2530DW\"; #"
|
||||
|
||||
# FIXME : Allow i686 and armv7l variations to be setup instead.
|
||||
_PLAT=x86_64
|
||||
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
||||
$out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/brprintconflsr3
|
||||
patchelf --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
|
||||
$out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/rawtobr3
|
||||
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/brprintconflsr3 $out/opt/brother/Printers/DCPL2530DW/lpd/brprintconflsr3
|
||||
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/$_PLAT/rawtobr3 $out/opt/brother/Printers/DCPL2530DW/lpd/rawtobr3
|
||||
|
||||
for f in \
|
||||
$out/opt/brother/Printers/DCPL2530DW/cupswrapper/lpdwrapper \
|
||||
$out/opt/brother/Printers/DCPL2530DW/cupswrapper/paperconfigml2 \
|
||||
; do
|
||||
#substituteInPlace $f \
|
||||
wrapProgram $f \
|
||||
--prefix PATH : ${lib.makeBinPath [
|
||||
coreutils ghostscript gnugrep gnused
|
||||
]}
|
||||
done
|
||||
|
||||
mkdir -p $out/lib/cups/filter/
|
||||
ln -s $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter $out/lib/cups/filter/brother_lpdwrapper_DCPL2530DW
|
||||
|
||||
mkdir -p $out/share/cups/model
|
||||
ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/
|
||||
|
||||
wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \
|
||||
--prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] }
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "http://www.brother.com/";
|
||||
description = "Brother DCP-L2530DW combined print driver";
|
||||
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
|
||||
license = licenses.unfree;
|
||||
platforms = [ "x86_64-linux" ];
|
||||
downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads";
|
||||
};
|
||||
}
|
||||
|
|
@ -8,73 +8,72 @@
|
|||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "harald@hoyer.xyz";
|
||||
dnsProvider = "cloudflare";
|
||||
dnsProvider = "internetbs";
|
||||
credentialsFile = config.sops.secrets.internetbs.path;
|
||||
};
|
||||
certs = {
|
||||
"mx.surfsite.org" = { };
|
||||
|
||||
"surfsite.org" = {
|
||||
extraDomainNames = [
|
||||
"*.surfsite.org"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.xyz" = {
|
||||
dnsProvider = "cloudflare";
|
||||
extraDomainNames = [
|
||||
"*.hoyer.xyz"
|
||||
"*.harald.hoyer.xyz"
|
||||
"*.hartwin.hoyer.xyz"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.world" = {
|
||||
dnsProvider = "cloudflare";
|
||||
extraDomainNames = [
|
||||
"*.hoyer.world"
|
||||
"*.harald.hoyer.world"
|
||||
"*.hartwin.hoyer.world"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.social" = {
|
||||
dnsProvider = "cloudflare";
|
||||
extraDomainNames = [
|
||||
"*.hoyer.social"
|
||||
"*.harald.hoyer.social"
|
||||
"*.hartwin.hoyer.social"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.photos" = {
|
||||
dnsProvider = "cloudflare";
|
||||
extraDomainNames = [
|
||||
"*.hoyer.photos"
|
||||
"*.harald.hoyer.photos"
|
||||
"*.hartwin.hoyer.photos"
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
"harald-hoyer.de" = {
|
||||
extraDomainNames = [
|
||||
"*.harald-hoyer.de"
|
||||
];
|
||||
};
|
||||
|
||||
"hartwin-hoyer.de" = {
|
||||
extraDomainNames = [
|
||||
"*.hartwin-hoyer.de"
|
||||
];
|
||||
};
|
||||
|
||||
"herward-hoyer.de" = {
|
||||
extraDomainNames = [
|
||||
"*.herward-hoyer.de"
|
||||
];
|
||||
};
|
||||
|
||||
"varlink.org" = {
|
||||
extraDomainNames = [
|
||||
"*.varlink.org"
|
||||
];
|
||||
};
|
||||
|
||||
"meike-hoyer.de" = { };
|
||||
|
||||
"hoyer.xyz" = {
|
||||
extraDomainNames = [
|
||||
"*.hoyer.xyz"
|
||||
"*.harald.hoyer.xyz"
|
||||
"*.hartwin.hoyer.xyz"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.world" = {
|
||||
extraDomainNames = [
|
||||
"*.hoyer.world"
|
||||
"*.harald.hoyer.world"
|
||||
"*.hartwin.hoyer.world"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.social" = {
|
||||
extraDomainNames = [
|
||||
"*.hoyer.social"
|
||||
"*.harald.hoyer.social"
|
||||
"*.hartwin.hoyer.social"
|
||||
];
|
||||
};
|
||||
|
||||
"hoyer.photos" = {
|
||||
extraDomainNames = [
|
||||
"*.hoyer.photos"
|
||||
"*.harald.hoyer.photos"
|
||||
"*.hartwin.hoyer.photos"
|
||||
];
|
||||
};
|
||||
|
||||
"harald-hoyer.de" = {
|
||||
extraDomainNames = [
|
||||
"*.harald-hoyer.de"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,56 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
sops.secrets."coturn/static-auth-secret" = {
|
||||
sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file
|
||||
restartUnits = [ "coturn.service" ];
|
||||
owner = "turnserver";
|
||||
};
|
||||
|
||||
networking.firewall =
|
||||
let
|
||||
range = with config.services.coturn; [{
|
||||
from = min-port;
|
||||
to = max-port;
|
||||
}];
|
||||
in
|
||||
{
|
||||
allowedUDPPortRanges = range;
|
||||
allowedTCPPorts = [ 3478 3479 5349 ];
|
||||
allowedUDPPorts = [ 3478 3479 5349 ];
|
||||
};
|
||||
|
||||
# get a certificate
|
||||
security.acme.certs.${config.services.coturn.realm} = {
|
||||
/* insert here the right configuration to obtain a certificate */
|
||||
postRun = "systemctl restart coturn.service";
|
||||
group = "turnserver";
|
||||
};
|
||||
|
||||
services.coturn = rec {
|
||||
enable = true;
|
||||
realm = "turn.hoyer.xyz";
|
||||
static-auth-secret-file = config.sops.secrets."coturn/static-auth-secret".path;
|
||||
use-auth-secret = true;
|
||||
lt-cred-mech = true;
|
||||
min-port = 49000;
|
||||
max-port = 50000;
|
||||
no-cli = true;
|
||||
cert = "${config.security.acme.certs.${realm}.directory}/full.pem";
|
||||
pkey = "${config.security.acme.certs.${realm}.directory}/key.pem";
|
||||
extraConfig = ''
|
||||
fingerprint
|
||||
total-quota=100
|
||||
bps-capacity=0
|
||||
stale-nonce=600
|
||||
cipher-list="ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384"
|
||||
no-loopback-peers
|
||||
no-multicast-peers
|
||||
no-tlsv1
|
||||
no-tlsv1_1
|
||||
# strongly encouraged options to decrease amplification attacks
|
||||
no-rfc5780
|
||||
no-stun-backward-compatibility
|
||||
response-origin-only-with-rfc5780
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -3,7 +3,7 @@
|
|||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./rspamd.nix
|
||||
# ./goaccess.nix
|
||||
./goaccess.nix
|
||||
./nextcloud.nix
|
||||
./backup.nix
|
||||
./users.nix
|
||||
|
@ -13,7 +13,6 @@
|
|||
./forgejo.nix
|
||||
./nginx.nix
|
||||
./network.nix
|
||||
./coturn.nix
|
||||
];
|
||||
|
||||
metacfg = {
|
||||
|
@ -36,13 +35,6 @@
|
|||
flake = lib.mkForce "git+file:///var/lib/gitea/repositories/harald/nixcfg.git#mx";
|
||||
};
|
||||
|
||||
nix.gc = {
|
||||
dates = "daily";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
|
||||
programs.git.config.safe.directory = "/var/lib/gitea/repositories/harald/nixcfg.git";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
age
|
||||
apacheHttpd # for mkpasswd
|
||||
|
|
|
@ -51,25 +51,4 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
|
||||
sops.secrets."forgejo-runner-token" = {
|
||||
sopsFile = ../../../.secrets/hetzner/forgejo-runner-token.yaml; # bring your own password file
|
||||
};
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances.default = {
|
||||
enable = true;
|
||||
name = "base";
|
||||
url = "https://git.hoyer.xyz";
|
||||
tokenFile = config.sops.secrets.forgejo-runner-token.path;
|
||||
settings.container.network = "host";
|
||||
labels = [
|
||||
"ubuntu-latest:docker://gitea/runner-images:ubuntu-latest"
|
||||
"ubuntu-22.04:docker://gitea/runner-images:ubuntu-22.04"
|
||||
"ubuntu-20.04:docker://gitea/runner-images:ubuntu-20.04"
|
||||
"nix:docker://git.hoyer.xyz/harald/nix-runner:latest"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -39,4 +39,7 @@
|
|||
};
|
||||
|
||||
swapDevices = [{ device = "/swapfile"; }];
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -5,13 +5,12 @@
|
|||
enable = true;
|
||||
fqdn = "mx.surfsite.org";
|
||||
sendingFqdn = "mx.surfsite.org";
|
||||
certificateScheme = "acme";
|
||||
acmeCertificateName = "surfsite.org";
|
||||
domains = [
|
||||
"harald-hoyer.de"
|
||||
"hartwin-hoyer.de"
|
||||
"herward-hoyer.de"
|
||||
"meike-hoyer.de"
|
||||
"meike-knutz.de"
|
||||
"gerlinde-hoyer.de"
|
||||
|
||||
"hoyer.xyz"
|
||||
"nc.hoyer.xyz"
|
||||
|
@ -19,6 +18,7 @@
|
|||
|
||||
"varlink.org"
|
||||
"surfsite.org"
|
||||
"myprivacy.tools"
|
||||
"hoyer.social"
|
||||
"hoyer.world"
|
||||
"hoyer.photos"
|
||||
|
@ -55,90 +55,73 @@
|
|||
hashedPasswordFile = "/ubzr/unenyq/frpergf/zu@ublre.klm";
|
||||
aliases = [
|
||||
"zrvxr@unenyq-ublre.qr"
|
||||
"zrvxr@ublre.fbpvny"
|
||||
"zrvxr@ublre.jbeyq"
|
||||
"zrvxr@zrvxr-xahgm.qr"
|
||||
"zrvxr.ublre@zrvxr-xahgm.qr"
|
||||
"zrvxr@ublre.klm"
|
||||
"zrvxr@zrvxr-ublre.qr"
|
||||
"zrvxr@ap.ublre.klm"
|
||||
];
|
||||
};
|
||||
"nyrk@ublre.klm" = {
|
||||
hashedPasswordFile = "/home/hartwin/secrets/alex-mail";
|
||||
aliases = [
|
||||
"nyrk.ublre@unegjva-ublre.qr"
|
||||
"nyrk.ublre@fhesfvgr.bet"
|
||||
"nyrk@unegjva-ublre.qr"
|
||||
"nyrk@ublre.fbpvny"
|
||||
"nyrk@ublre.jbeyq"
|
||||
"nyrk.ublre@unegjva-ublre.qr"
|
||||
"nyrk@fhesfvgr.bet"
|
||||
"nyrknaqre@ublre.fbpvny"
|
||||
"nyrknaqre@ublre.jbeyq"
|
||||
"nyrk.ublre@fhesfvgr.bet"
|
||||
"nyrknaqre@ublre.klm"
|
||||
];
|
||||
};
|
||||
"wna@ublre.klm" = {
|
||||
hashedPasswordFile = "/home/hartwin/secrets/jan-mail";
|
||||
aliases = [
|
||||
"wna.ublre@unegjva-ublre.qr"
|
||||
"wna.ublre@fhesfvgr.bet"
|
||||
"wna@unegjva-ublre.qr"
|
||||
"wna@ublre.fbpvny"
|
||||
"wna@ublre.jbeyq"
|
||||
"wna.ublre@unegjva-ublre.qr"
|
||||
"wna@fhesfvgr.bet"
|
||||
"wna.ublre@fhesfvgr.bet"
|
||||
];
|
||||
};
|
||||
"unaanu@ublre.klm" = {
|
||||
hashedPasswordFile = "/home/hartwin/secrets/hannah-mail";
|
||||
aliases = [
|
||||
"unaanu.ublre@unegjva-ublre.qr"
|
||||
"unaanu.ublre@fhesfvgr.bet"
|
||||
"unaanu@unegjva-ublre.qr"
|
||||
"unaanu@ublre.fbpvny"
|
||||
"unaanu@ublre.jbeyq"
|
||||
"unaanu.ublre@unegjva-ublre.qr"
|
||||
"unaanu@fhesfvgr.bet"
|
||||
"unaanu.ublre@fhesfvgr.bet"
|
||||
];
|
||||
};
|
||||
"fgrssv@ublre.klm" = {
|
||||
hashedPasswordFile = "/home/hartwin/secrets/steffi-mail";
|
||||
aliases = [
|
||||
"fgrsnavr.ublre@ublre.klm"
|
||||
"fgrsnavr.ublre@fhesfvgr.bet"
|
||||
"fgrsnavr@ublre.fbpvny"
|
||||
"fgrsnavr@ublre.jbeyq"
|
||||
"fgrsnavr@ublre.klm"
|
||||
"fgrsnavrublre@fhesfvgr.bet"
|
||||
"fgrssv@fhesfvgr.bet"
|
||||
"fgrsnavrublre@fhesfvgr.bet"
|
||||
"fgrsnavr.ublre@fhesfvgr.bet"
|
||||
"fgrsnavr.ublre@ublre.klm"
|
||||
"fgrsnavr@ublre.klm"
|
||||
];
|
||||
};
|
||||
"unegjva@ublre.klm" = {
|
||||
hashedPasswordFile = "/home/hartwin/secrets/hartwin-mail";
|
||||
aliases = [
|
||||
"unegjva.ublre@unegjva-ublre.qr"
|
||||
"unegjva@unegjva-ublre.qr"
|
||||
"unegjva@ublre.cubgbf"
|
||||
"unegjva@ublre.fbpvny"
|
||||
"unegjva@ublre.jbeyq"
|
||||
"unegjva@ap.ublre.klm"
|
||||
"znvy@unegjva-ublre.qr"
|
||||
"jroznfgre@unegjva.ublre.cubgbf"
|
||||
"jroznfgre@unegjva.ublre.klm"
|
||||
"unegjva@unegjva-ublre.qr"
|
||||
"lbhghor@unegjva-ublre.qr"
|
||||
"unegjva@ap.ublre.klm"
|
||||
"unegjva@ublre.cubgbf"
|
||||
"jroznfgre@unegjva.ublre.cubgbf"
|
||||
];
|
||||
};
|
||||
"uublre@urejneq-ublre.qr" = {
|
||||
hashedPasswordFile = "/home/hhoyer/secrets/hhoyer-mail";
|
||||
aliases = [
|
||||
"thn808@urejneq-ublre.qr"
|
||||
"urejneq.ublre@urejneq-ublre.qr"
|
||||
"urejneq@urejneq-ublre.qr"
|
||||
"urejneq@ublre.fbpvny"
|
||||
"urejneq@ublre.jbeyq"
|
||||
"urejneq@if189018.ifreire.qr"
|
||||
"thn808@urejneq-ublre.qr"
|
||||
"znvy@urejneq-ublre.qr"
|
||||
"urejneq.ublre@urejneq-ublre.qr"
|
||||
"uublre@fhesfvgr.bet"
|
||||
"uublre@ublre.klm"
|
||||
"urejneq@ublre.klm"
|
||||
"urejneq@ap.ublre.klm"
|
||||
"urejneq@if189018.ifreire.qr"
|
||||
"uublre@ublre.klm"
|
||||
"uublre@fhesfvgr.bet"
|
||||
"znvy@urejneq-ublre.qr"
|
||||
];
|
||||
};
|
||||
"unenyq@ublre.klm" = {
|
||||
|
@ -149,12 +132,14 @@
|
|||
|
||||
"nohfr@zk.fhesfvgr.bet"
|
||||
"nohfr@fhesfvgr.bet"
|
||||
"nohfr@zrvxr-ublre.qr"
|
||||
"nohfr@unegjva-ublre.qr"
|
||||
"nohfr@urejneq-ublre.qr"
|
||||
"nohfr@zrvxr-xahgm.qr"
|
||||
"nohfr@treyvaqr-ublre.qr"
|
||||
"nohfr@ublre.klm"
|
||||
"nohfr@unenyq.ublre.klm"
|
||||
"nohfr@ineyvax.bet"
|
||||
"nohfr@zlcevinpl.gbbyf"
|
||||
"nohfr@ublre.fbpvny"
|
||||
"nohfr@ublre.jbeyq"
|
||||
"nohfr@ublre.cubgbf"
|
||||
|
@ -163,10 +148,12 @@
|
|||
"cbfgznfgre@fhesfvgr.bet"
|
||||
"cbfgznfgre@unegjva-ublre.qr"
|
||||
"cbfgznfgre@urejneq-ublre.qr"
|
||||
"cbfgznfgre@zrvxr-ublre.qr"
|
||||
"cbfgznfgre@zrvxr-xahgm.qr"
|
||||
"cbfgznfgre@treyvaqr-ublre.qr"
|
||||
"cbfgznfgre@ublre.klm"
|
||||
"cbfgznfgre@unenyq.ublre.klm"
|
||||
"cbfgznfgre@ineyvax.bet"
|
||||
"cbfgznfgre@zlcevinpl.gbbyf"
|
||||
"cbfgznfgre@ublre.fbpvny"
|
||||
"cbfgznfgre@ublre.jbeyq"
|
||||
"cbfgznfgre@ublre.cubgbf"
|
||||
|
@ -175,6 +162,7 @@
|
|||
"jroznfgre@fhesfvgr.bet"
|
||||
"jroznfgre@unenyq.ublre.klm"
|
||||
"jroznfgre@ineyvax.bet"
|
||||
"jroznfgre@zlcevinpl.gbbyf"
|
||||
"jroznfgre@ublre.fbpvny"
|
||||
"jroznfgre@ublre.jbeyq"
|
||||
"jroznfgre@ublre.cubgbf"
|
||||
|
@ -192,10 +180,10 @@
|
|||
"unenyq@ublre.klm"
|
||||
"unenyq@ap.ublre.klm"
|
||||
"unenyq@ineyvax.bet"
|
||||
"unenyq@zlcevinpl.gbbyf"
|
||||
"unenyq@ublre.jbeyq"
|
||||
"unenyq@ublre.fbpvny"
|
||||
"unenyq@ublre.cubgbf"
|
||||
"unenyq@zrvxr-ublre.qr"
|
||||
|
||||
"@unenyq.ublre.klm"
|
||||
"@unenyq-ublre.qr"
|
||||
|
@ -226,6 +214,7 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
certificateScheme = "acme";
|
||||
};
|
||||
|
||||
services.roundcube = {
|
||||
|
|
|
@ -2,19 +2,17 @@
|
|||
{
|
||||
systemd.services."nextcloud-setup".requires = [ "postgresql.service" ];
|
||||
systemd.services."nextcloud-setup".after = [ "postgresql.service" ];
|
||||
environment.systemPackages = with pkgs; [ ffmpeg ];
|
||||
|
||||
environment.etc."nextcloud-admin-pass".text = "test123";
|
||||
services.nextcloud = {
|
||||
enable = true;
|
||||
package = pkgs.nextcloud29;
|
||||
package = pkgs.nextcloud28;
|
||||
hostName = "nc.hoyer.xyz";
|
||||
https = true;
|
||||
configureRedis = true;
|
||||
settings = {
|
||||
extraOptions = {
|
||||
mail_smtpmode = "sendmail";
|
||||
mail_sendmailmode = "pipe";
|
||||
default_phone_region = "DE";
|
||||
};
|
||||
phpOptions = {
|
||||
upload_max_filesize = lib.mkForce "1G";
|
||||
|
@ -22,26 +20,10 @@
|
|||
"opcache.interned_strings_buffer" = "16";
|
||||
};
|
||||
config.adminpassFile = "/etc/nextcloud-admin-pass";
|
||||
config.defaultPhoneRegion = "DE";
|
||||
config.dbtype = "pgsql";
|
||||
config.dbname = "nextcloud";
|
||||
config.dbhost = "/run/postgresql";
|
||||
config.dbuser = "nextcloud";
|
||||
extraOptions.enabledPreviewProviders = [
|
||||
"OC\\Preview\\BMP"
|
||||
"OC\\Preview\\GIF"
|
||||
"OC\\Preview\\HEIC"
|
||||
"OC\\Preview\\JPEG"
|
||||
"OC\\Preview\\Krita"
|
||||
"OC\\Preview\\MP3"
|
||||
"OC\\Preview\\MP4"
|
||||
"OC\\Preview\\MarkDown"
|
||||
"OC\\Preview\\Movie"
|
||||
"OC\\Preview\\OpenDocument"
|
||||
"OC\\Preview\\PDF"
|
||||
"OC\\Preview\\PNG"
|
||||
"OC\\Preview\\TXT"
|
||||
"OC\\Preview\\WEBP"
|
||||
"OC\\Preview\\XBitmap"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
users.users.nginx.extraGroups = [ "acme" ];
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
clientMaxBodySize = "1000M";
|
||||
appendHttpConfig = ''
|
||||
log_format vcombined '$host:$server_port '
|
||||
'$remote_addr - $remote_user [$time_local] '
|
||||
|
|
|
@ -1,36 +1,34 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
domains = ''
|
||||
epicgames.com
|
||||
dmail.ai
|
||||
twitter.com
|
||||
x.com
|
||||
gmx.de
|
||||
chess.com
|
||||
'';
|
||||
in
|
||||
{
|
||||
services.rspamd.workers.controller.bindSockets = [{
|
||||
socket = "/run/rspamd/worker-controller.sock";
|
||||
mode = "0660";
|
||||
}];
|
||||
services.rspamd.locals = {
|
||||
"settings.conf".text = ''
|
||||
bogenschiessen {
|
||||
from = "bogensport-jugend@gmx.de";
|
||||
apply {
|
||||
actions {
|
||||
reject = 100.0;
|
||||
greylist = null; # Disable greylisting (from 1.8.1)
|
||||
"add header" = 100.0; # Please note the space, NOT an underscore
|
||||
}
|
||||
}
|
||||
}
|
||||
"maps.d/spf_whitelist.inc.local" = {
|
||||
text = ''
|
||||
epicgames.com
|
||||
dmail.ai
|
||||
'';
|
||||
"maps.d/spf_whitelist.inc.local".text = domains;
|
||||
"maps.d/spf_dkim_whitelist.inc.local".text = domains;
|
||||
"maps.d/dmarc_whitelist.inc.local".text = domains;
|
||||
"greylist-whitelist-domains.inc".text = domains;
|
||||
};
|
||||
"maps.d/spf_dkim_whitelist.inc.local" = {
|
||||
text = ''
|
||||
epicgames.com
|
||||
dmail.ai
|
||||
'';
|
||||
};
|
||||
"maps.d/dmarc_whitelist.inc.local" = {
|
||||
text = ''
|
||||
epicgames.com
|
||||
dmail.ai
|
||||
'';
|
||||
};
|
||||
"greylist-whitelist-domains.inc" = {
|
||||
text = ''
|
||||
dmail.ai
|
||||
epicgames.com
|
||||
'';
|
||||
};
|
||||
};
|
||||
services.rspamd.extraConfig = ''
|
||||
actions {
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "attic" ];
|
||||
ensureUsers = [{ name = "atticd"; }];
|
||||
};
|
||||
|
||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||
$PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"'
|
||||
'';
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
attic-client
|
||||
];
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
|
||||
# Replace with absolute path to your credentials file
|
||||
credentialsFile = "/etc/atticd.env";
|
||||
|
||||
settings = {
|
||||
api-endpoint = "https://attic.teepot.org/";
|
||||
|
||||
garbage-collection.default-retention-period = "3 months";
|
||||
|
||||
database.url = "postgresql:///attic?host=/run/postgresql";
|
||||
|
||||
listen = "[::]:8080";
|
||||
|
||||
# Data chunking
|
||||
#
|
||||
# Warning: If you change any of the values here, it will be
|
||||
# difficult to reuse existing chunks for newly-uploaded NARs
|
||||
# since the cutpoints will be different. As a result, the
|
||||
# deduplication ratio will suffer for a while after the change.
|
||||
chunking = {
|
||||
# The minimum NAR size to trigger chunking
|
||||
#
|
||||
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||
# If 1, all NARs are chunked.
|
||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||
|
||||
# The preferred minimum size of a chunk, in bytes
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
|
||||
# The preferred average size of a chunk, in bytes
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
|
||||
# The preferred maximum size of a chunk, in bytes
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
with lib.metacfg;
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./atticd.nix
|
||||
];
|
||||
|
||||
metacfg = {
|
||||
base.enable = true;
|
||||
nix.enable = true;
|
||||
};
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
podman.dockerCompat = false;
|
||||
};
|
||||
|
||||
system.autoUpgrade = {
|
||||
enable = true;
|
||||
operation = "switch";
|
||||
allowReboot = true;
|
||||
};
|
||||
|
||||
security.tpm2.enable = false;
|
||||
security.tpm2.abrmd.enable = false;
|
||||
|
||||
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
||||
networking.firewall.allowedTCPPorts = [ 8080 ];
|
||||
networking.firewall.allowPing = true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = "ondemand";
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
|
@ -1,41 +0,0 @@
|
|||
# USAGE in your configuration.nix.
|
||||
# Update devices to match your hardware.
|
||||
# {
|
||||
# imports = [ ./disko-config.nix ];
|
||||
# disko.devices.disk.main.device = "/dev/sda";
|
||||
# }
|
||||
{
|
||||
config.disko.devices = {
|
||||
disk = {
|
||||
main = {
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
size = "1M";
|
||||
type = "EF02"; # for grub MBR
|
||||
};
|
||||
ESP = {
|
||||
size = "1G";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,27 +0,0 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./disko.nix
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
disko.devices.disk.main.device = "/dev/vda";
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
|
@ -2,9 +2,7 @@
|
|||
with lib;
|
||||
with lib.metacfg;
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1;
|
||||
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
||||
|
@ -52,8 +50,6 @@ with lib.metacfg;
|
|||
|
||||
networking.wireless.enable = false; # Enables wireless support via wpa_supplicant.
|
||||
|
||||
networking.firewall.allowPing = true;
|
||||
|
||||
powerManagement.cpuFreqGovernor = "ondemand";
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
|
|
@ -72,14 +72,4 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
services = {
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "harald";
|
||||
dataDir = "/mnt/raid/Qmultimedia/syncthing"; # Default folder for new synced folders
|
||||
configDir = "/mnt/raid/Qmultimedia/syncthing/.config/syncthing"; # Folder for Syncthing's settings and keys
|
||||
guiAddress = "0.0.0.0:8384";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -37,7 +37,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ];
|
||||
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
|
||||
networking.firewall.allowedTCPPorts = [ 548 ];
|
||||
networking.firewall.allowPing = true;
|
||||
}
|
||||
|
|
|
@ -9,8 +9,6 @@
|
|||
nix.enable = true;
|
||||
podman.enable = true;
|
||||
secureboot.enable = true;
|
||||
homeprinter.enable = true;
|
||||
user.extraGroups = [ "docker" "dialout" ];
|
||||
};
|
||||
|
||||
system.autoUpgrade = {
|
||||
|
@ -21,9 +19,6 @@
|
|||
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
services.resolved.enable = true;
|
||||
services.resolved.dnssec = "allow-downgrade";
|
||||
|
||||
sops.age.sshKeyPaths = [ "/persist/ssh/ssh_host_ed25519_key" ];
|
||||
sops.secrets.backup-s3.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
|
||||
sops.secrets.backup-pw.sopsFile = ../../../.secrets/t15/backup-s3.yaml;
|
||||
|
@ -39,4 +34,5 @@
|
|||
bits = 4096;
|
||||
}
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
@ -28,7 +28,6 @@
|
|||
"uas"
|
||||
];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest;
|
||||
boot.kernelParams = [
|
||||
"lockdown=confidentiality"
|
||||
"intel_iommu=on"
|
||||
|
@ -80,9 +79,9 @@
|
|||
};
|
||||
|
||||
console.keyMap = "de-latin1-nodeadkeys";
|
||||
services.xserver.xkb = {
|
||||
layout = "de,de+us";
|
||||
variant = "nodeadkeys,";
|
||||
services.xserver = {
|
||||
layout = "de";
|
||||
xkbVariant = "nodeadkeys";
|
||||
};
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
|
|
@ -11,28 +11,9 @@ with lib.metacfg;
|
|||
nix.enable = true;
|
||||
podman.enable = true;
|
||||
secureboot.enable = true;
|
||||
homeprinter.enable = true;
|
||||
user.extraGroups = [ "docker" "dialout" ];
|
||||
user.extraGroups = [ "docker" ];
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
azure-cli
|
||||
cloudflare-warp
|
||||
desktop-file-utils
|
||||
kubectl
|
||||
kubectx
|
||||
k9s
|
||||
attic-client
|
||||
];
|
||||
|
||||
services.resolved.enable = true;
|
||||
services.resolved.dnssec = "allow-downgrade";
|
||||
services.resolved.extraConfig = ''
|
||||
ResolveUnicastSingleLabel=yes
|
||||
'';
|
||||
|
||||
systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
|
||||
|
||||
virtualisation = {
|
||||
docker.enable = true;
|
||||
libvirtd.enable = true;
|
||||
|
@ -45,7 +26,5 @@ with lib.metacfg;
|
|||
allowReboot = false;
|
||||
};
|
||||
|
||||
services.trezord.enable = true;
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
@ -31,15 +31,8 @@
|
|||
options = [ "subvol=@" ];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = {
|
||||
device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."luks-280f2e07-e5fc-478e-b7ee-445c99bea415" = {
|
||||
device = "/dev/disk/by-uuid/280f2e07-e5fc-478e-b7ee-445c99bea415";
|
||||
allowDiscards = true;
|
||||
};
|
||||
boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502".device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502";
|
||||
boot.initrd.luks.devices."luks-280f2e07-e5fc-478e-b7ee-445c99bea415".device = "/dev/disk/by-uuid/280f2e07-e5fc-478e-b7ee-445c99bea415";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue