forked from pub-solar/os
Initial hensoko
This commit is contained in:
parent
f51e4f3633
commit
6a7b4b003b
32
flake.nix
32
flake.nix
|
@ -128,6 +128,23 @@
|
||||||
iso = base ++ [ base-user graphical pub-solar-iso ];
|
iso = base ++ [ base-user graphical pub-solar-iso ];
|
||||||
pubsolaros = [ full-install base-user users.root ];
|
pubsolaros = [ full-install base-user users.root ];
|
||||||
anonymous = [ pubsolaros users.pub-solar ];
|
anonymous = [ pubsolaros users.pub-solar ];
|
||||||
|
pubsolaros-light = [ core-light base-user users.root ];
|
||||||
|
hensoko = pubsolaros ++ [ users.hensoko ];
|
||||||
|
hensoko-iot = [ server base-user users.root users.iot ];
|
||||||
|
|
||||||
|
# server
|
||||||
|
cube = hensoko-iot;
|
||||||
|
|
||||||
|
# home-controller
|
||||||
|
companion = hensoko-iot;
|
||||||
|
cox = hensoko-iot;
|
||||||
|
giggles = hensoko-iot;
|
||||||
|
|
||||||
|
# laptop
|
||||||
|
ringo = hensoko;
|
||||||
|
|
||||||
|
# vm
|
||||||
|
redpanda = hensoko;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -143,6 +160,8 @@
|
||||||
};
|
};
|
||||||
users = {
|
users = {
|
||||||
pub-solar = { suites, ... }: { imports = suites.base; };
|
pub-solar = { suites, ... }: { imports = suites.base; };
|
||||||
|
hensoko = { suites, ... }: { imports = suites.base; };
|
||||||
|
iot = { suites, ... }: { imports = suites.base; };
|
||||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -150,6 +169,17 @@
|
||||||
|
|
||||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||||
|
|
||||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
|
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||||
|
redpanda = {
|
||||||
|
hostname = "192.168.42.71:22";
|
||||||
|
sshUser = "hensoko";
|
||||||
|
fastConnect = true;
|
||||||
|
profilesOrder = [ "system" "direnv" ];
|
||||||
|
profiles.direnv = {
|
||||||
|
user = "hensoko";
|
||||||
|
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.hensoko;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
110
hosts/redpanda/configuration.nix
Normal file
110
hosts/redpanda/configuration.nix
Normal file
|
@ -0,0 +1,110 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
# Use the GRUB 2 boot loader.
|
||||||
|
boot.loader.grub.enable = true;
|
||||||
|
boot.loader.grub.version = 2;
|
||||||
|
# boot.loader.grub.efiSupport = true;
|
||||||
|
# boot.loader.grub.efiInstallAsRemovable = true;
|
||||||
|
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||||
|
# Define on which hard drive you want to install Grub.
|
||||||
|
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
|
||||||
|
|
||||||
|
# networking.hostName = "nixos"; # Define your hostname.
|
||||||
|
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
# time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
|
||||||
|
# Per-interface useDHCP will be mandatory in the future, so this generated config
|
||||||
|
# replicates the default behaviour.
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces.enp0s3.useDHCP = true;
|
||||||
|
|
||||||
|
# Configure network proxy if necessary
|
||||||
|
# networking.proxy.default = "http://user:password@proxy:port/";
|
||||||
|
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
#package = pkgs.nixFlakes;
|
||||||
|
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
# i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
# console = {
|
||||||
|
# font = "Lat2-Terminus16";
|
||||||
|
# keyMap = "us";
|
||||||
|
# };
|
||||||
|
|
||||||
|
# Enable the X11 windowing system.
|
||||||
|
# services.xserver.enable = true;
|
||||||
|
|
||||||
|
# Configure keymap in X11
|
||||||
|
# services.xserver.layout = "us";
|
||||||
|
# services.xserver.xkbOptions = "eurosign:e";
|
||||||
|
|
||||||
|
# Enable CUPS to print documents.
|
||||||
|
# services.printing.enable = true;
|
||||||
|
|
||||||
|
# Enable sound.
|
||||||
|
# sound.enable = true;
|
||||||
|
# hardware.pulseaudio.enable = true;
|
||||||
|
|
||||||
|
# Enable touchpad support (enabled default in most desktopManager).
|
||||||
|
# services.xserver.libinput.enable = true;
|
||||||
|
|
||||||
|
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||||
|
# users.users.jane = {
|
||||||
|
# isNormalUser = true;
|
||||||
|
# extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
firefox
|
||||||
|
];
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
|
# Or disable the firewall altogether.
|
||||||
|
# networking.firewall.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "21.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
6
hosts/redpanda/default.nix
Normal file
6
hosts/redpanda/default.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ suites, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./redpanda.nix
|
||||||
|
] ++ suites.redpanda;
|
||||||
|
}
|
21
hosts/redpanda/hardware-configuration.nix
Normal file
21
hosts/redpanda/hardware-configuration.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ohci_pci" "virtio_pci" "sd_mod" "sr_mod" "virtio_scsi" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
#virtualisation.virtualbox.guest.enable = true;
|
||||||
|
}
|
17
hosts/redpanda/redpanda.nix
Normal file
17
hosts/redpanda/redpanda.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
#pub-solar.nextcloud.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
config = {
|
||||||
|
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -41,6 +41,16 @@ in
|
||||||
type = types.nullOr types.str;
|
type = types.nullOr types.str;
|
||||||
default = null;
|
default = null;
|
||||||
};
|
};
|
||||||
|
latitude = mkOption {
|
||||||
|
description = "Latitude";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
longitude = mkOption {
|
||||||
|
description = "Longitude";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
22
secrets/email_gssws_password.age
Normal file
22
secrets/email_gssws_password.age
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 hPyiJw 1+o3Kv3nXAiMEyY8GVW7ZMCILH/SToajDAYM0HR3/FU
|
||||||
|
YgmC4YvrNidF5sr3h2KtByL/ehS8RC2yEKQf8pkcruE
|
||||||
|
-> ssh-ed25519 YFSOsg Ju5LywricieLjgr6GeaXyN6RwrT2rf1ypjyvABtYkEE
|
||||||
|
TeZO7TBBIK58XTN5Bi9UdAde8vlEeIuiRnnYuTWV3Ds
|
||||||
|
-> ssh-rsa 42S2Dw
|
||||||
|
YR3lIzLqv6FZlKHgPYc2uVo8kiuEStoP+wZqMsNJwlpT9VIUn2n7V3Pj7gsRUtN7
|
||||||
|
dYjVEnXCXOYJiT1cKitbsQ/uvO7pDh7Ol4cve4yCt5OTXqux4MsZRBTvBXmbom7v
|
||||||
|
BZCOruqKIViWChXLo6s1vhJ2Rv3LzY12h1IGlDrVqyTHAxUga7aQmKnFzICwsb2M
|
||||||
|
6A7JDryveWA3AWntHOgw6G/OzL6TlZxa51w6UAW3z+cckEttmwfLaaOhT2xuhAvJ
|
||||||
|
3SH856B5Xtx7qWyooN7Cq2XQAlZ3DKJVmjIJvI1y9DdpZlO29kXZXI6FZJb6ZJMM
|
||||||
|
c0GntItUK2VXGwR+a+PIDg
|
||||||
|
-> ssh-ed25519 iHV63A 68iPatktmiT9enmwFBH0O2KS7Iu5ZR3vEdrD6OKTwyg
|
||||||
|
IyRwEOu+/ThnqIG42fYxr65rpniPqvS5HYNP3xQgYfU
|
||||||
|
-> ssh-ed25519 VApqug rYWmUWJxn6FnnZGopYUzrTcbTBsr+zHuhrSisHl6LXM
|
||||||
|
7XANpzZrrZlsPILu0UhNh3s1UoUwhGXVUhhmMfZuBqw
|
||||||
|
-> -.bX&'x-grease mStW!.EH *+Q`QW/
|
||||||
|
0jNHMBJOkpVUD7xoEr7ymD2f3kCEIU0SZkPJ8wJfxYSg4F/4Pwc19+tHChEjOHCC
|
||||||
|
svyV
|
||||||
|
--- rCetdRQgIw8CPjfsojxST3lEYYbxGMRhBi9rBfIpQx0
|
||||||
|
÷
|
||||||
|
ƒS!À>¤8çþÁ] §'ÚiÚ Ë÷áª[˜cw¯<1B>Ná›ó†aîõ1·öÊÄ€™'¬SË¡“
|
3
users/hensoko/.config/sway/config.d/input-language.conf
Normal file
3
users/hensoko/.config/sway/config.d/input-language.conf
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
input * {
|
||||||
|
xkb_layout us(intl)
|
||||||
|
}
|
170
users/hensoko/browser.nix
Normal file
170
users/hensoko/browser.nix
Normal file
|
@ -0,0 +1,170 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
programs.firefox = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.firefox-wayland;
|
||||||
|
extensions = [
|
||||||
|
];
|
||||||
|
profiles = {
|
||||||
|
default = {
|
||||||
|
id = 0;
|
||||||
|
path = "xunofzn6.default-default";
|
||||||
|
settings = {
|
||||||
|
"browser.startup.homepage" = "https://duckduckgo.com";
|
||||||
|
"browser.search.region" = "DE";
|
||||||
|
"browser.search.isUS" = false;
|
||||||
|
"distribution.searchplugins.defaultLocale" = "en-US";
|
||||||
|
"general.useragent.locale" = "en-US";
|
||||||
|
};
|
||||||
|
extraConfig = ''
|
||||||
|
# Mozilla User Preferences
|
||||||
|
# kuketz-blog.de | Firefox-Kompendium | 10.11.2021 | Firefox 94.0.1
|
||||||
|
# Download: https://www.kuketz-blog.de/firefox-aboutconfig-user-js-firefox-kompendium-teil10/
|
||||||
|
|
||||||
|
#############
|
||||||
|
## PRIVACY ##
|
||||||
|
#############
|
||||||
|
|
||||||
|
## Disable Domain Guessing
|
||||||
|
user_pref("browser.fixup.alternate.enabled", false);
|
||||||
|
|
||||||
|
## Disable Normandy/Shield (FF60+)
|
||||||
|
user_pref("app.normandy.enabled", false);
|
||||||
|
user_pref("app.shield.optoutstudies.enabled", false);
|
||||||
|
|
||||||
|
## Disable Activity Stream (AS)
|
||||||
|
user_pref("browser.newtabpage.activity-stream.feeds.snippets", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.feeds.topsites", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.feeds.system.topsites", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.showSponsored", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false);
|
||||||
|
user_pref("browser.newtabpage.activity-stream.telemetry", false);
|
||||||
|
|
||||||
|
## Disable PingCentre Telemetry
|
||||||
|
user_pref("browser.ping-centre.telemetry", false);
|
||||||
|
|
||||||
|
## Disable NewTabPage
|
||||||
|
user_pref("browser.newtabpage.enabled", false);
|
||||||
|
user_pref("browser.messaging-system.whatsNewPanel.enabled", false);
|
||||||
|
|
||||||
|
## Disable Safe Browsing
|
||||||
|
# Disable binaries NOT in local lists being checked by Google (real-time checking)
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.url", "");
|
||||||
|
# Disable "Block dangerous downloads" (under Options>Privacy & Security)
|
||||||
|
user_pref("browser.safebrowsing.downloads.enabled", false);
|
||||||
|
# This covers deceptive sites such as phishing and social engineering
|
||||||
|
user_pref("browser.safebrowsing.phishing.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.malware.enabled", false);
|
||||||
|
# Disable "Warn me about unwanted and uncommon software" (under Options>Privacy & Security)
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false);
|
||||||
|
user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false);
|
||||||
|
# Disable Mozilla's blocklist for known Flash tracking/fingerprinting
|
||||||
|
user_pref("browser.safebrowsing.blockedURIs.enabled", false);
|
||||||
|
# Disable reporting URLs
|
||||||
|
user_pref("browser.safebrowsing.provider.google.reportURL", "");
|
||||||
|
user_pref("browser.safebrowsing.reportPhishURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.reportURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", "");
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", "");
|
||||||
|
# Disable data sharing (FF58+)
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
|
||||||
|
user_pref("browser.safebrowsing.provider.google4.dataSharingURL", "");
|
||||||
|
|
||||||
|
## Disable location bar LIVE search suggestions
|
||||||
|
user_pref("browser.search.suggest.enabled", false);
|
||||||
|
user_pref("browser.urlbar.suggest.searches", false);
|
||||||
|
|
||||||
|
## Disable Slow Startup Notifications and Telemetry
|
||||||
|
user_pref("browser.slowStartup.notificationDisabled", true);
|
||||||
|
user_pref("browser.slowStartup.maxSamples", 0);
|
||||||
|
user_pref("browser.slowStartup.samples", 0);
|
||||||
|
|
||||||
|
## Disable sending of crash reports (FF44+)
|
||||||
|
user_pref("browser.tabs.crashReporting.sendReport", false);
|
||||||
|
user_pref("browser.crashReports.unsubmittedCheck.enabled", false);
|
||||||
|
user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false);
|
||||||
|
|
||||||
|
## Disable Health Report
|
||||||
|
user_pref("datareporting.healthreport.uploadEnabled", false);
|
||||||
|
user_pref("datareporting.policy.dataSubmissionEnabled", false);
|
||||||
|
|
||||||
|
## Disable Extension Metadata updating to addons.mozilla.org
|
||||||
|
user_pref("extensions.getAddons.cache.enabled", false);
|
||||||
|
|
||||||
|
## Disable Telemetry
|
||||||
|
user_pref("toolkit.coverage.endpoint.base", "");
|
||||||
|
user_pref("toolkit.coverage.opt-out", true);
|
||||||
|
user_pref("toolkit.telemetry.archive.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.coverage.opt-out", true);
|
||||||
|
user_pref("toolkit.telemetry.hybridContent.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.bhrPing.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.firstShutdownPing.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.newProfilePing.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.shutdownPingSender.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.updatePing.enabled", false);
|
||||||
|
user_pref("toolkit.telemetry.unified", false);
|
||||||
|
|
||||||
|
##############
|
||||||
|
## SECURITY ##
|
||||||
|
##############
|
||||||
|
|
||||||
|
## Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
|
||||||
|
user_pref("network.IDN_show_punycode", true);
|
||||||
|
|
||||||
|
## Display all parts of the URL in the location bar eg. http(s)://
|
||||||
|
user_pref("browser.urlbar.trimURLs", false);
|
||||||
|
|
||||||
|
## Display "insecure" icon (FF59+) and "Not Secure" text (FF60+) on HTTP sites
|
||||||
|
user_pref("security.insecure_connection_icon.enabled", true);
|
||||||
|
user_pref("security.insecure_connection_icon.pbmode.enabled", true);
|
||||||
|
user_pref("security.insecure_connection_text.enabled", true);
|
||||||
|
user_pref("security.insecure_connection_text.pbmode.enabled", true);
|
||||||
|
'';
|
||||||
|
#search.default = "DuckDuckGo";
|
||||||
|
# force = true;
|
||||||
|
# order = [ "DuckDuckGo" "Google" ];
|
||||||
|
# engines = {
|
||||||
|
# "Nix Packages" = {
|
||||||
|
# urls = [{
|
||||||
|
# template = "https://search.nixos.org/packages";
|
||||||
|
# params = [
|
||||||
|
# { name = "type"; value = "packages"; }
|
||||||
|
# { name = "query"; value = "{searchTerms}"; }
|
||||||
|
# ];
|
||||||
|
# }];
|
||||||
|
#
|
||||||
|
# icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
|
||||||
|
# definedAliases = [ "@np" ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
# "NixOS Wiki" = {
|
||||||
|
# urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }];
|
||||||
|
# iconUpdateURL = "https://nixos.wiki/favicon.png";
|
||||||
|
# updateInterval = 24 * 60 * 60 * 1000; # every day
|
||||||
|
# definedAliases = [ "@nw" ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
# "Bing".metaData.hidden = true;
|
||||||
|
# "Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias
|
||||||
|
# };
|
||||||
|
#};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
37
users/hensoko/default.nix
Normal file
37
users/hensoko/default.nix
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
{ config, hmUsers, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./browser.nix
|
||||||
|
./email.nix
|
||||||
|
./gammastep.nix
|
||||||
|
./home.nix
|
||||||
|
./htop.nix
|
||||||
|
./ssh.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
home-manager.users = { inherit (hmUsers) hensoko; };
|
||||||
|
|
||||||
|
pub-solar = {
|
||||||
|
user = {
|
||||||
|
name = "hensoko";
|
||||||
|
description = "hensoko";
|
||||||
|
password = "$6$BBUvcGQBFBjBmRLw$VQgMxaVPInM0S/nr3rkWvCvzlI/oSZ0Kj8wb25k4Fx6aHJkxYzurXh4deslVgGKvz0O2LScBamt7M2pV81EWx0";
|
||||||
|
fullName = "Hendrik Sokolowski";
|
||||||
|
email = "hensoko@gssws.de";
|
||||||
|
latitude = "50.9";
|
||||||
|
longitude = "6.5";
|
||||||
|
gpgKeyId = "5C36A01B80BCCC59";
|
||||||
|
publicKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135"
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+euxPp6bHXw61UeUqTGHH8Ub2L+Sy1iteupv/AGudgoVNp2GebqJy1cxQ74mgnL8eWMlaA9jZlKQ1xFFhgtolCsoAKTE9AE8X0egvmEM18fEUR3EWWchmX4MXUhUiOtwitkl4+EpSsp5rh/kIxcpQFz1dpBibroq6jDLKlrVou+2LppR8nMfFT2sqg3694Ltxz4CWMdAfitLax05ckKMAnzz+TgpXK5OyfQSBvl18Qu1SWITYa6AVNXQ7/ovWBDIUfg25GWouzWqkSUpLdCVIcXPe2X7g6X1QsHXnnhaMAhvYH54GZ4wU2kBwIJ6KvplfZdbJ09KAltPVt08evafb hendriksokolowski@hsokolowski-pc"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
64
users/hensoko/email.nix
Normal file
64
users/hensoko/email.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
age.secrets.email_gssws_password = {
|
||||||
|
file = "${self}/secrets/email_gssws_password.age";
|
||||||
|
owner = "hensoko";
|
||||||
|
};
|
||||||
|
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
services.imapnotify.enable = true;
|
||||||
|
|
||||||
|
programs.mbsync.enable = true;
|
||||||
|
programs.neomutt.enable = true;
|
||||||
|
|
||||||
|
programs.notmuch = {
|
||||||
|
enable = true;
|
||||||
|
hooks = {
|
||||||
|
preNew = "mbsync --all";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
programs.msmtp.enable = true;
|
||||||
|
|
||||||
|
accounts.email.accounts."gssws" = {
|
||||||
|
primary = true;
|
||||||
|
address = "hensoko@gssws.de";
|
||||||
|
realName = "Hendrik Sokolowski";
|
||||||
|
|
||||||
|
userName = "hensoko";
|
||||||
|
passwordCommand = "cat /run/agenix/email_gssws_password";
|
||||||
|
|
||||||
|
imapnotify.enable = true;
|
||||||
|
imapnotify.onNotify = ''${pkgs.notmuch}/bin/notmuch new && ${pkgs.libnotify}/bin/notify-send "You got mail!" "imapnotify gssws"'';
|
||||||
|
|
||||||
|
mbsync = {
|
||||||
|
enable = true;
|
||||||
|
create = "maildir";
|
||||||
|
extraConfig.channel = {
|
||||||
|
MaxMessages = 50000;
|
||||||
|
MaxSize = "5m";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
msmtp.enable = true;
|
||||||
|
notmuch.enable = true;
|
||||||
|
neomutt.enable = true;
|
||||||
|
|
||||||
|
imap = {
|
||||||
|
host = "mail.gssws.de";
|
||||||
|
port = 993;
|
||||||
|
tls.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
smtp = {
|
||||||
|
host = "mail.gssws.de";
|
||||||
|
port = 465;
|
||||||
|
tls.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
15
users/hensoko/gammastep.nix
Normal file
15
users/hensoko/gammastep.nix
Normal file
|
@ -0,0 +1,15 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
services.gammastep = {
|
||||||
|
enable = true;
|
||||||
|
latitude = psCfg.user.latitude;
|
||||||
|
longitude = psCfg.user.longitude;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
48
users/hensoko/home.nix
Normal file
48
users/hensoko/home.nix
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
pub-solar.nextcloud.enable = true;
|
||||||
|
|
||||||
|
services.fwupd.enable = true;
|
||||||
|
|
||||||
|
pub-solar.graphical.autologin.enable = false;
|
||||||
|
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = [ "${psCfg.user.name}" ];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = [ "NOPASSWD" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
xdg.configFile = mkIf psCfg.sway.enable {
|
||||||
|
"sway/config.d/10-input-language.conf".source = ./.config/sway/config.d/input-language.conf;
|
||||||
|
};
|
||||||
|
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
obsidian
|
||||||
|
btop
|
||||||
|
dig
|
||||||
|
fping
|
||||||
|
keepassxc
|
||||||
|
ncdu
|
||||||
|
sysstat
|
||||||
|
|
||||||
|
lazygit
|
||||||
|
tig
|
||||||
|
|
||||||
|
thunderbird
|
||||||
|
wakeonlan
|
||||||
|
wlr-randr
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
32
users/hensoko/htop.nix
Normal file
32
users/hensoko/htop.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with pkgs lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
programs.htop = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
color_scheme = 6;
|
||||||
|
|
||||||
|
delay = 5;
|
||||||
|
|
||||||
|
account_guest_in_cpu_meter = true;
|
||||||
|
enable_mouse = false;
|
||||||
|
cpu_count_from_one = 0;
|
||||||
|
detailed_cpu_time = true;
|
||||||
|
highlight_base_name = 1;
|
||||||
|
highlight_megabytes = 1;
|
||||||
|
highlight_threads = 1;
|
||||||
|
shadow_other_users = true;
|
||||||
|
tree_view = true;
|
||||||
|
update_process_names = true;
|
||||||
|
vim_mode = true;
|
||||||
|
|
||||||
|
left_meters = [ "AllCPUs" "Memory" "Swap" ];
|
||||||
|
right_meters = [ "Hostname" "Tasks" "LoadAverage" "Uptime" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
58
users/hensoko/ssh.nix
Normal file
58
users/hensoko/ssh.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = {
|
||||||
|
"hsha" = {
|
||||||
|
hostname = "192.168.42.5";
|
||||||
|
user = "root";
|
||||||
|
port = 2222;
|
||||||
|
};
|
||||||
|
"ringo" = {
|
||||||
|
hostname = "192.168.42.231";
|
||||||
|
user = "hensoko";
|
||||||
|
port = 22;
|
||||||
|
};
|
||||||
|
"giggles" = {
|
||||||
|
hostname = "192.168.42.232";
|
||||||
|
user = "iot";
|
||||||
|
port = 22;
|
||||||
|
};
|
||||||
|
"norman" = {
|
||||||
|
hostname = "192.168.42.233";
|
||||||
|
user = "hensoko";
|
||||||
|
port = 22;
|
||||||
|
};
|
||||||
|
"cox" = {
|
||||||
|
hostname = "192.168.42.234";
|
||||||
|
user = "iot";
|
||||||
|
port = 22;
|
||||||
|
};
|
||||||
|
"companion" = {
|
||||||
|
user = "iot";
|
||||||
|
};
|
||||||
|
"cube" = {
|
||||||
|
hostname = "80.244.242.2";
|
||||||
|
user = "iot";
|
||||||
|
port = 2222;
|
||||||
|
};
|
||||||
|
"mail" = {
|
||||||
|
hostname = "mail.gssws.de";
|
||||||
|
user = "root";
|
||||||
|
port = 2222;
|
||||||
|
};
|
||||||
|
"git" = {
|
||||||
|
hostname = "git.gssws.de";
|
||||||
|
user = "git";
|
||||||
|
port = 2222;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
extraConfig = "PubKeyAcceptedKeyTypes +ssh-rsa";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
28
users/iot/default.nix
Normal file
28
users/iot/default.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ config, hmUsers, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./home.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
home-manager.users = { inherit (hmUsers) iot; };
|
||||||
|
|
||||||
|
pub-solar = {
|
||||||
|
user = {
|
||||||
|
name = "iot";
|
||||||
|
description = "hensoko iot user";
|
||||||
|
password = "$6$BBUvcGQBFBjBmRLw$VQgMxaVPInM0S/nr3rkWvCvzlI/oSZ0Kj8wb25k4Fx6aHJkxYzurXh4deslVgGKvz0O2LScBamt7M2pV81EWx0";
|
||||||
|
fullName = "Hendrik Sokolowski";
|
||||||
|
email = "hensoko@gssws.de";
|
||||||
|
publicKeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
36
users/iot/home.nix
Normal file
36
users/iot/home.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, pkgs, lib, self, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ ];
|
||||||
|
|
||||||
|
pub-solar.graphical.autologin.enable = false;
|
||||||
|
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = [ "${psCfg.user.name}" ];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = [ "NOPASSWD" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
|
||||||
|
home.packages = with pkgs; [
|
||||||
|
dig
|
||||||
|
fping
|
||||||
|
btop
|
||||||
|
htop
|
||||||
|
ncdu
|
||||||
|
sysstat
|
||||||
|
tig
|
||||||
|
wakeonlan
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue