axeman/pub-solar-os
1
0
Fork 0
forked from pub-solar/os
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

merge into: axeman:main
Branches Tags
axeman:main
axeman:flora-6-pub-solar
axeman:b12f
axeman:infra
axeman:nixos-22-11-racoon
axeman:hensoko
axeman:teutat3s
axeman:fix/audio-stutter-pipewire
axeman:feature/alejandra-treefmt
axeman:feature/add-module-to-run-kvm-capable-drone-runner-in-docker
axeman:feature/ci-runner-experiment
axeman:feature/embrace-nvfetcher
axeman:adr/01-lvm-on-luks
axeman:teutat3s-drone-exec-runner
axeman:feature/fake-branch
axeman:hensoko-pre-rebase-bak
axeman:feature/ci-runner
axeman:vlalentim
axeman:feature/swaynotificationcenter
axeman:feature/wayvnc
axeman:feature/atomic-pre-commit
axeman:devos
axeman:pkg/wlstreamer
pub-solar:hensoko-no-digga
pub-solar:momo/fix-lib-deploy-rs
pub-solar:momo/main
pub-solar:flora-6-forgejo-actions-ci
pub-solar:teutat3s
pub-solar:infra
pub-solar:main
pub-solar:hensoko
pub-solar:b12f
pub-solar:pub.solar/nougat-2
pub-solar:momo/keycloak
pub-solar:feature/fix-modules
pub-solar:momo/infra-poc
pub-solar:b12f-bash
pub-solar:update/gitea-docker
pub-solar:feature/fix-correct-unit
pub-solar:fix/nvfetcher-rebuild
pub-solar:feature/ci-runner-experiment
pub-solar:adr/01-lvm-on-luks
pub-solar:teutat3s-drone-exec-runner
pub-solar:feature/fake-branch
pub-solar:hensoko-pre-rebase-bak
pub-solar:feature/ci-runner
pub-solar:vlalentim
pub-solar:feature/swaynotificationcenter
pub-solar:feature/wayvnc
pub-solar:feature/atomic-pre-commit
pub-solar:devos
pub-solar:pkg/wlstreamer
axeman:t36
axeman:t35
axeman:t34
axeman:t33
axeman:t32
axeman:t31
axeman:t30
axeman:t29
axeman:t28
axeman:t27
axeman:t26
axeman:t25
axeman:t24
axeman:t23
axeman:t22
axeman:t21
axeman:t20
axeman:t19
axeman:t18
axeman:t17
axeman:t16
axeman:t15
axeman:t14
axeman:t13
axeman:t12
axeman:t11
axeman:t10
axeman:t9
axeman:t8
axeman:t7
axeman:t6
axeman:t5
axeman:t4
axeman:t3
axeman:t2
axeman:t1
axeman:test
axeman:v0.10.0
axeman:v0.9.0
axeman:v0.8.0
axeman:0.7.0
axeman:12052020
axeman:07092020
pub-solar:t36
pub-solar:t35
pub-solar:t34
pub-solar:t33
pub-solar:t32
pub-solar:t31
pub-solar:t30
pub-solar:t29
pub-solar:t28
pub-solar:t27
pub-solar:t26
pub-solar:t25
pub-solar:t24
pub-solar:t23
pub-solar:t22
pub-solar:t21
pub-solar:t20
pub-solar:t19
pub-solar:t18
pub-solar:t17
pub-solar:t16
pub-solar:t15
pub-solar:t14
pub-solar:t13
pub-solar:t12
pub-solar:t11
pub-solar:t10
pub-solar:t9
pub-solar:t8
pub-solar:t7
pub-solar:t6
pub-solar:t5
pub-solar:t4
pub-solar:t3
pub-solar:t2
pub-solar:t1
pub-solar:test
pub-solar:0.7.0
pub-solar:07092020
pub-solar:12052020
pub-solar:v0.10.0
pub-solar:v0.8.0
pub-solar:v0.9.0
...
pull from: axeman:hensoko
Branches Tags
axeman:flora-6-pub-solar
axeman:b12f
axeman:infra
axeman:nixos-22-11-racoon
axeman:hensoko
axeman:teutat3s
axeman:fix/audio-stutter-pipewire
axeman:feature/alejandra-treefmt
axeman:main
axeman:feature/add-module-to-run-kvm-capable-drone-runner-in-docker
axeman:feature/ci-runner-experiment
axeman:feature/embrace-nvfetcher
axeman:adr/01-lvm-on-luks
axeman:teutat3s-drone-exec-runner
axeman:feature/fake-branch
axeman:hensoko-pre-rebase-bak
axeman:feature/ci-runner
axeman:vlalentim
axeman:feature/swaynotificationcenter
axeman:feature/wayvnc
axeman:feature/atomic-pre-commit
axeman:devos
axeman:pkg/wlstreamer
pub-solar:hensoko-no-digga
pub-solar:momo/fix-lib-deploy-rs
pub-solar:momo/main
pub-solar:flora-6-forgejo-actions-ci
pub-solar:teutat3s
pub-solar:infra
pub-solar:main
pub-solar:hensoko
pub-solar:b12f
pub-solar:pub.solar/nougat-2
pub-solar:momo/keycloak
pub-solar:feature/fix-modules
pub-solar:momo/infra-poc
pub-solar:b12f-bash
pub-solar:update/gitea-docker
pub-solar:feature/fix-correct-unit
pub-solar:fix/nvfetcher-rebuild
pub-solar:feature/ci-runner-experiment
pub-solar:adr/01-lvm-on-luks
pub-solar:teutat3s-drone-exec-runner
pub-solar:feature/fake-branch
pub-solar:hensoko-pre-rebase-bak
pub-solar:feature/ci-runner
pub-solar:vlalentim
pub-solar:feature/swaynotificationcenter
pub-solar:feature/wayvnc
pub-solar:feature/atomic-pre-commit
pub-solar:devos
pub-solar:pkg/wlstreamer
axeman:t36
axeman:t35
axeman:t34
axeman:t33
axeman:t32
axeman:t31
axeman:t30
axeman:t29
axeman:t28
axeman:t27
axeman:t26
axeman:t25
axeman:t24
axeman:t23
axeman:t22
axeman:t21
axeman:t20
axeman:t19
axeman:t18
axeman:t17
axeman:t16
axeman:t15
axeman:t14
axeman:t13
axeman:t12
axeman:t11
axeman:t10
axeman:t9
axeman:t8
axeman:t7
axeman:t6
axeman:t5
axeman:t4
axeman:t3
axeman:t2
axeman:t1
axeman:test
axeman:v0.10.0
axeman:v0.9.0
axeman:v0.8.0
axeman:0.7.0
axeman:12052020
axeman:07092020
pub-solar:t36
pub-solar:t35
pub-solar:t34
pub-solar:t33
pub-solar:t32
pub-solar:t31
pub-solar:t30
pub-solar:t29
pub-solar:t28
pub-solar:t27
pub-solar:t26
pub-solar:t25
pub-solar:t24
pub-solar:t23
pub-solar:t22
pub-solar:t21
pub-solar:t20
pub-solar:t19
pub-solar:t18
pub-solar:t17
pub-solar:t16
pub-solar:t15
pub-solar:t14
pub-solar:t13
pub-solar:t12
pub-solar:t11
pub-solar:t10
pub-solar:t9
pub-solar:t8
pub-solar:t7
pub-solar:t6
pub-solar:t5
pub-solar:t4
pub-solar:t3
pub-solar:t2
pub-solar:t1
pub-solar:test
pub-solar:0.7.0
pub-solar:07092020
pub-solar:12052020
pub-solar:v0.10.0
pub-solar:v0.8.0
pub-solar:v0.9.0

33 commits
main ... hensoko

Author SHA1 Message Date
Hendrik Sokolowski a6fbe87942 rename terraform, remove version 2022-11-26 15:41:27 +01:00
Hendrik Sokolowski 0b61a83501 rename deprecated property 2022-11-26 15:41:13 +01:00
Hendrik Sokolowski b3f2894565 drop docker statements 2022-11-26 15:37:08 +01:00
Hendrik Sokolowski 6a19820841 Make resumeDevice optional 2022-11-26 15:37:08 +01:00
Hendrik Sokolowski aa4af55cb9 NixOS module for a drone ci runner in docker 2022-11-26 15:37:08 +01:00
Hendrik Sokolowski 8b399cbd79 rekey secrets 2022-11-26 15:37:08 +01:00
Hendrik Sokolowski 9b39b3c8ef Bump flake.lock 2022-11-26 15:37:07 +01:00
Hendrik Sokolowski c0f3d1dfb7 add hosts 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski a236fd9664 SQ modules.crypto 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 61f0579832 Disable digga fix for now 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 93419615a6 allow unfree 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 8d084ac2cb Adapt terminal-life to personal use-case 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski d36b32c84e add profiles.daw 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski d8a09bf213 add profiles.server 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski c6fefac861 Add module to setup wireguard backed zfs enabled k3s cluster 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 9720df91f0 add profiles.non-free 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski bf1944d9c8 Remove full-install from default install 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 61917ac1fa Update sway applications 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 704bc8a514 Modify crypto for personal needs 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 8e06f61267 update modules.virtualization to personal needs 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski cb984b89d1 add profiles.virtualisation 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 4020d3ea20 add profiles.work 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 4b1283ee32 Fix nextcloud talk audio issues 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 91f2b4e58a update modules.social for personal needs 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 7729d42687 add modules.server 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski fb2e558bf8 secrets 2022-11-26 15:36:55 +01:00
Hendrik Sokolowski 6a7b4b003b Initial hensoko 2022-11-26 15:36:55 +01:00
teutat3s f51e4f3633
nixos: 22.11 racoon, bump flake.lock 2022-11-26 04:48:58 +01:00
teutat3s 6a343e7540
sway: don't use gtkUsePortal, it's deprecated 
see: ebde08adf3
 2022-11-26 04:44:54 +01:00
teutat3s e7ef245e32
docker-compose default to version 2 now 2022-11-26 04:42:16 +01:00
teutat3s 8a6ee0a53e
alacritty: remove use_thin_strokes 
see: https://github.com/alacritty/alacritty/pull/6186
 2022-11-26 04:42:11 +01:00
teutat3s d6236d0b0d
neovim: config updates for 0.8.x 
use default_capabilities

set mouse= to disable new default mouse behaviour
 2022-11-26 04:42:03 +01:00
teutat3s f97cf1d0e9
nix: use new nix.settings syntax 2022-11-26 04:40:22 +01:00
109 changed files with 3576 additions and 234 deletions
Show stats Expand all files Collapse all files

116
flake.lock
View file

@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1665870395,
"narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=",
"lastModified": 1662241716,
"narHash": "sha256-urqPvSvvGUhkwzTDxUI8N1nsdMysbAfjmBNZaTYBZRU=",
"owner": "ryantm",
"repo": "agenix",
"rev": "a630400067c6d03c9b3e0455347dc8559db14288",
"rev": "c96da5835b76d3d8e8d99a0fec6fe32f8539ee2e",
"type": "github"
},
"original": {
@ -42,11 +42,11 @@
]
},
"locked": {
"lastModified": 1667419884,
"narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=",
"lastModified": 1661882940,
"narHash": "sha256-4LaVFnV22WrOA0aolqqk9dXrM8crikcrLQt29G18F7M=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100",
"rev": "80cec5115aae74accc4ccfb9f84306d7863f0632",
"type": "github"
},
"original": {
@ -143,18 +143,13 @@
"nixpkgs-unstable": "nixpkgs-unstable"
},
"locked": {
"lastModified": 1661600857,
"narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=",
"owner": "pub-solar",
"repo": "digga",
"rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221",
"type": "github"
"narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=",
"path": "/nix/store/gyv51hksh3bngdqvafrwil6liskb57c1-source",
"type": "path"
},
"original": {
"owner": "pub-solar",
"ref": "fix/bootstrap-iso",
"repo": "digga",
"type": "github"
"id": "digga",
"type": "indirect"
}
},
"flake-compat": {
@ -192,27 +187,11 @@
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github"
},
"original": {
@ -272,11 +251,11 @@
},
"flake-utils_3": {
"locked": {
"lastModified": 1667077288,
"narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
"lastModified": 1649676176,
"narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
"rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678",
"type": "github"
},
"original": {
@ -292,11 +271,11 @@
]
},
"locked": {
"lastModified": 1667677389,
"narHash": "sha256-y9Zdq8vtsn0T5TO1iTvWA7JndYIAGjzCjbYVi/hOSmA=",
"lastModified": 1656169755,
"narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "87d55517f6f36aa1afbd7a4a064869d5a1d405b8",
"rev": "4a3d01fb53f52ac83194081272795aa4612c2381",
"type": "github"
},
"original": {
@ -324,11 +303,11 @@
},
"latest_2": {
"locked": {
"lastModified": 1667629849,
"narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
"lastModified": 1662019588,
"narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
"rev": "2da64a81275b68fdad38af669afeda43d401e94b",
"type": "github"
},
"original": {
@ -338,6 +317,26 @@
"type": "github"
}
},
"musnix": {
"inputs": {
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1662101674,
"narHash": "sha256-Yn4jpQ3xMn2U8E/hZiaCulFn7NkUTZ5PMMPY8ClMJD4=",
"owner": "musnix",
"repo": "musnix",
"rev": "c28a81cfdc33cbe95bce3aa853da5d8e5d8f5d00",
"type": "github"
},
"original": {
"owner": "musnix",
"repo": "musnix",
"type": "github"
}
},
"naersk": {
"inputs": {
"nixpkgs": [
@ -375,11 +374,11 @@
},
"nixos": {
"locked": {
"lastModified": 1667653703,
"narHash": "sha256-Xow4vx52/g5zkhlgZnMEm/TEXsj+13jTPCc2jIhW1xU=",
"lastModified": 1662099760,
"narHash": "sha256-MdZLCTJPeHi/9fg6R9fiunyDwP3XHJqDd51zWWz9px0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f09ad462c5a121d0239fde645aacb2221553a217",
"rev": "67e45078141102f45eff1589a831aeaa3182b41e",
"type": "github"
},
"original": {
@ -395,11 +394,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1666812839,
"narHash": "sha256-0nBDgjPU+iDsvz89W+cDEyhnFGSwCJmwDl/gMGqYiU0=",
"lastModified": 1660727616,
"narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "41f3518bc194389df22a3d198215eae75e6b5ab9",
"rev": "adccd191a0e83039d537e021f19495b7bad546a1",
"type": "github"
},
"original": {
@ -410,11 +409,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1667768008,
"narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=",
"lastModified": 1662458987,
"narHash": "sha256-hcDwRlsXZMp2Er3vQk1JEUZWhBPLVC9vTT4xHvhpcE0=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34",
"rev": "504b32caf83986b7e6b9c79c1c13008f83290f19",
"type": "github"
},
"original": {
@ -457,7 +456,6 @@
},
"nur": {
"locked": {
"lastModified": 0,
"narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=",
"path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source",
"type": "path"
@ -469,18 +467,18 @@
},
"nvfetcher": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixos"
]
},
"locked": {
"lastModified": 1667620329,
"narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
"lastModified": 1654975372,
"narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=",
"owner": "berberman",
"repo": "nvfetcher",
"rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
"rev": "d4b237c10f14f72f8266b0f658faad822e491e55",
"type": "github"
},
"original": {
@ -495,9 +493,9 @@
"darwin": "darwin",
"deploy": "deploy",
"digga": "digga",
"flake-compat": "flake-compat_3",
"home": "home",
"latest": "latest_2",
"musnix": "musnix",
"naersk": "naersk",
"nixos": "nixos",
"nixos-generators": "nixos-generators",

86
flake.nix
View file

@ -8,19 +8,19 @@
inputs =
{
# Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
nixos.url = "github:nixos/nixpkgs/nixos-22.11";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false;
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
#digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
digga.inputs.nixpkgs.follows = "nixos";
digga.inputs.nixlib.follows = "nixos";
digga.inputs.home-manager.follows = "home";
digga.inputs.deploy.follows = "deploy";
home.url = "github:nix-community/home-manager/release-22.05";
home.url = "github:nix-community/home-manager/release-22.11";
home.inputs.nixpkgs.follows = "nixos";
darwin.url = "github:LnL7/nix-darwin";
@ -41,6 +41,12 @@
nixos-hardware.url = "github:nixos/nixos-hardware";
nixos-generators.url = "github:nix-community/nixos-generators";
# hensoko additions
musnix.url = "github:musnix/musnix";
musnix.inputs.nixpkgs.follows = "nixos";
nixpkgs-hensoko.url = "git+https://git.b12f.io/hensoko/nixpkgs";
};
outputs =
@ -53,6 +59,7 @@
, agenix
, nvfetcher
, deploy
, musnix
, ...
} @ inputs:
digga.lib.mkFlake
@ -60,7 +67,7 @@
inherit self inputs;
channelsConfig = {
# allowUnfree = true;
allowUnfree = true;
};
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
@ -118,6 +125,27 @@
(import ./tests/first-test.nix { pkgs = nixos.legacyPackages.x86_64-linux; lib = nixos.lib; })
];
};
companion = {
system = "aarch64-linux";
};
cox = {
system = "aarch64-linux";
};
falcone = {
system = "aarch64-linux";
};
giggles = {
system = "aarch64-linux";
};
norman = { };
harrison = {
modules = [
musnix.nixosModules.musnix
];
};
};
importables = rec {
profiles = digga.lib.rakeLeaves ./profiles // {
@ -126,8 +154,33 @@
suites = with profiles; rec {
base = [ users.pub-solar users.root ];
iso = base ++ [ base-user graphical pub-solar-iso ];
pubsolaros = [ full-install base-user users.root ];
pubsolaros = [ base-user users.root ];
anonymous = [ pubsolaros users.pub-solar ];
hensoko = pubsolaros ++ [ users.hensoko ];
hensoko-iot = [ server base-user users.root users.iot ];
# server
cube = hensoko-iot;
# home-controller
companion = hensoko-iot;
cox = hensoko-iot;
giggles = hensoko-iot;
# laptop
ringo = hensoko;
# vm
redpanda = hensoko;
# home pc
harrison = hensoko ++ [ daw graphical non-free social work ];
# work laptop
norman = hensoko ++ [ graphical non-free social virtualisation work ];
# cm4
falcone = hensoko-iot;
};
};
};
@ -143,6 +196,8 @@
};
users = {
pub-solar = { suites, ... }: { imports = suites.base; };
hensoko = { suites, ... }: { imports = suites.base; };
iot = { suites, ... }: { imports = suites.base; };
}; # digga.lib.importers.rakeLeaves ./users/hm;
};
@ -150,6 +205,25 @@
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
redpanda = {
hostname = "192.168.42.71:22";
sshUser = "hensoko";
fastConnect = true;
profilesOrder = [ "system" "direnv" ];
profiles.direnv = {
user = "hensoko";
path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.hensoko;
};
};
companion = { sshUser = "iot"; };
cox = { };
giggles = { };
ringo = { };
cube = {
sshUser = "iot";
};
};
};
}

16
hosts/companion/companion.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
boot.plymouth.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
};
}

63
hosts/companion/configuration.nix Normal file
View file

@ -0,0 +1,63 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
./hardware-configuration.nix
./home-controller.nix
];
boot.loader.timeout = lib.mkForce 0;
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
boot.loader.grub = {
enable = lib.mkForce true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = false;
networking.networkmanager.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false;
nix = {
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 2380 6443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

6
hosts/companion/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./companion.nix
] ++ suites.companion;
}

61
hosts/companion/hardware-configuration.nix Normal file
View file

@ -0,0 +1,61 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
boot.initrd.luks.devices = {
cryptroot = {
device = "/dev/disk/by-uuid/3bbde916-e12a-46a7-9eea-4f5e2aef7883";
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04017028021722045451-0:0-part1";
bypassWorkqueues = true;
fallbackToPassword = true;
};
};
fileSystems."/" =
{
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/5552-1B21";
fsType = "vfat";
};
fileSystems."/var/lib/rancher/k3s/storage" =
{
device = "zroot/kubernetes-localstorage";
fsType = "zfs";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/0545db4a-0494-44d7-927a-4c78351c4303"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
networking.hostId = "71f2d82a";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

55
hosts/companion/home-controller.nix Normal file
View file

@ -0,0 +1,55 @@
{ self, config, pkgs, ... }:
{
config = {
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_companion_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "server";
ownIp = "10.0.1.13";
k3s = {
serverAddr = "https://api.kube:6443";
tokenFile = "/run/agenix/home_controller_k3s_token";
enableLocalStorage = true;
enableZfs = true;
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# cube
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
allowedIPs = [ "10.0.1.5/32" ];
endpoint = "data.gssws.de:51899";
persistentKeepalive = 25;
}
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
endpoint = "giggles.local:51899";
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
endpoint = "cox.local:51899";
persistentKeepalive = 25;
}
{
# ringo
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
allowedIPs = [ "10.0.1.21/32" ];
endpoint = "ringo.local:51899";
persistentKeepalive = 25;
}
];
};
};
};
}

64
hosts/cox/configuration.nix Normal file
View file

@ -0,0 +1,64 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
./hardware-configuration.nix
./home-controller.nix
];
boot.loader.timeout = 0;
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = false;
networking.networkmanager.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false;
nix = {
#package = pkgs.nixFlakes;
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 2380 6443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

16
hosts/cox/cox.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
boot.plymouth.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
};
}

6
hosts/cox/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./cox.nix
] ++ suites.cox;
}

61
hosts/cox/hardware-configuration.nix Normal file
View file

@ -0,0 +1,61 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
boot.initrd.luks.devices = {
cryptroot = {
device = "/dev/disk/by-uuid/bf333b74-875f-4187-922e-4b433fb53aa2";
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_03024516121421043657-0:0-part1";
bypassWorkqueues = true;
fallbackToPassword = true;
};
};
fileSystems."/" =
{
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/6CB3-6DB8";
fsType = "vfat";
};
fileSystems."/var/lib/rancher/k3s/storage" =
{
device = "zroot/kubernetes-localstorage";
fsType = "zfs";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/7ef4a3f8-f4a6-42f5-a57d-21f502ed3dba"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
networking.hostId = "71f2d82a";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

55
hosts/cox/home-controller.nix Normal file
View file

@ -0,0 +1,55 @@
{ self, config, pkgs, ... }:
{
config = {
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cox_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "server";
ownIp = "10.0.1.12";
k3s = {
serverAddr = "https://api.kube:6443";
tokenFile = "/run/agenix/home_controller_k3s_token";
enableLocalStorage = true;
enableZfs = true;
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# cube
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
allowedIPs = [ "10.0.1.5/32" ];
endpoint = "data.gssws.de:51899";
persistentKeepalive = 25;
}
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
endpoint = "giggles.local:51899";
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = [ "10.0.1.13/32" ];
endpoint = "companion.local:51899";
persistentKeepalive = 25;
}
{
# ringo
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
allowedIPs = [ "10.0.1.21/32" ];
endpoint = "ringo.local:51899";
persistentKeepalive = 25;
}
];
};
};
};
}

8
hosts/cube/acme.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, config, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "hensoko@gssws.de";
};
}

34
hosts/cube/backup.nix Normal file
View file

@ -0,0 +1,34 @@
{ config, lib, self, ... }:
{
age.secrets.restic_repository_password.file = "${self}/secrets/cube_restic_repository_password.age";
age.secrets.restic_ssh_private_key.file = "${self}/secrets/cube_restic_ssh_private_key.age";
programs.ssh.extraConfig = ''
Host backup
HostName 10.0.1.12
Port 32222
User backup
IdentityFile /run/agenix/restic_ssh_private_key
'';
services.postgresqlBackup = {
enable = true;
backupAll = true;
compression = "zstd";
};
services.restic.backups = {
cox = {
passwordFile = "/run/agenix/restic_repository_password";
paths = [
"/mnt/internal/nextcloud"
"/var/backup/postgresql"
];
repository = "sftp:backup:/data/hdd/restic";
timerConfig = {
OnCalendar = "02:00";
};
};
};
}

55
hosts/cube/configuration.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./acme.nix
./backup.nix
./drone.nix
./home-assistant.nix
./nextcloud.nix
#./whiteboard.nix
./wireguard.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/disk/by-id/usb-HP_iLO_Internal_SD-CARD_000002660A01-0:0";
boot.loader.systemd-boot.enable = lib.mkForce false;
time.timeZone = "Europe/Berlin";
networking = {
useDHCP = false;
interfaces.eno1.ipv4.addresses = [{
address = "80.244.242.2";
prefixLength = 29;
}];
defaultGateway = "80.244.242.1";
nameservers = [ "95.129.51.51" "80.244.244.244" ];
};
nix = {
trustedUsers = [ "ci-cache-nix-store" ];
};
services.openssh.ports = [ 2222 ];
networking.nat.enable = true;
networking.nat.internalIPs = [ "10.10.42.0/24" ];
networking.nat.externalInterface = "eno1";
networking.firewall.allowedTCPPorts = [ 80 443 2222 ];
networking.firewall.allowedUDPPorts = [ 51899 ];
networking.firewall.enable = lib.mkForce true;
system.stateVersion = "21.05"; # Did you read the comment?
}

15
hosts/cube/cube.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, pkgs, lib, ... }:
with lib;
with pkgs;
let
psCfg = config.pub-solar;
in
{
imports = [
./configuration.nix
];
pub-solar.core.disk-encryption-active = false;
networking.networkmanager.enable = lib.mkForce false;
}

6
hosts/cube/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./cube.nix
] ++ suites.cube;
}

21
hosts/cube/drone.nix Normal file
View file

@ -0,0 +1,21 @@
{ self, config, pkgs, ... }:
{
age.secrets.drone_exec_runner_config = {
file = "${self}/secrets/cube_drone_exec_runner_config.age";
owner = "999";
};
pub-solar.ci-runner = {
enable = true;
enableKvm = true;
nixCacheLocation = "/mnt/internal/ci-cache-nix-store/nix";
runnerEnvironment = {
DRONE_RUNNER_CAPACITY = "1";
DRONE_RUNNER_LABELS = "hosttype:baremetal";
};
runnerVarsFile = "/run/agenix/drone_exec_runner_config";
};
}

38
hosts/cube/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "uhci_hcd" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.extraModprobeConfig = "options kvm_intel nested=1";
fileSystems."/" =
{
device = "/dev/disk/by-uuid/715ef65c-6cb3-4455-99ed-fe7408935d00";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/e76a2e82-bf17-4287-967c-bd0f16d16875";
fsType = "ext2";
};
fileSystems."/mnt/internal" =
{
device = "/dev/disk/by-uuid/3563f624-f8ed-4664-95d0-ca8b9db1c60a";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/4b0b445b-ae72-439a-8aeb-cbd6a3ed73b9"; }];
}

19
hosts/cube/home-assistant.nix Normal file
View file

@ -0,0 +1,19 @@
{ self, pkgs, config, ... }:
{
# HTTP
services.nginx = {
virtualHosts."ha.gssws.de" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.0.1.254:8123";
proxyWebsockets = true;
extraConfig =
"proxy_ssl_server_name on;" +
"proxy_pass_header Authorization;"
;
};
};
};
}

156
hosts/cube/nextcloud-apps.nix Normal file
View file

@ -0,0 +1,156 @@
{ self, pkgs, config, lib, ... }:
{
services.nextcloud.extraApps = {
"bookmarks" = pkgs.fetchNextcloudApp {
name = "bookmarks";
sha256 = "+Lon8Bbu1O6axALYFDQUkBw5K0fNonEehY51ZSqOiZA=";
url = "https://github.com/nextcloud/bookmarks/releases/download/v11.0.3/bookmarks-11.0.3.tar.gz";
version = "11.0.3";
};
"bruteforcesettings" = pkgs.fetchNextcloudApp {
name = "bruteforcesettings";
sha256 = "cy1Fg6kCiolkDtPF8u/n4JvPrdJadRv4FVMr1zB/Lmk=";
url = "https://github.com/nextcloud-releases/bruteforcesettings/releases/download/v2.4.0/bruteforcesettings-v2.4.0.tar.gz";
version = "2.4.0";
};
"calendar" = pkgs.fetchNextcloudApp {
name = "calendar";
sha256 = "+LRGl9h40AQdWN9SW+NqGwTafAGwV07Af8nVs3pUCm0=";
url = "https://github.com/nextcloud-releases/calendar/releases/download/v3.5.0/calendar-v3.5.0.tar.gz";
version = "3.5.0";
};
"contacts" = pkgs.fetchNextcloudApp {
name = "contacts";
sha256 = "GTiyZsUHBXPgQ17DHAihmt2W/ZnAjDwfgwnujkRwk6A=";
url = "https://github.com/nextcloud-releases/contacts/releases/download/v4.2.2/contacts-v4.2.2.tar.gz";
version = "4.2.2";
};
"cookbook" = pkgs.fetchNextcloudApp {
name = "cookbook";
sha256 = "v64rLGyMQOdStyivpJsKrNxwumVQvyK3CnHtZ+K+elE=";
url = "https://github.com/nextcloud/cookbook/releases/download/v0.9.15/Cookbook-0.9.15.tar.gz";
version = "0.9.15";
};
"cospend" = pkgs.fetchNextcloudApp {
name = "cospend";
sha256 = "VyTo7jii40a0m2hLuUH5PFJXzogECTfGq+2oifMtNNI=";
url = "https://github.com/eneiluj/cospend-nc/releases/download/v1.4.10/cospend-1.4.10.tar.gz";
version = "1.4.10";
};
"deck" = pkgs.fetchNextcloudApp {
name = "deck";
sha256 = "G4v1B5XHYuKEZxNhkd7Fu5OSbzwcS7yFaDkUkydpdPU=";
url = "https://github.com/nextcloud-releases/deck/releases/download/v1.7.1/deck-v1.7.1.tar.gz";
version = "1.7.1";
};
"files_accesscontrol" = pkgs.fetchNextcloudApp {
name = "files_accesscontrol";
sha256 = "7vfN3FF8pfQ3iQib/3EbG7r5HNyrQXjwgwJ9Cna6nT0=";
url = "https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v1.14.1/files_accesscontrol-v1.14.1.tar.gz";
version = "1.14.1";
};
"files_automatedtagging" = pkgs.fetchNextcloudApp {
name = "files_automatedtagging";
sha256 = "C59NQNxox4gyTqIwQX5Yi8D0VwNqoorPli6CE7bl/P0=";
url = "https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v1.14.0/files_automatedtagging-v1.14.0.tar.gz";
version = "1.14.0";
};
"files_fulltextsearch" = pkgs.fetchNextcloudApp {
name = "files_fulltextsearch";
sha256 = "+cKu9kvsPxajGzyZhu+DDqsxWKrpZmMMxAKg0tyZdBw=";
url = "https://github.com/nextcloud-releases/files_fulltextsearch/releases/download/v24.0.1/files_fulltextsearch-v24.0.1.tar.gz";
version = "24.0.1";
};
"files_markdown" = pkgs.fetchNextcloudApp {
name = "files_markdown";
sha256 = "6vrPNKcPmJ4DuMXN8/oRMr/B/dTlJn2GGi/w4t2wimk=";
url = "https://github.com/icewind1991/files_markdown/releases/download/v2.3.6/files_markdown.tar.gz";
version = "2.3.6";
};
"files_mindmap" = pkgs.fetchNextcloudApp {
name = "files_mindmap";
sha256 = "GcJqn90n9+3VDndNuiohLMDx9fmmMyMkNVNb/bB7ksM=";
url = "https://github.com/ACTom/files_mindmap/releases/download/v0.0.26/files_mindmap-0.0.26.tar.gz";
version = "0.0.26";
};
"fulltextsearch" = pkgs.fetchNextcloudApp {
name = "fulltextsearch";
sha256 = "7Yp+ZELZf2tqKoZ0td2CgPNym7EbLXyxbVKF8OdpNqs=";
url = "https://github.com/nextcloud-releases/fulltextsearch/releases/download/v24.0.0/fulltextsearch-v24.0.0.tar.gz";
version = "24.0.0";
};
"groupfolders" = pkgs.fetchNextcloudApp {
name = "groupfolders";
sha256 = "RHkvpAWH4HbKbM4ZoUy1HCzydVdw2SYQJvzO02sZEVQ=";
url = "https://github.com/nextcloud/groupfolders/releases/download/v12.0.2/groupfolders.tar.gz";
version = "12.0.2";
};
"impersonate" = pkgs.fetchNextcloudApp {
name = "impersonate";
sha256 = "ww11Rfcy0yXU5+8w/rOXRxH+7eD6G8RAm3fZ3PpXgdM=";
url = "https://github.com/nextcloud-releases/impersonate/releases/download/v1.11.0/impersonate-v1.11.0.tar.gz";
version = "1.11.0";
};
"keeweb" = pkgs.fetchNextcloudApp {
name = "keeweb";
sha256 = "idftaF9EU/f61HmL1gijeuKD4yPuf0MJPth4Xr9WgFs=";
url = "https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.9/keeweb-0.6.9.tar.gz";
version = "0.6.9";
};
"maps" = pkgs.fetchNextcloudApp {
name = "maps";
sha256 = "6dTNNGHKu97LZvRvg7452e2fw+2loUchtRuv31vLIgY=";
url = "https://github.com/nextcloud/maps/releases/download/v0.2.1/maps-0.2.1.tar.gz";
version = "0.2.1";
};
"news" = pkgs.fetchNextcloudApp {
name = "news";
sha256 = "eS0cFwJmYfGGJmA02AOWO/OXfqfyI71u2GataDj18DE=";
url = "https://github.com/nextcloud/news/releases/download/18.2.0/news.tar.gz";
version = "18.2.0";
};
"notes" = pkgs.fetchNextcloudApp {
name = "notes";
sha256 = "rd3uVkVtARX4enRAWm1ivV468lboYZnYe7/zsqaHYpk=";
url = "https://github.com/nextcloud/notes/releases/download/v4.5.1/notes.tar.gz";
version = "4.5.1";
};
"quota_warning" = pkgs.fetchNextcloudApp {
name = "quota_warning";
sha256 = "UaURF2NIj0h+81vbbFxZuyFX7B9QsicUMK5RKtG5O04=";
url = "https://github.com/nextcloud-releases/quota_warning/releases/download/v1.14.0/quota_warning-v1.14.0.tar.gz";
version = "1.14.0";
};
"richdocuments" = pkgs.fetchNextcloudApp {
name = "richdocuments";
sha256 = "nov6GQX4FEg1MAxuTvWxuk9yAPuWHtE1rsbM1B/1Dgk=";
url = "https://github.com/nextcloud-releases/richdocuments/releases/download/v6.2.0/richdocuments-v6.2.0.tar.gz";
version = "6.2.0";
};
#"richdocumentscode" = pkgs.fetchNextcloudApp {
# name = "richdocumentscode";
# sha256 = "URbEB3I02SjoVlRI+gjoNi+/o5Oe4snmoKQUff4T9+A=";
# url = "https://github.com/CollaboraOnline/richdocumentscode/releases/download/22.5.502/richdocumentscode.tar.gz";
# version = "22.5.502";
#};
"spreed" = pkgs.fetchNextcloudApp {
name = "spreed";
sha256 = "wg4BYhcbWCaz1OE4sIVlV1r0cUX5Z923ej7Y/Meands=";
url = "https://github.com/nextcloud-releases/spreed/releases/download/v14.0.5/spreed-v14.0.5.tar.gz";
version = "14.0.5";
};
"tasks" = pkgs.fetchNextcloudApp {
name = "tasks";
sha256 = "kXXUzzODi/qRi2NqtJyiS1GmLTx0kFAwtH1p0rCdnRM=";
url = "https://github.com/nextcloud/tasks/releases/download/v0.14.4/tasks.tar.gz";
version = "0.14.4";
};
"twofactor_totp" = pkgs.fetchNextcloudApp {
name = "twofactor_totp";
sha256 = "cRtpRs1s31l8xG84YkZIuR3C3pg2kQFNlrY2f5NTSBo=";
url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.0/twofactor_totp-v6.4.0.tar.gz";
version = "6.4.0";
};
};
}

142
hosts/cube/nextcloud.nix Normal file
View file

@ -0,0 +1,142 @@
{ self, pkgs, config, lib, ... }:
{
imports = [
./nextcloud-apps.nix
];
age.secrets.nextcloud_db_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${self}/secrets/cube_nextcloud_db_pass.age";
};
age.secrets.nextcloud_admin_pass = {
owner = "nextcloud";
group = "nextcloud";
file = "${self}/secrets/cube_nextcloud_admin_pass.age";
};
# HTTP
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
virtualHosts."data.gssws.de" = {
enableACME = true;
forceSSL = true;
};
};
# DATABASES
services.postgresql = {
enable = true;
package = pkgs.postgresql_11;
ensureDatabases = [ "nextcloud" ];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# REDIS
services.redis.servers = {
"nextcloud".enable = true;
};
users.groups."redis-nextcloud".members = [ "nextcloud" ];
# Collabora Code server
virtualisation.oci-containers.containers."nextcloud-collabora-code" = {
image = "collabora/code";
autoStart = true;
ports = [ "127.0.0.1:9980:9980" ];
environment.domain = "data\\.gssws\\.de";
extraOptions = [ "--cap-add" "MKNOD" ];
};
services.nginx.virtualHosts."office.gssws.de" =
let
proxyPass = "https://127.0.0.1:9980";
extraConfig = "proxy_ssl_verify off;";
in
{
enableACME = true;
forceSSL = true;
locations."^~ /browser" = {
inherit proxyPass extraConfig;
};
locations."^~ /hosting/discovery" = {
inherit proxyPass extraConfig;
};
locations."^~ /hosting/capabilities" = {
inherit proxyPass extraConfig;
};
locations."~ ^/cool/(.*)/ws''$" = {
inherit proxyPass extraConfig;
proxyWebsockets = true;
};
locations."~ ^/(c|l)ool" = {
inherit proxyPass extraConfig;
};
locations."^~ /cool/adminws" = {
inherit proxyPass extraConfig;
proxyWebsockets = true;
};
};
# NEXTCLOUD
systemd.services."nextcloud-setup" = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud24;
hostName = "data.gssws.de";
https = true;
datadir = "/mnt/internal/nextcloud";
caching.apcu = true;
caching.redis = true;
phpPackage = lib.mkForce pkgs.php81;
phpOptions = {
short_open_tag = "Off";
expose_php = "Off";
error_reporting = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
display_errors = "stderr";
"opcache.enable_cli" = "1";
"opcache.interned_strings_buffer" = "32";
"opcache.max_accelerated_files" = "100000";
"opcache.memory_consumption" = "256";
"opcache.revalidate_freq" = "1";
"opcache.fast_shutdown" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
catch_workers_output = "yes";
};
config = {
overwriteProtocol = "https";
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
dbpassFile = "/run/agenix/nextcloud_db_pass";
adminpassFile = "/run/agenix/nextcloud_admin_pass";
adminuser = "admin";
trustedProxies = [ "80.244.242.2" ];
defaultPhoneRegion = "DE";
};
};
}

63
hosts/cube/wireguard.nix Normal file
View file

@ -0,0 +1,63 @@
{ self, config, pkgs, ... }:
{
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cube_wireguard_key.age";
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
# Enable WireGuard
networking.wireguard.interfaces = {
wg1 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [ "10.0.1.5" ];
listenPort = 51899; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = [ "10.0.1.13/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# hsha
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";
allowedIPs = [ "10.0.1.254/32" ];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
}

57
hosts/falcone/configuration.nix Normal file
View file

@ -0,0 +1,57 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ inputs, pkgs, builtins, config, lib, ... }:
{
imports =
[
./hardware-configuration.nix
];
pub-solar.core.disk-encryption-active = false;
boot.loader.timeout = lib.mkForce 0;
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
boot.loader.grub = {
enable = lib.mkForce true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
extraInstallCommands = ''
cp -r ${inputs.nixpkgs-hensoko.packages.aarch64-linux.raspberrypi4_firmware_uefi}/share/raspberrypi4-firmware-uefi/* /boot/
'';
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = false;
networking.networkmanager.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 2380 6443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

6
hosts/falcone/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./falcone.nix
] ++ suites.falcone;
}

16
hosts/falcone/falcone.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
boot.plymouth.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
};
}

35
hosts/falcone/hardware-configuration.nix Normal file
View file

@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
#boot.initrd.supportedFilesystems = [ "zfs" ];
#boot.supportedFilesystems = [ "zfs" ];
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
fileSystems."/" =
{ device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

65
hosts/giggles/configuration.nix Normal file
View file

@ -0,0 +1,65 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./home-controller.nix
];
boot.loader.timeout = 0;
boot.loader.generic-extlinux-compatible.enable = lib.mkForce false;
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = true;
device = "nodev";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = true;
networking.interfaces.wlan0.useDHCP = false;
networking.networkmanager.enable = lib.mkForce false;
boot.loader.systemd-boot.enable = lib.mkForce false;
nix = {
#package = pkgs.nixFlakes;
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 2380 6443 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

6
hosts/giggles/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./giggles.nix
] ++ suites.giggles;
}

16
hosts/giggles/giggles.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
boot.plymouth.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
};
}

61
hosts/giggles/hardware-configuration.nix Normal file
View file

@ -0,0 +1,61 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "uas" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.supportedFilesystems = [ "zfs" ];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18;
boot.initrd.luks.devices = {
cryptroot = {
device = "/dev/disk/by-uuid/ef5804e2-2b07-4434-8144-6ae7d9f615e2";
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04020116120721075123-0:0-part1";
bypassWorkqueues = true;
fallbackToPassword = true;
};
};
fileSystems."/" =
{
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/2F05-9B4A";
fsType = "vfat";
};
fileSystems."/var/lib/rancher/k3s/storage" =
{
device = "zroot/kubernetes-localstorage";
fsType = "zfs";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/ddad2310-57b5-4851-a7bd-280d7182bcec"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = false;
networking.interfaces.eth0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
networking.hostId = "71f2d82a";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

53
hosts/giggles/home-controller.nix Normal file
View file

@ -0,0 +1,53 @@
{ self, config, pkgs, ... }:
{
config = {
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_giggles_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "server";
ownIp = "10.0.1.11";
k3s = {
enableLocalStorage = true;
enableZfs = true;
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# cube
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
allowedIPs = [ "10.0.1.5/32" ];
endpoint = "data.gssws.de:51899";
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
endpoint = "cox.local:51899";
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = [ "10.0.1.13/32" ];
endpoint = "companion.local:51899";
persistentKeepalive = 25;
}
{
# ringo
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
allowedIPs = [ "10.0.1.21/32" ];
endpoint = "ringo.local:51899";
persistentKeepalive = 25;
}
];
};
};
};
}

19
hosts/harrison/.config/sway/config.d/screens.conf Normal file
View file

@ -0,0 +1,19 @@
set $left 'Dell Inc. DELL S2721DS D0SVQ43'
set $middle 'Samsung Electric Company SMBX2450L 0x00003231'
set $right 'Eizo Nanao Corporation EV2316W 39117013'
output $left {
scale 1
pos 0 0
transform 270
}
output $middle {
scale 1
pos 1440 1150
}
output $right {
scale 1
pos 3360 1150
}

49
hosts/harrison/configuration.nix Normal file
View file

@ -0,0 +1,49 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Set your time zone.
time.timeZone = "Europe/Berlin";
time.hardwareClockInLocalTime = true; # easiest quirk for windows time offset feature
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.dhcpcd.wait = "background";
networking.useDHCP = false;
networking.interfaces.eno1 = {
useDHCP = true;
wakeOnLan = {
enable = true;
};
};
networking.networkmanager.enable = lib.mkForce false;
nixpkgs.config.allowUnsupportedSystem = true;
# List services that you want to enable:
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

6
hosts/harrison/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./harrison.nix
] ++ suites.harrison;
}

70
hosts/harrison/hardware-configuration.nix Normal file
View file

@ -0,0 +1,70 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid1" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/e3a0394d-8bb5-4049-bf65-90d7202163cd";
keyFile = "/dev/disk/by-id/usb-SanDisk_Cruzer_Blade_04011806021722115743-0:0-part1";
fallbackToPassword = true;
bypassWorkqueues = true;
};
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.loader.efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
boot.loader.grub = {
efiSupport = true;
enable = lib.mkForce true;
extraEntries = ''
menuentry "Windows" {
insmod part_gpt
insmod fat
insmod search_fs_uuid
insmod chain
search --fs-uuid --set=root 02DB-F12C
chainloader /efi/Microsoft/Boot/bootmgfw.efi
}
'';
devices = [ "nodev" ];
};
fileSystems = {
"/" =
{
device = "/dev/disk/by-uuid/4ad4db6d-543e-4cc5-a781-396e3b527a05";
fsType = "ext4";
};
"/boot" =
{
device = "/dev/disk/by-uuid/4B4A-B1B4";
fsType = "vfat";
};
"/boot2" =
{
device = "/dev/disk/by-uuid/4B2C-385A";
fsType = "vfat";
};
};
swapDevices =
[{ device = "/dev/mapper/vg0-swap"; }];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

21
hosts/harrison/harrison.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, pkgs, lib, ... }:
with lib;
with pkgs;
let
psCfg = config.pub-solar;
in
{
imports = [
./configuration.nix
];
config = {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
services.teamviewer.enable = true;
};
}

16
hosts/norman/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,16 @@
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

13
hosts/norman/.config/sway/config.d/screens.conf Normal file
View file

@ -0,0 +1,13 @@
set $left 'Dell Inc. DELL S2721DS D0SVQ43'
set $middle 'Samsung Electric Company SMBX2450L 0x00003231'
output $left {
scale 1
pos 0 0
transform 270
}
output $middle {
scale 1
pos 1440 1050
}

63
hosts/norman/configuration.nix Normal file
View file

@ -0,0 +1,63 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./wireguard.nix
];
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.firewall = {
allowedUDPPorts = [
51820
51821
]; # Clients and peers can use the same port, see listenport
};
hardware.nitrokey.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
services.tlp = {
enable = true;
settings = {
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_SCALING_GOVERNOR_ON_AC = "performance";
# The following prevents the battery from charging fully to
# preserve lifetime. Run `tlp fullcharge` to temporarily force
# full charge.
# https://linrunner.de/tlp/faq/battery.html#how-to-choose-good-battery-charge-thresholds
START_CHARGE_THRESH_BAT0 = 40;
STOP_CHARGE_THRESH_BAT0 = 80;
# 100 being the maximum, limit the speed of my CPU to reduce
# heat and increase battery usage:
CPU_MAX_PERF_ON_AC = 100;
CPU_MAX_PERF_ON_BAT = 30;
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

6
hosts/norman/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./norman.nix
] ++ suites.norman;
}

46
hosts/norman/hardware-configuration.nix Normal file
View file

@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "uas" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.loader.grub.trustedBoot = {
enable = true;
systemHasTPM = "YES_TPM_is_activated";
};
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/cdc29f0f-5b18-4ee7-8d38-1f4bac80b1e6";
bypassWorkqueues = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/5b441f8f-d7eb-44f8-8df2-7354b3314a61";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/84CD-91B6";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/54162798-9017-4b59-afd7-ab9578da4bb9"; }];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.trackpoint = {
enable = true;
device = "TPPS/2 ALPS TrackPoint";
emulateWheel = true;
};
}

22
hosts/norman/norman.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
pub-solar.audio.bluetooth.enable = false;
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
};
}

93
hosts/norman/wireguard.nix Normal file
View file

@ -0,0 +1,93 @@
{ config, pkgs, ... }:
{
systemd.services.wireguard-wg0.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wg0.serviceConfig.RestartSec = "5s";
systemd.services.wireguard-wg1.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wg1.serviceConfig.RestartSec = "5s";
# Enable WireGuard
networking.wireguard.interfaces = {
# "wg0" is the network interface name. You can name the interface arbitrarily.
wg0 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [
"10.0.0.13/32"
"fc00:200::13/128"
];
listenPort = 51820; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/home/hensoko/.config/wireguard/hosting-de.private";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = "02/MRPduMGx1as7yS4G7GpL4+pQjsjpyS/tD9iPu8X0=";
# Forward all the traffic via VPN.
allowedIPs = [
"10.0.0.0/24"
"192.168.50.0/24"
"192.168.200.0/24"
"10.20.30.0/24"
"fc00:200::/120"
"95.129.51.5"
"95.129.54.43"
"134.0.28.89"
"134.0.27.108"
"134.0.25.181"
];
# Set this to the server IP and port.
endpoint = "134.0.30.154:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
wg1 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [
"10.7.0.21"
];
listenPort = 51821; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
# Path to the private key file.
#
# Note: The private key can also be included inline via the privateKey option,
# but this makes the private key world-readable; thus, using privateKeyFile is
# recommended.
privateKeyFile = "/home/hensoko/.config/wireguard/data-gssws-de.private";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# Public key of the server (not a file path).
publicKey = "RwMocdha7fyx+MGTtQpZhZQGJY4WU79YgpspYBclK3c=";
# Forward all the traffic via VPN.
allowedIPs = [
"10.7.0.0/24"
];
# Set this to the server IP and port.
endpoint = "80.244.242.2:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
];
};
};
}

110
hosts/redpanda/configuration.nix Normal file
View file

@ -0,0 +1,110 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.systemd-boot.enable = lib.mkForce false;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s3.useDHCP = true;
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
nix = {
#package = pkgs.nixFlakes;
extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes";
};
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim
wget
firefox
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

6
hosts/redpanda/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./redpanda.nix
] ++ suites.redpanda;
}

21
hosts/redpanda/hardware-configuration.nix Normal file
View file

@ -0,0 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "ohci_pci" "virtio_pci" "sd_mod" "sr_mod" "virtio_scsi" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
#virtualisation.virtualbox.guest.enable = true;
}

17
hosts/redpanda/redpanda.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
#pub-solar.nextcloud.enable = lib.mkForce false;
config = {
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
};
}

35
hosts/ringo/configuration.nix Normal file
View file

@ -0,0 +1,35 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
./hardware-configuration.nix
./home-controller.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Set your time zone.
time.timeZone = "Europe/Berlin";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.enp0s25.useDHCP = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

6
hosts/ringo/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./ringo.nix
] ++ suites.ringo;
}

43
hosts/ringo/hardware-configuration.nix Normal file
View file

@ -0,0 +1,43 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/bd1ebf98-adc1-4868-842f-3d2c6ee04e13";
keyFile = "/dev/disk/by-partuuid/9ff6ebf7-01";
fallbackToPassword = true;
bypassWorkqueues = true;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/1999ec2e-4564-4f5a-8333-6eb23ae03c8b";
fsType = "ext4";
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/47ED-2F0B";
fsType = "vfat";
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/69c89392-be11-4bd4-8f3b-6b7db20c716e";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/4ef0cdbc-38f4-4dcb-8fe8-553bbdb06192"; }];
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

43
hosts/ringo/home-controller.nix Normal file
View file

@ -0,0 +1,43 @@
{ self, config, pkgs, ... }:
{
config = {
age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_ringo_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "agent";
ownIp = "10.0.1.21";
k3s = {
serverAddr = "https://api.kube:6443";
tokenFile = "/run/agenix/home_controller_k3s_token";
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
endpoint = "giggles.local:51899";
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
endpoint = "cox.local:51899";
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = [ "10.0.1.13/32" ];
endpoint = "companion.local:51899";
}
];
};
};
};
}

13
hosts/ringo/ringo.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config.pub-solar.core.lite = true;
}

3
modules/audio/default.nix
View file

@ -65,6 +65,9 @@ in
context.default.clock = {
allowed-rates = [ 44100 48000 88200 96000 ];
rate = 44100;
quantum = 2048;
min-quantum = 1024;
max-quantum = 4096;
};
};
config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json);

2
modules/compat/default.nix
View file

@ -2,5 +2,5 @@
# Both things below are for
# https://github.com/NixOS/nixpkgs/issues/124215
documentation.info.enable = lib.mkForce false;
nix.sandboxPaths = [ "/bin/sh=${pkgs.bash}/bin/sh" ];
nix.settings.extra-sandbox-paths = [ "/bin/sh=${pkgs.bash}/bin/sh" ];
}

0
modules/core/bluetooth.nix Normal file
View file

6
modules/core/hibernation.nix
View file

@ -12,8 +12,8 @@ in
};
resumeDevice = mkOption {
type = types.str;
default = "/dev/sda1";
type = types.nullOr types.str;
default = null;
description = "The location of the hibernation resume swap file.";
};
@ -26,7 +26,7 @@ in
config = {
boot = mkIf cfg.enable {
resumeDevice = cfg.resumeDevice;
resumeDevice = mkIf (cfg.resumeDevice != null) cfg.resumeDevice;
kernelParams = mkIf (cfg.resumeOffset != null) [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
};
};

31
modules/core/networking.nix
View file

@ -1,10 +1,12 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.pub-solar.core;
in
{
config,
pkgs,
lib,
...
}:
with lib; let
cfg = config.pub-solar.core;
in {
options.pub-solar.core = {
enableCaddy = mkOption {
type = types.bool;
@ -17,12 +19,12 @@ in
binaryCaches = mkOption {
type = types.listOf types.str;
default = [ ];
default = [];
description = "Binary caches to use.";
};
publicKeys = mkOption {
type = types.listOf types.str;
default = [ ];
default = [];
description = "Public keys of binary caches.";
};
};
@ -39,15 +41,16 @@ in
networking.firewall.enable = true;
# Customized binary caches list (with fallback to official binary cache)
nix.binaryCaches = cfg.binaryCaches;
nix.binaryCachePublicKeys = cfg.publicKeys;
nix.settings.substituters = cfg.binaryCaches;
nix.settings.trusted-public-keys = cfg.publicKeys;
# These entries get added to /etc/hosts
networking.hosts = {
"127.0.0.1" = [ ]
++ lib.optionals cfg.enableCaddy [ "caddy.local" ]
++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ]
++ lib.optionals cfg.enableHelp [ "help.local" ];
"127.0.0.1" =
[]
++ lib.optionals cfg.enableCaddy ["caddy.local"]
++ lib.optionals config.pub-solar.printing.enable ["cups.local"]
++ lib.optionals cfg.enableHelp ["help.local"];
};
# Caddy reverse proxy for local services like cups

26
modules/core/nix.nix
View file

@ -1,19 +1,25 @@
{ config, pkgs, lib, inputs, ... }:
{
config,
pkgs,
lib,
inputs,
...
}: {
nix = {
# Use default version alias for nix package
package = pkgs.nix;
# Improve nix store disk usage
autoOptimiseStore = true;
gc.automatic = true;
optimise.automatic = true;
# Prevents impurities in builds
useSandbox = true;
# give root and @wheel special privileges with nix
trustedUsers = [ "root" "@wheel" ];
# This is just a representation of the nix default
systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
settings = {
# Improve nix store disk usage
auto-optimise-store = true;
# Prevents impurities in builds
sandbox = true;
# give root and @wheel special privileges with nix
trusted-users = ["root" "@wheel"];
# This is just a representation of the nix default
system-features = ["nixos-test" "benchmark" "big-parallel" "kvm"];
};
# Generally useful nix option defaults
extraOptions = ''
min-free = 536870912

10
modules/crypto/default.nix
View file

@ -16,11 +16,18 @@ in
services.gnome.gnome-keyring.enable = true;
environment.shellInit = ''
gpg-connect-agent /bye
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
'';
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs;
services.gpg-agent = {
enable = true;
defaultCacheTtl = 300;
enableSshSupport = true;
pinentryFlavor = "gnome3";
verbose = true;
};
@ -32,9 +39,6 @@ in
home.packages = [
gnome.seahorse
keepassxc
libsecret
qMasterPassword
restic
];
};
};

2
modules/devops/default.nix
View file

@ -19,7 +19,7 @@ in
ansible-lint
restic
shellcheck
terraform_0_15
terraform
];
};
};

105
modules/docker-ci-runner/default.nix Normal file
View file

@ -0,0 +1,105 @@
{ lib, config, pkgs, self, ... }:
with lib;
let
bootstrap = pkgs.writeScript "bootstrap.sh" ''
#!/usr/bin/env bash
set -e
apt update
apt install --yes curl git sudo xz-utils
adduser --system --uid 999 build
chown build /nix
sudo -u build curl -L https://nixos.org/nix/install > install
sudo -u build sh install
echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile
mkdir /etc/nix
echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf
export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json"
mkdir -p $(dirname \\$nix_user_config_file)
echo '{"extra-experimental-features":{"nix-command flakes":true},"extra-substituters":{"https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org":true},"extra-trusted-public-keys":{"nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=":true}}' > \\$nix_user_config_file
chown -R build /home/build/
curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz
sudo install -t /usr/local/bin drone-runner-exec
if [ ! -f /run/vars ]; then
exit 1
fi
cp -a /run/vars /run/runtime-vars
env | grep "DRONE" >> /run/runtime-vars
su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars"
'';
psCfg = config.pub-solar;
cfg = config.pub-solar.docker-ci-runner;
in
{
options.pub-solar.docker-ci-runner = {
enable = lib.mkEnableOption "Enables a systemd service that runs drone-ci-runner";
enableKvm = lib.mkOption {
description = ''
Enable kvm support.
'';
default = true;
type = types.bool;
};
nixCacheLocation = lib.mkOption {
description = ''
Location of nix cache that is shared between builds
'';
type = types.path;
};
runnerEnvironment = lib.mkOption {
description = ''
Additional environment vars added to the vars file on container runtime
'';
default = {};
};
runnerVarsFile = lib.mkOption {
description = ''
Location of vars file passed to drone runner
'';
type = types.path;
};
};
config = lib.mkIf cfg.enable {
virtualisation = {
docker = {
enable = true; # sadly podman is not supported rightnow
};
oci-containers = {
backend = "docker";
containers."drone-exec-runner" = {
image = "debian";
autoStart = true;
entrypoint = "bash";
cmd = [ "/bootstrap.sh" ];
volumes = [
"${cfg.runnerVarsFile}:/run/vars"
"${cfg.nixCacheLocation}:/nix"
"${bootstrap}:/bootstrap.sh"
];
environment = cfg.runnerEnvironment;
extraOptions = lib.mkIf cfg.enableKvm [ "--device=/dev/kvm" ];
};
};
};
};
}

20
modules/docker/default.nix
View file

@ -1,19 +1,23 @@
{ lib, config, pkgs, ... }:
with lib;
let
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.docker;
in
{
in {
options.pub-solar.docker = {
enable = mkEnableOption "Life in metal boxes";
};
config = mkIf cfg.enable {
virtualisation.docker.enable = true;
users.users = with pkgs; pkgs.lib.setAttrByPath [ psCfg.user.name ] {
extraGroups = [ "docker" ];
};
users.users = with pkgs;
pkgs.lib.setAttrByPath [psCfg.user.name] {
extraGroups = ["docker"];
};
environment.systemPackages = with pkgs; [
docker-compose

138
modules/graphical/alacritty.nix
View file

@ -66,29 +66,97 @@
x = 0;
y = 0;
};
use_thin_strokes = true;
};
key_bindings = [
{ key = "V"; mods = "Control|Alt"; action = "Paste"; }
{ key = "C"; mods = "Control|Alt"; action = "Copy"; }
{ key = "Paste"; action = "Paste"; }
{ key = "Copy"; action = "Copy"; }
{ key = "Q"; mods = "Command"; action = "Quit"; }
{ key = "W"; mods = "Command"; action = "Quit"; }
{ key = "Insert"; mods = "Shift"; action = "PasteSelection"; }
{ key = "Key0"; mods = "Control"; action = "ResetFontSize"; }
{ key = "Equals"; mods = "Control"; action = "IncreaseFontSize"; }
{ key = "PageUp"; mods = "Shift"; action = "ScrollPageUp"; }
{ key = "PageDown"; mods = "Shift"; action = "ScrollPageDown"; }
{ key = "Minus"; mods = "Control"; action = "DecreaseFontSize"; }
{ key = "H"; mode = "Vi|~Search"; action = "ScrollToBottom"; }
{ key = "H"; mode = "Vi|~Search"; action = "ToggleViMode"; }
{ key = "I"; mode = "Vi|~Search"; action = "Up"; }
{ key = "K"; mode = "Vi|~Search"; action = "Down"; }
{ key = "J"; mode = "Vi|~Search"; action = "Left"; }
{ key = "L"; mode = "Vi|~Search"; action = "Right"; }
{
key = "V";
mods = "Control|Alt";
action = "Paste";
}
{
key = "C";
mods = "Control|Alt";
action = "Copy";
}
{
key = "Paste";
action = "Paste";
}
{
key = "Copy";
action = "Copy";
}
{
key = "Q";
mods = "Command";
action = "Quit";
}
{
key = "W";
mods = "Command";
action = "Quit";
}
{
key = "Insert";
mods = "Shift";
action = "PasteSelection";
}
{
key = "Key0";
mods = "Control";
action = "ResetFontSize";
}
{
key = "Equals";
mods = "Control";
action = "IncreaseFontSize";
}
{
key = "PageUp";
mods = "Shift";
action = "ScrollPageUp";
}
{
key = "PageDown";
mods = "Shift";
action = "ScrollPageDown";
}
{
key = "Minus";
mods = "Control";
action = "DecreaseFontSize";
}
{
key = "H";
mode = "Vi|~Search";
action = "ScrollToBottom";
}
{
key = "H";
mode = "Vi|~Search";
action = "ToggleViMode";
}
{
key = "I";
mode = "Vi|~Search";
action = "Up";
}
{
key = "K";
mode = "Vi|~Search";
action = "Down";
}
{
key = "J";
mode = "Vi|~Search";
action = "Left";
}
{
key = "L";
mode = "Vi|~Search";
action = "Right";
}
];
# Base16 Burn 256 - alacritty color config
@ -164,12 +232,30 @@
};
indexed_colors = [
{ index = 16; color = "0xdf5923"; }
{ index = 17; color = "0xd70000"; }
{ index = 18; color = "0x2d2a2e"; }
{ index = 19; color = "0x303030"; }
{ index = 20; color = "0xd3d1d4"; }
{ index = 21; color = "0x303030"; }
{
index = 16;
color = "0xdf5923";
}
{
index = 17;
color = "0xd70000";
}
{
index = 18;
color = "0x2d2a2e";
}
{
index = 19;
color = "0x303030";
}
{
index = 20;
color = "0xd3d1d4";
}
{
index = 21;
color = "0x303030";
}
];
};
}

131
modules/home-controller/default.nix Normal file
View file

@ -0,0 +1,131 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
in
{
imports = [
./k3s.nix
./wireguard.nix
];
options.pub-solar.home-controller = {
enable = mkEnableOption "Control your home";
role = mkOption {
description = ''
Whether the node should run as a server or agent.
Note that the server, by default, also runs as an agent.
'';
default = "server";
type = types.enum [ "server" "agent" ];
};
ownIp = mkOption {
description = ''
Internal ip in wireguard used for cluster control-plane communication.
'';
type = types.str;
};
k3s = {
enableLocalStorage = mkOption {
description = ''
Enable local storage provisioner.
'';
default = false;
type = types.bool;
};
defaultLocalStoragePath = mkOption {
description = ''
Default path to use for local storage provisioner.
'';
default = "/var/lib/rancher/k3s/storage";
type = types.path;
};
flannelBackend = mkOption {
description = ''
Flannel backend to use.
'';
default = "wireguard-native";
type = types.str;
};
serverAddr = mkOption {
description = ''
Set server address of master
'';
default = "";
type = types.str;
example = "https://api.kube:6443";
};
tokenFile = mkOption {
description = ''
Location of token file used to join cluster.
'';
default = "";
type = types.str;
};
enableZfs = mkOption {
description = ''
Enable when k3s should use a ZFS compatible runtime.
'';
default = false;
type = types.bool;
};
zfsPool = mkOption {
description = ''
The ZFS pool to use and create a containerd volume in.
'';
default = "zroot";
type = types.str;
};
};
wireguard = {
privateKeyFile = mkOption {
description = ''
Location of private key file
'';
type = types.path;
};
listenPort = mkOption {
description = ''
Port for wireguard.
'';
default = 51899;
type = types.int;
};
peers = mkOption {
description = ''
Wireguard peers.
'';
type = types.listOf types.attrs;
};
};
};
config = mkIf cfg.enable {
boot.kernelModules = [ "rbd" ];
networking.extraHosts =
''
192.168.42.231 ringo.local
192.168.42.232 giggles.local
192.168.42.234 cox.local
192.168.42.236 companion.local
10.0.1.11 api.kube giggles.kube
10.0.1.12 cox.kube
10.0.1.13 companion.kube
10.0.1.21 ringo.kube
'';
};
}

77
modules/home-controller/k3s.nix Normal file
View file

@ -0,0 +1,77 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
in
{
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
kubernetes-helm
];
environment.sessionVariables = lib.mkIf (cfg.role == "server") rec {
KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
};
networking.firewall.enable = lib.mkForce false;
services.k3s = {
enable = true;
role = cfg.role;
serverAddr = lib.mkIf (cfg.k3s.serverAddr != "") cfg.k3s.serverAddr;
tokenFile = lib.mkIf (cfg.k3s.tokenFile != "") cfg.k3s.tokenFile;
extraFlags = concatStringsSep " " (
[
"--node-ip ${cfg.ownIp}"
"--container-runtime-endpoint unix:///run/containerd/containerd.sock"
"${optionalString (cfg.role == "server") "--disable servicelb"}"
"${optionalString (cfg.role == "server") "--disable traefik"}"
"${optionalString (cfg.role == "server") "--bind-address ${cfg.ownIp}"}"
"${optionalString (cfg.role == "server" && cfg.k3s.flannelBackend != "") "--flannel-backend=${cfg.k3s.flannelBackend}"}"
"${optionalString (cfg.role == "server" && !cfg.k3s.enableLocalStorage) "--disable local-storage"}"
"${optionalString (cfg.role == "server" && cfg.k3s.enableLocalStorage) "--default-local-storage-path ${cfg.k3s.defaultLocalStoragePath}"}"
"${optionalString cfg.k3s.enableZfs "--snapshotter=zfs"}"
]
);
};
systemd.services.containerd = mkIf cfg.k3s.enableZfs {
serviceConfig = {
ExecStartPre = [
"-${pkgs.zfs}/bin/zfs create -o mountpoint=/var/lib/containerd/io.containerd.snapshotter.v1.zfs ${cfg.k3s.zfsPool}/containerd"
];
};
};
systemd.services.k3s = {
after = [ "containerd.service" ];
requisite = [ "containerd.service" ];
};
virtualisation.containerd = {
enable = true;
settings =
let
fullCNIPlugins = pkgs.buildEnv {
name = "full-cni";
paths = with pkgs; [
cni-plugins
cni-plugin-flannel
];
};
in
{
plugins."io.containerd.grpc.v1.cri".cni = {
bin_dir = "${fullCNIPlugins}/bin";
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d/";
};
};
};
};
}

23
modules/home-controller/wireguard.nix Normal file
View file

@ -0,0 +1,23 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
in
{
config = mkIf cfg.enable {
systemd.services.wireguard-wghome.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wghome.serviceConfig.RestartSec = "5s";
networking.firewall.allowedUDPPorts = [ cfg.wireguard.listenPort ];
networking.wireguard.interfaces = {
wghome = {
ips = [ cfg.ownIp ];
listenPort = cfg.wireguard.listenPort;
privateKeyFile = cfg.wireguard.privateKeyFile;
peers = cfg.wireguard.peers;
};
};
};
}

22
modules/server/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.server;
in
{
options.pub-solar.server = {
enable = mkEnableOption "Enable server options like sshd";
};
config = mkIf cfg.enable {
pub-solar.core.lite = true;
services.openssh = {
enable = true;
permitRootLogin = lib.mkForce "prohibit-password";
passwordAuthentication = true;
openFirewall = true;
};
};
}

5
modules/social/default.nix
View file

@ -14,8 +14,11 @@ in
home.packages = [
signal-desktop
tdesktop
discord
element-desktop
irssi
tdesktop
mattermost-desktop
whatsapp-for-linux
];
};
};

14
modules/sway/config/config.d/applications.conf
View file

@ -1,15 +1,17 @@
# switch to workspace with urgent window automatically
for_window [urgent=latest] focus
assign [app_id="Element"] $ws7
assign [app_id="Signal"] $ws7
assign [app_id="telegramdesktop"] $ws7
assign [app_id="rambox"] $ws7
assign [class="Mattermost"] $ws7
for_window [app_id="keepassxc"] floating disable
assign [app_id="keepassxc"] $ws8
for_window [app_id="virt-manager"] floating disable
assign [app_id="virt-manager"] $ws9
assign [instance="element"] $ws4
assign [app_id="Signal"] $ws4
assign [app_id="telegramdesktop"] $ws4
assign [app_id=thunderbird title="^.+$"] $ws9
for_window [app_id=thunderbird title="^$"] floating enable
# Launcher
for_window [app_id="launcher" title="Alacritty"] floating enable, border pixel 10, sticky enable

109
modules/sway/default.nix
View file

@ -1,9 +1,12 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
in
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
options.pub-solar.sway = {
enable = mkEnableOption "Life in boxes";
@ -22,14 +25,14 @@ in
config = mkIf psCfg.sway.enable (mkMerge [
(mkIf (psCfg.sway.v4l2loopback.enable) {
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
boot.kernelModules = ["v4l2loopback"];
boot.extraModprobeConfig = ''
options v4l2loopback exclusive_caps=1 devices=3
'';
})
({
{
environment.systemPackages = with pkgs; [
linuxPackages.v4l2loopback
];
@ -48,60 +51,60 @@ in
};
};
};
extraPortals = with pkgs; [ xdg-desktop-portal-gtk ];
gtkUsePortal = true;
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
services.pipewire.enable = true;
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = with pkgs; [
sway
grim
kanshi
mako
slurp
swayidle
swaylock
swaybg
xwayland
home-manager = with pkgs;
pkgs.lib.setAttrByPath ["users" psCfg.user.name] {
home.packages = with pkgs; [
sway
grim
kanshi
mako
slurp
swayidle
swaylock
swaybg
xwayland
libappindicator-gtk3
libappindicator-gtk3
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
sway-launcher
record-screen
import-gtk-settings
s
wcwd
];
sway-launcher
record-screen
import-gtk-settings
s
wcwd
];
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; };
systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; };
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; };
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
};
})
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
};
}
]);
}

2
modules/terminal-life/default.nix
View file

@ -47,7 +47,7 @@ in
watson
];
programs.neovim = import ./nvim { inherit config; inherit pkgs; };
programs.neovim = import ./nvim { inherit config; inherit pkgs; inherit lib; };
programs.fzf = import ./fzf { inherit config; inherit pkgs; };
programs.zsh = import ./zsh { inherit config; inherit pkgs; inherit self; };
};

31
modules/terminal-life/nvim/default.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, pkgs, lib, ... }:
let
psCfg = config.pub-solar;
cfg = config.pub-solar.terminal-life;
@ -17,29 +17,22 @@ in
withRuby = true;
withPython3 = true;
extraPackages = with pkgs; lib.mkIf (!cfg.lite) [
ccls
extraPackages = with pkgs; [
rnix-lsp
universal-ctags
]
++ lib.optionals (!cfg.lite) [
gopls
nodejs
nodePackages.bash-language-server
nodePackages.dockerfile-language-server-nodejs
nodePackages.svelte-language-server
nodePackages.typescript
nodePackages.typescript-language-server
nodePackages.vim-language-server
nodePackages.vue-language-server
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
python39Packages.python-lsp-server
python3Full
solargraph
rnix-lsp
rust-analyzer
terraform-ls
universal-ctags
];
]
;
plugins = with pkgs.vimPlugins; [
]
++ lib.optionals (!cfg.lite) [
nvim-cmp
cmp-nvim-lsp
cmp_luasnip

1
modules/terminal-life/nvim/init.vim
View file

@ -13,6 +13,7 @@ set expandtab
set shiftwidth=2
set number
set relativenumber
set mouse=
set undolevels=1000
set undoreload=10000

3
modules/terminal-life/nvim/lsp.vim
View file

@ -73,8 +73,7 @@ lua <<EOF
end
-- Add additional capabilities supported by nvim-cmp
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities)
local capabilities = require('cmp_nvim_lsp').default_capabilities()
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
capabilities.textDocument.completion.completionItem.snippetSupport = true

10
modules/user/default.nix
View file

@ -41,6 +41,16 @@ in
type = types.nullOr types.str;
default = null;
};
latitude = mkOption {
description = "Latitude";
type = types.nullOr types.str;
default = null;
};
longitude = mkOption {
description = "Longitude";
type = types.nullOr types.str;
default = null;
};
};
};
}

2
modules/virtualisation/default.nix
View file

@ -18,6 +18,8 @@ in
"iommu=pt"
];
virtualisation.spiceUSBRedirection.enable = true;
virtualisation.libvirtd = {
enable = true;
qemu.ovmf.enable = true;

12
profiles/cachix/default.nix
View file

@ -1,11 +1,13 @@
{ pkgs, lib, ... }:
let
{
pkgs,
lib,
...
}: let
folder = ./.;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix";
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in
{
in {
inherit imports;
nix.binaryCaches = [ "https://cache.nixos.org/" ];
nix.settings.substituters = ["https://cache.nixos.org/"];
}

6
profiles/cachix/nix-community.nix
View file

@ -1,9 +1,9 @@
{
nix = {
binaryCaches = [
nix.settings = {
substituters = [
"https://nix-community.cachix.org"
];
binaryCachePublicKeys = [
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};

6
profiles/cachix/nrdxp.nix
View file

@ -1,9 +1,9 @@
{
nix = {
binaryCaches = [
nix.settings = {
substituters = [
"https://nrdxp.cachix.org"
];
binaryCachePublicKeys = [
trusted-public-keys = [
"nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4="
];
};

21
profiles/daw/default.nix Normal file
View file

@ -0,0 +1,21 @@
{ self, config, home-manager, lib, pkgs, inputs, ... }:
let
psCfg = config.pub-solar;
in
{
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
imports = [ ../cachix ];
config = {
pub-solar.audio.enable = lib.mkForce true;
musnix.enable = true;
environment.systemPackages = with pkgs; [
ardour
helm
];
services.pipewire.jack.enable = true;
};
}

8
profiles/gaming/default.nix
View file

@ -1,9 +1,5 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.gaming.enable = true;
pub-solar.docker.enable = true;
pub-solar.docker.enable = true;
pub-solar.docker.enable = true;
};
}

6
profiles/non-free/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
hardware.enableRedistributableFirmware = true;
}

7
profiles/server/default.nix Normal file
View file

@ -0,0 +1,7 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.server.enable = true;
hardware.ksm.enable = true;
}

6
profiles/virtualisation/default.nix Normal file
View file

@ -0,0 +1,6 @@
{ self, config, lib, pkgs, ... }:
let inherit (lib) fileContents;
in
{
pub-solar.virtualisation.enable = true;
}

35
profiles/work/default.nix Normal file
View file

@ -0,0 +1,35 @@
{ self, config, home-manager, lib, pkgs, inputs, ... }:
let
psCfg = config.pub-solar;
in
{
# Sets nrdxp.cachix.org binary cache which just speeds up some builds
imports = [ ../cachix ];
pub-solar.docker.enable = true;
pub-solar.nextcloud.enable = true;
pub-solar.social.enable = true;
pub-solar.office.enable = true;
systemd.enableUnifiedCgroupHierarchy = true;
environment.systemPackages = with pkgs; [
jetbrains.idea-community
minicom
openjdk11
putty
python39Full
python39Packages.pyyaml
remmina
slack
thunderbird
vscode
vscode-extensions.golang.go
vscode-extensions.ms-python.python
vscode-extensions.redhat.java
wireshark
teams
go_1_18
];
}

BIN
secrets/cube_drone_exec_runner_config.age Normal file
View file

Binary file not shown.

20
secrets/cube_nextcloud_admin_pass.age Normal file
View file

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw Lb3cUJx1ruB5F2snfYFnLyoefqBcW4DTokzXRXCeDEU
DrdiYlMciVJv4E7g3OC4oKSP4GUJGpSSD8OdtRI5Ie8
-> ssh-ed25519 YFSOsg TRLTf+SzNp6crC1/J2UPMjTkv1AC31BgC9tq/yReSHM
qoxXTpcTkIKFe4saj5L93IGW9VAh+g3S+JB+YGiyQPk
-> ssh-rsa 42S2Dw
m+3/ZseNUvXVKrlBwDyaYl8iPIw8jpiqwzyVfxov9gCOTxBOgysgtaxrxt/afDbl
baoPurJd3X3ybBIweLF5yA/7/hdVinm8mf5Lx6/CLeex3z/2mk0Q4HgL2Hr4Og0I
vyto/IlcUuELNEUSAR3yN2tioPr0UO4cQZ2BLS+33PHy1KVmkQkdFfKJnZ5rsZR+
idjxpgP1dCBrWQFX+xlpuBSQaQh1Myt1zOgFMxnn1TkfVlycVGZ+9n8WemJhwLsL
W8wME3yVXGst6+eBVJCC4TJn8C8HMM74y8UWn+cs3nEBLOxroNoiyzRxfxNKTjKT
z58U883ysiE1Ek+YUDifaQ
-> ssh-ed25519 iHV63A R3oijyljfqkwjOaYxvr9URPGoYkGp9UBAiD02Jkfnmk
Lp0TRJKQnmzqZQVZWOgKZ8lW4c6IIbzb1i3l2rMu0wY
-> ssh-ed25519 uTVbSg ie3Tms/F40dyce0h78X7Rz5UOL7OZTiCikZHFkx08C4
bE7/mDTbbYdZrblfeRBzPIUbIP+xk7Sbnhe6hr1QKjI
-> 11ptM-grease 3G5&ES {rbC;\ hvt^Bbt
H/uWAA3ZxrIp6DJdpq+GKvzPyUiFZJeZiZYhd0FjfHynYcCDAZX7sSg
--- qcN8XPWUDeupoo9UwYA0/1xtcwODav/m5jfD10pwk+E
|õˆÛïnëv?cg/4yp2j Í4'D[]˜$ô¾Çrô†V³;ÁF<ät¥ßaO4Ècœ¹"8"ÁÓ³yL¦låò"Ê€ëu[o T

20
secrets/cube_nextcloud_db_pass.age Normal file
View file

@ -0,0 +1,20 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw MVw8LNthB8QmaZkImEqh0WEJbMOpHbyxJDMSy2EHPg8
SCMM/6XKd/vxgdax905gBlmJoLSy4gzXye90qolLbvA
-> ssh-ed25519 YFSOsg 9PWhN9+Fu6271HD1xxf05y8R0tvkNJh2YPQDFwql1UI
lEde6zjTg3JlxmJDL1YPY6qJcvnweN9yShOFtqSi68M
-> ssh-rsa 42S2Dw
rJFYtgtLCfDKxJ+/be9SQyqH9djIcHtTv5Xz539ip02V8if8GytrN/1BjB5MuKEz
UwyQevUmd0ulXD9C5Tq+S+6XQDxb/ZvYBmVLb7X5vMDyLejSM2G8Fm3GBgoVNSby
29O3TYBxiYQZ2LIteHjG2a02AS70EY4A9uBCqewIL14aSkpsV3NQszZOIaz8IkiA
i+dfzSqUvinru05px902axtlCbPBzLe7OYsDrMnY+tX9QAofRRyoC+iTzJ/m3llO
7PiqyBULHFkmO61+HLuswYa0JZmdK01BgRwStQWUF/qvmyKmGodQMrZQeH1xhzaQ
GjAGfFdh4qqyjOnroiubWg
-> ssh-ed25519 iHV63A 41ScxFCeSMjWHjDJUSj67ds1z9ZNPBzEAmEYN4731Do
Z0492PapySyaR55QieONJ5shfEYZ18BXDxJjbg1YDpc
-> ssh-ed25519 uTVbSg MAMpK9Taay/HTdwetp+KulK2H5l/2VHUagmAp6J4Yxk
HVIj+fQz4Do3igFV0Io608pAhJYiKbkPBzGGfCDdZBA
-> T(Zcs<^-grease
aWEKrfAoGHq1M6KlBEMTHkyoN3eyQ7Q
--- jYM2HW6lhvyad0W7tly1RQ5CTzaqoxhyUZXAwky7lmc
oãp§îwvËÉœN^ŸŽIµ+rû3 <14>ä˜ê±ES„²ì0Ê4ðJ—a<¡{gú£ Û

22
secrets/cube_restic_repository_password.age Normal file
View file

@ -0,0 +1,22 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw fUCzt+HSlnbvcpt70692+TpoX+eVJiuAKuBBOVGDlAU
lt/jtC5XLRNXJ/SG3fkqSF3sfL6wKz4x+YmdXf5LPbk
-> ssh-ed25519 YFSOsg 9zVMrXIpIfvBbSG4rlVIIIqBQeB24EI+CcAXWA5IXjk
4kZ+vD6vp2SikzhwmOtZjCz+AMuCZMvbAXTnhZmk5Mw
-> ssh-rsa 42S2Dw
pPLgaBmvbDZEp7vwHKf+RlIZ1mthJ5uT1nIDIvRiMx51PX2nFcR9ynRVWVB3DFSr
GujDJ3WCvf3qUg/E35EaEHiJaG8Ey8yWBmswj2O7FOtnM9Gq3BbbedHDLcWEcT+T
9K12UvXQfM/Gki2CxIO8umpV4OHMXkRn/jsn+p/V7pfiVZoEaBa6UHWAhBm0fZjV
B9yR4MjjuOQJYzemowwa6ZdFLxxUfudCAJBkn785hu3vbMVDPQpdd7XzXXFM/Ewk
pIanTQ+DH58DrMOEy0v8PMvoNtG5QFAtl6AizEZtJmH9+a3HLcPOhXO9BSQBFdu4
Zv1cX4JvCrTOF+iopufJpg
-> ssh-ed25519 iHV63A z9+KV9tDTwZW9MAmvlMYPZMQFfZJxR3JhxHpXmfWhyU
OxlOMSKY5L/j/91FJmxoBMDHhD/jDiI5sdmpv+zZ0ZQ
-> ssh-ed25519 uTVbSg HOHFEOuv/AjJGSmI5uaIXk+5y2FzM3UmiPbvOZByO38
zf2RI2U4Q0djP3wwpiRAe0bpr5LQwFkjxV2n4cFwgeI
-> Xw\=9[g(-grease &J6]O2WG
wCODexJaCztNZwXvcpZkodVUh3LWIk50eacTlWmwt47TuBaRqV3DIdxw4h7VwsOk
8Ax3o91+Fxpq1ys4QCJfECDaVhgadTqRWIfoq5KNmgUVFhRB3H2L0et7tp+S
--- xEJ2HSGLdcewY/QpuHVBdUdzvbH4NnOq6X4hnefQEEA
ƒE_Ê27݉ùnÎWT¢Ô½"žøœ±ES÷Œ$UQýÃl¹œ§\ âÌDr6•…â¾´ ƒ­
ð5ÒÞ š´Oz¥Ô6èqDÆõÀm<E2809A>

BIN
secrets/cube_restic_ssh_private_key.age Normal file
View file

Binary file not shown.

22
secrets/email_gssws_password.age Normal file
View file

@ -0,0 +1,22 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw WDCX18hqP4zehe/bGEd6jHdDl6uzi19n0J/0MxBDaAA
lXVuZ0drWG+u8CyOIXMULCdA6Oy0MVPUn5I2rLYCxBQ
-> ssh-ed25519 YFSOsg C+pqppRNeZ/0Vra9fgDaVUVnJAXhQhAgg8fBrd2tSFA
sW/dYGPpBzVwqyNR2vuBWbBeV+MleR02qyBXsyR9zoM
-> ssh-rsa 42S2Dw
pCsCOOp0pQoNlTIF5ZSk/mOXpno9jHzQIXsEbj+ES42x+fdoNeF8Mrm5mO30umen
XL3oTgrZ9Y7xkfuu2Pc5JE4kPP6/s47BRaUNcBVvBVcvlJFDCgDkjwQPLJ4Zc0YY
PNlefyG+XwXL7W46aHERtfoqteC0XBzz/N8P+RFMj6Sjc3kQnpoQwOSyMDhsFeK+
bwInKk+iCpPFpmSNxVl2Prl9RNvgP1eXxFApT0Q3kwAbW0MEtovHvkg2bWDtvG6L
UcFIR2S8VbvUGQ0GExQu4MP7pDOSeIWyEc+nhvZpYwwqpYUE5yfnZw1j+75i5EJt
iehvv8NREK94wAihHsfBBQ
-> ssh-ed25519 iHV63A QR5ZdM9A+aqoyhlrVUjQ3+4tJIz4j7hdBxgT94rPpCI
NTnTLh3yrOag5l8JMG1HLgJgDJtQ5GGfiNAUtrNwfjU
-> ssh-ed25519 VApqug 5I3aO1h548np4ck6bFsTSYy2gkBLjm71JzPq2f3q9Aw
4AN//16M8J3SYtX8qkB68dAx8T08oeJwRr/lF7ZAYWE
-> ssh-ed25519 NhniTw nt44tSNaFi1I6lKn1OIUlSg+6kFjFL17WbYTA0J5ESw
GSeyR0Im2QeS5WhYmfKcLU5XKq7v2o5N9uJ/2RUAUs8
-> Kf!HHt[Z-grease ;+D
C7JIgwSgL2zo0CeR+nF0j69w9oOhtZZu0jQ
--- PEFAclabwmjx2Faeuk8WkdRu/AdwGqORwTqDPVsCpdo
¤<EFBFBD>Äߨ{îÿçÓ£ÇØß[lÁÍ»6çÕ7¿¿ñì÷½hÚäà¦÷.ç×Íyss€¦BñkpbÃ

21
secrets/home_controller_companion_wireguard_key.age Normal file
View file

@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw o4N8NmW8LiDRYhFe/FAjOhNVBrIfR0b/CFdGQsxVtWM
hCLU6rlPPOwIXUEo3XczTLOEOSpzhi8CmUUilpgZjgk
-> ssh-ed25519 YFSOsg m1QEvo5sxpXKiz1mqU8vSqOkizROkwDOWTqy/nAbyGA
Je9eJsT4cgyCE/orOfClUSzorzXwQIm1fQWwd5FczWw
-> ssh-rsa 42S2Dw
aznDLPbJy/sfJHsYLt2bt7wzwPEn2NdYDsdxVzOqmZJL/3wVvjHUTaioaIsZBqaf
/HWZYBgMPRIQHXjtGJTQXLFpM2TjEwzJqkIHMJoVq099YWHq/JvZeU+h/d7rXiXC
3I0NSAikvBXa1+X1WPKQrvRBsqhiwnDGUDWXauTzSDu4FHLgAxGU+47xEp1EuJDJ
YdXXMOqFvrN9iokaGlRlOprhVCver2YMDqGSUekbEifJDpyGmCqYOygh9qltLDfd
QQjAIV8E+jYrvG168hMQQzoE8oZRMv7UYATmJ8bdTP244owoeEhiW+g43XWYduv6
QKIJPlwASiGalUZPsIPoEA
-> ssh-ed25519 iHV63A 4RSm0/OwowRHTa0W2Gfbq9LTI4d0gM8macNk3Gntv0g
sN82+hCyatAWEckguYGN0TxvSYDqP5cnY46s9z5JLvY
-> ssh-ed25519 t1M4HQ YILk5vPHK6++f9QB3dGMSWoai1b8pBWG/lIC+g2hK3Y
A874dqyb8aTqyIQ54J4MaQYf/psIS4Ixcp23iwA5wwY
-> tV2gFP~-grease :{( C-v' cM2 Or?|@#I~
nhLrAX8v3J/6846qoFDyKf6mUc+qWAmNXOYgu7DnDi9VtBsmDYhhmhzPF6k90YFG
sJKoy1BEcOaLcy8UNGNTnmkQ0qI5Ig6CgPu8ohA1vKYMfTpfsl6nayU
--- ngrcCLqZmP/lqvIuBYgisjkHHjWmrUjApvZMjbLTB/I
Q`•<wRâeè-ûÙ·)‰t<E280B0>ìúß˸pµC½Ø¼)÷é+À¢én2½ÓŒf13"SV°Iz@Â%n×&Òj©‡¸‰[Ò«­V×.E

24
secrets/home_controller_cox_wireguard_key.age Normal file
View file

@ -0,0 +1,24 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw gZfQvV9HCdO9j5zpwMA5Yl6l6D0YMflyzmZ0v7f34Uo
Cnr79ukKmOLh9ZRY7QknE5fvpXg4ud/fQL5C2b0x2Iw
-> ssh-ed25519 YFSOsg C/OJOHpk3+ErUt06r8qmgaHJBU5NT8cFplFL4+9rNzU
n4VhOfN06R9hN6+9/Y/ewAN++BbZRSJMQHjifXR++M8
-> ssh-rsa 42S2Dw
JBbRTa+oX87YqJlH2+cZdaw/WMajk2HDa9kZ5z1dkbdcVrZrTyIYrnUuMjIQ4nmB
JT9J6gV/y4FL0bN9d2uzNg45NGg3ZDkeCYsCT+N3tQXEReFUWk77cZifxDtnNUCL
8Z+wcys9AZhFfL8+4a2R0sris76WMxUy5CHVay11U7bsh6P1uAcjtXqSPpdezKd9
gIZ7GVE/nFEwnT/G0rROH3tiGON2J3LrjbVdUn/Lu4n7YDMRDZFBhLsDw9ULdTu3
lNBsx/vzCkZnkbDGJl8N7X5hBEe2ww+GvvfvHJwwABpD7rgC0MQxPDM5IBEVsufH
/CSrkWpJcUzEJMNdUBinzg
-> ssh-ed25519 iHV63A Aape0gDjnscqXIPeBoZbHsb5GEwm2MkWBOwkErZfRUU
/mHovPO5uRwfPKBFuW0P2UT/Zi2idvHwI9ukJ1Hb8m4
-> ssh-ed25519 w1vtTQ Qp0fg5wN0709/99WttXspmctRkdVANA039oeyc1qB34
mXy/qVJJhysMZxzoROp53nnryegjs6/tzRWCV2QtzUA
-> Gxy]y/-grease 6
AUBVuO3rqf/dwC84Ns7x2Ce4CgUcw5Rm6MHK+KsKtSndt7CbfQiyfqvYKRvcEfmc
BHJf3LCEgw0eBb4/nzlzT4lmIrjYAXBUbw0K+7E94jxMkNhWmjRto9gpYMBzqbdw
6aQ
--- gtgGRISbHrAdJT4edKyToERGIPZ9CR6Md+9KeRx386o
øú†[ÏFž;±e\jQ—ÊBZŸù¥[ð|º/²±ìÅËeå7õ.1¨'ús<ú§“ßâ7ùXK
+c
Ðט€ã,íݱ

21
secrets/home_controller_cube_wireguard_key.age Normal file
View file

@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw H9fC9B01yBIuK4kuLCR+T+PNPXr9GHyft8mZCnPDkTY
814T5tV6Y2fK2dgr66nCive8TFykciQfNmWAPEq7AjA
-> ssh-ed25519 YFSOsg JtumpQSIC4q9Os3pu5E8yKygzPveW7a28Ec0mnoTQw4
Sidzfymq9mkA/vbwHFbfz7vprlTjOQGywQULyz4FJiE
-> ssh-rsa 42S2Dw
uhfQ06sREfsIph1DPBlwV0x5uVq8+qsaZMGwoJgx5y5JEPOkW4OVHqJeVRLswvLP
JAqNypMaJ99ZQAlTWWVZPP3fLT7xqT71MpwyMWerQ9aHs0TdmDT4Uflv8MXj70j0
0m8HySMzBuWOIZJT2nTipcfrpsZSJJ852ATtPMWSxkd86FHwwKRfAobrWxgq7y3S
y4Mg+hHbLpyiHwJkgKFDj9zqbxxMxEuizE9e3xeAGCkOuUI15SdT6clzeEk79KjN
LA0AAukjogRX11OduAP/F/xUlYK+R3qPV6RC4DjdWv8jkyul3/VvHVUXTKQXh6dH
s2GVRWrewkvkVx1FGr9kFg
-> ssh-ed25519 iHV63A jJ0elkHdU2Si46g6NvwlQT2HSv5X04ETvppVS0KXg04
uf701nEPCV+h3R5tZKJVUPoSnZ0Q9G9YvbRbT1JaC58
-> ssh-ed25519 uTVbSg gZsQ/qVZfcBh2TjfjYr5x2derahCkp10NbcYEOu/lA8
TKx+3ZZuYOI9x2WeYxlkc1eg4NB/t096Yfn/L6y+v/8
-> u36Zx2-grease EcPV lR? 5*n
jweUnWSlMzAJ9zos5dI4rA5EVzJe3haX0JtORFEQnbG088O8iRZG/s/V8G8KZmO1
5LJnnPjvNA
--- lt548aI1VX+cDd5wQYt8PPpSDSlpKhWyiPjsMlAiyeU
÷nQåžès…¶1Ž¦¼8ç<%Þ<>Hw½·ýÄå‰Ò´Êùc}FÇ<46> Ÿ¥—<C2A5>È&;\F*ªl¿EëüÖKC«ÿ(/éqx'\ƒ£ÑÙ‡º

BIN
secrets/home_controller_giggles_wireguard_key.age Normal file
View file

Binary file not shown.

31
secrets/home_controller_k3s_server_token.age Normal file
View file

@ -0,0 +1,31 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw W/U4+IyFlvgdGjYz8VLl3zNHd5F080l6huk1vZ10zDY
WHSK6Ed61as8uxaQXjgmvXaLfP7Q+fPd4WO3VybOMl8
-> ssh-ed25519 YFSOsg ESWB9/RDuP9fxx/TS3lZsW96hDM2LA8p+zzoTXqV6yM
pOeo9uWK7tbIUn5W+TyXWDc/+sTpb/EWZiyNVg6OH2k
-> ssh-rsa 42S2Dw
blHbM168vNPv/y30ZlWVdAS3emVBPjisH9K62g2LAu2Wf3Pva7Q43LRFMRVfjSt5
SxlIIoYzjKRuRIT+7Xn6Cj3SP1GqWxHeQKN1X+FrDGTjIewpKMS2oBCHaZMxB3IZ
4XduldZ6GU6RYrmtXwMsP81zbXB2QV2GXpk7NM4pbM4M/hlqKN6HbQ5J4kJMTXCY
ywUY5/C7CqqwrcngHiLVNDiKSX3xdO/feIAnM3XXOoxpVGTFTAZYz2IQzuL/7qW6
Igv+S1oRqs/QB9JdmMEh14uhbYQQzKAwtAT2POXr9H3tXM9dGQXsW8ZCPsuYGV4u
wmvcaQp/qjIVVh+QGhfNOA
-> ssh-ed25519 iHV63A 9ZEIlu9uekDrcAnyMHepTbERFib9pcuRilydeLH8vAo
6+B75hZz7XKUz3mkXTdbjkQgBTTja0GAfQ7Dr9Wi1gA
-> ssh-ed25519 AsPNJg CC5Iz+4FZoy+WRLMV0ocXjr1ppJC8gGEMo+/bb/3ySE
3LO4l2J9ZL0KuDyrhWSJu3xPiJ5BGe+osMsNfzah4Ko
-> ssh-ed25519 w1vtTQ rJJerqmPOJJ982+jgYYH9fA4Tp+ii2IVS++6MSmNC1U
MNFfkKH6PFcyql16QSYRQHzCSR3ya9kBEL4+tIwfhJE
-> ssh-ed25519 t1M4HQ Cmkge+A7A1bVQ3noE2i7cm+dq19eMQt2XJEviXhsu0k
xarfNuUkjPT52Ev6LS4RrJ2vcfI/Zd4X7ZJ0G8Rzjy8
-> ssh-ed25519 uTVbSg v+xMMQuAekrQv+9nzsco/2PWMairB7fXOKPl+AkxBlU
NFNtRbnWREPxMOrj4llQxRqAbaN5zEyim1754HGzRuE
-> ssh-ed25519 4eCLig Rg6JepI6x04zPpMRft39u8X+BNtWmZiImXVjJJK7CBE
btxuxcWpO8Lppo3mq5UZyJHSoTeiTieuKYfkqiAWSMw
-> qj]-grease V'P>/]u
m0/WOWcbS8nFbfWjFuMMB0UAvVTc8gZ/A2/bNTHcq8ei79xVVkgYL5qAEkj8GOJK
s0uoBBlmeHmEHImkXtJ/0k7uNCZnkg
--- ae6LeiygI+l2U4vOKEYfeul1sTxsaJlKnC4CpYjRt+w
š*ª$ ÝÐ
O
Ä^;­{rFXÌÊ?‰7g%‡&oú¼úÞUƒÉŽ·ê[Z6û<36>´wS<77> .¼Ö®hÜ\hÆ+êÖ“<C396>Q“‡6ú¥L¦Ÿ<C2A6>q>¸‰<v *üŸ—ô[} ¢„¦…û}tw“%·bTŽÑž<C391>ªYê ÅÒ”Žƒ*`BwÚË_è0òm÷

22
secrets/home_controller_ringo_wireguard_key.age Normal file
View file

@ -0,0 +1,22 @@
age-encryption.org/v1
-> ssh-ed25519 hPyiJw pRuaBofxSRqaNVQOwKyO4yGWsoyhKreIVgGOZMorOG4
I7Xc/48WFrUKVsYQaP4/8Imes8MotqSmKaZj4DDvpMo
-> ssh-ed25519 YFSOsg RnMS27pPBXQWcPtyg+qb4tzNpRZuYSMIzFpPtexuhmU
t2CT19SBljt/72YxV+T6BLr/ce3Q3FicONrFc+uYKDo
-> ssh-rsa 42S2Dw
VsXOqxopV5hIGlc2RGLjL5daOsGi//gPUXs8kIBBJhEn/LLW4kTJyF8XCY8N6rF6
Pv3aNkUbWqExMYr4pSckvbBs0GJgapnXXllLv50trnoU/Ep+ivA6gbzQQBdRnJ16
4+oeMoK7Tvc4IObdfBHj2ycAVLVJg6s1Udk5e7cqm4OmKoi8LKM0K8ORZQFqyGdD
A268NUcYYyaisrCJB5fU1u9IXrCeKyQP/PLnx/DyDmPQnvF21vN36qX6yf7NcMYW
Wl/f61ccjyowmw38DJJl2RLJm0O/OBX86OL4rGwv6FiBMWCQq72mJkXT5jT5/517
W6F9XdVTY3CkA2+DA+/fPA
-> ssh-ed25519 iHV63A x4Ol6Sqm06NdBqoKERzPxxURtaj7pFH3rG82vjFk0zk
PGHXbBhvL0uzJ0g1fempdHOJC5FVqAIGGKAsTh10IE0
-> ssh-ed25519 4eCLig /mQ3Xbw2zGk17ERcBXDvoycf+b5n9FkSfK13Wpwl1is
tVqCcGQCe97l8DBKndoxgMXpYpzXfvUMzE+boQIKUYI
-> xKFa^,u-grease i*A1
rmaXwdKXLzmP502X/6lZN8Mwb4slzuQB7VtaGwiJDy2wjJWchXhnvMa+PsR33RFz
AOPcTU+HnLBz
--- +1UaVKEG/xwItB9tXG2sxxV3nl/jAJzHJE6M26nKgEc
4ƒ{çÝ-²ÀíHøµ‹<07>§a4 A6ü@2B£‡S_Ρ;4(ì €æX éh`Õ²ö
±Êä0<ÈIcK-2nù­ã_£ÀDô

41
secrets/secrets.nix
View file

@ -1,9 +1,42 @@
let
# set ssh public keys here for your system and user
system = "";
user = "";
allKeys = [ system user ];
user_hensoko_nitrokey_1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135";
user_hensoko_harrison = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison";
user_hensoko_norman_1 = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+euxPp6bHXw61UeUqTGHH8Ub2L+Sy1iteupv/AGudgoVNp2GebqJy1cxQ74mgnL8eWMlaA9jZlKQ1xFFhgtolCsoAKTE9AE8X0egvmEM18fEUR3EWWchmX4MXUhUiOtwitkl4+EpSsp5rh/kIxcpQFz1dpBibroq6jDLKlrVou+2LppR8nMfFT2sqg3694Ltxz4CWMdAfitLax05ckKMAnzz+TgpXK5OyfQSBvl18Qu1SWITYa6AVNXQ7/ovWBDIUfg25GWouzWqkSUpLdCVIcXPe2X7g6X1QsHXnnhaMAhvYH54GZ4wU2kBwIJ6KvplfZdbJ09KAltPVt08evafb hendriksokolowski@hsokolowski-pc";
user_hensoko_norman_2 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work";
system_giggles = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOLyNmSzxVpVQtTWhkH48e03nFDdskE08N4L81MZcLZ root@nixos";
system_cox = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFNr7q7eAkROtdvTmw96Q5tZu9W4jt31OCjc6L8uM5Uv root@nixos";
system_companion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINjIyVeAPsIpUTsB5bPEjmJeRFN8Xp3PD9a/41yPp3HM root@nixos";
system_cube = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5ok5tIuDKYpIw3KVmUnqBSDJ1QriWQJ04IVLF1Kaig root@nixos";
system_ringo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5g8CfSiMxboEJT2U92JoYdnv0nsArBPW/vfTEsUWZO root@nixos";
system_harrison = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMGsY9APkK11hlcqKXER+iqaJZ/x5HNacQ8FXfLe2SA4 root@nixos";
system_norman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFePAtdXP/4J0UdChfRC78Tj/yBZaUNTNnbwXe9HJx6 root@nixos";
users = [ user_hensoko_nitrokey_1 user_hensoko_harrison user_hensoko_norman_1 user_hensoko_norman_2 ];
systems_email_accounts = [ system_harrison system_norman ];
systems_home_controller = [ system_giggles system_cox system_companion system_cube system_ringo ];
allKeys = users ++ systems_home_controller;
in
{
"secret.age".publicKeys = allKeys;
"email_gssws_password.age".publicKeys = users ++ systems_email_accounts;
"home_controller_giggles_wireguard_key.age".publicKeys = users ++ [ system_giggles ];
"home_controller_cox_wireguard_key.age".publicKeys = users ++ [ system_cox ];
"home_controller_companion_wireguard_key.age".publicKeys = users ++ [ system_companion ];
"home_controller_cube_wireguard_key.age".publicKeys = users ++ [ system_cube ];
"cube_nextcloud_admin_pass.age".publicKeys = users ++ [ system_cube ];
"cube_nextcloud_db_pass.age".publicKeys = users ++ [ system_cube ];
"cube_restic_ssh_private_key.age".publicKeys = users ++ [ system_cube ];
"cube_restic_repository_password.age".publicKeys = users ++ [ system_cube ];
"cube_drone_exec_runner_config.age".publicKeys = users ++ [ system_cube ];
"home_controller_ringo_wireguard_key.age".publicKeys = users ++ [ system_ringo ];
"home_controller_k3s_server_token.age".publicKeys = users ++ systems_home_controller;
}

3
users/hensoko/.config/sway/config.d/input-language.conf Normal file
View file

@ -0,0 +1,3 @@
input * {
xkb_layout us(intl)
}

Some files were not shown because too many files have changed in this diff Show more