b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: b12f:50c182d827446e54a6bbad20ac00675c2ba02ceb
Branches Tags
b12f:main
b12f:feat/authelia
b12f:feat/email
b12f:b12f
..
compare: b12f:d67d75eda33f720de6bb8491a9c9f9cf034d0daa
Branches Tags
b12f:main
b12f:feat/authelia
b12f:feat/email
b12f:b12f

No commits in common. "50c182d827446e54a6bbad20ac00675c2ba02ceb" and "d67d75eda33f720de6bb8491a9c9f9cf034d0daa" have entirely different histories.
50c182d827 ... d67d75eda3

74 changed files with 1302 additions and 1584 deletions
Show stats Expand all files Collapse all files

7
.editorconfig
View file

@ -6,8 +6,7 @@ end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
indent_style = space
indent_size = 2
indent_style = tab
# Ignore diffs/patches
[*.{diff,patch}]
@ -20,8 +19,8 @@ indent_style = unset
indent_size = unset
[{.*,secrets}/**]
end_of_line = false
insert_final_newline = false
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
charset = unset
indent_style = unset

9
flake.nix
View file

@ -65,13 +65,7 @@
./overlays
];
perSystem = args @ {
system,
pkgs,
lib,
config,
...
}: {
perSystem = args@{ system, pkgs, lib, config, ... }: {
_module.args = {
inherit inputs;
pkgs = import inputs.nixpkgs {
@ -109,6 +103,7 @@
terraform-backend-git
deno
denols
];
shellHook = ''

6
hosts/default.nix
View file

@ -1,9 +1,5 @@
{ withSystem, self, inputs, ...}:
{
withSystem,
self,
inputs,
...
}: {
flake = {
nixosConfigurations = {
stroopwafel = self.nixos-flake.lib.mkLinuxSystem {

40
hosts/droppie/hardware-configuration.nix
View file

@ -1,15 +1,11 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ];
@ -25,41 +21,41 @@
"cryptdata".device = "/dev/sda1";
};
fileSystems."/" = {
device = "none";
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fsType = "ext4";
neededForBoot = true;
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fsType = "ext4";
neededForBoot = true;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16";
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/991E-79C1";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/991E-79C1";
fsType = "vfat";
neededForBoot = true;
};
fileSystems."/data" = {
device = "/dev/disk/by-uuid/5fc34ef4-207b-45fb-b846-dbb01080d9fe";
fileSystems."/data" =
{ device = "/dev/disk/by-uuid/5fc34ef4-207b-45fb-b846-dbb01080d9fe";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769";}
swapDevices =
[ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

7
hosts/droppie/networking.nix
View file

@ -10,12 +10,7 @@
networking.interfaces.enp2s0f1.useDHCP = true;
networking.interfaces.enp2s0f0 = {
ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3::";
prefixLength = 64;
}
];
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ];
};
# Allow pub.solar restic backups

1
hosts/frikandel/configuration.nix
View file

@ -9,6 +9,7 @@ with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

4
hosts/frikandel/email.nix
View file

@ -69,9 +69,7 @@ in {
"mta-sts.${hzDomain}" = {};
};
services.nginx.virtualHosts = builtins.foldl' (hosts: hostName:
hosts
// {
services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // {
"mta-sts.${hostName}" = {
forceSSL = true;
useACMEHost = "mta-sts.${hostName}";

19
hosts/frikandel/hardware-configuration.nix
View file

@ -1,13 +1,8 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
@ -24,18 +19,18 @@
};
};
fileSystems."/" = {
device = "zroot/root";
fileSystems."/" =
{ device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/684A-5884";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/684A-5884";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389";}
swapDevices =
[ { device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

14
hosts/frikandel/networking.nix
View file

@ -17,18 +17,8 @@
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
networking.useDHCP = false;
networking.interfaces.enp1s0 = {
ipv4.addresses = [
{
address = "128.140.109.213";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "2a01:4f8:c2c:b60::";
prefixLength = 64;
}
];
ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
};
networking.defaultGateway = {
address = "172.31.1.1";

1
hosts/frikandel/unbound.nix
View file

@ -133,4 +133,5 @@
};
};
};
}

21
hosts/frikandel/wireguard.nix
View file

@ -4,8 +4,7 @@
pkgs,
lib,
...
}:
with lib; {
}: with lib; {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.wg-private.forwarding" = 1;
@ -58,8 +57,7 @@ with lib; {
];
privateKeyFile = config.age.secrets.wg-private-key.path;
peers = [
{
# pie
{ # pie
publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
allowedIPs = [
"10.13.12.2/32"
@ -68,8 +66,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# droppie
{ # droppie
publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw=";
allowedIPs = [
"10.13.12.3/32"
@ -78,8 +75,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# chocolatebar
{ # chocolatebar
publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A=";
allowedIPs = [
"10.13.12.5/32"
@ -88,8 +84,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# biolimo
{ # biolimo
publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc=";
allowedIPs = [
"10.13.12.6/32"
@ -98,8 +93,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# stroopwafel
{ # stroopwafel
publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU=";
allowedIPs = [
"10.13.12.8/32"
@ -108,8 +102,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# fp3
{ # fp3
publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI=";
allowedIPs = [
"10.13.12.9/32"

6
hosts/maoam/default.nix
View file

@ -1,8 +1,4 @@
{
flake,
pkgs,
...
}: {
{ flake, pkgs, ... }: {
imports = [
./configuration.nix
./hardware-configuration.nix

6
hosts/maoam/hardware-configuration.nix
View file

@ -1,10 +1,6 @@
# NOTE: this file was generated by the Mobile NixOS installer.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004";

5
hosts/pie/authelia.nix
View file

@ -93,10 +93,7 @@ in {
storage.local.path = "/var/lib/authelia-b12f/db.sqlite3";
access_control.default_policy = "two_factor";
session.cookies = [
{
domain = "b12f.io";
authelia_url = "https://auth.b12f.io";
}
{ domain = "b12f.io"; authelia_url = "https://auth.b12f.io"; }
];
notifier.smtp = {
host = "mail.b12f.io";

5
hosts/pie/dhcpd.nix
View file

@ -1,8 +1,5 @@
{ pkgs, adblock-unbound, ... }:
{
pkgs,
adblock-unbound,
...
}: {
networking.firewall.allowedUDPPorts = [ 67 547 ];
networking.firewall.extraInputRules = ''
ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server"

21
hosts/pie/hardware-configuration.nix
View file

@ -1,13 +1,9 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
@ -25,20 +21,21 @@
};
};
fileSystems."/" = {
device = "zroot/root";
fileSystems."/" =
{ device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0D5D-B809";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0D5D-B809";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9";}
swapDevices =
[ { device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9"; }
];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

15
hosts/pie/networking.nix
View file

@ -15,20 +15,11 @@
networking.interfaces.enabcm6e4ei0 = {
ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 32;
}
{ address = "192.168.178.2"; prefixLength = 32; }
];
ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:2::";
prefixLength = 128;
}
{
address = "fe80:b12f:acab:1312:acab:2::";
prefixLength = 128;
}
{ address = "2a02:908:5b1:e3c0:2::"; prefixLength = 128; }
{ address = "fe80:b12f:acab:1312:acab:2::"; prefixLength = 128; }
];
};

3
hosts/pie/paperless.nix
View file

@ -13,8 +13,7 @@ with lib; let
backupDir = "/var/lib/PaperlessBackup";
consumptionDir = "/var/lib/scandir";
scan2paperless = with pkgs;
writeShellScriptBin "scan2paperless" ''
scan2paperless = with pkgs; writeShellScriptBin "scan2paperless" ''
DEVICE=$1
NUM_PAGES=$2
NAME=$3

1
hosts/pie/unbound.nix
View file

@ -94,4 +94,5 @@
};
};
};
}

3
hosts/pie/wake-droppie.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.cron = {
enable = true;
systemCronJobs = [

36
hosts/stroopwafel/hardware-configuration.nix
View file

@ -1,15 +1,11 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
@ -22,37 +18,37 @@
allowDiscards = true;
};
fileSystems."/" = {
device = "none";
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EC82-67F4";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EC82-67F4";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9";
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9";
fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de";
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de";
fsType = "ext4";
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f";
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f";
fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true;
};
swapDevices = [
{device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470";}
swapDevices =
[ { device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

3
lib/add-local-hostname.nix
View file

@ -1,4 +1,5 @@
{lib}: hostnames: {
{ lib }:
hostnames: {
"127.0.0.1" = hostnames;
"::1" = hostnames;
}

6
lib/default.nix
View file

@ -1,8 +1,4 @@
{
lib,
inputs,
...
}: {
{ lib, inputs, ... }: {
# Configuration common to all Linux systems
flake = {
lib = let

13
lib/deploy.nix
View file

@ -4,10 +4,8 @@
*
* Licensed under the MIT license
*/
{
lib,
inputs,
}: let
{ lib, inputs }: let
getFqdn = c: let
net = c.config.networking;
fqdn =
@ -60,12 +58,7 @@ in {
inherit system;
overlays = [
inputs.deploy-rs.overlay # or deploy-rs.overlays.default
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = super.deploy-rs.lib;
};
})
(self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; }; })
];
};
in {

6
lib/recursive-merge.nix
View file

@ -1,4 +1,6 @@
{lib}: attrList: let
{ lib }:
attrList:
let
f = attrPath:
zipAttrsWith (
n: values:
@ -11,4 +13,4 @@
else last values
);
in
f [] attrList
f [] attrList;

3
modules/graphical/sway/config/config.d/mode_system.conf.nix
View file

@ -2,8 +2,7 @@
pkgs,
psCfg,
...
}:
with pkgs;
}: with pkgs;
''
# Set shut down, restart and locking features
''

119
modules/invoiceplane/default.nix
View file

@ -1,17 +1,14 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.invoiceplane;
eachSite = cfg.sites;
user = "invoiceplane";
webserver = config.services.${cfg.webserver};
invoiceplane-config = hostName: cfg:
pkgs.writeText "ipconfig.php" ''
invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" ''
IP_URL=http://${hostName}
ENABLE_DEBUG=false
DISABLE_SETUP=false
@ -19,11 +16,7 @@ with lib; let
DB_HOSTNAME=${cfg.database.host}
DB_USERNAME=${cfg.database.user}
# NOTE: file_get_contents adds newline at the end of returned string
DB_PASSWORD=${
if cfg.database.passwordFile == null
then ""
else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"
}
DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"}
DB_DATABASE=${cfg.database.name}
DB_PORT=${toString cfg.database.port}
SESS_EXPIRATION=864000
@ -35,13 +28,11 @@ with lib; let
REMOVE_INDEXPHP=true
'';
extraConfig = hostName: cfg:
pkgs.writeText "extraConfig.php" ''
extraConfig = hostName: cfg: pkgs.writeText "extraConfig.php" ''
${toString cfg.extraConfig}
'';
pkg = hostName: cfg:
pkgs.stdenv.mkDerivation rec {
pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}";
version = src.version;
src = pkgs.invoiceplane;
@ -73,12 +64,10 @@ with lib; let
'';
};
siteOpts = {
lib,
name,
...
}: {
siteOpts = { lib, name, ... }:
{
options = {
enable = mkEnableOption (lib.mdDoc "InvoicePlane web application");
stateDir = mkOption {
@ -197,6 +186,7 @@ with lib; let
};
cron = {
enable = mkOption {
type = types.bool;
default = false;
@ -212,10 +202,14 @@ with lib; let
type = types.str;
description = lib.mdDoc "Cron key taken from the administration page.";
};
};
};
};
in {
in
{
disabledModules = [
"services/web-apps/invoiceplane.nix"
];
@ -224,6 +218,7 @@ in {
options = {
services.invoiceplane = mkOption {
type = types.submodule {
options.sites = mkOption {
type = types.attrsOf (types.submodule siteOpts);
default = {};
@ -242,61 +237,53 @@ in {
default = {};
description = lib.mdDoc "InvoicePlane configuration.";
};
};
# implementation
config = mkIf (eachSite != {}) (mkMerge [
{
assertions = flatten (mapAttrsToList (hostName: cfg: [
{
assertion = cfg.database.createLocally -> cfg.database.user == user;
config = mkIf (eachSite != {}) (mkMerge [{
assertions = flatten (mapAttrsToList (hostName: cfg:
[{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
}
{
assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
}
{
assertion = cfg.cron.enable -> cfg.cron.key != null;
{ assertion = cfg.cron.enable -> cfg.cron.key != null;
message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
}
])
eachSite);
]) eachSite);
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers =
mapAttrsToList (
hostName: cfg: {
name = cfg.database.user;
ensureUsers = mapAttrsToList (hostName: cfg:
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
)
eachSite;
) eachSite;
};
services.phpfpm = {
phpPackage = pkgs.php81;
pools =
mapAttrs' (hostName: cfg: (
pools = mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-${hostName}" {
inherit user;
group = webserver.group;
settings =
{
settings = {
"listen.owner" = webserver.user;
"listen.group" = webserver.group;
} // cfg.poolConfig;
}
// cfg.poolConfig;
}
))
eachSite;
)) eachSite;
};
}
{
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
@ -307,19 +294,18 @@ in {
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
])
eachSite);
]) eachSite);
systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg: ''
script = concatStrings (mapAttrsToList (hostName: cfg:
''
mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi
'')
eachSite);
'') eachSite);
wantedBy = [ "multi-user.target" ];
};
@ -327,12 +313,13 @@ in {
group = webserver.group;
isSystemUser = true;
};
}
{
# Cron service implementation
systemd.timers =
mapAttrs' (hostName: cfg: (
systemd.timers = mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
wantedBy = [ "timers.target" ];
timerConfig = {
@ -341,8 +328,7 @@ in {
Unit = "invoiceplane-cron-${hostName}.service";
};
})
))
eachSite;
)) eachSite;
systemd.services =
mapAttrs' (hostName: cfg: (
@ -353,15 +339,14 @@ in {
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
};
})
))
eachSite;
)) eachSite;
}
(mkIf (cfg.webserver == "caddy") {
services.caddy = {
enable = true;
virtualHosts =
mapAttrs' (hostName: cfg: (
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" {
extraConfig = ''
root * ${pkg hostName cfg}
@ -369,16 +354,14 @@ in {
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
'';
}
))
eachSite;
)) eachSite;
};
})
(mkIf (cfg.webserver == "nginx") {
services.nginx = {
enable = true;
virtualHosts =
mapAttrs' (hostName: cfg: (
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "${hostName}" {
root = "${pkg hostName cfg}";
extraConfig = ''
@ -405,9 +388,9 @@ in {
};
};
}
))
eachSite;
)) eachSite;
};
})
]);
}

3
modules/nix/default.nix
View file

@ -5,8 +5,7 @@
flake,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"

5
modules/persistence/default.nix
View file

@ -1,8 +1,5 @@
{ lib, config, ... }:
{
lib,
config,
...
}: {
environment.persistence."/persist" = {
hideMounts = true;
directories = [

3
modules/portable/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.cron = {
enable = true;
systemCronJobs = [

10
modules/printing/default.nix
View file

@ -16,15 +16,11 @@
services.printing.listenAddresses = ["localhost:631"];
services.printing.defaultShared = lib.mkDefault false;
services.printing.drivers =
[
services.printing.drivers = [
pkgs.gutenprint
]
++ (
if (pkgs.system == "x86_64-linux")
] ++ (if (pkgs.system == "x86_64-linux")
then [ pkgs.cups-brother-hl3140cw ]
else []
);
else []);
# environment.persistence."/persist" = {
# directories = [

12
modules/terminal-life/default.nix
View file

@ -21,8 +21,7 @@ in {
config = {
programs.command-not-found.enable = false;
users.users."${psCfg.user.name}".packages = with pkgs;
[
users.users."${psCfg.user.name}".packages = with pkgs; [
asciinema
bat
blesh
@ -41,10 +40,7 @@ in {
screen
watson
jump
]
++ (
if cfg.full
then [
] ++ (if cfg.full then [
# Nix specific utilities
alejandra
manix
@ -52,9 +48,7 @@ in {
nix-tree
nix-inspect
nvd
]
else []
);
] else []);
home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;

3
modules/terminal-life/direnv/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
enable = true;
nix-direnv = {
enable = true;

3
modules/terminal-life/git/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
enable = true;
extraConfig = {

21
modules/terminal-life/nvim/default.nix
View file

@ -46,8 +46,7 @@ in {
# python3Full
];
plugins = with pkgs.vimPlugins;
[
plugins = with pkgs.vimPlugins; [
# The status bar in the bottom of the screen with the mode indication and file location
vim-airline
@ -97,10 +96,7 @@ in {
# Work with tags files
vim-gutentags
]
++ (
if cfg.full
then [
] ++ (if cfg.full then [
nvim-treesitter.withAllGrammars
# Dependencies for nvim-lspconfig
@ -118,9 +114,7 @@ in {
# JSON schemas
SchemaStore-nvim
]
else []
);
] else []);
extraConfig = builtins.concatStringsSep "\n" ([
''
@ -136,13 +130,8 @@ in {
(builtins.readFile ./clipboard.vim)
(builtins.readFile ./ui.vim)
(builtins.readFile ./filetypes.vim)
]
++ (
if cfg.full
then [
] ++ (if cfg.full then [
(builtins.readFile ./lsp.vim)
(builtins.readFile ./cmp.vim)
]
else []
));
] else []));
}

8
modules/terminal-life/nvim/plugins.vim
View file

@ -62,18 +62,13 @@ telescope.setup{
},
},
},
pickers = {
find_files = {
-- `hidden = true` will still show the inside of `.git/` as it's not `.gitignore`d.
find_command = { "rg", "--files", "--hidden", "--glob", "!**/.git/*" },
},
},
extensions = {
fzf = {
fuzzy = true, -- false will only do exact matching
override_generic_sorter = true, -- override the generic sorter
override_file_sorter = true, -- override the file sorter
case_mode = "smart_case", -- or "ignore_case" or "respect_case"
-- the default case_mode is "smart_case"
}
}
}
@ -85,7 +80,6 @@ vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
vim.keymap.set('n', '<leader>f/', builtin.live_grep, {})
vim.keymap.set('n', '<leader>f?', builtin.builtin, {})
vim.keymap.set('n', '<leader>fb', builtin.buffers, {})
vim.keymap.set('n', '<leader>fr', builtin.command_history, {})
vim.keymap.set('n', '<leader>fc', builtin.commands, {})
vim.keymap.set('n', '<leader>ft', builtin.treesitter, {})
EOF

8
modules/user/default.nix
View file

@ -82,12 +82,10 @@ in
then psCfg.user.password
else "";
openssh.authorizedKeys.keys =
flake.self.publicKeys
++ (
if psCfg.user.publicKeys != null
flake.self.publicKeys ++
(if psCfg.user.publicKeys != null
then psCfg.user.publicKeys
else []
);
else []);
};
};

3
modules/wireguard/ehex.nix
View file

@ -2,7 +2,8 @@
lib,
config,
...
}: let
}:
let
cfg = config.pub-solar.wireguard.ehex;
in {
options.pub-solar.wireguard.ehex = {

34
modules/wireguard/private.nix
View file

@ -3,7 +3,8 @@
config,
pkgs,
...
}: let
}:
let
cfg = config.pub-solar.wireguard.private;
in {
options.pub-solar.wireguard.private = {
@ -52,18 +53,11 @@ in {
mtu = 1300;
ips = cfg.ownIPs;
privateKeyFile = cfg.privateKeyFile;
postSetup =
""
+ (
if cfg.useDNS
then ''
postSetup = ""
+ (if cfg.useDNS then ''
printf "nameserver 10.13.12.7\nnameserver fd00:b12f:acab:1312:acab:7::" | resolvconf -a wg-private -m 0 -x
''
else ""
)
+ (
if cfg.fullTunnel
then ''
'' else "")
+ (if cfg.fullTunnel then ''
defaultRoute=$(${pkgs.iproute2}/bin/ip r | ${pkgs.gnugrep}/bin/grep "default via" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 " " $5 }')
ipv4=$(${pkgs.dnsutils}/bin/dig +short A vpn.b12f.io)
${pkgs.iproute2}/bin/ip route add $ipv4 metric 256 via $defaultRoute
@ -73,9 +67,7 @@ in {
ip -4 route replace default dev wg-private metric 512
ip -6 route delete default dev wg-private || true
ip -6 route replace default dev wg-private metric 512
''
else ""
);
'' else "");
postShutdown = lib.mkIf cfg.useDNS ''
resolvconf -d wg-private -f
'';
@ -83,19 +75,13 @@ in {
{
# frikandel
publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA=";
allowedIPs =
[
allowedIPs = [
"10.13.12.0/24"
"fd00:b12f:acab:1312::/64"
]
++ (
if cfg.fullTunnel
then [
] ++ (if cfg.fullTunnel then [
"0.0.0.0/0"
"::/0"
]
else []
);
] else []);
endpoint = "vpn.b12f.io:51899";
dynamicEndpointRefreshSeconds = 30;
}

3
modules/wireguard/pub.solar.nix
View file

@ -2,7 +2,8 @@
lib,
config,
...
}: let
}:
let
cfg = config.pub-solar.wireguard.pub-solar;
in {
options.pub-solar.wireguard.pub-solar = {

48
modules/wireguard/tunnel.nix
View file

@ -3,7 +3,8 @@
config,
pkgs,
...
}: let
}:
let
cfg = config.pub-solar.wireguard.tunnel;
in {
options.pub-solar.wireguard.tunnel = {
@ -72,22 +73,11 @@ in {
};
networking.wireguard.interfaces = let
splitEndpoint = lib.strings.splitString ":" cfg.peer.endpoint;
joinIPV6 = p: ip:
p
+ (
if (lib.stringLength ip > 0)
then ":"
else ""
)
+ ip;
splitEndpoint = (lib.strings.splitString ":" cfg.peer.endpoint);
joinIPV6 = p: ip: p + (if (lib.stringLength ip > 0) then ":" else "") + ip;
isIPV4 = lib.length splitEndpoint < 3;
ipFlag =
if isIPV4
then "-4"
else "-6";
endpointIP = (
if isIPV4
ipFlag = if isIPV4 then "-4" else "-6";
endpointIP = (if isIPV4
then lib.elemAt splitEndpoint 0
else lib.lists.fold joinIPV6 "" ((lib.lists.take ((lib.length splitEndpoint) - 1)) splitEndpoint)
);
@ -97,36 +87,24 @@ in {
listenPort = 51820;
ips = cfg.ownIPs;
privateKeyFile = cfg.privateKeyFile;
postSetup =
''
postSetup = ''
defaultRoute=$(${pkgs.iproute2}/bin/ip ${ipFlag} r | ${pkgs.gnugrep}/bin/grep "default via" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 " " $5 }')
${pkgs.iproute2}/bin/ip ${ipFlag} route add "${endpointIPStripped}${
if isIPV4
then "/32"
else "/128"
}" metric 256 via $defaultRoute
${pkgs.iproute2}/bin/ip ${ipFlag} route add "${endpointIPStripped}${if isIPV4 then "/32" else "/128"}" metric 256 via $defaultRoute
ip -4 route delete default dev wg-tunnel || true
ip -4 route add default dev wg-tunnel metric 512
ip -6 route delete default dev wg-tunnel || true
ip -6 route add default dev wg-tunnel metric 512
''
+ (
if cfg.useDNS
'' + (if cfg.useDNS
then ''printf "nameserver 10.64.0.1" | resolvconf -a wg-tunnel -m 0 -x''
else ""
);
postShutdown =
''
else "");
postShutdown = ''
addedRoute=$(${pkgs.iproute2}/bin/ip ${ipFlag} r | ${pkgs.gnugrep}/bin/grep "${endpointIPStripped}" | head -n 1 | ${pkgs.gawk}/bin/awk '{ print $1 " " $2 " " $3 " " $4 " " $5 }')
if [ -n "$addedRoute" ]; then
${pkgs.iproute2}/bin/ip ${ipFlag} route delete $addedRoute
fi
''
+ (
if cfg.useDNS
'' + (if cfg.useDNS
then ''resolvconf -d wg-tunnel -f''
else ""
);
else "");
peers = [
{
publicKey = cfg.peer.publicKey;

4
overlays/default.nix
View file

@ -5,7 +5,7 @@
}: {
flake = {
nixosModules = rec {
overlays = {...}: {
overlays = ({ ... }: {
nixpkgs.overlays = [
inputs.deno2nix.overlays.default
inputs.nixd.overlays.default
@ -59,7 +59,7 @@
};
})
];
};
});
};
};
}

6
pkgs/_sources/generated.nix
View file

@ -1,10 +1,6 @@
# This file was generated by nvfetcher, please do not modify it manually.
{ fetchgit, fetchurl, fetchFromGitHub, dockerTools }:
{
fetchgit,
fetchurl,
fetchFromGitHub,
dockerTools,
}: {
b12f-io-nvfetcher = {
pname = "b12f-io-nvfetcher";
version = "38adb94ce69d8807ea2e36f57abe08091192b31c";

10
pkgs/default.nix
View file

@ -5,14 +5,8 @@ with prev; {
# then, call packages with `final.callPackage`
check-battery = writeShellScriptBin "check-battery" (import ./check-battery.nix final);
concourse = import ./concourse.nix final;
element-b12f = writeShellScriptBin "element-b12f" (import ./element-desktop.nix {
inherit final;
profile = "b12f";
});
element-mezza = writeShellScriptBin "element-mezza" (import ./element-desktop.nix {
inherit final;
profile = "mezza";
});
element-b12f = writeShellScriptBin "element-b12f" (import ./element-desktop.nix { inherit final; profile = "b12f"; });
element-mezza = writeShellScriptBin "element-mezza" (import ./element-desktop.nix { inherit final; profile = "mezza"; });
fetch-hostingde-invoices = import ./fetch-hostingde-invoices final;
import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final);
lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final);

5
pkgs/element-desktop.nix
View file

@ -1,7 +1,4 @@
{
final,
profile,
}:
{ final, profile }:
with final; ''
${element-desktop}/bin/element-desktop --profile=${profile}
''

3
pkgs/fetch-hostingde-invoices/default.nix
View file

@ -1,5 +1,4 @@
self:
self.deno2nix.mkExecutable {
self: self.deno2nix.mkExecutable {
pname = "fetch-hostingde-invoices";
version = "0.1.0";

3
public-keys.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
flake = {
publicKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== id_bbcom"

173
users/b12f/email.nix
View file

@ -12,19 +12,12 @@ with lib; let
cacheHome = xdg.cacheHome;
maildirBasePath = "/home/${psCfg.user.name}/Mail";
generateMailAccount = args @ {address, ...}:
rec {
generateMailAccount = args@{ address, ... }: rec {
inherit address;
realName =
if (args ? "fullName")
then args.fullName
else psCfg.user.fullName;
realName = if (args ? "fullName") then args.fullName else psCfg.user.fullName;
signature = {
showSignature = "append";
text =
if (args ? "emptysignature")
then ""
else builtins.readFile (./.config/neomutt + "/${builtins.replaceStrings ["@"] ["_"] address}.signature");
text = if (args ? "emptysignature") then "" else builtins.readFile (./.config/neomutt + "/${builtins.replaceStrings ["@"] ["_"] address}.signature");
};
folders = {
@ -71,12 +64,7 @@ with lib; let
+Trash
'';
};
}
// (
if args ? "config"
then args.config
else {}
);
} // (if args ? "config" then args.config else {});
in {
users.users."${psCfg.user.name}".packages = with pkgs; [
w3m
@ -98,8 +86,7 @@ in {
accounts.email = {
inherit maildirBasePath;
accounts = with flake.self.lib;
lib.lists.foldr (item: set: (set // {"${item.address}" = generateMailAccount item;})) {} [
accounts = with flake.self.lib; lib.lists.foldr (item: set: (set // { "${item.address}" = generateMailAccount item; })) {} [
{
address = mkEmailAddress "hello" "benjaminbaedorf.eu";
host = "mail.hosting.de";
@ -167,133 +154,36 @@ in {
enable = true;
binds = [
# Moving around
{
map = ["generic"];
key = "g";
action = "noop";
}
{
map = ["generic"];
key = "gg";
action = "first-entry";
}
{
map = ["generic" "index"];
key = "G";
action = "last-entry";
}
{
map = ["generic" "index"];
key = "i";
action = "previous-entry";
}
{
map = ["generic" "index"];
key = "k";
action = "next-entry";
}
{
map = ["pager" "index"];
key = "d";
action = "noop";
}
{
map = ["pager" "index"];
key = "dd";
action = "delete-message";
}
{
map = ["pager"];
key = "i";
action = "previous-line";
}
{
map = ["pager"];
key = "k";
action = "next-line";
}
{
map = ["pager"];
key = "I";
action = "previous-entry";
}
{
map = ["pager"];
key = "K";
action = "next-entry";
}
{ map = ["generic"]; key = "g"; action = "noop"; }
{ map = ["generic"]; key = "gg"; action = "first-entry"; }
{ map = ["generic" "index"]; key = "G"; action = "last-entry"; }
{ map = ["generic" "index"]; key = "i"; action = "previous-entry"; }
{ map = ["generic" "index"]; key = "k"; action = "next-entry"; }
{ map = ["pager" "index"]; key = "d"; action = "noop"; }
{ map = ["pager" "index"]; key = "dd"; action = "delete-message"; }
{ map = ["pager"]; key = "i"; action = "previous-line"; }
{ map = ["pager"]; key = "k"; action = "next-line"; }
{ map = ["pager"]; key = "I"; action = "previous-entry"; }
{ map = ["pager"]; key = "K"; action = "next-entry"; }
{
map = ["pager"];
key = "r";
action = "noop";
}
{
map = ["pager"];
key = "rr";
action = "reply";
}
{
map = ["pager"];
key = "ra";
action = "group-reply";
}
{
map = ["pager"];
key = "rn";
action = "group-chat-reply";
}
{
map = ["pager"];
key = "rl";
action = "list-reply";
}
{ map = ["pager"]; key = "r"; action = "noop"; }
{ map = ["pager"]; key = "rr"; action = "reply"; }
{ map = ["pager"]; key = "ra"; action = "group-reply"; }
{ map = ["pager"]; key = "rn"; action = "group-chat-reply"; }
{ map = ["pager"]; key = "rl"; action = "list-reply"; }
# Threads
{
map = ["browser" "pager" "index"];
key = "N";
action = "search-opposite";
}
{
map = ["pager" "index"];
key = "dT";
action = "delete-thread";
}
{
map = ["pager" "index"];
key = "dt";
action = "delete-subthread";
}
{
map = ["pager" "index"];
key = "g";
action = "noop";
}
{
map = ["pager" "index"];
key = "gt";
action = "next-thread";
}
{
map = ["pager" "index"];
key = "gT";
action = "previous-thread";
}
{
map = ["index"];
key = "za";
action = "collapse-thread";
}
{
map = ["index"];
key = "zA";
action = "collapse-all";
}
{ map = ["browser" "pager" "index"]; key = "N"; action = "search-opposite"; }
{ map = ["pager" "index"]; key = "dT"; action = "delete-thread"; }
{ map = ["pager" "index"]; key = "dt"; action = "delete-subthread"; }
{ map = ["pager" "index"]; key = "g"; action = "noop"; }
{ map = ["pager" "index"]; key = "gt"; action = "next-thread"; }
{ map = ["pager" "index"]; key = "gT"; action = "previous-thread"; }
{ map = ["index"]; key = "za"; action = "collapse-thread"; }
{ map = ["index"]; key = "zA"; action = "collapse-all"; }
];
macros =
[
macros = [
# Enable URL opening
{
map = ["index" "pager"];
@ -322,8 +212,7 @@ in {
key = "\\Ca";
action = ''<tag-pattern>~N<enter><tag-prefix><clear-flag>N<untag-pattern>.<enter>" "Mark all as read'';
}
]
++ lib.lists.imap1 (i: address: {
] ++ lib.lists.imap1 (i: address: {
map = ["index" "pager"];
key = "<F${builtins.toString i}>";
action = ''<sync-mailbox><enter-command>source ${configHome}/neomutt/${address}<enter><change-folder>!<enter>'';

3
users/default.nix
View file

@ -1,4 +1,5 @@
{self, ...}: {
{ self, ... }:
{
flake = {
nixosModules = rec {
root = import ./root;

3
users/root/default.nix
View file

@ -1,3 +1,4 @@
{...}: {
{...}:
{
users.users.root.hashedPassword = "$y$j9T$HihsChALx5fotahvDVhdC/$iQCGUr35quGDDEFg0SGjDBxWzU/kokgOVDX.weRvL80";
}