Compare commits

...

107 commits

Author SHA1 Message Date
b12f 196744c4b4
paperless: add state to hostingde invoice fetch script 2024-11-20 10:10:04 +01:00
b12f 01712acef7
ehex: add cloudflare-warp 2024-11-14 12:18:28 +01:00
b12f 9accabdc6a
ssh: separate mezza account for git.pub.solar 2024-11-12 22:30:16 +01:00
b12f dcfc8728b3
users/b12f: add momo emails 2024-11-12 22:15:12 +01:00
b12f 42ed7abf8a
modules/printing: add cups persistence back in 2024-11-12 22:12:12 +01:00
b12f 2fb9d847af
hosts/stroopwafel: use iwd for wireless networking 2024-11-12 22:11:29 +01:00
b12f d139443c59
users/b12f: add cat demo1-1 ssh host 2024-11-12 22:10:34 +01:00
b12f ecf15efb0e
modules/bluetooth: fix blueman-applet service config 2024-10-30 22:44:12 +01:00
b12f 757dceeec3
users/b12f: fix nextcloud-client service config 2024-10-30 22:43:50 +01:00
b12f 7f55c13245
users/b12f: add mezza ssh key 2024-10-30 22:43:29 +01:00
b12f cde6cb09fd
hosts/droppie: fix boot, remove unused services 2024-10-30 22:43:06 +01:00
b12f 06195facf3
modules/terminal-life: use new ts langserver 2024-10-30 18:17:05 +01:00
b12f d37db2b64f
modules/graphical: fix firefox idle-indicator on wayland 2024-10-26 22:07:27 +02:00
b12f 9a7d14a95f
modules/graphical: add wdisplay, bt config 2024-10-18 16:43:00 +02:00
b12f 3b2c24ab1e
flake: update nixpkgs inputs
Includes fix for FF RCE https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
2024-10-10 13:27:16 +02:00
b12f 0b8e4e2fab
modules/wireguard: use domain-specific DNS 2024-10-01 15:31:25 +02:00
b12f f721a54007
modules/wireguard: add momo network 2024-09-20 10:59:08 +02:00
b12f 67e5c533d9
modules/graphical: dedupe brightnessctl keybindings 2024-09-20 10:57:58 +02:00
b12f 32f46d4d7d
wireguard: add momo network 2024-09-13 15:45:20 +02:00
b12f edc1f68670
firefly: fix remote auth header config 2024-09-13 12:03:51 +02:00
b12f 3ed0b291f3
modules/terminal-life: improve neomutt theming 2024-09-12 17:05:20 +02:00
b12f ba78e0baf3
modules/terminal-life: remove unused base16 script 2024-09-12 13:59:25 +02:00
b12f 28933587b4
overlays: remove element-desktop electron 28 override 2024-09-12 13:59:05 +02:00
b12f 197f343bd5
hosts/pie: update authelia, firefly, invoiceplane 2024-09-12 13:58:32 +02:00
b12f fc71a1c816
pkgs: change invoice fetcher script to bash 2024-09-10 13:12:43 +02:00
b12f 01c0b30a98
frikandel: add disabled jellyfin and authelia forwards 2024-09-06 19:29:46 +02:00
b12f 7eb2b80e22
droppie: remove autostop 2024-09-06 19:29:34 +02:00
b12f f08bfc3145
pie/authelia: add jellyfin oidc config base 2024-09-06 19:29:08 +02:00
b12f ee324d57af
modules/terminal-life: use theme variables for fzf 2024-09-06 17:39:10 +02:00
b12f f015e9c6fa
pkgs/record-screen: hide wf-recorder 2024-09-06 17:38:43 +02:00
b12f 048e6a6bb4
hosts/frikandel: add jellyfin forward 2024-09-06 17:38:06 +02:00
b12f 451ed9928f
modules/graphical: move qt definition 2024-09-06 00:25:02 +02:00
b12f 3337c8665f
modules/graphical: fix sway screenrecord keybinding 2024-09-06 00:25:01 +02:00
b12f aca454bcfb
Merge branch 'main' of git.pub.solar:b12f/os 2024-09-05 17:30:39 +02:00
b12f 1cb9bd0cd3
modules/graphical: clean up sway config, fix screen recording 2024-09-05 01:22:56 +02:00
b12f cf857156cf
modules/graphical: add background to sway 2024-09-04 22:36:05 +02:00
b12f c62ed5a14b
modules/graphical: import sway theming file 2024-09-04 22:32:03 +02:00
b12f 165fa48bfa
style: improve theming with global variables 2024-09-04 22:28:41 +02:00
Benjamin Yule Bädorf 4fb46398d3
Merge branch 'main' of git.pub.solar:b12f/os 2024-08-30 14:58:47 +02:00
b12f 9fc9b6b5c8
modules/graphical: increase swaylock timings 2024-08-30 14:07:40 +02:00
b12f 286a0b32d1
mezza.biz: update website 2024-08-30 14:07:20 +02:00
b12f e3c1dca056
modules/wireguard: add new pub.solar hosts 2024-08-30 14:06:04 +02:00
b12f b0373ff19d
frikandel: deploy mezza.biz, update nixpkgs inputs 2024-08-24 21:39:20 +02:00
b12f 5d589621e8
graphical: add xbacklight 2024-08-24 21:12:05 +02:00
b12f b02770adea
modules/terminal-life: add nvim filetype handling for age secrets 2024-08-23 19:00:12 +02:00
b12f 483c486359
modules/terminal-life: update nvim keybindings 2024-08-23 18:59:52 +02:00
b12f 091767fbae
frikandel/email: make sure emails reach the right catch-all 2024-08-19 17:09:01 +02:00
b12f ddeed05da6
lint: lint with alejandra 2024-08-19 10:03:17 +02:00
b12f e630def7b6
overlays: use blesh from nixpkgs & lix instead of nix 2024-08-19 10:03:03 +02:00
b12f 8b860a4878
flake: update nixpkgs inputs 2024-08-19 10:02:42 +02:00
b12f 4ce7b4490c
cat: update hosts in ssh settings 2024-08-19 10:02:20 +02:00
b12f ff4af10e15
pkgs: update nvfetcher sources 2024-08-19 09:18:59 +02:00
b12f 50c182d827
terminal-life/nvim: lint vim files, add recent command telescope 2024-08-19 00:23:24 +02:00
b12f a1670dcb3d
lint: lint nix files with alejandra 2024-08-19 00:22:59 +02:00
b12f d67d75eda3
terminal-life: reduce nvim config, switch to telescope 2024-08-19 00:07:22 +02:00
b12f 6f3fce1d9f
user/b12f: don't use real name for all email addresses 2024-08-18 18:53:31 +02:00
b12f 9439ed4c44
email: add mail@b12f.io and mail@hzdomain 2024-08-16 21:33:49 +02:00
b12f 34050a14cc
pkgs: update nvfetcher packages 2024-08-16 19:03:16 +02:00
Benjamin Yule Bädorf 6bbc296337
wireguard: add tankstelle to pub.solar nodes 2024-08-16 10:54:55 +02:00
Benjamin Yule Bädorf 341491f7a7
networking: add frikandel initrd to hosts file 2024-08-16 10:54:06 +02:00
b12f b3800fb26f
terraform: halfway working DNS for hosting.de 2024-08-14 23:11:14 +02:00
b12f e712fd4515
deploy: take deploy-rs from cache 2024-08-14 10:35:17 +02:00
b12f b20b5d10b8
frikandel: rename wireguard secret 2024-08-14 10:35:03 +02:00
b12f 51e1b81040
yule: update email 2024-08-14 09:39:15 +02:00
b12f a3c77b42fb
terminal-life: use the user name instead of fullname for git 2024-08-14 09:38:05 +02:00
b12f fc64336279
printing: persist the right directory 2024-08-14 09:37:53 +02:00
b12f 1d1927d570
email: add hetzner email 2024-08-14 09:36:50 +02:00
Benjamin Yule Bädorf e64354a232
flake: update nixpkgs inputs 2024-08-09 16:14:27 +02:00
Benjamin Yule Bädorf 27f3ca7c0c
b12f: remove zoom 2024-07-16 10:26:18 +02:00
Benjamin Yule Bädorf 26e81588d6
wireguard: fix conflicting listening ports 2024-07-16 10:25:44 +02:00
Benjamin Yule Bädorf b5c30f5da7
boot: use hardened linux 6.6 LTS kernel 2024-07-02 09:42:57 +02:00
Benjamin Yule Bädorf 3d6c90a559
flake: update nixpkgs inputs 2024-07-01 18:38:53 +02:00
Benjamin Yule Bädorf c75a05d46a
printing: add cups directory to persistence 2024-07-01 18:38:28 +02:00
Benjamin Yule Bädorf eccda6cd08
osm: reenable openstreetmap on stroopwafel 2024-06-17 15:24:24 +02:00
Benjamin Yule Bädorf 45d6f56d1d
overlay: take ungoogled-chromium from 24.05 2024-06-17 15:24:09 +02:00
Benjamin Yule Bädorf ee611894f8
wireguard: remove with lib;, dedupe systemd service config 2024-06-17 15:23:32 +02:00
Benjamin Yule Bädorf 23af0457bb
flake: update nixpkgs inputs 2024-06-17 15:08:29 +02:00
Benjamin Yule Bädorf d016eee124
search: use search.pub.solar by default 2024-06-17 15:07:57 +02:00
Benjamin Yule Bädorf 9616093a21
wireguard: add ehex vpn 2024-06-11 14:57:33 +02:00
Benjamin Yule Bädorf b8a48cd704
nixos: more 24.05 fixes and updates 2024-06-03 12:30:14 +02:00
Benjamin Yule Bädorf 561361f771
email: update pub.solar mail host 2024-06-03 12:29:46 +02:00
Benjamin Yule Bädorf 46853a5bd2
dns: add stroopwafel and chocolatebar in wireguard 2024-06-03 12:29:05 +02:00
Benjamin Yule Bädorf dd16d7ddb7
nixos: update to 24.05 2024-06-02 23:47:00 +02:00
Benjamin Yule Bädorf 6c4990d40f
droppie: add /dev/sda1 2024-06-02 20:19:44 +02:00
Benjamin Yule Bädorf 3555a2a416
ssh: remove nistp SSH identity 2024-05-26 19:20:09 +02:00
Benjamin Yule Bädorf 6387f7a749
chocolatebar: don't use realtime kernel 2024-05-26 19:16:16 +02:00
Benjamin Yule Bädorf b9bc457494
secrets: add restic and rclone secret to chocolatebar 2024-05-26 19:11:26 +02:00
Benjamin Yule Bädorf 7e6dec32cc
yule: update password hash 2024-05-26 19:08:18 +02:00
Benjamin Yule Bädorf 948460ffc5
iso: open SSH port in firewall 2024-05-26 19:08:04 +02:00
Benjamin Yule Bädorf 6d62c706e9
public-keys: add id_bbcom as fallback 2024-05-26 19:07:14 +02:00
Benjamin Yule Bädorf 7ef1e0ec7b
flake: update nixpkgs inputs 2024-05-26 19:06:58 +02:00
Benjamin Yule Bädorf 7b4f1e0102
invoiceplane-templates: use https for fetching 2024-05-23 09:22:42 +02:00
Benjamin Yule Bädorf 70472a5c38
email: Add contact miom.space address 2024-05-19 14:18:08 +02:00
Benjamin Yule Bädorf 8b08a3afce
graphical: add wl-mirror 2024-05-16 11:36:55 +02:00
Benjamin Yule Bädorf 1bdbc70e98
flake: update nixpkgs inputs 2024-05-16 11:36:23 +02:00
Benjamin Yule Bädorf 1e40964857
home: reenable zoom :( 2024-04-26 15:22:48 +02:00
Benjamin Yule Bädorf ab956cf63a
nvim: show otherwise hidden characters 2024-04-19 10:56:31 +02:00
Benjamin Yule Bädorf 8ac837f481
desktop-extended: add nix-inspect 2024-04-15 16:22:06 +02:00
Benjamin Yule Bädorf 08eb16fc93
wireguard: make sure wg never blocks boot 2024-04-15 12:39:13 +02:00
Benjamin Yule Bädorf 54fc54285f
nvim: add filetypes for vto, add all treesitter grammars 2024-04-15 12:37:57 +02:00
Benjamin Yule Bädorf afa83a4e24
desktop-extended: add whalebird mastodon client 2024-04-15 12:37:31 +02:00
Benjamin Yule Bädorf 17ee75088a
email: add backups for local emails and maddy 2024-04-11 13:00:46 +02:00
Benjamin Yule Bädorf 5891c59c4f
paperless: add email creds to config 2024-04-09 20:15:39 +02:00
Benjamin Yule Bädorf cf485df2d2
firefly: fix auth proxying for importer 2024-04-09 20:15:14 +02:00
Benjamin Yule Bädorf e3fefc1cd1
Update invoiceplane template 2024-04-06 03:08:39 +02:00
Benjamin Yule Bädorf e79b99e3ed
authelia/invoiceplane: get working setup 2024-04-06 02:36:58 +02:00
Benjamin Yule Bädorf 9578d0fa1a
wireguard/ssh: add pub.solar wireguard config 2024-04-06 02:36:41 +02:00
210 changed files with 3898 additions and 3727 deletions

View file

@ -20,8 +20,8 @@ indent_style = unset
indent_size = unset indent_size = unset
[{.*,secrets}/**] [{.*,secrets}/**]
end_of_line = unset end_of_line = false
insert_final_newline = unset insert_final_newline = false
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
charset = unset charset = unset
indent_style = unset indent_style = unset

View file

@ -3,17 +3,17 @@
"adblock-unbound": { "adblock-unbound": {
"inputs": { "inputs": {
"adblockStevenBlack": "adblockStevenBlack", "adblockStevenBlack": "adblockStevenBlack",
"flake-utils": "flake-utils", "lancache-domains": "lancache-domains",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1688055723, "lastModified": 1704832551,
"narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=", "narHash": "sha256-6xS/ANMIh3b4Ia3Ubl9rtb3LVw9QldihnP3IvuG9zwQ=",
"owner": "MayNiklas", "owner": "MayNiklas",
"repo": "nixos-adblock-unbound", "repo": "nixos-adblock-unbound",
"rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc", "rev": "a5d3731836b1c2ca65834e07be03c02daca5b434",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -41,16 +41,18 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1682101079, "lastModified": 1716561646,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -67,11 +69,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696360011, "lastModified": 1700795494,
"narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=", "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a", "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -85,7 +87,7 @@
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
@ -113,11 +115,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1695052866, "lastModified": 1715699772,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "rev": "b3ea6f333f9057b77efd9091119ba67089399ced",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -151,6 +153,27 @@
"type": "github" "type": "github"
} }
}, },
"devshell_2": {
"inputs": {
"nixpkgs": [
"mezza-biz",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -170,11 +193,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1696426674,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,11 +211,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1693611461, "lastModified": 1717285511,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -206,11 +229,11 @@
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1709336216, "lastModified": 1717285511,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=", "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2", "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -219,22 +242,58 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1714606777,
"narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4d34ce6412bc450b1d4208c953dc97c7fc764f1a",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -252,31 +311,52 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1710888565, "lastModified": 1703113217,
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=", "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce", "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-23.11", "repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1716736833,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1706639736, "lastModified": 1708968331,
"narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=", "narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045", "rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -285,14 +365,73 @@
"type": "github" "type": "github"
} }
}, },
"invoiceplane-template": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1712364633,
"narHash": "sha256-BfdaBTDA07ijUrK47aa8AMDTBB3nWYm74CBAwd/mllg=",
"ref": "refs/heads/main",
"rev": "8056309d6cf694647262a11415aceac68015cfd2",
"revCount": 22,
"type": "git",
"url": "https://git.pub.solar/b12f/invoiceplane-templates.git"
},
"original": {
"type": "git",
"url": "https://git.pub.solar/b12f/invoiceplane-templates.git"
}
},
"lancache-domains": {
"flake": false,
"locked": {
"lastModified": 1679999806,
"narHash": "sha256-oDZ2pSf8IgofRS4HaRppGcd4kHQj48AC9dkS++avYy8=",
"owner": "uklans",
"repo": "cache-domains",
"rev": "31b2ba1e0a7c419327cb97f589b508d78b9aecbf",
"type": "github"
},
"original": {
"owner": "uklans",
"repo": "cache-domains",
"type": "github"
}
},
"mezza-biz": {
"inputs": {
"devshell": "devshell_2",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724541053,
"narHash": "sha256-bQiwF08H8GEi7lxNiJKc4Gu42K7zYeDPPqRCNYVnp7U=",
"ref": "refs/heads/main",
"rev": "0ee615488dec2685cee6ed558cbfcf9840e92b94",
"revCount": 10,
"type": "git",
"url": "https://git.pub.solar/b12f/mezza.biz.git"
},
"original": {
"type": "git",
"url": "https://git.pub.solar/b12f/mezza.biz.git"
}
},
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696124168, "lastModified": 1715627339,
"narHash": "sha256-EzGHYAR7rozQQLZEHbKEcb5VpUFGoxwEsM0OWfW4wqU=", "narHash": "sha256-HJ6V7hc64iBqXlZ8kH4sXmUzPH+0Hn6wYURmZmL5LFk=",
"owner": "nixos", "owner": "nixos",
"repo": "mobile-nixos", "repo": "mobile-nixos",
"rev": "7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3", "rev": "655c8830d5fe2eae79c8fc0bab8033b34c8456eb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -306,11 +445,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1690426816, "lastModified": 1716767591,
"narHash": "sha256-vvOrLE6LlBVYigA1gSrlkknFwfuq9qmLA4h6ubiJ22g=", "narHash": "sha256-e7mG0KhSnMkdgIGPKw6Bs2B6D44B/GB6Zo0NgxFxJTc=",
"owner": "musnix", "owner": "musnix",
"repo": "musnix", "repo": "musnix",
"rev": "e651b06f8a3ac7d71486984100e8a79334da8329", "rev": "65f1b5863ff6157d4870ed177e8ccd82e21127ad",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -321,15 +460,16 @@
}, },
"nixd": { "nixd": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_4",
"flake-root": "flake-root",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1710142672, "lastModified": 1717293270,
"narHash": "sha256-MRClVDHMGXglXpSR+RflwnrY/ngePqrxOwiwoh5/BtU=", "narHash": "sha256-twDibXDWwmySk6C/hFUpeBewB5heSyCDDHWOAeRSp40=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixd", "repo": "nixd",
"rev": "eb40e5b315fafa1086f69be84918bbd9235e0a10", "rev": "be5ad5ec113595e2900e6391a08cf0e4784a9cfe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -341,11 +481,11 @@
}, },
"nixos-flake": { "nixos-flake": {
"locked": { "locked": {
"lastModified": 1692742948, "lastModified": 1716406291,
"narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=", "narHash": "sha256-qHjJ6alc4o3p51hrPp3JGdC5Pbz5EjF+UZq1HbK8av0=",
"owner": "srid", "owner": "srid",
"repo": "nixos-flake", "repo": "nixos-flake",
"rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431", "rev": "aa9100167350cbdffaa272b0fd382d7c23606b86",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -356,11 +496,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1686838567, "lastModified": 1717248095,
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=", "narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89", "rev": "7b49d3967613d9aacac5b340ef158d493906ba79",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -387,30 +527,48 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "lastModified": 1717284937,
"lastModified": 1693471703, "narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "type": "tarball",
"owner": "NixOS", "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
"repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"type": "github"
}, },
"original": { "original": {
"dir": "lib", "type": "tarball",
"owner": "NixOS", "url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": {
"lastModified": 1717284937,
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-lib_4": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1709237383, "lastModified": 1714253743,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -423,11 +581,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1711717242, "lastModified": 1728551786,
"narHash": "sha256-PW9J9sFw5DA4Fo3Cq4Soc+an6tjTS4VV2NxG6G0UMqw=", "narHash": "sha256-wO3aWtTYEdaDwUdbA2bj3PTBKu3idTolOOnrPnzRo8o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "824952ff6b32b0019465b139b5c76d915ec074ea", "rev": "565db77725e0d5b0b448ecf4998239c3fddd374a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -439,11 +597,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1711523803, "lastModified": 1728492678,
"narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=", "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2726f127c15a4cc9810843b96cad73c7eb39e443", "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -455,11 +613,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1690272529, "lastModified": 1716509168,
"narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=", "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c", "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -471,11 +629,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1710097495, "lastModified": 1714562304,
"narHash": "sha256-B7Ea7q7hU7SE8wOPJ9oXEBjvB89yl2csaLjf5v/7jr8=", "narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d40e866b1f98698d454dad8f592fe7616ff705a4", "rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -487,16 +645,16 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1711460390, "lastModified": 1728500571,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=", "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434", "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -508,16 +666,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708706677, "lastModified": 1708750443,
"narHash": "sha256-fUIT9v5FGy9KbbPKBVcxw2rwxqLZUVElqTtZWM7FiNI=", "narHash": "sha256-fUIT9v5FGy9KbbPKBVcxw2rwxqLZUVElqTtZWM7FiNI=",
"owner": "b12f", "owner": "tfc",
"repo": "nixos-openstreetmap", "repo": "nixos-openstreetmap",
"rev": "9057f546a5762a6b1645a8d4c22f818e29908144", "rev": "0fd30b016eb838395d85948b9ecf00ff59b4581d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "b12f", "owner": "tfc",
"ref": "flake-nixosmodule",
"repo": "nixos-openstreetmap", "repo": "nixos-openstreetmap",
"type": "github" "type": "github"
} }
@ -530,8 +687,10 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager", "home-manager": "home-manager_2",
"impermanence": "impermanence", "impermanence": "impermanence",
"invoiceplane-template": "invoiceplane-template",
"mezza-biz": "mezza-biz",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"musnix": "musnix", "musnix": "musnix",
"nixd": "nixd", "nixd": "nixd",
@ -540,16 +699,65 @@
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"openstreetmap": "openstreetmap" "openstreetmap": "openstreetmap",
"themes": "themes"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"themes": {
"locked": {
"lastModified": 1715166503,
"narHash": "sha256-eG3+PTzJntnMrO9J2fCtshU+XX18uI8iIjDKU9NkJXA=",
"owner": "RGBCube",
"repo": "ThemeNix",
"rev": "c188d0d729841f71f576dfb544e70c0340bf52a8",
"type": "github"
},
"original": {
"owner": "RGBCube",
"repo": "ThemeNix",
"type": "github"
} }
}, },
"utils": { "utils": {
"inputs": {
"systems": "systems_2"
},
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1701680307,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {

View file

@ -3,7 +3,7 @@
inputs = { inputs = {
# Track channels with commits tested and built by hydra # Track channels with commits tested and built by hydra
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-master.url = "github:nixos/nixpkgs/master";
@ -12,9 +12,11 @@
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false; flake-compat.flake = false;
home-manager.url = "github:nix-community/home-manager/release-23.11"; home-manager.url = "github:nix-community/home-manager/release-24.05";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
themes.url = "github:RGBCube/ThemeNix";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-flake.url = "github:srid/nixos-flake"; nixos-flake.url = "github:srid/nixos-flake";
@ -37,14 +39,20 @@
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound"; adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
adblock-unbound.inputs.nixpkgs.follows = "nixpkgs"; adblock-unbound.inputs.nixpkgs.follows = "nixpkgs";
openstreetmap.url = "github:b12f/nixos-openstreetmap/flake-nixosmodule"; openstreetmap.url = "github:tfc/nixos-openstreetmap";
openstreetmap.inputs.nixpkgs.follows = "nixpkgs"; openstreetmap.inputs.nixpkgs.follows = "nixpkgs";
deno2nix.url = "github:SnO2WMaN/deno2nix"; deno2nix.url = "github:SnO2WMaN/deno2nix";
invoiceplane-template.url = "git+https://git.pub.solar/b12f/invoiceplane-templates.git";
invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
mezza-biz.url = "git+https://git.pub.solar/b12f/mezza.biz.git";
mezza-biz.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs@{ self, ... }: outputs = inputs @ {self, ...}:
inputs.flake-parts.lib.mkFlake { inherit inputs; } { inputs.flake-parts.lib.mkFlake {inherit inputs;} {
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
@ -52,7 +60,9 @@
imports = [ imports = [
inputs.nixos-flake.flakeModule inputs.nixos-flake.flakeModule
inputs.flake-parts.flakeModules.easyOverlay
./public-keys.nix ./public-keys.nix
./theme.nix
./lib ./lib
./modules ./modules
./hosts ./hosts
@ -60,14 +70,23 @@
./overlays ./overlays
]; ];
perSystem = args@{ system, pkgs, lib, config, ... }: { perSystem = args @ {
system,
pkgs,
config,
...
}: {
packages = import ./pkgs args;
overlayAttrs = config.packages;
_module.args = { _module.args = {
inherit inputs; inherit inputs;
pkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs {
inherit system; inherit system;
overlays = with inputs; [ overlays = [
agenix.overlays.default inputs.agenix.overlays.default
nixd.overlays.default inputs.nixd.overlays.default
inputs.invoiceplane-template.overlays.default
]; ];
}; };
}; };
@ -75,6 +94,7 @@
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
nix nix
nixd
agenix agenix
age-plugin-yubikey age-plugin-yubikey
cachix cachix
@ -91,6 +111,7 @@
deploy-rs deploy-rs
terraform-ls
opentofu opentofu
terraform-backend-git terraform-backend-git

View file

@ -1,19 +0,0 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

View file

@ -25,7 +25,6 @@ in {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
}; };
}; };

View file

@ -1,4 +1,4 @@
{ ... }: { {...}: {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix

View file

@ -1,19 +0,0 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

View file

@ -10,7 +10,7 @@ with lib; let
in { in {
musnix = { musnix = {
enable = true; enable = true;
kernel.realtime = true; kernel.realtime = false;
soundcardPciId = "0d:00.4"; soundcardPciId = "0d:00.4";
}; };
@ -23,14 +23,12 @@ in {
]; ];
}; };
environment.etc = { services.pipewire.extraConfig.pipewire."92-low-latency" = {
"pipewire/pipewire.conf.d/92-low-latency.conf".text = '' "context.properties" = {
context.properties = { "default.clock.rate" = 48000;
default.clock.rate = 48000 "default.clock.quantum" = 32;
default.clock.quantum = 32 "default.clock.min-quantum" = 32;
default.clock.min-quantum = 32 "default.clock.max-quantum" = 32;
default.clock.max-quantum = 32 };
}
'';
}; };
} }

View file

@ -29,7 +29,6 @@ in {
pub-solar.terminal-life.full = true; pub-solar.terminal-life.full = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
drone-docker-runner
stdenv.cc.cc.lib stdenv.cc.cc.lib
hplip hplip
uhk-agent uhk-agent

View file

@ -39,6 +39,6 @@ in {
]; ];
}; };
networking.firewall.allowedUDPPorts = [ 34197 ]; networking.firewall.allowedUDPPorts = [34197];
networking.firewall.allowedTCPPorts = [ 34197 ]; networking.firewall.allowedTCPPorts = [34197];
} }

View file

@ -1,8 +1,12 @@
{ withSystem, self, inputs, ...}:
{ {
self,
inputs,
...
}: {
flake = { flake = {
nixosConfigurations = { nixosConfigurations = {
stroopwafel = self.nixos-flake.lib.mkLinuxSystem { stroopwafel = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
@ -65,8 +69,6 @@
self.nixosModules.base self.nixosModules.base
./droppie ./droppie
self.nixosModules.yule self.nixosModules.yule
self.nixosModules.acme
self.nixosModules.proxy
self.nixosModules.persistence self.nixosModules.persistence
]; ];
}; };
@ -137,7 +139,7 @@
self.nixosModules.graphical self.nixosModules.graphical
self.nixosModules.audio self.nixosModules.audio
self.nixosModules.bluetooth self.nixosModules.bluetooth
({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; }) ({...}: {pub-solar.graphical.wayland.software-renderer.enable = true;})
]; ];
}; };
}; };

View file

@ -24,7 +24,7 @@ in {
}; };
systemd.timers."shutdown-after-backup" = { systemd.timers."shutdown-after-backup" = {
enable = true; enable = false;
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 02..11:05,15,25,35,45,55:00 Etc/UTC"; OnCalendar = "*-*-* 02..11:05,15,25,35,45,55:00 Etc/UTC";
}; };

View file

@ -20,10 +20,11 @@ in {
boot.kernelParams = [ boot.kernelParams = [
"boot.shell_on_fail=1" "boot.shell_on_fail=1"
"nomodeset"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed. # Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none" "ip=127.0.0.1:::::lo:none"
]; ];
boot.initrd.availableKernelModules = [ "tg3" ]; boot.initrd.availableKernelModules = ["tg3"];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;
ssh = { ssh = {

View file

@ -5,7 +5,5 @@
./networking.nix ./networking.nix
./backup-autostop.nix ./backup-autostop.nix
./nginx.nix
./jellyfin.nix
]; ];
} }

View file

@ -1,56 +1,66 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod"];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
boot.initrd.luks.devices."cryptroot" = { boot.initrd.luks.devices = {
device = "/dev/sdb2"; "cryptroot" = {
device = "/dev/disk/by-uuid/08330ff9-581a-41e1-b8fa-757dc4c90b16";
allowDiscards = true; allowDiscards = true;
}; };
"cryptdata".device = "/dev/disk/by-uuid/bc9f00ea-027e-409b-87c9-ab5628683378";
};
fileSystems."/" = fileSystems."/" = {
{ device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/media/internal" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/5cf314a8-82f4-4037-a724-62d2ff226cff"; device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fsType = "ext4";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fsType = "ext4";
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fsType = "ext4"; fsType = "ext4";
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/home" = fileSystems."/persist" = {
{ device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16"; device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fsType = "ext4";
neededForBoot = true;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/991E-79C1"; device = "/dev/disk/by-uuid/991E-79C1";
fsType = "vfat"; fsType = "vfat";
neededForBoot = true;
options = [ "fmask=0022" "dmask=0022" ];
}; };
swapDevices = fileSystems."/data" = {
[ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; } device = "/dev/disk/by-uuid/391db8c4-5654-4a5c-a5c8-e34811f54786";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769";}
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,44 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.jellyfin = {
enable = true;
openFirewall = false;
};
# from https://jellyfin.org/docs/general/networking/index.html
networking.firewall.allowedUDPPorts = [ 1900 7359 ];
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts = {
"media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "http://127.0.0.1:8096";
};
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
}

View file

@ -10,7 +10,12 @@
networking.interfaces.enp2s0f1.useDHCP = true; networking.interfaces.enp2s0f1.useDHCP = true;
networking.interfaces.enp2s0f0 = { networking.interfaces.enp2s0f0 = {
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ]; ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3::";
prefixLength = 64;
}
];
}; };
# Allow pub.solar restic backups # Allow pub.solar restic backups

View file

@ -1,15 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
services.nginx = {
defaultListenAddresses = [
"192.168.178.3"
"10.13.12.3"
"[fd00:b12f:acab:1312:acab:3::]"
];
};
}

View file

@ -0,0 +1,17 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"auth.b12f.io" = {};
};
services.nginx.virtualHosts."auth.b12f.io" = {
forceSSL = true;
useACMEHost = "auth.b12f.io";
locations."/".proxyPass = "https://auth.b12f.io";
};
}

View file

@ -9,7 +9,6 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -19,13 +18,14 @@ in {
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed. # Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none" "ip=127.0.0.1:::::lo:none"
]; ];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
boot.initrd.availableKernelModules = ["virtio_pci" "virtio_net"];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;
ssh = { ssh = {
enable = true; enable = true;
port = 2222; port = 2222;
hostKeys = [ /boot/initrd-ssh-key ]; hostKeys = [/boot/initrd-ssh-key];
authorizedKeys = flake.self.publicKeys; authorizedKeys = flake.self.publicKeys;
shell = "/bin/cryptsetup-askpass"; shell = "/bin/cryptsetup-askpass";
}; };
@ -43,7 +43,7 @@ in {
''; '';
}; };
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = ["zfs"];
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you

View file

@ -6,9 +6,10 @@
./networking.nix ./networking.nix
./unbound.nix ./unbound.nix
./nginx.nix ./nginx.nix
./invoiceplane-proxy.nix
./wireguard.nix ./wireguard.nix
./email.nix ./email.nix
./website.nix ./website.nix
# ./jellyfin-forward.nix
# ./authelia-forward.nix
]; ];
} }

View file

@ -5,10 +5,16 @@
lib, lib,
... ...
}: let }: let
# hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ]; hzDomain = lib.concatStrings ["hw" "dz" "z." "net"];
dkimDNSb12fio = '' dkimDNSb12fio = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ; default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ;
''; '';
dkimDNSmezzabiz = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8iuDq0eon2k7QlBJWGxwDiEv53iJQu2uqxOjr7Ul/nfQjuR6kVKs6oOVopnyFTGRpffrpSHHW1YUN5nF76p0fJphk4l+QmJP36/xweajsNU27PAkb88xG6yRKl28MCfPdMR96+Jobpei8S0UhqcskYs1aZybm7ci9ZuAMidziwIDAQAB" ) ;
'';
dkimDNShzDomain = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvVA2XZno6g6qBdmxoLgX2Qmd883M6yV4YkE/VaNH6xcR0AcTo4hEYoAOPryfKn4FE/TYvyk/k2cyBKpMBn2qbVhwUavYQh/e9bweS2FKQvdzCUUoqXk04o2MqSXb2ZFwkUCtfrPcckBgpF754PDL4HMZGPnkMSdDX7bmYe37CWQIDAQAB") ;
'';
in { in {
age.secrets."b12f.io-dkim-private-rsa" = { age.secrets."b12f.io-dkim-private-rsa" = {
file = "${flake.self}/secrets/b12f.io-dkim-private-rsa.age"; file = "${flake.self}/secrets/b12f.io-dkim-private-rsa.age";
@ -23,19 +29,49 @@ in {
owner = "maddy"; owner = "maddy";
}; };
users.users.maddy.extraGroups = [ "nginx" ]; age.secrets."mezza.biz-dkim-private-rsa" = {
file = "${flake.self}/secrets/mezza.biz-dkim-private-rsa.age";
path = "/var/lib/maddy/dkim_keys/mezza.biz_default.key";
mode = "400";
owner = "maddy";
};
age.secrets."mail@mezza.biz-password" = {
file = "${flake.self}/secrets/mail@mezza.biz-password.age";
mode = "400";
owner = "maddy";
};
age.secrets."hzdomain-dkim-private-rsa" = {
file = "${flake.self}/secrets/hzdomain-dkim-private-rsa.age";
path = "/var/lib/maddy/dkim_keys/hzdomain_default.key";
mode = "400";
owner = "maddy";
};
age.secrets."mail@hzdomain-password" = {
file = "${flake.self}/secrets/mail@hzdomain-password.age";
mode = "400";
owner = "maddy";
};
users.users.maddy.extraGroups = ["nginx"];
security.acme.certs = { security.acme.certs = {
"mail.b12f.io" = { "mail.b12f.io".reloadServices = ["maddy"];
reloadServices = [ "maddy" ]; "b12f.io".reloadServices = ["maddy"];
};
"b12f.io" = {
reloadServices = [ "maddy" ];
};
"mta-sts.b12f.io" = {}; "mta-sts.b12f.io" = {};
"mail.mezza.biz".reloadServices = ["maddy"];
"mezza.biz".reloadServices = ["maddy"];
"mta-sts.mezza.biz" = {};
"mail.${hzDomain}".reloadServices = ["maddy"];
"${hzDomain}".reloadServices = ["maddy"];
"mta-sts.${hzDomain}" = {};
}; };
services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // { services.nginx.virtualHosts = builtins.foldl' (hosts: hostName:
hosts
// {
"mta-sts.${hostName}" = { "mta-sts.${hostName}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "mta-sts.${hostName}"; useACMEHost = "mta-sts.${hostName}";
@ -52,21 +88,23 @@ in {
tryFiles = "$uri $uri/ =404"; tryFiles = "$uri $uri/ =404";
}; };
}; };
}) {} [ "b12f.io" ]; }) {} ["b12f.io" "mezza.biz" hzDomain];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '/run/maddy' 0750 maddy maddy - -" "d '/run/maddy' 0750 maddy maddy - -"
]; ];
system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter [ "var" ] '' system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter ["var"] ''
mkdir -p /var/lib/maddy/dkim_keys mkdir -p /var/lib/maddy/dkim_keys
echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns
echo '${dkimDNSmezzabiz}' >> /var/lib/maddy/dkim_keys/mezza.biz_default.dns
echo '${dkimDNShzDomain}' >> /var/lib/maddy/dkim_keys/${hzDomain}_default.dns
chown -R maddy:maddy /var/lib/maddy chown -R maddy:maddy /var/lib/maddy
''; '';
networking.firewall.allowedTCPPorts = [ 25 ]; networking.firewall.allowedTCPPorts = [25];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 465 587 993 ]; networking.firewall.interfaces.wg-private.allowedTCPPorts = [465 587 993];
services.maddy = { services.maddy = {
enable = true; enable = true;
@ -76,14 +114,22 @@ in {
localDomains = [ localDomains = [
"b12f.io" "b12f.io"
"mail.b12f.io" "mail.b12f.io"
"mezza.biz"
"mail.mezza.biz"
hzDomain
"mail.${hzDomain}"
]; ];
ensureAccounts = [ ensureAccounts = [
"mail@b12f.io" "mail@b12f.io"
"mail@mezza.biz"
"mail@${hzDomain}"
]; ];
ensureCredentials = { ensureCredentials = {
# Do not use this in production. This will make passwords world-readable # Do not use this in production. This will make passwords world-readable
# in the Nix store # in the Nix store
"mail@b12f.io".passwordFile = config.age.secrets."mail@b12f.io-password".path; "mail@b12f.io".passwordFile = config.age.secrets."mail@b12f.io-password".path;
"mail@mezza.biz".passwordFile = config.age.secrets."mail@mezza.biz-password".path;
"mail@${hzDomain}".passwordFile = config.age.secrets."mail@hzdomain-password".path;
}; };
tls = { tls = {
loader = "file"; loader = "file";
@ -96,6 +142,22 @@ in {
keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem"; keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem";
certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem"; certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem";
} }
{
keyPath = "${config.security.acme.certs."mail.mezza.biz".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.mezza.biz".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mezza.biz".directory}/key.pem";
certPath = "${config.security.acme.certs."mezza.biz".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."${hzDomain}".directory}/key.pem";
certPath = "${config.security.acme.certs."${hzDomain}".directory}/cert.pem";
}
]; ];
}; };
config = '' config = ''
@ -145,7 +207,7 @@ in {
# replace rcpt to catchall and deliver it there # replace rcpt to catchall and deliver it there
destination $(local_domains) { destination $(local_domains) {
modify { modify {
replace_rcpt regexp ".*" "mail@$(primary_domain)" replace_rcpt regexp "(.+)@(.+)" "mail@$2"
} }
deliver_to &local_mailboxes deliver_to &local_mailboxes
} }
@ -251,5 +313,26 @@ in {
''; '';
}; };
systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ]; systemd.services.rspamd.serviceConfig.SupplementaryGroups = ["maddy"];
age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
mode = "400";
};
age.secrets."restic-password" = {
file = "${flake.self}/secrets/restic-password.age";
mode = "400";
};
services.restic.backups = {
maddy = {
paths = ["/var/lib/maddy"];
initialize = true;
passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Maddy";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
};
};
} }

View file

@ -1,16 +1,21 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ ]; boot.kernelModules = [];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
cryptroot = { cryptroot = {
@ -19,18 +24,18 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "zroot/root"; device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/684A-5884"; device = "/dev/disk/by-uuid/684A-5884";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389"; } {device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389";}
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

View file

@ -1,20 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"invoicing.b12f.io" = {};
};
services.nginx.virtualHosts = {
"invoicing.b12f.io" = {
forceSSL = true;
useACMEHost = "invoicing.b12f.io";
# This redirects to invoiceplane on pie
locations."/".proxyPass = "https://invoicing.b12f.io";
};
};
}

View file

@ -0,0 +1,17 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts."media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "https://media.b12f.io";
};
}

View file

@ -8,6 +8,8 @@
networking.hostName = "frikandel"; networking.hostName = "frikandel";
networking.hostId = "44234773"; networking.hostId = "44234773";
networking.nameservers = [ networking.nameservers = [
"10.13.12.7"
"fd00:b12f:acab:1312:acab:7::"
"193.110.81.0" #dns0.eu "193.110.81.0" #dns0.eu
"2a0f:fc80::" #dns0.eu "2a0f:fc80::" #dns0.eu
"185.253.5.0" #dns0.eu "185.253.5.0" #dns0.eu
@ -17,8 +19,18 @@
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here) # Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.enp1s0 = { networking.interfaces.enp1s0 = {
ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }]; ipv4.addresses = [
ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }]; {
address = "128.140.109.213";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "2a01:4f8:c2c:b60::";
prefixLength = 64;
}
];
}; };
networking.defaultGateway = { networking.defaultGateway = {
address = "172.31.1.1"; address = "172.31.1.1";
@ -29,5 +41,5 @@
interface = "enp1s0"; interface = "enp1s0";
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
} }

View file

@ -29,8 +29,8 @@
owner = "unbound"; owner = "unbound";
}; };
networking.firewall.interfaces.wg-private.allowedUDPPorts = [ 53 ]; networking.firewall.interfaces.wg-private.allowedUDPPorts = [53];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 53 ]; networking.firewall.interfaces.wg-private.allowedTCPPorts = [53];
services.resolved.enable = false; services.resolved.enable = false;
services.unbound = { services.unbound = {
@ -56,8 +56,15 @@
]; ];
local-zone = [ local-zone = [
"\"b12f.io\" transparent" "\"b12f.io\" transparent"
"\"pub.solar\" transparent"
]; ];
local-data = [ local-data = [
"\"stroopwafel.b12f.io. 10800 IN A 10.13.12.5\""
"\"stroopwafel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:5::\""
"\"chocolatebar.b12f.io. 10800 IN A 10.13.12.8\""
"\"chocolatebar.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:8::\""
"\"droppie.b12f.io. 10800 IN A 10.13.12.3\"" "\"droppie.b12f.io. 10800 IN A 10.13.12.3\""
"\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\"" "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
@ -90,6 +97,18 @@
"\"b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" "\"b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.b12f.io. 10800 IN A 10.13.12.7\"" "\"mail.b12f.io. 10800 IN A 10.13.12.7\""
"\"mail.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" "\"mail.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mezza.biz. 10800 IN A 10.13.12.7\""
"\"mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.mezza.biz. 10800 IN A 10.13.12.7\""
"\"mail.mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
"\"h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
"\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mezza.git.pub.solar. 10800 IN CNAME git.pub.solar\""
]; ];
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
@ -117,5 +136,4 @@
}; };
}; };
}; };
} }

View file

@ -6,6 +6,7 @@
security.acme.certs = { security.acme.certs = {
"benjaminbaedorf.eu" = {}; "benjaminbaedorf.eu" = {};
"b12f.io" = {}; "b12f.io" = {};
"mezza.biz" = {};
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
@ -25,5 +26,16 @@
tryFiles = "$uri $uri/ =404"; tryFiles = "$uri $uri/ =404";
}; };
}; };
"mezza.biz" = {
forceSSL = true;
useACMEHost = "mezza.biz";
locations."/" = {
root = pkgs.mezza-biz;
index = "index.html";
tryFiles = "$uri $uri/ =404";
};
};
}; };
} }

View file

@ -4,7 +4,8 @@
pkgs, pkgs,
lib, lib,
... ...
}: with lib; { }:
with lib; {
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
"net.ipv6.conf.wg-private.forwarding" = 1; "net.ipv6.conf.wg-private.forwarding" = 1;
@ -16,10 +17,10 @@
enable = true; enable = true;
enableIPv6 = true; enableIPv6 = true;
externalInterface = "enp1s0"; externalInterface = "enp1s0";
internalInterfaces = [ "wg-private" ]; internalInterfaces = ["wg-private"];
}; };
networking.firewall.allowedUDPPorts = [ 51899 ]; networking.firewall.allowedUDPPorts = [51899];
networking.firewall.extraForwardRules = [ networking.firewall.extraForwardRules = [
"iifname { != wg-private } reject" "iifname { != wg-private } reject"
@ -27,7 +28,7 @@
]; ];
systemd.services.wireguard-wg-private = { systemd.services.wireguard-wg-private = {
after = [ wantedBy = [
"network.target" "network.target"
"network-online.target" "network-online.target"
"nss-lookup.target" "nss-lookup.target"
@ -44,7 +45,7 @@
}; };
}; };
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-frikandel-server.age"; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-frikandel.age";
# Enable WireGuard # Enable WireGuard
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
@ -57,7 +58,8 @@
]; ];
privateKeyFile = config.age.secrets.wg-private-key.path; privateKeyFile = config.age.secrets.wg-private-key.path;
peers = [ peers = [
{ # pie {
# pie
publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw="; publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
allowedIPs = [ allowedIPs = [
"10.13.12.2/32" "10.13.12.2/32"
@ -66,7 +68,8 @@
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ # droppie {
# droppie
publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw="; publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw=";
allowedIPs = [ allowedIPs = [
"10.13.12.3/32" "10.13.12.3/32"
@ -75,7 +78,8 @@
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ # chocolatebar {
# chocolatebar
publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A="; publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A=";
allowedIPs = [ allowedIPs = [
"10.13.12.5/32" "10.13.12.5/32"
@ -84,7 +88,8 @@
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ # biolimo {
# biolimo
publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc="; publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc=";
allowedIPs = [ allowedIPs = [
"10.13.12.6/32" "10.13.12.6/32"
@ -93,7 +98,8 @@
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ # stroopwafel {
# stroopwafel
publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU="; publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU=";
allowedIPs = [ allowedIPs = [
"10.13.12.8/32" "10.13.12.8/32"
@ -102,7 +108,8 @@
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ # fp3 {
# fp3
publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI="; publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI=";
allowedIPs = [ allowedIPs = [
"10.13.12.9/32" "10.13.12.9/32"

View file

@ -4,6 +4,7 @@
... ...
}: { }: {
isoImage.squashfsCompression = "gzip -Xcompression-level 1"; isoImage.squashfsCompression = "gzip -Xcompression-level 1";
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; systemd.services.sshd.wantedBy = lib.mkForce ["multi-user.target"];
networking.networkmanager.enable = false; networking.networkmanager.enable = false;
services.openssh.openFirewall = lib.mkForce true;
} }

View file

@ -1,8 +1,12 @@
{ flake, pkgs, ... }: { {
flake,
pkgs,
...
}: {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") { device = "pine64-pinephone"; }) ((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") {device = "pine64-pinephone";})
"${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix" "${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix"
]; ];
} }

View file

@ -1,6 +1,10 @@
# NOTE: this file was generated by the Mobile NixOS installer. # NOTE: this file was generated by the Mobile NixOS installer.
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004"; device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004";

View file

@ -149,13 +149,12 @@ MAP_DEFAULT_ZOOM=6
# #
# LDAP is no longer supported :( # LDAP is no longer supported :(
# #
AUTHENTICATION_GUARD=web AUTHENTICATION_GUARD=remote_user_guard
# #
# Remote user guard settings # Remote user guard settings
# #
AUTHENTICATION_GUARD_HEADER=REMOTE_USER AUTHENTICATION_GUARD_HEADER=Remote-Email
AUTHENTICATION_GUARD_EMAIL=
# #
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. # Firefly III supports webhooks. These are security sensitive and must be enabled manually first.

View file

@ -1,14 +1,22 @@
{ {
flake,
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
disabledModules = [
"services/security/authelia.nix"
];
imports = [
"${flake.inputs.nixpkgs-master}/nixos/modules/services/security/authelia.nix"
];
age.secrets."authelia-storage-encryption-key" = { age.secrets."authelia-storage-encryption-key" = {
file = "${flake.self}/secrets/authelia-storage-encryption-key.age"; file = "${flake.self}/secrets/authelia-storage-encryption-key.age";
mode = "400"; mode = "400";
@ -27,6 +35,24 @@ in {
owner = "authelia-b12f"; owner = "authelia-b12f";
}; };
age.secrets."authelia-oidc-issuer-private-key" = {
file = "${flake.self}/secrets/authelia-oidc-issuer-private-key.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-oidc-hmac-secret" = {
file = "${flake.self}/secrets/authelia-oidc-hmac-secret.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-jwks-private-key" = {
file = "${flake.self}/secrets/authelia-jwks-private-key.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-users-file" = { age.secrets."authelia-users-file" = {
file = "${flake.self}/secrets/authelia-users-file.age"; file = "${flake.self}/secrets/authelia-users-file.age";
mode = "400"; mode = "400";
@ -47,10 +73,10 @@ in {
"auth.b12f.io" = { "auth.b12f.io" = {
forceSSL = true; forceSSL = true;
useACMEHost = "auth.b12f.io"; useACMEHost = "auth.b12f.io";
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}"; locations."/".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}";
locations."/".extraConfig = "include /etc/nginx/conf-available/proxy.conf;"; locations."/".extraConfig = "include /etc/nginx/conf-available/proxy.conf;";
locations."/api/verify".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}"; locations."/api/verify".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}";
locations."/api/authz".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}"; locations."/api/authz".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}";
}; };
}; };
@ -61,6 +87,12 @@ in {
storageEncryptionKeyFile = config.age.secrets."authelia-storage-encryption-key".path; storageEncryptionKeyFile = config.age.secrets."authelia-storage-encryption-key".path;
sessionSecretFile = config.age.secrets."authelia-session-secret".path; sessionSecretFile = config.age.secrets."authelia-session-secret".path;
jwtSecretFile = config.age.secrets."authelia-jwt-secret".path; jwtSecretFile = config.age.secrets."authelia-jwt-secret".path;
oidcIssuerPrivateKeyFile = config.age.secrets."authelia-oidc-issuer-private-key".path;
oidcHmacSecretFile = config.age.secrets."authelia-oidc-hmac-secret".path;
};
environmentVariables = {
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets."mail@b12f.io-password".path;
}; };
settings = { settings = {
@ -68,12 +100,12 @@ in {
default_2fa_method = "webauthn"; default_2fa_method = "webauthn";
log.level = "debug"; log.level = "debug";
server = { server = {
port = 9092; address = "127.0.0.1:9092";
host = "127.0.0.1"; endpoints.authz.auth-request.implementation = "AuthRequest";
}; };
authentication_backend = { authentication_backend = {
refresh_interval = "disable"; refresh_interval = "disable";
password_reset = { disable = true; }; password_reset.disable = true;
file = { file = {
path = config.age.secrets."authelia-users-file".path; path = config.age.secrets."authelia-users-file".path;
watch = false; watch = false;
@ -84,32 +116,61 @@ in {
totp.issuer = "auth.b12f.io"; totp.issuer = "auth.b12f.io";
storage.local.path = "/var/lib/authelia-b12f/db.sqlite3"; storage.local.path = "/var/lib/authelia-b12f/db.sqlite3";
access_control.default_policy = "two_factor"; access_control.default_policy = "two_factor";
session = { session.cookies = [
domain = "auth.b12f.io"; {
# authelia_url = "https://auth.b12f.io"; domain = "b12f.io";
}; authelia_url = "https://auth.b12f.io";
notifier.disable_startup_check = true; }
];
notifier.smtp = { notifier.smtp = {
host = "mail.b12f.io"; address = "submission://mail.b12f.io:587";
port = 587;
username = "mail@b12f.io"; username = "mail@b12f.io";
sender = "auth.b12f.io <mail@b12f.io>"; sender = "auth.b12f.io <mail@b12f.io>";
identifier = "auth@b12f.io"; identifier = "auth@b12f.io";
subject = "[auth.b12f.io] {title}"; subject = "[auth.b12f.io] {title}";
}; };
identity_providers.oidc = {
authorization_policies = {
admins = {
default_policy = "deny";
rules = [{
policy = "two_factor";
subject = "group:admins";
}];
};
};
clients = [
{
client_id = "jellyfin";
client_secret = "$pbkdf2-sha512$310000$koY0g1AqL.fEeQUJcE48SA$b9G4p7qquc6M9rSTnR.Ac3Le9KS25zbTN0aNiXT4sxag7Kstu4Pt66/sVlAh3lIS4CGjLcPA2GvjhXnapC.ziQ";
public = false;
authorization_policy = "admins";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [ "https://media.b12f.io/sso/OID/redirect/authelia" ];
scopes = [
"openid"
"profile"
"groups"
];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
}; };
}; };
systemd.services.authelia-b12f.environment.AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets."mail@b12f.io-password".path; systemd.services.authelia-b12f.preStart = "env";
services.restic.backups = { services.restic.backups = {
authelia = { authelia = {
paths = [ "/var/lib/authelia-b12f" ]; paths = ["/var/lib/authelia-b12f"];
initialize = true; initialize = true;
passwordFile = config.age.secrets."restic-password".path; passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Authelia"; repository = "rclone:cloud.pub.solar:/backups/Authelia";
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path; rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
}; };
}; };
} }

View file

@ -8,8 +8,8 @@
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
age.secrets."rclone-pie.conf" = { age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age"; file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
path = "/root/.config/rclone/rclone.conf"; path = "/root/.config/rclone/rclone.conf";
mode = "400"; mode = "400";
}; };

View file

@ -20,8 +20,7 @@ in {
boot.loader.systemd-boot.enable = false; boot.loader.systemd-boot.enable = false;
boot.loader.generic-extlinux-compatible.enable = false; boot.loader.generic-extlinux-compatible.enable = false;
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = ["zfs"];
boot.kernelPackages = pkgs.linuxPackages_6_1_hardened;
boot.kernelParams = [ boot.kernelParams = [
"boot.shell_on_fail=1" "boot.shell_on_fail=1"
@ -29,7 +28,7 @@ in {
"ip=127.0.0.1:::::lo:none" "ip=127.0.0.1:::::lo:none"
]; ];
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3 # See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = [ "genet" ]; boot.initrd.availableKernelModules = ["genet"];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;
ssh = { ssh = {
@ -51,6 +50,10 @@ in {
''; '';
}; };
# Ran into this
# https://discourse.nixos.org/t/logrotate-config-fails-due-to-missing-group-30000/28501
services.logrotate.checkConfig = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

View file

@ -1,6 +1,9 @@
{ pkgs, adblock-unbound, ... }:
{ {
networking.firewall.allowedUDPPorts = [ 67 547 ]; pkgs,
adblock-unbound,
...
}: {
networking.firewall.allowedUDPPorts = [67 547];
networking.firewall.extraInputRules = '' networking.firewall.extraInputRules = ''
ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server" ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server"
''; '';
@ -30,7 +33,7 @@
{ {
subnet = "192.168.178.0/24"; subnet = "192.168.178.0/24";
pools = [ pools = [
{ pool = "192.168.178.2 - 192.168.178.255"; } {pool = "192.168.178.2 - 192.168.178.255";}
]; ];
option-data = [ option-data = [
@ -100,7 +103,7 @@
subnet = "2a02:908:5b1:e3c0::/64"; subnet = "2a02:908:5b1:e3c0::/64";
pools = [ pools = [
{ pool = "2a02:908:5b1:e3c0::/72"; } {pool = "2a02:908:5b1:e3c0::/72";}
]; ];
ddns-qualifying-suffix = "local."; ddns-qualifying-suffix = "local.";

View file

@ -39,6 +39,8 @@ in {
forceSSL = true; forceSSL = true;
useACMEHost = "firefly.b12f.io"; useACMEHost = "firefly.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;"; extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
# Make api calls skip the nginx proxy auth
locations."/api/v1".proxyPass = "http://127.0.0.1:8080";
locations."/".proxyPass = "http://127.0.0.1:8080"; locations."/".proxyPass = "http://127.0.0.1:8080";
locations."/".extraConfig = '' locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf; include /etc/nginx/conf-available/proxy.conf;
@ -78,14 +80,14 @@ in {
volumes = [ volumes = [
"/var/lib/firefly/upload:/var/www/html/storage/upload" "/var/lib/firefly/upload:/var/www/html/storage/upload"
]; ];
extraOptions = [ "--network=firefly" ]; extraOptions = ["--network=firefly"];
environmentFiles = [ environmentFiles = [
./.env.firefly ./.env.firefly
config.age.secrets."firefly-secrets.env".path config.age.secrets."firefly-secrets.env".path
config.age.secrets."firefly-cron-secrets.env".path config.age.secrets."firefly-cron-secrets.env".path
]; ];
ports = [ "127.0.0.1:8080:8080" ]; ports = ["127.0.0.1:8080:8080"];
dependsOn = [ "firefly-db" ]; dependsOn = ["firefly-db"];
}; };
containers."firefly-db" = { containers."firefly-db" = {
@ -94,7 +96,7 @@ in {
volumes = [ volumes = [
"/var/lib/firefly/db:/var/lib/postgresql/data" "/var/lib/firefly/db:/var/lib/postgresql/data"
]; ];
extraOptions = [ "--network=firefly" ]; extraOptions = ["--network=firefly"];
environmentFiles = [ environmentFiles = [
config.age.secrets."firefly-db-secrets.env".path config.age.secrets."firefly-db-secrets.env".path
]; ];
@ -103,8 +105,8 @@ in {
containers."firefly-importer" = { containers."firefly-importer" = {
image = "fireflyiii/data-importer:latest"; image = "fireflyiii/data-importer:latest";
autoStart = true; autoStart = true;
extraOptions = [ "--network=firefly" ]; extraOptions = ["--network=firefly"];
ports = [ "127.0.0.1:8081:8080" ]; ports = ["127.0.0.1:8081:8080"];
environment = { environment = {
FIREFLY_III_URL = "https://firefly.b12f.io"; FIREFLY_III_URL = "https://firefly.b12f.io";
}; };
@ -112,7 +114,7 @@ in {
./.env.firefly-importer ./.env.firefly-importer
config.age.secrets."firefly-importer-secrets.env".path config.age.secrets."firefly-importer-secrets.env".path
]; ];
dependsOn = [ "firefly" ]; dependsOn = ["firefly"];
}; };
containers."firefly-cron" = { containers."firefly-cron" = {
@ -126,7 +128,7 @@ in {
environmentFiles = [ environmentFiles = [
config.age.secrets."firefly-cron-secrets.env".path config.age.secrets."firefly-cron-secrets.env".path
]; ];
extraOptions = [ "--network=firefly" ]; extraOptions = ["--network=firefly"];
}; };
}; };
}; };
@ -148,7 +150,7 @@ in {
backupPrepareCommand = '' backupPrepareCommand = ''
${pkgs.docker-client}/bin/docker exec -t firefly-db pg_dumpall -c -U firefly > "${backupDir}/postgres.sql" ${pkgs.docker-client}/bin/docker exec -t firefly-db pg_dumpall -c -U firefly > "${backupDir}/postgres.sql"
''; '';
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path; rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
}; };
}; };
} }

View file

@ -1,18 +1,22 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "uas" "usb_storage" ]; boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "uas" "usb_storage"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ ]; boot.kernelModules = [];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = ["zfs"];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
cryptroot = { cryptroot = {
@ -21,21 +25,20 @@
}; };
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "zroot/root"; device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/0D5D-B809"; device = "/dev/disk/by-uuid/0D5D-B809";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9"; } {device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9";}
]; ];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
} }

View file

@ -28,11 +28,6 @@ in {
"invoicing.b12f.io" = { "invoicing.b12f.io" = {
forceSSL = true; forceSSL = true;
useACMEHost = "invoicing.b12f.io"; useACMEHost = "invoicing.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf;
include /etc/nginx/conf-available/authelia-authrequest.conf;
'';
}; };
}; };
@ -49,6 +44,8 @@ in {
createLocally = false; createLocally = false;
}; };
invoiceTemplates = [pkgs.invoiceplane-template];
extraConfig = '' extraConfig = ''
SETUP_COMPLETED=true SETUP_COMPLETED=true
DISABLE_SETUP=true DISABLE_SETUP=true
@ -75,7 +72,7 @@ in {
containers."invoiceplane-db" = { containers."invoiceplane-db" = {
image = "mariadb:11"; image = "mariadb:11";
autoStart = true; autoStart = true;
ports = [ "127.0.0.1:3306:3306" ]; ports = ["127.0.0.1:3306:3306"];
volumes = [ volumes = [
"/var/lib/invoiceplane/db:/var/lib/mysql" "/var/lib/invoiceplane/db:/var/lib/mysql"
]; ];
@ -104,7 +101,7 @@ in {
PW=$(cat ${config.age.secrets."invoiceplane-db-password".path}) PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql" ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
''; '';
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path; rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
}; };
}; };
} }

View file

@ -15,16 +15,25 @@
networking.interfaces.enabcm6e4ei0 = { networking.interfaces.enabcm6e4ei0 = {
ipv4.addresses = [ ipv4.addresses = [
{ address = "192.168.178.2"; prefixLength = 32; } {
address = "192.168.178.2";
prefixLength = 32;
}
]; ];
ipv6.addresses = [ ipv6.addresses = [
{ address = "2a02:908:5b1:e3c0:2::"; prefixLength = 128; } {
{ address = "fe80:b12f:acab:1312:acab:2::"; prefixLength = 128; } address = "2a02:908:5b1:e3c0:2::";
prefixLength = 128;
}
{
address = "fe80:b12f:acab:1312:acab:2::";
prefixLength = 128;
}
]; ];
}; };
networking.hosts = { networking.hosts = {
"192.168.178.3" = [ "droppie-initrd.b12f.io" ]; "192.168.178.3" = ["droppie-initrd.b12f.io"];
}; };
services.openssh.allowSFTP = true; services.openssh.allowSFTP = true;

View file

@ -13,7 +13,8 @@ with lib; let
backupDir = "/var/lib/PaperlessBackup"; backupDir = "/var/lib/PaperlessBackup";
consumptionDir = "/var/lib/scandir"; consumptionDir = "/var/lib/scandir";
scan2paperless = with pkgs; writeShellScriptBin "scan2paperless" '' scan2paperless = with pkgs;
writeShellScriptBin "scan2paperless" ''
DEVICE=$1 DEVICE=$1
NUM_PAGES=$2 NUM_PAGES=$2
NAME=$3 NAME=$3
@ -41,6 +42,12 @@ with lib; let
echo "PDF written to $pdf" echo "PDF written to $pdf"
''; '';
in { in {
age.secrets."paperless.env" = {
file = "${flake.self}/secrets/paperless.env.age";
mode = "400";
owner = "paperless";
};
################################# #################################
# Paperless service and proxy # Paperless service and proxy
################################# #################################
@ -67,14 +74,17 @@ in {
consumptionDir = consumptionDir; consumptionDir = consumptionDir;
dataDir = dataDir; dataDir = dataDir;
address = "127.0.0.1"; address = "127.0.0.1";
extraConfig = { settings = {
PAPERLESS_OCR_LANGUAGE = "nld+deu"; PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_URL = "https://paperless.b12f.io"; PAPERLESS_URL = "https://paperless.b12f.io";
PAPERLESS_DISABLE_REGULAR_LOGIN = "True"; PAPERLESS_DISABLE_REGULAR_LOGIN = "True";
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "True"; PAPERLESS_ENABLE_HTTP_REMOTE_USER = "True";
PAPERLESS_EMAIL_TASK_CRON = "*/2 * * * *";
}; };
}; };
systemd.services.paperless-web.serviceConfig.EnvironmentFile = [config.age.secrets."paperless.env".path];
################################# #################################
# Scanning # Scanning
################################# #################################
@ -111,7 +121,7 @@ in {
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [
"30 1 * * * paperless ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}'" "30 1 * * * paperless ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}' /var/lib/fetch-hostingde-invoices/ids"
]; ];
}; };
@ -124,11 +134,11 @@ in {
"d '${backupDir}' 0700 paperless users - -" "d '${backupDir}' 0700 paperless users - -"
"d '${consumptionDir}' 0700 paperless users - -" "d '${consumptionDir}' 0700 paperless users - -"
"d /tmp/paperless 0700 paperless users - -" "d /tmp/paperless 0700 paperless users - -"
"d /var/lib/fetch-hostingde-invoices 0700 paperless users - -"
]; ];
age.secrets."rclone-pie.conf" = { age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age"; file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
path = "/root/.config/rclone/rclone.conf";
mode = "400"; mode = "400";
}; };
@ -139,13 +149,16 @@ in {
services.restic.backups = { services.restic.backups = {
paperless = { paperless = {
paths = [ backupDir ]; paths = [
backupDir
"/var/lib/fetch-hostingde-invoices"
];
initialize = true; initialize = true;
passwordFile = config.age.secrets."restic-password".path; passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Paperless"; repository = "rclone:cloud.pub.solar:/backups/Paperless";
backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p"; backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path; rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
}; };
}; };
} }

View file

@ -29,8 +29,8 @@
owner = "unbound"; owner = "unbound";
}; };
networking.firewall.allowedUDPPorts = [ 53 ]; networking.firewall.allowedUDPPorts = [53];
networking.firewall.allowedTCPPorts = [ 53 ]; networking.firewall.allowedTCPPorts = [53];
services.resolved.enable = false; services.resolved.enable = false;
services.unbound = { services.unbound = {
@ -45,17 +45,17 @@
"::1" "::1"
"192.168.178.2" "192.168.178.2"
"2a02:908:5b1:e3c0:2::" "fd00:b12f:acab:1312:acab:2::"
]; ];
access-control = [ access-control = [
"127.0.0.1/32 allow" "127.0.0.1/32 allow"
# Allow from local network # Allow from local network
"192.168.178.0/24 allow" "192.168.178.0/24 allow"
"2a02:908:5b1:e3c0::/64 allow" "fd00:b12f:acab:1312:acab::/64 allow"
# Allow from wireguard # Allow from wireguard
"10.13.12.0/24 allow" "192.168.178.0/24 allow"
"fd00:b12f:acab:1312::/64 allow" "fd00:b12f:acab:1312::/64 allow"
]; ];
local-zone = [ local-zone = [
@ -66,7 +66,16 @@
"\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\"" "\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\""
"\"pie.local. 10800 IN A 192.168.178.2\"" "\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:2::\"" "\"pie.local. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"pie.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\""
"\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
"\"invoicing.b12f.io. 10800 IN A 192.168.178.2\""
"\"auth.b12f.io. 10800 IN A 192.168.178.2\""
"\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
"\"media.b12f.io. 10800 IN A 192.168.178.3\""
"\"fritz.box. 10800 IN A 192.168.178.1\"" "\"fritz.box. 10800 IN A 192.168.178.1\""
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\"" "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
@ -79,7 +88,7 @@
{ {
name = "."; name = ".";
forward-addr = [ forward-addr = [
"10.13.12.7" "192.168.178.7"
"fd00:b12f:acab:1312:acab:7::" "fd00:b12f:acab:1312:acab:7::"
]; ];
} }
@ -94,5 +103,4 @@
}; };
}; };
}; };
} }

View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [

View file

@ -1,19 +0,0 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d amdgpu_bl0 set +10%; notify-send $(brightnessctl -d amdgpu_bl0 i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d amdgpu_bl0 set 10%-; notify-send $(brightnessctl -d amdgpu_bl0 i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

View file

@ -17,9 +17,9 @@ in {
boot.initrd.preLVMCommands = "udevadm trigger --settle"; boot.initrd.preLVMCommands = "udevadm trigger --settle";
boot.swraid.enable = true; boot.swraid.enable = true;
boot.swraid.mdadmConf = '' boot.swraid.mdadmConf = ''
DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2 DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2
ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd
MAILADDR ${psCfg.user.email} MAILADDR ${psCfg.user.email}
''; '';
pub-solar.core.hibernation.enable = true; pub-solar.core.hibernation.enable = true;
@ -32,7 +32,6 @@ MAILADDR ${psCfg.user.email}
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
}; };
}; };

View file

@ -1,4 +1,4 @@
{ ... }: { {...}: {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix

View file

@ -1,54 +1,58 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
boot.initrd.luks.devices."cryptroot" = { boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-id/md-name-nixos:root"; device = "/dev/disk/by-id/md-name-nixos:root";
allowDiscards = true; allowDiscards = true;
}; };
fileSystems."/" = fileSystems."/" = {
{ device = "none"; device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/EC82-67F4"; device = "/dev/disk/by-uuid/EC82-67F4";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = fileSystems."/home" = {
{ device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9"; device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9";
fsType = "ext4"; fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/nix" = fileSystems."/nix" = {
{ device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de"; device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/persist" = fileSystems."/persist" = {
{ device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f"; device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f";
fsType = "ext4"; fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true; neededForBoot = true;
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470"; } {device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

View file

@ -6,7 +6,7 @@
... ...
}: { }: {
networking.hostName = "stroopwafel"; networking.hostName = "stroopwafel";
networking.networkmanager.wifi.backend = "wpa_supplicant"; networking.wireless.iwd.enable = true;
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-stroopwafel.age"; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-stroopwafel.age";
@ -41,4 +41,23 @@
]; ];
privateKeyFile = config.age.secrets.wg-pub-solar-key.path; privateKeyFile = config.age.secrets.wg-pub-solar-key.path;
}; };
age.secrets.wg-momo-key.file = "${flake.self}/secrets/wg-momo-stroopwafel.age";
pub-solar.wireguard.momo = {
ownIPs = [
"10.30.30.200/32"
"fd00:3030:3030:3030:3030:200::/96"
];
privateKeyFile = config.age.secrets.wg-momo-key.path;
};
age.secrets.wg-ehex-key.file = "${flake.self}/secrets/wg-ehex-stroopwafel.age";
pub-solar.wireguard.ehex = {
ownIPs = [
"10.42.0.135/22"
];
privateKeyFile = config.age.secrets.wg-ehex-key.path;
};
} }

View file

@ -6,7 +6,7 @@
... ...
}: { }: {
services.openstreetmap = { services.openstreetmap = {
enable = false; enable = true;
debug = true; debug = true;
totalRamGb = 14; totalRamGb = 14;
}; };

View file

@ -1,5 +1,4 @@
{ lib }: {lib}: hostnames: {
hostnames: {
"127.0.0.1" = hostnames; "127.0.0.1" = hostnames;
"::1" = hostnames; "::1" = hostnames;
} }

View file

@ -1,4 +1,8 @@
{ lib, inputs, ... }: { {
lib,
inputs,
...
}: {
# Configuration common to all Linux systems # Configuration common to all Linux systems
flake = { flake = {
lib = let lib = let
@ -10,7 +14,7 @@
#foo = callLibs ./foo.nix; #foo = callLibs ./foo.nix;
## In configs, they can be used under "lib.our" ## In configs, they can be used under "lib.our"
deploy = import ./deploy.nix { inherit inputs lib; }; deploy = import ./deploy.nix {inherit inputs lib;};
addLocalHostname = callLibs ./add-local-hostname.nix; addLocalHostname = callLibs ./add-local-hostname.nix;
recursiveMerge = callLibs ./recursive-merge.nix; recursiveMerge = callLibs ./recursive-merge.nix;
mkEmailAddress = account: domain: account + "@" + domain; mkEmailAddress = account: domain: account + "@" + domain;

View file

@ -1,11 +1,13 @@
/* /*
* The contents of this file are adapted from digga * The contents of this file are adapted from digga
* https://github.com/divnix/digga * https://github.com/divnix/digga
* *
* Licensed under the MIT license * Licensed under the MIT license
*/ */
{
{ lib, inputs }: let lib,
inputs,
}: let
getFqdn = c: let getFqdn = c: let
net = c.config.networking; net = c.config.networking;
fqdn = fqdn =
@ -49,11 +51,28 @@ in {
lib.recursiveUpdate lib.recursiveUpdate
(lib.mapAttrs (lib.mapAttrs
( (
_: c: { _: c: let
system = c.pkgs.stdenv.hostPlatform.system;
# Unmodified nixpkgs
pkgs = import inputs.nixpkgs {inherit system;};
# nixpkgs with deploy-rs overlay but force the nixpkgs package
deployPkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.deploy-rs.overlay # or deploy-rs.overlays.default
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = super.deploy-rs.lib;
};
})
];
};
in {
hostname = getFqdn c; hostname = getFqdn c;
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = inputs.deploy-rs.lib.${c.pkgs.stdenv.hostPlatform.system}.activate.nixos c; path = deployPkgs.deploy-rs.lib.activate.nixos c;
}; };
} }
) )

View file

@ -1,6 +1,4 @@
{ lib }: {lib}: attrList: let
attrList:
let
f = attrPath: f = attrPath:
zipAttrsWith ( zipAttrsWith (
n: values: n: values:
@ -13,4 +11,4 @@ let
else last values else last values
); );
in in
f [] attrList; f [] attrList

View file

@ -20,7 +20,6 @@ in {
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
pulseaudio pulseaudio
vimpc vimpc
spotify-tui
]; ];
}; };

View file

@ -23,6 +23,18 @@
}; };
services.blueman.enable = true; services.blueman.enable = true;
home-manager.users."${config.pub-solar.user.name}" = {
services.blueman-applet.enable = true;
systemd.user.services.blueman-applet = {
Unit = {
BindsTo = ["sway-session.target"];
After = lib.mkForce ["sway-session.target"];
Requires = lib.mkForce [ ];
};
Install.WantedBy = [ "sway-session.target" ];
};
};
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = { environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
text = '' text = ''
bluez_monitor.properties = { bluez_monitor.properties = {

View file

@ -12,7 +12,7 @@ in {
loader.systemd-boot.enable = lib.mkDefault true; loader.systemd-boot.enable = lib.mkDefault true;
# Use latest LTS linux kernel by default # Use latest LTS linux kernel by default
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_7_hardened; kernelPackages = pkgs.linuxPackages_6_6_hardened;
# Support ntfs drives # Support ntfs drives
supportedFilesystems = ["ntfs"]; supportedFilesystems = ["ntfs"];

View file

@ -10,8 +10,8 @@
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
networking.hosts = { networking.hosts = {
"128.140.109.213" = [ "vpn.b12f.io" ]; "128.140.109.213" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ];
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ]; "2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ];
}; };
networking.networkmanager = { networking.networkmanager = {
@ -38,7 +38,7 @@
}; };
# Don't expose SSH via public interfaces # Don't expose SSH via public interfaces
networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 22 ]; networking.firewall.interfaces.wg-private.allowedTCPPorts = [22];
# For rage encryption, all hosts need a ssh key pair # For rage encryption, all hosts need a ssh key pair
services.openssh = { services.openssh = {

View file

@ -24,7 +24,7 @@ in {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
enableExtraSocket = true; enableExtraSocket = true;
pinentryFlavor = "gnome3"; pinentryPackage = pkgs.pinentry-gnome3;
}; };
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {

View file

@ -29,13 +29,6 @@ in {
element-desktop element-desktop
element-b12f element-b12f
element-mezza element-mezza
# Nix specific utilities
alejandra
manix
nix-index
nix-tree
nvd
]; ];
fonts = { fonts = {

View file

@ -1,15 +0,0 @@
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
XDG_DESKTOP_DIR="$HOME/"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/"
XDG_MUSIC_DIR="$HOME/"
XDG_PICTURES_DIR="$HOME/"
XDG_VIDEOS_DIR="$HOME/"

View file

@ -1,20 +1,3 @@
@define-color base00 #1a181a;
@define-color base01 #2d2a2e;
@define-color base02 #303030;
@define-color base03 #949494;
@define-color base04 #d3d1d4;
@define-color base05 #e3e1e4;
@define-color base06 #303030;
@define-color base07 #ff5f5f;
@define-color base08 #f85e84;
@define-color base09 #df5923;
@define-color base0A #e5c463;
@define-color base0B #9ecd6f;
@define-color base0C #ef9062;
@define-color base0D #7accd7;
@define-color base0E #ab9df2;
@define-color base0F #d70000;
* { * {
min-height: 0; min-height: 0;
border: none; border: none;

View file

@ -1,18 +0,0 @@
Gtk/ButtonImages 1
Gtk/CanChangeAccels 1
Gtk/CursorThemeName "default"
Gtk/CursorThemeSize 0
Gtk/EnableEventSounds 0
Gtk/EnableInputFeedbackSounds 0
Gtk/FontName "Lato"
Gtk/ThemeName "Matcha-dark-aliz"
Gtk/IconThemeName "Papirus-Adapta-Nokto-Maia"
Gtk/MenuBarAccel "F10"
Gtk/MenuImages 1
Gtk/ToolbarIconSize 3
Gtk/ToolbarStyle "icons"
Xft/Antialias 1
Xft/DPI 102400
Xft/Hinting 1
Xft/HintStyle "hintslight"
Xft/RGBA "rgb"

View file

@ -9,8 +9,6 @@ usermodmap=$HOME/.config/xmodmap
sysresources=/etc/X11/xinit/.Xresources sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap sysmodmap=/etc/X11/xinit/.Xmodmap
DEFAULT_SESSION='i3 --shmlog-size 0'
xset -b xset -b
if [ -d $HOME/.fonts ]; then if [ -d $HOME/.fonts ]; then
@ -48,23 +46,8 @@ fi
get_session(){ get_session(){
local dbus_args=(--sh-syntax --exit-with-session) local dbus_args=(--sh-syntax --exit-with-session)
case $1 in case $1 in
awesome) dbus_args+=(awesome) ;;
bspwm) dbus_args+=(bspwm-session) ;;
budgie) dbus_args+=(budgie-desktop) ;;
cinnamon) dbus_args+=(cinnamon-session) ;;
deepin) dbus_args+=(startdde) ;;
enlightenment) dbus_args+=(enlightenment_start) ;;
fluxbox) dbus_args+=(startfluxbox) ;;
gnome) dbus_args+=(gnome-session) ;;
i3|i3wm) dbus_args+=(i3 --shmlog-size 0) ;; i3|i3wm) dbus_args+=(i3 --shmlog-size 0) ;;
jwm) dbus_args+=(jwm) ;; *) dbus_args+=(sway) ;;
kde) dbus_args+=(startkde) ;;
lxde) dbus_args+=(startlxde) ;;
lxqt) dbus_args+=(lxqt-session) ;;
mate) dbus_args+=(mate-session) ;;
xfce) dbus_args+=(xfce4-session) ;;
openbox) dbus_args+=(openbox-session) ;;
*) dbus_args+=($DEFAULT_SESSION) ;;
esac esac
echo "dbus-launch ${dbus_args[*]}" echo "dbus-launch ${dbus_args[*]}"

View file

@ -1,6 +1,6 @@
{ { flake, ...}: with flake.self.theme.with0x; {
env = { env = {
TERM = "xterm-256color"; TERM = "xterm-direct";
}; };
window = { window = {
@ -30,9 +30,6 @@
multiplier = 3; multiplier = 3;
}; };
# When true, bold text is drawn using the bright variant of colors.
draw_bold_text_with_bright_colors = true;
font = { font = {
# The normal (roman) font face to use. # The normal (roman) font face to use.
normal = { normal = {
@ -68,7 +65,7 @@
}; };
}; };
key_bindings = [ keyboard.bindings = [
{ {
key = "V"; key = "V";
mods = "Control|Alt"; mods = "Control|Alt";
@ -162,10 +159,13 @@
# Base16 Burn 256 - alacritty color config # Base16 Burn 256 - alacritty color config
# Benjamin Bädorf # Benjamin Bädorf
colors = { colors = {
# When true, bold text is drawn using the bright variant of colors.
draw_bold_text_with_bright_colors = true;
# Default colors # Default colors
primary = { primary = {
background = "0x1a181a"; background = base00;
foreground = "0xe3e1e4"; foreground = base05;
}; };
# Cursor colors # Cursor colors
@ -184,8 +184,8 @@
# Allowed values are CellForeground/CellBackground, which reference the # Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff. # affected cell, or hexadecimal colors like #ff00ff.
matches = { matches = {
foreground = "0xe5c463"; foreground = base0A;
background = "0x1a181a"; background = base00;
}; };
focused_match = { focused_match = {
foreground = "CellBackground"; foreground = "CellBackground";
@ -203,58 +203,58 @@
# Allowed values are CellForeground/CellBackground, which reference the # Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff. # affected cell, or hexadecimal colors like #ff00ff.
selection = { selection = {
text = "0x1a181a"; text = base00;
background = "0xf85e84"; background = base08;
}; };
# Normal colors # Normal colors
normal = { normal = {
black = "0x1a181a"; black = base00;
red = "0xf85e84"; red = base09;
green = "0x9ecd6f"; green = base0B;
yellow = "0xe5c463"; yellow = base0A;
blue = "0x7accd7"; blue = base0D;
magenta = "0xab9df2"; magenta = base0E;
cyan = "0xef9062"; cyan = base0C;
white = "0xe3e1e4"; white = base05;
}; };
# Bright colors # Bright colors
bright = { bright = {
black = "0x949494"; black = base00;
red = "0xf85e84"; red = base0F;
green = "0x9ecd6f"; green = base0B;
yellow = "0xe5c463"; yellow = base0A;
blue = "0x7accd7"; blue = base0D;
magenta = "0xab9df2"; magenta = base0E;
cyan = "0xef9062"; cyan = base0C;
white = "0xff5f5f"; white = base05;
}; };
indexed_colors = [ indexed_colors = [
{ {
index = 16; index = 16;
color = "0xdf5923"; color = base09;
} }
{ {
index = 17; index = 17;
color = "0xd70000"; color = base0F;
} }
{ {
index = 18; index = 18;
color = "0x2d2a2e"; color = base01;
} }
{ {
index = 19; index = 19;
color = "0x303030"; color = base02;
} }
{ {
index = 20; index = 20;
color = "0xd3d1d4"; color = base04;
} }
{ {
index = 21; index = 21;
color = "0x303030"; color = base02;
} }
]; ];
}; };

View file

@ -1,4 +1,4 @@
{ args@{
lib, lib,
config, config,
pkgs, pkgs,
@ -6,7 +6,7 @@
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
yamlFormat = pkgs.formats.yaml {}; tomlFormat = pkgs.formats.toml {};
sessionVariables = { sessionVariables = {
WLR_RENDERER = WLR_RENDERER =
if psCfg.graphical.wayland.software-renderer.enable if psCfg.graphical.wayland.software-renderer.enable
@ -45,26 +45,16 @@ in {
glib glib
xdg-utils xdg-utils
]; xorg.xbacklight
etc = { desktop-file-utils
"xdg/PubSolar.conf".text = '' ];
[Qt]
style=GTK+
'';
};
variables = sessionVariables; variables = sessionVariables;
}; };
services.getty.autologinUser = psCfg.user.name; services.getty.autologinUser = psCfg.user.name;
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
# Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME # Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME
programs.dconf.enable = true; programs.dconf.enable = true;
services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon]; services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon];
@ -92,31 +82,45 @@ in {
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [
alacritty alacritty
firefox-wayland
flameshot
gnome.adwaita-icon-theme gnome.adwaita-icon-theme
gnome.eog gnome.eog
gnome.nautilus gnome.nautilus
gnome.seahorse gnome.seahorse
gnome.yelp gnome.yelp
hicolor-icon-theme
keepassxc keepassxc
libnotify libnotify
toggle-kbd-layout toggle-kbd-layout
vlc vlc
wcwd wcwd
wdisplays
wl-mirror
]; ];
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
home.file."xinitrc".source = ./.xinitrc; home.file."xinitrc".source = ./.xinitrc;
xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix); xdg.configFile."alacritty/alacritty.toml".source = tomlFormat.generate "alacritty.toml" ((import ./alacritty.nix) args);
xdg.configFile."xmodmap".source = ./.config/xmodmap; xdg.configFile."xmodmap".source = ./.config/xmodmap;
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale; xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf; xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
gtk = { gtk = {
enable = true; enable = true;
font.name = "Lato"; font.name = "Lato";
@ -134,13 +138,21 @@ in {
gtk-xft-hinting = "1"; gtk-xft-hinting = "1";
gtk-xft-hintstyle = "hintfull"; gtk-xft-hintstyle = "hintfull";
gtk-xft-rgba = "rgb"; gtk-xft-rgba = "rgb";
gtk-application-prefer-dark-theme = "true"; gtk-application-prefer-dark-theme = "1";
}; };
}; };
xresources.extraConfig = builtins.readFile ./.Xdefaults; xresources.extraConfig = builtins.readFile ./.Xdefaults;
systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs; services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet = {
Unit = {
BindsTo = ["sway-session.target"];
After = lib.mkForce ["sway-session.target"];
Requires = lib.mkForce [ ];
};
Install.WantedBy = [ "sway-session.target" ];
};
home.sessionVariables = sessionVariables; home.sessionVariables = sessionVariables;
systemd.user.sessionVariables = sessionVariables; systemd.user.sessionVariables = sessionVariables;

View file

@ -2,6 +2,7 @@
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
@ -10,20 +11,20 @@ in {
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
services.mako = { services.mako = {
enable = true; enable = true;
extraConfig = '' extraConfig = with flake.self.theme.withHashtag; ''
padding=10 padding=10
margin=5,5,0 margin=5,5,0
default-timeout=5000 default-timeout=5000
background-color=#1a181a background-color=${base00}
text-color=#e3e1e4 text-color=${base05}
border-color=#ff5f5f border-color=${base07}
font=Hack 14 font=Hack 14
[urgency=high] [urgency=high]
background-color=#ff5f5f background-color=${base07}
text-color=#1a181a text-color=${base00}
border-color=#1a181a border-color=${base00}
layer=overlay layer=overlay
font=Hack 14 font=Hack 14
''; '';

View file

@ -1,19 +0,0 @@
## Base16 Burn
# Author: Benjamin Bädorf
set $base00 #1a181a
set $base01 #2d2a2e
set $base02 #303030
set $base03 #949494
set $base04 #d3d1d4
set $base05 #e3e1e4
set $base06 #303030
set $base07 #ff5f5f
set $base08 #f85e84
set $base09 #df5923
set $base0A #e5c463
set $base0B #9ecd6f
set $base0C #ef9062
set $base0D #7accd7
set $base0E #ab9df2
set $base0F #d70000

View file

@ -1,43 +1,33 @@
# launch categorized menu
bindsym $mod+z exec --no-startup-id morc_menu
# switch keyboard input language # switch keyboard input language
bindsym $mod+tab exec toggle-kbd-layout bindsym $mod+tab exec toggle-kbd-layout
################################################################################################ # Screen capturing
## sound-section - ##
################################################################################################
bindsym $mod+Ctrl+m exec pavucontrol
################################################################################################
# Quickstart application shortcuts
bindsym $mod+F1 exec psos help
bindsym $mod+Shift+h exec psos help
bindsym $mod+F2 exec firefox
bindsym $mod+F4 exec nautilus -w
bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
bindsym $mod+Shift+m exec qMasterPassword
# Screenshots and screen recordings
bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Shift+p exec grim -g "$(slurp -d -b \#ffffff11 -o)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )"
bindsym $mod+Ctrl+r exec record-screen bindsym $mod+Ctrl+r exec record-screen
bindsym $mod+Shift+r exec record-screen fullscreen
# Launcher # Launcher
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
bindsym $mod+Space exec $menu bindsym $mod+Space exec $menu
set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return. # Pulse Audio controls
bindsym $mod+Num_Lock mode "$mode_vncclient" bindsym $mod+Ctrl+m exec pavucontrol
bindsym $mod+Shift+Escape mode "$mode_vncclient"
mode "$mode_vncclient" { bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #increase sound volume
bindsym $mod+Num_Lock mode "default" bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #decrease sound volume
bindsym $mod+Shift+Escape mode "default" bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound
}
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl set +10%"
bindsym XF86MonBrightnessDown exec "brightnessctl set 10%-"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 33%-"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +33%"

View file

@ -0,0 +1 @@
for_window [app_id=".*"] inhibit_idle fullscreen

View file

@ -1,40 +1,39 @@
{ {
pkgs, pkgs,
psCfg, config,
... ...
}: with pkgs; }: with pkgs; ''
''
# Set shut down, restart and locking features # Set shut down, restart and locking features
'' ''
+ ( + (
if psCfg.core.hibernation.enable if config.pub-solar.core.hibernation.enable
then '' then ''
set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown
'' ''
else '' else ''
set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown
'' ''
) )
+ '' + ''
bindsym $mod+0 mode "$mode_system" bindsym $mod+0 mode "$mode_system"
mode "$mode_system" { mode "$mode_system" {
bindsym e exec ${sway}/bin/swaymsg exit, mode "default" bindsym e exec ${sway}/bin/swaymsg exit, mode "default"
bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default" bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default"
'' ''
+ ( + (
if psCfg.core.hibernation.enable if config.pub-solar.core.hibernation.enable
then '' then ''
bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default" bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default"
'' ''
else "" else ""
) )
+ '' + ''
bindsym r exec ${systemd}/bin/systemctl reboot, mode "default" bindsym r exec ${systemd}/bin/systemctl reboot, mode "default"
bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default" bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape" # exit system mode: "Enter" or "Escape"
bindsym Return mode "default" bindsym Return mode "default"
bindsym Escape mode "default" bindsym Escape mode "default"
} }
'' ''

View file

@ -1,3 +1,21 @@
{ flake, ... }: with flake.self.theme.withHashtag; ''
set $base00 ${base00}
set $base01 ${base01}
set $base02 ${base02}
set $base03 ${base03}
set $base04 ${base04}
set $base05 ${base05}
set $base06 ${base06}
set $base07 ${base07}
set $base08 ${base08}
set $base09 ${base09}
set $base0A ${base0A}
set $base0B ${base0B}
set $base0C ${base0C}
set $base0D ${base0D}
set $base0E ${base0E}
set $base0F ${base0F}
# Border BG Text Ind Child Border # Border BG Text Ind Child Border
client.focused $base00 $base01 $base07 $base0D $base07 client.focused $base00 $base01 $base07 $base0D $base07
client.focused_inactive $base00 $base01 $base07 $base03 $base00 client.focused_inactive $base00 $base01 $base07 $base03 $base00
@ -14,3 +32,6 @@ exec_always import-gtk-settings \
# Workaround to fix cursor scaling, see https://github.com/swaywm/sway/issues/4112 # Workaround to fix cursor scaling, see https://github.com/swaywm/sway/issues/4112
seat seat0 xcursor_theme Adwaita seat seat0 xcursor_theme Adwaita
output * bg ~/.config/wallpaper.jpg fill
''

View file

@ -1,41 +1,43 @@
{ args@{
config, config,
pkgs, pkgs,
... ...
}: '' }: let
# Default config for sway applications = builtins.readFile ./config.d/applications.conf;
# custom-keybindings = builtins.readFile ./config.d/custom-keybindings.conf;
# Copy this to ~/.config/sway/config and edit it to your liking. gaps = builtins.readFile ./config.d/gaps.conf;
# mode-system = import ./config.d/mode_system.conf.nix args;
# Read `man 5 sway` for a complete reference. systemd = builtins.readFile ./config.d/systemd.conf;
theme = import ./config.d/theme.conf.nix args;
in ''
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
### Variables ### Variables
# #
# Logo key. Use Mod1 for Alt. # Logo key. Use Mod1 for Alt.
set $mod Mod4 set $mod Mod4
# Home row direction keys, like vim # Home row direction keys, like vim
set $left j set $left j
set $down k set $down k
set $up i set $up i
set $right l set $right l
# Your preferred terminal emulator # Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher # Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened # Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on. # on the original workspace that the command was run on.
#set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap #set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap
default_border pixel 1 default_border pixel 1
### Output configuration ### Key bindings
# #
# Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/) # Basics:
output * bg ~/.config/wallpaper.jpg fill #
### Key bindings
#
# Basics:
#
# Start a terminal # Start a terminal
bindsym $mod+Return exec $term bindsym $mod+Return exec $term
@ -55,9 +57,9 @@
# Reload the configuration file # Reload the configuration file
bindsym $mod+F5 reload bindsym $mod+F5 reload
# #
# Moving around: # Moving around:
# #
# Move your focus around # Move your focus around
bindsym $mod+$left focus left bindsym $mod+$left focus left
bindsym $mod+$down focus down bindsym $mod+$down focus down
@ -79,9 +81,9 @@
bindsym $mod+Shift+Down move down bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right bindsym $mod+Shift+Right move right
# #
# Workspaces: # Workspaces:
# #
# Workspace names # Workspace names
@ -140,9 +142,9 @@
bindsym $mod+b workspace back_and_forth bindsym $mod+b workspace back_and_forth
bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth
# #
# Layout stuff: # Layout stuff:
# #
# Configure border style <normal|1pixel|pixel xx|none|pixel> # Configure border style <normal|1pixel|pixel xx|none|pixel>
default_border pixel 1 default_border pixel 1
default_floating_border normal default_floating_border normal
@ -177,9 +179,9 @@
# Move focus to the parent container # Move focus to the parent container
bindsym $mod+a focus parent bindsym $mod+a focus parent
bindsym $mod+d focus child bindsym $mod+d focus child
# #
# Scratchpad: # Scratchpad:
# #
# Sway has a "scratchpad", which is a bag of holding for windows. # Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later. # You can send windows there and get them back later.
@ -189,10 +191,10 @@
# Show the next scratchpad window or hide the focused scratchpad window. # Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them. # If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show bindsym $mod+minus scratchpad show
# #
# Resizing containers: # Resizing containers:
# #
mode "resize" { mode "resize" {
# left will shrink the containers width # left will shrink the containers width
# right will grow the containers width # right will grow the containers width
# up will shrink the containers height # up will shrink the containers height
@ -211,7 +213,15 @@
# Return to default mode # Return to default mode
bindsym Return mode "default" bindsym Return mode "default"
bindsym Escape mode "default" bindsym Escape mode "default"
} }
bindsym $mod+r mode "resize" bindsym $mod+r mode "resize"
include ~/.config/sway/config.d/*'' ${applications}
${gaps}
${custom-keybindings}
${mode-system}
${systemd}
${theme}
include ~/.config/sway/config.d/*
''

View file

@ -1,4 +1,4 @@
{ args@{
lib, lib,
config, config,
pkgs, pkgs,
@ -42,6 +42,18 @@ in {
}; };
}; };
}; };
config.sway = {
# https://alex.dandrea.io/2024/07/20/fixing-idle-inhibitor-behaviour-in-firefox-with-wayland/
# Use xdg-desktop-portal-gtk for every portal interface...
default = "gtk";
# ... except for the ScreenCast, Screenshot and Secret
"org.freedesktop.impl.portal.ScreenCast" = "wlr";
"org.freedesktop.impl.portal.Screenshot" = "wlr";
# ignore inhibit bc gtk portal always returns as success,
# despite sway/the wlr portal not having an implementation,
# stopping firefox from using wayland idle-inhibit
"org.freedesktop.impl.portal.Inhibit" = "none";
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk]; extraPortals = with pkgs; [xdg-desktop-portal-gtk];
}; };
@ -60,8 +72,6 @@ in {
wl-clipboard wl-clipboard
wf-recorder wf-recorder
brightnessctl brightnessctl
gammastep
geoclue2
xsettingsd xsettingsd
ydotool ydotool
@ -72,19 +82,19 @@ in {
wcwd wcwd
]; ];
home-manager.users."${psCfg.user.name}" = { services.geoclue2.enable = true;
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;}; home-manager.users."${psCfg.user.name}" = {
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; systemd.user.services.sway = import ./sway.service.nix args;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; systemd.user.targets.sway-session = import ./sway-session.target.nix args;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; services.xsettingsd.enable = true;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;}; services.gammastep = {
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; enable = true;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; provider = "geoclue2";
};
xdg.configFile."sway/config".text = import ./config/config.nix args;
services.swayidle = with pkgs; { services.swayidle = with pkgs; {
enable = true; enable = true;
@ -96,16 +106,16 @@ in {
]; ];
timeouts = [ timeouts = [
{ {
timeout = 120; timeout = 300;
command = "${swaylock-bg}/bin/swaylock-bg"; command = "${swaylock-bg}/bin/swaylock-bg";
} }
{ {
timeout = 130; timeout = 180;
command = "${sway}/bin/swaymsg \"output * dpms off\""; command = "${sway}/bin/swaymsg \"output * dpms off\"";
resumeCommand = "${sway}/bin/swaymsg \"output * dpms on\""; resumeCommand = "${sway}/bin/swaymsg \"output * dpms on\"";
} }
{ {
timeout = 300; timeout = 600;
command = "${systemd}/bin/systemctl hibernate"; command = "${systemd}/bin/systemctl hibernate";
} }
]; ];

View file

@ -1,17 +0,0 @@
{pkgs, ...}: {
Unit = {
Description = "set color temperature of display according to time of day";
Documentation = ["man:gammastep(1)"];
BindsTo = ["sway-session.target"];
After = ["sway-session.target"];
# ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.gammastep}/bin/gammastep -l geoclue2 -m wayland -v";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

View file

@ -1,18 +0,0 @@
{pkgs, ...}: {
Unit = {
Description = "X Settings Daemon";
Documentation = ["https://github.com/derat/xsettingsd/wiki/Installation"];
BindsTo = ["sway-session.target"];
After = ["sway-session.target"];
# ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd";
ExecStop = "/run/current-system/sw/bin/env pkill xsettingsd";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

View file

@ -2,13 +2,14 @@
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in {
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
programs.waybar = { programs.waybar = with flake.self.theme.withHashtag; {
enable = true; enable = true;
settings.main = { settings.main = {
layer = "top"; layer = "top";
@ -88,7 +89,25 @@ in {
}; };
}; };
}; };
style = builtins.readFile ./.config/waybar/style.css; style = ''
@define-color base00 ${base00};
@define-color base01 ${base01};
@define-color base02 ${base02};
@define-color base03 ${base03};
@define-color base04 ${base04};
@define-color base05 ${base05};
@define-color base06 ${base06};
@define-color base07 ${base07};
@define-color base08 ${base08};
@define-color base09 ${base09};
@define-color base0A ${base0A};
@define-color base0B ${base0B};
@define-color base0C ${base0C};
@define-color base0D ${base0D};
@define-color base0E ${base0E};
@define-color base0F ${base0F};
''+ builtins.readFile ./.config/waybar/style.css;
systemd.enable = true; systemd.enable = true;
systemd.target = "sway-session.target"; systemd.target = "sway-session.target";
}; };

View file

@ -1,14 +1,17 @@
{ config, pkgs, lib, ... }: {
config,
with lib; pkgs,
lib,
let ...
}:
with lib; let
cfg = config.services.invoiceplane; cfg = config.services.invoiceplane;
eachSite = cfg.sites; eachSite = cfg.sites;
user = "invoiceplane"; user = "invoiceplane";
webserver = config.services.${cfg.webserver}; webserver = config.services.${cfg.webserver};
invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" '' invoiceplane-config = hostName: cfg:
pkgs.writeText "ipconfig.php" ''
IP_URL=http://${hostName} IP_URL=http://${hostName}
ENABLE_DEBUG=false ENABLE_DEBUG=false
DISABLE_SETUP=false DISABLE_SETUP=false
@ -16,7 +19,11 @@ let
DB_HOSTNAME=${cfg.database.host} DB_HOSTNAME=${cfg.database.host}
DB_USERNAME=${cfg.database.user} DB_USERNAME=${cfg.database.user}
# NOTE: file_get_contents adds newline at the end of returned string # NOTE: file_get_contents adds newline at the end of returned string
DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"} DB_PASSWORD=${
if cfg.database.passwordFile == null
then ""
else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"
}
DB_DATABASE=${cfg.database.name} DB_DATABASE=${cfg.database.name}
DB_PORT=${toString cfg.database.port} DB_PORT=${toString cfg.database.port}
SESS_EXPIRATION=864000 SESS_EXPIRATION=864000
@ -28,11 +35,13 @@ let
REMOVE_INDEXPHP=true REMOVE_INDEXPHP=true
''; '';
extraConfig = hostName: cfg: pkgs.writeText "extraConfig.php" '' extraConfig = hostName: cfg:
pkgs.writeText "extraConfig.php" ''
${toString cfg.extraConfig} ${toString cfg.extraConfig}
''; '';
pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec { pkg = hostName: cfg:
pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}"; pname = "invoiceplane-${hostName}";
version = src.version; version = src.version;
src = pkgs.invoiceplane; src = pkgs.invoiceplane;
@ -64,10 +73,12 @@ let
''; '';
}; };
siteOpts = { lib, name, ... }: siteOpts = {
{ lib,
name,
...
}: {
options = { options = {
enable = mkEnableOption (lib.mdDoc "InvoicePlane web application"); enable = mkEnableOption (lib.mdDoc "InvoicePlane web application");
stateDir = mkOption { stateDir = mkOption {
@ -155,7 +166,7 @@ let
}; };
poolConfig = mkOption { poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]); type = with types; attrsOf (oneOf [str int bool]);
default = { default = {
"pm" = "dynamic"; "pm" = "dynamic";
"pm.max_children" = 32; "pm.max_children" = 32;
@ -186,7 +197,6 @@ let
}; };
cron = { cron = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -202,14 +212,10 @@ let
type = types.str; type = types.str;
description = lib.mdDoc "Cron key taken from the administration page."; description = lib.mdDoc "Cron key taken from the administration page.";
}; };
}; };
}; };
}; };
in in {
{
disabledModules = [ disabledModules = [
"services/web-apps/invoiceplane.nix" "services/web-apps/invoiceplane.nix"
]; ];
@ -218,7 +224,6 @@ in
options = { options = {
services.invoiceplane = mkOption { services.invoiceplane = mkOption {
type = types.submodule { type = types.submodule {
options.sites = mkOption { options.sites = mkOption {
type = types.attrsOf (types.submodule siteOpts); type = types.attrsOf (types.submodule siteOpts);
default = {}; default = {};
@ -226,7 +231,7 @@ in
}; };
options.webserver = mkOption { options.webserver = mkOption {
type = types.enum [ "caddy" "nginx" ]; type = types.enum ["caddy" "nginx"];
default = "caddy"; default = "caddy";
description = lib.mdDoc '' description = lib.mdDoc ''
Which webserver to use for virtual host management. Currently only Which webserver to use for virtual host management. Currently only
@ -237,53 +242,61 @@ in
default = {}; default = {};
description = lib.mdDoc "InvoicePlane configuration."; description = lib.mdDoc "InvoicePlane configuration.";
}; };
}; };
# implementation # implementation
config = mkIf (eachSite != {}) (mkMerge [{ config = mkIf (eachSite != {}) (mkMerge [
{
assertions = flatten (mapAttrsToList (hostName: cfg: assertions = flatten (mapAttrsToList (hostName: cfg: [
[{ assertion = cfg.database.createLocally -> cfg.database.user == user; {
assertion = cfg.database.createLocally -> cfg.database.user == user;
message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned''; message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
} }
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; {
assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.''; message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
} }
{ assertion = cfg.cron.enable -> cfg.cron.key != null; {
assertion = cfg.cron.enable -> cfg.cron.key != null;
message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.''; message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
} }
]) eachSite); ])
eachSite);
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true; enable = true;
package = mkDefault pkgs.mariadb; package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite; ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers = mapAttrsToList (hostName: cfg: ensureUsers =
{ name = cfg.database.user; mapAttrsToList (
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; hostName: cfg: {
name = cfg.database.user;
ensurePermissions = {"${cfg.database.name}.*" = "ALL PRIVILEGES";};
} }
) eachSite; )
eachSite;
}; };
services.phpfpm = { services.phpfpm = {
phpPackage = pkgs.php81; phpPackage = pkgs.php81;
pools = mapAttrs' (hostName: cfg: ( pools =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-${hostName}" { nameValuePair "invoiceplane-${hostName}" {
inherit user; inherit user;
group = webserver.group; group = webserver.group;
settings = { settings =
{
"listen.owner" = webserver.user; "listen.owner" = webserver.user;
"listen.group" = webserver.group; "listen.group" = webserver.group;
} // cfg.poolConfig;
} }
)) eachSite; // cfg.poolConfig;
}
))
eachSite;
}; };
} }
{ {
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -" "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
@ -294,41 +307,42 @@ in
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -" "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
]) eachSite); ])
eachSite);
systemd.services.invoiceplane-config = { systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg: script = concatStrings (mapAttrsToList (hostName: cfg: ''
''
mkdir -p ${cfg.stateDir}/logs \ mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads ${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php" cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi fi
'') eachSite); '')
wantedBy = [ "multi-user.target" ]; eachSite);
wantedBy = ["multi-user.target"];
}; };
users.users.${user} = { users.users.${user} = {
group = webserver.group; group = webserver.group;
isSystemUser = true; isSystemUser = true;
}; };
} }
{ {
# Cron service implementation # Cron service implementation
systemd.timers = mapAttrs' (hostName: cfg: ( systemd.timers =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
wantedBy = [ "timers.target" ]; wantedBy = ["timers.target"];
timerConfig = { timerConfig = {
OnBootSec = "5m"; OnBootSec = "5m";
OnUnitActiveSec = "5m"; OnUnitActiveSec = "5m";
Unit = "invoiceplane-cron-${hostName}.service"; Unit = "invoiceplane-cron-${hostName}.service";
}; };
}) })
)) eachSite; ))
eachSite;
systemd.services = systemd.services =
mapAttrs' (hostName: cfg: ( mapAttrs' (hostName: cfg: (
@ -339,14 +353,15 @@ in
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}"; ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
}; };
}) })
)) eachSite; ))
eachSite;
} }
(mkIf (cfg.webserver == "caddy") { (mkIf (cfg.webserver == "caddy") {
services.caddy = { services.caddy = {
enable = true; enable = true;
virtualHosts = mapAttrs' (hostName: cfg: ( virtualHosts =
mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" { nameValuePair "http://${hostName}" {
extraConfig = '' extraConfig = ''
root * ${pkg hostName cfg} root * ${pkg hostName cfg}
@ -354,14 +369,16 @@ in
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket} php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
''; '';
} }
)) eachSite; ))
eachSite;
}; };
}) })
(mkIf (cfg.webserver == "nginx") { (mkIf (cfg.webserver == "nginx") {
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = mapAttrs' (hostName: cfg: ( virtualHosts =
mapAttrs' (hostName: cfg: (
nameValuePair "${hostName}" { nameValuePair "${hostName}" {
root = "${pkg hostName cfg}"; root = "${pkg hostName cfg}";
extraConfig = '' extraConfig = ''
@ -388,9 +405,9 @@ in
}; };
}; };
} }
)) eachSite; ))
eachSite;
}; };
}) })
]); ]);
} }

View file

@ -5,15 +5,16 @@
flake, flake,
... ...
}: { }: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam" "steam"
"steam-original" "steam-original"
"steam-run" "steam-run"
"hplip" "hplip"
"cups-brother-hl3140cw" "cups-brother-hl3140cw"
"cloudflare-warp"
"uhk-agent" "uhk-agent"
"uhk-udev-rules" "uhk-udev-rules"
"zoom"
]; ];
nix = { nix = {

View file

@ -1,5 +1,8 @@
{ lib, config, ... }:
{ {
lib,
config,
...
}: {
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [
@ -17,7 +20,7 @@
fileSystems."/etc/nixos" = { fileSystems."/etc/nixos" = {
device = "/home/${config.pub-solar.user.name}/Workspace/os"; device = "/home/${config.pub-solar.user.name}/Workspace/os";
options = [ "bind" ]; options = ["bind"];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

View file

@ -1,5 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [

View file

@ -7,7 +7,7 @@
}: { }: {
services.avahi.enable = true; services.avahi.enable = true;
services.avahi.ipv6 = true; services.avahi.ipv6 = true;
services.avahi.nssmdns = true; services.avahi.nssmdns4 = true;
services.avahi.publish.enable = true; services.avahi.publish.enable = true;
services.avahi.publish.userServices = true; services.avahi.publish.userServices = true;
@ -16,9 +16,19 @@
services.printing.listenAddresses = ["localhost:631"]; services.printing.listenAddresses = ["localhost:631"];
services.printing.defaultShared = lib.mkDefault false; services.printing.defaultShared = lib.mkDefault false;
services.printing.drivers = [ services.printing.drivers =
[
pkgs.gutenprint pkgs.gutenprint
] ++ (if (pkgs.system == "x86_64-linux") ]
then [ pkgs.cups-brother-hl3140cw ] ++ (
else []); if (pkgs.system == "x86_64-linux")
then [pkgs.cups-brother-hl3140cw]
else []
);
environment.persistence."/persist" = {
directories = [
"/etc/lib/cups"
];
};
} }

View file

@ -5,7 +5,7 @@
lib, lib,
... ...
}: { }: {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
services.nginx = { services.nginx = {
enable = true; enable = true;

View file

@ -1,12 +1,7 @@
## Headers ## Headers
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri; proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
## Basic Proxy Configuration ## Basic Proxy Configuration
client_body_buffer_size 128k; client_body_buffer_size 128k;
@ -21,7 +16,7 @@ proxy_buffers 64 256k;
## Please read the following documentation before configuring this: ## Please read the following documentation before configuring this:
## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies ## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies
set_real_ip_from 10.13.12.0/24; set_real_ip_from 10.13.12.0/24;
set_real_ip_from fc00::/7; set_real_ip_from fd00:b12f:acab:1312:acab::/80;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;

View file

@ -12,8 +12,8 @@ in '' [user]
else "" else ""
} }
${ ${
if user.fullName != null if user.name != null
then "name = ${user.fullName}" then "name = ${user.name}"
else "" else ""
} }
${ ${
@ -27,7 +27,19 @@ in '' [user]
[alias] [alias]
pol = pull pol = pull
ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number
# define command which will be used when "nvim"is set as a merge tool lg = "!f() { \
git log --all --color --graph --pretty=format:'%C(bold yellow)<sig>%G?</sig>%C(reset) %C(red)%h%C(reset) -%C(yellow)%d%C(reset) %s %C(green)(%cr) %C(blue)<%an>%C(reset)' | \
sed \
-e 's#<sig>G</sig>#Good#' \
-e 's#<sig>B</sig>#\\nBAD \\nBAD \\nBAD \\nBAD \\nBAD#' \
-e 's#<sig>U</sig>#Unknown#' \
-e 's#<sig>X</sig>#Expired#' \
-e 's#<sig>Y</sig>#Expired Key#' \
-e 's#<sig>R</sig>#Revoked#' \
-e 's#<sig>E</sig>#Missing Key#' \
-e 's#<sig>N</sig>#None#' | \
less -r; \
}; f"
[mergetool] [mergetool]
prompt = false prompt = false

View file

@ -6,27 +6,27 @@
user = config.pub-solar.user; user = config.pub-solar.user;
xdg = config.home-manager.users."${user.name}".xdg; xdg = config.home-manager.users."${user.name}".xdg;
in '' in ''
# What happened? # What happened?
# #
# fix feat build chore ci docs style refactor perf test # fix feat build chore ci docs style refactor perf test
# #
# type!(optional scope): <summary> --------------# # type!(optional scope): <summary> --------------#
# #
# ^\n # ^\n
# What exactly was done and why? --------------------------------------# # What exactly was done and why? --------------------------------------#
# #
# ^\n # ^\n
# #
# Any issue numbers or links? # Any issue numbers or links?
# #
# Ref: #123 # Ref: #123
# ^\n # ^\n
# #
# Co-authored-by: Example Name <email@example.com> # Co-authored-by: Example Name <email@example.com>
'' ''

View file

@ -1,126 +0,0 @@
#!/bin/sh
# base16-shell (https://github.com/chriskempson/base16-shell)
# Base16 Shell template by Chris Kempson (http://chriskempson.com)
# Burn scheme by Benjamin Bädorf
color00="1a/18/1a" # Base 00 - Black
color01="f8/5e/84" # Base 08 - Red
color02="9e/cd/6f" # Base 0B - Green
color03="e5/c4/63" # Base 0A - Yellow
color04="7a/cc/d7" # Base 0D - Blue
color05="ab/9d/f2" # Base 0E - Magenta
color06="ef/90/62" # Base 0C - Cyan
color07="e3/e1/e4" # Base 05 - White
color08="94/94/94" # Base 03 - Bright Black
color09=$color01 # Base 08 - Bright Red
color10=$color02 # Base 0B - Bright Green
color11=$color03 # Base 0A - Bright Yellow
color12=$color04 # Base 0D - Bright Blue
color13=$color05 # Base 0E - Bright Magenta
color14=$color06 # Base 0C - Bright Cyan
color15="ff/5f/5f" # Base 07 - Bright White
color16="df/59/23" # Base 09
color17="d7/00/00" # Base 0F
color18="2d/2a/2e" # Base 01
color19="30/30/30" # Base 02
color20="d3/d1/d4" # Base 04
color21="30/30/30" # Base 06
color_foreground="e3/e1/e4" # Base 05
color_background="1a/18/1a" # Base 00
if [ -n "$TMUX" ]; then
# Tell tmux to pass the escape sequences through
# (Source: http://permalink.gmane.org/gmane.comp.terminal-emulators.tmux.user/1324)
put_template() { printf '\033Ptmux;\033\033]4;%d;rgb:%s\033\033\\\033\\' $@; }
put_template_var() { printf '\033Ptmux;\033\033]%d;rgb:%s\033\033\\\033\\' $@; }
put_template_custom() { printf '\033Ptmux;\033\033]%s%s\033\033\\\033\\' $@; }
elif [ "${TERM%%[-.]*}" = "screen" ]; then
# GNU screen (screen, screen-256color, screen-256color-bce)
put_template() { printf '\033P\033]4;%d;rgb:%s\007\033\\' $@; }
put_template_var() { printf '\033P\033]%d;rgb:%s\007\033\\' $@; }
put_template_custom() { printf '\033P\033]%s%s\007\033\\' $@; }
elif [ "${TERM%%-*}" = "linux" ]; then
put_template() { [ $1 -lt 16 ] && printf "\e]P%x%s" $1 $(echo $2 | sed 's/\///g'); }
put_template_var() { true; }
put_template_custom() { true; }
else
put_template() { printf '\033]4;%d;rgb:%s\033\\' $@; }
put_template_var() { printf '\033]%d;rgb:%s\033\\' $@; }
put_template_custom() { printf '\033]%s%s\033\\' $@; }
fi
# 16 color space
put_template 0 $color00
put_template 1 $color01
put_template 2 $color02
put_template 3 $color03
put_template 4 $color04
put_template 5 $color05
put_template 6 $color06
put_template 7 $color07
put_template 8 $color08
put_template 9 $color09
put_template 10 $color10
put_template 11 $color11
put_template 12 $color12
put_template 13 $color13
put_template 14 $color14
put_template 15 $color15
# 256 color space
put_template 16 $color16
put_template 17 $color17
put_template 18 $color18
put_template 19 $color19
put_template 20 $color20
put_template 21 $color21
# foreground / background / cursor color
if [ -n "$ITERM_SESSION_ID" ]; then
# iTerm2 proprietary escape codes
put_template_custom Pg e3e1e4 # foreground
put_template_custom Ph 1a181a # background
put_template_custom Pi e3e1e4 # bold color
put_template_custom Pj 303030 # selection color
put_template_custom Pk e3e1e4 # selected text color
put_template_custom Pl e3e1e4 # cursor
put_template_custom Pm 1a181a # cursor text
else
put_template_var 10 $color_foreground
if [ "$BASE16_SHELL_SET_BACKGROUND" != false ]; then
put_template_var 11 $color_background
if [ "${TERM%%-*}" = "rxvt" ]; then
put_template_var 708 $color_background # internal border (rxvt)
fi
fi
put_template_custom 12 ";7" # cursor (reverse video)
fi
# clean up
unset -f put_template
unset -f put_template_var
unset -f put_template_custom
unset color00
unset color01
unset color02
unset color03
unset color04
unset color05
unset color06
unset color07
unset color08
unset color09
unset color10
unset color11
unset color12
unset color13
unset color14
unset color15
unset color16
unset color17
unset color18
unset color19
unset color20
unset color21
unset color_foreground
unset color_background

View file

@ -99,13 +99,11 @@ in {
vi = "nvim"; vi = "nvim";
vim = "nvim"; vim = "nvim";
mutt = "neomutt"; mutt = "neomutt";
cat = "bat";
ls = "eza"; ls = "eza";
la = "eza --group-directories-first -lag"; la = "eza --group-directories-first -lag";
wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts"; wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix";
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
nnn = "nnn -d -e -H -r"; nnn = "nnn -d -e -H -r";
}; };
} }

View file

@ -1,7 +1,8 @@
{ args@{
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
@ -19,16 +20,16 @@ in {
}; };
config = { config = {
programs.command-not-found.enable = false; programs.command-not-found.enable = true;
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs;
ack [
tealdeer
asciinema asciinema
bat
blesh blesh
eza eza
fd fd
jump ripgrep
(nnn.overrideAttrs (o: { (nnn.overrideAttrs (o: {
patches = patches =
(o.patches or []) (o.patches or [])
@ -39,13 +40,25 @@ in {
p p
powerline powerline
screen screen
silver-searcher
watson watson
]; jump
bat
]
++ (
if cfg.full
then [
# Nix specific utilities
alejandra
manix
nix-index
nix-tree
nix-inspect
nvd
]
else []
);
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
programs.less = { programs.less = {
enable = true; enable = true;
keys = '' keys = ''
@ -60,49 +73,26 @@ in {
# starship.toml has sane defaults that can be changed there # starship.toml has sane defaults that can be changed there
programs.starship = { programs.starship = {
enable = true; enable = true;
settings = import ./starship.toml.nix; settings = import ./starship.toml.nix flake.self.theme.withHashtag;
}; };
programs.bash = import ./bash { programs.bash = import ./bash args;
inherit config;
inherit pkgs;
inherit lib;
};
programs.fzf = import ./fzf { programs.fzf = import ./fzf args;
inherit config;
inherit pkgs;
};
programs.neovim = import ./nvim { programs.neovim = import ./nvim args;
inherit config;
inherit pkgs;
inherit lib;
};
# Ensure nvim backup directory gets created # Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override) # Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = ""; xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = ""; xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = ""; xdg.dataFile."nvim/templates/.keep".text = "";
programs.git = import ./git {}; programs.git = import ./git args;
xdg.configFile."git/config".text = import ./.config/git/config.nix { xdg.configFile."git/config".text = import ./.config/git/config.nix args;
inherit config; xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix args;
inherit pkgs; xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix args;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
programs.direnv = import ./direnv {}; programs.direnv = import ./direnv args;
}; };
}; };
} }

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
enable = true; enable = true;
nix-direnv = { nix-direnv = {
enable = true; enable = true;

View file

@ -1,15 +1,17 @@
{ {
config, config,
pkgs, pkgs,
flake,
... ...
}: { }: {
enable = true; enable = true;
defaultCommand = "fd --hidden --type f --exclude .git"; defaultCommand = "fd --hidden --type f --exclude .git";
defaultOptions = [ defaultOptions = with flake.self.theme.withHashtag; [
"--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7" "--color=bg+:${base01},bg:${base00},spinner:${base0C},hl:${base0D}"
"--color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062" "--color=fg:${base04},header:${base0D},info:${base0A},pointer:${base0C}"
"--color=marker:#ef9062,fg+:#303030,prompt:#e5c463,hl+:#7accd7" "--color=marker:${base0C},fg+:${base02},prompt:${base0A},hl+:${base0D}"
]; ];
# Use ble.sh for completions, see # Use ble.sh for completions, see
# modules/terminal-life/bash/default.nix -> bleopt complete_menu_style=desc # modules/terminal-life/bash/default.nix -> bleopt complete_menu_style=desc
# and https://github.com/akinomyoga/ble.sh/wiki/Manual-%C2%A77-Completion # and https://github.com/akinomyoga/ble.sh/wiki/Manual-%C2%A77-Completion

View file

@ -1,5 +1,4 @@
{ ... }: {...}: {
{
enable = true; enable = true;
extraConfig = { extraConfig = {

View file

@ -0,0 +1,48 @@
lua <<EOF
local luasnip = require 'luasnip'
local cmp = require 'cmp'
cmp.setup {
snippet = {
expand = function(args)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = {
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end,
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
},
}
EOF

View file

@ -7,8 +7,6 @@
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.terminal-life; cfg = config.pub-solar.terminal-life;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs);
in { in {
enable = true; enable = true;
@ -20,80 +18,93 @@ in {
withRuby = true; withRuby = true;
withPython3 = true; withPython3 = true;
extraPackages = with pkgs; extraPackages = with pkgs; [
lib.mkIf (cfg.full) [ ripgrep
ansible-language-server
ccls
gopls
nixd nixd
nodejs
nodePackages.bash-language-server
nodePackages.dockerfile-language-server-nodejs
nodePackages.svelte-language-server
nodePackages.typescript
nodePackages.typescript-language-server
nodePackages.vim-language-server
nodePackages.vue-language-server
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
python3Packages.python-lsp-server
python3Full
rust-analyzer
solargraph
terraform-ls
universal-ctags universal-ctags
# ansible-language-server
# clang-tools
# gopls
# nodePackages.bash-language-server
# nodePackages.svelte-language-server
# nodePackages.typescript
# nodePackages.typescript-language-server
# nodePackages.vue-language-server
# nodePackages.vscode-langservers-extracted
# nginx-language-server
# lua-language-server
# cmake-language-server
# vim-language-server
# yaml-language-server
# python3Packages.python-lsp-server
# nodePackages.dockerfile-language-server-nodejs
# docker-compose-language-service
# rust-analyzer
# cargo
# solargraph
# terraform-ls
# python3Full
]; ];
plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [ plugins = with pkgs.vimPlugins;
(pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [ [
p.ini # The status bar in the bottom of the screen with the mode indication and file location
p.json vim-airline
p.json5
p.markdown
p.nix
p.toml
p.yaml
p.css # Automatically load editorconfig files in repos to configure nvim settings
p.graphql editorconfig-vim
p.html
p.javascript
p.scss
p.tsx
p.typescript
p.vue
p.c # File browser. Use <leader>n to access
p.cpp nnn-vim
p.go
p.gomod
p.gosum
p.haskell
p.lua
p.php
p.python
p.ruby
p.rust
p.vim # Highlight characters when using f, F, t, and T
p.vimdoc quick-scope
p.passwd # Undo history etc. per project
p.sql vim-workspace-nvfetcher
p.diff # Neovim colorschemes / themes
p.gitcommit sonokai
p.gitignore vim-hybrid-material
p.git_config vim-airline-themes
p.gitattributes vim-apprentice-nvfetcher
p.git_rebase
p.bash # Preview colors inline
p.dockerfile nvim-colorizer-lua
p.make
p.ninja # Git integrations
p.terraform # A Git wrapper so awesome, it should be illegal
])) fugitive
# Shows git diff markers in the sign column
vim-gitgutter
# GitHub extension for fugitive
vim-rhubarb
# Ease your git workflow within Vim
vimagit-nvfetcher
# Telescope fuzzy finder
telescope-nvim
telescope-fzf-native-nvim
# Make the yanked region apparent
vim-highlightedyank
# :Beautify Code beautifier
vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window
vim-bufkill
# Defaults everyone can agree on
vim-sensible
# Work with tags files
vim-gutentags
]
++ (
if cfg.full
then [
nvim-treesitter.withAllGrammars
# Dependencies for nvim-lspconfig # Dependencies for nvim-lspconfig
nvim-cmp nvim-cmp
@ -108,70 +119,13 @@ in {
# Collaborative editing in Neovim using built-in capabilities # Collaborative editing in Neovim using built-in capabilities
instant-nvim-nvfetcher instant-nvim-nvfetcher
# Search functionality behind :Ack
ack-vim
# The status bar in the bottom of the screen with the mode indication and file location
vim-airline
# Automatically load editorconfig files in repos to configure nvim settings
editorconfig-vim
# File browser. Use <leader>n to access
nnn-vim
# Highlight characters when using f, F, t, and T
quick-scope
# Get sudo in vim; :SudaWrite <optional filename>
suda-vim
# Undo history etc. per project
vim-workspace-nvfetcher
# JSON schemas # JSON schemas
SchemaStore-nvim SchemaStore-nvim
]
else []
);
# Work with tags files extraConfig = builtins.concatStringsSep "\n" ([
vim-gutentags
# Neovim colorschemes / themes
sonokai
vim-hybrid-material
vim-airline-themes
vim-apprentice-nvfetcher
# Git integrations
# A Git wrapper so awesome, it should be illegal
fugitive
# Shows git diff markers in the sign column
vim-gitgutter
# GitHub extension for fugitive
vim-rhubarb
# Ease your git workflow within Vim
vimagit-nvfetcher
# FZF fuzzy finder
fzf-vim
fzfWrapper
# Make the yanked region apparent
vim-highlightedyank
# :Beautify Code beautifier
vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window
vim-bufkill
# Defaults everyone can agree on
vim-sensible
# emmet for vim: http://emmet.io/
emmet-vim
# Caddyfile syntax support for Vim
vim-caddyfile-nvfetcher
];
extraConfig = builtins.concatStringsSep "\n" [
'' ''
" Persistent undo " Persistent undo
set undofile set undofile
@ -184,12 +138,14 @@ in {
(builtins.readFile ./plugins.vim) (builtins.readFile ./plugins.vim)
(builtins.readFile ./clipboard.vim) (builtins.readFile ./clipboard.vim)
(builtins.readFile ./ui.vim) (builtins.readFile ./ui.vim)
(builtins.readFile ./quickfixopenall.vim) (builtins.readFile ./filetypes.vim)
]
++ (
if cfg.full
then [
(builtins.readFile ./lsp.vim) (builtins.readFile ./lsp.vim)
'' (builtins.readFile ./cmp.vim)
" fzf with file preview ]
command! -bang -nargs=? -complete=dir Files else []
\ call fzf#vim#files(<q-args>, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, <bang>0) ));
''
];
} }

View file

@ -0,0 +1,10 @@
au BufRead,BufNewFile *.html.twig set filetype=html
au BufRead,BufNewFile *.vto set filetype=html
au BufRead,BufNewFile *.njk set filetype=html
au BufRead,BufNewFile *.age set filetype=age
autocmd FileType age setlocal noeol nofixeol
au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab

View file

@ -9,11 +9,13 @@ set viminfo='100,<100,s20 " vim file history
set hidden set hidden
set expandtab
set shiftwidth=2 set shiftwidth=2
set tabstop=2
set number set number
set relativenumber set relativenumber
set mouse= set mouse=
set listchars=tab:→\ ,nbsp:␣,trail:␣,extends:⟩,precedes:⟨
set list
set autoindent set autoindent
set smartindent set smartindent
@ -56,10 +58,6 @@ map <leader>wJ :wincmd H<CR>
map <leader>wK :wincmd J<CR> map <leader>wK :wincmd J<CR>
map <leader>wL :wincmd L<CR> map <leader>wL :wincmd L<CR>
map <leader>tj :tabprevious<CR>
map <leader>tl :tabnext<CR>
map <leader>tq :tabclose<CR>
" replay macro for each line of a visual selection " replay macro for each line of a visual selection
xnoremap @q :normal @q<CR> xnoremap @q :normal @q<CR>
xnoremap @@ :normal @@<CR> xnoremap @@ :normal @@<CR>
@ -71,34 +69,13 @@ xnoremap p pgvy
inoremap jj <Esc> inoremap jj <Esc>
" Open new buffer " Open new buffer
nmap <leader>T :enew<cr> nmap <leader>bn :enew<cr>
" Move to the next buffer
nmap <leader>l :bnext<CR> nmap <leader>l :bnext<CR>
nmap <leader>bn :bnext<CR>
" Move to the previous buffer
nmap <leader>j :bprevious<CR> nmap <leader>j :bprevious<CR>
nmap <leader>bp :bprevious<CR>
" Close the current buffer and move to the previous one
" This replicates the idea of closing a tab
nmap <leader>q :bp <BAR> bd #<CR> nmap <leader>q :bp <BAR> bd #<CR>
nmap <leader>bq :bp <BAR> bd #<CR>
" Show all open buffers and their status
nmap <leader>bl :ls<CR>
" Mapping selecting mappings
nmap <leader><tab> <plug>(fzf-maps-n)
xmap <leader><tab> <plug>(fzf-maps-x)
omap <leader><tab> <plug>(fzf-maps-o)
nmap <c-p> :Files<CR>
imap <c-p> <ESC>:Files<CR>
" Insert mode completion
imap <c-x><c-k> <plug>(fzf-complete-word)
imap <c-x><c-f> <plug>(fzf-complete-path)
imap <c-x><c-j> <plug>(fzf-complete-file)
imap <c-x><c-l> <plug>(fzf-complete-line)
" Clear quickfix shortcut " Clear quickfix shortcut
nmap <Leader>c :ccl<CR> nmap <Leader>c :ccl<CR>
@ -108,7 +85,3 @@ nmap <Leader>c :ccl<CR>
if has("autocmd") if has("autocmd")
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
endif endif
nmap - :NnnPicker %<CR>
nmap <leader>n :NnnPicker %<CR>
nmap <leader>N :NnnPicker<CR>

View file

@ -1,41 +1,28 @@
" Set completeopt to have a better completion experience
" :help completeopt
" menuone: popup even when there's only one match
" noinsert: Do not insert text until a selection is made
" noselect: Do not select, force user to select one from the menu
set completeopt=menuone,noinsert,noselect
" Avoid showing extra messages when using completion
set shortmess+=c
function AddTemplate(tmpl_file)
exe "0read " . a:tmpl_file
set nomodified
6
endfunction
autocmd BufNewFile shell.nix call AddTemplate("$XDG_DATA_HOME/nvim/templates/shell.nix.tmpl")
" Configure neovim 0.6+ experimental LSPs " Configure neovim 0.6+ experimental LSPs
" https://github.com/neovim/nvim-lspconfig " https://github.com/neovim/nvim-lspconfig
" https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md " https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
" https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization " https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization
" https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua
lua <<EOF lua <<EOF
local nvim_lsp = require('lspconfig')
-- Mappings (global) -- Set completeopt to have a better completion experience
-- See `:help vim.diagnostic.*` for documentation on any of the below functions vim.o.completeopt = 'menuone,noselect,noinsert'
local opts = { noremap=true, silent=true } vim.o.shortmess = vim.o.shortmess .. 'c'
vim.api.nvim_set_keymap('n', '<leader>e', '<cmd>lua vim.diagnostic.open_float()<CR>', opts) vim.o.signcolumn = 'yes:2'
vim.api.nvim_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>dq', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
-- Use an on_attach function to only map the following keys local lspconfig = require('lspconfig')
-- after the language server attaches to the current buffer
local on_attach = function(client, bufnr) -- Mappings (global)
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap=true, silent=true }
vim.api.nvim_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>dq', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>do', '<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>bf', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
local on_attach = function(client, bufnr)
-- Enable completion triggered by <c-x><c-o> -- Enable completion triggered by <c-x><c-o>
vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc')
@ -43,16 +30,16 @@ lua <<EOF
-- See `:help vim.lsp.*` for documentation on any of the below functions -- See `:help vim.lsp.*` for documentation on any of the below functions
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gT', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>D', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
-- Show diagnostic popup on cursor hold -- Show diagnostic popup on cursor hold
vim.api.nvim_create_autocmd("CursorHold", { vim.api.nvim_create_autocmd("CursorHold", {
@ -70,189 +57,93 @@ lua <<EOF
end end
}) })
end
local lspconfig = require 'lspconfig'
-- Add additional capabilities supported by nvim-cmp
local CAPABILITIES = require('cmp_nvim_lsp').default_capabilities()
--- Event handlers
local HANDLERS = {
-- TODO: replace with vim.lsp.protocol.Methods
["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, FLOAT_CONFIG),
["textDocument/signatureHelp"] = vim.lsp.with(vim.lsp.handlers.signature_help, FLOAT_CONFIG),
}
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
CAPABILITIES.textDocument.completion.completionItem.snippetSupport = true
local function setup(lsp, config)
if config == nil then
config = {}
end end
-- Add additional capabilities supported by nvim-cmp config.capabilities = CAPABILITIES
local capabilities = require('cmp_nvim_lsp').default_capabilities() config.handlers = HANDLERS
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html config.on_attach = on_attach
capabilities.textDocument.completion.completionItem.snippetSupport = true lspconfig[lsp].setup(config)
end
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html setup('nixd')
capabilities.textDocument.completion.completionItem.snippetSupport = true setup('bashls')
setup('clangd')
local use_denols_for_typescript = not(os.getenv('NVIM_USE_DENOLS') == nil) setup('cssls')
setup('eslint')
for lsp_key, lsp_settings in pairs({ setup('ts_ls')
'ansiblels', ---------------------------- Ansible setup('denols')
'bashls', ------------------------------- Bash setup('vuels')
'ccls', --------------------------------- C / C++ / Objective-C setup('svelte')
'cssls', -------------------------------- CSS / SCSS / LESS setup('html')
'dockerls', ----------------------------- Docker setup('yamlls')
['gopls'] = { --------------------------- Go setup('jsonls', {
['settings'] = { json = {
['gopls'] = { schemas = require('schemastore').json.schemas(),
['analyses'] = { validate = {
['unusedparams'] = true, enable = true
},
['staticcheck'] = true
},
},
},
'html', --------------------------------- HTML
['jdtls'] = { --------------------------- Java
['root_dir'] = nvim_lsp.util.root_pattern('.git', 'pom.xml', 'build.xml'),
['init_options'] = {
['jvm_args'] = {['java.format.settings.url'] = vim.fn.stdpath('config')..'/eclipse-formatter.xml'},
['workspace'] = vim.fn.stdpath('cache')..'/java-workspaces'
}
},
['jsonls'] = { -------------------------- JSON
['settings'] = {
['json'] = {
['schemas' ] = vim.list_extend(
{
{
['description'] = 'JSON schema for Caddy v2',
['fileMatch'] = { '*caddy*.json' },
['name'] = 'caddy_schema.json',
['url'] = vim.fn.stdpath('data')..'/json-schemas/caddy_schema.json',
},
},
require('schemastore').json.schemas()
),
['validate'] = { ['enable'] = true }
} }
} }
}, })
'nixd', --------------------------------- Nix setup('gopls', {
'phpactor', ----------------------------- PHP settings = {
'pylsp', -------------------------------- Python gopls = { semanticTokens = true }
'solargraph', --------------------------- Ruby
'rust_analyzer', ------------------------ Rust
['sqlls'] = {
['cmd'] = {vim.fn.stdpath('data')..'/nvm/versions/node/v12.19.0/bin/sql-language-server', 'up', '--method', 'stdio'}
},
['terraformls'] = { --------------------- Terraform
['filetypes'] = { 'terraform', 'hcl', 'tf' }
},
-- The TS/JS server is chosen depending on an environment variable,
-- since denols is nicer for Deno based projects
------------------------ Deno TS/JS
------------------------------------ Typescript / JavaScript
(use_denols_for_typescript and 'denols' or 'tsserver'),
'vuels', -------------------------------- Vue
'svelte', ------------------------------- Svelte
['yamlls'] = { -------------------------- YAML
['settings'] = {
['yaml'] = {
['schemas'] = {
['https://json.schemastore.org/github-workflow'] = '.github/workflows/*.{yml,yaml}',
['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}',
['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}',
['https://json.schemastore.org/swagger-2.0'] = 'swagger.{yml,yaml}',
} }
} })
} setup('phpactor')
} setup('pylsp')
}) do -- Setup all of the language servers. † setup('solargraph') -- ruby
if type(lsp_key) == 'number' then -- Enable the LSP with defaults. setup('rust_analyzer', {
-- The `lsp` is an index in this case. settings = {
nvim_lsp[lsp_settings].setup{ ['rust-analyzer'] = {
on_attach = on_attach, checkOnSave = { extraArgs = { "--target-dir", "/tmp/rust-analyzer-check" } },
flags = { diagnostics = { disabled = { 'inactive-code' } },
debounce_text_changes = 150,
},
capabilities = capabilities,
}
else -- Use the LSP's configuration.
lsp_settings.on_attach = on_attach
lsp_settings.capabilities = capabilities
nvim_lsp[lsp_key].setup(lsp_settings)
end
end --
-- configure floating diagnostics appearance, symbols
local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect'
-- luasnip setup
local luasnip = require 'luasnip'
-- nvim-cmp setup
local cmp = require 'cmp'
cmp.setup {
snippet = {
expand = function(args)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = {
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end,
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
}, },
} }
})
setup('sqlls')
setup('salt_ls')
setup('ansiblels')
setup('dockerls')
setup('docker_compose_language_service')
setup('terraformls')
-- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols
vim.g.markdown_fenced_languages = { vim.g.markdown_fenced_languages = {
"ts=typescript" "ts=typescript"
} }
-- Configure diagnostics -- Configure diagnostics
vim.diagnostic.config({ vim.diagnostic.config({
virtual_text = false, virtual_text = false,
signs = true, signs = true,
underline = true, underline = true,
update_in_insert = false, update_in_insert = false,
severity_sort = false, severity_sort = false,
}) })
-- Change diagnostic symbols in the sign column (gutter) -- Change diagnostic symbols in the sign column (gutter)
local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " } local signs = { Error = "x ", Warn = "! ", Hint = "? ", Info = "i " }
for type, icon in pairs(signs) do for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end end
EOF EOF
" have a fixed column for the diagnostics to appear in
" this removes the jitter when warnings/errors flow in
set signcolumn=yes:2

View file

@ -1,32 +1,8 @@
" Happy yaml configuration
au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
let g:gutentags_file_list_command = 'git ls-files' let g:gutentags_file_list_command = 'git ls-files'
" quick-scope
" https://github.com/unblevable/quick-scope " https://github.com/unblevable/quick-scope
let g:qs_highlight_on_keys = ['f', 'F', 't', 'T'] let g:qs_highlight_on_keys = ['f', 'F', 't', 'T']
" Golang
" Go test, Def, Decls shortcut
nmap <Leader>got :GoTest<CR>:botright copen<CR>
autocmd FileType go nmap gd :GoDef<CR>
autocmd FileType go nmap gD :GoDecls<CR>
" Go formatting
autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist
" Caddyfile indentation
autocmd FileType caddyfile setlocal noexpandtab shiftwidth=8 tabstop=8 softtabstop=8 nolist
" vim-go disable text-objects
let g:go_textobj_enabled = 0
" disable vim-go :GoDef short cut (gd)
" this is handled by LanguageClient [LC]
let g:go_def_mapping_enabled = 0
" GitGutter and vim Magit " GitGutter and vim Magit
" inspired by: https://jakobgm.com/posts/vim/git-integration/ " inspired by: https://jakobgm.com/posts/vim/git-integration/
" Don't map gitgutter keys automatically, set them ourselves " Don't map gitgutter keys automatically, set them ourselves
@ -43,17 +19,11 @@ nmap <Leader>gu <Plug>(GitGutterUndoHunk) " git undo (chunk)
" Open vimagit pane " Open vimagit pane
nnoremap <leader>gs :Magit<CR> " git status nnoremap <leader>gs :Magit<CR> " git status
" Push to remote
nnoremap <leader>gP :! git push<CR> " git Push
" Quick conflict resolution in git mergetool nvim " Quick conflict resolution in git mergetool nvim
" http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/ " http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/
nmap <Leader>[ :diffget //2<CR> nmap <Leader>[ :diffget //2<CR>
nmap <Leader>] :diffget //3<CR> nmap <Leader>] :diffget //3<CR>
" netrw
let g:netrw_fastbrowse=0
" Auto-FMT rust code on save " Auto-FMT rust code on save
let g:rustfmt_autosave = 1 let g:rustfmt_autosave = 1
@ -66,22 +36,53 @@ let g:highlightedyank_highlight_duration = 200
" Markdown options " Markdown options
let g:vim_markdown_folding_disabled = 1 let g:vim_markdown_folding_disabled = 1
" Haskell options
let g:haskell_enable_quantification = 1 " to enable highlighting of `forall`
let g:haskell_enable_recursivedo = 1 " to enable highlighting of `mdo` and `rec`
let g:haskell_enable_arrowsyntax = 1 " to enable highlighting of `proc`
let g:haskell_enable_pattern_synonyms = 1 " to enable highlighting of `pattern`
let g:haskell_enable_typeroles = 1 " to enable highlighting of type roles
let g:haskell_enable_static_pointers = 1 " to enable highlighting of `static`
let g:haskell_backpack = 1 " to enable highlighting of backpack keywords
" Emmet
let g:user_emmet_leader_key='<c-n>'
" Ack
if executable('ag')
let g:ackprg = 'ag --hidden --vimgrep'
endif
" nnn " nnn
let g:nnn#command = 'nnn -d -e -H -r' let g:nnn#command = 'nnn -d -e -H -r'
nmap - :NnnPicker %<CR>
nmap <leader>n :NnnPicker %<CR>
nmap <leader>N :NnnPicker<CR>
lua <<EOF
local actions = require("telescope.actions")
local telescope = require("telescope")
telescope.setup{
defaults = {
mappings = {
n = {
["k"] = actions.move_selection_next,
["i"] = actions.move_selection_previous,
["I"] = actions.move_to_top,
["K"] = actions.move_to_bottom,
["<C-c>"] = actions.close,
},
},
},
pickers = {
find_files = {
-- `hidden = true` will still show the inside of `.git/` as it's not `.gitignore`d.
find_command = { "rg", "--files", "--hidden", "--glob", "!**/.git/*" },
},
},
extensions = {
fzf = {
fuzzy = true, -- false will only do exact matching
override_generic_sorter = true, -- override the generic sorter
override_file_sorter = true, -- override the file sorter
case_mode = "smart_case", -- or "ignore_case" or "respect_case"
}
}
}
telescope.load_extension('fzf')
local builtin = require('telescope.builtin')
vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
vim.keymap.set('n', '<leader>f/', builtin.live_grep, {})
vim.keymap.set('n', '<leader>f?', builtin.builtin, {})
vim.keymap.set('n', '<leader>fr', builtin.command_history, {})
vim.keymap.set('n', '<leader>fc', builtin.commands, {})
vim.keymap.set('n', '<leader>ft', builtin.treesitter, {})
require'colorizer'.setup()
EOF

View file

@ -1,36 +0,0 @@
self:
with self; ''
IFS=':' read -r -a INPUT <<< "$1"
FILE=''${INPUT[0]}
CENTER=''${INPUT[1]}
if [[ "$1" =~ ^[A-Za-z]:\\ ]]; then
FILE=$FILE:''${INPUT[1]}
CENTER=''${INPUT[2]}
fi
if [[ -n "$CENTER" && ! "$CENTER" =~ ^[0-9] ]]; then
exit 1
fi
CENTER=''${CENTER/[^0-9]*/}
FILE="''${FILE/#\~\//$HOME/}"
if [ ! -r "$FILE" ]; then
echo "File not found ''${FILE}"
exit 1
fi
if [ -z "$CENTER" ]; then
CENTER=0
fi
exec cat "$FILE" \
| sed -e '/[#|\/\/ ?]-- copyright/,/[#\/\/]++/c\\' \
| ${pkgs.coreutils}/bin/tr -s '\n' \
| ${pkgs.bat}/bin/bat \
--style="''${BAT_STYLE:-numbers}" \
--color=always \
--pager=never \
--file-name="''$FILE" \
--highlight-line=$CENTER
''

View file

@ -1,20 +0,0 @@
"Usage:
" 1. Perform a vimgrep search
" :vimgrep /def/ *.rb
" 2. Issue QuickFixOpenAll command
" :QuickFixOpenAll
function! QuickFixOpenAll()
if empty(getqflist())
return
endif
let s:prev_val = ""
for d in getqflist()
let s:curr_val = bufname(d.bufnr)
if (s:curr_val != s:prev_val)
exec "edit " . s:curr_val
endif
let s:prev_val = s:curr_val
endfor
endfunction
command! QuickFixOpenAll call QuickFixOpenAll()

Some files were not shown because too many files have changed in this diff Show more