b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: b12f:main
Branches Tags
b12f:main
b12f:feat/authelia
b12f:feat/email
b12f:b12f
..
compare: b12f:feat/authelia
Branches Tags
b12f:main
b12f:feat/authelia
b12f:feat/email
b12f:b12f

1 commit
main ... feat/authe

Author SHA1 Message Date
Benjamin Yule Bädorf 316bd06c0d
wireguard/ssh: add pub.solar wireguard config 2024-04-06 02:35:51 +02:00
210 changed files with 3735 additions and 3902 deletions
Show stats Expand all files Collapse all files

4
.editorconfig
View file

@ -20,8 +20,8 @@ indent_style = unset
indent_size = unset
[{.*,secrets}/**]
end_of_line = false
insert_final_newline = false
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
charset = unset
indent_style = unset

414
flake.lock
View file

@ -3,17 +3,17 @@
"adblock-unbound": {
"inputs": {
"adblockStevenBlack": "adblockStevenBlack",
"lancache-domains": "lancache-domains",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1704832551,
"narHash": "sha256-6xS/ANMIh3b4Ia3Ubl9rtb3LVw9QldihnP3IvuG9zwQ=",
"lastModified": 1688055723,
"narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=",
"owner": "MayNiklas",
"repo": "nixos-adblock-unbound",
"rev": "a5d3731836b1c2ca65834e07be03c02daca5b434",
"rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc",
"type": "github"
},
"original": {
@ -41,18 +41,16 @@
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
]
},
"locked": {
"lastModified": 1716561646,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"lastModified": 1682101079,
"narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github"
},
"original": {
@ -69,11 +67,11 @@
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"lastModified": 1696360011,
"narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a",
"type": "github"
},
"original": {
@ -87,7 +85,7 @@
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
@ -115,11 +113,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1715699772,
"narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=",
"lastModified": 1695052866,
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "b3ea6f333f9057b77efd9091119ba67089399ced",
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github"
},
"original": {
@ -153,27 +151,6 @@
"type": "github"
}
},
"devshell_2": {
"inputs": {
"nixpkgs": [
"mezza-biz",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -193,11 +170,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@ -211,11 +188,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1693611461,
"narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"type": "github"
},
"original": {
@ -229,11 +206,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1709336216,
"narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github"
},
"original": {
@ -242,58 +219,22 @@
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1714606777,
"narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4d34ce6412bc450b1d4208c953dc97c7fc764f1a",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -311,52 +252,31 @@
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"lastModified": 1710888565,
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1716736833,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1708968331,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=",
"lastModified": 1706639736,
"narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30",
"rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
"type": "github"
},
"original": {
@ -365,73 +285,14 @@
"type": "github"
}
},
"invoiceplane-template": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1712364633,
"narHash": "sha256-BfdaBTDA07ijUrK47aa8AMDTBB3nWYm74CBAwd/mllg=",
"ref": "refs/heads/main",
"rev": "8056309d6cf694647262a11415aceac68015cfd2",
"revCount": 22,
"type": "git",
"url": "https://git.pub.solar/b12f/invoiceplane-templates.git"
},
"original": {
"type": "git",
"url": "https://git.pub.solar/b12f/invoiceplane-templates.git"
}
},
"lancache-domains": {
"flake": false,
"locked": {
"lastModified": 1679999806,
"narHash": "sha256-oDZ2pSf8IgofRS4HaRppGcd4kHQj48AC9dkS++avYy8=",
"owner": "uklans",
"repo": "cache-domains",
"rev": "31b2ba1e0a7c419327cb97f589b508d78b9aecbf",
"type": "github"
},
"original": {
"owner": "uklans",
"repo": "cache-domains",
"type": "github"
}
},
"mezza-biz": {
"inputs": {
"devshell": "devshell_2",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724541053,
"narHash": "sha256-bQiwF08H8GEi7lxNiJKc4Gu42K7zYeDPPqRCNYVnp7U=",
"ref": "refs/heads/main",
"rev": "0ee615488dec2685cee6ed558cbfcf9840e92b94",
"revCount": 10,
"type": "git",
"url": "https://git.pub.solar/b12f/mezza.biz.git"
},
"original": {
"type": "git",
"url": "https://git.pub.solar/b12f/mezza.biz.git"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1715627339,
"narHash": "sha256-HJ6V7hc64iBqXlZ8kH4sXmUzPH+0Hn6wYURmZmL5LFk=",
"lastModified": 1696124168,
"narHash": "sha256-EzGHYAR7rozQQLZEHbKEcb5VpUFGoxwEsM0OWfW4wqU=",
"owner": "nixos",
"repo": "mobile-nixos",
"rev": "655c8830d5fe2eae79c8fc0bab8033b34c8456eb",
"rev": "7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3",
"type": "github"
},
"original": {
@ -445,11 +306,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1716767591,
"narHash": "sha256-e7mG0KhSnMkdgIGPKw6Bs2B6D44B/GB6Zo0NgxFxJTc=",
"lastModified": 1690426816,
"narHash": "sha256-vvOrLE6LlBVYigA1gSrlkknFwfuq9qmLA4h6ubiJ22g=",
"owner": "musnix",
"repo": "musnix",
"rev": "65f1b5863ff6157d4870ed177e8ccd82e21127ad",
"rev": "e651b06f8a3ac7d71486984100e8a79334da8329",
"type": "github"
},
"original": {
@ -460,16 +321,15 @@
},
"nixd": {
"inputs": {
"flake-parts": "flake-parts_4",
"flake-root": "flake-root",
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1717293270,
"narHash": "sha256-twDibXDWwmySk6C/hFUpeBewB5heSyCDDHWOAeRSp40=",
"lastModified": 1710142672,
"narHash": "sha256-MRClVDHMGXglXpSR+RflwnrY/ngePqrxOwiwoh5/BtU=",
"owner": "nix-community",
"repo": "nixd",
"rev": "be5ad5ec113595e2900e6391a08cf0e4784a9cfe",
"rev": "eb40e5b315fafa1086f69be84918bbd9235e0a10",
"type": "github"
},
"original": {
@ -481,11 +341,11 @@
},
"nixos-flake": {
"locked": {
"lastModified": 1716406291,
"narHash": "sha256-qHjJ6alc4o3p51hrPp3JGdC5Pbz5EjF+UZq1HbK8av0=",
"lastModified": 1692742948,
"narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=",
"owner": "srid",
"repo": "nixos-flake",
"rev": "aa9100167350cbdffaa272b0fd382d7c23606b86",
"rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431",
"type": "github"
},
"original": {
@ -496,11 +356,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1717248095,
"narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=",
"lastModified": 1686838567,
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "7b49d3967613d9aacac5b340ef158d493906ba79",
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"type": "github"
},
"original": {
@ -527,48 +387,30 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1717284937,
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
"dir": "lib",
"lastModified": 1693471703,
"narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1717284937,
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-lib_4": {
"locked": {
"dir": "lib",
"lastModified": 1714253743,
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
@ -581,11 +423,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1728551786,
"narHash": "sha256-wO3aWtTYEdaDwUdbA2bj3PTBKu3idTolOOnrPnzRo8o=",
"lastModified": 1711717242,
"narHash": "sha256-PW9J9sFw5DA4Fo3Cq4Soc+an6tjTS4VV2NxG6G0UMqw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "565db77725e0d5b0b448ecf4998239c3fddd374a",
"rev": "824952ff6b32b0019465b139b5c76d915ec074ea",
"type": "github"
},
"original": {
@ -597,11 +439,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1728492678,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"lastModified": 1711523803,
"narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
"type": "github"
},
"original": {
@ -613,11 +455,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"lastModified": 1690272529,
"narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c",
"type": "github"
},
"original": {
@ -629,11 +471,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1714562304,
"narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=",
"lastModified": 1710097495,
"narHash": "sha256-B7Ea7q7hU7SE8wOPJ9oXEBjvB89yl2csaLjf5v/7jr8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7",
"rev": "d40e866b1f98698d454dad8f592fe7616ff705a4",
"type": "github"
},
"original": {
@ -645,16 +487,16 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1728500571,
"narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
"lastModified": 1711460390,
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.05",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
@ -666,15 +508,16 @@
]
},
"locked": {
"lastModified": 1708750443,
"lastModified": 1708706677,
"narHash": "sha256-fUIT9v5FGy9KbbPKBVcxw2rwxqLZUVElqTtZWM7FiNI=",
"owner": "tfc",
"owner": "b12f",
"repo": "nixos-openstreetmap",
"rev": "0fd30b016eb838395d85948b9ecf00ff59b4581d",
"rev": "9057f546a5762a6b1645a8d4c22f818e29908144",
"type": "github"
},
"original": {
"owner": "tfc",
"owner": "b12f",
"ref": "flake-nixosmodule",
"repo": "nixos-openstreetmap",
"type": "github"
}
@ -687,10 +530,8 @@
"deploy-rs": "deploy-rs",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"home-manager": "home-manager_2",
"home-manager": "home-manager",
"impermanence": "impermanence",
"invoiceplane-template": "invoiceplane-template",
"mezza-biz": "mezza-biz",
"mobile-nixos": "mobile-nixos",
"musnix": "musnix",
"nixd": "nixd",
@ -699,65 +540,16 @@
"nixpkgs": "nixpkgs_4",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable",
"openstreetmap": "openstreetmap",
"themes": "themes"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"themes": {
"locked": {
"lastModified": 1715166503,
"narHash": "sha256-eG3+PTzJntnMrO9J2fCtshU+XX18uI8iIjDKU9NkJXA=",
"owner": "RGBCube",
"repo": "ThemeNix",
"rev": "c188d0d729841f71f576dfb544e70c0340bf52a8",
"type": "github"
},
"original": {
"owner": "RGBCube",
"repo": "ThemeNix",
"type": "github"
"openstreetmap": "openstreetmap"
}
},
"utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {

39
flake.nix
View file

@ -3,7 +3,7 @@
inputs = {
# Track channels with commits tested and built by hydra
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
@ -12,11 +12,9 @@
flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false;
home-manager.url = "github:nix-community/home-manager/release-24.05";
home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
themes.url = "github:RGBCube/ThemeNix";
flake-parts.url = "github:hercules-ci/flake-parts";
nixos-flake.url = "github:srid/nixos-flake";
@ -39,20 +37,14 @@
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
adblock-unbound.inputs.nixpkgs.follows = "nixpkgs";
openstreetmap.url = "github:tfc/nixos-openstreetmap";
openstreetmap.url = "github:b12f/nixos-openstreetmap/flake-nixosmodule";
openstreetmap.inputs.nixpkgs.follows = "nixpkgs";
deno2nix.url = "github:SnO2WMaN/deno2nix";
invoiceplane-template.url = "git+https://git.pub.solar/b12f/invoiceplane-templates.git";
invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
mezza-biz.url = "git+https://git.pub.solar/b12f/mezza.biz.git";
mezza-biz.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs @ {self, ...}:
inputs.flake-parts.lib.mkFlake {inherit inputs;} {
outputs = inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [
"x86_64-linux"
"aarch64-linux"
@ -60,9 +52,7 @@
imports = [
inputs.nixos-flake.flakeModule
inputs.flake-parts.flakeModules.easyOverlay
./public-keys.nix
./theme.nix
./lib
./modules
./hosts
@ -70,23 +60,14 @@
./overlays
];
perSystem = args @ {
system,
pkgs,
config,
...
}: {
packages = import ./pkgs args;
overlayAttrs = config.packages;
perSystem = args@{ system, pkgs, lib, config, ... }: {
_module.args = {
inherit inputs;
pkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.agenix.overlays.default
inputs.nixd.overlays.default
inputs.invoiceplane-template.overlays.default
overlays = with inputs; [
agenix.overlays.default
nixd.overlays.default
];
};
};
@ -94,7 +75,6 @@
devShells.default = pkgs.mkShell {
packages = with pkgs; [
nix
nixd
agenix
age-plugin-yubikey
cachix
@ -111,7 +91,6 @@
deploy-rs
terraform-ls
opentofu
terraform-backend-git

19
hosts/biolimo/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

1
hosts/biolimo/configuration.nix
View file

@ -25,6 +25,7 @@ in {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
};

2
hosts/biolimo/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
imports = [
./configuration.nix
./hardware-configuration.nix

19
hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf
View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

18
hosts/chocolatebar/audio.nix
View file

@ -10,7 +10,7 @@ with lib; let
in {
musnix = {
enable = true;
kernel.realtime = false;
kernel.realtime = true;
soundcardPciId = "0d:00.4";
};
@ -23,12 +23,14 @@ in {
];
};
services.pipewire.extraConfig.pipewire."92-low-latency" = {
"context.properties" = {
"default.clock.rate" = 48000;
"default.clock.quantum" = 32;
"default.clock.min-quantum" = 32;
"default.clock.max-quantum" = 32;
};
environment.etc = {
"pipewire/pipewire.conf.d/92-low-latency.conf".text = ''
context.properties = {
default.clock.rate = 48000
default.clock.quantum = 32
default.clock.min-quantum = 32
default.clock.max-quantum = 32
}
'';
};
}

1
hosts/chocolatebar/configuration.nix
View file

@ -29,6 +29,7 @@ in {
pub-solar.terminal-life.full = true;
environment.systemPackages = with pkgs; [
drone-docker-runner
stdenv.cc.cc.lib
hplip
uhk-agent

4
hosts/chocolatebar/factorio/default.nix
View file

@ -39,6 +39,6 @@ in {
];
};
networking.firewall.allowedUDPPorts = [34197];
networking.firewall.allowedTCPPorts = [34197];
networking.firewall.allowedUDPPorts = [ 34197 ];
networking.firewall.allowedTCPPorts = [ 34197 ];
}

10
hosts/default.nix
View file

@ -1,12 +1,8 @@
{ withSystem, self, inputs, ...}:
{
self,
inputs,
...
}: {
flake = {
nixosConfigurations = {
stroopwafel = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "x86_64-linux";
imports = [
inputs.impermanence.nixosModules.impermanence
@ -69,6 +65,8 @@
self.nixosModules.base
./droppie
self.nixosModules.yule
self.nixosModules.acme
self.nixosModules.proxy
self.nixosModules.persistence
];
};
@ -139,7 +137,7 @@
self.nixosModules.graphical
self.nixosModules.audio
self.nixosModules.bluetooth
({...}: {pub-solar.graphical.wayland.software-renderer.enable = true;})
({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; })
];
};
};

2
hosts/droppie/backup-autostop.nix
View file

@ -24,7 +24,7 @@ in {
};
systemd.timers."shutdown-after-backup" = {
enable = false;
enable = true;
timerConfig = {
OnCalendar = "*-*-* 02..11:05,15,25,35,45,55:00 Etc/UTC";
};

3
hosts/droppie/configuration.nix
View file

@ -20,11 +20,10 @@ in {
boot.kernelParams = [
"boot.shell_on_fail=1"
"nomodeset"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none"
];
boot.initrd.availableKernelModules = ["tg3"];
boot.initrd.availableKernelModules = [ "tg3" ];
boot.initrd.network = {
enable = true;
ssh = {

2
hosts/droppie/default.nix
View file

@ -5,5 +5,7 @@
./networking.nix
./backup-autostop.nix
./nginx.nix
./jellyfin.nix
];
}

92
hosts/droppie/hardware-configuration.nix
View file

@ -1,67 +1,57 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices = {
"cryptroot" = {
device = "/dev/disk/by-uuid/08330ff9-581a-41e1-b8fa-757dc4c90b16";
allowDiscards = true;
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/sdb2";
allowDiscards = true;
};
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
"cryptdata".device = "/dev/disk/by-uuid/bc9f00ea-027e-409b-87c9-ab5628683378";
};
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
fileSystems."/media/internal" =
{ device = "/dev/disk/by-uuid/5cf314a8-82f4-4037-a724-62d2ff226cff";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fsType = "ext4";
neededForBoot = true;
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fsType = "ext4";
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fsType = "ext4";
neededForBoot = true;
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fsType = "ext4";
neededForBoot = true;
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16";
fsType = "ext4";
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/991E-79C1";
fsType = "vfat";
neededForBoot = true;
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/991E-79C1";
fsType = "vfat";
};
fileSystems."/data" = {
device = "/dev/disk/by-uuid/391db8c4-5654-4a5c-a5c8-e34811f54786";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

44
hosts/droppie/jellyfin.nix Normal file
View file

@ -0,0 +1,44 @@
{
flake,
config,
pkgs,
lib,
...
}: {
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.jellyfin = {
enable = true;
openFirewall = false;
};
# from https://jellyfin.org/docs/general/networking/index.html
networking.firewall.allowedUDPPorts = [ 1900 7359 ];
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts = {
"media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "http://127.0.0.1:8096";
};
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
}

7
hosts/droppie/networking.nix
View file

@ -10,12 +10,7 @@
networking.interfaces.enp2s0f1.useDHCP = true;
networking.interfaces.enp2s0f0 = {
ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:3::";
prefixLength = 64;
}
];
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ];
};
# Allow pub.solar restic backups

15
hosts/droppie/nginx.nix Normal file
View file

@ -0,0 +1,15 @@
{
flake,
config,
pkgs,
lib,
...
}: {
services.nginx = {
defaultListenAddresses = [
"192.168.178.3"
"10.13.12.3"
"[fd00:b12f:acab:1312:acab:3::]"
];
};
}

17
hosts/frikandel/authelia-forward.nix
View file

@ -1,17 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"auth.b12f.io" = {};
};
services.nginx.virtualHosts."auth.b12f.io" = {
forceSSL = true;
useACMEHost = "auth.b12f.io";
locations."/".proxyPass = "https://auth.b12f.io";
};
}

8
hosts/frikandel/configuration.nix
View file

@ -9,6 +9,7 @@ with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
@ -18,14 +19,13 @@ in {
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none"
];
boot.initrd.availableKernelModules = ["virtio_pci" "virtio_net"];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [/boot/initrd-ssh-key];
hostKeys = [ /boot/initrd-ssh-key ];
authorizedKeys = flake.self.publicKeys;
shell = "/bin/cryptsetup-askpass";
};
@ -43,7 +43,7 @@ in {
'';
};
boot.supportedFilesystems = ["zfs"];
boot.supportedFilesystems = [ "zfs" ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you

3
hosts/frikandel/default.nix
View file

@ -6,10 +6,9 @@
./networking.nix
./unbound.nix
./nginx.nix
./invoiceplane-proxy.nix
./wireguard.nix
./email.nix
./website.nix
# ./jellyfin-forward.nix
# ./authelia-forward.nix
];
}

115
hosts/frikandel/email.nix
View file

@ -5,15 +5,9 @@
lib,
...
}: let
hzDomain = lib.concatStrings ["hw" "dz" "z." "net"];
# hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ];
dkimDNSb12fio = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ;
'';
dkimDNSmezzabiz = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8iuDq0eon2k7QlBJWGxwDiEv53iJQu2uqxOjr7Ul/nfQjuR6kVKs6oOVopnyFTGRpffrpSHHW1YUN5nF76p0fJphk4l+QmJP36/xweajsNU27PAkb88xG6yRKl28MCfPdMR96+Jobpei8S0UhqcskYs1aZybm7ci9ZuAMidziwIDAQAB" ) ;
'';
dkimDNShzDomain = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvVA2XZno6g6qBdmxoLgX2Qmd883M6yV4YkE/VaNH6xcR0AcTo4hEYoAOPryfKn4FE/TYvyk/k2cyBKpMBn2qbVhwUavYQh/e9bweS2FKQvdzCUUoqXk04o2MqSXb2ZFwkUCtfrPcckBgpF754PDL4HMZGPnkMSdDX7bmYe37CWQIDAQAB") ;
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ;
'';
in {
age.secrets."b12f.io-dkim-private-rsa" = {
@ -29,49 +23,19 @@ in {
owner = "maddy";
};
age.secrets."mezza.biz-dkim-private-rsa" = {
file = "${flake.self}/secrets/mezza.biz-dkim-private-rsa.age";
path = "/var/lib/maddy/dkim_keys/mezza.biz_default.key";
mode = "400";
owner = "maddy";
};
age.secrets."mail@mezza.biz-password" = {
file = "${flake.self}/secrets/mail@mezza.biz-password.age";
mode = "400";
owner = "maddy";
};
age.secrets."hzdomain-dkim-private-rsa" = {
file = "${flake.self}/secrets/hzdomain-dkim-private-rsa.age";
path = "/var/lib/maddy/dkim_keys/hzdomain_default.key";
mode = "400";
owner = "maddy";
};
age.secrets."mail@hzdomain-password" = {
file = "${flake.self}/secrets/mail@hzdomain-password.age";
mode = "400";
owner = "maddy";
};
users.users.maddy.extraGroups = ["nginx"];
users.users.maddy.extraGroups = [ "nginx" ];
security.acme.certs = {
"mail.b12f.io".reloadServices = ["maddy"];
"b12f.io".reloadServices = ["maddy"];
"mail.b12f.io" = {
reloadServices = [ "maddy" ];
};
"b12f.io" = {
reloadServices = [ "maddy" ];
};
"mta-sts.b12f.io" = {};
"mail.mezza.biz".reloadServices = ["maddy"];
"mezza.biz".reloadServices = ["maddy"];
"mta-sts.mezza.biz" = {};
"mail.${hzDomain}".reloadServices = ["maddy"];
"${hzDomain}".reloadServices = ["maddy"];
"mta-sts.${hzDomain}" = {};
};
services.nginx.virtualHosts = builtins.foldl' (hosts: hostName:
hosts
// {
services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // {
"mta-sts.${hostName}" = {
forceSSL = true;
useACMEHost = "mta-sts.${hostName}";
@ -88,23 +52,21 @@ in {
tryFiles = "$uri $uri/ =404";
};
};
}) {} ["b12f.io" "mezza.biz" hzDomain];
}) {} [ "b12f.io" ];
systemd.tmpfiles.rules = [
"d '/run/maddy' 0750 maddy maddy - -"
];
system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter ["var"] ''
system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter [ "var" ] ''
mkdir -p /var/lib/maddy/dkim_keys
echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns
echo '${dkimDNSmezzabiz}' >> /var/lib/maddy/dkim_keys/mezza.biz_default.dns
echo '${dkimDNShzDomain}' >> /var/lib/maddy/dkim_keys/${hzDomain}_default.dns
chown -R maddy:maddy /var/lib/maddy
'';
networking.firewall.allowedTCPPorts = [25];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [465 587 993];
networking.firewall.allowedTCPPorts = [ 25 ];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 465 587 993 ];
services.maddy = {
enable = true;
@ -114,22 +76,14 @@ in {
localDomains = [
"b12f.io"
"mail.b12f.io"
"mezza.biz"
"mail.mezza.biz"
hzDomain
"mail.${hzDomain}"
];
ensureAccounts = [
"mail@b12f.io"
"mail@mezza.biz"
"mail@${hzDomain}"
];
ensureCredentials = {
# Do not use this in production. This will make passwords world-readable
# in the Nix store
"mail@b12f.io".passwordFile = config.age.secrets."mail@b12f.io-password".path;
"mail@mezza.biz".passwordFile = config.age.secrets."mail@mezza.biz-password".path;
"mail@${hzDomain}".passwordFile = config.age.secrets."mail@hzdomain-password".path;
};
tls = {
loader = "file";
@ -142,22 +96,6 @@ in {
keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem";
certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mail.mezza.biz".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.mezza.biz".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mezza.biz".directory}/key.pem";
certPath = "${config.security.acme.certs."mezza.biz".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."${hzDomain}".directory}/key.pem";
certPath = "${config.security.acme.certs."${hzDomain}".directory}/cert.pem";
}
];
};
config = ''
@ -207,7 +145,7 @@ in {
# replace rcpt to catchall and deliver it there
destination $(local_domains) {
modify {
replace_rcpt regexp "(.+)@(.+)" "mail@$2"
replace_rcpt regexp ".*" "mail@$(primary_domain)"
}
deliver_to &local_mailboxes
}
@ -313,26 +251,5 @@ in {
'';
};
systemd.services.rspamd.serviceConfig.SupplementaryGroups = ["maddy"];
age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
mode = "400";
};
age.secrets."restic-password" = {
file = "${flake.self}/secrets/restic-password.age";
mode = "400";
};
services.restic.backups = {
maddy = {
paths = ["/var/lib/maddy"];
initialize = true;
passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Maddy";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
};
};
systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ];
}

37
hosts/frikandel/hardware-configuration.nix
View file

@ -1,21 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices = {
cryptroot = {
@ -24,19 +19,19 @@
};
};
fileSystems."/" = {
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/" =
{ device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/684A-5884";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/684A-5884";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

20
hosts/frikandel/invoiceplane-proxy.nix Normal file
View file

@ -0,0 +1,20 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"invoicing.b12f.io" = {};
};
services.nginx.virtualHosts = {
"invoicing.b12f.io" = {
forceSSL = true;
useACMEHost = "invoicing.b12f.io";
# This redirects to invoiceplane on pie
locations."/".proxyPass = "https://invoicing.b12f.io";
};
};
}

17
hosts/frikandel/jellyfin-forward.nix
View file

@ -1,17 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts."media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "https://media.b12f.io";
};
}

18
hosts/frikandel/networking.nix
View file

@ -8,8 +8,6 @@
networking.hostName = "frikandel";
networking.hostId = "44234773";
networking.nameservers = [
"10.13.12.7"
"fd00:b12f:acab:1312:acab:7::"
"193.110.81.0" #dns0.eu
"2a0f:fc80::" #dns0.eu
"185.253.5.0" #dns0.eu
@ -19,18 +17,8 @@
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
networking.useDHCP = false;
networking.interfaces.enp1s0 = {
ipv4.addresses = [
{
address = "128.140.109.213";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "2a01:4f8:c2c:b60::";
prefixLength = 64;
}
];
ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
};
networking.defaultGateway = {
address = "172.31.1.1";
@ -41,5 +29,5 @@
interface = "enp1s0";
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

24
hosts/frikandel/unbound.nix
View file

@ -29,8 +29,8 @@
owner = "unbound";
};
networking.firewall.interfaces.wg-private.allowedUDPPorts = [53];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [53];
networking.firewall.interfaces.wg-private.allowedUDPPorts = [ 53 ];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 53 ];
services.resolved.enable = false;
services.unbound = {
@ -56,15 +56,8 @@
];
local-zone = [
"\"b12f.io\" transparent"
"\"pub.solar\" transparent"
];
local-data = [
"\"stroopwafel.b12f.io. 10800 IN A 10.13.12.5\""
"\"stroopwafel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:5::\""
"\"chocolatebar.b12f.io. 10800 IN A 10.13.12.8\""
"\"chocolatebar.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:8::\""
"\"droppie.b12f.io. 10800 IN A 10.13.12.3\""
"\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
@ -97,18 +90,6 @@
"\"b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.b12f.io. 10800 IN A 10.13.12.7\""
"\"mail.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mezza.biz. 10800 IN A 10.13.12.7\""
"\"mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.mezza.biz. 10800 IN A 10.13.12.7\""
"\"mail.mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
"\"h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
"\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mezza.git.pub.solar. 10800 IN CNAME git.pub.solar\""
];
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
@ -136,4 +117,5 @@
};
};
};
}

12
hosts/frikandel/website.nix
View file

@ -6,7 +6,6 @@
security.acme.certs = {
"benjaminbaedorf.eu" = {};
"b12f.io" = {};
"mezza.biz" = {};
};
services.nginx.virtualHosts = {
@ -26,16 +25,5 @@
tryFiles = "$uri $uri/ =404";
};
};
"mezza.biz" = {
forceSSL = true;
useACMEHost = "mezza.biz";
locations."/" = {
root = pkgs.mezza-biz;
index = "index.html";
tryFiles = "$uri $uri/ =404";
};
};
};
}

29
hosts/frikandel/wireguard.nix
View file

@ -4,8 +4,7 @@
pkgs,
lib,
...
}:
with lib; {
}: with lib; {
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.wg-private.forwarding" = 1;
@ -17,10 +16,10 @@ with lib; {
enable = true;
enableIPv6 = true;
externalInterface = "enp1s0";
internalInterfaces = ["wg-private"];
internalInterfaces = [ "wg-private" ];
};
networking.firewall.allowedUDPPorts = [51899];
networking.firewall.allowedUDPPorts = [ 51899 ];
networking.firewall.extraForwardRules = [
"iifname { != wg-private } reject"
@ -28,7 +27,7 @@ with lib; {
];
systemd.services.wireguard-wg-private = {
wantedBy = [
after = [
"network.target"
"network-online.target"
"nss-lookup.target"
@ -45,7 +44,7 @@ with lib; {
};
};
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-frikandel.age";
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-frikandel-server.age";
# Enable WireGuard
networking.wireguard.interfaces = {
@ -58,8 +57,7 @@ with lib; {
];
privateKeyFile = config.age.secrets.wg-private-key.path;
peers = [
{
# pie
{ # pie
publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
allowedIPs = [
"10.13.12.2/32"
@ -68,8 +66,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# droppie
{ # droppie
publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw=";
allowedIPs = [
"10.13.12.3/32"
@ -78,8 +75,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# chocolatebar
{ # chocolatebar
publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A=";
allowedIPs = [
"10.13.12.5/32"
@ -88,8 +84,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# biolimo
{ # biolimo
publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc=";
allowedIPs = [
"10.13.12.6/32"
@ -98,8 +93,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# stroopwafel
{ # stroopwafel
publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU=";
allowedIPs = [
"10.13.12.8/32"
@ -108,8 +102,7 @@ with lib; {
persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30;
}
{
# fp3
{ # fp3
publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI=";
allowedIPs = [
"10.13.12.9/32"

3
hosts/iso/default.nix
View file

@ -4,7 +4,6 @@
...
}: {
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
systemd.services.sshd.wantedBy = lib.mkForce ["multi-user.target"];
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
networking.networkmanager.enable = false;
services.openssh.openFirewall = lib.mkForce true;
}

8
hosts/maoam/default.nix
View file

@ -1,12 +1,8 @@
{
flake,
pkgs,
...
}: {
{ flake, pkgs, ... }: {
imports = [
./configuration.nix
./hardware-configuration.nix
((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") {device = "pine64-pinephone";})
((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") { device = "pine64-pinephone"; })
"${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix"
];
}

6
hosts/maoam/hardware-configuration.nix
View file

@ -1,10 +1,6 @@
# NOTE: this file was generated by the Mobile NixOS installer.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: {
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004";

5
hosts/pie/.env.firefly
View file

@ -149,12 +149,13 @@ MAP_DEFAULT_ZOOM=6
#
# LDAP is no longer supported :(
#
AUTHENTICATION_GUARD=remote_user_guard
AUTHENTICATION_GUARD=web
#
# Remote user guard settings
#
AUTHENTICATION_GUARD_HEADER=Remote-Email
AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
#
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first.

95
hosts/pie/authelia.nix
View file

@ -1,22 +1,14 @@
{
flake,
lib,
config,
pkgs,
flake,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
disabledModules = [
"services/security/authelia.nix"
];
imports = [
"${flake.inputs.nixpkgs-master}/nixos/modules/services/security/authelia.nix"
];
age.secrets."authelia-storage-encryption-key" = {
file = "${flake.self}/secrets/authelia-storage-encryption-key.age";
mode = "400";
@ -35,24 +27,6 @@ in {
owner = "authelia-b12f";
};
age.secrets."authelia-oidc-issuer-private-key" = {
file = "${flake.self}/secrets/authelia-oidc-issuer-private-key.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-oidc-hmac-secret" = {
file = "${flake.self}/secrets/authelia-oidc-hmac-secret.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-jwks-private-key" = {
file = "${flake.self}/secrets/authelia-jwks-private-key.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-users-file" = {
file = "${flake.self}/secrets/authelia-users-file.age";
mode = "400";
@ -73,10 +47,10 @@ in {
"auth.b12f.io" = {
forceSSL = true;
useACMEHost = "auth.b12f.io";
locations."/".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}";
locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}";
locations."/".extraConfig = "include /etc/nginx/conf-available/proxy.conf;";
locations."/api/verify".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}";
locations."/api/authz".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}";
locations."/api/verify".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}";
locations."/api/authz".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}";
};
};
@ -87,12 +61,6 @@ in {
storageEncryptionKeyFile = config.age.secrets."authelia-storage-encryption-key".path;
sessionSecretFile = config.age.secrets."authelia-session-secret".path;
jwtSecretFile = config.age.secrets."authelia-jwt-secret".path;
oidcIssuerPrivateKeyFile = config.age.secrets."authelia-oidc-issuer-private-key".path;
oidcHmacSecretFile = config.age.secrets."authelia-oidc-hmac-secret".path;
};
environmentVariables = {
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets."mail@b12f.io-password".path;
};
settings = {
@ -100,12 +68,12 @@ in {
default_2fa_method = "webauthn";
log.level = "debug";
server = {
address = "127.0.0.1:9092";
endpoints.authz.auth-request.implementation = "AuthRequest";
port = 9092;
host = "127.0.0.1";
};
authentication_backend = {
refresh_interval = "disable";
password_reset.disable = true;
password_reset = { disable = true; };
file = {
path = config.age.secrets."authelia-users-file".path;
watch = false;
@ -116,61 +84,32 @@ in {
totp.issuer = "auth.b12f.io";
storage.local.path = "/var/lib/authelia-b12f/db.sqlite3";
access_control.default_policy = "two_factor";
session.cookies = [
{
domain = "b12f.io";
authelia_url = "https://auth.b12f.io";
}
];
session = {
domain = "auth.b12f.io";
# authelia_url = "https://auth.b12f.io";
};
notifier.disable_startup_check = true;
notifier.smtp = {
address = "submission://mail.b12f.io:587";
host = "mail.b12f.io";
port = 587;
username = "mail@b12f.io";
sender = "auth.b12f.io <mail@b12f.io>";
identifier = "auth@b12f.io";
subject = "[auth.b12f.io] {title}";
};
identity_providers.oidc = {
authorization_policies = {
admins = {
default_policy = "deny";
rules = [{
policy = "two_factor";
subject = "group:admins";
}];
};
};
clients = [
{
client_id = "jellyfin";
client_secret = "$pbkdf2-sha512$310000$koY0g1AqL.fEeQUJcE48SA$b9G4p7qquc6M9rSTnR.Ac3Le9KS25zbTN0aNiXT4sxag7Kstu4Pt66/sVlAh3lIS4CGjLcPA2GvjhXnapC.ziQ";
public = false;
authorization_policy = "admins";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [ "https://media.b12f.io/sso/OID/redirect/authelia" ];
scopes = [
"openid"
"profile"
"groups"
];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
systemd.services.authelia-b12f.preStart = "env";
systemd.services.authelia-b12f.environment.AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets."mail@b12f.io-password".path;
services.restic.backups = {
authelia = {
paths = ["/var/lib/authelia-b12f"];
paths = [ "/var/lib/authelia-b12f" ];
initialize = true;
passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Authelia";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
};
};
}

4
hosts/pie/backup.nix
View file

@ -8,8 +8,8 @@
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in {
age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
age.secrets."rclone-pie.conf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf";
mode = "400";
};

9
hosts/pie/configuration.nix
View file

@ -20,7 +20,8 @@ in {
boot.loader.systemd-boot.enable = false;
boot.loader.generic-extlinux-compatible.enable = false;
boot.supportedFilesystems = ["zfs"];
boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = pkgs.linuxPackages_6_1_hardened;
boot.kernelParams = [
"boot.shell_on_fail=1"
@ -28,7 +29,7 @@ in {
"ip=127.0.0.1:::::lo:none"
];
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = ["genet"];
boot.initrd.availableKernelModules = [ "genet" ];
boot.initrd.network = {
enable = true;
ssh = {
@ -50,10 +51,6 @@ in {
'';
};
# Ran into this
# https://discourse.nixos.org/t/logrotate-config-fails-due-to-missing-group-30000/28501
services.logrotate.checkConfig = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

19
hosts/pie/dhcpd.nix
View file

@ -1,9 +1,6 @@
{ pkgs, adblock-unbound, ... }:
{
pkgs,
adblock-unbound,
...
}: {
networking.firewall.allowedUDPPorts = [67 547];
networking.firewall.allowedUDPPorts = [ 67 547 ];
networking.firewall.extraInputRules = ''
ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server"
'';
@ -33,7 +30,7 @@
{
subnet = "192.168.178.0/24";
pools = [
{pool = "192.168.178.2 - 192.168.178.255";}
{ pool = "192.168.178.2 - 192.168.178.255"; }
];
option-data = [
@ -103,19 +100,19 @@
subnet = "2a02:908:5b1:e3c0::/64";
pools = [
{pool = "2a02:908:5b1:e3c0::/72";}
{ pool = "2a02:908:5b1:e3c0::/72"; }
];
ddns-qualifying-suffix = "local.";
option-data = [
{
name = "dns-servers";
data = "2a02:908:5b1:e3c0:2::";
name = "dns-servers";
data = "2a02:908:5b1:e3c0:2::";
}
{
name = "domain-search";
data = "local";
name = "domain-search";
data = "local";
}
];

20
hosts/pie/firefly.nix
View file

@ -39,8 +39,6 @@ in {
forceSSL = true;
useACMEHost = "firefly.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
# Make api calls skip the nginx proxy auth
locations."/api/v1".proxyPass = "http://127.0.0.1:8080";
locations."/".proxyPass = "http://127.0.0.1:8080";
locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf;
@ -80,14 +78,14 @@ in {
volumes = [
"/var/lib/firefly/upload:/var/www/html/storage/upload"
];
extraOptions = ["--network=firefly"];
extraOptions = [ "--network=firefly" ];
environmentFiles = [
./.env.firefly
config.age.secrets."firefly-secrets.env".path
config.age.secrets."firefly-cron-secrets.env".path
];
ports = ["127.0.0.1:8080:8080"];
dependsOn = ["firefly-db"];
ports = [ "127.0.0.1:8080:8080" ];
dependsOn = [ "firefly-db" ];
};
containers."firefly-db" = {
@ -96,7 +94,7 @@ in {
volumes = [
"/var/lib/firefly/db:/var/lib/postgresql/data"
];
extraOptions = ["--network=firefly"];
extraOptions = [ "--network=firefly" ];
environmentFiles = [
config.age.secrets."firefly-db-secrets.env".path
];
@ -105,8 +103,8 @@ in {
containers."firefly-importer" = {
image = "fireflyiii/data-importer:latest";
autoStart = true;
extraOptions = ["--network=firefly"];
ports = ["127.0.0.1:8081:8080"];
extraOptions = [ "--network=firefly" ];
ports = [ "127.0.0.1:8081:8080" ];
environment = {
FIREFLY_III_URL = "https://firefly.b12f.io";
};
@ -114,7 +112,7 @@ in {
./.env.firefly-importer
config.age.secrets."firefly-importer-secrets.env".path
];
dependsOn = ["firefly"];
dependsOn = [ "firefly" ];
};
containers."firefly-cron" = {
@ -128,7 +126,7 @@ in {
environmentFiles = [
config.age.secrets."firefly-cron-secrets.env".path
];
extraOptions = ["--network=firefly"];
extraOptions = [ "--network=firefly" ];
};
};
};
@ -150,7 +148,7 @@ in {
backupPrepareCommand = ''
${pkgs.docker-client}/bin/docker exec -t firefly-db pg_dumpall -c -U firefly > "${backupDir}/postgres.sql"
'';
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
};
};
}

41
hosts/pie/hardware-configuration.nix
View file

@ -1,22 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "uas" "usb_storage"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["zfs"];
boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "uas" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices = {
cryptroot = {
@ -25,19 +21,20 @@
};
};
fileSystems."/" = {
device = "zroot/root";
fsType = "zfs";
};
fileSystems."/" =
{ device = "zroot/root";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/0D5D-B809";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0D5D-B809";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9";}
];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

11
hosts/pie/invoiceplane.nix
View file

@ -28,6 +28,11 @@ in {
"invoicing.b12f.io" = {
forceSSL = true;
useACMEHost = "invoicing.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf;
include /etc/nginx/conf-available/authelia-authrequest.conf;
'';
};
};
@ -44,8 +49,6 @@ in {
createLocally = false;
};
invoiceTemplates = [pkgs.invoiceplane-template];
extraConfig = ''
SETUP_COMPLETED=true
DISABLE_SETUP=true
@ -72,7 +75,7 @@ in {
containers."invoiceplane-db" = {
image = "mariadb:11";
autoStart = true;
ports = ["127.0.0.1:3306:3306"];
ports = [ "127.0.0.1:3306:3306" ];
volumes = [
"/var/lib/invoiceplane/db:/var/lib/mysql"
];
@ -101,7 +104,7 @@ in {
PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
'';
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
};
};
}

17
hosts/pie/networking.nix
View file

@ -15,25 +15,16 @@
networking.interfaces.enabcm6e4ei0 = {
ipv4.addresses = [
{
address = "192.168.178.2";
prefixLength = 32;
}
{ address = "192.168.178.2"; prefixLength = 32; }
];
ipv6.addresses = [
{
address = "2a02:908:5b1:e3c0:2::";
prefixLength = 128;
}
{
address = "fe80:b12f:acab:1312:acab:2::";
prefixLength = 128;
}
{ address = "2a02:908:5b1:e3c0:2::"; prefixLength = 128; }
{ address = "fe80:b12f:acab:1312:acab:2::"; prefixLength = 128; }
];
};
networking.hosts = {
"192.168.178.3" = ["droppie-initrd.b12f.io"];
"192.168.178.3" = [ "droppie-initrd.b12f.io" ];
};
services.openssh.allowSFTP = true;

73
hosts/pie/paperless.nix
View file

@ -13,41 +13,34 @@ with lib; let
backupDir = "/var/lib/PaperlessBackup";
consumptionDir = "/var/lib/scandir";
scan2paperless = with pkgs;
writeShellScriptBin "scan2paperless" ''
DEVICE=$1
NUM_PAGES=$2
NAME=$3
scan2paperless = with pkgs; writeShellScriptBin "scan2paperless" ''
DEVICE=$1
NUM_PAGES=$2
NAME=$3
if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then
echo "Usage: scan2paperless <device> <num_pages> <name>"
exit 1
fi
if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then
echo "Usage: scan2paperless <device> <num_pages> <name>"
exit 1
fi
tmpDir=$(${coreutils}/bin/mktemp -d)
files=()
tmpDir=$(${coreutils}/bin/mktemp -d)
files=()
for i in $(seq 1 $NUM_PAGES); do
fileName=$(${openssl}/bin/openssl rand -hex 12)
file="$tmpDir/$fileName.jpg"
echo "Start scanning page $i/$NUM_PAGES";
${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file
echo "Finished scanning page $i";
files+=($file)
done
for i in $(seq 1 $NUM_PAGES); do
fileName=$(${openssl}/bin/openssl rand -hex 12)
file="$tmpDir/$fileName.jpg"
echo "Start scanning page $i/$NUM_PAGES";
${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file
echo "Finished scanning page $i";
files+=($file)
done
pdf="${consumptionDir}/$NAME.pdf"
${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]}
pdf="${consumptionDir}/$NAME.pdf"
${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]}
echo "PDF written to $pdf"
'';
echo "PDF written to $pdf"
'';
in {
age.secrets."paperless.env" = {
file = "${flake.self}/secrets/paperless.env.age";
mode = "400";
owner = "paperless";
};
#################################
# Paperless service and proxy
#################################
@ -66,7 +59,7 @@ in {
include /etc/nginx/conf-available/proxy.conf;
include /etc/nginx/conf-available/authelia-authrequest.conf;
'';
};
};
};
services.paperless = {
@ -74,17 +67,14 @@ in {
consumptionDir = consumptionDir;
dataDir = dataDir;
address = "127.0.0.1";
settings = {
extraConfig = {
PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_URL = "https://paperless.b12f.io";
PAPERLESS_DISABLE_REGULAR_LOGIN = "True";
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "True";
PAPERLESS_EMAIL_TASK_CRON = "*/2 * * * *";
};
};
systemd.services.paperless-web.serviceConfig.EnvironmentFile = [config.age.secrets."paperless.env".path];
#################################
# Scanning
#################################
@ -121,7 +111,7 @@ in {
services.cron = {
enable = true;
systemCronJobs = [
"30 1 * * * paperless ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}' /var/lib/fetch-hostingde-invoices/ids"
"30 1 * * * paperless ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}'"
];
};
@ -134,11 +124,11 @@ in {
"d '${backupDir}' 0700 paperless users - -"
"d '${consumptionDir}' 0700 paperless users - -"
"d /tmp/paperless 0700 paperless users - -"
"d /var/lib/fetch-hostingde-invoices 0700 paperless users - -"
];
age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
age.secrets."rclone-pie.conf" = {
file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf";
mode = "400";
};
@ -149,16 +139,13 @@ in {
services.restic.backups = {
paperless = {
paths = [
backupDir
"/var/lib/fetch-hostingde-invoices"
];
paths = [ backupDir ];
initialize = true;
passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Paperless";
backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
};
};
}

24
hosts/pie/unbound.nix
View file

@ -29,8 +29,8 @@
owner = "unbound";
};
networking.firewall.allowedUDPPorts = [53];
networking.firewall.allowedTCPPorts = [53];
networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [ 53 ];
services.resolved.enable = false;
services.unbound = {
@ -45,17 +45,17 @@
"::1"
"192.168.178.2"
"fd00:b12f:acab:1312:acab:2::"
"2a02:908:5b1:e3c0:2::"
];
access-control = [
"127.0.0.1/32 allow"
# Allow from local network
"192.168.178.0/24 allow"
"fd00:b12f:acab:1312:acab::/64 allow"
"2a02:908:5b1:e3c0::/64 allow"
# Allow from wireguard
"192.168.178.0/24 allow"
"10.13.12.0/24 allow"
"fd00:b12f:acab:1312::/64 allow"
];
local-zone = [
@ -66,16 +66,7 @@
"\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\""
"\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\""
"\"pie.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\""
"\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
"\"invoicing.b12f.io. 10800 IN A 192.168.178.2\""
"\"auth.b12f.io. 10800 IN A 192.168.178.2\""
"\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
"\"media.b12f.io. 10800 IN A 192.168.178.3\""
"\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:2::\""
"\"fritz.box. 10800 IN A 192.168.178.1\""
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
@ -88,7 +79,7 @@
{
name = ".";
forward-addr = [
"192.168.178.7"
"10.13.12.7"
"fd00:b12f:acab:1312:acab:7::"
];
}
@ -103,4 +94,5 @@
};
};
};
}

3
hosts/pie/wake-droppie.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.cron = {
enable = true;
systemCronJobs = [

19
hosts/stroopwafel/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d amdgpu_bl0 set +10%; notify-send $(brightnessctl -d amdgpu_bl0 i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d amdgpu_bl0 set 10%-; notify-send $(brightnessctl -d amdgpu_bl0 i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

7
hosts/stroopwafel/configuration.nix
View file

@ -17,9 +17,9 @@ in {
boot.initrd.preLVMCommands = "udevadm trigger --settle";
boot.swraid.enable = true;
boot.swraid.mdadmConf = ''
DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2
ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd
MAILADDR ${psCfg.user.email}
DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2
ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd
MAILADDR ${psCfg.user.email}
'';
pub-solar.core.hibernation.enable = true;
@ -32,6 +32,7 @@ in {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
};

2
hosts/stroopwafel/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
imports = [
./configuration.nix
./hardware-configuration.nix

78
hosts/stroopwafel/hardware-configuration.nix
View file

@ -1,59 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
{ config, lib, pkgs, modulesPath, ... }:
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-id/md-name-nixos:root";
allowDiscards = true;
};
fileSystems."/" = {
device = "none";
fsType = "tmpfs";
};
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EC82-67F4";
fsType = "vfat";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EC82-67F4";
fsType = "vfat";
};
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9";
fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true;
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9";
fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de";
fsType = "ext4";
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de";
fsType = "ext4";
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f";
fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true;
};
fileSystems."/persist" =
{ device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f";
fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true;
};
swapDevices = [
{device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470";}
];
swapDevices =
[ { device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

21
hosts/stroopwafel/networking.nix
View file

@ -6,7 +6,7 @@
...
}: {
networking.hostName = "stroopwafel";
networking.wireless.iwd.enable = true;
networking.networkmanager.wifi.backend = "wpa_supplicant";
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-stroopwafel.age";
@ -41,23 +41,4 @@
];
privateKeyFile = config.age.secrets.wg-pub-solar-key.path;
};
age.secrets.wg-momo-key.file = "${flake.self}/secrets/wg-momo-stroopwafel.age";
pub-solar.wireguard.momo = {
ownIPs = [
"10.30.30.200/32"
"fd00:3030:3030:3030:3030:200::/96"
];
privateKeyFile = config.age.secrets.wg-momo-key.path;
};
age.secrets.wg-ehex-key.file = "${flake.self}/secrets/wg-ehex-stroopwafel.age";
pub-solar.wireguard.ehex = {
ownIPs = [
"10.42.0.135/22"
];
privateKeyFile = config.age.secrets.wg-ehex-key.path;
};
}

2
hosts/stroopwafel/openstreetmap.nix
View file

@ -6,7 +6,7 @@
...
}: {
services.openstreetmap = {
enable = true;
enable = false;
debug = true;
totalRamGb = 14;
};

3
lib/add-local-hostname.nix
View file

@ -1,4 +1,5 @@
{lib}: hostnames: {
{ lib }:
hostnames: {
"127.0.0.1" = hostnames;
"::1" = hostnames;
}

8
lib/default.nix
View file

@ -1,8 +1,4 @@
{
lib,
inputs,
...
}: {
{ lib, inputs, ... }: {
# Configuration common to all Linux systems
flake = {
lib = let
@ -14,7 +10,7 @@
#foo = callLibs ./foo.nix;
## In configs, they can be used under "lib.our"
deploy = import ./deploy.nix {inherit inputs lib;};
deploy = import ./deploy.nix { inherit inputs lib; };
addLocalHostname = callLibs ./add-local-hostname.nix;
recursiveMerge = callLibs ./recursive-merge.nix;
mkEmailAddress = account: domain: account + "@" + domain;

85
lib/deploy.nix
View file

@ -1,13 +1,11 @@
/*
* The contents of this file are adapted from digga
* https://github.com/divnix/digga
*
* Licensed under the MIT license
*/
{
lib,
inputs,
}: let
* The contents of this file are adapted from digga
* https://github.com/divnix/digga
*
* Licensed under the MIT license
*/
{ lib, inputs }: let
getFqdn = c: let
net = c.config.networking;
fqdn =
@ -19,60 +17,43 @@
in {
mkDeployNodes = systemConfigurations: extraConfig:
/*
*
Synopsis: mkNodes _systemConfigurations_ _extraConfig_
*
Synopsis: mkNodes _systemConfigurations_ _extraConfig_
Generate the `nodes` attribute expected by deploy-rs
where _systemConfigurations_ are `nodes`.
Generate the `nodes` attribute expected by deploy-rs
where _systemConfigurations_ are `nodes`.
_systemConfigurations_ should take the form of a flake's
_nixosConfigurations_. Note that deploy-rs does not currently support
deploying to darwin hosts.
_systemConfigurations_ should take the form of a flake's
_nixosConfigurations_. Note that deploy-rs does not currently support
deploying to darwin hosts.
_extraConfig_, if specified, will be merged into each of the
nodes' configurations.
_extraConfig_, if specified, will be merged into each of the
nodes' configurations.
Example _systemConfigurations_ input:
Example _systemConfigurations_ input:
```
{
hostname-1 = {
fastConnection = true;
sshOpts = [ "-p" "25" ];
};
hostname-2 = {
sshOpts = [ "-p" "19999" ];
sshUser = "root";
};
}
```
*
*/
```
{
hostname-1 = {
fastConnection = true;
sshOpts = [ "-p" "25" ];
};
hostname-2 = {
sshOpts = [ "-p" "19999" ];
sshUser = "root";
};
}
```
*
*/
lib.recursiveUpdate
(lib.mapAttrs
(
_: c: let
system = c.pkgs.stdenv.hostPlatform.system;
# Unmodified nixpkgs
pkgs = import inputs.nixpkgs {inherit system;};
# nixpkgs with deploy-rs overlay but force the nixpkgs package
deployPkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.deploy-rs.overlay # or deploy-rs.overlays.default
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = super.deploy-rs.lib;
};
})
];
};
in {
_: c: {
hostname = getFqdn c;
profiles.system = {
user = "root";
path = deployPkgs.deploy-rs.lib.activate.nixos c;
path = inputs.deploy-rs.lib.${c.pkgs.stdenv.hostPlatform.system}.activate.nixos c;
};
}
)

6
lib/recursive-merge.nix
View file

@ -1,4 +1,6 @@
{lib}: attrList: let
{ lib }:
attrList:
let
f = attrPath:
zipAttrsWith (
n: values:
@ -11,4 +13,4 @@
else last values
);
in
f [] attrList
f [] attrList;

1
modules/audio/default.nix
View file

@ -20,6 +20,7 @@ in {
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
pulseaudio
vimpc
spotify-tui
];
};

12
modules/bluetooth/default.nix
View file

@ -23,18 +23,6 @@
};
services.blueman.enable = true;
home-manager.users."${config.pub-solar.user.name}" = {
services.blueman-applet.enable = true;
systemd.user.services.blueman-applet = {
Unit = {
BindsTo = ["sway-session.target"];
After = lib.mkForce ["sway-session.target"];
Requires = lib.mkForce [ ];
};
Install.WantedBy = [ "sway-session.target" ];
};
};
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
text = ''
bluez_monitor.properties = {

2
modules/core/boot.nix
View file

@ -12,7 +12,7 @@ in {
loader.systemd-boot.enable = lib.mkDefault true;
# Use latest LTS linux kernel by default
kernelPackages = pkgs.linuxPackages_6_6_hardened;
kernelPackages = lib.mkDefault pkgs.linuxPackages_6_7_hardened;
# Support ntfs drives
supportedFilesystems = ["ntfs"];

6
modules/core/networking.nix
View file

@ -10,8 +10,8 @@
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
networking.hosts = {
"128.140.109.213" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ];
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ];
"128.140.109.213" = [ "vpn.b12f.io" ];
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ];
};
networking.networkmanager = {
@ -38,7 +38,7 @@
};
# Don't expose SSH via public interfaces
networking.firewall.interfaces.wg-private.allowedTCPPorts = [22];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 22 ];
# For rage encryption, all hosts need a ssh key pair
services.openssh = {

2
modules/crypto/default.nix
View file

@ -24,7 +24,7 @@ in {
enable = true;
enableSSHSupport = true;
enableExtraSocket = true;
pinentryPackage = pkgs.pinentry-gnome3;
pinentryFlavor = "gnome3";
};
home-manager.users."${psCfg.user.name}" = {

7
modules/desktop-extended/default.nix
View file

@ -29,6 +29,13 @@ in {
element-desktop
element-b12f
element-mezza
# Nix specific utilities
alejandra
manix
nix-index
nix-tree
nvd
];
fonts = {

15
modules/graphical/.config/user-dirs.dirs Normal file
View file

@ -0,0 +1,15 @@
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
XDG_DESKTOP_DIR="$HOME/"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/"
XDG_MUSIC_DIR="$HOME/"
XDG_PICTURES_DIR="$HOME/"
XDG_VIDEOS_DIR="$HOME/"

17
modules/graphical/.config/waybar/style.css
View file

@ -1,3 +1,20 @@
@define-color base00 #1a181a;
@define-color base01 #2d2a2e;
@define-color base02 #303030;
@define-color base03 #949494;
@define-color base04 #d3d1d4;
@define-color base05 #e3e1e4;
@define-color base06 #303030;
@define-color base07 #ff5f5f;
@define-color base08 #f85e84;
@define-color base09 #df5923;
@define-color base0A #e5c463;
@define-color base0B #9ecd6f;
@define-color base0C #ef9062;
@define-color base0D #7accd7;
@define-color base0E #ab9df2;
@define-color base0F #d70000;
* {
min-height: 0;
border: none;

18
modules/graphical/.config/xsettingsd/xsettingsd.conf Normal file
View file

@ -0,0 +1,18 @@
Gtk/ButtonImages 1
Gtk/CanChangeAccels 1
Gtk/CursorThemeName "default"
Gtk/CursorThemeSize 0
Gtk/EnableEventSounds 0
Gtk/EnableInputFeedbackSounds 0
Gtk/FontName "Lato"
Gtk/ThemeName "Matcha-dark-aliz"
Gtk/IconThemeName "Papirus-Adapta-Nokto-Maia"
Gtk/MenuBarAccel "F10"
Gtk/MenuImages 1
Gtk/ToolbarIconSize 3
Gtk/ToolbarStyle "icons"
Xft/Antialias 1
Xft/DPI 102400
Xft/Hinting 1
Xft/HintStyle "hintslight"
Xft/RGBA "rgb"

19
modules/graphical/.xinitrc
View file

@ -9,6 +9,8 @@ usermodmap=$HOME/.config/xmodmap
sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap
DEFAULT_SESSION='i3 --shmlog-size 0'
xset -b
if [ -d $HOME/.fonts ]; then
@ -46,8 +48,23 @@ fi
get_session(){
local dbus_args=(--sh-syntax --exit-with-session)
case $1 in
awesome) dbus_args+=(awesome) ;;
bspwm) dbus_args+=(bspwm-session) ;;
budgie) dbus_args+=(budgie-desktop) ;;
cinnamon) dbus_args+=(cinnamon-session) ;;
deepin) dbus_args+=(startdde) ;;
enlightenment) dbus_args+=(enlightenment_start) ;;
fluxbox) dbus_args+=(startfluxbox) ;;
gnome) dbus_args+=(gnome-session) ;;
i3|i3wm) dbus_args+=(i3 --shmlog-size 0) ;;
*) dbus_args+=(sway) ;;
jwm) dbus_args+=(jwm) ;;
kde) dbus_args+=(startkde) ;;
lxde) dbus_args+=(startlxde) ;;
lxqt) dbus_args+=(lxqt-session) ;;
mate) dbus_args+=(mate-session) ;;
xfce) dbus_args+=(xfce4-session) ;;
openbox) dbus_args+=(openbox-session) ;;
*) dbus_args+=($DEFAULT_SESSION) ;;
esac
echo "dbus-launch ${dbus_args[*]}"

68
modules/graphical/alacritty.nix
View file

@ -1,6 +1,6 @@
{ flake, ...}: with flake.self.theme.with0x; {
{
env = {
TERM = "xterm-direct";
TERM = "xterm-256color";
};
window = {
@ -30,6 +30,9 @@
multiplier = 3;
};
# When true, bold text is drawn using the bright variant of colors.
draw_bold_text_with_bright_colors = true;
font = {
# The normal (roman) font face to use.
normal = {
@ -65,7 +68,7 @@
};
};
keyboard.bindings = [
key_bindings = [
{
key = "V";
mods = "Control|Alt";
@ -159,13 +162,10 @@
# Base16 Burn 256 - alacritty color config
# Benjamin Bädorf
colors = {
# When true, bold text is drawn using the bright variant of colors.
draw_bold_text_with_bright_colors = true;
# Default colors
primary = {
background = base00;
foreground = base05;
background = "0x1a181a";
foreground = "0xe3e1e4";
};
# Cursor colors
@ -184,8 +184,8 @@
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
matches = {
foreground = base0A;
background = base00;
foreground = "0xe5c463";
background = "0x1a181a";
};
focused_match = {
foreground = "CellBackground";
@ -203,58 +203,58 @@
# Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff.
selection = {
text = base00;
background = base08;
text = "0x1a181a";
background = "0xf85e84";
};
# Normal colors
normal = {
black = base00;
red = base09;
green = base0B;
yellow = base0A;
blue = base0D;
magenta = base0E;
cyan = base0C;
white = base05;
black = "0x1a181a";
red = "0xf85e84";
green = "0x9ecd6f";
yellow = "0xe5c463";
blue = "0x7accd7";
magenta = "0xab9df2";
cyan = "0xef9062";
white = "0xe3e1e4";
};
# Bright colors
bright = {
black = base00;
red = base0F;
green = base0B;
yellow = base0A;
blue = base0D;
magenta = base0E;
cyan = base0C;
white = base05;
black = "0x949494";
red = "0xf85e84";
green = "0x9ecd6f";
yellow = "0xe5c463";
blue = "0x7accd7";
magenta = "0xab9df2";
cyan = "0xef9062";
white = "0xff5f5f";
};
indexed_colors = [
{
index = 16;
color = base09;
color = "0xdf5923";
}
{
index = 17;
color = base0F;
color = "0xd70000";
}
{
index = 18;
color = base01;
color = "0x2d2a2e";
}
{
index = 19;
color = base02;
color = "0x303030";
}
{
index = 20;
color = base04;
color = "0xd3d1d4";
}
{
index = 21;
color = base02;
color = "0x303030";
}
];
};

58
modules/graphical/default.nix
View file

@ -1,4 +1,4 @@
args@{
{
lib,
config,
pkgs,
@ -6,7 +6,7 @@ args@{
}:
with lib; let
psCfg = config.pub-solar;
tomlFormat = pkgs.formats.toml {};
yamlFormat = pkgs.formats.yaml {};
sessionVariables = {
WLR_RENDERER =
if psCfg.graphical.wayland.software-renderer.enable
@ -45,16 +45,26 @@ in {
glib
xdg-utils
xorg.xbacklight
desktop-file-utils
];
etc = {
"xdg/PubSolar.conf".text = ''
[Qt]
style=GTK+
'';
};
variables = sessionVariables;
};
services.getty.autologinUser = psCfg.user.name;
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
# Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME
programs.dconf.enable = true;
services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon];
@ -82,45 +92,31 @@ in {
users.users."${psCfg.user.name}".packages = with pkgs; [
alacritty
firefox-wayland
flameshot
gnome.adwaita-icon-theme
gnome.eog
gnome.nautilus
gnome.seahorse
gnome.yelp
hicolor-icon-theme
keepassxc
libnotify
toggle-kbd-layout
vlc
wcwd
wdisplays
wl-mirror
];
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
home-manager.users."${psCfg.user.name}" = {
home.file."xinitrc".source = ./.xinitrc;
xdg.configFile."alacritty/alacritty.toml".source = tomlFormat.generate "alacritty.toml" ((import ./alacritty.nix) args);
xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix);
xdg.configFile."xmodmap".source = ./.config/xmodmap;
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
gtk = {
enable = true;
font.name = "Lato";
@ -138,21 +134,13 @@ in {
gtk-xft-hinting = "1";
gtk-xft-hintstyle = "hintfull";
gtk-xft-rgba = "rgb";
gtk-application-prefer-dark-theme = "1";
gtk-application-prefer-dark-theme = "true";
};
};
xresources.extraConfig = builtins.readFile ./.Xdefaults;
services.network-manager-applet.enable = true;
systemd.user.services.network-manager-applet = {
Unit = {
BindsTo = ["sway-session.target"];
After = lib.mkForce ["sway-session.target"];
Requires = lib.mkForce [ ];
};
Install.WantedBy = [ "sway-session.target" ];
};
systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
home.sessionVariables = sessionVariables;
systemd.user.sessionVariables = sessionVariables;

15
modules/graphical/mako.nix
View file

@ -2,7 +2,6 @@
lib,
config,
pkgs,
flake,
...
}:
with lib; let
@ -11,20 +10,20 @@ in {
home-manager.users."${psCfg.user.name}" = {
services.mako = {
enable = true;
extraConfig = with flake.self.theme.withHashtag; ''
extraConfig = ''
padding=10
margin=5,5,0
default-timeout=5000
background-color=${base00}
text-color=${base05}
border-color=${base07}
background-color=#1a181a
text-color=#e3e1e4
border-color=#ff5f5f
font=Hack 14
[urgency=high]
background-color=${base07}
text-color=${base00}
border-color=${base00}
background-color=#ff5f5f
text-color=#1a181a
border-color=#1a181a
layer=overlay
font=Hack 14
'';

19
modules/graphical/sway/config/config.d/colorscheme.conf Normal file
View file

@ -0,0 +1,19 @@
## Base16 Burn
# Author: Benjamin Bädorf
set $base00 #1a181a
set $base01 #2d2a2e
set $base02 #303030
set $base03 #949494
set $base04 #d3d1d4
set $base05 #e3e1e4
set $base06 #303030
set $base07 #ff5f5f
set $base08 #f85e84
set $base09 #df5923
set $base0A #e5c463
set $base0B #9ecd6f
set $base0C #ef9062
set $base0D #7accd7
set $base0E #ab9df2
set $base0F #d70000

54
modules/graphical/sway/config/config.d/custom-keybindings.conf
View file

@ -1,33 +1,43 @@
# launch categorized menu
bindsym $mod+z exec --no-startup-id morc_menu
# switch keyboard input language
bindsym $mod+tab exec toggle-kbd-layout
# Screen capturing
################################################################################################
## sound-section - ##
################################################################################################
bindsym $mod+Ctrl+m exec pavucontrol
################################################################################################
# Quickstart application shortcuts
bindsym $mod+F1 exec psos help
bindsym $mod+Shift+h exec psos help
bindsym $mod+F2 exec firefox
bindsym $mod+F4 exec nautilus -w
bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
bindsym $mod+Shift+m exec qMasterPassword
# Screenshots and screen recordings
bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Shift+p exec grim -g "$(slurp -d -b \#ffffff11 -o)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )"
bindsym $mod+Ctrl+r exec record-screen
bindsym $mod+Shift+r exec record-screen fullscreen
# Launcher
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
bindsym $mod+Space exec $menu
# Pulse Audio controls
bindsym $mod+Ctrl+m exec pavucontrol
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl set +10%"
bindsym XF86MonBrightnessDown exec "brightnessctl set 10%-"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 33%-"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +33%"
set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
bindsym $mod+Num_Lock mode "$mode_vncclient"
bindsym $mod+Shift+Escape mode "$mode_vncclient"
mode "$mode_vncclient" {
bindsym $mod+Num_Lock mode "default"
bindsym $mod+Shift+Escape mode "default"
}

1
modules/graphical/sway/config/config.d/keepalive.conf
View file

@ -1 +0,0 @@
for_window [app_id=".*"] inhibit_idle fullscreen

65
modules/graphical/sway/config/config.d/mode_system.conf.nix
View file

@ -1,39 +1,40 @@
{
pkgs,
config,
psCfg,
...
}: with pkgs; ''
# Set shut down, restart and locking features
}: with pkgs;
''
# Set shut down, restart and locking features
''
+ (
if psCfg.core.hibernation.enable
then ''
set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown
''
+ (
if config.pub-solar.core.hibernation.enable
then ''
set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown
''
else ''
set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
else ''
set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec ${sway}/bin/swaymsg exit, mode "default"
bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default"
mode "$mode_system" {
bindsym e exec ${sway}/bin/swaymsg exit, mode "default"
bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default"
''
+ (
if psCfg.core.hibernation.enable
then ''
bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default"
''
+ (
if config.pub-solar.core.hibernation.enable
then ''
bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default"
''
else ""
)
+ ''
bindsym r exec ${systemd}/bin/systemctl reboot, mode "default"
bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default"
else ""
)
+ ''
bindsym r exec ${systemd}/bin/systemctl reboot, mode "default"
bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

21
modules/graphical/sway/config/config.d/theme.conf.nix → modules/graphical/sway/config/config.d/theme.conf
View file

@ -1,21 +1,3 @@
{ flake, ... }: with flake.self.theme.withHashtag; ''
set $base00 ${base00}
set $base01 ${base01}
set $base02 ${base02}
set $base03 ${base03}
set $base04 ${base04}
set $base05 ${base05}
set $base06 ${base06}
set $base07 ${base07}
set $base08 ${base08}
set $base09 ${base09}
set $base0A ${base0A}
set $base0B ${base0B}
set $base0C ${base0C}
set $base0D ${base0D}
set $base0E ${base0E}
set $base0F ${base0F}
# Border BG Text Ind Child Border
client.focused $base00 $base01 $base07 $base0D $base07
client.focused_inactive $base00 $base01 $base07 $base03 $base00
@ -32,6 +14,3 @@ exec_always import-gtk-settings \
# Workaround to fix cursor scaling, see https://github.com/swaywm/sway/issues/4112
seat seat0 xcursor_theme Adwaita
output * bg ~/.config/wallpaper.jpg fill
''

382
modules/graphical/sway/config/config.nix
View file

@ -1,227 +1,217 @@
args@{
{
config,
pkgs,
...
}: let
applications = builtins.readFile ./config.d/applications.conf;
custom-keybindings = builtins.readFile ./config.d/custom-keybindings.conf;
gaps = builtins.readFile ./config.d/gaps.conf;
mode-system = import ./config.d/mode_system.conf.nix args;
systemd = builtins.readFile ./config.d/systemd.conf;
theme = import ./config.d/theme.conf.nix args;
in ''
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
}: ''
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# Home row direction keys, like vim
set $left j
set $down k
set $up i
set $right l
# Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.
#set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# Home row direction keys, like vim
set $left j
set $down k
set $up i
set $right l
# Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on.
#set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap
default_border pixel 1
default_border pixel 1
### Key bindings
#
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
### Output configuration
#
# Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/)
output * bg ~/.config/wallpaper.jpg fill
# Start a terminal
bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)'
### Key bindings
#
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
# Kill focused window
bindsym $mod+Shift+q kill
# Start a terminal
bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)'
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Kill focused window
bindsym $mod+Shift+q kill
# Reload the configuration file
bindsym $mod+F5 reload
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
#
# Moving around:
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Reload the configuration file
bindsym $mod+F5 reload
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
#
# Moving around:
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# Workspace names
# to display names or symbols instead of plain workspace numbers you can use
# something like: set $ws1 1:mail
# set $ws2 2:
set $ws1 1
set $ws2 2
set $ws3 3
set $ws4 4
set $ws5 5
set $ws6 6
set $ws7 7
set $ws8 8
set $ws9 9
# Workspace names
# to display names or symbols instead of plain workspace numbers you can use
# something like: set $ws1 1:mail
# set $ws2 2:
set $ws1 1
set $ws2 2
set $ws3 3
set $ws4 4
set $ws5 5
set $ws6 6
set $ws7 7
set $ws8 8
set $ws9 9
# Switch to workspace
bindsym $mod+1 workspace 1
bindsym $mod+2 workspace 2
bindsym $mod+3 workspace 3
bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9
# Move focused container to workspace
bindsym $mod+Ctrl+1 move container to workspace $ws1
bindsym $mod+Ctrl+2 move container to workspace $ws2
bindsym $mod+Ctrl+3 move container to workspace $ws3
bindsym $mod+Ctrl+4 move container to workspace $ws4
bindsym $mod+Ctrl+5 move container to workspace $ws5
bindsym $mod+Ctrl+6 move container to workspace $ws6
bindsym $mod+Ctrl+7 move container to workspace $ws7
bindsym $mod+Ctrl+8 move container to workspace $ws8
bindsym $mod+Ctrl+9 move container to workspace $ws9
# Move focused container to workspace and move focus with it
bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1
bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2
bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3
bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4
bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5
bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6
bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7
bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8
bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
# Switch to workspace
bindsym $mod+1 workspace 1
bindsym $mod+2 workspace 2
bindsym $mod+3 workspace 3
bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9
# Move focused container to workspace
bindsym $mod+Ctrl+1 move container to workspace $ws1
bindsym $mod+Ctrl+2 move container to workspace $ws2
bindsym $mod+Ctrl+3 move container to workspace $ws3
bindsym $mod+Ctrl+4 move container to workspace $ws4
bindsym $mod+Ctrl+5 move container to workspace $ws5
bindsym $mod+Ctrl+6 move container to workspace $ws6
bindsym $mod+Ctrl+7 move container to workspace $ws7
bindsym $mod+Ctrl+8 move container to workspace $ws8
bindsym $mod+Ctrl+9 move container to workspace $ws9
# Move focused container to workspace and move focus with it
bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1
bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2
bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3
bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4
bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5
bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6
bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7
bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8
bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
#navigate workspaces next / previous
bindsym $mod+Ctrl+Right workspace next
bindsym $mod+Ctrl+Left workspace prev
#navigate workspaces next / previous
bindsym $mod+Ctrl+Right workspace next
bindsym $mod+Ctrl+Left workspace prev
# workspace back and forth (with/without active container)
workspace_auto_back_and_forth yes
bindsym $mod+b workspace back_and_forth
bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth
# workspace back and forth (with/without active container)
workspace_auto_back_and_forth yes
bindsym $mod+b workspace back_and_forth
bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth
#
# Layout stuff:
#
# Configure border style <normal|1pixel|pixel xx|none|pixel>
default_border pixel 1
default_floating_border normal
#
# Layout stuff:
#
# Configure border style <normal|1pixel|pixel xx|none|pixel>
default_border pixel 1
default_floating_border normal
# Hide borders
hide_edge_borders none
# Hide borders
hide_edge_borders none
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font xft:Hack 16
# Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below.
font xft:Hack 16
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+h splith; exec notify-send 'tile horizontally'
bindsym $mod+v splitv; exec notify-send 'tile vertically'
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+h splith; exec notify-send 'tile horizontally'
bindsym $mod+v splitv; exec notify-send 'tile vertically'
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+t focus mode_toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+t focus mode_toggle
# Move focus to the parent container
bindsym $mod+a focus parent
bindsym $mod+d focus child
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move focus to the parent container
bindsym $mod+a focus parent
bindsym $mod+d focus child
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
${applications}
${gaps}
${custom-keybindings}
${mode-system}
${systemd}
${theme}
include ~/.config/sway/config.d/*
''
include ~/.config/sway/config.d/*''

44
modules/graphical/sway/default.nix
View file

@ -1,4 +1,4 @@
args@{
{
lib,
config,
pkgs,
@ -42,18 +42,6 @@ in {
};
};
};
config.sway = {
# https://alex.dandrea.io/2024/07/20/fixing-idle-inhibitor-behaviour-in-firefox-with-wayland/
# Use xdg-desktop-portal-gtk for every portal interface...
default = "gtk";
# ... except for the ScreenCast, Screenshot and Secret
"org.freedesktop.impl.portal.ScreenCast" = "wlr";
"org.freedesktop.impl.portal.Screenshot" = "wlr";
# ignore inhibit bc gtk portal always returns as success,
# despite sway/the wlr portal not having an implementation,
# stopping firefox from using wayland idle-inhibit
"org.freedesktop.impl.portal.Inhibit" = "none";
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk];
};
@ -72,6 +60,8 @@ in {
wl-clipboard
wf-recorder
brightnessctl
gammastep
geoclue2
xsettingsd
ydotool
@ -82,19 +72,19 @@ in {
wcwd
];
services.geoclue2.enable = true;
home-manager.users."${psCfg.user.name}" = {
systemd.user.services.sway = import ./sway.service.nix args;
systemd.user.targets.sway-session = import ./sway-session.target.nix args;
systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
services.xsettingsd.enable = true;
services.gammastep = {
enable = true;
provider = "geoclue2";
};
xdg.configFile."sway/config".text = import ./config/config.nix args;
xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
services.swayidle = with pkgs; {
enable = true;
@ -106,16 +96,16 @@ in {
];
timeouts = [
{
timeout = 300;
timeout = 120;
command = "${swaylock-bg}/bin/swaylock-bg";
}
{
timeout = 180;
timeout = 130;
command = "${sway}/bin/swaymsg \"output * dpms off\"";
resumeCommand = "${sway}/bin/swaymsg \"output * dpms on\"";
}
{
timeout = 600;
timeout = 300;
command = "${systemd}/bin/systemctl hibernate";
}
];

17
modules/graphical/sway/gammastep.service.nix Normal file
View file

@ -0,0 +1,17 @@
{pkgs, ...}: {
Unit = {
Description = "set color temperature of display according to time of day";
Documentation = ["man:gammastep(1)"];
BindsTo = ["sway-session.target"];
After = ["sway-session.target"];
# ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.gammastep}/bin/gammastep -l geoclue2 -m wayland -v";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

18
modules/graphical/sway/xsettingsd.service.nix Normal file
View file

@ -0,0 +1,18 @@
{pkgs, ...}: {
Unit = {
Description = "X Settings Daemon";
Documentation = ["https://github.com/derat/xsettingsd/wiki/Installation"];
BindsTo = ["sway-session.target"];
After = ["sway-session.target"];
# ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd";
ExecStop = "/run/current-system/sw/bin/env pkill xsettingsd";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

31
modules/graphical/waybar.nix
View file

@ -2,14 +2,13 @@
lib,
config,
pkgs,
flake,
...
}:
with lib; let
psCfg = config.pub-solar;
in {
home-manager.users."${psCfg.user.name}" = {
programs.waybar = with flake.self.theme.withHashtag; {
programs.waybar = {
enable = true;
settings.main = {
layer = "top";
@ -47,10 +46,10 @@ in {
on-scroll = "-1";
on-click-right = "mode";
format = {
months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>";
weekdays = "<span color='#ffcc66'><b>{}</b></span>";
today = "<span color='#ff6699'><b><u>{}</u></b></span>";
months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>";
weekdays = "<span color='#ffcc66'><b>{}</b></span>";
today = "<span color='#ff6699'><b><u>{}</u></b></span>";
};
};
};
@ -89,25 +88,7 @@ in {
};
};
};
style = ''
@define-color base00 ${base00};
@define-color base01 ${base01};
@define-color base02 ${base02};
@define-color base03 ${base03};
@define-color base04 ${base04};
@define-color base05 ${base05};
@define-color base06 ${base06};
@define-color base07 ${base07};
@define-color base08 ${base08};
@define-color base09 ${base09};
@define-color base0A ${base0A};
@define-color base0B ${base0B};
@define-color base0C ${base0C};
@define-color base0D ${base0D};
@define-color base0E ${base0E};
@define-color base0F ${base0F};
''+ builtins.readFile ./.config/waybar/style.css;
style = builtins.readFile ./.config/waybar/style.css;
systemd.enable = true;
systemd.target = "sway-session.target";
};

717
modules/invoiceplane/default.nix
View file

@ -1,221 +1,215 @@
{
config,
pkgs,
lib,
...
}:
with lib; let
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.services.invoiceplane;
eachSite = cfg.sites;
user = "invoiceplane";
webserver = config.services.${cfg.webserver};
invoiceplane-config = hostName: cfg:
pkgs.writeText "ipconfig.php" ''
IP_URL=http://${hostName}
ENABLE_DEBUG=false
DISABLE_SETUP=false
REMOVE_INDEXPHP=false
DB_HOSTNAME=${cfg.database.host}
DB_USERNAME=${cfg.database.user}
# NOTE: file_get_contents adds newline at the end of returned string
DB_PASSWORD=${
if cfg.database.passwordFile == null
then ""
else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"
}
DB_DATABASE=${cfg.database.name}
DB_PORT=${toString cfg.database.port}
SESS_EXPIRATION=864000
ENABLE_INVOICE_DELETION=false
DISABLE_READ_ONLY=false
ENCRYPTION_KEY=
ENCRYPTION_CIPHER=AES-256
SETUP_COMPLETED=false
REMOVE_INDEXPHP=true
invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" ''
IP_URL=http://${hostName}
ENABLE_DEBUG=false
DISABLE_SETUP=false
REMOVE_INDEXPHP=false
DB_HOSTNAME=${cfg.database.host}
DB_USERNAME=${cfg.database.user}
# NOTE: file_get_contents adds newline at the end of returned string
DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"}
DB_DATABASE=${cfg.database.name}
DB_PORT=${toString cfg.database.port}
SESS_EXPIRATION=864000
ENABLE_INVOICE_DELETION=false
DISABLE_READ_ONLY=false
ENCRYPTION_KEY=
ENCRYPTION_CIPHER=AES-256
SETUP_COMPLETED=false
REMOVE_INDEXPHP=true
'';
extraConfig = hostName: cfg: pkgs.writeText "extraConfig.php" ''
${toString cfg.extraConfig}
'';
pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}";
version = src.version;
src = pkgs.invoiceplane;
postPhase = ''
# Patch index.php file to load additional config file
substituteInPlace index.php \
--replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();";
'';
extraConfig = hostName: cfg:
pkgs.writeText "extraConfig.php" ''
${toString cfg.extraConfig}
installPhase = ''
mkdir -p $out
cp -r * $out/
# symlink uploads and log directories
rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp
ln -sf ${cfg.stateDir}/uploads $out/
ln -sf ${cfg.stateDir}/logs $out/application/
ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/
# symlink the InvoicePlane config
ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php
# symlink the extraConfig file
ln -s ${extraConfig hostName cfg} $out/extraConfig.php
# symlink additional templates
${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates}
'';
pkg = hostName: cfg:
pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}";
version = src.version;
src = pkgs.invoiceplane;
postPhase = ''
# Patch index.php file to load additional config file
substituteInPlace index.php \
--replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();";
'';
installPhase = ''
mkdir -p $out
cp -r * $out/
# symlink uploads and log directories
rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp
ln -sf ${cfg.stateDir}/uploads $out/
ln -sf ${cfg.stateDir}/logs $out/application/
ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/
# symlink the InvoicePlane config
ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php
# symlink the extraConfig file
ln -s ${extraConfig hostName cfg} $out/extraConfig.php
# symlink additional templates
${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates}
'';
};
siteOpts = {
lib,
name,
...
}: {
options = {
enable = mkEnableOption (lib.mdDoc "InvoicePlane web application");
stateDir = mkOption {
type = types.path;
default = "/var/lib/invoiceplane/${name}";
description = lib.mdDoc ''
This directory is used for uploads of attachments and cache.
The directory passed here is automatically created and permissions
adjusted as required.
'';
};
database = {
host = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Database host address.";
};
port = mkOption {
type = types.port;
default = 3306;
description = lib.mdDoc "Database host port.";
};
name = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database name.";
};
user = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/invoiceplane-dbpassword";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
createLocally = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Create the database and database user locally.";
};
};
invoiceTemplates = mkOption {
type = types.listOf types.path;
default = [];
description = lib.mdDoc ''
List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
::: {.note}
These templates need to be packaged before use, see example.
:::
'';
example = literalExpression ''
let
# Let's package an example template
template-vtdirektmarketing = pkgs.stdenv.mkDerivation {
name = "vtdirektmarketing";
# Download the template from a public repository
src = pkgs.fetchgit {
url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git";
sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z";
};
sourceRoot = ".";
# Installing simply means copying template php file to the output directory
installPhase = ""
mkdir -p $out
cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/
"";
};
# And then pass this package to the template list like this:
in [ template-vtdirektmarketing ]
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [str int bool]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = lib.mdDoc ''
Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf`
for details on configuration directives.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
SETUP_COMPLETED=true
DISABLE_SETUP=true
IP_URL=https://invoice.example.com
'';
description = lib.mdDoc ''
InvoicePlane configuration. Refer to
<https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>
for details on supported values.
'';
};
cron = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable cron service which periodically runs Invoiceplane tasks.
Requires key taken from the administration page. Refer to
<https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices>
on how to configure it.
'';
};
key = mkOption {
type = types.str;
description = lib.mdDoc "Cron key taken from the administration page.";
};
};
};
};
in {
siteOpts = { lib, name, ... }:
{
options = {
enable = mkEnableOption (lib.mdDoc "InvoicePlane web application");
stateDir = mkOption {
type = types.path;
default = "/var/lib/invoiceplane/${name}";
description = lib.mdDoc ''
This directory is used for uploads of attachments and cache.
The directory passed here is automatically created and permissions
adjusted as required.
'';
};
database = {
host = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Database host address.";
};
port = mkOption {
type = types.port;
default = 3306;
description = lib.mdDoc "Database host port.";
};
name = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database name.";
};
user = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/invoiceplane-dbpassword";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
createLocally = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Create the database and database user locally.";
};
};
invoiceTemplates = mkOption {
type = types.listOf types.path;
default = [];
description = lib.mdDoc ''
List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
::: {.note}
These templates need to be packaged before use, see example.
:::
'';
example = literalExpression ''
let
# Let's package an example template
template-vtdirektmarketing = pkgs.stdenv.mkDerivation {
name = "vtdirektmarketing";
# Download the template from a public repository
src = pkgs.fetchgit {
url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git";
sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z";
};
sourceRoot = ".";
# Installing simply means copying template php file to the output directory
installPhase = ""
mkdir -p $out
cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/
"";
};
# And then pass this package to the template list like this:
in [ template-vtdirektmarketing ]
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = lib.mdDoc ''
Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf`
for details on configuration directives.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
SETUP_COMPLETED=true
DISABLE_SETUP=true
IP_URL=https://invoice.example.com
'';
description = lib.mdDoc ''
InvoicePlane configuration. Refer to
<https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>
for details on supported values.
'';
};
cron = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable cron service which periodically runs Invoiceplane tasks.
Requires key taken from the administration page. Refer to
<https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices>
on how to configure it.
'';
};
key = mkOption {
type = types.str;
description = lib.mdDoc "Cron key taken from the administration page.";
};
};
};
};
in
{
disabledModules = [
"services/web-apps/invoiceplane.nix"
];
@ -224,6 +218,7 @@ in {
options = {
services.invoiceplane = mkOption {
type = types.submodule {
options.sites = mkOption {
type = types.attrsOf (types.submodule siteOpts);
default = {};
@ -231,7 +226,7 @@ in {
};
options.webserver = mkOption {
type = types.enum ["caddy" "nginx"];
type = types.enum [ "caddy" "nginx" ];
default = "caddy";
description = lib.mdDoc ''
Which webserver to use for virtual host management. Currently only
@ -242,172 +237,160 @@ in {
default = {};
description = lib.mdDoc "InvoicePlane configuration.";
};
};
# implementation
config = mkIf (eachSite != {}) (mkMerge [
{
assertions = flatten (mapAttrsToList (hostName: cfg: [
{
assertion = cfg.database.createLocally -> cfg.database.user == user;
message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
}
{
assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
}
{
assertion = cfg.cron.enable -> cfg.cron.key != null;
message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
}
])
eachSite);
config = mkIf (eachSite != {}) (mkMerge [{
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers =
mapAttrsToList (
hostName: cfg: {
name = cfg.database.user;
ensurePermissions = {"${cfg.database.name}.*" = "ALL PRIVILEGES";};
assertions = flatten (mapAttrsToList (hostName: cfg:
[{ assertion = cfg.database.createLocally -> cfg.database.user == user;
message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
}
{ assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
}
{ assertion = cfg.cron.enable -> cfg.cron.key != null;
message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
}
]) eachSite);
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers = mapAttrsToList (hostName: cfg:
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
) eachSite;
};
services.phpfpm = {
phpPackage = pkgs.php81;
pools = mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-${hostName}" {
inherit user;
group = webserver.group;
settings = {
"listen.owner" = webserver.user;
"listen.group" = webserver.group;
} // cfg.poolConfig;
}
)) eachSite;
};
}
{
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
]) eachSite);
systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg:
''
mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi
'') eachSite);
wantedBy = [ "multi-user.target" ];
};
users.users.${user} = {
group = webserver.group;
isSystemUser = true;
};
}
{
# Cron service implementation
systemd.timers = mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "invoiceplane-cron-${hostName}.service";
};
})
)) eachSite;
systemd.services =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
serviceConfig = {
Type = "oneshot";
User = user;
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
};
})
)) eachSite;
}
(mkIf (cfg.webserver == "caddy") {
services.caddy = {
enable = true;
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" {
extraConfig = ''
root * ${pkg hostName cfg}
file_server
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
'';
}
)) eachSite;
};
})
(mkIf (cfg.webserver == "nginx") {
services.nginx = {
enable = true;
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "${hostName}" {
root = "${pkg hostName cfg}";
extraConfig = ''
index index.php index.html index.htm;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php break;
}
)
eachSite;
};
'';
services.phpfpm = {
phpPackage = pkgs.php81;
pools =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-${hostName}" {
inherit user;
group = webserver.group;
settings =
{
"listen.owner" = webserver.user;
"listen.group" = webserver.group;
}
// cfg.poolConfig;
}
))
eachSite;
};
}
locations = {
"/setup".extraConfig = ''
rewrite ^(.*)$ http://${hostName}/ redirect;
'';
{
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
])
eachSite);
systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg: ''
mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi
'')
eachSite);
wantedBy = ["multi-user.target"];
};
users.users.${user} = {
group = webserver.group;
isSystemUser = true;
};
}
{
# Cron service implementation
systemd.timers =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "invoiceplane-cron-${hostName}.service";
};
})
))
eachSite;
systemd.services =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
serviceConfig = {
Type = "oneshot";
User = user;
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
};
})
))
eachSite;
}
(mkIf (cfg.webserver == "caddy") {
services.caddy = {
enable = true;
virtualHosts =
mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" {
"~ .php$" = {
extraConfig = ''
root * ${pkg hostName cfg}
file_server
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."invoiceplane-${hostName}".socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
}
))
eachSite;
};
})
};
};
}
)) eachSite;
};
})
(mkIf (cfg.webserver == "nginx") {
services.nginx = {
enable = true;
virtualHosts =
mapAttrs' (hostName: cfg: (
nameValuePair "${hostName}" {
root = "${pkg hostName cfg}";
extraConfig = ''
index index.php index.html index.htm;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php break;
}
'';
locations = {
"/setup".extraConfig = ''
rewrite ^(.*)$ http://${hostName}/ redirect;
'';
"~ .php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."invoiceplane-${hostName}".socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
};
}
))
eachSite;
};
})
]);
}

21
modules/nix/default.nix
View file

@ -5,17 +5,16 @@
flake,
...
}: {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
"hplip"
"cups-brother-hl3140cw"
"cloudflare-warp"
"uhk-agent"
"uhk-udev-rules"
];
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"steam"
"steam-original"
"steam-run"
"hplip"
"cups-brother-hl3140cw"
"uhk-agent"
"uhk-udev-rules"
"zoom"
];
nix = {
# Use default version alias for nix package

7
modules/persistence/default.nix
View file

@ -1,8 +1,5 @@
{ lib, config, ... }:
{
lib,
config,
...
}: {
environment.persistence."/persist" = {
hideMounts = true;
directories = [
@ -20,7 +17,7 @@
fileSystems."/etc/nixos" = {
device = "/home/${config.pub-solar.user.name}/Workspace/os";
options = ["bind"];
options = [ "bind" ];
};
systemd.tmpfiles.rules = [

3
modules/portable/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
services.cron = {
enable = true;
systemCronJobs = [

22
modules/printing/default.nix
View file

@ -7,7 +7,7 @@
}: {
services.avahi.enable = true;
services.avahi.ipv6 = true;
services.avahi.nssmdns4 = true;
services.avahi.nssmdns = true;
services.avahi.publish.enable = true;
services.avahi.publish.userServices = true;
@ -16,19 +16,9 @@
services.printing.listenAddresses = ["localhost:631"];
services.printing.defaultShared = lib.mkDefault false;
services.printing.drivers =
[
pkgs.gutenprint
]
++ (
if (pkgs.system == "x86_64-linux")
then [pkgs.cups-brother-hl3140cw]
else []
);
environment.persistence."/persist" = {
directories = [
"/etc/lib/cups"
];
};
services.printing.drivers = [
pkgs.gutenprint
] ++ (if (pkgs.system == "x86_64-linux")
then [ pkgs.cups-brother-hl3140cw ]
else []);
}

2
modules/proxy/default.nix
View file

@ -5,7 +5,7 @@
lib,
...
}: {
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;

7
modules/proxy/proxy.conf
View file

@ -1,7 +1,12 @@
## Headers
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
## Basic Proxy Configuration
client_body_buffer_size 128k;
@ -16,7 +21,7 @@ proxy_buffers 64 256k;
## Please read the following documentation before configuring this:
## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies
set_real_ip_from 10.13.12.0/24;
set_real_ip_from fd00:b12f:acab:1312:acab::/80;
set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For;
real_ip_recursive on;

18
modules/terminal-life/.config/git/config.nix
View file

@ -12,8 +12,8 @@ in '' [user]
else ""
}
${
if user.name != null
then "name = ${user.name}"
if user.fullName != null
then "name = ${user.fullName}"
else ""
}
${
@ -27,19 +27,7 @@ in '' [user]
[alias]
pol = pull
ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number
lg = "!f() { \
git log --all --color --graph --pretty=format:'%C(bold yellow)<sig>%G?</sig>%C(reset) %C(red)%h%C(reset) -%C(yellow)%d%C(reset) %s %C(green)(%cr) %C(blue)<%an>%C(reset)' | \
sed \
-e 's#<sig>G</sig>#Good#' \
-e 's#<sig>B</sig>#\\nBAD \\nBAD \\nBAD \\nBAD \\nBAD#' \
-e 's#<sig>U</sig>#Unknown#' \
-e 's#<sig>X</sig>#Expired#' \
-e 's#<sig>Y</sig>#Expired Key#' \
-e 's#<sig>R</sig>#Revoked#' \
-e 's#<sig>E</sig>#Missing Key#' \
-e 's#<sig>N</sig>#None#' | \
less -r; \
}; f"
# define command which will be used when "nvim"is set as a merge tool
[mergetool]
prompt = false

34
modules/terminal-life/.config/git/gitmessage.nix
View file

@ -6,27 +6,27 @@
user = config.pub-solar.user;
xdg = config.home-manager.users."${user.name}".xdg;
in ''
# What happened?
#
# fix feat build chore ci docs style refactor perf test
#
# type!(optional scope): <summary> --------------#
#
# What happened?
#
# fix feat build chore ci docs style refactor perf test
#
# type!(optional scope): <summary> --------------#
#
# ^\n
# What exactly was done and why? --------------------------------------#
#
# ^\n
# What exactly was done and why? --------------------------------------#
#
# ^\n
#
# Any issue numbers or links?
#
# Ref: #123
# ^\n
#
# Any issue numbers or links?
#
# Ref: #123
# ^\n
#
# Co-authored-by: Example Name <email@example.com>
# ^\n
#
# Co-authored-by: Example Name <email@example.com>
''

126
modules/terminal-life/.local/share/scripts/base16.sh Normal file
View file

@ -0,0 +1,126 @@
#!/bin/sh
# base16-shell (https://github.com/chriskempson/base16-shell)
# Base16 Shell template by Chris Kempson (http://chriskempson.com)
# Burn scheme by Benjamin Bädorf
color00="1a/18/1a" # Base 00 - Black
color01="f8/5e/84" # Base 08 - Red
color02="9e/cd/6f" # Base 0B - Green
color03="e5/c4/63" # Base 0A - Yellow
color04="7a/cc/d7" # Base 0D - Blue
color05="ab/9d/f2" # Base 0E - Magenta
color06="ef/90/62" # Base 0C - Cyan
color07="e3/e1/e4" # Base 05 - White
color08="94/94/94" # Base 03 - Bright Black
color09=$color01 # Base 08 - Bright Red
color10=$color02 # Base 0B - Bright Green
color11=$color03 # Base 0A - Bright Yellow
color12=$color04 # Base 0D - Bright Blue
color13=$color05 # Base 0E - Bright Magenta
color14=$color06 # Base 0C - Bright Cyan
color15="ff/5f/5f" # Base 07 - Bright White
color16="df/59/23" # Base 09
color17="d7/00/00" # Base 0F
color18="2d/2a/2e" # Base 01
color19="30/30/30" # Base 02
color20="d3/d1/d4" # Base 04
color21="30/30/30" # Base 06
color_foreground="e3/e1/e4" # Base 05
color_background="1a/18/1a" # Base 00
if [ -n "$TMUX" ]; then
# Tell tmux to pass the escape sequences through
# (Source: http://permalink.gmane.org/gmane.comp.terminal-emulators.tmux.user/1324)
put_template() { printf '\033Ptmux;\033\033]4;%d;rgb:%s\033\033\\\033\\' $@; }
put_template_var() { printf '\033Ptmux;\033\033]%d;rgb:%s\033\033\\\033\\' $@; }
put_template_custom() { printf '\033Ptmux;\033\033]%s%s\033\033\\\033\\' $@; }
elif [ "${TERM%%[-.]*}" = "screen" ]; then
# GNU screen (screen, screen-256color, screen-256color-bce)
put_template() { printf '\033P\033]4;%d;rgb:%s\007\033\\' $@; }
put_template_var() { printf '\033P\033]%d;rgb:%s\007\033\\' $@; }
put_template_custom() { printf '\033P\033]%s%s\007\033\\' $@; }
elif [ "${TERM%%-*}" = "linux" ]; then
put_template() { [ $1 -lt 16 ] && printf "\e]P%x%s" $1 $(echo $2 | sed 's/\///g'); }
put_template_var() { true; }
put_template_custom() { true; }
else
put_template() { printf '\033]4;%d;rgb:%s\033\\' $@; }
put_template_var() { printf '\033]%d;rgb:%s\033\\' $@; }
put_template_custom() { printf '\033]%s%s\033\\' $@; }
fi
# 16 color space
put_template 0 $color00
put_template 1 $color01
put_template 2 $color02
put_template 3 $color03
put_template 4 $color04
put_template 5 $color05
put_template 6 $color06
put_template 7 $color07
put_template 8 $color08
put_template 9 $color09
put_template 10 $color10
put_template 11 $color11
put_template 12 $color12
put_template 13 $color13
put_template 14 $color14
put_template 15 $color15
# 256 color space
put_template 16 $color16
put_template 17 $color17
put_template 18 $color18
put_template 19 $color19
put_template 20 $color20
put_template 21 $color21
# foreground / background / cursor color
if [ -n "$ITERM_SESSION_ID" ]; then
# iTerm2 proprietary escape codes
put_template_custom Pg e3e1e4 # foreground
put_template_custom Ph 1a181a # background
put_template_custom Pi e3e1e4 # bold color
put_template_custom Pj 303030 # selection color
put_template_custom Pk e3e1e4 # selected text color
put_template_custom Pl e3e1e4 # cursor
put_template_custom Pm 1a181a # cursor text
else
put_template_var 10 $color_foreground
if [ "$BASE16_SHELL_SET_BACKGROUND" != false ]; then
put_template_var 11 $color_background
if [ "${TERM%%-*}" = "rxvt" ]; then
put_template_var 708 $color_background # internal border (rxvt)
fi
fi
put_template_custom 12 ";7" # cursor (reverse video)
fi
# clean up
unset -f put_template
unset -f put_template_var
unset -f put_template_custom
unset color00
unset color01
unset color02
unset color03
unset color04
unset color05
unset color06
unset color07
unset color08
unset color09
unset color10
unset color11
unset color12
unset color13
unset color14
unset color15
unset color16
unset color17
unset color18
unset color19
unset color20
unset color21
unset color_foreground
unset color_background

4
modules/terminal-life/bash/default.nix
View file

@ -99,11 +99,13 @@ in {
vi = "nvim";
vim = "nvim";
mutt = "neomutt";
cat = "bat";
ls = "eza";
la = "eza --group-directories-first -lag";
wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix";
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
nnn = "nnn -d -e -H -r";
};
}

104
modules/terminal-life/default.nix
View file

@ -1,8 +1,7 @@
args@{
{
lib,
config,
pkgs,
flake,
...
}:
with lib; let
@ -20,45 +19,33 @@ in {
};
config = {
programs.command-not-found.enable = true;
programs.command-not-found.enable = false;
users.users."${psCfg.user.name}".packages = with pkgs;
[
tealdeer
asciinema
blesh
eza
fd
ripgrep
(nnn.overrideAttrs (o: {
patches =
(o.patches or [])
++ [
./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
];
}))
p
powerline
screen
watson
jump
bat
]
++ (
if cfg.full
then [
# Nix specific utilities
alejandra
manix
nix-index
nix-tree
nix-inspect
nvd
]
else []
);
users.users."${psCfg.user.name}".packages = with pkgs; [
ack
asciinema
bat
blesh
eza
fd
jump
(nnn.overrideAttrs (o: {
patches =
(o.patches or [])
++ [
./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
];
}))
p
powerline
screen
silver-searcher
watson
];
home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
programs.less = {
enable = true;
keys = ''
@ -73,26 +60,49 @@ in {
# starship.toml has sane defaults that can be changed there
programs.starship = {
enable = true;
settings = import ./starship.toml.nix flake.self.theme.withHashtag;
settings = import ./starship.toml.nix;
};
programs.bash = import ./bash args;
programs.bash = import ./bash {
inherit config;
inherit pkgs;
inherit lib;
};
programs.fzf = import ./fzf args;
programs.fzf = import ./fzf {
inherit config;
inherit pkgs;
};
programs.neovim = import ./nvim args;
programs.neovim = import ./nvim {
inherit config;
inherit pkgs;
inherit lib;
};
# Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = "";
programs.git = import ./git args;
xdg.configFile."git/config".text = import ./.config/git/config.nix args;
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix args;
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix args;
programs.git = import ./git {};
xdg.configFile."git/config".text = import ./.config/git/config.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
programs.direnv = import ./direnv args;
programs.direnv = import ./direnv {};
};
};
}

3
modules/terminal-life/direnv/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
enable = true;
nix-direnv = {
enable = true;

10
modules/terminal-life/fzf/default.nix
View file

@ -1,17 +1,15 @@
{
config,
pkgs,
flake,
...
}: {
enable = true;
defaultCommand = "fd --hidden --type f --exclude .git";
defaultOptions = with flake.self.theme.withHashtag; [
"--color=bg+:${base01},bg:${base00},spinner:${base0C},hl:${base0D}"
"--color=fg:${base04},header:${base0D},info:${base0A},pointer:${base0C}"
"--color=marker:${base0C},fg+:${base02},prompt:${base0A},hl+:${base0D}"
defaultOptions = [
"--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7"
"--color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062"
"--color=marker:#ef9062,fg+:#303030,prompt:#e5c463,hl+:#7accd7"
];
# Use ble.sh for completions, see
# modules/terminal-life/bash/default.nix -> bleopt complete_menu_style=desc
# and https://github.com/akinomyoga/ble.sh/wiki/Manual-%C2%A77-Completion

3
modules/terminal-life/git/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
enable = true;
extraConfig = {

48
modules/terminal-life/nvim/cmp.vim
View file

@ -1,48 +0,0 @@
lua <<EOF
local luasnip = require 'luasnip'
local cmp = require 'cmp'
cmp.setup {
snippet = {
expand = function(args)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = {
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end,
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
},
}
EOF

298
modules/terminal-life/nvim/default.nix
View file

@ -7,6 +7,8 @@
psCfg = config.pub-solar;
cfg = config.pub-solar.terminal-life;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs);
in {
enable = true;
@ -18,134 +20,176 @@ in {
withRuby = true;
withPython3 = true;
extraPackages = with pkgs; [
ripgrep
nixd
universal-ctags
# ansible-language-server
# clang-tools
# gopls
# nodePackages.bash-language-server
# nodePackages.svelte-language-server
# nodePackages.typescript
# nodePackages.typescript-language-server
# nodePackages.vue-language-server
# nodePackages.vscode-langservers-extracted
# nginx-language-server
# lua-language-server
# cmake-language-server
# vim-language-server
# yaml-language-server
# python3Packages.python-lsp-server
# nodePackages.dockerfile-language-server-nodejs
# docker-compose-language-service
# rust-analyzer
# cargo
# solargraph
# terraform-ls
# python3Full
extraPackages = with pkgs;
lib.mkIf (cfg.full) [
ansible-language-server
ccls
gopls
nixd
nodejs
nodePackages.bash-language-server
nodePackages.dockerfile-language-server-nodejs
nodePackages.svelte-language-server
nodePackages.typescript
nodePackages.typescript-language-server
nodePackages.vim-language-server
nodePackages.vue-language-server
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
python3Packages.python-lsp-server
python3Full
rust-analyzer
solargraph
terraform-ls
universal-ctags
];
plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [
(pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
p.ini
p.json
p.json5
p.markdown
p.nix
p.toml
p.yaml
p.css
p.graphql
p.html
p.javascript
p.scss
p.tsx
p.typescript
p.vue
p.c
p.cpp
p.go
p.gomod
p.gosum
p.haskell
p.lua
p.php
p.python
p.ruby
p.rust
p.vim
p.vimdoc
p.passwd
p.sql
p.diff
p.gitcommit
p.gitignore
p.git_config
p.gitattributes
p.git_rebase
p.bash
p.dockerfile
p.make
p.ninja
p.terraform
]))
# Dependencies for nvim-lspconfig
nvim-cmp
cmp-nvim-lsp
cmp_luasnip
luasnip
# Quickstart configs for neovim LSP
lsp_extensions-nvim
nvim-lspconfig
# Collaborative editing in Neovim using built-in capabilities
instant-nvim-nvfetcher
# Search functionality behind :Ack
ack-vim
# The status bar in the bottom of the screen with the mode indication and file location
vim-airline
# Automatically load editorconfig files in repos to configure nvim settings
editorconfig-vim
# File browser. Use <leader>n to access
nnn-vim
# Highlight characters when using f, F, t, and T
quick-scope
# Get sudo in vim; :SudaWrite <optional filename>
suda-vim
# Undo history etc. per project
vim-workspace-nvfetcher
# JSON schemas
SchemaStore-nvim
# Work with tags files
vim-gutentags
# Neovim colorschemes / themes
sonokai
vim-hybrid-material
vim-airline-themes
vim-apprentice-nvfetcher
# Git integrations
# A Git wrapper so awesome, it should be illegal
fugitive
# Shows git diff markers in the sign column
vim-gitgutter
# GitHub extension for fugitive
vim-rhubarb
# Ease your git workflow within Vim
vimagit-nvfetcher
# FZF fuzzy finder
fzf-vim
fzfWrapper
# Make the yanked region apparent
vim-highlightedyank
# :Beautify Code beautifier
vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window
vim-bufkill
# Defaults everyone can agree on
vim-sensible
# emmet for vim: http://emmet.io/
emmet-vim
# Caddyfile syntax support for Vim
vim-caddyfile-nvfetcher
];
plugins = with pkgs.vimPlugins;
[
# The status bar in the bottom of the screen with the mode indication and file location
vim-airline
extraConfig = builtins.concatStringsSep "\n" [
''
" Persistent undo
set undofile
set undodir=${xdg.cacheHome}/nvim/undo
# Automatically load editorconfig files in repos to configure nvim settings
editorconfig-vim
# File browser. Use <leader>n to access
nnn-vim
# Highlight characters when using f, F, t, and T
quick-scope
# Undo history etc. per project
vim-workspace-nvfetcher
# Neovim colorschemes / themes
sonokai
vim-hybrid-material
vim-airline-themes
vim-apprentice-nvfetcher
# Preview colors inline
nvim-colorizer-lua
# Git integrations
# A Git wrapper so awesome, it should be illegal
fugitive
# Shows git diff markers in the sign column
vim-gitgutter
# GitHub extension for fugitive
vim-rhubarb
# Ease your git workflow within Vim
vimagit-nvfetcher
# Telescope fuzzy finder
telescope-nvim
telescope-fzf-native-nvim
# Make the yanked region apparent
vim-highlightedyank
# :Beautify Code beautifier
vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window
vim-bufkill
# Defaults everyone can agree on
vim-sensible
# Work with tags files
vim-gutentags
]
++ (
if cfg.full
then [
nvim-treesitter.withAllGrammars
# Dependencies for nvim-lspconfig
nvim-cmp
cmp-nvim-lsp
cmp_luasnip
luasnip
# Quickstart configs for neovim LSP
lsp_extensions-nvim
nvim-lspconfig
# Collaborative editing in Neovim using built-in capabilities
instant-nvim-nvfetcher
# JSON schemas
SchemaStore-nvim
]
else []
);
extraConfig = builtins.concatStringsSep "\n" ([
''
" Persistent undo
set undofile
set undodir=${xdg.cacheHome}/nvim/undo
set backupdir=${xdg.dataHome}/nvim/backup
set directory=${xdg.dataHome}/nvim/swap/
''
(builtins.readFile ./init.vim)
(builtins.readFile ./plugins.vim)
(builtins.readFile ./clipboard.vim)
(builtins.readFile ./ui.vim)
(builtins.readFile ./filetypes.vim)
]
++ (
if cfg.full
then [
(builtins.readFile ./lsp.vim)
(builtins.readFile ./cmp.vim)
]
else []
));
set backupdir=${xdg.dataHome}/nvim/backup
set directory=${xdg.dataHome}/nvim/swap/
''
(builtins.readFile ./init.vim)
(builtins.readFile ./plugins.vim)
(builtins.readFile ./clipboard.vim)
(builtins.readFile ./ui.vim)
(builtins.readFile ./quickfixopenall.vim)
(builtins.readFile ./lsp.vim)
''
" fzf with file preview
command! -bang -nargs=? -complete=dir Files
\ call fzf#vim#files(<q-args>, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, <bang>0)
''
];
}

10
modules/terminal-life/nvim/filetypes.vim
View file

@ -1,10 +0,0 @@
au BufRead,BufNewFile *.html.twig set filetype=html
au BufRead,BufNewFile *.vto set filetype=html
au BufRead,BufNewFile *.njk set filetype=html
au BufRead,BufNewFile *.age set filetype=age
autocmd FileType age setlocal noeol nofixeol
au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab

41
modules/terminal-life/nvim/init.vim
View file

@ -9,13 +9,11 @@ set viminfo='100,<100,s20 " vim file history
set hidden
set expandtab
set shiftwidth=2
set tabstop=2
set number
set relativenumber
set mouse=
set listchars=tab:→\ ,nbsp:␣,trail:␣,extends:⟩,precedes:⟨
set list
set autoindent
set smartindent
@ -58,6 +56,10 @@ map <leader>wJ :wincmd H<CR>
map <leader>wK :wincmd J<CR>
map <leader>wL :wincmd L<CR>
map <leader>tj :tabprevious<CR>
map <leader>tl :tabnext<CR>
map <leader>tq :tabclose<CR>
" replay macro for each line of a visual selection
xnoremap @q :normal @q<CR>
xnoremap @@ :normal @@<CR>
@ -69,13 +71,34 @@ xnoremap p pgvy
inoremap jj <Esc>
" Open new buffer
nmap <leader>bn :enew<cr>
nmap <leader>T :enew<cr>
" Move to the next buffer
nmap <leader>l :bnext<CR>
nmap <leader>bn :bnext<CR>
" Move to the previous buffer
nmap <leader>j :bprevious<CR>
nmap <leader>bp :bprevious<CR>
" Close the current buffer and move to the previous one
" This replicates the idea of closing a tab
nmap <leader>q :bp <BAR> bd #<CR>
nmap <leader>bq :bp <BAR> bd #<CR>
" Show all open buffers and their status
nmap <leader>bl :ls<CR>
" Mapping selecting mappings
nmap <leader><tab> <plug>(fzf-maps-n)
xmap <leader><tab> <plug>(fzf-maps-x)
omap <leader><tab> <plug>(fzf-maps-o)
nmap <c-p> :Files<CR>
imap <c-p> <ESC>:Files<CR>
" Insert mode completion
imap <c-x><c-k> <plug>(fzf-complete-word)
imap <c-x><c-f> <plug>(fzf-complete-path)
imap <c-x><c-j> <plug>(fzf-complete-file)
imap <c-x><c-l> <plug>(fzf-complete-line)
" Clear quickfix shortcut
nmap <Leader>c :ccl<CR>
@ -85,3 +108,7 @@ nmap <Leader>c :ccl<CR>
if has("autocmd")
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
endif
nmap - :NnnPicker %<CR>
nmap <leader>n :NnnPicker %<CR>
nmap <leader>N :NnnPicker<CR>

367
modules/terminal-life/nvim/lsp.vim
View file

@ -1,149 +1,258 @@
" Set completeopt to have a better completion experience
" :help completeopt
" menuone: popup even when there's only one match
" noinsert: Do not insert text until a selection is made
" noselect: Do not select, force user to select one from the menu
set completeopt=menuone,noinsert,noselect
" Avoid showing extra messages when using completion
set shortmess+=c
function AddTemplate(tmpl_file)
exe "0read " . a:tmpl_file
set nomodified
6
endfunction
autocmd BufNewFile shell.nix call AddTemplate("$XDG_DATA_HOME/nvim/templates/shell.nix.tmpl")
" Configure neovim 0.6+ experimental LSPs
" https://github.com/neovim/nvim-lspconfig
" https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
" https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization
" https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua
lua <<EOF
local nvim_lsp = require('lspconfig')
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect,noinsert'
vim.o.shortmess = vim.o.shortmess .. 'c'
vim.o.signcolumn = 'yes:2'
-- Mappings (global)
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap=true, silent=true }
vim.api.nvim_set_keymap('n', '<leader>e', '<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>dq', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
local lspconfig = require('lspconfig')
-- Use an on_attach function to only map the following keys
-- after the language server attaches to the current buffer
local on_attach = function(client, bufnr)
-- Enable completion triggered by <c-x><c-o>
vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc')
-- Mappings (global)
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap=true, silent=true }
vim.api.nvim_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>dq', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>do', '<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>bf', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
-- Mappings (available if LSP is configured and attached to buffer)
-- See `:help vim.lsp.*` for documentation on any of the below functions
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>D', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
local on_attach = function(client, bufnr)
-- Enable completion triggered by <c-x><c-o>
vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc')
-- Show diagnostic popup on cursor hold
vim.api.nvim_create_autocmd("CursorHold", {
buffer = bufnr,
callback = function()
local opts = {
focusable = false,
close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" },
border = 'rounded',
source = 'always',
prefix = ' ',
scope = 'cursor',
}
vim.diagnostic.open_float(nil, opts)
end
})
-- Mappings (available if LSP is configured and attached to buffer)
-- See `:help vim.lsp.*` for documentation on any of the below functions
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gT', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
-- Show diagnostic popup on cursor hold
vim.api.nvim_create_autocmd("CursorHold", {
buffer = bufnr,
callback = function()
local opts = {
focusable = false,
close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" },
border = 'rounded',
source = 'always',
prefix = ' ',
scope = 'cursor',
}
vim.diagnostic.open_float(nil, opts)
end
})
end
local lspconfig = require 'lspconfig'
-- Add additional capabilities supported by nvim-cmp
local CAPABILITIES = require('cmp_nvim_lsp').default_capabilities()
--- Event handlers
local HANDLERS = {
-- TODO: replace with vim.lsp.protocol.Methods
["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, FLOAT_CONFIG),
["textDocument/signatureHelp"] = vim.lsp.with(vim.lsp.handlers.signature_help, FLOAT_CONFIG),
}
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
CAPABILITIES.textDocument.completion.completionItem.snippetSupport = true
local function setup(lsp, config)
if config == nil then
config = {}
end
config.capabilities = CAPABILITIES
config.handlers = HANDLERS
config.on_attach = on_attach
lspconfig[lsp].setup(config)
end
-- Add additional capabilities supported by nvim-cmp
local capabilities = require('cmp_nvim_lsp').default_capabilities()
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
capabilities.textDocument.completion.completionItem.snippetSupport = true
setup('nixd')
setup('bashls')
setup('clangd')
setup('cssls')
setup('eslint')
setup('ts_ls')
setup('denols')
setup('vuels')
setup('svelte')
setup('html')
setup('yamlls')
setup('jsonls', {
json = {
schemas = require('schemastore').json.schemas(),
validate = {
enable = true
}
}
})
setup('gopls', {
settings = {
gopls = { semanticTokens = true }
}
})
setup('phpactor')
setup('pylsp')
setup('solargraph') -- ruby
setup('rust_analyzer', {
settings = {
['rust-analyzer'] = {
checkOnSave = { extraArgs = { "--target-dir", "/tmp/rust-analyzer-check" } },
diagnostics = { disabled = { 'inactive-code' } },
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
capabilities.textDocument.completion.completionItem.snippetSupport = true
local use_denols_for_typescript = not(os.getenv('NVIM_USE_DENOLS') == nil)
for lsp_key, lsp_settings in pairs({
'ansiblels', ---------------------------- Ansible
'bashls', ------------------------------- Bash
'ccls', --------------------------------- C / C++ / Objective-C
'cssls', -------------------------------- CSS / SCSS / LESS
'dockerls', ----------------------------- Docker
['gopls'] = { --------------------------- Go
['settings'] = {
['gopls'] = {
['analyses'] = {
['unusedparams'] = true,
},
['staticcheck'] = true
},
},
},
'html', --------------------------------- HTML
['jdtls'] = { --------------------------- Java
['root_dir'] = nvim_lsp.util.root_pattern('.git', 'pom.xml', 'build.xml'),
['init_options'] = {
['jvm_args'] = {['java.format.settings.url'] = vim.fn.stdpath('config')..'/eclipse-formatter.xml'},
['workspace'] = vim.fn.stdpath('cache')..'/java-workspaces'
}
},
['jsonls'] = { -------------------------- JSON
['settings'] = {
['json'] = {
['schemas' ] = vim.list_extend(
{
{
['description'] = 'JSON schema for Caddy v2',
['fileMatch'] = { '*caddy*.json' },
['name'] = 'caddy_schema.json',
['url'] = vim.fn.stdpath('data')..'/json-schemas/caddy_schema.json',
},
},
require('schemastore').json.schemas()
),
['validate'] = { ['enable'] = true }
}
}
},
'nixd', --------------------------------- Nix
'phpactor', ----------------------------- PHP
'pylsp', -------------------------------- Python
'solargraph', --------------------------- Ruby
'rust_analyzer', ------------------------ Rust
['sqlls'] = {
['cmd'] = {vim.fn.stdpath('data')..'/nvm/versions/node/v12.19.0/bin/sql-language-server', 'up', '--method', 'stdio'}
},
['terraformls'] = { --------------------- Terraform
['filetypes'] = { 'terraform', 'hcl', 'tf' }
},
-- The TS/JS server is chosen depending on an environment variable,
-- since denols is nicer for Deno based projects
------------------------ Deno TS/JS
------------------------------------ Typescript / JavaScript
(use_denols_for_typescript and 'denols' or 'tsserver'),
'vuels', -------------------------------- Vue
'svelte', ------------------------------- Svelte
['yamlls'] = { -------------------------- YAML
['settings'] = {
['yaml'] = {
['schemas'] = {
['https://json.schemastore.org/github-workflow'] = '.github/workflows/*.{yml,yaml}',
['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}',
['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}',
['https://json.schemastore.org/swagger-2.0'] = 'swagger.{yml,yaml}',
}
}
}
}
}) do -- Setup all of the language servers. †
if type(lsp_key) == 'number' then -- Enable the LSP with defaults.
-- The `lsp` is an index in this case.
nvim_lsp[lsp_settings].setup{
on_attach = on_attach,
flags = {
debounce_text_changes = 150,
},
capabilities = capabilities,
}
else -- Use the LSP's configuration.
lsp_settings.on_attach = on_attach
lsp_settings.capabilities = capabilities
nvim_lsp[lsp_key].setup(lsp_settings)
end
end --
-- configure floating diagnostics appearance, symbols
local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect'
-- luasnip setup
local luasnip = require 'luasnip'
-- nvim-cmp setup
local cmp = require 'cmp'
cmp.setup {
snippet = {
expand = function(args)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = {
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end,
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
},
}
})
setup('sqlls')
setup('salt_ls')
setup('ansiblels')
setup('dockerls')
setup('docker_compose_language_service')
setup('terraformls')
-- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols
vim.g.markdown_fenced_languages = {
"ts=typescript"
}
-- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols
vim.g.markdown_fenced_languages = {
"ts=typescript"
}
-- Configure diagnostics
vim.diagnostic.config({
virtual_text = false,
signs = true,
underline = true,
update_in_insert = false,
severity_sort = false,
})
-- Configure diagnostics
vim.diagnostic.config({
virtual_text = false,
signs = true,
underline = true,
update_in_insert = false,
severity_sort = false,
})
-- Change diagnostic symbols in the sign column (gutter)
local signs = { Error = "x ", Warn = "! ", Hint = "? ", Info = "i " }
for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end
-- Change diagnostic symbols in the sign column (gutter)
local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end
EOF
" have a fixed column for the diagnostics to appear in
" this removes the jitter when warnings/errors flow in
set signcolumn=yes:2

95
modules/terminal-life/nvim/plugins.vim
View file

@ -1,8 +1,32 @@
" Happy yaml configuration
au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
let g:gutentags_file_list_command = 'git ls-files'
" quick-scope
" https://github.com/unblevable/quick-scope
let g:qs_highlight_on_keys = ['f', 'F', 't', 'T']
" Golang
" Go test, Def, Decls shortcut
nmap <Leader>got :GoTest<CR>:botright copen<CR>
autocmd FileType go nmap gd :GoDef<CR>
autocmd FileType go nmap gD :GoDecls<CR>
" Go formatting
autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist
" Caddyfile indentation
autocmd FileType caddyfile setlocal noexpandtab shiftwidth=8 tabstop=8 softtabstop=8 nolist
" vim-go disable text-objects
let g:go_textobj_enabled = 0
" disable vim-go :GoDef short cut (gd)
" this is handled by LanguageClient [LC]
let g:go_def_mapping_enabled = 0
" GitGutter and vim Magit
" inspired by: https://jakobgm.com/posts/vim/git-integration/
" Don't map gitgutter keys automatically, set them ourselves
@ -19,11 +43,17 @@ nmap <Leader>gu <Plug>(GitGutterUndoHunk) " git undo (chunk)
" Open vimagit pane
nnoremap <leader>gs :Magit<CR> " git status
" Push to remote
nnoremap <leader>gP :! git push<CR> " git Push
" Quick conflict resolution in git mergetool nvim
" http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/
nmap <Leader>[ :diffget //2<CR>
nmap <Leader>] :diffget //3<CR>
" netrw
let g:netrw_fastbrowse=0
" Auto-FMT rust code on save
let g:rustfmt_autosave = 1
@ -36,53 +66,22 @@ let g:highlightedyank_highlight_duration = 200
" Markdown options
let g:vim_markdown_folding_disabled = 1
" Haskell options
let g:haskell_enable_quantification = 1 " to enable highlighting of `forall`
let g:haskell_enable_recursivedo = 1 " to enable highlighting of `mdo` and `rec`
let g:haskell_enable_arrowsyntax = 1 " to enable highlighting of `proc`
let g:haskell_enable_pattern_synonyms = 1 " to enable highlighting of `pattern`
let g:haskell_enable_typeroles = 1 " to enable highlighting of type roles
let g:haskell_enable_static_pointers = 1 " to enable highlighting of `static`
let g:haskell_backpack = 1 " to enable highlighting of backpack keywords
" Emmet
let g:user_emmet_leader_key='<c-n>'
" Ack
if executable('ag')
let g:ackprg = 'ag --hidden --vimgrep'
endif
" nnn
let g:nnn#command = 'nnn -d -e -H -r'
nmap - :NnnPicker %<CR>
nmap <leader>n :NnnPicker %<CR>
nmap <leader>N :NnnPicker<CR>
lua <<EOF
local actions = require("telescope.actions")
local telescope = require("telescope")
telescope.setup{
defaults = {
mappings = {
n = {
["k"] = actions.move_selection_next,
["i"] = actions.move_selection_previous,
["I"] = actions.move_to_top,
["K"] = actions.move_to_bottom,
["<C-c>"] = actions.close,
},
},
},
pickers = {
find_files = {
-- `hidden = true` will still show the inside of `.git/` as it's not `.gitignore`d.
find_command = { "rg", "--files", "--hidden", "--glob", "!**/.git/*" },
},
},
extensions = {
fzf = {
fuzzy = true, -- false will only do exact matching
override_generic_sorter = true, -- override the generic sorter
override_file_sorter = true, -- override the file sorter
case_mode = "smart_case", -- or "ignore_case" or "respect_case"
}
}
}
telescope.load_extension('fzf')
local builtin = require('telescope.builtin')
vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
vim.keymap.set('n', '<leader>f/', builtin.live_grep, {})
vim.keymap.set('n', '<leader>f?', builtin.builtin, {})
vim.keymap.set('n', '<leader>fr', builtin.command_history, {})
vim.keymap.set('n', '<leader>fc', builtin.commands, {})
vim.keymap.set('n', '<leader>ft', builtin.treesitter, {})
require'colorizer'.setup()
EOF

36
modules/terminal-life/nvim/preview-file.nix Normal file
View file

@ -0,0 +1,36 @@
self:
with self; ''
IFS=':' read -r -a INPUT <<< "$1"
FILE=''${INPUT[0]}
CENTER=''${INPUT[1]}
if [[ "$1" =~ ^[A-Za-z]:\\ ]]; then
FILE=$FILE:''${INPUT[1]}
CENTER=''${INPUT[2]}
fi
if [[ -n "$CENTER" && ! "$CENTER" =~ ^[0-9] ]]; then
exit 1
fi
CENTER=''${CENTER/[^0-9]*/}
FILE="''${FILE/#\~\//$HOME/}"
if [ ! -r "$FILE" ]; then
echo "File not found ''${FILE}"
exit 1
fi
if [ -z "$CENTER" ]; then
CENTER=0
fi
exec cat "$FILE" \
| sed -e '/[#|\/\/ ?]-- copyright/,/[#\/\/]++/c\\' \
| ${pkgs.coreutils}/bin/tr -s '\n' \
| ${pkgs.bat}/bin/bat \
--style="''${BAT_STYLE:-numbers}" \
--color=always \
--pager=never \
--file-name="''$FILE" \
--highlight-line=$CENTER
''

20
modules/terminal-life/nvim/quickfixopenall.vim Normal file
View file

@ -0,0 +1,20 @@
"Usage:
" 1. Perform a vimgrep search
" :vimgrep /def/ *.rb
" 2. Issue QuickFixOpenAll command
" :QuickFixOpenAll
function! QuickFixOpenAll()
if empty(getqflist())
return
endif
let s:prev_val = ""
for d in getqflist()
let s:curr_val = bufname(d.bufnr)
if (s:curr_val != s:prev_val)
exec "edit " . s:curr_val
endif
let s:prev_val = s:curr_val
endfor
endfunction
command! QuickFixOpenAll call QuickFixOpenAll()

Some files were not shown because too many files have changed in this diff Show more