b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Compare commits

base: b12f:main
Branches Tags
b12f:main
b12f:feat/authelia
b12f:feat/email
b12f:b12f
..
compare: b12f:feat/authelia
Branches Tags
b12f:main
b12f:feat/authelia
b12f:feat/email
b12f:b12f

1 commit
main ... feat/authe

Author SHA1 Message Date
Benjamin Yule Bädorf 316bd06c0d
wireguard/ssh: add pub.solar wireguard config 2024-04-06 02:35:51 +02:00
210 changed files with 3735 additions and 3902 deletions
Show stats Expand all files Collapse all files

4
.editorconfig
View file

@ -20,8 +20,8 @@ indent_style = unset
indent_size = unset indent_size = unset
[{.*,secrets}/**] [{.*,secrets}/**]
end_of_line = false end_of_line = unset
insert_final_newline = false insert_final_newline = unset
trim_trailing_whitespace = unset trim_trailing_whitespace = unset
charset = unset charset = unset
indent_style = unset indent_style = unset

414
flake.lock
View file

@ -3,17 +3,17 @@
"adblock-unbound": { "adblock-unbound": {
"inputs": { "inputs": {
"adblockStevenBlack": "adblockStevenBlack", "adblockStevenBlack": "adblockStevenBlack",
"lancache-domains": "lancache-domains", "flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1704832551, "lastModified": 1688055723,
"narHash": "sha256-6xS/ANMIh3b4Ia3Ubl9rtb3LVw9QldihnP3IvuG9zwQ=", "narHash": "sha256-8WtkSAr4qYA3o6kiOCESK3rHJmIsa6TMBrT3/Cbfvro=",
"owner": "MayNiklas", "owner": "MayNiklas",
"repo": "nixos-adblock-unbound", "repo": "nixos-adblock-unbound",
"rev": "a5d3731836b1c2ca65834e07be03c02daca5b434", "rev": "9356ccd526fdcf91bfee7f0ebebae831349d43cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -41,18 +41,16 @@
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin", "darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1716561646, "lastModified": 1682101079,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -69,11 +67,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1700795494, "lastModified": 1696360011,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -87,7 +85,7 @@
"inputs": { "inputs": {
"devshell": "devshell", "devshell": "devshell",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
@ -115,11 +113,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1715699772, "lastModified": 1695052866,
"narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=", "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "b3ea6f333f9057b77efd9091119ba67089399ced", "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,27 +151,6 @@
"type": "github" "type": "github"
} }
}, },
"devshell_2": {
"inputs": {
"nixpkgs": [
"mezza-biz",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722113426,
"narHash": "sha256-Yo/3loq572A8Su6aY5GP56knpuKYRvM2a1meP9oJZCw=",
"owner": "numtide",
"repo": "devshell",
"rev": "67cce7359e4cd3c45296fb4aaf6a19e2a9c757ae",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -193,11 +170,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1673956053,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -211,11 +188,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1717285511, "lastModified": 1693611461,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -229,11 +206,11 @@
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1717285511, "lastModified": 1709336216,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -242,58 +219,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_4"
},
"locked": {
"lastModified": 1714606777,
"narHash": "sha256-bMkNmAXLj8iyTvxaaD/StcLSadbj1chPcJOjtuVnLmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4d34ce6412bc450b1d4208c953dc97c7fc764f1a",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -311,52 +252,31 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"agenix",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1703113217, "lastModified": 1710888565,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "ref": "release-23.11",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1716736833,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1708968331, "lastModified": 1706639736,
"narHash": "sha256-VUXLaPusCBvwM3zhGbRIJVeYluh2uWuqtj4WirQ1L9Y=", "narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "a33ef102a02ce77d3e39c25197664b7a636f9c30", "rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -365,73 +285,14 @@
"type": "github" "type": "github"
} }
}, },
"invoiceplane-template": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1712364633,
"narHash": "sha256-BfdaBTDA07ijUrK47aa8AMDTBB3nWYm74CBAwd/mllg=",
"ref": "refs/heads/main",
"rev": "8056309d6cf694647262a11415aceac68015cfd2",
"revCount": 22,
"type": "git",
"url": "https://git.pub.solar/b12f/invoiceplane-templates.git"
},
"original": {
"type": "git",
"url": "https://git.pub.solar/b12f/invoiceplane-templates.git"
}
},
"lancache-domains": {
"flake": false,
"locked": {
"lastModified": 1679999806,
"narHash": "sha256-oDZ2pSf8IgofRS4HaRppGcd4kHQj48AC9dkS++avYy8=",
"owner": "uklans",
"repo": "cache-domains",
"rev": "31b2ba1e0a7c419327cb97f589b508d78b9aecbf",
"type": "github"
},
"original": {
"owner": "uklans",
"repo": "cache-domains",
"type": "github"
}
},
"mezza-biz": {
"inputs": {
"devshell": "devshell_2",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1724541053,
"narHash": "sha256-bQiwF08H8GEi7lxNiJKc4Gu42K7zYeDPPqRCNYVnp7U=",
"ref": "refs/heads/main",
"rev": "0ee615488dec2685cee6ed558cbfcf9840e92b94",
"revCount": 10,
"type": "git",
"url": "https://git.pub.solar/b12f/mezza.biz.git"
},
"original": {
"type": "git",
"url": "https://git.pub.solar/b12f/mezza.biz.git"
}
},
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1715627339, "lastModified": 1696124168,
"narHash": "sha256-HJ6V7hc64iBqXlZ8kH4sXmUzPH+0Hn6wYURmZmL5LFk=", "narHash": "sha256-EzGHYAR7rozQQLZEHbKEcb5VpUFGoxwEsM0OWfW4wqU=",
"owner": "nixos", "owner": "nixos",
"repo": "mobile-nixos", "repo": "mobile-nixos",
"rev": "655c8830d5fe2eae79c8fc0bab8033b34c8456eb", "rev": "7cee346c3f8e73b25b1cfbf7a086a7652c11e0f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -445,11 +306,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1716767591, "lastModified": 1690426816,
"narHash": "sha256-e7mG0KhSnMkdgIGPKw6Bs2B6D44B/GB6Zo0NgxFxJTc=", "narHash": "sha256-vvOrLE6LlBVYigA1gSrlkknFwfuq9qmLA4h6ubiJ22g=",
"owner": "musnix", "owner": "musnix",
"repo": "musnix", "repo": "musnix",
"rev": "65f1b5863ff6157d4870ed177e8ccd82e21127ad", "rev": "e651b06f8a3ac7d71486984100e8a79334da8329",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -460,16 +321,15 @@
}, },
"nixd": { "nixd": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_2",
"flake-root": "flake-root",
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1717293270, "lastModified": 1710142672,
"narHash": "sha256-twDibXDWwmySk6C/hFUpeBewB5heSyCDDHWOAeRSp40=", "narHash": "sha256-MRClVDHMGXglXpSR+RflwnrY/ngePqrxOwiwoh5/BtU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixd", "repo": "nixd",
"rev": "be5ad5ec113595e2900e6391a08cf0e4784a9cfe", "rev": "eb40e5b315fafa1086f69be84918bbd9235e0a10",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -481,11 +341,11 @@
}, },
"nixos-flake": { "nixos-flake": {
"locked": { "locked": {
"lastModified": 1716406291, "lastModified": 1692742948,
"narHash": "sha256-qHjJ6alc4o3p51hrPp3JGdC5Pbz5EjF+UZq1HbK8av0=", "narHash": "sha256-19LQQFGshuQNrrXZYVt+mWY0O3NbhEXeMy3MZwzYZGo=",
"owner": "srid", "owner": "srid",
"repo": "nixos-flake", "repo": "nixos-flake",
"rev": "aa9100167350cbdffaa272b0fd382d7c23606b86", "rev": "2c25190ceacdaaae7e8afbecfa87096bb499a431",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -496,11 +356,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1717248095, "lastModified": 1686838567,
"narHash": "sha256-e8X2eWjAHJQT82AAN+mCI0B68cIDBJpqJ156+VRrFO0=", "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "7b49d3967613d9aacac5b340ef158d493906ba79", "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -527,48 +387,30 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1717284937, "dir": "lib",
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=", "lastModified": 1693471703,
"type": "tarball", "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" "owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
"type": "github"
}, },
"original": { "original": {
"type": "tarball", "dir": "lib",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz" "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
} }
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": {
"lastModified": 1717284937,
"narHash": "sha256-lIbdfCsf8LMFloheeE6N31+BMIeixqyQWbSr2vk79EQ=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/eb9ceca17df2ea50a250b6b27f7bf6ab0186f198.tar.gz"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1722555339,
"narHash": "sha256-uFf2QeW7eAHlYXuDktm9c25OxOyCoUOQmh5SZ9amE5Q=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/a5d394176e64ab29c852d03346c1fc9b0b7d33eb.tar.gz"
}
},
"nixpkgs-lib_4": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1714253743, "lastModified": 1709237383,
"narHash": "sha256-mdTQw2XlariysyScCv2tTE45QSU9v/ezLcHJ22f0Nxc=", "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "58a1abdbae3217ca6b702f03d3b35125d88a2994", "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -581,11 +423,11 @@
}, },
"nixpkgs-master": { "nixpkgs-master": {
"locked": { "locked": {
"lastModified": 1728551786, "lastModified": 1711717242,
"narHash": "sha256-wO3aWtTYEdaDwUdbA2bj3PTBKu3idTolOOnrPnzRo8o=", "narHash": "sha256-PW9J9sFw5DA4Fo3Cq4Soc+an6tjTS4VV2NxG6G0UMqw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "565db77725e0d5b0b448ecf4998239c3fddd374a", "rev": "824952ff6b32b0019465b139b5c76d915ec074ea",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -597,11 +439,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1728492678, "lastModified": 1711523803,
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=", "narHash": "sha256-UKcYiHWHQynzj6CN/vTcix4yd1eCu1uFdsuarupdCQQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7", "rev": "2726f127c15a4cc9810843b96cad73c7eb39e443",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -613,11 +455,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1716509168, "lastModified": 1690272529,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=", "narHash": "sha256-MakzcKXEdv/I4qJUtq/k/eG+rVmyOZLnYNC2w1mB59Y=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092", "rev": "ef99fa5c5ed624460217c31ac4271cfb5cb2502c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -629,11 +471,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1714562304, "lastModified": 1710097495,
"narHash": "sha256-Mr3U37Rh6tH0FbaDFu0aZDwk9mPAe7ASaqDOGgLqqLU=", "narHash": "sha256-B7Ea7q7hU7SE8wOPJ9oXEBjvB89yl2csaLjf5v/7jr8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "bcd44e224fd68ce7d269b4f44d24c2220fd821e7", "rev": "d40e866b1f98698d454dad8f592fe7616ff705a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -645,16 +487,16 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1728500571, "lastModified": 1711460390,
"narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=", "narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0", "rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-24.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -666,15 +508,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708750443, "lastModified": 1708706677,
"narHash": "sha256-fUIT9v5FGy9KbbPKBVcxw2rwxqLZUVElqTtZWM7FiNI=", "narHash": "sha256-fUIT9v5FGy9KbbPKBVcxw2rwxqLZUVElqTtZWM7FiNI=",
"owner": "tfc", "owner": "b12f",
"repo": "nixos-openstreetmap", "repo": "nixos-openstreetmap",
"rev": "0fd30b016eb838395d85948b9ecf00ff59b4581d", "rev": "9057f546a5762a6b1645a8d4c22f818e29908144",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tfc", "owner": "b12f",
"ref": "flake-nixosmodule",
"repo": "nixos-openstreetmap", "repo": "nixos-openstreetmap",
"type": "github" "type": "github"
} }
@ -687,10 +530,8 @@
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"home-manager": "home-manager_2", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"invoiceplane-template": "invoiceplane-template",
"mezza-biz": "mezza-biz",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"musnix": "musnix", "musnix": "musnix",
"nixd": "nixd", "nixd": "nixd",
@ -699,65 +540,16 @@
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"nixpkgs-master": "nixpkgs-master", "nixpkgs-master": "nixpkgs-master",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"openstreetmap": "openstreetmap", "openstreetmap": "openstreetmap"
"themes": "themes"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"themes": {
"locked": {
"lastModified": 1715166503,
"narHash": "sha256-eG3+PTzJntnMrO9J2fCtshU+XX18uI8iIjDKU9NkJXA=",
"owner": "RGBCube",
"repo": "ThemeNix",
"rev": "c188d0d729841f71f576dfb544e70c0340bf52a8",
"type": "github"
},
"original": {
"owner": "RGBCube",
"repo": "ThemeNix",
"type": "github"
} }
}, },
"utils": { "utils": {
"inputs": {
"systems": "systems_2"
},
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1667395993,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github" "type": "github"
}, },
"original": { "original": {

39
flake.nix
View file

@ -3,7 +3,7 @@
inputs = { inputs = {
# Track channels with commits tested and built by hydra # Track channels with commits tested and built by hydra
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master"; nixpkgs-master.url = "github:nixos/nixpkgs/master";
@ -12,11 +12,9 @@
flake-compat.url = "github:edolstra/flake-compat"; flake-compat.url = "github:edolstra/flake-compat";
flake-compat.flake = false; flake-compat.flake = false;
home-manager.url = "github:nix-community/home-manager/release-24.05"; home-manager.url = "github:nix-community/home-manager/release-23.11";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
themes.url = "github:RGBCube/ThemeNix";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixos-flake.url = "github:srid/nixos-flake"; nixos-flake.url = "github:srid/nixos-flake";
@ -39,20 +37,14 @@
adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound"; adblock-unbound.url = "github:MayNiklas/nixos-adblock-unbound";
adblock-unbound.inputs.nixpkgs.follows = "nixpkgs"; adblock-unbound.inputs.nixpkgs.follows = "nixpkgs";
openstreetmap.url = "github:tfc/nixos-openstreetmap"; openstreetmap.url = "github:b12f/nixos-openstreetmap/flake-nixosmodule";
openstreetmap.inputs.nixpkgs.follows = "nixpkgs"; openstreetmap.inputs.nixpkgs.follows = "nixpkgs";
deno2nix.url = "github:SnO2WMaN/deno2nix"; deno2nix.url = "github:SnO2WMaN/deno2nix";
invoiceplane-template.url = "git+https://git.pub.solar/b12f/invoiceplane-templates.git";
invoiceplane-template.inputs.nixpkgs.follows = "nixpkgs";
mezza-biz.url = "git+https://git.pub.solar/b12f/mezza.biz.git";
mezza-biz.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs @ {self, ...}: outputs = inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake {inherit inputs;} { inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
@ -60,9 +52,7 @@
imports = [ imports = [
inputs.nixos-flake.flakeModule inputs.nixos-flake.flakeModule
inputs.flake-parts.flakeModules.easyOverlay
./public-keys.nix ./public-keys.nix
./theme.nix
./lib ./lib
./modules ./modules
./hosts ./hosts
@ -70,23 +60,14 @@
./overlays ./overlays
]; ];
perSystem = args @ { perSystem = args@{ system, pkgs, lib, config, ... }: {
system,
pkgs,
config,
...
}: {
packages = import ./pkgs args;
overlayAttrs = config.packages;
_module.args = { _module.args = {
inherit inputs; inherit inputs;
pkgs = import inputs.nixpkgs { pkgs = import inputs.nixpkgs {
inherit system; inherit system;
overlays = [ overlays = with inputs; [
inputs.agenix.overlays.default agenix.overlays.default
inputs.nixd.overlays.default nixd.overlays.default
inputs.invoiceplane-template.overlays.default
]; ];
}; };
}; };
@ -94,7 +75,6 @@
devShells.default = pkgs.mkShell { devShells.default = pkgs.mkShell {
packages = with pkgs; [ packages = with pkgs; [
nix nix
nixd
agenix agenix
age-plugin-yubikey age-plugin-yubikey
cachix cachix
@ -111,7 +91,6 @@
deploy-rs deploy-rs
terraform-ls
opentofu opentofu
terraform-backend-git terraform-backend-git

19
hosts/biolimo/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

1
hosts/biolimo/configuration.nix
View file

@ -25,6 +25,7 @@ in {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
}; };
}; };

2
hosts/biolimo/default.nix
View file

@ -1,4 +1,4 @@
{...}: { { ... }: {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix

19
hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf
View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

18
hosts/chocolatebar/audio.nix
View file

@ -10,7 +10,7 @@ with lib; let
in { in {
musnix = { musnix = {
enable = true; enable = true;
kernel.realtime = false; kernel.realtime = true;
soundcardPciId = "0d:00.4"; soundcardPciId = "0d:00.4";
}; };
@ -23,12 +23,14 @@ in {
]; ];
}; };
services.pipewire.extraConfig.pipewire."92-low-latency" = { environment.etc = {
"context.properties" = { "pipewire/pipewire.conf.d/92-low-latency.conf".text = ''
"default.clock.rate" = 48000; context.properties = {
"default.clock.quantum" = 32; default.clock.rate = 48000
"default.clock.min-quantum" = 32; default.clock.quantum = 32
"default.clock.max-quantum" = 32; default.clock.min-quantum = 32
}; default.clock.max-quantum = 32
}
'';
}; };
} }

1
hosts/chocolatebar/configuration.nix
View file

@ -29,6 +29,7 @@ in {
pub-solar.terminal-life.full = true; pub-solar.terminal-life.full = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
drone-docker-runner
stdenv.cc.cc.lib stdenv.cc.cc.lib
hplip hplip
uhk-agent uhk-agent

4
hosts/chocolatebar/factorio/default.nix
View file

@ -39,6 +39,6 @@ in {
]; ];
}; };
networking.firewall.allowedUDPPorts = [34197]; networking.firewall.allowedUDPPorts = [ 34197 ];
networking.firewall.allowedTCPPorts = [34197]; networking.firewall.allowedTCPPorts = [ 34197 ];
} }

10
hosts/default.nix
View file

@ -1,12 +1,8 @@
{ withSystem, self, inputs, ...}:
{ {
self,
inputs,
...
}: {
flake = { flake = {
nixosConfigurations = { nixosConfigurations = {
stroopwafel = self.nixos-flake.lib.mkLinuxSystem { stroopwafel = self.nixos-flake.lib.mkLinuxSystem {
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
imports = [ imports = [
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
@ -69,6 +65,8 @@
self.nixosModules.base self.nixosModules.base
./droppie ./droppie
self.nixosModules.yule self.nixosModules.yule
self.nixosModules.acme
self.nixosModules.proxy
self.nixosModules.persistence self.nixosModules.persistence
]; ];
}; };
@ -139,7 +137,7 @@
self.nixosModules.graphical self.nixosModules.graphical
self.nixosModules.audio self.nixosModules.audio
self.nixosModules.bluetooth self.nixosModules.bluetooth
({...}: {pub-solar.graphical.wayland.software-renderer.enable = true;}) ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; })
]; ];
}; };
}; };

2
hosts/droppie/backup-autostop.nix
View file

@ -24,7 +24,7 @@ in {
}; };
systemd.timers."shutdown-after-backup" = { systemd.timers."shutdown-after-backup" = {
enable = false; enable = true;
timerConfig = { timerConfig = {
OnCalendar = "*-*-* 02..11:05,15,25,35,45,55:00 Etc/UTC"; OnCalendar = "*-*-* 02..11:05,15,25,35,45,55:00 Etc/UTC";
}; };

3
hosts/droppie/configuration.nix
View file

@ -20,11 +20,10 @@ in {
boot.kernelParams = [ boot.kernelParams = [
"boot.shell_on_fail=1" "boot.shell_on_fail=1"
"nomodeset"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed. # Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none" "ip=127.0.0.1:::::lo:none"
]; ];
boot.initrd.availableKernelModules = ["tg3"]; boot.initrd.availableKernelModules = [ "tg3" ];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;
ssh = { ssh = {

2
hosts/droppie/default.nix
View file

@ -5,5 +5,7 @@
./networking.nix ./networking.nix
./backup-autostop.nix ./backup-autostop.nix
./nginx.nix
./jellyfin.nix
]; ];
} }

92
hosts/droppie/hardware-configuration.nix
View file

@ -1,67 +1,57 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config, imports =
lib, [ (modulesPath + "/installer/scan/not-detected.nix")
pkgs, ];
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod"]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ];
boot.initrd.kernelModules = ["dm-snapshot"]; boot.initrd.kernelModules = [ "dm-snapshot" "amdgpu" ];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
boot.initrd.luks.devices = { boot.initrd.luks.devices."cryptroot" = {
"cryptroot" = { device = "/dev/sdb2";
device = "/dev/disk/by-uuid/08330ff9-581a-41e1-b8fa-757dc4c90b16"; allowDiscards = true;
allowDiscards = true; };
fileSystems."/" =
{ device = "none";
fsType = "tmpfs";
}; };
"cryptdata".device = "/dev/disk/by-uuid/bc9f00ea-027e-409b-87c9-ab5628683378";
};
fileSystems."/" = { fileSystems."/media/internal" =
device = "none"; { device = "/dev/disk/by-uuid/5cf314a8-82f4-4037-a724-62d2ff226cff";
fsType = "tmpfs"; fsType = "ext4";
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c"; { device = "/dev/disk/by-uuid/837cc93f-6d9a-4bfd-b089-29ac6d68127c";
fsType = "ext4"; fsType = "ext4";
neededForBoot = true; };
};
fileSystems."/persist" = { fileSystems."/persist" =
device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05"; { device = "/dev/disk/by-uuid/a7711118-51b0-4d84-8f18-ef2e06084e05";
fsType = "ext4"; fsType = "ext4";
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16"; { device = "/dev/disk/by-uuid/0965d496-ffad-4a8d-9de7-28af903baf16";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/991E-79C1"; { device = "/dev/disk/by-uuid/991E-79C1";
fsType = "vfat"; fsType = "vfat";
neededForBoot = true; };
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/data" = { swapDevices =
device = "/dev/disk/by-uuid/391db8c4-5654-4a5c-a5c8-e34811f54786"; [ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; }
fsType = "ext4"; ];
};
swapDevices = [
{device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769";}
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

44
hosts/droppie/jellyfin.nix Normal file
View file

@ -0,0 +1,44 @@
{
flake,
config,
pkgs,
lib,
...
}: {
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.jellyfin = {
enable = true;
openFirewall = false;
};
# from https://jellyfin.org/docs/general/networking/index.html
networking.firewall.allowedUDPPorts = [ 1900 7359 ];
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts = {
"media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "http://127.0.0.1:8096";
};
};
hardware.opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
];
};
}

7
hosts/droppie/networking.nix
View file

@ -10,12 +10,7 @@
networking.interfaces.enp2s0f1.useDHCP = true; networking.interfaces.enp2s0f1.useDHCP = true;
networking.interfaces.enp2s0f0 = { networking.interfaces.enp2s0f0 = {
ipv6.addresses = [ ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ];
{
address = "2a02:908:5b1:e3c0:3::";
prefixLength = 64;
}
];
}; };
# Allow pub.solar restic backups # Allow pub.solar restic backups

15
hosts/droppie/nginx.nix Normal file
View file

@ -0,0 +1,15 @@
{
flake,
config,
pkgs,
lib,
...
}: {
services.nginx = {
defaultListenAddresses = [
"192.168.178.3"
"10.13.12.3"
"[fd00:b12f:acab:1312:acab:3::]"
];
};
}

17
hosts/frikandel/authelia-forward.nix
View file

@ -1,17 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"auth.b12f.io" = {};
};
services.nginx.virtualHosts."auth.b12f.io" = {
forceSSL = true;
useACMEHost = "auth.b12f.io";
locations."/".proxyPass = "https://auth.b12f.io";
};
}

8
hosts/frikandel/configuration.nix
View file

@ -9,6 +9,7 @@ with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
@ -18,14 +19,13 @@ in {
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed. # Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none" "ip=127.0.0.1:::::lo:none"
]; ];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
boot.initrd.availableKernelModules = ["virtio_pci" "virtio_net"];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;
ssh = { ssh = {
enable = true; enable = true;
port = 2222; port = 2222;
hostKeys = [/boot/initrd-ssh-key]; hostKeys = [ /boot/initrd-ssh-key ];
authorizedKeys = flake.self.publicKeys; authorizedKeys = flake.self.publicKeys;
shell = "/bin/cryptsetup-askpass"; shell = "/bin/cryptsetup-askpass";
}; };
@ -43,7 +43,7 @@ in {
''; '';
}; };
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = [ "zfs" ];
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you

3
hosts/frikandel/default.nix
View file

@ -6,10 +6,9 @@
./networking.nix ./networking.nix
./unbound.nix ./unbound.nix
./nginx.nix ./nginx.nix
./invoiceplane-proxy.nix
./wireguard.nix ./wireguard.nix
./email.nix ./email.nix
./website.nix ./website.nix
# ./jellyfin-forward.nix
# ./authelia-forward.nix
]; ];
} }

115
hosts/frikandel/email.nix
View file

@ -5,15 +5,9 @@
lib, lib,
... ...
}: let }: let
hzDomain = lib.concatStrings ["hw" "dz" "z." "net"]; # hzDomain = lib.concatStrings [ "hw" "dz" "z." "net" ];
dkimDNSb12fio = '' dkimDNSb12fio = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ; default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyla9hW3TvoXvZQxwzaJ4SZ9ict1HU3E6+FWlwNIgE6tIpTCyRJtiSIUDqB8TLTIBoxIs+QQBXZi+QUi3Agu6OSY2RiV0EwO8+oOOqOD9pERftc/aqe51cXuv4kPqwvpXEBwrXFWVM+VxivEubUJ7eKkFyXJpelv0LslXv/MmYbUyed6dF+reOGZCsvnbiRv74qdxbAL/25j62E8WrnxzJwhUtx/JhdBOjsHBvuw9hy6rZsVJL9eXayWyGRV6qmsLRzsRSBs+mDrgmKk4dugADd11+A03ics3i8hplRoWDkqnNKz1qy4f5TsV6v9283IANrAzRfHwX8EvNiFsBz+ZCQIDAQAB" ) ;
'';
dkimDNSmezzabiz = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDG8iuDq0eon2k7QlBJWGxwDiEv53iJQu2uqxOjr7Ul/nfQjuR6kVKs6oOVopnyFTGRpffrpSHHW1YUN5nF76p0fJphk4l+QmJP36/xweajsNU27PAkb88xG6yRKl28MCfPdMR96+Jobpei8S0UhqcskYs1aZybm7ci9ZuAMidziwIDAQAB" ) ;
'';
dkimDNShzDomain = ''
default._domainkey IN TXT ( "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDvVA2XZno6g6qBdmxoLgX2Qmd883M6yV4YkE/VaNH6xcR0AcTo4hEYoAOPryfKn4FE/TYvyk/k2cyBKpMBn2qbVhwUavYQh/e9bweS2FKQvdzCUUoqXk04o2MqSXb2ZFwkUCtfrPcckBgpF754PDL4HMZGPnkMSdDX7bmYe37CWQIDAQAB") ;
''; '';
in { in {
age.secrets."b12f.io-dkim-private-rsa" = { age.secrets."b12f.io-dkim-private-rsa" = {
@ -29,49 +23,19 @@ in {
owner = "maddy"; owner = "maddy";
}; };
age.secrets."mezza.biz-dkim-private-rsa" = { users.users.maddy.extraGroups = [ "nginx" ];
file = "${flake.self}/secrets/mezza.biz-dkim-private-rsa.age";
path = "/var/lib/maddy/dkim_keys/mezza.biz_default.key";
mode = "400";
owner = "maddy";
};
age.secrets."mail@mezza.biz-password" = {
file = "${flake.self}/secrets/mail@mezza.biz-password.age";
mode = "400";
owner = "maddy";
};
age.secrets."hzdomain-dkim-private-rsa" = {
file = "${flake.self}/secrets/hzdomain-dkim-private-rsa.age";
path = "/var/lib/maddy/dkim_keys/hzdomain_default.key";
mode = "400";
owner = "maddy";
};
age.secrets."mail@hzdomain-password" = {
file = "${flake.self}/secrets/mail@hzdomain-password.age";
mode = "400";
owner = "maddy";
};
users.users.maddy.extraGroups = ["nginx"];
security.acme.certs = { security.acme.certs = {
"mail.b12f.io".reloadServices = ["maddy"]; "mail.b12f.io" = {
"b12f.io".reloadServices = ["maddy"]; reloadServices = [ "maddy" ];
};
"b12f.io" = {
reloadServices = [ "maddy" ];
};
"mta-sts.b12f.io" = {}; "mta-sts.b12f.io" = {};
"mail.mezza.biz".reloadServices = ["maddy"];
"mezza.biz".reloadServices = ["maddy"];
"mta-sts.mezza.biz" = {};
"mail.${hzDomain}".reloadServices = ["maddy"];
"${hzDomain}".reloadServices = ["maddy"];
"mta-sts.${hzDomain}" = {};
}; };
services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: services.nginx.virtualHosts = builtins.foldl' (hosts: hostName: hosts // {
hosts
// {
"mta-sts.${hostName}" = { "mta-sts.${hostName}" = {
forceSSL = true; forceSSL = true;
useACMEHost = "mta-sts.${hostName}"; useACMEHost = "mta-sts.${hostName}";
@ -88,23 +52,21 @@ in {
tryFiles = "$uri $uri/ =404"; tryFiles = "$uri $uri/ =404";
}; };
}; };
}) {} ["b12f.io" "mezza.biz" hzDomain]; }) {} [ "b12f.io" ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '/run/maddy' 0750 maddy maddy - -" "d '/run/maddy' 0750 maddy maddy - -"
]; ];
system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter ["var"] '' system.activationScripts.makeMaddyDKIMDNS = lib.stringAfter [ "var" ] ''
mkdir -p /var/lib/maddy/dkim_keys mkdir -p /var/lib/maddy/dkim_keys
echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns echo '${dkimDNSb12fio}' >> /var/lib/maddy/dkim_keys/b12f.io_default.dns
echo '${dkimDNSmezzabiz}' >> /var/lib/maddy/dkim_keys/mezza.biz_default.dns
echo '${dkimDNShzDomain}' >> /var/lib/maddy/dkim_keys/${hzDomain}_default.dns
chown -R maddy:maddy /var/lib/maddy chown -R maddy:maddy /var/lib/maddy
''; '';
networking.firewall.allowedTCPPorts = [25]; networking.firewall.allowedTCPPorts = [ 25 ];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [465 587 993]; networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 465 587 993 ];
services.maddy = { services.maddy = {
enable = true; enable = true;
@ -114,22 +76,14 @@ in {
localDomains = [ localDomains = [
"b12f.io" "b12f.io"
"mail.b12f.io" "mail.b12f.io"
"mezza.biz"
"mail.mezza.biz"
hzDomain
"mail.${hzDomain}"
]; ];
ensureAccounts = [ ensureAccounts = [
"mail@b12f.io" "mail@b12f.io"
"mail@mezza.biz"
"mail@${hzDomain}"
]; ];
ensureCredentials = { ensureCredentials = {
# Do not use this in production. This will make passwords world-readable # Do not use this in production. This will make passwords world-readable
# in the Nix store # in the Nix store
"mail@b12f.io".passwordFile = config.age.secrets."mail@b12f.io-password".path; "mail@b12f.io".passwordFile = config.age.secrets."mail@b12f.io-password".path;
"mail@mezza.biz".passwordFile = config.age.secrets."mail@mezza.biz-password".path;
"mail@${hzDomain}".passwordFile = config.age.secrets."mail@hzdomain-password".path;
}; };
tls = { tls = {
loader = "file"; loader = "file";
@ -142,22 +96,6 @@ in {
keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem"; keyPath = "${config.security.acme.certs."b12f.io".directory}/key.pem";
certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem"; certPath = "${config.security.acme.certs."b12f.io".directory}/cert.pem";
} }
{
keyPath = "${config.security.acme.certs."mail.mezza.biz".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.mezza.biz".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mezza.biz".directory}/key.pem";
certPath = "${config.security.acme.certs."mezza.biz".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/key.pem";
certPath = "${config.security.acme.certs."mail.${hzDomain}".directory}/cert.pem";
}
{
keyPath = "${config.security.acme.certs."${hzDomain}".directory}/key.pem";
certPath = "${config.security.acme.certs."${hzDomain}".directory}/cert.pem";
}
]; ];
}; };
config = '' config = ''
@ -207,7 +145,7 @@ in {
# replace rcpt to catchall and deliver it there # replace rcpt to catchall and deliver it there
destination $(local_domains) { destination $(local_domains) {
modify { modify {
replace_rcpt regexp "(.+)@(.+)" "mail@$2" replace_rcpt regexp ".*" "mail@$(primary_domain)"
} }
deliver_to &local_mailboxes deliver_to &local_mailboxes
} }
@ -313,26 +251,5 @@ in {
''; '';
}; };
systemd.services.rspamd.serviceConfig.SupplementaryGroups = ["maddy"]; systemd.services.rspamd.serviceConfig.SupplementaryGroups = [ "maddy" ];
age.secrets."rclone-pubsolar.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age";
mode = "400";
};
age.secrets."restic-password" = {
file = "${flake.self}/secrets/restic-password.age";
mode = "400";
};
services.restic.backups = {
maddy = {
paths = ["/var/lib/maddy"];
initialize = true;
passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Maddy";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path;
};
};
} }

37
hosts/frikandel/hardware-configuration.nix
View file

@ -1,21 +1,16 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = []; boot.kernelModules = [ ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
cryptroot = { cryptroot = {
@ -24,19 +19,19 @@
}; };
}; };
fileSystems."/" = { fileSystems."/" =
device = "zroot/root"; { device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/684A-5884"; { device = "/dev/disk/by-uuid/684A-5884";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices =
{device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389";} [ { device = "/dev/disk/by-uuid/a7d1cbb8-7c9e-4c3d-841a-add867f47389"; }
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

20
hosts/frikandel/invoiceplane-proxy.nix Normal file
View file

@ -0,0 +1,20 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"invoicing.b12f.io" = {};
};
services.nginx.virtualHosts = {
"invoicing.b12f.io" = {
forceSSL = true;
useACMEHost = "invoicing.b12f.io";
# This redirects to invoiceplane on pie
locations."/".proxyPass = "https://invoicing.b12f.io";
};
};
}

17
hosts/frikandel/jellyfin-forward.nix
View file

@ -1,17 +0,0 @@
{
flake,
config,
pkgs,
lib,
...
}: {
security.acme.certs = {
"media.b12f.io" = {};
};
services.nginx.virtualHosts."media.b12f.io" = {
forceSSL = true;
useACMEHost = "media.b12f.io";
locations."/".proxyPass = "https://media.b12f.io";
};
}

18
hosts/frikandel/networking.nix
View file

@ -8,8 +8,6 @@
networking.hostName = "frikandel"; networking.hostName = "frikandel";
networking.hostId = "44234773"; networking.hostId = "44234773";
networking.nameservers = [ networking.nameservers = [
"10.13.12.7"
"fd00:b12f:acab:1312:acab:7::"
"193.110.81.0" #dns0.eu "193.110.81.0" #dns0.eu
"2a0f:fc80::" #dns0.eu "2a0f:fc80::" #dns0.eu
"185.253.5.0" #dns0.eu "185.253.5.0" #dns0.eu
@ -19,18 +17,8 @@
# Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here) # Network configuration (Hetzner uses static IP assignments, and we don't use DHCP here)
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces.enp1s0 = { networking.interfaces.enp1s0 = {
ipv4.addresses = [ ipv4.addresses = [{ address = "128.140.109.213"; prefixLength = 32; }];
{ ipv6.addresses = [{ address = "2a01:4f8:c2c:b60::"; prefixLength = 64; }];
address = "128.140.109.213";
prefixLength = 32;
}
];
ipv6.addresses = [
{
address = "2a01:4f8:c2c:b60::";
prefixLength = 64;
}
];
}; };
networking.defaultGateway = { networking.defaultGateway = {
address = "172.31.1.1"; address = "172.31.1.1";
@ -41,5 +29,5 @@
interface = "enp1s0"; interface = "enp1s0";
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [ 80 443 ];
} }

24
hosts/frikandel/unbound.nix
View file

@ -29,8 +29,8 @@
owner = "unbound"; owner = "unbound";
}; };
networking.firewall.interfaces.wg-private.allowedUDPPorts = [53]; networking.firewall.interfaces.wg-private.allowedUDPPorts = [ 53 ];
networking.firewall.interfaces.wg-private.allowedTCPPorts = [53]; networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 53 ];
services.resolved.enable = false; services.resolved.enable = false;
services.unbound = { services.unbound = {
@ -56,15 +56,8 @@
]; ];
local-zone = [ local-zone = [
"\"b12f.io\" transparent" "\"b12f.io\" transparent"
"\"pub.solar\" transparent"
]; ];
local-data = [ local-data = [
"\"stroopwafel.b12f.io. 10800 IN A 10.13.12.5\""
"\"stroopwafel.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:5::\""
"\"chocolatebar.b12f.io. 10800 IN A 10.13.12.8\""
"\"chocolatebar.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:8::\""
"\"droppie.b12f.io. 10800 IN A 10.13.12.3\"" "\"droppie.b12f.io. 10800 IN A 10.13.12.3\""
"\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\"" "\"droppie.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:3::\""
@ -97,18 +90,6 @@
"\"b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" "\"b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.b12f.io. 10800 IN A 10.13.12.7\"" "\"mail.b12f.io. 10800 IN A 10.13.12.7\""
"\"mail.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" "\"mail.b12f.io. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mezza.biz. 10800 IN A 10.13.12.7\""
"\"mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.mezza.biz. 10800 IN A 10.13.12.7\""
"\"mail.mezza.biz. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
"\"h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
"\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
"\"mezza.git.pub.solar. 10800 IN CNAME git.pub.solar\""
]; ];
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
@ -136,4 +117,5 @@
}; };
}; };
}; };
} }

12
hosts/frikandel/website.nix
View file

@ -6,7 +6,6 @@
security.acme.certs = { security.acme.certs = {
"benjaminbaedorf.eu" = {}; "benjaminbaedorf.eu" = {};
"b12f.io" = {}; "b12f.io" = {};
"mezza.biz" = {};
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
@ -26,16 +25,5 @@
tryFiles = "$uri $uri/ =404"; tryFiles = "$uri $uri/ =404";
}; };
}; };
"mezza.biz" = {
forceSSL = true;
useACMEHost = "mezza.biz";
locations."/" = {
root = pkgs.mezza-biz;
index = "index.html";
tryFiles = "$uri $uri/ =404";
};
};
}; };
} }

29
hosts/frikandel/wireguard.nix
View file

@ -4,8 +4,7 @@
pkgs, pkgs,
lib, lib,
... ...
}: }: with lib; {
with lib; {
boot.kernel.sysctl = { boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1; "net.ipv4.ip_forward" = 1;
"net.ipv6.conf.wg-private.forwarding" = 1; "net.ipv6.conf.wg-private.forwarding" = 1;
@ -17,10 +16,10 @@ with lib; {
enable = true; enable = true;
enableIPv6 = true; enableIPv6 = true;
externalInterface = "enp1s0"; externalInterface = "enp1s0";
internalInterfaces = ["wg-private"]; internalInterfaces = [ "wg-private" ];
}; };
networking.firewall.allowedUDPPorts = [51899]; networking.firewall.allowedUDPPorts = [ 51899 ];
networking.firewall.extraForwardRules = [ networking.firewall.extraForwardRules = [
"iifname { != wg-private } reject" "iifname { != wg-private } reject"
@ -28,7 +27,7 @@ with lib; {
]; ];
systemd.services.wireguard-wg-private = { systemd.services.wireguard-wg-private = {
wantedBy = [ after = [
"network.target" "network.target"
"network-online.target" "network-online.target"
"nss-lookup.target" "nss-lookup.target"
@ -45,7 +44,7 @@ with lib; {
}; };
}; };
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-frikandel.age"; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-frikandel-server.age";
# Enable WireGuard # Enable WireGuard
networking.wireguard.interfaces = { networking.wireguard.interfaces = {
@ -58,8 +57,7 @@ with lib; {
]; ];
privateKeyFile = config.age.secrets.wg-private-key.path; privateKeyFile = config.age.secrets.wg-private-key.path;
peers = [ peers = [
{ { # pie
# pie
publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw="; publicKey = "hPTXEqQ2GYEywdPNdZBacwB9KKcoFZ/heClxnqmizyw=";
allowedIPs = [ allowedIPs = [
"10.13.12.2/32" "10.13.12.2/32"
@ -68,8 +66,7 @@ with lib; {
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ { # droppie
# droppie
publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw="; publicKey = "qsnBMoj9Z16D8PJ5ummRtIfT5AiMpoF3SoOCo4sbyiw=";
allowedIPs = [ allowedIPs = [
"10.13.12.3/32" "10.13.12.3/32"
@ -78,8 +75,7 @@ with lib; {
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ { # chocolatebar
# chocolatebar
publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A="; publicKey = "nk8EtGE/QsnSEm1lhLS3/w83nOBD2OGYhODIf92G91A=";
allowedIPs = [ allowedIPs = [
"10.13.12.5/32" "10.13.12.5/32"
@ -88,8 +84,7 @@ with lib; {
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ { # biolimo
# biolimo
publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc="; publicKey = "4ymN7wwBuhF+h+5fFN0TqXmVyOe1AsWiTqRL0jJ3CDc=";
allowedIPs = [ allowedIPs = [
"10.13.12.6/32" "10.13.12.6/32"
@ -98,8 +93,7 @@ with lib; {
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ { # stroopwafel
# stroopwafel
publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU="; publicKey = "5iNRg13utOJ30pX2Z8SjwPNUFwfH2zonlbeYW2mKFkU=";
allowedIPs = [ allowedIPs = [
"10.13.12.8/32" "10.13.12.8/32"
@ -108,8 +102,7 @@ with lib; {
persistentKeepalive = 30; persistentKeepalive = 30;
dynamicEndpointRefreshSeconds = 30; dynamicEndpointRefreshSeconds = 30;
} }
{ { # fp3
# fp3
publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI="; publicKey = "wQJXFibxhWkyUbRPrPt5y/YfDnH3gDQ5a/PWoyxDfDI=";
allowedIPs = [ allowedIPs = [
"10.13.12.9/32" "10.13.12.9/32"

3
hosts/iso/default.nix
View file

@ -4,7 +4,6 @@
... ...
}: { }: {
isoImage.squashfsCompression = "gzip -Xcompression-level 1"; isoImage.squashfsCompression = "gzip -Xcompression-level 1";
systemd.services.sshd.wantedBy = lib.mkForce ["multi-user.target"]; systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
networking.networkmanager.enable = false; networking.networkmanager.enable = false;
services.openssh.openFirewall = lib.mkForce true;
} }

8
hosts/maoam/default.nix
View file

@ -1,12 +1,8 @@
{ { flake, pkgs, ... }: {
flake,
pkgs,
...
}: {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") {device = "pine64-pinephone";}) ((import "${flake.inputs.mobile-nixos}/lib/configuration.nix") { device = "pine64-pinephone"; })
"${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix" "${flake.inputs.mobile-nixos}/examples/phosh/phosh.nix"
]; ];
} }

6
hosts/maoam/hardware-configuration.nix
View file

@ -1,10 +1,6 @@
# NOTE: this file was generated by the Mobile NixOS installer. # NOTE: this file was generated by the Mobile NixOS installer.
{ config, lib, pkgs, ... }:
{ {
config,
lib,
pkgs,
...
}: {
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004"; device = "/dev/disk/by-uuid/51a668b8-fa2e-4d3e-ac3f-73ca002d0004";

5
hosts/pie/.env.firefly
View file

@ -149,12 +149,13 @@ MAP_DEFAULT_ZOOM=6
# #
# LDAP is no longer supported :( # LDAP is no longer supported :(
# #
AUTHENTICATION_GUARD=remote_user_guard AUTHENTICATION_GUARD=web
# #
# Remote user guard settings # Remote user guard settings
# #
AUTHENTICATION_GUARD_HEADER=Remote-Email AUTHENTICATION_GUARD_HEADER=REMOTE_USER
AUTHENTICATION_GUARD_EMAIL=
# #
# Firefly III supports webhooks. These are security sensitive and must be enabled manually first. # Firefly III supports webhooks. These are security sensitive and must be enabled manually first.

95
hosts/pie/authelia.nix
View file

@ -1,22 +1,14 @@
{ {
flake,
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
disabledModules = [
"services/security/authelia.nix"
];
imports = [
"${flake.inputs.nixpkgs-master}/nixos/modules/services/security/authelia.nix"
];
age.secrets."authelia-storage-encryption-key" = { age.secrets."authelia-storage-encryption-key" = {
file = "${flake.self}/secrets/authelia-storage-encryption-key.age"; file = "${flake.self}/secrets/authelia-storage-encryption-key.age";
mode = "400"; mode = "400";
@ -35,24 +27,6 @@ in {
owner = "authelia-b12f"; owner = "authelia-b12f";
}; };
age.secrets."authelia-oidc-issuer-private-key" = {
file = "${flake.self}/secrets/authelia-oidc-issuer-private-key.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-oidc-hmac-secret" = {
file = "${flake.self}/secrets/authelia-oidc-hmac-secret.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-jwks-private-key" = {
file = "${flake.self}/secrets/authelia-jwks-private-key.age";
mode = "400";
owner = "authelia-b12f";
};
age.secrets."authelia-users-file" = { age.secrets."authelia-users-file" = {
file = "${flake.self}/secrets/authelia-users-file.age"; file = "${flake.self}/secrets/authelia-users-file.age";
mode = "400"; mode = "400";
@ -73,10 +47,10 @@ in {
"auth.b12f.io" = { "auth.b12f.io" = {
forceSSL = true; forceSSL = true;
useACMEHost = "auth.b12f.io"; useACMEHost = "auth.b12f.io";
locations."/".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}"; locations."/".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}";
locations."/".extraConfig = "include /etc/nginx/conf-available/proxy.conf;"; locations."/".extraConfig = "include /etc/nginx/conf-available/proxy.conf;";
locations."/api/verify".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}"; locations."/api/verify".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}";
locations."/api/authz".proxyPass = "http://${config.services.authelia.instances.b12f.settings.server.address}"; locations."/api/authz".proxyPass = "http://127.0.0.1:${builtins.toString config.services.authelia.instances.b12f.settings.server.port}";
}; };
}; };
@ -87,12 +61,6 @@ in {
storageEncryptionKeyFile = config.age.secrets."authelia-storage-encryption-key".path; storageEncryptionKeyFile = config.age.secrets."authelia-storage-encryption-key".path;
sessionSecretFile = config.age.secrets."authelia-session-secret".path; sessionSecretFile = config.age.secrets."authelia-session-secret".path;
jwtSecretFile = config.age.secrets."authelia-jwt-secret".path; jwtSecretFile = config.age.secrets."authelia-jwt-secret".path;
oidcIssuerPrivateKeyFile = config.age.secrets."authelia-oidc-issuer-private-key".path;
oidcHmacSecretFile = config.age.secrets."authelia-oidc-hmac-secret".path;
};
environmentVariables = {
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets."mail@b12f.io-password".path;
}; };
settings = { settings = {
@ -100,12 +68,12 @@ in {
default_2fa_method = "webauthn"; default_2fa_method = "webauthn";
log.level = "debug"; log.level = "debug";
server = { server = {
address = "127.0.0.1:9092"; port = 9092;
endpoints.authz.auth-request.implementation = "AuthRequest"; host = "127.0.0.1";
}; };
authentication_backend = { authentication_backend = {
refresh_interval = "disable"; refresh_interval = "disable";
password_reset.disable = true; password_reset = { disable = true; };
file = { file = {
path = config.age.secrets."authelia-users-file".path; path = config.age.secrets."authelia-users-file".path;
watch = false; watch = false;
@ -116,61 +84,32 @@ in {
totp.issuer = "auth.b12f.io"; totp.issuer = "auth.b12f.io";
storage.local.path = "/var/lib/authelia-b12f/db.sqlite3"; storage.local.path = "/var/lib/authelia-b12f/db.sqlite3";
access_control.default_policy = "two_factor"; access_control.default_policy = "two_factor";
session.cookies = [ session = {
{ domain = "auth.b12f.io";
domain = "b12f.io"; # authelia_url = "https://auth.b12f.io";
authelia_url = "https://auth.b12f.io"; };
} notifier.disable_startup_check = true;
];
notifier.smtp = { notifier.smtp = {
address = "submission://mail.b12f.io:587"; host = "mail.b12f.io";
port = 587;
username = "mail@b12f.io"; username = "mail@b12f.io";
sender = "auth.b12f.io <mail@b12f.io>"; sender = "auth.b12f.io <mail@b12f.io>";
identifier = "auth@b12f.io"; identifier = "auth@b12f.io";
subject = "[auth.b12f.io] {title}"; subject = "[auth.b12f.io] {title}";
}; };
identity_providers.oidc = {
authorization_policies = {
admins = {
default_policy = "deny";
rules = [{
policy = "two_factor";
subject = "group:admins";
}];
};
};
clients = [
{
client_id = "jellyfin";
client_secret = "$pbkdf2-sha512$310000$koY0g1AqL.fEeQUJcE48SA$b9G4p7qquc6M9rSTnR.Ac3Le9KS25zbTN0aNiXT4sxag7Kstu4Pt66/sVlAh3lIS4CGjLcPA2GvjhXnapC.ziQ";
public = false;
authorization_policy = "admins";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [ "https://media.b12f.io/sso/OID/redirect/authelia" ];
scopes = [
"openid"
"profile"
"groups"
];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
}; };
}; };
systemd.services.authelia-b12f.preStart = "env"; systemd.services.authelia-b12f.environment.AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = config.age.secrets."mail@b12f.io-password".path;
services.restic.backups = { services.restic.backups = {
authelia = { authelia = {
paths = ["/var/lib/authelia-b12f"]; paths = [ "/var/lib/authelia-b12f" ];
initialize = true; initialize = true;
passwordFile = config.age.secrets."restic-password".path; passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Authelia"; repository = "rclone:cloud.pub.solar:/backups/Authelia";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path; rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
}; };
}; };
} }

4
hosts/pie/backup.nix
View file

@ -8,8 +8,8 @@
psCfg = config.pub-solar; psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in { in {
age.secrets."rclone-pubsolar.conf" = { age.secrets."rclone-pie.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age"; file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf"; path = "/root/.config/rclone/rclone.conf";
mode = "400"; mode = "400";
}; };

9
hosts/pie/configuration.nix
View file

@ -20,7 +20,8 @@ in {
boot.loader.systemd-boot.enable = false; boot.loader.systemd-boot.enable = false;
boot.loader.generic-extlinux-compatible.enable = false; boot.loader.generic-extlinux-compatible.enable = false;
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = [ "zfs" ];
boot.kernelPackages = pkgs.linuxPackages_6_1_hardened;
boot.kernelParams = [ boot.kernelParams = [
"boot.shell_on_fail=1" "boot.shell_on_fail=1"
@ -28,7 +29,7 @@ in {
"ip=127.0.0.1:::::lo:none" "ip=127.0.0.1:::::lo:none"
]; ];
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3 # See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = ["genet"]; boot.initrd.availableKernelModules = [ "genet" ];
boot.initrd.network = { boot.initrd.network = {
enable = true; enable = true;
ssh = { ssh = {
@ -50,10 +51,6 @@ in {
''; '';
}; };
# Ran into this
# https://discourse.nixos.org/t/logrotate-config-fails-due-to-missing-group-30000/28501
services.logrotate.checkConfig = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

19
hosts/pie/dhcpd.nix
View file

@ -1,9 +1,6 @@
{ pkgs, adblock-unbound, ... }:
{ {
pkgs, networking.firewall.allowedUDPPorts = [ 67 547 ];
adblock-unbound,
...
}: {
networking.firewall.allowedUDPPorts = [67 547];
networking.firewall.extraInputRules = '' networking.firewall.extraInputRules = ''
ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server" ip6 daddr ff02::1:2/128 udp dport 547 accept comment "DHCPv6 server"
''; '';
@ -33,7 +30,7 @@
{ {
subnet = "192.168.178.0/24"; subnet = "192.168.178.0/24";
pools = [ pools = [
{pool = "192.168.178.2 - 192.168.178.255";} { pool = "192.168.178.2 - 192.168.178.255"; }
]; ];
option-data = [ option-data = [
@ -103,19 +100,19 @@
subnet = "2a02:908:5b1:e3c0::/64"; subnet = "2a02:908:5b1:e3c0::/64";
pools = [ pools = [
{pool = "2a02:908:5b1:e3c0::/72";} { pool = "2a02:908:5b1:e3c0::/72"; }
]; ];
ddns-qualifying-suffix = "local."; ddns-qualifying-suffix = "local.";
option-data = [ option-data = [
{ {
name = "dns-servers"; name = "dns-servers";
data = "2a02:908:5b1:e3c0:2::"; data = "2a02:908:5b1:e3c0:2::";
} }
{ {
name = "domain-search"; name = "domain-search";
data = "local"; data = "local";
} }
]; ];

20
hosts/pie/firefly.nix
View file

@ -39,8 +39,6 @@ in {
forceSSL = true; forceSSL = true;
useACMEHost = "firefly.b12f.io"; useACMEHost = "firefly.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;"; extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
# Make api calls skip the nginx proxy auth
locations."/api/v1".proxyPass = "http://127.0.0.1:8080";
locations."/".proxyPass = "http://127.0.0.1:8080"; locations."/".proxyPass = "http://127.0.0.1:8080";
locations."/".extraConfig = '' locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf; include /etc/nginx/conf-available/proxy.conf;
@ -80,14 +78,14 @@ in {
volumes = [ volumes = [
"/var/lib/firefly/upload:/var/www/html/storage/upload" "/var/lib/firefly/upload:/var/www/html/storage/upload"
]; ];
extraOptions = ["--network=firefly"]; extraOptions = [ "--network=firefly" ];
environmentFiles = [ environmentFiles = [
./.env.firefly ./.env.firefly
config.age.secrets."firefly-secrets.env".path config.age.secrets."firefly-secrets.env".path
config.age.secrets."firefly-cron-secrets.env".path config.age.secrets."firefly-cron-secrets.env".path
]; ];
ports = ["127.0.0.1:8080:8080"]; ports = [ "127.0.0.1:8080:8080" ];
dependsOn = ["firefly-db"]; dependsOn = [ "firefly-db" ];
}; };
containers."firefly-db" = { containers."firefly-db" = {
@ -96,7 +94,7 @@ in {
volumes = [ volumes = [
"/var/lib/firefly/db:/var/lib/postgresql/data" "/var/lib/firefly/db:/var/lib/postgresql/data"
]; ];
extraOptions = ["--network=firefly"]; extraOptions = [ "--network=firefly" ];
environmentFiles = [ environmentFiles = [
config.age.secrets."firefly-db-secrets.env".path config.age.secrets."firefly-db-secrets.env".path
]; ];
@ -105,8 +103,8 @@ in {
containers."firefly-importer" = { containers."firefly-importer" = {
image = "fireflyiii/data-importer:latest"; image = "fireflyiii/data-importer:latest";
autoStart = true; autoStart = true;
extraOptions = ["--network=firefly"]; extraOptions = [ "--network=firefly" ];
ports = ["127.0.0.1:8081:8080"]; ports = [ "127.0.0.1:8081:8080" ];
environment = { environment = {
FIREFLY_III_URL = "https://firefly.b12f.io"; FIREFLY_III_URL = "https://firefly.b12f.io";
}; };
@ -114,7 +112,7 @@ in {
./.env.firefly-importer ./.env.firefly-importer
config.age.secrets."firefly-importer-secrets.env".path config.age.secrets."firefly-importer-secrets.env".path
]; ];
dependsOn = ["firefly"]; dependsOn = [ "firefly" ];
}; };
containers."firefly-cron" = { containers."firefly-cron" = {
@ -128,7 +126,7 @@ in {
environmentFiles = [ environmentFiles = [
config.age.secrets."firefly-cron-secrets.env".path config.age.secrets."firefly-cron-secrets.env".path
]; ];
extraOptions = ["--network=firefly"]; extraOptions = [ "--network=firefly" ];
}; };
}; };
}; };
@ -150,7 +148,7 @@ in {
backupPrepareCommand = '' backupPrepareCommand = ''
${pkgs.docker-client}/bin/docker exec -t firefly-db pg_dumpall -c -U firefly > "${backupDir}/postgres.sql" ${pkgs.docker-client}/bin/docker exec -t firefly-db pg_dumpall -c -U firefly > "${backupDir}/postgres.sql"
''; '';
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path; rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
}; };
}; };
} }

41
hosts/pie/hardware-configuration.nix
View file

@ -1,22 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [ imports = [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "usbhid" "uas" "usb_storage"]; boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" "uas" "usb_storage" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = []; boot.kernelModules = [ ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = [ "zfs" ];
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
cryptroot = { cryptroot = {
@ -25,19 +21,20 @@
}; };
}; };
fileSystems."/" = { fileSystems."/" =
device = "zroot/root"; { device = "zroot/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/0D5D-B809"; { device = "/dev/disk/by-uuid/0D5D-B809";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices =
[ { device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9"; }
];
swapDevices = [
{device = "/dev/disk/by-uuid/af71e930-42ce-4174-a098-4ea5753b1ea9";}
];
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";

11
hosts/pie/invoiceplane.nix
View file

@ -28,6 +28,11 @@ in {
"invoicing.b12f.io" = { "invoicing.b12f.io" = {
forceSSL = true; forceSSL = true;
useACMEHost = "invoicing.b12f.io"; useACMEHost = "invoicing.b12f.io";
extraConfig = "include /etc/nginx/conf-available/authelia-location.conf;";
locations."/".extraConfig = ''
include /etc/nginx/conf-available/proxy.conf;
include /etc/nginx/conf-available/authelia-authrequest.conf;
'';
}; };
}; };
@ -44,8 +49,6 @@ in {
createLocally = false; createLocally = false;
}; };
invoiceTemplates = [pkgs.invoiceplane-template];
extraConfig = '' extraConfig = ''
SETUP_COMPLETED=true SETUP_COMPLETED=true
DISABLE_SETUP=true DISABLE_SETUP=true
@ -72,7 +75,7 @@ in {
containers."invoiceplane-db" = { containers."invoiceplane-db" = {
image = "mariadb:11"; image = "mariadb:11";
autoStart = true; autoStart = true;
ports = ["127.0.0.1:3306:3306"]; ports = [ "127.0.0.1:3306:3306" ];
volumes = [ volumes = [
"/var/lib/invoiceplane/db:/var/lib/mysql" "/var/lib/invoiceplane/db:/var/lib/mysql"
]; ];
@ -101,7 +104,7 @@ in {
PW=$(cat ${config.age.secrets."invoiceplane-db-password".path}) PW=$(cat ${config.age.secrets."invoiceplane-db-password".path})
${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql" ${pkgs.docker-client}/bin/docker exec -t invoiceplane-db mariadb-dump --all-databases --password=$PW --user=invoiceplane > "${backupDir}/postgres.sql"
''; '';
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path; rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
}; };
}; };
} }

17
hosts/pie/networking.nix
View file

@ -15,25 +15,16 @@
networking.interfaces.enabcm6e4ei0 = { networking.interfaces.enabcm6e4ei0 = {
ipv4.addresses = [ ipv4.addresses = [
{ { address = "192.168.178.2"; prefixLength = 32; }
address = "192.168.178.2";
prefixLength = 32;
}
]; ];
ipv6.addresses = [ ipv6.addresses = [
{ { address = "2a02:908:5b1:e3c0:2::"; prefixLength = 128; }
address = "2a02:908:5b1:e3c0:2::"; { address = "fe80:b12f:acab:1312:acab:2::"; prefixLength = 128; }
prefixLength = 128;
}
{
address = "fe80:b12f:acab:1312:acab:2::";
prefixLength = 128;
}
]; ];
}; };
networking.hosts = { networking.hosts = {
"192.168.178.3" = ["droppie-initrd.b12f.io"]; "192.168.178.3" = [ "droppie-initrd.b12f.io" ];
}; };
services.openssh.allowSFTP = true; services.openssh.allowSFTP = true;

71
hosts/pie/paperless.nix
View file

@ -13,41 +13,34 @@ with lib; let
backupDir = "/var/lib/PaperlessBackup"; backupDir = "/var/lib/PaperlessBackup";
consumptionDir = "/var/lib/scandir"; consumptionDir = "/var/lib/scandir";
scan2paperless = with pkgs; scan2paperless = with pkgs; writeShellScriptBin "scan2paperless" ''
writeShellScriptBin "scan2paperless" '' DEVICE=$1
DEVICE=$1 NUM_PAGES=$2
NUM_PAGES=$2 NAME=$3
NAME=$3
if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then if [ -z "''${DEVICE}" ] || [ -z "''${NUM_PAGES}" ] || [ -z "''${NAME}" ]; then
echo "Usage: scan2paperless <device> <num_pages> <name>" echo "Usage: scan2paperless <device> <num_pages> <name>"
exit 1 exit 1
fi fi
tmpDir=$(${coreutils}/bin/mktemp -d) tmpDir=$(${coreutils}/bin/mktemp -d)
files=() files=()
for i in $(seq 1 $NUM_PAGES); do for i in $(seq 1 $NUM_PAGES); do
fileName=$(${openssl}/bin/openssl rand -hex 12) fileName=$(${openssl}/bin/openssl rand -hex 12)
file="$tmpDir/$fileName.jpg" file="$tmpDir/$fileName.jpg"
echo "Start scanning page $i/$NUM_PAGES"; echo "Start scanning page $i/$NUM_PAGES";
${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file ${sane-backends}/bin/scanimage -d $DEVICE --format=jpeg --resolution 300 --progress -o $file
echo "Finished scanning page $i"; echo "Finished scanning page $i";
files+=($file) files+=($file)
done done
pdf="${consumptionDir}/$NAME.pdf" pdf="${consumptionDir}/$NAME.pdf"
${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]} ${python3Packages.img2pdf}/bin/img2pdf --output $pdf ''${files[@]}
echo "PDF written to $pdf" echo "PDF written to $pdf"
''; '';
in { in {
age.secrets."paperless.env" = {
file = "${flake.self}/secrets/paperless.env.age";
mode = "400";
owner = "paperless";
};
################################# #################################
# Paperless service and proxy # Paperless service and proxy
################################# #################################
@ -74,17 +67,14 @@ in {
consumptionDir = consumptionDir; consumptionDir = consumptionDir;
dataDir = dataDir; dataDir = dataDir;
address = "127.0.0.1"; address = "127.0.0.1";
settings = { extraConfig = {
PAPERLESS_OCR_LANGUAGE = "nld+deu"; PAPERLESS_OCR_LANGUAGE = "nld+deu";
PAPERLESS_URL = "https://paperless.b12f.io"; PAPERLESS_URL = "https://paperless.b12f.io";
PAPERLESS_DISABLE_REGULAR_LOGIN = "True"; PAPERLESS_DISABLE_REGULAR_LOGIN = "True";
PAPERLESS_ENABLE_HTTP_REMOTE_USER = "True"; PAPERLESS_ENABLE_HTTP_REMOTE_USER = "True";
PAPERLESS_EMAIL_TASK_CRON = "*/2 * * * *";
}; };
}; };
systemd.services.paperless-web.serviceConfig.EnvironmentFile = [config.age.secrets."paperless.env".path];
################################# #################################
# Scanning # Scanning
################################# #################################
@ -121,7 +111,7 @@ in {
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [
"30 1 * * * paperless ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}' /var/lib/fetch-hostingde-invoices/ids" "30 1 * * * paperless ${pkgs.fetch-hostingde-invoices}/bin/fetch-hostingde-invoices '${config.age.secrets."hosting-de-invoice-sync-api-key".path}' '${consumptionDir}'"
]; ];
}; };
@ -134,11 +124,11 @@ in {
"d '${backupDir}' 0700 paperless users - -" "d '${backupDir}' 0700 paperless users - -"
"d '${consumptionDir}' 0700 paperless users - -" "d '${consumptionDir}' 0700 paperless users - -"
"d /tmp/paperless 0700 paperless users - -" "d /tmp/paperless 0700 paperless users - -"
"d /var/lib/fetch-hostingde-invoices 0700 paperless users - -"
]; ];
age.secrets."rclone-pubsolar.conf" = { age.secrets."rclone-pie.conf" = {
file = "${flake.self}/secrets/rclone-pubsolar.conf.age"; file = "${flake.self}/secrets/rclone-pie.conf.age";
path = "/root/.config/rclone/rclone.conf";
mode = "400"; mode = "400";
}; };
@ -149,16 +139,13 @@ in {
services.restic.backups = { services.restic.backups = {
paperless = { paperless = {
paths = [ paths = [ backupDir ];
backupDir
"/var/lib/fetch-hostingde-invoices"
];
initialize = true; initialize = true;
passwordFile = config.age.secrets."restic-password".path; passwordFile = config.age.secrets."restic-password".path;
# See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/ # See https://www.hosting.de/blog/verschluesselte-backups-mit-rclone-und-restic-in-nextcloud/
repository = "rclone:cloud.pub.solar:/backups/Paperless"; repository = "rclone:cloud.pub.solar:/backups/Paperless";
backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p"; backupPrepareCommand = "${dataDir}/paperless-manage document_exporter ${backupDir} -c -p";
rcloneConfigFile = config.age.secrets."rclone-pubsolar.conf".path; rcloneConfigFile = config.age.secrets."rclone-pie.conf".path;
}; };
}; };
} }

24
hosts/pie/unbound.nix
View file

@ -29,8 +29,8 @@
owner = "unbound"; owner = "unbound";
}; };
networking.firewall.allowedUDPPorts = [53]; networking.firewall.allowedUDPPorts = [ 53 ];
networking.firewall.allowedTCPPorts = [53]; networking.firewall.allowedTCPPorts = [ 53 ];
services.resolved.enable = false; services.resolved.enable = false;
services.unbound = { services.unbound = {
@ -45,17 +45,17 @@
"::1" "::1"
"192.168.178.2" "192.168.178.2"
"fd00:b12f:acab:1312:acab:2::" "2a02:908:5b1:e3c0:2::"
]; ];
access-control = [ access-control = [
"127.0.0.1/32 allow" "127.0.0.1/32 allow"
# Allow from local network # Allow from local network
"192.168.178.0/24 allow" "192.168.178.0/24 allow"
"fd00:b12f:acab:1312:acab::/64 allow" "2a02:908:5b1:e3c0::/64 allow"
# Allow from wireguard # Allow from wireguard
"192.168.178.0/24 allow" "10.13.12.0/24 allow"
"fd00:b12f:acab:1312::/64 allow" "fd00:b12f:acab:1312::/64 allow"
]; ];
local-zone = [ local-zone = [
@ -66,16 +66,7 @@
"\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\"" "\"brwb8763f64a364.local. 10800 IN A 192.168.178.4\""
"\"pie.local. 10800 IN A 192.168.178.2\"" "\"pie.local. 10800 IN A 192.168.178.2\""
"\"pie.local. 10800 IN AAAA fd00:b12f:acab:1312:acab:2::\"" "\"pie.local. 10800 IN AAAA 2a02:908:5b1:e3c0:2::\""
"\"pie.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly.b12f.io. 10800 IN A 192.168.178.2\""
"\"firefly-importer.b12f.io. 10800 IN A 192.168.178.2\""
"\"paperless.b12f.io. 10800 IN A 192.168.178.2\""
"\"invoicing.b12f.io. 10800 IN A 192.168.178.2\""
"\"auth.b12f.io. 10800 IN A 192.168.178.2\""
"\"droppie.b12f.io. 10800 IN A 192.168.178.3\""
"\"media.b12f.io. 10800 IN A 192.168.178.3\""
"\"fritz.box. 10800 IN A 192.168.178.1\"" "\"fritz.box. 10800 IN A 192.168.178.1\""
"\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\"" "\"fritz.box. 10800 IN AAAA fd00::3ea6:2fff:fe57:30b0\""
@ -88,7 +79,7 @@
{ {
name = "."; name = ".";
forward-addr = [ forward-addr = [
"192.168.178.7" "10.13.12.7"
"fd00:b12f:acab:1312:acab:7::" "fd00:b12f:acab:1312:acab:7::"
]; ];
} }
@ -103,4 +94,5 @@
}; };
}; };
}; };
} }

3
hosts/pie/wake-droppie.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [

19
hosts/stroopwafel/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d amdgpu_bl0 set +10%; notify-send $(brightnessctl -d amdgpu_bl0 i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d amdgpu_bl0 set 10%-; notify-send $(brightnessctl -d amdgpu_bl0 i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

7
hosts/stroopwafel/configuration.nix
View file

@ -17,9 +17,9 @@ in {
boot.initrd.preLVMCommands = "udevadm trigger --settle"; boot.initrd.preLVMCommands = "udevadm trigger --settle";
boot.swraid.enable = true; boot.swraid.enable = true;
boot.swraid.mdadmConf = '' boot.swraid.mdadmConf = ''
DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2 DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2
ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd
MAILADDR ${psCfg.user.email} MAILADDR ${psCfg.user.email}
''; '';
pub-solar.core.hibernation.enable = true; pub-solar.core.hibernation.enable = true;
@ -32,6 +32,7 @@ in {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf; "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
}; };
}; };

2
hosts/stroopwafel/default.nix
View file

@ -1,4 +1,4 @@
{...}: { { ... }: {
imports = [ imports = [
./configuration.nix ./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix

78
hosts/stroopwafel/hardware-configuration.nix
View file

@ -1,59 +1,55 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; {
boot.initrd.kernelModules = ["dm-snapshot"]; imports =
boot.kernelModules = ["kvm-amd"]; [ (modulesPath + "/installer/scan/not-detected.nix")
boot.extraModulePackages = []; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."cryptroot" = { boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-id/md-name-nixos:root"; device = "/dev/disk/by-id/md-name-nixos:root";
allowDiscards = true; allowDiscards = true;
}; };
fileSystems."/" = { fileSystems."/" =
device = "none"; { device = "none";
fsType = "tmpfs"; fsType = "tmpfs";
}; };
fileSystems."/boot" = { fileSystems."/boot" =
device = "/dev/disk/by-uuid/EC82-67F4"; { device = "/dev/disk/by-uuid/EC82-67F4";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home" = { fileSystems."/home" =
device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9"; { device = "/dev/disk/by-uuid/0cc568f0-402d-4535-980a-ed3a1dc697b9";
fsType = "ext4"; fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true; neededForBoot = true;
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de"; { device = "/dev/disk/by-uuid/e203d629-4d34-4147-bee6-919f0bfa25de";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/persist" = { fileSystems."/persist" =
device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f"; { device = "/dev/disk/by-uuid/a0855aaa-76bf-445e-b0d1-ab1552e5496f";
fsType = "ext4"; fsType = "ext4";
# https://github.com/ryantm/agenix/issues/45#issuecomment-957865406 # https://github.com/ryantm/agenix/issues/45#issuecomment-957865406
neededForBoot = true; neededForBoot = true;
}; };
swapDevices = [ swapDevices =
{device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470";} [ { device = "/dev/disk/by-uuid/761507ab-479d-414b-ac3e-2149564ca470"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

21
hosts/stroopwafel/networking.nix
View file

@ -6,7 +6,7 @@
... ...
}: { }: {
networking.hostName = "stroopwafel"; networking.hostName = "stroopwafel";
networking.wireless.iwd.enable = true; networking.networkmanager.wifi.backend = "wpa_supplicant";
age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-stroopwafel.age"; age.secrets.wg-private-key.file = "${flake.self}/secrets/wg-private-stroopwafel.age";
@ -41,23 +41,4 @@
]; ];
privateKeyFile = config.age.secrets.wg-pub-solar-key.path; privateKeyFile = config.age.secrets.wg-pub-solar-key.path;
}; };
age.secrets.wg-momo-key.file = "${flake.self}/secrets/wg-momo-stroopwafel.age";
pub-solar.wireguard.momo = {
ownIPs = [
"10.30.30.200/32"
"fd00:3030:3030:3030:3030:200::/96"
];
privateKeyFile = config.age.secrets.wg-momo-key.path;
};
age.secrets.wg-ehex-key.file = "${flake.self}/secrets/wg-ehex-stroopwafel.age";
pub-solar.wireguard.ehex = {
ownIPs = [
"10.42.0.135/22"
];
privateKeyFile = config.age.secrets.wg-ehex-key.path;
};
} }

2
hosts/stroopwafel/openstreetmap.nix
View file

@ -6,7 +6,7 @@
... ...
}: { }: {
services.openstreetmap = { services.openstreetmap = {
enable = true; enable = false;
debug = true; debug = true;
totalRamGb = 14; totalRamGb = 14;
}; };

3
lib/add-local-hostname.nix
View file

@ -1,4 +1,5 @@
{lib}: hostnames: { { lib }:
hostnames: {
"127.0.0.1" = hostnames; "127.0.0.1" = hostnames;
"::1" = hostnames; "::1" = hostnames;
} }

8
lib/default.nix
View file

@ -1,8 +1,4 @@
{ { lib, inputs, ... }: {
lib,
inputs,
...
}: {
# Configuration common to all Linux systems # Configuration common to all Linux systems
flake = { flake = {
lib = let lib = let
@ -14,7 +10,7 @@
#foo = callLibs ./foo.nix; #foo = callLibs ./foo.nix;
## In configs, they can be used under "lib.our" ## In configs, they can be used under "lib.our"
deploy = import ./deploy.nix {inherit inputs lib;}; deploy = import ./deploy.nix { inherit inputs lib; };
addLocalHostname = callLibs ./add-local-hostname.nix; addLocalHostname = callLibs ./add-local-hostname.nix;
recursiveMerge = callLibs ./recursive-merge.nix; recursiveMerge = callLibs ./recursive-merge.nix;
mkEmailAddress = account: domain: account + "@" + domain; mkEmailAddress = account: domain: account + "@" + domain;

85
lib/deploy.nix
View file

@ -1,13 +1,11 @@
/* /*
* The contents of this file are adapted from digga * The contents of this file are adapted from digga
* https://github.com/divnix/digga * https://github.com/divnix/digga
* *
* Licensed under the MIT license * Licensed under the MIT license
*/ */
{
lib, { lib, inputs }: let
inputs,
}: let
getFqdn = c: let getFqdn = c: let
net = c.config.networking; net = c.config.networking;
fqdn = fqdn =
@ -19,60 +17,43 @@
in { in {
mkDeployNodes = systemConfigurations: extraConfig: mkDeployNodes = systemConfigurations: extraConfig:
/* /*
* *
Synopsis: mkNodes _systemConfigurations_ _extraConfig_ Synopsis: mkNodes _systemConfigurations_ _extraConfig_
Generate the `nodes` attribute expected by deploy-rs Generate the `nodes` attribute expected by deploy-rs
where _systemConfigurations_ are `nodes`. where _systemConfigurations_ are `nodes`.
_systemConfigurations_ should take the form of a flake's _systemConfigurations_ should take the form of a flake's
_nixosConfigurations_. Note that deploy-rs does not currently support _nixosConfigurations_. Note that deploy-rs does not currently support
deploying to darwin hosts. deploying to darwin hosts.
_extraConfig_, if specified, will be merged into each of the _extraConfig_, if specified, will be merged into each of the
nodes' configurations. nodes' configurations.
Example _systemConfigurations_ input: Example _systemConfigurations_ input:
``` ```
{ {
hostname-1 = { hostname-1 = {
fastConnection = true; fastConnection = true;
sshOpts = [ "-p" "25" ]; sshOpts = [ "-p" "25" ];
}; };
hostname-2 = { hostname-2 = {
sshOpts = [ "-p" "19999" ]; sshOpts = [ "-p" "19999" ];
sshUser = "root"; sshUser = "root";
}; };
} }
``` ```
* *
*/ */
lib.recursiveUpdate lib.recursiveUpdate
(lib.mapAttrs (lib.mapAttrs
( (
_: c: let _: c: {
system = c.pkgs.stdenv.hostPlatform.system;
# Unmodified nixpkgs
pkgs = import inputs.nixpkgs {inherit system;};
# nixpkgs with deploy-rs overlay but force the nixpkgs package
deployPkgs = import inputs.nixpkgs {
inherit system;
overlays = [
inputs.deploy-rs.overlay # or deploy-rs.overlays.default
(self: super: {
deploy-rs = {
inherit (pkgs) deploy-rs;
lib = super.deploy-rs.lib;
};
})
];
};
in {
hostname = getFqdn c; hostname = getFqdn c;
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = deployPkgs.deploy-rs.lib.activate.nixos c; path = inputs.deploy-rs.lib.${c.pkgs.stdenv.hostPlatform.system}.activate.nixos c;
}; };
} }
) )

6
lib/recursive-merge.nix
View file

@ -1,4 +1,6 @@
{lib}: attrList: let { lib }:
attrList:
let
f = attrPath: f = attrPath:
zipAttrsWith ( zipAttrsWith (
n: values: n: values:
@ -11,4 +13,4 @@
else last values else last values
); );
in in
f [] attrList f [] attrList;

1
modules/audio/default.nix
View file

@ -20,6 +20,7 @@ in {
# Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?)
pulseaudio pulseaudio
vimpc vimpc
spotify-tui
]; ];
}; };

12
modules/bluetooth/default.nix
View file

@ -23,18 +23,6 @@
}; };
services.blueman.enable = true; services.blueman.enable = true;
home-manager.users."${config.pub-solar.user.name}" = {
services.blueman-applet.enable = true;
systemd.user.services.blueman-applet = {
Unit = {
BindsTo = ["sway-session.target"];
After = lib.mkForce ["sway-session.target"];
Requires = lib.mkForce [ ];
};
Install.WantedBy = [ "sway-session.target" ];
};
};
environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = { environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = {
text = '' text = ''
bluez_monitor.properties = { bluez_monitor.properties = {

2
modules/core/boot.nix
View file

@ -12,7 +12,7 @@ in {
loader.systemd-boot.enable = lib.mkDefault true; loader.systemd-boot.enable = lib.mkDefault true;
# Use latest LTS linux kernel by default # Use latest LTS linux kernel by default
kernelPackages = pkgs.linuxPackages_6_6_hardened; kernelPackages = lib.mkDefault pkgs.linuxPackages_6_7_hardened;
# Support ntfs drives # Support ntfs drives
supportedFilesystems = ["ntfs"]; supportedFilesystems = ["ntfs"];

6
modules/core/networking.nix
View file

@ -10,8 +10,8 @@
systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false;
networking.hosts = { networking.hosts = {
"128.140.109.213" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ]; "128.140.109.213" = [ "vpn.b12f.io" ];
"2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" "frikandel-initrd.b12f.io" ]; "2a01:4f8:c2c:b60::" = [ "vpn.b12f.io" ];
}; };
networking.networkmanager = { networking.networkmanager = {
@ -38,7 +38,7 @@
}; };
# Don't expose SSH via public interfaces # Don't expose SSH via public interfaces
networking.firewall.interfaces.wg-private.allowedTCPPorts = [22]; networking.firewall.interfaces.wg-private.allowedTCPPorts = [ 22 ];
# For rage encryption, all hosts need a ssh key pair # For rage encryption, all hosts need a ssh key pair
services.openssh = { services.openssh = {

2
modules/crypto/default.nix
View file

@ -24,7 +24,7 @@ in {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
enableExtraSocket = true; enableExtraSocket = true;
pinentryPackage = pkgs.pinentry-gnome3; pinentryFlavor = "gnome3";
}; };
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {

7
modules/desktop-extended/default.nix
View file

@ -29,6 +29,13 @@ in {
element-desktop element-desktop
element-b12f element-b12f
element-mezza element-mezza
# Nix specific utilities
alejandra
manix
nix-index
nix-tree
nvd
]; ];
fonts = { fonts = {

15
modules/graphical/.config/user-dirs.dirs Normal file
View file

@ -0,0 +1,15 @@
# This file is written by xdg-user-dirs-update
# If you want to change or add directories, just edit the line you're
# interested in. All local changes will be retained on the next run.
# Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped
# homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an
# absolute path. No other format is supported.
XDG_DESKTOP_DIR="$HOME/"
XDG_DOWNLOAD_DIR="$HOME/Downloads"
XDG_TEMPLATES_DIR="$HOME/Templates"
XDG_PUBLICSHARE_DIR="$HOME/Public"
XDG_DOCUMENTS_DIR="$HOME/"
XDG_MUSIC_DIR="$HOME/"
XDG_PICTURES_DIR="$HOME/"
XDG_VIDEOS_DIR="$HOME/"

17
modules/graphical/.config/waybar/style.css
View file

@ -1,3 +1,20 @@
@define-color base00 #1a181a;
@define-color base01 #2d2a2e;
@define-color base02 #303030;
@define-color base03 #949494;
@define-color base04 #d3d1d4;
@define-color base05 #e3e1e4;
@define-color base06 #303030;
@define-color base07 #ff5f5f;
@define-color base08 #f85e84;
@define-color base09 #df5923;
@define-color base0A #e5c463;
@define-color base0B #9ecd6f;
@define-color base0C #ef9062;
@define-color base0D #7accd7;
@define-color base0E #ab9df2;
@define-color base0F #d70000;
* { * {
min-height: 0; min-height: 0;
border: none; border: none;

18
modules/graphical/.config/xsettingsd/xsettingsd.conf Normal file
View file

@ -0,0 +1,18 @@
Gtk/ButtonImages 1
Gtk/CanChangeAccels 1
Gtk/CursorThemeName "default"
Gtk/CursorThemeSize 0
Gtk/EnableEventSounds 0
Gtk/EnableInputFeedbackSounds 0
Gtk/FontName "Lato"
Gtk/ThemeName "Matcha-dark-aliz"
Gtk/IconThemeName "Papirus-Adapta-Nokto-Maia"
Gtk/MenuBarAccel "F10"
Gtk/MenuImages 1
Gtk/ToolbarIconSize 3
Gtk/ToolbarStyle "icons"
Xft/Antialias 1
Xft/DPI 102400
Xft/Hinting 1
Xft/HintStyle "hintslight"
Xft/RGBA "rgb"

19
modules/graphical/.xinitrc
View file

@ -9,6 +9,8 @@ usermodmap=$HOME/.config/xmodmap
sysresources=/etc/X11/xinit/.Xresources sysresources=/etc/X11/xinit/.Xresources
sysmodmap=/etc/X11/xinit/.Xmodmap sysmodmap=/etc/X11/xinit/.Xmodmap
DEFAULT_SESSION='i3 --shmlog-size 0'
xset -b xset -b
if [ -d $HOME/.fonts ]; then if [ -d $HOME/.fonts ]; then
@ -46,8 +48,23 @@ fi
get_session(){ get_session(){
local dbus_args=(--sh-syntax --exit-with-session) local dbus_args=(--sh-syntax --exit-with-session)
case $1 in case $1 in
awesome) dbus_args+=(awesome) ;;
bspwm) dbus_args+=(bspwm-session) ;;
budgie) dbus_args+=(budgie-desktop) ;;
cinnamon) dbus_args+=(cinnamon-session) ;;
deepin) dbus_args+=(startdde) ;;
enlightenment) dbus_args+=(enlightenment_start) ;;
fluxbox) dbus_args+=(startfluxbox) ;;
gnome) dbus_args+=(gnome-session) ;;
i3|i3wm) dbus_args+=(i3 --shmlog-size 0) ;; i3|i3wm) dbus_args+=(i3 --shmlog-size 0) ;;
*) dbus_args+=(sway) ;; jwm) dbus_args+=(jwm) ;;
kde) dbus_args+=(startkde) ;;
lxde) dbus_args+=(startlxde) ;;
lxqt) dbus_args+=(lxqt-session) ;;
mate) dbus_args+=(mate-session) ;;
xfce) dbus_args+=(xfce4-session) ;;
openbox) dbus_args+=(openbox-session) ;;
*) dbus_args+=($DEFAULT_SESSION) ;;
esac esac
echo "dbus-launch ${dbus_args[*]}" echo "dbus-launch ${dbus_args[*]}"

68
modules/graphical/alacritty.nix
View file

@ -1,6 +1,6 @@
{ flake, ...}: with flake.self.theme.with0x; { {
env = { env = {
TERM = "xterm-direct"; TERM = "xterm-256color";
}; };
window = { window = {
@ -30,6 +30,9 @@
multiplier = 3; multiplier = 3;
}; };
# When true, bold text is drawn using the bright variant of colors.
draw_bold_text_with_bright_colors = true;
font = { font = {
# The normal (roman) font face to use. # The normal (roman) font face to use.
normal = { normal = {
@ -65,7 +68,7 @@
}; };
}; };
keyboard.bindings = [ key_bindings = [
{ {
key = "V"; key = "V";
mods = "Control|Alt"; mods = "Control|Alt";
@ -159,13 +162,10 @@
# Base16 Burn 256 - alacritty color config # Base16 Burn 256 - alacritty color config
# Benjamin Bädorf # Benjamin Bädorf
colors = { colors = {
# When true, bold text is drawn using the bright variant of colors.
draw_bold_text_with_bright_colors = true;
# Default colors # Default colors
primary = { primary = {
background = base00; background = "0x1a181a";
foreground = base05; foreground = "0xe3e1e4";
}; };
# Cursor colors # Cursor colors
@ -184,8 +184,8 @@
# Allowed values are CellForeground/CellBackground, which reference the # Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff. # affected cell, or hexadecimal colors like #ff00ff.
matches = { matches = {
foreground = base0A; foreground = "0xe5c463";
background = base00; background = "0x1a181a";
}; };
focused_match = { focused_match = {
foreground = "CellBackground"; foreground = "CellBackground";
@ -203,58 +203,58 @@
# Allowed values are CellForeground/CellBackground, which reference the # Allowed values are CellForeground/CellBackground, which reference the
# affected cell, or hexadecimal colors like #ff00ff. # affected cell, or hexadecimal colors like #ff00ff.
selection = { selection = {
text = base00; text = "0x1a181a";
background = base08; background = "0xf85e84";
}; };
# Normal colors # Normal colors
normal = { normal = {
black = base00; black = "0x1a181a";
red = base09; red = "0xf85e84";
green = base0B; green = "0x9ecd6f";
yellow = base0A; yellow = "0xe5c463";
blue = base0D; blue = "0x7accd7";
magenta = base0E; magenta = "0xab9df2";
cyan = base0C; cyan = "0xef9062";
white = base05; white = "0xe3e1e4";
}; };
# Bright colors # Bright colors
bright = { bright = {
black = base00; black = "0x949494";
red = base0F; red = "0xf85e84";
green = base0B; green = "0x9ecd6f";
yellow = base0A; yellow = "0xe5c463";
blue = base0D; blue = "0x7accd7";
magenta = base0E; magenta = "0xab9df2";
cyan = base0C; cyan = "0xef9062";
white = base05; white = "0xff5f5f";
}; };
indexed_colors = [ indexed_colors = [
{ {
index = 16; index = 16;
color = base09; color = "0xdf5923";
} }
{ {
index = 17; index = 17;
color = base0F; color = "0xd70000";
} }
{ {
index = 18; index = 18;
color = base01; color = "0x2d2a2e";
} }
{ {
index = 19; index = 19;
color = base02; color = "0x303030";
} }
{ {
index = 20; index = 20;
color = base04; color = "0xd3d1d4";
} }
{ {
index = 21; index = 21;
color = base02; color = "0x303030";
} }
]; ];
}; };

58
modules/graphical/default.nix
View file

@ -1,4 +1,4 @@
args@{ {
lib, lib,
config, config,
pkgs, pkgs,
@ -6,7 +6,7 @@ args@{
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
tomlFormat = pkgs.formats.toml {}; yamlFormat = pkgs.formats.yaml {};
sessionVariables = { sessionVariables = {
WLR_RENDERER = WLR_RENDERER =
if psCfg.graphical.wayland.software-renderer.enable if psCfg.graphical.wayland.software-renderer.enable
@ -45,16 +45,26 @@ in {
glib glib
xdg-utils xdg-utils
xorg.xbacklight
desktop-file-utils
]; ];
etc = {
"xdg/PubSolar.conf".text = ''
[Qt]
style=GTK+
'';
};
variables = sessionVariables; variables = sessionVariables;
}; };
services.getty.autologinUser = psCfg.user.name; services.getty.autologinUser = psCfg.user.name;
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
# Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME # Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME
programs.dconf.enable = true; programs.dconf.enable = true;
services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon]; services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon];
@ -82,45 +92,31 @@ in {
users.users."${psCfg.user.name}".packages = with pkgs; [ users.users."${psCfg.user.name}".packages = with pkgs; [
alacritty alacritty
firefox-wayland
flameshot
gnome.adwaita-icon-theme gnome.adwaita-icon-theme
gnome.eog gnome.eog
gnome.nautilus gnome.nautilus
gnome.seahorse gnome.seahorse
gnome.yelp gnome.yelp
hicolor-icon-theme
keepassxc keepassxc
libnotify libnotify
toggle-kbd-layout toggle-kbd-layout
vlc vlc
wcwd wcwd
wdisplays
wl-mirror
]; ];
qt = {
enable = true;
platformTheme = "gtk2";
style = "gtk2";
};
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
home.file."xinitrc".source = ./.xinitrc; home.file."xinitrc".source = ./.xinitrc;
xdg.configFile."alacritty/alacritty.toml".source = tomlFormat.generate "alacritty.toml" ((import ./alacritty.nix) args); xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix);
xdg.configFile."xmodmap".source = ./.config/xmodmap; xdg.configFile."xmodmap".source = ./.config/xmodmap;
xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs;
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale; xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf; xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
programs.firefox = {
enable = true;
package = pkgs.firefox-wayland;
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
gtk = { gtk = {
enable = true; enable = true;
font.name = "Lato"; font.name = "Lato";
@ -138,21 +134,13 @@ in {
gtk-xft-hinting = "1"; gtk-xft-hinting = "1";
gtk-xft-hintstyle = "hintfull"; gtk-xft-hintstyle = "hintfull";
gtk-xft-rgba = "rgb"; gtk-xft-rgba = "rgb";
gtk-application-prefer-dark-theme = "1"; gtk-application-prefer-dark-theme = "true";
}; };
}; };
xresources.extraConfig = builtins.readFile ./.Xdefaults; xresources.extraConfig = builtins.readFile ./.Xdefaults;
services.network-manager-applet.enable = true; systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs;
systemd.user.services.network-manager-applet = {
Unit = {
BindsTo = ["sway-session.target"];
After = lib.mkForce ["sway-session.target"];
Requires = lib.mkForce [ ];
};
Install.WantedBy = [ "sway-session.target" ];
};
home.sessionVariables = sessionVariables; home.sessionVariables = sessionVariables;
systemd.user.sessionVariables = sessionVariables; systemd.user.sessionVariables = sessionVariables;

15
modules/graphical/mako.nix
View file

@ -2,7 +2,6 @@
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
@ -11,20 +10,20 @@ in {
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
services.mako = { services.mako = {
enable = true; enable = true;
extraConfig = with flake.self.theme.withHashtag; '' extraConfig = ''
padding=10 padding=10
margin=5,5,0 margin=5,5,0
default-timeout=5000 default-timeout=5000
background-color=${base00} background-color=#1a181a
text-color=${base05} text-color=#e3e1e4
border-color=${base07} border-color=#ff5f5f
font=Hack 14 font=Hack 14
[urgency=high] [urgency=high]
background-color=${base07} background-color=#ff5f5f
text-color=${base00} text-color=#1a181a
border-color=${base00} border-color=#1a181a
layer=overlay layer=overlay
font=Hack 14 font=Hack 14
''; '';

19
modules/graphical/sway/config/config.d/colorscheme.conf Normal file
View file

@ -0,0 +1,19 @@
## Base16 Burn
# Author: Benjamin Bädorf
set $base00 #1a181a
set $base01 #2d2a2e
set $base02 #303030
set $base03 #949494
set $base04 #d3d1d4
set $base05 #e3e1e4
set $base06 #303030
set $base07 #ff5f5f
set $base08 #f85e84
set $base09 #df5923
set $base0A #e5c463
set $base0B #9ecd6f
set $base0C #ef9062
set $base0D #7accd7
set $base0E #ab9df2
set $base0F #d70000

54
modules/graphical/sway/config/config.d/custom-keybindings.conf
View file

@ -1,33 +1,43 @@
# launch categorized menu
bindsym $mod+z exec --no-startup-id morc_menu
# switch keyboard input language # switch keyboard input language
bindsym $mod+tab exec toggle-kbd-layout bindsym $mod+tab exec toggle-kbd-layout
# Screen capturing ################################################################################################
## sound-section - ##
################################################################################################
bindsym $mod+Ctrl+m exec pavucontrol
################################################################################################
# Quickstart application shortcuts
bindsym $mod+F1 exec psos help
bindsym $mod+Shift+h exec psos help
bindsym $mod+F2 exec firefox
bindsym $mod+F4 exec nautilus -w
bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
bindsym $mod+Shift+m exec qMasterPassword
# Screenshots and screen recordings
bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Shift+p exec grim -g "$(slurp -d -b \#ffffff11 -o)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png
bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )"
bindsym $mod+Ctrl+r exec record-screen bindsym $mod+Ctrl+r exec record-screen
bindsym $mod+Shift+r exec record-screen fullscreen
# Launcher # Launcher
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
bindsym $mod+Space exec $menu bindsym $mod+Space exec $menu
# Pulse Audio controls set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
bindsym $mod+Ctrl+m exec pavucontrol bindsym $mod+Num_Lock mode "$mode_vncclient"
bindsym $mod+Shift+Escape mode "$mode_vncclient"
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #increase sound volume mode "$mode_vncclient" {
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 #decrease sound volume bindsym $mod+Num_Lock mode "default"
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle # mute sound bindsym $mod+Shift+Escape mode "default"
}
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl set +10%"
bindsym XF86MonBrightnessDown exec "brightnessctl set 10%-"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 33%-"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +33%"

1
modules/graphical/sway/config/config.d/keepalive.conf
View file

@ -1 +0,0 @@
for_window [app_id=".*"] inhibit_idle fullscreen

65
modules/graphical/sway/config/config.d/mode_system.conf.nix
View file

@ -1,39 +1,40 @@
{ {
pkgs, pkgs,
config, psCfg,
... ...
}: with pkgs; '' }: with pkgs;
# Set shut down, restart and locking features ''
# Set shut down, restart and locking features
''
+ (
if psCfg.core.hibernation.enable
then ''
set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown
'' ''
+ ( else ''
if config.pub-solar.core.hibernation.enable set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown
then '' ''
set $mode_system (e)xit, (l)ock, (h)ibernate, (r)eboot, (Shift+s)hutdown )
'' + ''
else '' bindsym $mod+0 mode "$mode_system"
set $mode_system (e)xit, (l)ock, (r)eboot, (Shift+s)hutdown
''
)
+ ''
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" { mode "$mode_system" {
bindsym e exec ${sway}/bin/swaymsg exit, mode "default" bindsym e exec ${sway}/bin/swaymsg exit, mode "default"
bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default" bindsym l exec ${swaylock-bg}/bin/swaylock-bg, mode "default"
''
+ (
if psCfg.core.hibernation.enable
then ''
bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default"
'' ''
+ ( else ""
if config.pub-solar.core.hibernation.enable )
then '' + ''
bindsym h exec ${systemd}/bin/systemctl hibernate, mode "default" bindsym r exec ${systemd}/bin/systemctl reboot, mode "default"
'' bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default"
else ""
)
+ ''
bindsym r exec ${systemd}/bin/systemctl reboot, mode "default"
bindsym Shift+s exec ${systemd}/bin/systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape" # exit system mode: "Enter" or "Escape"
bindsym Return mode "default" bindsym Return mode "default"
bindsym Escape mode "default" bindsym Escape mode "default"
} }
'' ''

21
modules/graphical/sway/config/config.d/theme.conf.nix → modules/graphical/sway/config/config.d/theme.conf
View file

@ -1,21 +1,3 @@
{ flake, ... }: with flake.self.theme.withHashtag; ''
set $base00 ${base00}
set $base01 ${base01}
set $base02 ${base02}
set $base03 ${base03}
set $base04 ${base04}
set $base05 ${base05}
set $base06 ${base06}
set $base07 ${base07}
set $base08 ${base08}
set $base09 ${base09}
set $base0A ${base0A}
set $base0B ${base0B}
set $base0C ${base0C}
set $base0D ${base0D}
set $base0E ${base0E}
set $base0F ${base0F}
# Border BG Text Ind Child Border # Border BG Text Ind Child Border
client.focused $base00 $base01 $base07 $base0D $base07 client.focused $base00 $base01 $base07 $base0D $base07
client.focused_inactive $base00 $base01 $base07 $base03 $base00 client.focused_inactive $base00 $base01 $base07 $base03 $base00
@ -32,6 +14,3 @@ exec_always import-gtk-settings \
# Workaround to fix cursor scaling, see https://github.com/swaywm/sway/issues/4112 # Workaround to fix cursor scaling, see https://github.com/swaywm/sway/issues/4112
seat seat0 xcursor_theme Adwaita seat seat0 xcursor_theme Adwaita
output * bg ~/.config/wallpaper.jpg fill
''

382
modules/graphical/sway/config/config.nix
View file

@ -1,227 +1,217 @@
args@{ {
config, config,
pkgs, pkgs,
... ...
}: let }: ''
applications = builtins.readFile ./config.d/applications.conf; # Default config for sway
custom-keybindings = builtins.readFile ./config.d/custom-keybindings.conf; #
gaps = builtins.readFile ./config.d/gaps.conf; # Copy this to ~/.config/sway/config and edit it to your liking.
mode-system = import ./config.d/mode_system.conf.nix args; #
systemd = builtins.readFile ./config.d/systemd.conf; # Read `man 5 sway` for a complete reference.
theme = import ./config.d/theme.conf.nix args;
in ''
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
### Variables ### Variables
# #
# Logo key. Use Mod1 for Alt. # Logo key. Use Mod1 for Alt.
set $mod Mod4 set $mod Mod4
# Home row direction keys, like vim # Home row direction keys, like vim
set $left j set $left j
set $down k set $down k
set $up i set $up i
set $right l set $right l
# Your preferred terminal emulator # Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher # Your preferred application launcher
# Note: pass the final command to swaymsg so that the resulting window can be opened # Note: pass the final command to swaymsg so that the resulting window can be opened
# on the original workspace that the command was run on. # on the original workspace that the command was run on.
#set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap #set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap
default_border pixel 1 default_border pixel 1
### Key bindings ### Output configuration
# #
# Basics: # Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/)
# output * bg ~/.config/wallpaper.jpg fill
# Start a terminal
bindsym $mod+Return exec $term
# Start a terminal ### Key bindings
bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)' #
# Basics:
#
# Start a terminal
bindsym $mod+Return exec $term
# Kill focused window # Start a terminal
bindsym $mod+Shift+q kill bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)'
# Drag floating windows by holding down $mod and left mouse button. # Kill focused window
# Resize them with right mouse button + $mod. bindsym $mod+Shift+q kill
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Reload the configuration file # Drag floating windows by holding down $mod and left mouse button.
bindsym $mod+F5 reload # Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# # Reload the configuration file
# Moving around: bindsym $mod+F5 reload
#
# Move your focus around
bindsym $mod+$left focus left
bindsym $mod+$down focus down
bindsym $mod+$up focus up
bindsym $mod+$right focus right
# Or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift #
bindsym $mod+Shift+$left move left # Moving around:
bindsym $mod+Shift+$down move down #
bindsym $mod+Shift+$up move up # Move your focus around
bindsym $mod+Shift+$right move right bindsym $mod+$left focus left
# Ditto, with arrow keys bindsym $mod+$down focus down
bindsym $mod+Shift+Left move left bindsym $mod+$up focus up
bindsym $mod+Shift+Down move down bindsym $mod+$right focus right
bindsym $mod+Shift+Up move up # Or use $mod+[up|down|left|right]
bindsym $mod+Shift+Right move right bindsym $mod+Left focus left
# bindsym $mod+Down focus down
# Workspaces: bindsym $mod+Up focus up
# bindsym $mod+Right focus right
# Move the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# Ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# Workspace names # Workspace names
# to display names or symbols instead of plain workspace numbers you can use # to display names or symbols instead of plain workspace numbers you can use
# something like: set $ws1 1:mail # something like: set $ws1 1:mail
# set $ws2 2: # set $ws2 2:
set $ws1 1 set $ws1 1
set $ws2 2 set $ws2 2
set $ws3 3 set $ws3 3
set $ws4 4 set $ws4 4
set $ws5 5 set $ws5 5
set $ws6 6 set $ws6 6
set $ws7 7 set $ws7 7
set $ws8 8 set $ws8 8
set $ws9 9 set $ws9 9
# Switch to workspace # Switch to workspace
bindsym $mod+1 workspace 1 bindsym $mod+1 workspace 1
bindsym $mod+2 workspace 2 bindsym $mod+2 workspace 2
bindsym $mod+3 workspace 3 bindsym $mod+3 workspace 3
bindsym $mod+4 workspace 4 bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5 bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6 bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7 bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8 bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9 bindsym $mod+9 workspace 9
# Move focused container to workspace # Move focused container to workspace
bindsym $mod+Ctrl+1 move container to workspace $ws1 bindsym $mod+Ctrl+1 move container to workspace $ws1
bindsym $mod+Ctrl+2 move container to workspace $ws2 bindsym $mod+Ctrl+2 move container to workspace $ws2
bindsym $mod+Ctrl+3 move container to workspace $ws3 bindsym $mod+Ctrl+3 move container to workspace $ws3
bindsym $mod+Ctrl+4 move container to workspace $ws4 bindsym $mod+Ctrl+4 move container to workspace $ws4
bindsym $mod+Ctrl+5 move container to workspace $ws5 bindsym $mod+Ctrl+5 move container to workspace $ws5
bindsym $mod+Ctrl+6 move container to workspace $ws6 bindsym $mod+Ctrl+6 move container to workspace $ws6
bindsym $mod+Ctrl+7 move container to workspace $ws7 bindsym $mod+Ctrl+7 move container to workspace $ws7
bindsym $mod+Ctrl+8 move container to workspace $ws8 bindsym $mod+Ctrl+8 move container to workspace $ws8
bindsym $mod+Ctrl+9 move container to workspace $ws9 bindsym $mod+Ctrl+9 move container to workspace $ws9
# Move focused container to workspace and move focus with it # Move focused container to workspace and move focus with it
bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1 bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1
bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2 bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2
bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3 bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3
bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4 bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4
bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5 bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5
bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6 bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6
bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7 bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7
bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8 bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8
bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9 bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9
# Note: workspaces can have any name you want, not just numbers. # Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default. # We just use 1-10 as the default.
#navigate workspaces next / previous #navigate workspaces next / previous
bindsym $mod+Ctrl+Right workspace next bindsym $mod+Ctrl+Right workspace next
bindsym $mod+Ctrl+Left workspace prev bindsym $mod+Ctrl+Left workspace prev
# workspace back and forth (with/without active container) # workspace back and forth (with/without active container)
workspace_auto_back_and_forth yes workspace_auto_back_and_forth yes
bindsym $mod+b workspace back_and_forth bindsym $mod+b workspace back_and_forth
bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth
# #
# Layout stuff: # Layout stuff:
# #
# Configure border style <normal|1pixel|pixel xx|none|pixel> # Configure border style <normal|1pixel|pixel xx|none|pixel>
default_border pixel 1 default_border pixel 1
default_floating_border normal default_floating_border normal
# Hide borders # Hide borders
hide_edge_borders none hide_edge_borders none
# Font for window titles. Will also be used by the bar unless a different font # Font for window titles. Will also be used by the bar unless a different font
# is used in the bar {} block below. # is used in the bar {} block below.
font xft:Hack 16 font xft:Hack 16
# You can "split" the current object of your focus with # You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits # $mod+b or $mod+v, for horizontal and vertical splits
# respectively. # respectively.
bindsym $mod+h splith; exec notify-send 'tile horizontally' bindsym $mod+h splith; exec notify-send 'tile horizontally'
bindsym $mod+v splitv; exec notify-send 'tile vertically' bindsym $mod+v splitv; exec notify-send 'tile vertically'
# Switch the current container between different layout styles # Switch the current container between different layout styles
bindsym $mod+s layout stacking bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split bindsym $mod+e layout toggle split
# Make the current focus fullscreen # Make the current focus fullscreen
bindsym $mod+f fullscreen bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode # Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area # Swap focus between the tiling area and the floating area
bindsym $mod+t focus mode_toggle bindsym $mod+t focus mode_toggle
# Move focus to the parent container # Move focus to the parent container
bindsym $mod+a focus parent bindsym $mod+a focus parent
bindsym $mod+d focus child bindsym $mod+d focus child
# #
# Scratchpad: # Scratchpad:
# #
# Sway has a "scratchpad", which is a bag of holding for windows. # Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later. # You can send windows there and get them back later.
# Move the currently focused window to the scratchpad # Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window. # Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them. # If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show bindsym $mod+minus scratchpad show
# #
# Resizing containers: # Resizing containers:
# #
mode "resize" { mode "resize" {
# left will shrink the containers width # left will shrink the containers width
# right will grow the containers width # right will grow the containers width
# up will shrink the containers height # up will shrink the containers height
# down will grow the containers height # down will grow the containers height
bindsym $left resize shrink width 10px bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px bindsym $right resize grow width 10px
# Ditto, with arrow keys # Ditto, with arrow keys
bindsym Left resize shrink width 10px bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px bindsym Right resize grow width 10px
# Return to default mode # Return to default mode
bindsym Return mode "default" bindsym Return mode "default"
bindsym Escape mode "default" bindsym Escape mode "default"
} }
bindsym $mod+r mode "resize" bindsym $mod+r mode "resize"
${applications} include ~/.config/sway/config.d/*''
${gaps}
${custom-keybindings}
${mode-system}
${systemd}
${theme}
include ~/.config/sway/config.d/*
''

44
modules/graphical/sway/default.nix
View file

@ -1,4 +1,4 @@
args@{ {
lib, lib,
config, config,
pkgs, pkgs,
@ -42,18 +42,6 @@ in {
}; };
}; };
}; };
config.sway = {
# https://alex.dandrea.io/2024/07/20/fixing-idle-inhibitor-behaviour-in-firefox-with-wayland/
# Use xdg-desktop-portal-gtk for every portal interface...
default = "gtk";
# ... except for the ScreenCast, Screenshot and Secret
"org.freedesktop.impl.portal.ScreenCast" = "wlr";
"org.freedesktop.impl.portal.Screenshot" = "wlr";
# ignore inhibit bc gtk portal always returns as success,
# despite sway/the wlr portal not having an implementation,
# stopping firefox from using wayland idle-inhibit
"org.freedesktop.impl.portal.Inhibit" = "none";
};
extraPortals = with pkgs; [xdg-desktop-portal-gtk]; extraPortals = with pkgs; [xdg-desktop-portal-gtk];
}; };
@ -72,6 +60,8 @@ in {
wl-clipboard wl-clipboard
wf-recorder wf-recorder
brightnessctl brightnessctl
gammastep
geoclue2
xsettingsd xsettingsd
ydotool ydotool
@ -82,19 +72,19 @@ in {
wcwd wcwd
]; ];
services.geoclue2.enable = true;
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
systemd.user.services.sway = import ./sway.service.nix args; systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix args; systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;};
systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;};
services.xsettingsd.enable = true; xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;};
services.gammastep = { xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
enable = true; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
provider = "geoclue2"; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
}; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;};
xdg.configFile."sway/config".text = import ./config/config.nix args; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
services.swayidle = with pkgs; { services.swayidle = with pkgs; {
enable = true; enable = true;
@ -106,16 +96,16 @@ in {
]; ];
timeouts = [ timeouts = [
{ {
timeout = 300; timeout = 120;
command = "${swaylock-bg}/bin/swaylock-bg"; command = "${swaylock-bg}/bin/swaylock-bg";
} }
{ {
timeout = 180; timeout = 130;
command = "${sway}/bin/swaymsg \"output * dpms off\""; command = "${sway}/bin/swaymsg \"output * dpms off\"";
resumeCommand = "${sway}/bin/swaymsg \"output * dpms on\""; resumeCommand = "${sway}/bin/swaymsg \"output * dpms on\"";
} }
{ {
timeout = 600; timeout = 300;
command = "${systemd}/bin/systemctl hibernate"; command = "${systemd}/bin/systemctl hibernate";
} }
]; ];

17
modules/graphical/sway/gammastep.service.nix Normal file
View file

@ -0,0 +1,17 @@
{pkgs, ...}: {
Unit = {
Description = "set color temperature of display according to time of day";
Documentation = ["man:gammastep(1)"];
BindsTo = ["sway-session.target"];
After = ["sway-session.target"];
# ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.gammastep}/bin/gammastep -l geoclue2 -m wayland -v";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

18
modules/graphical/sway/xsettingsd.service.nix Normal file
View file

@ -0,0 +1,18 @@
{pkgs, ...}: {
Unit = {
Description = "X Settings Daemon";
Documentation = ["https://github.com/derat/xsettingsd/wiki/Installation"];
BindsTo = ["sway-session.target"];
After = ["sway-session.target"];
# ConditionEnvironment requires systemd v247 to work correctly
ConditionEnvironment = ["WAYLAND_DISPLAY"];
};
Service = {
Type = "simple";
ExecStart = "${pkgs.xsettingsd}/bin/xsettingsd";
ExecStop = "/run/current-system/sw/bin/env pkill xsettingsd";
};
Install = {
WantedBy = ["sway-session.target"];
};
}

31
modules/graphical/waybar.nix
View file

@ -2,14 +2,13 @@
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in {
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
programs.waybar = with flake.self.theme.withHashtag; { programs.waybar = {
enable = true; enable = true;
settings.main = { settings.main = {
layer = "top"; layer = "top";
@ -47,10 +46,10 @@ in {
on-scroll = "-1"; on-scroll = "-1";
on-click-right = "mode"; on-click-right = "mode";
format = { format = {
months = "<span color='#ffead3'><b>{}</b></span>"; months = "<span color='#ffead3'><b>{}</b></span>";
days = "<span color='#ecc6d9'><b>{}</b></span>"; days = "<span color='#ecc6d9'><b>{}</b></span>";
weekdays = "<span color='#ffcc66'><b>{}</b></span>"; weekdays = "<span color='#ffcc66'><b>{}</b></span>";
today = "<span color='#ff6699'><b><u>{}</u></b></span>"; today = "<span color='#ff6699'><b><u>{}</u></b></span>";
}; };
}; };
}; };
@ -89,25 +88,7 @@ in {
}; };
}; };
}; };
style = '' style = builtins.readFile ./.config/waybar/style.css;
@define-color base00 ${base00};
@define-color base01 ${base01};
@define-color base02 ${base02};
@define-color base03 ${base03};
@define-color base04 ${base04};
@define-color base05 ${base05};
@define-color base06 ${base06};
@define-color base07 ${base07};
@define-color base08 ${base08};
@define-color base09 ${base09};
@define-color base0A ${base0A};
@define-color base0B ${base0B};
@define-color base0C ${base0C};
@define-color base0D ${base0D};
@define-color base0E ${base0E};
@define-color base0F ${base0F};
''+ builtins.readFile ./.config/waybar/style.css;
systemd.enable = true; systemd.enable = true;
systemd.target = "sway-session.target"; systemd.target = "sway-session.target";
}; };

717
modules/invoiceplane/default.nix
View file

@ -1,221 +1,215 @@
{ { config, pkgs, lib, ... }:
config,
pkgs, with lib;
lib,
... let
}:
with lib; let
cfg = config.services.invoiceplane; cfg = config.services.invoiceplane;
eachSite = cfg.sites; eachSite = cfg.sites;
user = "invoiceplane"; user = "invoiceplane";
webserver = config.services.${cfg.webserver}; webserver = config.services.${cfg.webserver};
invoiceplane-config = hostName: cfg: invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" ''
pkgs.writeText "ipconfig.php" '' IP_URL=http://${hostName}
IP_URL=http://${hostName} ENABLE_DEBUG=false
ENABLE_DEBUG=false DISABLE_SETUP=false
DISABLE_SETUP=false REMOVE_INDEXPHP=false
REMOVE_INDEXPHP=false DB_HOSTNAME=${cfg.database.host}
DB_HOSTNAME=${cfg.database.host} DB_USERNAME=${cfg.database.user}
DB_USERNAME=${cfg.database.user} # NOTE: file_get_contents adds newline at the end of returned string
# NOTE: file_get_contents adds newline at the end of returned string DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"}
DB_PASSWORD=${ DB_DATABASE=${cfg.database.name}
if cfg.database.passwordFile == null DB_PORT=${toString cfg.database.port}
then "" SESS_EXPIRATION=864000
else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")" ENABLE_INVOICE_DELETION=false
} DISABLE_READ_ONLY=false
DB_DATABASE=${cfg.database.name} ENCRYPTION_KEY=
DB_PORT=${toString cfg.database.port} ENCRYPTION_CIPHER=AES-256
SESS_EXPIRATION=864000 SETUP_COMPLETED=false
ENABLE_INVOICE_DELETION=false REMOVE_INDEXPHP=true
DISABLE_READ_ONLY=false '';
ENCRYPTION_KEY=
ENCRYPTION_CIPHER=AES-256 extraConfig = hostName: cfg: pkgs.writeText "extraConfig.php" ''
SETUP_COMPLETED=false ${toString cfg.extraConfig}
REMOVE_INDEXPHP=true '';
pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}";
version = src.version;
src = pkgs.invoiceplane;
postPhase = ''
# Patch index.php file to load additional config file
substituteInPlace index.php \
--replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();";
''; '';
extraConfig = hostName: cfg: installPhase = ''
pkgs.writeText "extraConfig.php" '' mkdir -p $out
${toString cfg.extraConfig} cp -r * $out/
# symlink uploads and log directories
rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp
ln -sf ${cfg.stateDir}/uploads $out/
ln -sf ${cfg.stateDir}/logs $out/application/
ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/
# symlink the InvoicePlane config
ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php
# symlink the extraConfig file
ln -s ${extraConfig hostName cfg} $out/extraConfig.php
# symlink additional templates
${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates}
''; '';
pkg = hostName: cfg:
pkgs.stdenv.mkDerivation rec {
pname = "invoiceplane-${hostName}";
version = src.version;
src = pkgs.invoiceplane;
postPhase = ''
# Patch index.php file to load additional config file
substituteInPlace index.php \
--replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();";
'';
installPhase = ''
mkdir -p $out
cp -r * $out/
# symlink uploads and log directories
rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp
ln -sf ${cfg.stateDir}/uploads $out/
ln -sf ${cfg.stateDir}/logs $out/application/
ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/
# symlink the InvoicePlane config
ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php
# symlink the extraConfig file
ln -s ${extraConfig hostName cfg} $out/extraConfig.php
# symlink additional templates
${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates}
'';
};
siteOpts = {
lib,
name,
...
}: {
options = {
enable = mkEnableOption (lib.mdDoc "InvoicePlane web application");
stateDir = mkOption {
type = types.path;
default = "/var/lib/invoiceplane/${name}";
description = lib.mdDoc ''
This directory is used for uploads of attachments and cache.
The directory passed here is automatically created and permissions
adjusted as required.
'';
};
database = {
host = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Database host address.";
};
port = mkOption {
type = types.port;
default = 3306;
description = lib.mdDoc "Database host port.";
};
name = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database name.";
};
user = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/invoiceplane-dbpassword";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
createLocally = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Create the database and database user locally.";
};
};
invoiceTemplates = mkOption {
type = types.listOf types.path;
default = [];
description = lib.mdDoc ''
List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
::: {.note}
These templates need to be packaged before use, see example.
:::
'';
example = literalExpression ''
let
# Let's package an example template
template-vtdirektmarketing = pkgs.stdenv.mkDerivation {
name = "vtdirektmarketing";
# Download the template from a public repository
src = pkgs.fetchgit {
url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git";
sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z";
};
sourceRoot = ".";
# Installing simply means copying template php file to the output directory
installPhase = ""
mkdir -p $out
cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/
"";
};
# And then pass this package to the template list like this:
in [ template-vtdirektmarketing ]
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [str int bool]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = lib.mdDoc ''
Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf`
for details on configuration directives.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
SETUP_COMPLETED=true
DISABLE_SETUP=true
IP_URL=https://invoice.example.com
'';
description = lib.mdDoc ''
InvoicePlane configuration. Refer to
<https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>
for details on supported values.
'';
};
cron = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable cron service which periodically runs Invoiceplane tasks.
Requires key taken from the administration page. Refer to
<https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices>
on how to configure it.
'';
};
key = mkOption {
type = types.str;
description = lib.mdDoc "Cron key taken from the administration page.";
};
};
};
}; };
in {
siteOpts = { lib, name, ... }:
{
options = {
enable = mkEnableOption (lib.mdDoc "InvoicePlane web application");
stateDir = mkOption {
type = types.path;
default = "/var/lib/invoiceplane/${name}";
description = lib.mdDoc ''
This directory is used for uploads of attachments and cache.
The directory passed here is automatically created and permissions
adjusted as required.
'';
};
database = {
host = mkOption {
type = types.str;
default = "localhost";
description = lib.mdDoc "Database host address.";
};
port = mkOption {
type = types.port;
default = 3306;
description = lib.mdDoc "Database host port.";
};
name = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database name.";
};
user = mkOption {
type = types.str;
default = "invoiceplane";
description = lib.mdDoc "Database user.";
};
passwordFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/keys/invoiceplane-dbpassword";
description = lib.mdDoc ''
A file containing the password corresponding to
{option}`database.user`.
'';
};
createLocally = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc "Create the database and database user locally.";
};
};
invoiceTemplates = mkOption {
type = types.listOf types.path;
default = [];
description = lib.mdDoc ''
List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory.
::: {.note}
These templates need to be packaged before use, see example.
:::
'';
example = literalExpression ''
let
# Let's package an example template
template-vtdirektmarketing = pkgs.stdenv.mkDerivation {
name = "vtdirektmarketing";
# Download the template from a public repository
src = pkgs.fetchgit {
url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git";
sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z";
};
sourceRoot = ".";
# Installing simply means copying template php file to the output directory
installPhase = ""
mkdir -p $out
cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/
"";
};
# And then pass this package to the template list like this:
in [ template-vtdirektmarketing ]
'';
};
poolConfig = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 4;
"pm.max_requests" = 500;
};
description = lib.mdDoc ''
Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf`
for details on configuration directives.
'';
};
extraConfig = mkOption {
type = types.nullOr types.lines;
default = null;
example = ''
SETUP_COMPLETED=true
DISABLE_SETUP=true
IP_URL=https://invoice.example.com
'';
description = lib.mdDoc ''
InvoicePlane configuration. Refer to
<https://github.com/InvoicePlane/InvoicePlane/blob/master/ipconfig.php.example>
for details on supported values.
'';
};
cron = {
enable = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Enable cron service which periodically runs Invoiceplane tasks.
Requires key taken from the administration page. Refer to
<https://wiki.invoiceplane.com/en/1.0/modules/recurring-invoices>
on how to configure it.
'';
};
key = mkOption {
type = types.str;
description = lib.mdDoc "Cron key taken from the administration page.";
};
};
};
};
in
{
disabledModules = [ disabledModules = [
"services/web-apps/invoiceplane.nix" "services/web-apps/invoiceplane.nix"
]; ];
@ -224,6 +218,7 @@ in {
options = { options = {
services.invoiceplane = mkOption { services.invoiceplane = mkOption {
type = types.submodule { type = types.submodule {
options.sites = mkOption { options.sites = mkOption {
type = types.attrsOf (types.submodule siteOpts); type = types.attrsOf (types.submodule siteOpts);
default = {}; default = {};
@ -231,7 +226,7 @@ in {
}; };
options.webserver = mkOption { options.webserver = mkOption {
type = types.enum ["caddy" "nginx"]; type = types.enum [ "caddy" "nginx" ];
default = "caddy"; default = "caddy";
description = lib.mdDoc '' description = lib.mdDoc ''
Which webserver to use for virtual host management. Currently only Which webserver to use for virtual host management. Currently only
@ -242,172 +237,160 @@ in {
default = {}; default = {};
description = lib.mdDoc "InvoicePlane configuration."; description = lib.mdDoc "InvoicePlane configuration.";
}; };
}; };
# implementation # implementation
config = mkIf (eachSite != {}) (mkMerge [ config = mkIf (eachSite != {}) (mkMerge [{
{
assertions = flatten (mapAttrsToList (hostName: cfg: [
{
assertion = cfg.database.createLocally -> cfg.database.user == user;
message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
}
{
assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
}
{
assertion = cfg.cron.enable -> cfg.cron.key != null;
message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
}
])
eachSite);
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { assertions = flatten (mapAttrsToList (hostName: cfg:
enable = true; [{ assertion = cfg.database.createLocally -> cfg.database.user == user;
package = mkDefault pkgs.mariadb; message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned'';
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite; }
ensureUsers = { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null;
mapAttrsToList ( message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.'';
hostName: cfg: { }
name = cfg.database.user; { assertion = cfg.cron.enable -> cfg.cron.key != null;
ensurePermissions = {"${cfg.database.name}.*" = "ALL PRIVILEGES";}; message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.'';
}
]) eachSite);
services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) {
enable = true;
package = mkDefault pkgs.mariadb;
ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite;
ensureUsers = mapAttrsToList (hostName: cfg:
{ name = cfg.database.user;
ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; };
}
) eachSite;
};
services.phpfpm = {
phpPackage = pkgs.php81;
pools = mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-${hostName}" {
inherit user;
group = webserver.group;
settings = {
"listen.owner" = webserver.user;
"listen.group" = webserver.group;
} // cfg.poolConfig;
}
)) eachSite;
};
}
{
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
]) eachSite);
systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg:
''
mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi
'') eachSite);
wantedBy = [ "multi-user.target" ];
};
users.users.${user} = {
group = webserver.group;
isSystemUser = true;
};
}
{
# Cron service implementation
systemd.timers = mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "invoiceplane-cron-${hostName}.service";
};
})
)) eachSite;
systemd.services =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
serviceConfig = {
Type = "oneshot";
User = user;
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
};
})
)) eachSite;
}
(mkIf (cfg.webserver == "caddy") {
services.caddy = {
enable = true;
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" {
extraConfig = ''
root * ${pkg hostName cfg}
file_server
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket}
'';
}
)) eachSite;
};
})
(mkIf (cfg.webserver == "nginx") {
services.nginx = {
enable = true;
virtualHosts = mapAttrs' (hostName: cfg: (
nameValuePair "${hostName}" {
root = "${pkg hostName cfg}";
extraConfig = ''
index index.php index.html index.htm;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php break;
} }
) '';
eachSite;
};
services.phpfpm = { locations = {
phpPackage = pkgs.php81; "/setup".extraConfig = ''
pools = rewrite ^(.*)$ http://${hostName}/ redirect;
mapAttrs' (hostName: cfg: ( '';
nameValuePair "invoiceplane-${hostName}" {
inherit user;
group = webserver.group;
settings =
{
"listen.owner" = webserver.user;
"listen.group" = webserver.group;
}
// cfg.poolConfig;
}
))
eachSite;
};
}
{ "~ .php$" = {
systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [
"d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -"
"f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -"
"d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -"
])
eachSite);
systemd.services.invoiceplane-config = {
serviceConfig.Type = "oneshot";
script = concatStrings (mapAttrsToList (hostName: cfg: ''
mkdir -p ${cfg.stateDir}/logs \
${cfg.stateDir}/uploads
if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then
cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php"
fi
'')
eachSite);
wantedBy = ["multi-user.target"];
};
users.users.${user} = {
group = webserver.group;
isSystemUser = true;
};
}
{
# Cron service implementation
systemd.timers =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "invoiceplane-cron-${hostName}.service";
};
})
))
eachSite;
systemd.services =
mapAttrs' (hostName: cfg: (
nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable {
serviceConfig = {
Type = "oneshot";
User = user;
ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}";
};
})
))
eachSite;
}
(mkIf (cfg.webserver == "caddy") {
services.caddy = {
enable = true;
virtualHosts =
mapAttrs' (hostName: cfg: (
nameValuePair "http://${hostName}" {
extraConfig = '' extraConfig = ''
root * ${pkg hostName cfg} fastcgi_split_path_info ^(.+\.php)(/.+)$;
file_server fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket} fastcgi_pass unix:${config.services.phpfpm.pools."invoiceplane-${hostName}".socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
''; '';
} };
)) };
eachSite; }
}; )) eachSite;
}) };
})
(mkIf (cfg.webserver == "nginx") {
services.nginx = {
enable = true;
virtualHosts =
mapAttrs' (hostName: cfg: (
nameValuePair "${hostName}" {
root = "${pkg hostName cfg}";
extraConfig = ''
index index.php index.html index.htm;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php break;
}
'';
locations = {
"/setup".extraConfig = ''
rewrite ^(.*)$ http://${hostName}/ redirect;
'';
"~ .php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:${config.services.phpfpm.pools."invoiceplane-${hostName}".socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
};
}
))
eachSite;
};
})
]); ]);
} }

21
modules/nix/default.nix
View file

@ -5,17 +5,16 @@
flake, flake,
... ...
}: { }: {
nixpkgs.config.allowUnfreePredicate = pkg: nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
builtins.elem (lib.getName pkg) [ "steam"
"steam" "steam-original"
"steam-original" "steam-run"
"steam-run" "hplip"
"hplip" "cups-brother-hl3140cw"
"cups-brother-hl3140cw" "uhk-agent"
"cloudflare-warp" "uhk-udev-rules"
"uhk-agent" "zoom"
"uhk-udev-rules" ];
];
nix = { nix = {
# Use default version alias for nix package # Use default version alias for nix package

7
modules/persistence/default.nix
View file

@ -1,8 +1,5 @@
{ lib, config, ... }:
{ {
lib,
config,
...
}: {
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [
@ -20,7 +17,7 @@
fileSystems."/etc/nixos" = { fileSystems."/etc/nixos" = {
device = "/home/${config.pub-solar.user.name}/Workspace/os"; device = "/home/${config.pub-solar.user.name}/Workspace/os";
options = ["bind"]; options = [ "bind" ];
}; };
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

3
modules/portable/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
services.cron = { services.cron = {
enable = true; enable = true;
systemCronJobs = [ systemCronJobs = [

22
modules/printing/default.nix
View file

@ -7,7 +7,7 @@
}: { }: {
services.avahi.enable = true; services.avahi.enable = true;
services.avahi.ipv6 = true; services.avahi.ipv6 = true;
services.avahi.nssmdns4 = true; services.avahi.nssmdns = true;
services.avahi.publish.enable = true; services.avahi.publish.enable = true;
services.avahi.publish.userServices = true; services.avahi.publish.userServices = true;
@ -16,19 +16,9 @@
services.printing.listenAddresses = ["localhost:631"]; services.printing.listenAddresses = ["localhost:631"];
services.printing.defaultShared = lib.mkDefault false; services.printing.defaultShared = lib.mkDefault false;
services.printing.drivers = services.printing.drivers = [
[ pkgs.gutenprint
pkgs.gutenprint ] ++ (if (pkgs.system == "x86_64-linux")
] then [ pkgs.cups-brother-hl3140cw ]
++ ( else []);
if (pkgs.system == "x86_64-linux")
then [pkgs.cups-brother-hl3140cw]
else []
);
environment.persistence."/persist" = {
directories = [
"/etc/lib/cups"
];
};
} }

2
modules/proxy/default.nix
View file

@ -5,7 +5,7 @@
lib, lib,
... ...
}: { }: {
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = { services.nginx = {
enable = true; enable = true;

7
modules/proxy/proxy.conf
View file

@ -1,7 +1,12 @@
## Headers ## Headers
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri; proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-URI $request_uri; proxy_set_header X-Forwarded-URI $request_uri;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
## Basic Proxy Configuration ## Basic Proxy Configuration
client_body_buffer_size 128k; client_body_buffer_size 128k;
@ -16,7 +21,7 @@ proxy_buffers 64 256k;
## Please read the following documentation before configuring this: ## Please read the following documentation before configuring this:
## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies ## https://www.authelia.com/integration/proxies/nginx/#trusted-proxies
set_real_ip_from 10.13.12.0/24; set_real_ip_from 10.13.12.0/24;
set_real_ip_from fd00:b12f:acab:1312:acab::/80; set_real_ip_from fc00::/7;
real_ip_header X-Forwarded-For; real_ip_header X-Forwarded-For;
real_ip_recursive on; real_ip_recursive on;

18
modules/terminal-life/.config/git/config.nix
View file

@ -12,8 +12,8 @@ in '' [user]
else "" else ""
} }
${ ${
if user.name != null if user.fullName != null
then "name = ${user.name}" then "name = ${user.fullName}"
else "" else ""
} }
${ ${
@ -27,19 +27,7 @@ in '' [user]
[alias] [alias]
pol = pull pol = pull
ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number
lg = "!f() { \ # define command which will be used when "nvim"is set as a merge tool
git log --all --color --graph --pretty=format:'%C(bold yellow)<sig>%G?</sig>%C(reset) %C(red)%h%C(reset) -%C(yellow)%d%C(reset) %s %C(green)(%cr) %C(blue)<%an>%C(reset)' | \
sed \
-e 's#<sig>G</sig>#Good#' \
-e 's#<sig>B</sig>#\\nBAD \\nBAD \\nBAD \\nBAD \\nBAD#' \
-e 's#<sig>U</sig>#Unknown#' \
-e 's#<sig>X</sig>#Expired#' \
-e 's#<sig>Y</sig>#Expired Key#' \
-e 's#<sig>R</sig>#Revoked#' \
-e 's#<sig>E</sig>#Missing Key#' \
-e 's#<sig>N</sig>#None#' | \
less -r; \
}; f"
[mergetool] [mergetool]
prompt = false prompt = false

34
modules/terminal-life/.config/git/gitmessage.nix
View file

@ -6,27 +6,27 @@
user = config.pub-solar.user; user = config.pub-solar.user;
xdg = config.home-manager.users."${user.name}".xdg; xdg = config.home-manager.users."${user.name}".xdg;
in '' in ''
# What happened? # What happened?
# #
# fix feat build chore ci docs style refactor perf test # fix feat build chore ci docs style refactor perf test
# #
# type!(optional scope): <summary> --------------# # type!(optional scope): <summary> --------------#
# #
# ^\n # ^\n
# What exactly was done and why? --------------------------------------# # What exactly was done and why? --------------------------------------#
# #
# ^\n # ^\n
# #
# Any issue numbers or links? # Any issue numbers or links?
# #
# Ref: #123 # Ref: #123
# ^\n # ^\n
# #
# Co-authored-by: Example Name <email@example.com> # Co-authored-by: Example Name <email@example.com>
'' ''

126
modules/terminal-life/.local/share/scripts/base16.sh Normal file
View file

@ -0,0 +1,126 @@
#!/bin/sh
# base16-shell (https://github.com/chriskempson/base16-shell)
# Base16 Shell template by Chris Kempson (http://chriskempson.com)
# Burn scheme by Benjamin Bädorf
color00="1a/18/1a" # Base 00 - Black
color01="f8/5e/84" # Base 08 - Red
color02="9e/cd/6f" # Base 0B - Green
color03="e5/c4/63" # Base 0A - Yellow
color04="7a/cc/d7" # Base 0D - Blue
color05="ab/9d/f2" # Base 0E - Magenta
color06="ef/90/62" # Base 0C - Cyan
color07="e3/e1/e4" # Base 05 - White
color08="94/94/94" # Base 03 - Bright Black
color09=$color01 # Base 08 - Bright Red
color10=$color02 # Base 0B - Bright Green
color11=$color03 # Base 0A - Bright Yellow
color12=$color04 # Base 0D - Bright Blue
color13=$color05 # Base 0E - Bright Magenta
color14=$color06 # Base 0C - Bright Cyan
color15="ff/5f/5f" # Base 07 - Bright White
color16="df/59/23" # Base 09
color17="d7/00/00" # Base 0F
color18="2d/2a/2e" # Base 01
color19="30/30/30" # Base 02
color20="d3/d1/d4" # Base 04
color21="30/30/30" # Base 06
color_foreground="e3/e1/e4" # Base 05
color_background="1a/18/1a" # Base 00
if [ -n "$TMUX" ]; then
# Tell tmux to pass the escape sequences through
# (Source: http://permalink.gmane.org/gmane.comp.terminal-emulators.tmux.user/1324)
put_template() { printf '\033Ptmux;\033\033]4;%d;rgb:%s\033\033\\\033\\' $@; }
put_template_var() { printf '\033Ptmux;\033\033]%d;rgb:%s\033\033\\\033\\' $@; }
put_template_custom() { printf '\033Ptmux;\033\033]%s%s\033\033\\\033\\' $@; }
elif [ "${TERM%%[-.]*}" = "screen" ]; then
# GNU screen (screen, screen-256color, screen-256color-bce)
put_template() { printf '\033P\033]4;%d;rgb:%s\007\033\\' $@; }
put_template_var() { printf '\033P\033]%d;rgb:%s\007\033\\' $@; }
put_template_custom() { printf '\033P\033]%s%s\007\033\\' $@; }
elif [ "${TERM%%-*}" = "linux" ]; then
put_template() { [ $1 -lt 16 ] && printf "\e]P%x%s" $1 $(echo $2 | sed 's/\///g'); }
put_template_var() { true; }
put_template_custom() { true; }
else
put_template() { printf '\033]4;%d;rgb:%s\033\\' $@; }
put_template_var() { printf '\033]%d;rgb:%s\033\\' $@; }
put_template_custom() { printf '\033]%s%s\033\\' $@; }
fi
# 16 color space
put_template 0 $color00
put_template 1 $color01
put_template 2 $color02
put_template 3 $color03
put_template 4 $color04
put_template 5 $color05
put_template 6 $color06
put_template 7 $color07
put_template 8 $color08
put_template 9 $color09
put_template 10 $color10
put_template 11 $color11
put_template 12 $color12
put_template 13 $color13
put_template 14 $color14
put_template 15 $color15
# 256 color space
put_template 16 $color16
put_template 17 $color17
put_template 18 $color18
put_template 19 $color19
put_template 20 $color20
put_template 21 $color21
# foreground / background / cursor color
if [ -n "$ITERM_SESSION_ID" ]; then
# iTerm2 proprietary escape codes
put_template_custom Pg e3e1e4 # foreground
put_template_custom Ph 1a181a # background
put_template_custom Pi e3e1e4 # bold color
put_template_custom Pj 303030 # selection color
put_template_custom Pk e3e1e4 # selected text color
put_template_custom Pl e3e1e4 # cursor
put_template_custom Pm 1a181a # cursor text
else
put_template_var 10 $color_foreground
if [ "$BASE16_SHELL_SET_BACKGROUND" != false ]; then
put_template_var 11 $color_background
if [ "${TERM%%-*}" = "rxvt" ]; then
put_template_var 708 $color_background # internal border (rxvt)
fi
fi
put_template_custom 12 ";7" # cursor (reverse video)
fi
# clean up
unset -f put_template
unset -f put_template_var
unset -f put_template_custom
unset color00
unset color01
unset color02
unset color03
unset color04
unset color05
unset color06
unset color07
unset color08
unset color09
unset color10
unset color11
unset color12
unset color13
unset color14
unset color15
unset color16
unset color17
unset color18
unset color19
unset color20
unset color21
unset color_foreground
unset color_background

4
modules/terminal-life/bash/default.nix
View file

@ -99,11 +99,13 @@ in {
vi = "nvim"; vi = "nvim";
vim = "nvim"; vim = "nvim";
mutt = "neomutt"; mutt = "neomutt";
cat = "bat";
ls = "eza"; ls = "eza";
la = "eza --group-directories-first -lag"; la = "eza --group-directories-first -lag";
wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts"; wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix";
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
nnn = "nnn -d -e -H -r"; nnn = "nnn -d -e -H -r";
}; };
} }

104
modules/terminal-life/default.nix
View file

@ -1,8 +1,7 @@
args@{ {
lib, lib,
config, config,
pkgs, pkgs,
flake,
... ...
}: }:
with lib; let with lib; let
@ -20,45 +19,33 @@ in {
}; };
config = { config = {
programs.command-not-found.enable = true; programs.command-not-found.enable = false;
users.users."${psCfg.user.name}".packages = with pkgs; users.users."${psCfg.user.name}".packages = with pkgs; [
[ ack
tealdeer asciinema
asciinema bat
blesh blesh
eza eza
fd fd
ripgrep jump
(nnn.overrideAttrs (o: { (nnn.overrideAttrs (o: {
patches = patches =
(o.patches or []) (o.patches or [])
++ [ ++ [
./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
]; ];
})) }))
p p
powerline powerline
screen screen
watson silver-searcher
jump watson
bat ];
]
++ (
if cfg.full
then [
# Nix specific utilities
alejandra
manix
nix-index
nix-tree
nix-inspect
nvd
]
else []
);
home-manager.users."${psCfg.user.name}" = { home-manager.users."${psCfg.user.name}" = {
xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh;
programs.less = { programs.less = {
enable = true; enable = true;
keys = '' keys = ''
@ -73,26 +60,49 @@ in {
# starship.toml has sane defaults that can be changed there # starship.toml has sane defaults that can be changed there
programs.starship = { programs.starship = {
enable = true; enable = true;
settings = import ./starship.toml.nix flake.self.theme.withHashtag; settings = import ./starship.toml.nix;
}; };
programs.bash = import ./bash args; programs.bash = import ./bash {
inherit config;
inherit pkgs;
inherit lib;
};
programs.fzf = import ./fzf args; programs.fzf = import ./fzf {
inherit config;
inherit pkgs;
};
programs.neovim = import ./nvim args; programs.neovim = import ./nvim {
inherit config;
inherit pkgs;
inherit lib;
};
# Ensure nvim backup directory gets created # Ensure nvim backup directory gets created
# Workaround for E510: Can't make backup file (add ! to override) # Workaround for E510: Can't make backup file (add ! to override)
xdg.dataFile."nvim/backup/.keep".text = ""; xdg.dataFile."nvim/backup/.keep".text = "";
xdg.dataFile."nvim/json-schemas/.keep".text = ""; xdg.dataFile."nvim/json-schemas/.keep".text = "";
# Generated with:
# docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json
xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json;
xdg.dataFile."nvim/templates/.keep".text = ""; xdg.dataFile."nvim/templates/.keep".text = "";
programs.git = import ./git args; programs.git = import ./git {};
xdg.configFile."git/config".text = import ./.config/git/config.nix args; xdg.configFile."git/config".text = import ./.config/git/config.nix {
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix args; inherit config;
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix args; inherit pkgs;
};
xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix {
inherit config;
inherit pkgs;
};
xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix {
inherit config;
inherit pkgs;
};
programs.direnv = import ./direnv args; programs.direnv = import ./direnv {};
}; };
}; };
} }

3
modules/terminal-life/direnv/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
enable = true; enable = true;
nix-direnv = { nix-direnv = {
enable = true; enable = true;

10
modules/terminal-life/fzf/default.nix
View file

@ -1,17 +1,15 @@
{ {
config, config,
pkgs, pkgs,
flake,
... ...
}: { }: {
enable = true; enable = true;
defaultCommand = "fd --hidden --type f --exclude .git"; defaultCommand = "fd --hidden --type f --exclude .git";
defaultOptions = with flake.self.theme.withHashtag; [ defaultOptions = [
"--color=bg+:${base01},bg:${base00},spinner:${base0C},hl:${base0D}" "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7"
"--color=fg:${base04},header:${base0D},info:${base0A},pointer:${base0C}" "--color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062"
"--color=marker:${base0C},fg+:${base02},prompt:${base0A},hl+:${base0D}" "--color=marker:#ef9062,fg+:#303030,prompt:#e5c463,hl+:#7accd7"
]; ];
# Use ble.sh for completions, see # Use ble.sh for completions, see
# modules/terminal-life/bash/default.nix -> bleopt complete_menu_style=desc # modules/terminal-life/bash/default.nix -> bleopt complete_menu_style=desc
# and https://github.com/akinomyoga/ble.sh/wiki/Manual-%C2%A77-Completion # and https://github.com/akinomyoga/ble.sh/wiki/Manual-%C2%A77-Completion

3
modules/terminal-life/git/default.nix
View file

@ -1,4 +1,5 @@
{...}: { { ... }:
{
enable = true; enable = true;
extraConfig = { extraConfig = {

48
modules/terminal-life/nvim/cmp.vim
View file

@ -1,48 +0,0 @@
lua <<EOF
local luasnip = require 'luasnip'
local cmp = require 'cmp'
cmp.setup {
snippet = {
expand = function(args)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = {
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end,
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
},
}
EOF

298
modules/terminal-life/nvim/default.nix
View file

@ -7,6 +7,8 @@
psCfg = config.pub-solar; psCfg = config.pub-solar;
cfg = config.pub-solar.terminal-life; cfg = config.pub-solar.terminal-life;
xdg = config.home-manager.users."${psCfg.user.name}".xdg; xdg = config.home-manager.users."${psCfg.user.name}".xdg;
preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs);
in { in {
enable = true; enable = true;
@ -18,134 +20,176 @@ in {
withRuby = true; withRuby = true;
withPython3 = true; withPython3 = true;
extraPackages = with pkgs; [ extraPackages = with pkgs;
ripgrep lib.mkIf (cfg.full) [
nixd ansible-language-server
universal-ctags ccls
# ansible-language-server gopls
# clang-tools nixd
# gopls nodejs
# nodePackages.bash-language-server nodePackages.bash-language-server
# nodePackages.svelte-language-server nodePackages.dockerfile-language-server-nodejs
# nodePackages.typescript nodePackages.svelte-language-server
# nodePackages.typescript-language-server nodePackages.typescript
# nodePackages.vue-language-server nodePackages.typescript-language-server
# nodePackages.vscode-langservers-extracted nodePackages.vim-language-server
# nginx-language-server nodePackages.vue-language-server
# lua-language-server nodePackages.vscode-langservers-extracted
# cmake-language-server nodePackages.yaml-language-server
# vim-language-server python3Packages.python-lsp-server
# yaml-language-server python3Full
# python3Packages.python-lsp-server rust-analyzer
# nodePackages.dockerfile-language-server-nodejs solargraph
# docker-compose-language-service terraform-ls
# rust-analyzer universal-ctags
# cargo ];
# solargraph
# terraform-ls plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [
# python3Full (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
p.ini
p.json
p.json5
p.markdown
p.nix
p.toml
p.yaml
p.css
p.graphql
p.html
p.javascript
p.scss
p.tsx
p.typescript
p.vue
p.c
p.cpp
p.go
p.gomod
p.gosum
p.haskell
p.lua
p.php
p.python
p.ruby
p.rust
p.vim
p.vimdoc
p.passwd
p.sql
p.diff
p.gitcommit
p.gitignore
p.git_config
p.gitattributes
p.git_rebase
p.bash
p.dockerfile
p.make
p.ninja
p.terraform
]))
# Dependencies for nvim-lspconfig
nvim-cmp
cmp-nvim-lsp
cmp_luasnip
luasnip
# Quickstart configs for neovim LSP
lsp_extensions-nvim
nvim-lspconfig
# Collaborative editing in Neovim using built-in capabilities
instant-nvim-nvfetcher
# Search functionality behind :Ack
ack-vim
# The status bar in the bottom of the screen with the mode indication and file location
vim-airline
# Automatically load editorconfig files in repos to configure nvim settings
editorconfig-vim
# File browser. Use <leader>n to access
nnn-vim
# Highlight characters when using f, F, t, and T
quick-scope
# Get sudo in vim; :SudaWrite <optional filename>
suda-vim
# Undo history etc. per project
vim-workspace-nvfetcher
# JSON schemas
SchemaStore-nvim
# Work with tags files
vim-gutentags
# Neovim colorschemes / themes
sonokai
vim-hybrid-material
vim-airline-themes
vim-apprentice-nvfetcher
# Git integrations
# A Git wrapper so awesome, it should be illegal
fugitive
# Shows git diff markers in the sign column
vim-gitgutter
# GitHub extension for fugitive
vim-rhubarb
# Ease your git workflow within Vim
vimagit-nvfetcher
# FZF fuzzy finder
fzf-vim
fzfWrapper
# Make the yanked region apparent
vim-highlightedyank
# :Beautify Code beautifier
vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window
vim-bufkill
# Defaults everyone can agree on
vim-sensible
# emmet for vim: http://emmet.io/
emmet-vim
# Caddyfile syntax support for Vim
vim-caddyfile-nvfetcher
]; ];
plugins = with pkgs.vimPlugins; extraConfig = builtins.concatStringsSep "\n" [
[ ''
# The status bar in the bottom of the screen with the mode indication and file location " Persistent undo
vim-airline set undofile
set undodir=${xdg.cacheHome}/nvim/undo
# Automatically load editorconfig files in repos to configure nvim settings set backupdir=${xdg.dataHome}/nvim/backup
editorconfig-vim set directory=${xdg.dataHome}/nvim/swap/
''
# File browser. Use <leader>n to access (builtins.readFile ./init.vim)
nnn-vim (builtins.readFile ./plugins.vim)
(builtins.readFile ./clipboard.vim)
# Highlight characters when using f, F, t, and T (builtins.readFile ./ui.vim)
quick-scope (builtins.readFile ./quickfixopenall.vim)
(builtins.readFile ./lsp.vim)
# Undo history etc. per project ''
vim-workspace-nvfetcher " fzf with file preview
command! -bang -nargs=? -complete=dir Files
# Neovim colorschemes / themes \ call fzf#vim#files(<q-args>, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, <bang>0)
sonokai ''
vim-hybrid-material ];
vim-airline-themes
vim-apprentice-nvfetcher
# Preview colors inline
nvim-colorizer-lua
# Git integrations
# A Git wrapper so awesome, it should be illegal
fugitive
# Shows git diff markers in the sign column
vim-gitgutter
# GitHub extension for fugitive
vim-rhubarb
# Ease your git workflow within Vim
vimagit-nvfetcher
# Telescope fuzzy finder
telescope-nvim
telescope-fzf-native-nvim
# Make the yanked region apparent
vim-highlightedyank
# :Beautify Code beautifier
vim-beautify-nvfetcher
# Unload, delete or wipe a buffer without closing the window
vim-bufkill
# Defaults everyone can agree on
vim-sensible
# Work with tags files
vim-gutentags
]
++ (
if cfg.full
then [
nvim-treesitter.withAllGrammars
# Dependencies for nvim-lspconfig
nvim-cmp
cmp-nvim-lsp
cmp_luasnip
luasnip
# Quickstart configs for neovim LSP
lsp_extensions-nvim
nvim-lspconfig
# Collaborative editing in Neovim using built-in capabilities
instant-nvim-nvfetcher
# JSON schemas
SchemaStore-nvim
]
else []
);
extraConfig = builtins.concatStringsSep "\n" ([
''
" Persistent undo
set undofile
set undodir=${xdg.cacheHome}/nvim/undo
set backupdir=${xdg.dataHome}/nvim/backup
set directory=${xdg.dataHome}/nvim/swap/
''
(builtins.readFile ./init.vim)
(builtins.readFile ./plugins.vim)
(builtins.readFile ./clipboard.vim)
(builtins.readFile ./ui.vim)
(builtins.readFile ./filetypes.vim)
]
++ (
if cfg.full
then [
(builtins.readFile ./lsp.vim)
(builtins.readFile ./cmp.vim)
]
else []
));
} }

10
modules/terminal-life/nvim/filetypes.vim
View file

@ -1,10 +0,0 @@
au BufRead,BufNewFile *.html.twig set filetype=html
au BufRead,BufNewFile *.vto set filetype=html
au BufRead,BufNewFile *.njk set filetype=html
au BufRead,BufNewFile *.age set filetype=age
autocmd FileType age setlocal noeol nofixeol
au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab

41
modules/terminal-life/nvim/init.vim
View file

@ -9,13 +9,11 @@ set viminfo='100,<100,s20 " vim file history
set hidden set hidden
set expandtab
set shiftwidth=2 set shiftwidth=2
set tabstop=2
set number set number
set relativenumber set relativenumber
set mouse= set mouse=
set listchars=tab:→\ ,nbsp:␣,trail:␣,extends:⟩,precedes:⟨
set list
set autoindent set autoindent
set smartindent set smartindent
@ -58,6 +56,10 @@ map <leader>wJ :wincmd H<CR>
map <leader>wK :wincmd J<CR> map <leader>wK :wincmd J<CR>
map <leader>wL :wincmd L<CR> map <leader>wL :wincmd L<CR>
map <leader>tj :tabprevious<CR>
map <leader>tl :tabnext<CR>
map <leader>tq :tabclose<CR>
" replay macro for each line of a visual selection " replay macro for each line of a visual selection
xnoremap @q :normal @q<CR> xnoremap @q :normal @q<CR>
xnoremap @@ :normal @@<CR> xnoremap @@ :normal @@<CR>
@ -69,13 +71,34 @@ xnoremap p pgvy
inoremap jj <Esc> inoremap jj <Esc>
" Open new buffer " Open new buffer
nmap <leader>bn :enew<cr> nmap <leader>T :enew<cr>
" Move to the next buffer
nmap <leader>l :bnext<CR> nmap <leader>l :bnext<CR>
nmap <leader>bn :bnext<CR>
" Move to the previous buffer
nmap <leader>j :bprevious<CR> nmap <leader>j :bprevious<CR>
nmap <leader>bp :bprevious<CR>
" Close the current buffer and move to the previous one
" This replicates the idea of closing a tab
nmap <leader>q :bp <BAR> bd #<CR> nmap <leader>q :bp <BAR> bd #<CR>
nmap <leader>bq :bp <BAR> bd #<CR>
" Show all open buffers and their status
nmap <leader>bl :ls<CR>
" Mapping selecting mappings
nmap <leader><tab> <plug>(fzf-maps-n)
xmap <leader><tab> <plug>(fzf-maps-x)
omap <leader><tab> <plug>(fzf-maps-o)
nmap <c-p> :Files<CR>
imap <c-p> <ESC>:Files<CR>
" Insert mode completion
imap <c-x><c-k> <plug>(fzf-complete-word)
imap <c-x><c-f> <plug>(fzf-complete-path)
imap <c-x><c-j> <plug>(fzf-complete-file)
imap <c-x><c-l> <plug>(fzf-complete-line)
" Clear quickfix shortcut " Clear quickfix shortcut
nmap <Leader>c :ccl<CR> nmap <Leader>c :ccl<CR>
@ -85,3 +108,7 @@ nmap <Leader>c :ccl<CR>
if has("autocmd") if has("autocmd")
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
endif endif
nmap - :NnnPicker %<CR>
nmap <leader>n :NnnPicker %<CR>
nmap <leader>N :NnnPicker<CR>

367
modules/terminal-life/nvim/lsp.vim
View file

@ -1,149 +1,258 @@
" Set completeopt to have a better completion experience
" :help completeopt
" menuone: popup even when there's only one match
" noinsert: Do not insert text until a selection is made
" noselect: Do not select, force user to select one from the menu
set completeopt=menuone,noinsert,noselect
" Avoid showing extra messages when using completion
set shortmess+=c
function AddTemplate(tmpl_file)
exe "0read " . a:tmpl_file
set nomodified
6
endfunction
autocmd BufNewFile shell.nix call AddTemplate("$XDG_DATA_HOME/nvim/templates/shell.nix.tmpl")
" Configure neovim 0.6+ experimental LSPs " Configure neovim 0.6+ experimental LSPs
" https://github.com/neovim/nvim-lspconfig " https://github.com/neovim/nvim-lspconfig
" https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md " https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md
" https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization " https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization
" https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua
lua <<EOF lua <<EOF
local nvim_lsp = require('lspconfig')
-- Set completeopt to have a better completion experience -- Mappings (global)
vim.o.completeopt = 'menuone,noselect,noinsert' -- See `:help vim.diagnostic.*` for documentation on any of the below functions
vim.o.shortmess = vim.o.shortmess .. 'c' local opts = { noremap=true, silent=true }
vim.o.signcolumn = 'yes:2' vim.api.nvim_set_keymap('n', '<leader>e', '<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>dq', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>f', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts)
local lspconfig = require('lspconfig') -- Use an on_attach function to only map the following keys
-- after the language server attaches to the current buffer
local on_attach = function(client, bufnr)
-- Enable completion triggered by <c-x><c-o>
vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc')
-- Mappings (global) -- Mappings (available if LSP is configured and attached to buffer)
-- See `:help vim.diagnostic.*` for documentation on any of the below functions -- See `:help vim.lsp.*` for documentation on any of the below functions
local opts = { noremap=true, silent=true } vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g[', '<cmd>lua vim.diagnostic.goto_prev()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts)
vim.api.nvim_set_keymap('n', 'g]', '<cmd>lua vim.diagnostic.goto_next()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>dq', '<cmd>lua vim.diagnostic.setloclist()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>do', '<cmd>lua vim.diagnostic.open_float()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
vim.api.nvim_set_keymap('n', '<leader>bf', '<cmd>lua vim.lsp.buf.formatting()<CR>', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>D', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
local on_attach = function(client, bufnr) -- Show diagnostic popup on cursor hold
-- Enable completion triggered by <c-x><c-o> vim.api.nvim_create_autocmd("CursorHold", {
vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') buffer = bufnr,
callback = function()
local opts = {
focusable = false,
close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" },
border = 'rounded',
source = 'always',
prefix = ' ',
scope = 'cursor',
}
vim.diagnostic.open_float(nil, opts)
end
})
-- Mappings (available if LSP is configured and attached to buffer)
-- See `:help vim.lsp.*` for documentation on any of the below functions
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', '<cmd>lua vim.lsp.buf.definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', '<cmd>lua vim.lsp.buf.references()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gT', '<cmd>lua vim.lsp.buf.type_definition()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', '<cmd>lua vim.lsp.buf.hover()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wa', '<cmd>lua vim.lsp.buf.add_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wr', '<cmd>lua vim.lsp.buf.remove_workspace_folder()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>wl', '<cmd>lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>rn', '<cmd>lua vim.lsp.buf.rename()<CR>', opts)
vim.api.nvim_buf_set_keymap(bufnr, 'n', '<leader>ca', '<cmd>lua vim.lsp.buf.code_action()<CR>', opts)
-- Show diagnostic popup on cursor hold
vim.api.nvim_create_autocmd("CursorHold", {
buffer = bufnr,
callback = function()
local opts = {
focusable = false,
close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" },
border = 'rounded',
source = 'always',
prefix = ' ',
scope = 'cursor',
}
vim.diagnostic.open_float(nil, opts)
end
})
end
local lspconfig = require 'lspconfig'
-- Add additional capabilities supported by nvim-cmp
local CAPABILITIES = require('cmp_nvim_lsp').default_capabilities()
--- Event handlers
local HANDLERS = {
-- TODO: replace with vim.lsp.protocol.Methods
["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, FLOAT_CONFIG),
["textDocument/signatureHelp"] = vim.lsp.with(vim.lsp.handlers.signature_help, FLOAT_CONFIG),
}
-- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
CAPABILITIES.textDocument.completion.completionItem.snippetSupport = true
local function setup(lsp, config)
if config == nil then
config = {}
end end
config.capabilities = CAPABILITIES -- Add additional capabilities supported by nvim-cmp
config.handlers = HANDLERS local capabilities = require('cmp_nvim_lsp').default_capabilities()
config.on_attach = on_attach -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
lspconfig[lsp].setup(config) capabilities.textDocument.completion.completionItem.snippetSupport = true
end
setup('nixd') -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html
setup('bashls') capabilities.textDocument.completion.completionItem.snippetSupport = true
setup('clangd')
setup('cssls') local use_denols_for_typescript = not(os.getenv('NVIM_USE_DENOLS') == nil)
setup('eslint')
setup('ts_ls') for lsp_key, lsp_settings in pairs({
setup('denols') 'ansiblels', ---------------------------- Ansible
setup('vuels') 'bashls', ------------------------------- Bash
setup('svelte') 'ccls', --------------------------------- C / C++ / Objective-C
setup('html') 'cssls', -------------------------------- CSS / SCSS / LESS
setup('yamlls') 'dockerls', ----------------------------- Docker
setup('jsonls', { ['gopls'] = { --------------------------- Go
json = { ['settings'] = {
schemas = require('schemastore').json.schemas(), ['gopls'] = {
validate = { ['analyses'] = {
enable = true ['unusedparams'] = true,
} },
} ['staticcheck'] = true
}) },
setup('gopls', { },
settings = { },
gopls = { semanticTokens = true } 'html', --------------------------------- HTML
} ['jdtls'] = { --------------------------- Java
}) ['root_dir'] = nvim_lsp.util.root_pattern('.git', 'pom.xml', 'build.xml'),
setup('phpactor') ['init_options'] = {
setup('pylsp') ['jvm_args'] = {['java.format.settings.url'] = vim.fn.stdpath('config')..'/eclipse-formatter.xml'},
setup('solargraph') -- ruby ['workspace'] = vim.fn.stdpath('cache')..'/java-workspaces'
setup('rust_analyzer', { }
settings = { },
['rust-analyzer'] = { ['jsonls'] = { -------------------------- JSON
checkOnSave = { extraArgs = { "--target-dir", "/tmp/rust-analyzer-check" } }, ['settings'] = {
diagnostics = { disabled = { 'inactive-code' } }, ['json'] = {
['schemas' ] = vim.list_extend(
{
{
['description'] = 'JSON schema for Caddy v2',
['fileMatch'] = { '*caddy*.json' },
['name'] = 'caddy_schema.json',
['url'] = vim.fn.stdpath('data')..'/json-schemas/caddy_schema.json',
},
},
require('schemastore').json.schemas()
),
['validate'] = { ['enable'] = true }
}
}
},
'nixd', --------------------------------- Nix
'phpactor', ----------------------------- PHP
'pylsp', -------------------------------- Python
'solargraph', --------------------------- Ruby
'rust_analyzer', ------------------------ Rust
['sqlls'] = {
['cmd'] = {vim.fn.stdpath('data')..'/nvm/versions/node/v12.19.0/bin/sql-language-server', 'up', '--method', 'stdio'}
},
['terraformls'] = { --------------------- Terraform
['filetypes'] = { 'terraform', 'hcl', 'tf' }
},
-- The TS/JS server is chosen depending on an environment variable,
-- since denols is nicer for Deno based projects
------------------------ Deno TS/JS
------------------------------------ Typescript / JavaScript
(use_denols_for_typescript and 'denols' or 'tsserver'),
'vuels', -------------------------------- Vue
'svelte', ------------------------------- Svelte
['yamlls'] = { -------------------------- YAML
['settings'] = {
['yaml'] = {
['schemas'] = {
['https://json.schemastore.org/github-workflow'] = '.github/workflows/*.{yml,yaml}',
['https://json.schemastore.org/github-action'] = '.github/action.{yml,yaml}',
['https://json.schemastore.org/drone'] = '*.drone.{yml,yaml}',
['https://json.schemastore.org/swagger-2.0'] = 'swagger.{yml,yaml}',
}
}
}
}
}) do -- Setup all of the language servers. †
if type(lsp_key) == 'number' then -- Enable the LSP with defaults.
-- The `lsp` is an index in this case.
nvim_lsp[lsp_settings].setup{
on_attach = on_attach,
flags = {
debounce_text_changes = 150,
},
capabilities = capabilities,
}
else -- Use the LSP's configuration.
lsp_settings.on_attach = on_attach
lsp_settings.capabilities = capabilities
nvim_lsp[lsp_key].setup(lsp_settings)
end
end --
-- configure floating diagnostics appearance, symbols
local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end
-- Set completeopt to have a better completion experience
vim.o.completeopt = 'menuone,noselect'
-- luasnip setup
local luasnip = require 'luasnip'
-- nvim-cmp setup
local cmp = require 'cmp'
cmp.setup {
snippet = {
expand = function(args)
require('luasnip').lsp_expand(args.body)
end,
},
mapping = {
['<C-p>'] = cmp.mapping.select_prev_item(),
['<C-n>'] = cmp.mapping.select_next_item(),
['<C-d>'] = cmp.mapping.scroll_docs(-4),
['<C-f>'] = cmp.mapping.scroll_docs(4),
['<C-Space>'] = cmp.mapping.complete(),
['<C-e>'] = cmp.mapping.close(),
['<CR>'] = cmp.mapping.confirm {
behavior = cmp.ConfirmBehavior.Replace,
select = true,
},
['<Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_next_item()
elseif luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
fallback()
end
end,
['<S-Tab>'] = function(fallback)
if cmp.visible() then
cmp.select_prev_item()
elseif luasnip.jumpable(-1) then
luasnip.jump(-1)
else
fallback()
end
end,
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'luasnip' },
}, },
} }
})
setup('sqlls')
setup('salt_ls')
setup('ansiblels')
setup('dockerls')
setup('docker_compose_language_service')
setup('terraformls')
-- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols -- https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#denols
vim.g.markdown_fenced_languages = { vim.g.markdown_fenced_languages = {
"ts=typescript" "ts=typescript"
} }
-- Configure diagnostics -- Configure diagnostics
vim.diagnostic.config({ vim.diagnostic.config({
virtual_text = false, virtual_text = false,
signs = true, signs = true,
underline = true, underline = true,
update_in_insert = false, update_in_insert = false,
severity_sort = false, severity_sort = false,
}) })
-- Change diagnostic symbols in the sign column (gutter) -- Change diagnostic symbols in the sign column (gutter)
local signs = { Error = "x ", Warn = "! ", Hint = "? ", Info = "i " } local signs = { Error = " ", Warn = " ", Hint = " ", Info = " " }
for type, icon in pairs(signs) do for type, icon in pairs(signs) do
local hl = "DiagnosticSign" .. type local hl = "DiagnosticSign" .. type
vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl }) vim.fn.sign_define(hl, { text = icon, texthl = hl, numhl = hl })
end end
EOF EOF
" have a fixed column for the diagnostics to appear in
" this removes the jitter when warnings/errors flow in
set signcolumn=yes:2

95
modules/terminal-life/nvim/plugins.vim
View file

@ -1,8 +1,32 @@
" Happy yaml configuration
au! BufNewFile,BufReadPost *.{yaml,yml} set filetype=yaml
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
let g:gutentags_file_list_command = 'git ls-files' let g:gutentags_file_list_command = 'git ls-files'
" quick-scope
" https://github.com/unblevable/quick-scope " https://github.com/unblevable/quick-scope
let g:qs_highlight_on_keys = ['f', 'F', 't', 'T'] let g:qs_highlight_on_keys = ['f', 'F', 't', 'T']
" Golang
" Go test, Def, Decls shortcut
nmap <Leader>got :GoTest<CR>:botright copen<CR>
autocmd FileType go nmap gd :GoDef<CR>
autocmd FileType go nmap gD :GoDecls<CR>
" Go formatting
autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist
" Caddyfile indentation
autocmd FileType caddyfile setlocal noexpandtab shiftwidth=8 tabstop=8 softtabstop=8 nolist
" vim-go disable text-objects
let g:go_textobj_enabled = 0
" disable vim-go :GoDef short cut (gd)
" this is handled by LanguageClient [LC]
let g:go_def_mapping_enabled = 0
" GitGutter and vim Magit " GitGutter and vim Magit
" inspired by: https://jakobgm.com/posts/vim/git-integration/ " inspired by: https://jakobgm.com/posts/vim/git-integration/
" Don't map gitgutter keys automatically, set them ourselves " Don't map gitgutter keys automatically, set them ourselves
@ -19,11 +43,17 @@ nmap <Leader>gu <Plug>(GitGutterUndoHunk) " git undo (chunk)
" Open vimagit pane " Open vimagit pane
nnoremap <leader>gs :Magit<CR> " git status nnoremap <leader>gs :Magit<CR> " git status
" Push to remote
nnoremap <leader>gP :! git push<CR> " git Push
" Quick conflict resolution in git mergetool nvim " Quick conflict resolution in git mergetool nvim
" http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/ " http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/
nmap <Leader>[ :diffget //2<CR> nmap <Leader>[ :diffget //2<CR>
nmap <Leader>] :diffget //3<CR> nmap <Leader>] :diffget //3<CR>
" netrw
let g:netrw_fastbrowse=0
" Auto-FMT rust code on save " Auto-FMT rust code on save
let g:rustfmt_autosave = 1 let g:rustfmt_autosave = 1
@ -36,53 +66,22 @@ let g:highlightedyank_highlight_duration = 200
" Markdown options " Markdown options
let g:vim_markdown_folding_disabled = 1 let g:vim_markdown_folding_disabled = 1
" Haskell options
let g:haskell_enable_quantification = 1 " to enable highlighting of `forall`
let g:haskell_enable_recursivedo = 1 " to enable highlighting of `mdo` and `rec`
let g:haskell_enable_arrowsyntax = 1 " to enable highlighting of `proc`
let g:haskell_enable_pattern_synonyms = 1 " to enable highlighting of `pattern`
let g:haskell_enable_typeroles = 1 " to enable highlighting of type roles
let g:haskell_enable_static_pointers = 1 " to enable highlighting of `static`
let g:haskell_backpack = 1 " to enable highlighting of backpack keywords
" Emmet
let g:user_emmet_leader_key='<c-n>'
" Ack
if executable('ag')
let g:ackprg = 'ag --hidden --vimgrep'
endif
" nnn " nnn
let g:nnn#command = 'nnn -d -e -H -r' let g:nnn#command = 'nnn -d -e -H -r'
nmap - :NnnPicker %<CR>
nmap <leader>n :NnnPicker %<CR>
nmap <leader>N :NnnPicker<CR>
lua <<EOF
local actions = require("telescope.actions")
local telescope = require("telescope")
telescope.setup{
defaults = {
mappings = {
n = {
["k"] = actions.move_selection_next,
["i"] = actions.move_selection_previous,
["I"] = actions.move_to_top,
["K"] = actions.move_to_bottom,
["<C-c>"] = actions.close,
},
},
},
pickers = {
find_files = {
-- `hidden = true` will still show the inside of `.git/` as it's not `.gitignore`d.
find_command = { "rg", "--files", "--hidden", "--glob", "!**/.git/*" },
},
},
extensions = {
fzf = {
fuzzy = true, -- false will only do exact matching
override_generic_sorter = true, -- override the generic sorter
override_file_sorter = true, -- override the file sorter
case_mode = "smart_case", -- or "ignore_case" or "respect_case"
}
}
}
telescope.load_extension('fzf')
local builtin = require('telescope.builtin')
vim.keymap.set('n', '<leader>ff', builtin.find_files, {})
vim.keymap.set('n', '<leader>f/', builtin.live_grep, {})
vim.keymap.set('n', '<leader>f?', builtin.builtin, {})
vim.keymap.set('n', '<leader>fr', builtin.command_history, {})
vim.keymap.set('n', '<leader>fc', builtin.commands, {})
vim.keymap.set('n', '<leader>ft', builtin.treesitter, {})
require'colorizer'.setup()
EOF

36
modules/terminal-life/nvim/preview-file.nix Normal file
View file

@ -0,0 +1,36 @@
self:
with self; ''
IFS=':' read -r -a INPUT <<< "$1"
FILE=''${INPUT[0]}
CENTER=''${INPUT[1]}
if [[ "$1" =~ ^[A-Za-z]:\\ ]]; then
FILE=$FILE:''${INPUT[1]}
CENTER=''${INPUT[2]}
fi
if [[ -n "$CENTER" && ! "$CENTER" =~ ^[0-9] ]]; then
exit 1
fi
CENTER=''${CENTER/[^0-9]*/}
FILE="''${FILE/#\~\//$HOME/}"
if [ ! -r "$FILE" ]; then
echo "File not found ''${FILE}"
exit 1
fi
if [ -z "$CENTER" ]; then
CENTER=0
fi
exec cat "$FILE" \
| sed -e '/[#|\/\/ ?]-- copyright/,/[#\/\/]++/c\\' \
| ${pkgs.coreutils}/bin/tr -s '\n' \
| ${pkgs.bat}/bin/bat \
--style="''${BAT_STYLE:-numbers}" \
--color=always \
--pager=never \
--file-name="''$FILE" \
--highlight-line=$CENTER
''

20
modules/terminal-life/nvim/quickfixopenall.vim Normal file
View file

@ -0,0 +1,20 @@
"Usage:
" 1. Perform a vimgrep search
" :vimgrep /def/ *.rb
" 2. Issue QuickFixOpenAll command
" :QuickFixOpenAll
function! QuickFixOpenAll()
if empty(getqflist())
return
endif
let s:prev_val = ""
for d in getqflist()
let s:curr_val = bufname(d.bufnr)
if (s:curr_val != s:prev_val)
exec "edit " . s:curr_val
endif
let s:prev_val = s:curr_val
endfor
endfunction
command! QuickFixOpenAll call QuickFixOpenAll()

Some files were not shown because too many files have changed in this diff Show more