From cd0cd79f97afda557810ed647e7383585cd2ccc6 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sun, 21 Aug 2022 23:56:42 +0200 Subject: [PATCH] Initial hensoko --- flake.nix | 41 ++++- hosts/redpanda/configuration.nix | 110 ++++++++++++ hosts/redpanda/default.nix | 6 + hosts/redpanda/hardware-configuration.nix | 21 +++ hosts/redpanda/redpanda.nix | 17 ++ modules/user/default.nix | 10 ++ secrets/email_gssws_password.age | 22 +++ .../.config/sway/config.d/input-language.conf | 3 + users/hensoko/browser.nix | 170 ++++++++++++++++++ users/hensoko/default.nix | 37 ++++ users/hensoko/email.nix | 64 +++++++ users/hensoko/gammastep.nix | 15 ++ users/hensoko/home.nix | 51 ++++++ users/hensoko/htop.nix | 32 ++++ users/hensoko/ssh.nix | 58 ++++++ users/iot/default.nix | 28 +++ users/iot/home.nix | 36 ++++ 17 files changed, 713 insertions(+), 8 deletions(-) create mode 100644 hosts/redpanda/configuration.nix create mode 100644 hosts/redpanda/default.nix create mode 100644 hosts/redpanda/hardware-configuration.nix create mode 100644 hosts/redpanda/redpanda.nix create mode 100644 secrets/email_gssws_password.age create mode 100644 users/hensoko/.config/sway/config.d/input-language.conf create mode 100644 users/hensoko/browser.nix create mode 100644 users/hensoko/default.nix create mode 100644 users/hensoko/email.nix create mode 100644 users/hensoko/gammastep.nix create mode 100644 users/hensoko/home.nix create mode 100644 users/hensoko/htop.nix create mode 100644 users/hensoko/ssh.nix create mode 100644 users/iot/default.nix create mode 100644 users/iot/home.nix diff --git a/flake.nix b/flake.nix index 61085b21..94d8d7ba 100644 --- a/flake.nix +++ b/flake.nix @@ -133,25 +133,40 @@ iso = base ++ [base-user graphical pub-solar-iso]; pubsolaros = [full-install base-user users.root]; anonymous = [pubsolaros users.pub-solar]; + pubsolaros-light = [ core-light base-user users.root ]; + hensoko = pubsolaros ++ [ users.hensoko ]; + hensoko-iot = [ server base-user users.root users.iot ]; + + # server + cube = hensoko-iot; + + # home-controller + companion = hensoko-iot; + cox = hensoko-iot; + giggles = hensoko-iot; + + # laptop + ringo = hensoko; + + # vm + redpanda = hensoko; }; }; }; home = { - imports = [(digga.lib.importExportableModules ./users/modules)]; - modules = []; + imports = [ (digga.lib.importExportableModules ./users/modules) ]; + modules = [ ]; importables = rec { profiles = digga.lib.rakeLeaves ./users/profiles; suites = with profiles; rec { - base = [direnv git]; + base = [ direnv git ]; }; }; users = { - pub-solar = {suites, ...}: { - imports = suites.base; - - home.stateVersion = "21.03"; - }; + pub-solar = {suites, ...}: { imports = suites.base; home.stateVersion = "21.03"; }; + hensoko = {suites, ...}: { imports = suites.base; home.stateVersion = "21.03"; }; + iot = {suites, ...}: { imports = suites.base; home.stateVersion = "21.03"; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; @@ -170,6 +185,16 @@ # path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.bartender; # }; #}; + redpanda = { + hostname = "192.168.42.71:22"; + sshUser = "hensoko"; + fastConnect = true; + profilesOrder = [ "system" "direnv" ]; + profiles.direnv = { + user = "hensoko"; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.hensoko; + }; + }; }; }; } diff --git a/hosts/redpanda/configuration.nix b/hosts/redpanda/configuration.nix new file mode 100644 index 00000000..c2b2b653 --- /dev/null +++ b/hosts/redpanda/configuration.nix @@ -0,0 +1,110 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, ... }: + +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + boot.loader.systemd-boot.enable = lib.mkForce false; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.enp0s3.useDHCP = true; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + nix = { + #package = pkgs.nixFlakes; + extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes) "experimental-features = nix-command flakes"; + }; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + # Configure keymap in X11 + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.jane = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + vim + wget + firefox + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + + +} + diff --git a/hosts/redpanda/default.nix b/hosts/redpanda/default.nix new file mode 100644 index 00000000..3772077f --- /dev/null +++ b/hosts/redpanda/default.nix @@ -0,0 +1,6 @@ +{ suites, ... }: +{ + imports = [ + ./redpanda.nix + ] ++ suites.redpanda; +} diff --git a/hosts/redpanda/hardware-configuration.nix b/hosts/redpanda/hardware-configuration.nix new file mode 100644 index 00000000..13fdaa52 --- /dev/null +++ b/hosts/redpanda/hardware-configuration.nix @@ -0,0 +1,21 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ohci_pci" "virtio_pci" "sd_mod" "sr_mod" "virtio_scsi" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; + + #virtualisation.virtualbox.guest.enable = true; +} diff --git a/hosts/redpanda/redpanda.nix b/hosts/redpanda/redpanda.nix new file mode 100644 index 00000000..2f02a9af --- /dev/null +++ b/hosts/redpanda/redpanda.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + imports = [ + ./configuration.nix + ]; + + #pub-solar.nextcloud.enable = lib.mkForce false; + + config = { + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + }; +} diff --git a/modules/user/default.nix b/modules/user/default.nix index 516346eb..72f9fe0e 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -44,6 +44,16 @@ in { type = types.nullOr types.str; default = null; }; + latitude = mkOption { + description = "Latitude"; + type = types.nullOr types.str; + default = null; + }; + longitude = mkOption { + description = "Longitude"; + type = types.nullOr types.str; + default = null; + }; }; }; } diff --git a/secrets/email_gssws_password.age b/secrets/email_gssws_password.age new file mode 100644 index 00000000..2db3102a --- /dev/null +++ b/secrets/email_gssws_password.age @@ -0,0 +1,22 @@ +age-encryption.org/v1 +-> ssh-ed25519 hPyiJw 1+o3Kv3nXAiMEyY8GVW7ZMCILH/SToajDAYM0HR3/FU +YgmC4YvrNidF5sr3h2KtByL/ehS8RC2yEKQf8pkcruE +-> ssh-ed25519 YFSOsg Ju5LywricieLjgr6GeaXyN6RwrT2rf1ypjyvABtYkEE +TeZO7TBBIK58XTN5Bi9UdAde8vlEeIuiRnnYuTWV3Ds +-> ssh-rsa 42S2Dw +YR3lIzLqv6FZlKHgPYc2uVo8kiuEStoP+wZqMsNJwlpT9VIUn2n7V3Pj7gsRUtN7 +dYjVEnXCXOYJiT1cKitbsQ/uvO7pDh7Ol4cve4yCt5OTXqux4MsZRBTvBXmbom7v +BZCOruqKIViWChXLo6s1vhJ2Rv3LzY12h1IGlDrVqyTHAxUga7aQmKnFzICwsb2M +6A7JDryveWA3AWntHOgw6G/OzL6TlZxa51w6UAW3z+cckEttmwfLaaOhT2xuhAvJ +3SH856B5Xtx7qWyooN7Cq2XQAlZ3DKJVmjIJvI1y9DdpZlO29kXZXI6FZJb6ZJMM +c0GntItUK2VXGwR+a+PIDg +-> ssh-ed25519 iHV63A 68iPatktmiT9enmwFBH0O2KS7Iu5ZR3vEdrD6OKTwyg +IyRwEOu+/ThnqIG42fYxr65rpniPqvS5HYNP3xQgYfU +-> ssh-ed25519 VApqug rYWmUWJxn6FnnZGopYUzrTcbTBsr+zHuhrSisHl6LXM +7XANpzZrrZlsPILu0UhNh3s1UoUwhGXVUhhmMfZuBqw +-> -.bX&'x-grease mStW!.EH *+Q`QW/ +0jNHMBJOkpVUD7xoEr7ymD2f3kCEIU0SZkPJ8wJfxYSg4F/4Pwc19+tHChEjOHCC +svyV +--- rCetdRQgIw8CPjfsojxST3lEYYbxGMRhBi9rBfIpQx0 + +S!>8] 'i [cwNa 1Ā'Sˡ \ No newline at end of file diff --git a/users/hensoko/.config/sway/config.d/input-language.conf b/users/hensoko/.config/sway/config.d/input-language.conf new file mode 100644 index 00000000..a3099a63 --- /dev/null +++ b/users/hensoko/.config/sway/config.d/input-language.conf @@ -0,0 +1,3 @@ +input * { + xkb_layout us(intl) +} diff --git a/users/hensoko/browser.nix b/users/hensoko/browser.nix new file mode 100644 index 00000000..4f4b88b6 --- /dev/null +++ b/users/hensoko/browser.nix @@ -0,0 +1,170 @@ +{ config, pkgs, lib, self, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + programs.firefox = { + enable = true; + package = pkgs.firefox-wayland; + extensions = [ + ]; + profiles = { + default = { + id = 0; + path = "xunofzn6.default-default"; + settings = { + "browser.startup.homepage" = "https://duckduckgo.com"; + "browser.search.region" = "DE"; + "browser.search.isUS" = false; + "distribution.searchplugins.defaultLocale" = "en-US"; + "general.useragent.locale" = "en-US"; + }; + extraConfig = '' + # Mozilla User Preferences + # kuketz-blog.de | Firefox-Kompendium | 10.11.2021 | Firefox 94.0.1 + # Download: https://www.kuketz-blog.de/firefox-aboutconfig-user-js-firefox-kompendium-teil10/ + + ############# + ## PRIVACY ## + ############# + + ## Disable Domain Guessing + user_pref("browser.fixup.alternate.enabled", false); + + ## Disable Normandy/Shield (FF60+) + user_pref("app.normandy.enabled", false); + user_pref("app.shield.optoutstudies.enabled", false); + + ## Disable Activity Stream (AS) + user_pref("browser.newtabpage.activity-stream.feeds.snippets", false); + user_pref("browser.newtabpage.activity-stream.feeds.topsites", false); + user_pref("browser.newtabpage.activity-stream.feeds.system.topsites", false); + user_pref("browser.newtabpage.activity-stream.showSponsored", false); + user_pref("browser.newtabpage.activity-stream.showSponsoredTopSites", false); + user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false); + user_pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false); + user_pref("browser.newtabpage.activity-stream.section.highlights.includePocket", false); + user_pref("browser.newtabpage.activity-stream.feeds.telemetry", false); + user_pref("browser.newtabpage.activity-stream.telemetry", false); + + ## Disable PingCentre Telemetry + user_pref("browser.ping-centre.telemetry", false); + + ## Disable NewTabPage + user_pref("browser.newtabpage.enabled", false); + user_pref("browser.messaging-system.whatsNewPanel.enabled", false); + + ## Disable Safe Browsing + # Disable binaries NOT in local lists being checked by Google (real-time checking) + user_pref("browser.safebrowsing.downloads.remote.enabled", false); + user_pref("browser.safebrowsing.downloads.remote.url", ""); + # Disable "Block dangerous downloads" (under Options>Privacy & Security) + user_pref("browser.safebrowsing.downloads.enabled", false); + # This covers deceptive sites such as phishing and social engineering + user_pref("browser.safebrowsing.phishing.enabled", false); + user_pref("browser.safebrowsing.malware.enabled", false); + # Disable "Warn me about unwanted and uncommon software" (under Options>Privacy & Security) + user_pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); + user_pref("browser.safebrowsing.downloads.remote.block_uncommon", false); + user_pref("browser.safebrowsing.downloads.remote.block_dangerous", false); + user_pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); + # Disable Mozilla's blocklist for known Flash tracking/fingerprinting + user_pref("browser.safebrowsing.blockedURIs.enabled", false); + # Disable reporting URLs + user_pref("browser.safebrowsing.provider.google.reportURL", ""); + user_pref("browser.safebrowsing.reportPhishURL", ""); + user_pref("browser.safebrowsing.provider.google4.reportURL", ""); + user_pref("browser.safebrowsing.provider.google.reportMalwareMistakeURL", ""); + user_pref("browser.safebrowsing.provider.google.reportPhishMistakeURL", ""); + user_pref("browser.safebrowsing.provider.google4.reportMalwareMistakeURL", ""); + user_pref("browser.safebrowsing.provider.google4.reportPhishMistakeURL", ""); + # Disable data sharing (FF58+) + user_pref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); + user_pref("browser.safebrowsing.provider.google4.dataSharingURL", ""); + + ## Disable location bar LIVE search suggestions + user_pref("browser.search.suggest.enabled", false); + user_pref("browser.urlbar.suggest.searches", false); + + ## Disable Slow Startup Notifications and Telemetry + user_pref("browser.slowStartup.notificationDisabled", true); + user_pref("browser.slowStartup.maxSamples", 0); + user_pref("browser.slowStartup.samples", 0); + + ## Disable sending of crash reports (FF44+) + user_pref("browser.tabs.crashReporting.sendReport", false); + user_pref("browser.crashReports.unsubmittedCheck.enabled", false); + user_pref("browser.crashReports.unsubmittedCheck.autoSubmit2", false); + + ## Disable Health Report + user_pref("datareporting.healthreport.uploadEnabled", false); + user_pref("datareporting.policy.dataSubmissionEnabled", false); + + ## Disable Extension Metadata updating to addons.mozilla.org + user_pref("extensions.getAddons.cache.enabled", false); + + ## Disable Telemetry + user_pref("toolkit.coverage.endpoint.base", ""); + user_pref("toolkit.coverage.opt-out", true); + user_pref("toolkit.telemetry.archive.enabled", false); + user_pref("toolkit.telemetry.coverage.opt-out", true); + user_pref("toolkit.telemetry.hybridContent.enabled", false); + user_pref("toolkit.telemetry.bhrPing.enabled", false); + user_pref("toolkit.telemetry.firstShutdownPing.enabled", false); + user_pref("toolkit.telemetry.newProfilePing.enabled", false); + user_pref("toolkit.telemetry.shutdownPingSender.enabled", false); + user_pref("toolkit.telemetry.updatePing.enabled", false); + user_pref("toolkit.telemetry.unified", false); + + ############## + ## SECURITY ## + ############## + + ## Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing + user_pref("network.IDN_show_punycode", true); + + ## Display all parts of the URL in the location bar eg. http(s):// + user_pref("browser.urlbar.trimURLs", false); + + ## Display "insecure" icon (FF59+) and "Not Secure" text (FF60+) on HTTP sites + user_pref("security.insecure_connection_icon.enabled", true); + user_pref("security.insecure_connection_icon.pbmode.enabled", true); + user_pref("security.insecure_connection_text.enabled", true); + user_pref("security.insecure_connection_text.pbmode.enabled", true); + ''; + #search.default = "DuckDuckGo"; + # force = true; + # order = [ "DuckDuckGo" "Google" ]; + # engines = { + # "Nix Packages" = { + # urls = [{ + # template = "https://search.nixos.org/packages"; + # params = [ + # { name = "type"; value = "packages"; } + # { name = "query"; value = "{searchTerms}"; } + # ]; + # }]; + # + # icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; + # definedAliases = [ "@np" ]; + # }; + + # "NixOS Wiki" = { + # urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; + # iconUpdateURL = "https://nixos.wiki/favicon.png"; + # updateInterval = 24 * 60 * 60 * 1000; # every day + # definedAliases = [ "@nw" ]; + # }; + + # "Bing".metaData.hidden = true; + # "Google".metaData.alias = "@g"; # builtin engines only support specifying one additional alias + # }; + #}; + }; + }; + }; + }; +} diff --git a/users/hensoko/default.nix b/users/hensoko/default.nix new file mode 100644 index 00000000..2e52d7bf --- /dev/null +++ b/users/hensoko/default.nix @@ -0,0 +1,37 @@ +{ config, hmUsers, pkgs, lib, ... }: +let + psCfg = config.pub-solar; +in +{ + imports = [ + ./browser.nix + ./email.nix + ./gammastep.nix + ./home.nix + ./htop.nix + ./ssh.nix + ]; + + config = { + home-manager.users = { inherit (hmUsers) hensoko; }; + + pub-solar = { + user = { + name = "hensoko"; + description = "hensoko"; + password = "$6$BBUvcGQBFBjBmRLw$VQgMxaVPInM0S/nr3rkWvCvzlI/oSZ0Kj8wb25k4Fx6aHJkxYzurXh4deslVgGKvz0O2LScBamt7M2pV81EWx0"; + fullName = "Hendrik Sokolowski"; + email = "hensoko@gssws.de"; + latitude = "50.9"; + longitude = "6.5"; + gpgKeyId = "5C36A01B80BCCC59"; + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC+euxPp6bHXw61UeUqTGHH8Ub2L+Sy1iteupv/AGudgoVNp2GebqJy1cxQ74mgnL8eWMlaA9jZlKQ1xFFhgtolCsoAKTE9AE8X0egvmEM18fEUR3EWWchmX4MXUhUiOtwitkl4+EpSsp5rh/kIxcpQFz1dpBibroq6jDLKlrVou+2LppR8nMfFT2sqg3694Ltxz4CWMdAfitLax05ckKMAnzz+TgpXK5OyfQSBvl18Qu1SWITYa6AVNXQ7/ovWBDIUfg25GWouzWqkSUpLdCVIcXPe2X7g6X1QsHXnnhaMAhvYH54GZ4wU2kBwIJ6KvplfZdbJ09KAltPVt08evafb hendriksokolowski@hsokolowski-pc" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" + ]; + }; + }; + }; +} diff --git a/users/hensoko/email.nix b/users/hensoko/email.nix new file mode 100644 index 00000000..4415b986 --- /dev/null +++ b/users/hensoko/email.nix @@ -0,0 +1,64 @@ +{ config, pkgs, lib, self, ... }: +with lib; +let + psCfg = config.pub-solar; +in +{ + age.secrets.email_gssws_password = { + file = "${self}/secrets/email_gssws_password.age"; + owner = "hensoko"; + }; + + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + services.imapnotify.enable = true; + + programs.mbsync.enable = true; + programs.neomutt.enable = true; + + programs.notmuch = { + enable = true; + hooks = { + preNew = "mbsync --all"; + }; + }; + + programs.msmtp.enable = true; + + accounts.email.accounts."gssws" = { + primary = true; + address = "hensoko@gssws.de"; + realName = "Hendrik Sokolowski"; + + userName = "hensoko"; + passwordCommand = "cat /run/agenix/email_gssws_password"; + + imapnotify.enable = true; + imapnotify.onNotify = ''${pkgs.notmuch}/bin/notmuch new && ${pkgs.libnotify}/bin/notify-send "You got mail!" "imapnotify gssws"''; + + mbsync = { + enable = true; + create = "maildir"; + extraConfig.channel = { + MaxMessages = 50000; + MaxSize = "5m"; + }; + }; + + msmtp.enable = true; + notmuch.enable = true; + neomutt.enable = true; + + imap = { + host = "mail.gssws.de"; + port = 993; + tls.enable = true; + }; + + smtp = { + host = "mail.gssws.de"; + port = 465; + tls.enable = true; + }; + }; + }; +} diff --git a/users/hensoko/gammastep.nix b/users/hensoko/gammastep.nix new file mode 100644 index 00000000..4f8b3033 --- /dev/null +++ b/users/hensoko/gammastep.nix @@ -0,0 +1,15 @@ +{ config, pkgs, lib, self, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + services.gammastep = { + enable = true; + latitude = psCfg.user.latitude; + longitude = psCfg.user.longitude; + }; + }; +} diff --git a/users/hensoko/home.nix b/users/hensoko/home.nix new file mode 100644 index 00000000..b6f5e59a --- /dev/null +++ b/users/hensoko/home.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, self, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + pub-solar.nextcloud.enable = true; + + services.fwupd.enable = true; + + pub-solar.graphical.autologin.enable = false; + + security.sudo.extraRules = [ + { + users = [ "${psCfg.user.name}" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-input-language.conf".source = ./.config/sway/config.d/input-language.conf; + }; + + home.packages = with pkgs; [ + nix-output-monitor + obsidian + btop + dig + fping + keepassxc + ncdu + sysstat + + pv + + lazygit + tig + + thunderbird + wakeonlan + wlr-randr + ]; + }; +} diff --git a/users/hensoko/htop.nix b/users/hensoko/htop.nix new file mode 100644 index 00000000..1f9c7b28 --- /dev/null +++ b/users/hensoko/htop.nix @@ -0,0 +1,32 @@ +{ config, pkgs, lib, self, ... }: +with pkgs lib; +let + psCfg = config.pub-solar; +in +{ + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + programs.htop = { + enable = true; + settings = { + color_scheme = 6; + + delay = 5; + + account_guest_in_cpu_meter = true; + enable_mouse = false; + cpu_count_from_one = 0; + detailed_cpu_time = true; + highlight_base_name = 1; + highlight_megabytes = 1; + highlight_threads = 1; + shadow_other_users = true; + tree_view = true; + update_process_names = true; + vim_mode = true; + + left_meters = [ "AllCPUs" "Memory" "Swap" ]; + right_meters = [ "Hostname" "Tasks" "LoadAverage" "Uptime" ]; + }; + }; + }; +} diff --git a/users/hensoko/ssh.nix b/users/hensoko/ssh.nix new file mode 100644 index 00000000..ab9e2c00 --- /dev/null +++ b/users/hensoko/ssh.nix @@ -0,0 +1,58 @@ +{ config, pkgs, lib, self, ... }: +with lib; +let + psCfg = config.pub-solar; +in +{ + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + programs.ssh = { + enable = true; + matchBlocks = { + "hsha" = { + hostname = "192.168.42.5"; + user = "root"; + port = 2222; + }; + "ringo" = { + hostname = "192.168.42.231"; + user = "hensoko"; + port = 22; + }; + "giggles" = { + hostname = "192.168.42.232"; + user = "iot"; + port = 22; + }; + "norman" = { + hostname = "192.168.42.233"; + user = "hensoko"; + port = 22; + }; + "cox" = { + hostname = "192.168.42.234"; + user = "iot"; + port = 22; + }; + "companion" = { + user = "iot"; + }; + "cube" = { + hostname = "80.244.242.2"; + user = "iot"; + port = 2222; + }; + "mail" = { + hostname = "mail.gssws.de"; + user = "root"; + port = 2222; + }; + "git" = { + hostname = "git.gssws.de"; + user = "git"; + port = 2222; + }; + }; + extraConfig = "PubKeyAcceptedKeyTypes +ssh-rsa"; + }; + }; +} diff --git a/users/iot/default.nix b/users/iot/default.nix new file mode 100644 index 00000000..64e83cd6 --- /dev/null +++ b/users/iot/default.nix @@ -0,0 +1,28 @@ +{ config, hmUsers, pkgs, lib, ... }: +let + psCfg = config.pub-solar; +in +{ + imports = [ + ./home.nix + ]; + + config = { + home-manager.users = { inherit (hmUsers) iot; }; + + pub-solar = { + user = { + name = "iot"; + description = "hensoko iot user"; + password = "$6$BBUvcGQBFBjBmRLw$VQgMxaVPInM0S/nr3rkWvCvzlI/oSZ0Kj8wb25k4Fx6aHJkxYzurXh4deslVgGKvz0O2LScBamt7M2pV81EWx0"; + fullName = "Hendrik Sokolowski"; + email = "hensoko@gssws.de"; + publicKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" + ]; + }; + }; + }; +} diff --git a/users/iot/home.nix b/users/iot/home.nix new file mode 100644 index 00000000..255e5619 --- /dev/null +++ b/users/iot/home.nix @@ -0,0 +1,36 @@ +{ config, pkgs, lib, self, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + imports = [ ]; + + pub-solar.graphical.autologin.enable = false; + + security.sudo.extraRules = [ + { + users = [ "${psCfg.user.name}" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; + + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + home.packages = with pkgs; [ + dig + fping + btop + htop + ncdu + sysstat + tig + wakeonlan + ]; + }; +}