Compare commits
124 commits
main
...
pub.solar/
Author | SHA1 | Date | |
---|---|---|---|
Benjamin Bädorf | e4b236a4f0 | ||
Benjamin Bädorf | fd07ef9a84 | ||
Benjamin Bädorf | 21b6bc56fb | ||
teutat3s | 0691f3b4c7 | ||
teutat3s | f4a29822fb | ||
teutat3s | 6af5bcf09f | ||
teutat3s | 75b97bb6c1 | ||
teutat3s | 077241a9d9 | ||
teutat3s | 17c76ec7b1 | ||
teutat3s | bce484f55b | ||
Benjamin Bädorf | d909f093b2 | ||
b12f | a25d399575 | ||
teutat3s | 6fd2903516 | ||
b12f | e834cc685c | ||
teutat3s | c36a22c556 | ||
teutat3s | 9dbfb4eaaa | ||
teutat3s | fc0768d353 | ||
teutat3s | b38c378003 | ||
teutat3s | 35ddf5d798 | ||
teutat3s | 91a89f172d | ||
teutat3s | 38ebdcf0dc | ||
teutat3s | 9bd45f0a10 | ||
teutat3s | a63d3390e1 | ||
teutat3s | 7cbe86ff11 | ||
teutat3s | dd62bf1752 | ||
b12f | ad5e0e74d5 | ||
b12f | 22cd6bd627 | ||
teutat3s | a6970708ad | ||
teutat3s | e02a5b0e50 | ||
teutat3s | af9b528cb9 | ||
teutat3s | 141f950607 | ||
teutat3s | 694f925804 | ||
teutat3s | ae2439a93a | ||
b12f | a4e6dcdf16 | ||
teutat3s | 894c30c0d6 | ||
teutat3s | d888af018c | ||
teutat3s | ff8733ce1c | ||
teutat3s | f9e70e18dc | ||
teutat3s | 3e46501f41 | ||
teutat3s | 80c1a7927a | ||
teutat3s | 9fdfc83cc7 | ||
teutat3s | f0caf9b5a1 | ||
teutat3s | cc57376e7f | ||
teutat3s | df79b8a3c9 | ||
teutat3s | d1175e82b4 | ||
teutat3s | eaea884351 | ||
hensoko | 0b03bbe76b | ||
Hendrik Sokolowski | 354fd593bb | ||
Hendrik Sokolowski | 831c44fceb | ||
b12f | 359a82a28e | ||
teutat3s | 20b70c2481 | ||
teutat3s | 648a50c47e | ||
teutat3s | 078441af96 | ||
teutat3s | a1cb071773 | ||
teutat3s | 94cc00572e | ||
teutat3s | 1199820574 | ||
teutat3s | 5e5fb64dde | ||
teutat3s | 008e14482f | ||
teutat3s | bea032ad99 | ||
teutat3s | 8f948f70c7 | ||
b12f | b1d2bfef98 | ||
teutat3s | 6582d3142d | ||
b12f | 1772e20e2e | ||
teutat3s | 93b5eab0ea | ||
teutat3s | f05a1191b9 | ||
teutat3s | c1dcea11fa | ||
teutat3s | 34c59a3010 | ||
teutat3s | 3c422fee62 | ||
teutat3s | b6ebd71c61 | ||
teutat3s | 8fb6ba33b2 | ||
teutat3s | f00a009115 | ||
teutat3s | 9f0dcb8ed8 | ||
teutat3s | f49bc2b4b2 | ||
teutat3s | 2a756869e3 | ||
Benjamin Bädorf | a8279af631 | ||
Benjamin Bädorf | 61afca41e5 | ||
teutat3s | db7f5c5254 | ||
Benjamin Bädorf | 5ade1c028f | ||
Benjamin Bädorf | 8f0cde4c3d | ||
Benjamin Bädorf | 6c736b8684 | ||
Benjamin Bädorf | 26318bcafc | ||
Benjamin Bädorf | a7d684e1f8 | ||
teutat3s | 997561f817 | ||
teutat3s | 0e3b602809 | ||
teutat3s | 440b38f896 | ||
teutat3s | 8051531d77 | ||
teutat3s | 54ea93ced4 | ||
teutat3s | 9732e4edf1 | ||
teutat3s | 7a7ff7b1df | ||
teutat3s | 90b182e499 | ||
b12f | 72c84bb1e6 | ||
Akshay Mankar | 7454d5fc5f | ||
teutat3s | f375843f43 | ||
teutat3s | 291edb6b52 | ||
teutat3s | cda684ae32 | ||
teutat3s | 6a6abc79c2 | ||
teutat3s | de8dcbe9a2 | ||
teutat3s | e9819fdec7 | ||
teutat3s | 645b10f2b9 | ||
teutat3s | f2c5739c97 | ||
Benjamin Bädorf | b1710c4013 | ||
Benjamin Bädorf | f12f42827f | ||
Benjamin Bädorf | 8453b8c584 | ||
teutat3s | 9ca8387d12 | ||
teutat3s | 492b8695a3 | ||
teutat3s | 9fb726b2d7 | ||
Benjamin Bädorf | 161acca3a7 | ||
Benjamin Bädorf | 86cb6522ed | ||
Benjamin Bädorf | 2b03c98cf2 | ||
teutat3s | 756845c187 | ||
teutat3s | 7655260456 | ||
Hendrik Sokolowski | b3f4727354 | ||
teutat3s | c345cb8af4 | ||
teutat3s | 8fb95ce9dc | ||
Hendrik Sokolowski | cb829d0972 | ||
teutat3s | ca22046f75 | ||
teutat3s | 24c699698f | ||
teutat3s | 1f2ba895a0 | ||
teutat3s | a795bf4429 | ||
Benjamin Bädorf | 1f2d56e0c9 | ||
teutat3s | 90bca8d0ba | ||
teutat3s | 97d88096e8 | ||
teutat3s | f0c12e38ee | ||
teutat3s | 0e6df4e33b |
|
@ -17,7 +17,7 @@ steps:
|
||||||
- nix $$NIX_FLAGS develop --command nix flake show
|
- nix $$NIX_FLAGS develop --command nix flake show
|
||||||
- nix $$NIX_FLAGS develop --command treefmt --fail-on-change
|
- nix $$NIX_FLAGS develop --command treefmt --fail-on-change
|
||||||
- nix $$NIX_FLAGS develop --command editorconfig-checker
|
- nix $$NIX_FLAGS develop --command editorconfig-checker
|
||||||
- nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
|
- nix $$NIX_FLAGS build ".#nixosConfigurations.flora-6.config.system.build.toplevel"
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
|
@ -44,7 +44,7 @@ steps:
|
||||||
from_secret: private_ssh_key
|
from_secret: private_ssh_key
|
||||||
MANTA_USER: pub_solar
|
MANTA_USER: pub_solar
|
||||||
MANTA_URL: https://eu-central.manta.greenbaum.cloud
|
MANTA_URL: https://eu-central.manta.greenbaum.cloud
|
||||||
MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67"
|
MANTA_KEY_ID: "59:9f:5a:6f:c4:e2:3b:32:7f:13:1f:de:b7:59:80:85"
|
||||||
commands:
|
commands:
|
||||||
- export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
|
- export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}"
|
||||||
- echo env var TARGET_DIR is set to $$TARGET_DIR
|
- echo env var TARGET_DIR is set to $$TARGET_DIR
|
||||||
|
@ -149,6 +149,6 @@ volumes:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: a116f78a0b22188052893bdb46aa40f8de66438826c10ced362ea183d7644d67
|
hmac: 17811add241edae457584ba78389886df02b5e51820d826ef5fb2d97de2430e2
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
233
flake.lock
233
flake.lock
|
@ -30,11 +30,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696360011,
|
"lastModified": 1688307440,
|
||||||
"narHash": "sha256-HpPv27qMuPou4acXcZ8Klm7Zt0Elv9dgDvSJaomWb9Y=",
|
"narHash": "sha256-7PTjbN+/+b799YN7Tk2SS5Vh8A0L3gBo8hmB7Y0VXug=",
|
||||||
"owner": "LnL7",
|
"owner": "LnL7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "8b6ea26d5d2e8359d06278364f41fbc4b903b28a",
|
"rev": "b06bab83bdf285ea0ae3c8e145a081eb95959047",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -54,11 +54,11 @@
|
||||||
"utils": "utils"
|
"utils": "utils"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695052866,
|
"lastModified": 1686747123,
|
||||||
"narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=",
|
"narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
|
||||||
"owner": "serokell",
|
"owner": "serokell",
|
||||||
"repo": "deploy-rs",
|
"repo": "deploy-rs",
|
||||||
"rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9",
|
"rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -89,6 +89,28 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"devshell_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"keycloak-theme-pub-solar",
|
||||||
|
"nixpkgs"
|
||||||
|
],
|
||||||
|
"systems": "systems"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1688380630,
|
||||||
|
"narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "devshell",
|
||||||
|
"rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "devshell",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"digga": {
|
"digga": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"darwin": [
|
"darwin": [
|
||||||
|
@ -197,19 +219,54 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"fork": {
|
"flake-utils_3": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems_2"
|
||||||
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1692960587,
|
"lastModified": 1689068808,
|
||||||
"narHash": "sha256-39SKGdhn8jKKkdqhULbCvQOpdUPE9NNJpy5HTB++Jvg=",
|
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||||
"owner": "teutat3s",
|
"owner": "numtide",
|
||||||
"repo": "nixpkgs",
|
"repo": "flake-utils",
|
||||||
"rev": "312709dd70684f52496580e533d58645526b1c90",
|
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "teutat3s",
|
"owner": "numtide",
|
||||||
"ref": "nvfetcher-fix",
|
"repo": "flake-utils",
|
||||||
"repo": "nixpkgs",
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_4": {
|
||||||
|
"inputs": {
|
||||||
|
"systems": "systems_3"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1687171271,
|
||||||
|
"narHash": "sha256-BJlq+ozK2B1sJDQXS3tzJM5a+oVZmi1q0FlBK/Xqv7M=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "abfb11bd1aec8ced1c9bb9adfe68018230f4fb3c",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-utils_5": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1653893745,
|
||||||
|
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
|
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "flake-utils",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -220,11 +277,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695108154,
|
"lastModified": 1687871164,
|
||||||
"narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=",
|
"narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "07682fff75d41f18327a871088d20af2710d4744",
|
"rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -234,13 +291,36 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"keycloak-theme-pub-solar": {
|
||||||
|
"inputs": {
|
||||||
|
"devshell": "devshell_2",
|
||||||
|
"flake-utils": "flake-utils_3",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1689875310,
|
||||||
|
"narHash": "sha256-gJxh8fVX24nZXBxstZcrzZhMRFG9jyOnQEfkgoRr39I=",
|
||||||
|
"ref": "main",
|
||||||
|
"rev": "c2c86bbf9855f16a231a596b75b443232a7b9395",
|
||||||
|
"revCount": 24,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"ref": "main",
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.pub.solar/pub-solar/keycloak-theme"
|
||||||
|
}
|
||||||
|
},
|
||||||
"latest": {
|
"latest": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696604326,
|
"lastModified": 1689192006,
|
||||||
"narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
|
"narHash": "sha256-QM0f0d8oPphOTYJebsHioR9+FzJcy1QNIzREyubB91U=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
|
"rev": "2de8efefb6ce7f5e4e75bdf57376a96555986841",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -252,11 +332,11 @@
|
||||||
},
|
},
|
||||||
"nixos": {
|
"nixos": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696697597,
|
"lastModified": 1689209875,
|
||||||
"narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=",
|
"narHash": "sha256-8AVcBV1DiszaZzHFd5iLc8HSLfxRAuqcU0QdfBEF3Ag=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5a237aecb57296f67276ac9ab296a41c23981f56",
|
"rev": "fcc147b1e9358a8386b2c4368bd928e1f63a7df2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -268,11 +348,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696614066,
|
"lastModified": 1686838567,
|
||||||
"narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
|
"narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
|
"rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -297,6 +377,30 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nvfetcher": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-compat": [
|
||||||
|
"flake-compat"
|
||||||
|
],
|
||||||
|
"flake-utils": "flake-utils_4",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1687440270,
|
||||||
|
"narHash": "sha256-aOAXvfVn+MBSkU+xlQEiyoGpRaF6NvQdpWIhw5OH/Dc=",
|
||||||
|
"owner": "berberman",
|
||||||
|
"repo": "nvfetcher",
|
||||||
|
"rev": "44196458acc2c28c32e456c50277d6148e71e708",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "berberman",
|
||||||
|
"repo": "nvfetcher",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
|
@ -304,11 +408,82 @@
|
||||||
"deploy": "deploy",
|
"deploy": "deploy",
|
||||||
"digga": "digga",
|
"digga": "digga",
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"fork": "fork",
|
|
||||||
"home": "home",
|
"home": "home",
|
||||||
|
"keycloak-theme-pub-solar": "keycloak-theme-pub-solar",
|
||||||
"latest": "latest",
|
"latest": "latest",
|
||||||
"nixos": "nixos",
|
"nixos": "nixos",
|
||||||
"nixos-hardware": "nixos-hardware"
|
"nixos-hardware": "nixos-hardware",
|
||||||
|
"nvfetcher": "nvfetcher",
|
||||||
|
"triton-vmtools": "triton-vmtools"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"triton-vmtools": {
|
||||||
|
"inputs": {
|
||||||
|
"flake-utils": "flake-utils_5",
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"dir": "vmtools",
|
||||||
|
"lastModified": 1669648111,
|
||||||
|
"narHash": "sha256-EKh7iM4fCyZ7L6+HmGn3QkZ1HuG9zMEkziOH3K13SbY=",
|
||||||
|
"ref": "main",
|
||||||
|
"rev": "d78c4afe040440437949ce581ae0dcdc5893553c",
|
||||||
|
"revCount": 28,
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.b12f.io/pub-solar/infra?dir=vmtools"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"dir": "vmtools",
|
||||||
|
"ref": "main",
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://git.b12f.io/pub-solar/infra?dir=vmtools"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"utils": {
|
"utils": {
|
||||||
|
|
49
flake.nix
49
flake.nix
|
@ -8,8 +8,6 @@
|
||||||
nixos.url = "github:nixos/nixpkgs/nixos-23.05";
|
nixos.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
latest.url = "github:nixos/nixpkgs/nixos-unstable";
|
latest.url = "github:nixos/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
fork.url = "github:teutat3s/nixpkgs/nvfetcher-fix";
|
|
||||||
|
|
||||||
flake-compat.url = "github:edolstra/flake-compat";
|
flake-compat.url = "github:edolstra/flake-compat";
|
||||||
flake-compat.flake = false;
|
flake-compat.flake = false;
|
||||||
|
|
||||||
|
@ -36,6 +34,16 @@
|
||||||
agenix.inputs.darwin.follows = "darwin";
|
agenix.inputs.darwin.follows = "darwin";
|
||||||
|
|
||||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||||
|
|
||||||
|
nvfetcher.url = "github:berberman/nvfetcher";
|
||||||
|
nvfetcher.inputs.nixpkgs.follows = "nixos";
|
||||||
|
nvfetcher.inputs.flake-compat.follows = "flake-compat";
|
||||||
|
|
||||||
|
triton-vmtools.url = "git+https://git.b12f.io/pub-solar/infra?ref=main&dir=vmtools";
|
||||||
|
triton-vmtools.inputs.nixpkgs.follows = "nixos";
|
||||||
|
|
||||||
|
keycloak-theme-pub-solar.url = "git+https://git.pub.solar/pub-solar/keycloak-theme?ref=main";
|
||||||
|
keycloak-theme-pub-solar.inputs.nixpkgs.follows = "nixos";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
|
@ -46,6 +54,9 @@
|
||||||
nixos-hardware,
|
nixos-hardware,
|
||||||
agenix,
|
agenix,
|
||||||
deploy,
|
deploy,
|
||||||
|
nvfetcher,
|
||||||
|
triton-vmtools,
|
||||||
|
keycloak-theme-pub-solar,
|
||||||
...
|
...
|
||||||
} @ inputs:
|
} @ inputs:
|
||||||
digga.lib.mkFlake
|
digga.lib.mkFlake
|
||||||
|
@ -71,7 +82,6 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
latest = {};
|
latest = {};
|
||||||
fork = {};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
lib = import ./lib {lib = digga.lib // nixos.lib;};
|
lib = import ./lib {lib = digga.lib // nixos.lib;};
|
||||||
|
@ -84,6 +94,7 @@
|
||||||
});
|
});
|
||||||
})
|
})
|
||||||
agenix.overlays.default
|
agenix.overlays.default
|
||||||
|
nvfetcher.overlays.default
|
||||||
|
|
||||||
(import ./pkgs)
|
(import ./pkgs)
|
||||||
];
|
];
|
||||||
|
@ -114,12 +125,14 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
PubSolarOS = {
|
PubSolarOS = {
|
||||||
tests = [
|
# Broken since https://github.com/NixOS/nixpkgs/commit/5bcef4224928fe45312f0ee321ddf0f0e8feeb7b
|
||||||
|
# Needs a fix in https://github.com/divnix/digga/blob/main/src/tests.nix#L12-L21
|
||||||
|
#tests = [
|
||||||
# (import ./tests/first-test.nix {
|
# (import ./tests/first-test.nix {
|
||||||
# pkgs = nixos.legacyPackages.x86_64-linux;
|
# pkgs = nixos.legacyPackages.x86_64-linux;
|
||||||
# lib = nixos.lib;
|
# lib = nixos.lib;
|
||||||
# })
|
# })
|
||||||
];
|
#];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
importables = rec {
|
importables = rec {
|
||||||
|
@ -150,6 +163,11 @@
|
||||||
pub-solar = {suites, ...}: {
|
pub-solar = {suites, ...}: {
|
||||||
imports = suites.base;
|
imports = suites.base;
|
||||||
|
|
||||||
|
home.stateVersion = "21.03";
|
||||||
|
};
|
||||||
|
barkeeper = {suites, ...}: {
|
||||||
|
imports = suites.base;
|
||||||
|
|
||||||
home.stateVersion = "21.03";
|
home.stateVersion = "21.03";
|
||||||
};
|
};
|
||||||
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
}; # digga.lib.importers.rakeLeaves ./users/hm;
|
||||||
|
@ -160,6 +178,27 @@
|
||||||
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
|
||||||
|
|
||||||
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
|
||||||
|
flora-6 = {
|
||||||
|
sshUser = "barkeeper";
|
||||||
|
hostname = "flora-6.pub.solar";
|
||||||
|
fastConnect = true;
|
||||||
|
profilesOrder = ["system" "direnv"];
|
||||||
|
profiles.direnv = {
|
||||||
|
user = "barkeeper";
|
||||||
|
path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
nougat-2 = {
|
||||||
|
sshUser = "barkeeper";
|
||||||
|
hostname = "nougat-2.b12f.io";
|
||||||
|
fastConnect = true;
|
||||||
|
profilesOrder = ["system" "direnv"];
|
||||||
|
profiles.direnv = {
|
||||||
|
user = "barkeeper";
|
||||||
|
path = self.pkgs.x86_64-linux.nixos.deploy-rs.lib.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.barkeeper;
|
||||||
|
};
|
||||||
|
};
|
||||||
#example = {
|
#example = {
|
||||||
# hostname = "example.com:22";
|
# hostname = "example.com:22";
|
||||||
# sshUser = "bartender";
|
# sshUser = "bartender";
|
||||||
|
|
16
hosts/flora-6/README.md
Normal file
16
hosts/flora-6/README.md
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
# Mailman on NixOS docs
|
||||||
|
|
||||||
|
- add reverse DNS record for IP
|
||||||
|
|
||||||
|
Manual setup done for mailman, adapted from https://nixos.wiki/wiki/Mailman:
|
||||||
|
|
||||||
|
```
|
||||||
|
# Add DNS records in infra repo using terraform:
|
||||||
|
# https://git.pub.solar/pub-solar/infra/commit/db234cdb5b55758a3d74387ada0760e06e166b9d
|
||||||
|
|
||||||
|
# Generate initial postfix_domains.db and postfix_lmtp.db databases for Postfix
|
||||||
|
sudo -u mailman mailman aliases
|
||||||
|
# Create a django superuser account
|
||||||
|
sudo -u mailman-web mailman-web createsuperuser
|
||||||
|
# Followed outlined steps in web UI
|
||||||
|
```
|
140
hosts/flora-6/caddy.nix
Normal file
140
hosts/flora-6/caddy.nix
Normal file
|
@ -0,0 +1,140 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/srv/www/os/download/' 0750 hakkonaut hakkonaut - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
|
enable = lib.mkForce true;
|
||||||
|
group = "hakkonaut";
|
||||||
|
email = "admins@pub.solar";
|
||||||
|
enableReload = true;
|
||||||
|
globalConfig = lib.mkForce ''
|
||||||
|
grace_period 60s
|
||||||
|
'';
|
||||||
|
virtualHosts = {
|
||||||
|
"pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
# Named matcher, used below for Mastodon webfinger
|
||||||
|
@query query resource=*
|
||||||
|
|
||||||
|
# PubSolarOS images
|
||||||
|
handle /os/download/* {
|
||||||
|
root * /data/srv/www
|
||||||
|
file_server /os/download/* browse
|
||||||
|
}
|
||||||
|
# serve base domain pub.solar for mastodon.pub.solar
|
||||||
|
# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
|
||||||
|
handle /.well-known/host-meta {
|
||||||
|
redir https://mastodon.pub.solar{uri}
|
||||||
|
}
|
||||||
|
|
||||||
|
# Tailscale OIDC webfinger requirement plus Mastodon webfinger redirect
|
||||||
|
handle /.well-known/webfinger {
|
||||||
|
# Redirect requests that match /.well-known/webfinger?resource=* to Mastodon
|
||||||
|
handle @query {
|
||||||
|
redir https://mastodon.pub.solar{uri}
|
||||||
|
}
|
||||||
|
respond 200 {
|
||||||
|
body `{
|
||||||
|
"subject": "acct:admins@pub.solar",
|
||||||
|
"links": [
|
||||||
|
{
|
||||||
|
"rel": "http://openid.net/specs/connect/1.0/issuer",
|
||||||
|
"href": "https://auth.pub.solar/realms/pub.solar"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}`
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
# redirect to statutes
|
||||||
|
redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary
|
||||||
|
|
||||||
|
# pub.solar website
|
||||||
|
handle {
|
||||||
|
root * /srv/www/pub.solar
|
||||||
|
try_files {path}.html {path}
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
# minimal error handling, respond with status code and text
|
||||||
|
handle_errors {
|
||||||
|
respond "{http.error.status_code} {http.error.status_text}"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"www.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
redir https://pub.solar{uri}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"auth.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
redir / /realms/pub.solar/account temporary
|
||||||
|
reverse_proxy :8080
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"git.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
redir /user/login /user/oauth2/keycloak temporary
|
||||||
|
reverse_proxy :3000
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"ci.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy :4000
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"stream.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy :5000
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"list.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
handle_path /static/* {
|
||||||
|
root * /var/lib/mailman-web-static
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy :18507
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"obs-portal.pub.solar" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy obs-portal.svc.e5756d08-36fd-424b-f8bc-acdb92ca7b82.lev-1.int.greenbaum.zone:3000
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
}
|
5
hosts/flora-6/default.nix
Normal file
5
hosts/flora-6/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{...}: {
|
||||||
|
imports = [
|
||||||
|
./flora-6.nix
|
||||||
|
];
|
||||||
|
}
|
114
hosts/flora-6/drone.nix
Normal file
114
hosts/flora-6/drone.nix
Normal file
|
@ -0,0 +1,114 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets.drone-secrets = {
|
||||||
|
file = "${self}/secrets/drone-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "drone";
|
||||||
|
};
|
||||||
|
age.secrets.drone-db-secrets = {
|
||||||
|
file = "${self}/secrets/drone-db-secrets.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "drone";
|
||||||
|
};
|
||||||
|
|
||||||
|
users.users.drone = {
|
||||||
|
description = "Drone Service";
|
||||||
|
home = "/var/lib/drone";
|
||||||
|
useDefaultShell = true;
|
||||||
|
uid = 994;
|
||||||
|
group = "drone";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.drone = {};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/var/lib/drone-db' 0750 drone drone - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
systemd.services."docker-network-drone" = let
|
||||||
|
docker = config.virtualisation.oci-containers.backend;
|
||||||
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||||
|
in {
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
before = ["docker-drone-server.service"];
|
||||||
|
script = ''
|
||||||
|
${dockerBin} network inspect drone-net >/dev/null 2>&1 || ${dockerBin} network create drone-net --subnet 172.20.0.0/24
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
docker = {
|
||||||
|
enable = true; # sadly podman is not supported rightnow
|
||||||
|
extraOptions = ''
|
||||||
|
--data-root /data/docker
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
containers."drone-db" = {
|
||||||
|
image = "postgres:14";
|
||||||
|
autoStart = true;
|
||||||
|
user = "994";
|
||||||
|
volumes = [
|
||||||
|
"/var/lib/drone-db:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=drone-net"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.drone-db-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
containers."drone-server" = {
|
||||||
|
image = "drone/drone:2";
|
||||||
|
autoStart = true;
|
||||||
|
user = "994";
|
||||||
|
ports = [
|
||||||
|
"4000:80"
|
||||||
|
];
|
||||||
|
dependsOn = ["drone-db"];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=drone-net"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
DRONE_GITEA_SERVER = "https://git.pub.solar";
|
||||||
|
DRONE_SERVER_HOST = "ci.pub.solar";
|
||||||
|
DRONE_SERVER_PROTO = "https";
|
||||||
|
DRONE_DATABASE_DRIVER = "postgres";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.drone-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
containers."drone-docker-runner" = {
|
||||||
|
image = "drone/drone-runner-docker:1";
|
||||||
|
autoStart = true;
|
||||||
|
# needs to run as root
|
||||||
|
#user = "994";
|
||||||
|
volumes = [
|
||||||
|
"/var/run/docker.sock:/var/run/docker.sock"
|
||||||
|
];
|
||||||
|
dependsOn = ["drone-db"];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=drone-net"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
DRONE_RPC_HOST = "ci.pub.solar";
|
||||||
|
DRONE_RPC_PROTO = "https";
|
||||||
|
DRONE_RUNNER_CAPACITY = "2";
|
||||||
|
DRONE_RUNNER_NAME = "flora-6-docker-runner";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.drone-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
167
hosts/flora-6/flora-6.nix
Normal file
167
hosts/flora-6/flora-6.nix
Normal file
|
@ -0,0 +1,167 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
latestModulesPath,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
profiles,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./triton-vmtools.nix
|
||||||
|
|
||||||
|
./caddy.nix
|
||||||
|
./drone.nix
|
||||||
|
./keycloak.nix
|
||||||
|
./gitea.nix
|
||||||
|
./mailman.nix
|
||||||
|
./owncast.nix
|
||||||
|
|
||||||
|
profiles.base-user
|
||||||
|
profiles.users.root # make sure to configure ssh keys
|
||||||
|
profiles.users.barkeeper
|
||||||
|
|
||||||
|
"${latestModulesPath}/services/misc/gitea.nix"
|
||||||
|
"${latestModulesPath}/services/web-servers/caddy/default.nix"
|
||||||
|
];
|
||||||
|
disabledModules = [
|
||||||
|
"services/misc/gitea.nix"
|
||||||
|
"services/web-servers/caddy/default.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
# # #
|
||||||
|
# # # pub.solar options
|
||||||
|
# # #
|
||||||
|
pub-solar.core = {
|
||||||
|
disk-encryption-active = false;
|
||||||
|
iso-options.enable = true;
|
||||||
|
lite = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow sudo without a password for the barkeeper user
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = ["${psCfg.user.name}"];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = ["NOPASSWD"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# Override nix.conf for more agressive garbage collection
|
||||||
|
nix.extraOptions = lib.mkForce ''
|
||||||
|
min-free = 536870912
|
||||||
|
keep-outputs = false
|
||||||
|
keep-derivations = false
|
||||||
|
fallback = true
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Machine user for CI pipelines
|
||||||
|
users.users.hakkonaut = {
|
||||||
|
description = "CI and automation user";
|
||||||
|
home = "/var/nix/iso-cache";
|
||||||
|
useDefaultShell = true;
|
||||||
|
uid = 998;
|
||||||
|
group = "hakkonaut";
|
||||||
|
isSystemUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW hakkonaut@flora-6"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.hakkonaut = {};
|
||||||
|
|
||||||
|
# # #
|
||||||
|
# # # Triton host specific options
|
||||||
|
# # # DO NOT ALTER below this line, changes might render system unbootable
|
||||||
|
# # #
|
||||||
|
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
# Force getting the hostname from cloud-init
|
||||||
|
networking.hostName = lib.mkDefault "";
|
||||||
|
|
||||||
|
# Set your time zone.
|
||||||
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
# Select internationalisation properties.
|
||||||
|
console = {
|
||||||
|
font = "Lat2-Terminus16";
|
||||||
|
keyMap = "us";
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile. To search, run:
|
||||||
|
# $ nix search wget
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
git
|
||||||
|
vim
|
||||||
|
wget
|
||||||
|
];
|
||||||
|
|
||||||
|
# Some programs need SUID wrappers, can be configured further or are
|
||||||
|
# started in user sessions.
|
||||||
|
# programs.mtr.enable = true;
|
||||||
|
# programs.gnupg.agent = {
|
||||||
|
# enable = true;
|
||||||
|
# enableSSHSupport = true;
|
||||||
|
# };
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
services.cloud-init.enable = true;
|
||||||
|
services.cloud-init.ext4.enable = true;
|
||||||
|
services.cloud-init.network.enable = true;
|
||||||
|
# use the default NixOS cloud-init config, but add some SmartOS customization to it
|
||||||
|
environment.etc."cloud/cloud.cfg.d/90_smartos.cfg".text = ''
|
||||||
|
datasource_list: [ SmartOS ]
|
||||||
|
|
||||||
|
# Do not create the centos/ubuntu/debian user
|
||||||
|
users: [ ]
|
||||||
|
|
||||||
|
# mount second disk with label ephemeral0, gets formated by cloud-init
|
||||||
|
# this will fail to get added to /etc/fstab as it's read-only, but should
|
||||||
|
# mount at boot anyway
|
||||||
|
mounts:
|
||||||
|
- [ vdb, /data, auto, "defaults,nofail" ]
|
||||||
|
'';
|
||||||
|
|
||||||
|
# Enable the OpenSSH daemon.
|
||||||
|
services.openssh = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
PasswordAuthentication = false;
|
||||||
|
PermitRootLogin = "no";
|
||||||
|
Macs = [
|
||||||
|
"hmac-sha2-512-etm@openssh.com"
|
||||||
|
"hmac-sha2-256-etm@openssh.com"
|
||||||
|
"umac-128-etm@openssh.com"
|
||||||
|
"hmac-sha2-512"
|
||||||
|
"hmac-sha2-256"
|
||||||
|
"umac-128@openssh.com"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# We manage the firewall with nix, too
|
||||||
|
# altough triton can also manage firewall rules via the triton fwrule subcommand
|
||||||
|
networking.firewall.enable = true;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "22.05"; # Did you read the comment?
|
||||||
|
};
|
||||||
|
}
|
82
hosts/flora-6/gitea.nix
Normal file
82
hosts/flora-6/gitea.nix
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets.gitea-database-password = {
|
||||||
|
file = "${self}/secrets/gitea-database-password.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "gitea";
|
||||||
|
};
|
||||||
|
age.secrets.gitea-mailer-password = {
|
||||||
|
file = "${self}/secrets/gitea-mailer-password.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "gitea";
|
||||||
|
};
|
||||||
|
|
||||||
|
# gitea
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.forgejo;
|
||||||
|
appName = "pub.solar git server";
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
passwordFile = config.age.secrets.gitea-database-password.path;
|
||||||
|
};
|
||||||
|
lfs.enable = true;
|
||||||
|
mailerPasswordFile = config.age.secrets.gitea-mailer-password.path;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
ROOT_URL = "https://git.pub.solar";
|
||||||
|
DOMAIN = "git.pub.solar";
|
||||||
|
HTTP_ADDR = "127.0.0.1";
|
||||||
|
HTTP_PORT = 3000;
|
||||||
|
};
|
||||||
|
mailer = {
|
||||||
|
ENABLED = true;
|
||||||
|
PROTOCOL = "smtps";
|
||||||
|
SMTP_ADDR = "mx2.greenbaum.cloud";
|
||||||
|
SMTP_PORT = 465;
|
||||||
|
FROM = ''"pub.solar git server" <gitea@pub.solar>'';
|
||||||
|
USER = "admins@pub.solar";
|
||||||
|
};
|
||||||
|
"repository.signing" = {
|
||||||
|
SIGNING_KEY = "default";
|
||||||
|
MERGES = "always";
|
||||||
|
};
|
||||||
|
openid = {
|
||||||
|
ENABLE_OPENID_SIGNIN = true;
|
||||||
|
ENABLE_OPENID_SIGNUP = true;
|
||||||
|
};
|
||||||
|
# uncomment after initial deployment, first user is admin user
|
||||||
|
# required to setup SSO (oauth openid-connect, keycloak auth provider)
|
||||||
|
service.ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||||
|
service.ENABLE_NOTIFY_MAIL = true;
|
||||||
|
session.COOKIE_SECURE = lib.mkForce true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# See: https://docs.gitea.io/en-us/signing/#installing-and-generating-a-gpg-key-for-gitea
|
||||||
|
# Required for gitea server side gpg signatures
|
||||||
|
# configured/setup manually in:
|
||||||
|
# /var/lib/gitea/data/home/.gitconfig
|
||||||
|
# /var/lib/gitea/data/home/.gnupg/
|
||||||
|
# sudo su gitea
|
||||||
|
# export GNUPGHOME=/var/lib/gitea/data/home/.gnupg
|
||||||
|
# gpg --quick-gen-key 'pub.solar gitea <gitea@pub.solar>' ed25519
|
||||||
|
# TODO: implement declarative GPG key generation and
|
||||||
|
# gitea gitconfig
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
enable = true;
|
||||||
|
pinentryFlavor = "curses";
|
||||||
|
};
|
||||||
|
# Required to make gpg work without a graphical environment?
|
||||||
|
# otherwise generating a new gpg key fails with this error:
|
||||||
|
# gpg: agent_genkey failed: No pinentry
|
||||||
|
# see: https://github.com/NixOS/nixpkgs/issues/97861#issuecomment-827951675
|
||||||
|
environment.variables = {
|
||||||
|
GPG_TTY = "$(tty)";
|
||||||
|
};
|
||||||
|
}
|
44
hosts/flora-6/hardware-configuration.nix
Normal file
44
hosts/flora-6/hardware-configuration.nix
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["ahci" "virtio_pci" "xhci_pci" "sr_mod" "virtio_blk"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = [];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-label/nixos";
|
||||||
|
autoResize = true;
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-label/boot";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/data" = {
|
||||||
|
device = "/dev/disk/by-label/ephemeral0";
|
||||||
|
fsType = "ext4";
|
||||||
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"nofail"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [];
|
||||||
|
|
||||||
|
networking.useDHCP = lib.mkDefault false;
|
||||||
|
networking.networkmanager.enable = lib.mkForce false;
|
||||||
|
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
30
hosts/flora-6/keycloak.nix
Normal file
30
hosts/flora-6/keycloak.nix
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
age.secrets.keycloak-database-password = {
|
||||||
|
file = "${self}/secrets/keycloak-database-password.age";
|
||||||
|
mode = "700";
|
||||||
|
#owner = "keycloak";
|
||||||
|
};
|
||||||
|
|
||||||
|
# keycloak
|
||||||
|
services.keycloak = {
|
||||||
|
enable = true;
|
||||||
|
database.passwordFile = config.age.secrets.keycloak-database-password.path;
|
||||||
|
settings = {
|
||||||
|
hostname = "auth.pub.solar";
|
||||||
|
http-host = "127.0.0.1";
|
||||||
|
http-port = 8080;
|
||||||
|
proxy = "edge";
|
||||||
|
features = "declarative-user-profile";
|
||||||
|
};
|
||||||
|
themes = {
|
||||||
|
"pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
102
hosts/flora-6/mailman.nix
Normal file
102
hosts/flora-6/mailman.nix
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
# Source: https://github.com/NixOS/nixpkgs/blob/nixos-22.11/nixos/modules/services/mail/mailman.nix#L9C10-L10
|
||||||
|
# webEnv is required by the mailman-uwsgi systemd service
|
||||||
|
inherit (pkgs.mailmanPackages.buildEnvs {}) webEnv;
|
||||||
|
in {
|
||||||
|
networking.firewall.allowedTCPPorts = [25];
|
||||||
|
|
||||||
|
services.postfix = {
|
||||||
|
enable = true;
|
||||||
|
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||||||
|
# get TLS certs for list.pub.solar from caddy
|
||||||
|
# TODO: when caddy renews certs, postfix doesn't know about it
|
||||||
|
# implement custom built caddy with events exec handler or systemd-reload
|
||||||
|
# hook so postfix reloads, too
|
||||||
|
sslCert = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
|
||||||
|
sslKey = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.key";
|
||||||
|
config = {
|
||||||
|
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||||
|
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||||||
|
};
|
||||||
|
rootAlias = "admins@pub.solar";
|
||||||
|
postmasterAlias = "admins@pub.solar";
|
||||||
|
hostname = "list.pub.solar";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.paths.watcher-caddy-ssl-file = {
|
||||||
|
description = "Watches for changes in caddy's TLS cert file (after renewals) to reload postfix";
|
||||||
|
documentation = ["systemd.path(5)"];
|
||||||
|
partOf = ["postfix-reload.service"];
|
||||||
|
pathConfig = {
|
||||||
|
PathChanged = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/list.pub.solar/list.pub.solar.crt";
|
||||||
|
Unit = "postfix-reload.service";
|
||||||
|
};
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."postfix-reload" = {
|
||||||
|
description = "Reloads postfix config, e.g. after TLS certs change, notified by watcher-caddy-ssl-file.path";
|
||||||
|
documentation = ["systemd.path(5)"];
|
||||||
|
requires = ["postfix.service"];
|
||||||
|
after = ["postfix.service"];
|
||||||
|
startLimitIntervalSec = 10;
|
||||||
|
startLimitBurst = 5;
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
script = ''
|
||||||
|
${pkgs.systemd}/bin/systemctl reload postfix
|
||||||
|
'';
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.mailman = {
|
||||||
|
enable = true;
|
||||||
|
# We use caddy instead of nginx
|
||||||
|
#serve.enable = true;
|
||||||
|
hyperkitty.enable = true;
|
||||||
|
webHosts = ["list.pub.solar"];
|
||||||
|
siteOwner = "admins@pub.solar";
|
||||||
|
};
|
||||||
|
|
||||||
|
# TODO add django-keycloak as auth provider
|
||||||
|
# https://django-keycloak.readthedocs.io/en/latest/
|
||||||
|
## Extend settings.py directly since this can't be done via JSON
|
||||||
|
## settings (services.mailman.webSettings)
|
||||||
|
#environment.etc."mailman3/settings.py".text = ''
|
||||||
|
# INSTALLED_APPS.extend([
|
||||||
|
# "allauth.socialaccount.providers.github",
|
||||||
|
# "allauth.socialaccount.providers.gitlab"
|
||||||
|
# ])
|
||||||
|
#'';
|
||||||
|
|
||||||
|
systemd.services.mailman-uwsgi = let
|
||||||
|
uwsgiConfig.uwsgi = {
|
||||||
|
type = "normal";
|
||||||
|
plugins = ["python3"];
|
||||||
|
home = webEnv;
|
||||||
|
manage-script-name = true;
|
||||||
|
mount = "/=mailman_web.wsgi:application";
|
||||||
|
http = "127.0.0.1:18507";
|
||||||
|
};
|
||||||
|
uwsgiConfigFile = pkgs.writeText "uwsgi-mailman.json" (builtins.toJSON uwsgiConfig);
|
||||||
|
in {
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
after = ["postgresql.service"];
|
||||||
|
requires = ["mailman-web-setup.service" "postgresql.service"];
|
||||||
|
restartTriggers = [config.environment.etc."mailman3/settings.py".source];
|
||||||
|
serviceConfig = {
|
||||||
|
# Since the mailman-web settings.py obstinately creates a logs
|
||||||
|
# dir in the cwd, change to the (writable) runtime directory before
|
||||||
|
# starting uwsgi.
|
||||||
|
ExecStart = "${pkgs.coreutils}/bin/env -C $RUNTIME_DIRECTORY ${pkgs.uwsgi.override {plugins = ["python3"];}}/bin/uwsgi --json ${uwsgiConfigFile}";
|
||||||
|
User = "mailman-web";
|
||||||
|
Group = "mailman";
|
||||||
|
RuntimeDirectory = "mailman-uwsgi";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
24
hosts/flora-6/owncast.nix
Normal file
24
hosts/flora-6/owncast.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
# owncast
|
||||||
|
services.owncast = {
|
||||||
|
enable = true;
|
||||||
|
user = "owncast";
|
||||||
|
group = "owncast";
|
||||||
|
# The directory where owncast stores its data files.
|
||||||
|
dataDir = "/var/lib/owncast";
|
||||||
|
# Open the appropriate ports in the firewall for owncast.
|
||||||
|
openFirewall = true;
|
||||||
|
# The IP address to bind the owncast web server to.
|
||||||
|
listen = "127.0.0.1";
|
||||||
|
# TCP port where owncast rtmp service listens.
|
||||||
|
rtmp-port = 1935;
|
||||||
|
# TCP port where owncast web-gui listens.
|
||||||
|
port = 5000;
|
||||||
|
};
|
||||||
|
}
|
9
hosts/flora-6/triton-vmtools.nix
Normal file
9
hosts/flora-6/triton-vmtools.nix
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
inputs.triton-vmtools.packages.${pkgs.system}.default
|
||||||
|
];
|
||||||
|
}
|
79
hosts/nougat-2/acme.nix
Normal file
79
hosts/nougat-2/acme.nix
Normal file
|
@ -0,0 +1,79 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
exDomain = (import ./ex-domain.nix) lib;
|
||||||
|
pubsolarDomain = import ./pubsolar-domain.nix;
|
||||||
|
|
||||||
|
hostingdeProviderConf = {
|
||||||
|
dnsProvider = "hostingde";
|
||||||
|
credentialsFile = "${pkgs.writeText "hostingde-creds" ''
|
||||||
|
HOSTINGDE_API_KEY_FILE=${config.age.secrets."hosting.de-api-key.age".path}
|
||||||
|
''}";
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
age.secrets."hosting.de-api-key.age" = {
|
||||||
|
file = "${self}/secrets/hosting.de-api-key.age";
|
||||||
|
mode = "440";
|
||||||
|
group = "acme";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/acme' 0750 root acme - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
users.groups.acme = {};
|
||||||
|
ids.uids.acme = 997;
|
||||||
|
ids.gids.acme = 997;
|
||||||
|
|
||||||
|
containers.acme = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.101.0";
|
||||||
|
localAddress = "192.168.106.0";
|
||||||
|
hostAddress6 = "fc00::1";
|
||||||
|
localAddress6 = "fc00::6";
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/var/lib/acme" = {
|
||||||
|
hostPath = "/data/acme";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"${config.age.secrets."hosting.de-api-key.age".path}" = {
|
||||||
|
hostPath = "${config.age.secrets."hosting.de-api-key.age".path}";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.nameservers = ["1.1.1.1"];
|
||||||
|
users.groups.acme = config.users.groups.acme;
|
||||||
|
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "acme@benjaminbaedorf.eu";
|
||||||
|
defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||||
|
defaults.group = "acme";
|
||||||
|
|
||||||
|
certs."b12f.io" = hostingdeProviderConf;
|
||||||
|
certs."mail.b12f.io" = hostingdeProviderConf;
|
||||||
|
certs."transmission.b12f.io" = hostingdeProviderConf;
|
||||||
|
|
||||||
|
certs."${exDomain}" = hostingdeProviderConf;
|
||||||
|
certs."mail.${exDomain}" = hostingdeProviderConf;
|
||||||
|
|
||||||
|
certs."${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
certs."www.${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
certs."auth.${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
certs."git.${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
certs."ci.${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
certs."list.${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
certs."obs-portal.${pubsolarDomain}" = hostingdeProviderConf;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
181
hosts/nougat-2/caddy.nix
Normal file
181
hosts/nougat-2/caddy.nix
Normal file
|
@ -0,0 +1,181 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
pubsolarDomain = import ./pubsolar-domain.nix;
|
||||||
|
# Machine user for CI pipelines
|
||||||
|
in {
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
networking.networkmanager.unmanaged = ["interface-name:ve-caddy"];
|
||||||
|
networking.nat = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
internalInterfaces = ["ve-caddy"];
|
||||||
|
externalInterface = "enp0s31f6";
|
||||||
|
|
||||||
|
# Lazy IPv6 connectivity for the container
|
||||||
|
enableIPv6 = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/www' 0750 root www - -"
|
||||||
|
"d '/data/caddy' 0750 root caddy - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
users.groups.caddy = {};
|
||||||
|
users.groups.www = {};
|
||||||
|
users.users.hakkonaut.extraGroups = ["www"];
|
||||||
|
ids.uids.www = 996;
|
||||||
|
ids.gids.www = 996;
|
||||||
|
|
||||||
|
fileSystems."/var/lib/caddy" = {
|
||||||
|
device = "/data/caddy";
|
||||||
|
options = ["bind"];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/srv/www" = {
|
||||||
|
device = "/data/www";
|
||||||
|
options = ["bind"];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers.caddy = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.101.0";
|
||||||
|
localAddress = "192.168.103.0";
|
||||||
|
hostAddress6 = "fc00::1";
|
||||||
|
localAddress6 = "fc00::3";
|
||||||
|
|
||||||
|
forwardPorts = [
|
||||||
|
{
|
||||||
|
containerPort = 443;
|
||||||
|
hostPort = 443;
|
||||||
|
protocol = "tcp";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
containerPort = 80;
|
||||||
|
hostPort = 80;
|
||||||
|
protocol = "tcp";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/srv/www/" = {
|
||||||
|
hostPath = "/data/www";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"/var/lib/caddy/" = {
|
||||||
|
hostPath = "/data/caddy";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory" = {
|
||||||
|
hostPath = "/data/acme";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
users.groups.caddy = {};
|
||||||
|
users.groups.www = {};
|
||||||
|
users.groups.acme = {};
|
||||||
|
users.users.caddy.extraGroups = ["www" "acme"];
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
|
environment.etc."resolv.conf".text = "nameserver 1.1.1.0";
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
|
enable = lib.mkForce true;
|
||||||
|
|
||||||
|
globalConfig = lib.mkForce ''
|
||||||
|
auto_https disable_certs
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualHosts = {
|
||||||
|
"dashboard.nougat-2.b12f.io" = {
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy :2019
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"www.b12f.io" = {
|
||||||
|
extraConfig = ''
|
||||||
|
redir https://pub.solar{uri}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"mail.b12f.io" = {
|
||||||
|
extraConfig = ''
|
||||||
|
redir / /realms/pub.solar/account temporary
|
||||||
|
reverse_proxy :8080
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
"${pubsolarDomain}" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
# PubSolarOS images
|
||||||
|
handle /os/download/* {
|
||||||
|
root * /srv/www
|
||||||
|
file_server /os/download/* browse
|
||||||
|
}
|
||||||
|
# serve base domain pub.solar for mastodon.pub.solar
|
||||||
|
# https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
|
||||||
|
handle /.well-known/host-meta {
|
||||||
|
redir https://mastodon.${pubsolarDomain}{uri}
|
||||||
|
}
|
||||||
|
# pub.solar website
|
||||||
|
handle {
|
||||||
|
root * /srv/www/pub.solar
|
||||||
|
try_files {path}.html {path}
|
||||||
|
file_server
|
||||||
|
}
|
||||||
|
# minimal error handling, respond with status code and text
|
||||||
|
handle_errors {
|
||||||
|
respond "{http.error.status_code} {http.error.status_text}"
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"www.${pubsolarDomain}" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
redir https://${pubsolarDomain}{uri}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"auth.${pubsolarDomain}" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
redir / /realms/${pubsolarDomain}/account temporary
|
||||||
|
reverse_proxy 192.168.104.0:8080
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"git.${pubsolarDomain}" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
redir /user/login /user/oauth2/keycloak temporary
|
||||||
|
reverse_proxy 192.168.105.0:3000
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
"ci.${pubsolarDomain}" = {
|
||||||
|
logFormat = lib.mkForce ''
|
||||||
|
output discard
|
||||||
|
'';
|
||||||
|
extraConfig = ''
|
||||||
|
reverse_proxy 192.168.101.0:8080
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
137
hosts/nougat-2/concourse.nix
Normal file
137
hosts/nougat-2/concourse.nix
Normal file
|
@ -0,0 +1,137 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
pubsolarDomain = import ./pubsolar-domain.nix;
|
||||||
|
|
||||||
|
getSecret = name:
|
||||||
|
lib.attrsets.setAttrByPath [name] {
|
||||||
|
file = "${self}/secrets/${name}.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = "concourse";
|
||||||
|
};
|
||||||
|
|
||||||
|
keys = [
|
||||||
|
"concourse-session-signing-key"
|
||||||
|
"concourse-worker-key"
|
||||||
|
"concourse-tsa-host-key"
|
||||||
|
];
|
||||||
|
|
||||||
|
secrets =
|
||||||
|
[
|
||||||
|
"concourse-secrets"
|
||||||
|
"concourse-db-secrets"
|
||||||
|
]
|
||||||
|
++ keys;
|
||||||
|
in {
|
||||||
|
age.secrets = lib.lists.foldl (a: b: a // getSecret b) {} secrets;
|
||||||
|
|
||||||
|
users.users.concourse = {
|
||||||
|
description = "Concourse Service";
|
||||||
|
home = "/var/lib/concourse";
|
||||||
|
useDefaultShell = true;
|
||||||
|
group = "concourse";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.concourse = {};
|
||||||
|
users.groups.postgres = {};
|
||||||
|
ids.uids.concourse = 995;
|
||||||
|
ids.gids.concourse = 995;
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/concourse/db' 0770 root postgres - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
system.activationScripts.mkConcourseNet = let
|
||||||
|
docker = config.virtualisation.oci-containers.backend;
|
||||||
|
dockerBin = "${pkgs.${docker}}/bin/${docker}";
|
||||||
|
in ''
|
||||||
|
${dockerBin} network inspect concourse-net >/dev/null 2>&1 || ${dockerBin} network create concourse-net --subnet 172.20.0.0/24
|
||||||
|
'';
|
||||||
|
|
||||||
|
containers.concourse = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.101.0";
|
||||||
|
localAddress = "192.168.107.0";
|
||||||
|
hostAddress6 = "fc00::1";
|
||||||
|
localAddress6 = "fc00::7";
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/var/lib/postgresql/14" = {
|
||||||
|
hostPath = "/data/concourse/db";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"${config.age.secrets.keycloak-database-password.path}" = {
|
||||||
|
hostPath = "${config.age.secrets.keycloak-database-password.path}";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.nameservers = ["1.1.1.1"];
|
||||||
|
|
||||||
|
virtualisation.oci-containers = {
|
||||||
|
containers."concourse-db" = {
|
||||||
|
image = "postgres:14";
|
||||||
|
autoStart = true;
|
||||||
|
user = builtins.toString config.ids.uids.postgres;
|
||||||
|
volumes = [
|
||||||
|
"/data/concourse/db:/var/lib/postgresql/data"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=concourse-net"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.concourse-db-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
containers."concourse" = {
|
||||||
|
image = "concourse/concourse:7.9.1";
|
||||||
|
autoStart = true;
|
||||||
|
user = builtins.toString config.ids.uids.concourse;
|
||||||
|
ports = [
|
||||||
|
"8080:8080"
|
||||||
|
];
|
||||||
|
dependsOn = ["concourse-db"];
|
||||||
|
extraOptions = [
|
||||||
|
"--network=concourse-net"
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"${config.age.secrets.concourse-session-signing-key.path}:/keys/session_signing_key"
|
||||||
|
"${config.age.secrets.concourse-worker-key.path}:/keys/worker_key"
|
||||||
|
"${config.age.secrets.concourse-tsa-host-key.path}:/keys/tsa_host_key"
|
||||||
|
];
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
CONCOURSE_EXTERNAL_URL = "https://ci.${pubsolarDomain}";
|
||||||
|
|
||||||
|
CONCOURSE_ADD_LOCAL_USER = "crew:changeme";
|
||||||
|
CONCOURSE_MAIN_TEAM_LOCAL_USER = "crew";
|
||||||
|
|
||||||
|
# instead of relying on the default "detect"
|
||||||
|
CONCOURSE_WORKER_BAGGAGECLAIM_DRIVER = "overlay";
|
||||||
|
CONCOURSE_X_FRAME_OPTIONS = "allow";
|
||||||
|
CONCOURSE_CONTENT_SECURITY_POLICY = "*";
|
||||||
|
CONCOURSE_CLUSTER_NAME = "pub.solar";
|
||||||
|
CONCOURSE_WORKER_CONTAINERD_DNS_SERVER = "8.8.8.8";
|
||||||
|
|
||||||
|
CONCOURSE_SESSION_SIGNING_KEY = "/keys/session_signing_key";
|
||||||
|
CONCOURSE_TSA_HOST_KEY = "/keys/tsa_host_key";
|
||||||
|
CONCOURSE_TSA_AUTHORIZED_KEYS = "/keys/worker_key";
|
||||||
|
|
||||||
|
# For ARM-based machine, change the Concourse runtime to "houdini"
|
||||||
|
CONCOURSE_WORKER_RUNTIME = "containerd";
|
||||||
|
};
|
||||||
|
environmentFiles = [
|
||||||
|
config.age.secrets.concourse-secrets.path
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
136
hosts/nougat-2/configuration.nix
Normal file
136
hosts/nougat-2/configuration.nix
Normal file
|
@ -0,0 +1,136 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
boot.kernelParams = [
|
||||||
|
"boot.shell_on_fail=1"
|
||||||
|
"ip=135.181.179.123::135.181.179.65:255.255.255.192:nougat-2.b12f.io::off"
|
||||||
|
];
|
||||||
|
networking.hostName = "nougat-2";
|
||||||
|
|
||||||
|
# The mdadm RAID1s were created with 'mdadm --create ... --homehost=hetzner',
|
||||||
|
# but the hostname for each machine may be different, and mdadm's HOMEHOST
|
||||||
|
# setting defaults to '<system>' (using the system hostname).
|
||||||
|
# This results mdadm considering such disks as "foreign" as opposed to
|
||||||
|
# "local", and showing them as e.g. '/dev/md/hetzner:root0'
|
||||||
|
# instead of '/dev/md/root0'.
|
||||||
|
# This is mdadm's protection against accidentally putting a RAID disk
|
||||||
|
# into the wrong machine and corrupting data by accidental sync, see
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=606481#c14 and onward.
|
||||||
|
# We do not worry about plugging disks into the wrong machine because
|
||||||
|
# we will never exchange disks between machines, so we tell mdadm to
|
||||||
|
# ignore the homehost entirely.
|
||||||
|
environment.etc."mdadm.conf".text = ''
|
||||||
|
HOMEHOST <ignore>
|
||||||
|
ARRAY /dev/md/SSD metadata=1.2 name=nixos:SSD UUID=f8189c09:cb247cc7:22b79b5f:df888705
|
||||||
|
ARRAY /dev/md/HDD metadata=1.2 name=nixos:HDD UUID=85ed8a8e:9ddc5f09:c6ef6110:c00728fa
|
||||||
|
'';
|
||||||
|
# The RAIDs are assembled in stage1, so we need to make the config
|
||||||
|
# available there.
|
||||||
|
boot.initrd.services.swraid.enable = true;
|
||||||
|
boot.initrd.services.swraid.mdadmConf = config.environment.etc."mdadm.conf".text;
|
||||||
|
|
||||||
|
boot.initrd.network.enable = true;
|
||||||
|
boot.initrd.network.ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 22;
|
||||||
|
authorizedKeys =
|
||||||
|
if psCfg.user.publicKeys != null
|
||||||
|
then psCfg.user.publicKeys
|
||||||
|
else [];
|
||||||
|
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||||
|
};
|
||||||
|
|
||||||
|
# Network (Hetzner uses static IP assignments, and we don't use DHCP here)
|
||||||
|
networking.useDHCP = false;
|
||||||
|
networking.interfaces."enp0s31f6".ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "135.181.179.123";
|
||||||
|
prefixLength = 26;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.defaultGateway = "135.181.179.65";
|
||||||
|
|
||||||
|
networking.interfaces."enp0s31f6".ipv6.addresses = [
|
||||||
|
{
|
||||||
|
address = "2a01:4f9:3a:2170::1";
|
||||||
|
prefixLength = 64;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
networking.defaultGateway6 = {
|
||||||
|
address = "fe80::1";
|
||||||
|
interface = "enp0s31f6";
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.nameservers = ["1.1.1.1"];
|
||||||
|
|
||||||
|
# Initial empty root password for easy login:
|
||||||
|
users.users.root.initialHashedPassword = "";
|
||||||
|
users.users.root.openssh.authorizedKeys.keys =
|
||||||
|
if psCfg.user.publicKeys != null
|
||||||
|
then psCfg.user.publicKeys
|
||||||
|
else [];
|
||||||
|
|
||||||
|
users.users.hakkonaut = {
|
||||||
|
home = "/home/hakkonaut";
|
||||||
|
description = "CI and automation user";
|
||||||
|
useDefaultShell = true;
|
||||||
|
group = "hakkonaut";
|
||||||
|
isSystemUser = true;
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW hakkonaut@flora-6"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
users.groups.hakkonaut = {};
|
||||||
|
ids.uids.hakkonaut = 998;
|
||||||
|
ids.gids.hakkonaut = 998;
|
||||||
|
|
||||||
|
services.openssh.enable = true;
|
||||||
|
services.openssh.settings.PermitRootLogin = "prohibit-password";
|
||||||
|
|
||||||
|
pub-solar.core.disk-encryption-active = false;
|
||||||
|
pub-solar.core.lite = true;
|
||||||
|
|
||||||
|
virtualisation = {
|
||||||
|
docker = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
oci-containers = {
|
||||||
|
backend = "docker";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
security.sudo.extraRules = [
|
||||||
|
{
|
||||||
|
users = ["${psCfg.user.name}"];
|
||||||
|
commands = [
|
||||||
|
{
|
||||||
|
command = "ALL";
|
||||||
|
options = ["NOPASSWD"];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
# This value determines the NixOS release with which your system is to be
|
||||||
|
# compatible, in order to avoid breaking some software such as database
|
||||||
|
# servers. You should change this only after NixOS release notes say you
|
||||||
|
# should.
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
}
|
5
hosts/nougat-2/default.nix
Normal file
5
hosts/nougat-2/default.nix
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
{...}: {
|
||||||
|
imports = [
|
||||||
|
./nougat-2.nix
|
||||||
|
];
|
||||||
|
}
|
1
hosts/nougat-2/ex-domain.nix
Normal file
1
hosts/nougat-2/ex-domain.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
lib: lib.concatStrings (lib.lists.reverseList ["et" ".n" "zz" "wd" "h"])
|
124
hosts/nougat-2/gitea.nix
Normal file
124
hosts/nougat-2/gitea.nix
Normal file
|
@ -0,0 +1,124 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
pubsolarDomain = import ./pubsolar-domain.nix;
|
||||||
|
in {
|
||||||
|
age.secrets.gitea-database-password = {
|
||||||
|
file = "${self}/secrets/gitea-database-password.age";
|
||||||
|
mode = "600";
|
||||||
|
group = "gitea";
|
||||||
|
};
|
||||||
|
|
||||||
|
# age.secrets.gitea-mailer-password = {
|
||||||
|
# file = "${self}/secrets/gitea-mailer-password.age";
|
||||||
|
# mode = "600";
|
||||||
|
# owner = "gitea";
|
||||||
|
# };
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/gitea/db' 0770 root postgres - -"
|
||||||
|
"d '/data/gitea/gitea' 0770 root gitea - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
users.groups.postgres = {};
|
||||||
|
users.groups.gitea = {};
|
||||||
|
ids.uids.gitea = 994;
|
||||||
|
ids.gids.gitea = 994;
|
||||||
|
|
||||||
|
containers.gitea = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.101.0";
|
||||||
|
localAddress = "192.168.105.0";
|
||||||
|
hostAddress6 = "fc00::1";
|
||||||
|
localAddress6 = "fc00::5";
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/var/lib/postgresql/14" = {
|
||||||
|
hostPath = "/data/gitea/db";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"/var/lib/gitea" = {
|
||||||
|
hostPath = "/data/gitea/gitea";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"${config.age.secrets.gitea-database-password.path}" = {
|
||||||
|
hostPath = "${config.age.secrets.gitea-database-password.path}";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.nameservers = ["1.1.1.1"];
|
||||||
|
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.forgejo;
|
||||||
|
appName = "pub.solar git server";
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
passwordFile = config.age.secrets.gitea-database-password.path;
|
||||||
|
};
|
||||||
|
lfs.enable = true;
|
||||||
|
# mailerPasswordFile = config.age.secrets.gitea-mailer-password.path;
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
DOMAIN = "git.${pubsolarDomain}";
|
||||||
|
HTTP_ADDR = "127.0.0.1";
|
||||||
|
HTTP_PORT = 3000;
|
||||||
|
ROOT_URL = "https://git.${pubsolarDomain}";
|
||||||
|
};
|
||||||
|
mailer = {
|
||||||
|
ENABLED = false;
|
||||||
|
PROTOCOL = "smtps";
|
||||||
|
SMTP_ADDR = "mx2.greenbaum.cloud";
|
||||||
|
SMTP_PORT = 465;
|
||||||
|
FROM = ''"pub.solar git server" <gitea@pub.solar>'';
|
||||||
|
USER = "admins@pub.solar";
|
||||||
|
};
|
||||||
|
"repository.signing" = {
|
||||||
|
SIGNING_KEY = "default";
|
||||||
|
MERGES = "always";
|
||||||
|
};
|
||||||
|
openid = {
|
||||||
|
ENABLE_OPENID_SIGNIN = true;
|
||||||
|
ENABLE_OPENID_SIGNUP = true;
|
||||||
|
};
|
||||||
|
# uncomment after initial deployment, first user is admin user
|
||||||
|
# required to setup SSO (oauth openid-connect, keycloak auth provider)
|
||||||
|
service.ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
|
||||||
|
service.ENABLE_NOTIFY_MAIL = true;
|
||||||
|
session.COOKIE_SECURE = lib.mkForce true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# See: https://docs.gitea.io/en-us/signing/#installing-and-generating-a-gpg-key-for-gitea
|
||||||
|
# Required for gitea server side gpg signatures
|
||||||
|
# configured/setup manually in:
|
||||||
|
# /var/lib/gitea/data/home/.gitconfig
|
||||||
|
# /var/lib/gitea/data/home/.gnupg/
|
||||||
|
# sudo su gitea
|
||||||
|
# export GNUPGHOME=/var/lib/gitea/data/home/.gnupg
|
||||||
|
# gpg --quick-gen-key 'pub.solar gitea <gitea@pub.solar>' ed25519
|
||||||
|
# TODO: implement declarative GPG key generation and
|
||||||
|
# gitea gitconfig
|
||||||
|
programs.gnupg.agent = {
|
||||||
|
enable = true;
|
||||||
|
pinentryFlavor = "curses";
|
||||||
|
};
|
||||||
|
# Required to make gpg work without a graphical environment?
|
||||||
|
# otherwise generating a new gpg key fails with this error:
|
||||||
|
# gpg: agent_genkey failed: No pinentry
|
||||||
|
# see: https://github.com/NixOS/nixpkgs/issues/97861#issuecomment-827951675
|
||||||
|
environment.variables = {
|
||||||
|
GPG_TTY = "$(tty)";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
64
hosts/nougat-2/hardware-configuration.nix
Normal file
64
hosts/nougat-2/hardware-configuration.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"dm-snapshot"
|
||||||
|
"xhci_pci"
|
||||||
|
"ahci"
|
||||||
|
"nvme"
|
||||||
|
"usbhid"
|
||||||
|
"usb_storage"
|
||||||
|
"sd_mod"
|
||||||
|
"dm-raid"
|
||||||
|
"e1000e"
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = ["kvm-intel"];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."ssd" = {
|
||||||
|
device = "/dev/disk/by-id/md-uuid-f8189c09:cb247cc7:22b79b5f:df888705";
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."hdd" = {
|
||||||
|
device = "/dev/disk/by-id/md-uuid-85ed8a8e:9ddc5f09:c6ef6110:c00728fa";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/" = {
|
||||||
|
device = "/dev/disk/by-uuid/cb88e8b9-be51-43eb-a51a-cd021c90771c";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/3F6D-065E";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/data" = {
|
||||||
|
device = "/dev/disk/by-uuid/824341f0-fd56-4db7-bb7e-4f161d94144b";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [
|
||||||
|
{device = "/dev/disk/by-uuid/f37e9f96-0174-4cac-a0bb-b63b2a67a4ad";}
|
||||||
|
];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
64
hosts/nougat-2/keycloak.nix
Normal file
64
hosts/nougat-2/keycloak.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
pkgs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
pubsolarDomain = import ./pubsolar-domain.nix;
|
||||||
|
in {
|
||||||
|
age.secrets.keycloak-database-password = {
|
||||||
|
file = "${self}/secrets/keycloak-database-password.age";
|
||||||
|
mode = "770";
|
||||||
|
group = "keycloak";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d '/data/keycloak/db' 0770 root postgres - -"
|
||||||
|
];
|
||||||
|
|
||||||
|
users.groups.postgres = {};
|
||||||
|
users.groups.keycloak = {};
|
||||||
|
ids.uids.keycloak = 993;
|
||||||
|
ids.gids.keycloak = 993;
|
||||||
|
|
||||||
|
containers.keycloak = {
|
||||||
|
autoStart = true;
|
||||||
|
privateNetwork = true;
|
||||||
|
hostAddress = "192.168.101.0";
|
||||||
|
localAddress = "192.168.104.0";
|
||||||
|
hostAddress6 = "fc00::1";
|
||||||
|
localAddress6 = "fc00::4";
|
||||||
|
|
||||||
|
bindMounts = {
|
||||||
|
"/var/lib/postgresql/14" = {
|
||||||
|
hostPath = "/data/keycloak/db";
|
||||||
|
isReadOnly = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
"${config.age.secrets.keycloak-database-password.path}" = {
|
||||||
|
hostPath = "${config.age.secrets.keycloak-database-password.path}";
|
||||||
|
isReadOnly = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.nameservers = ["1.1.1.1"];
|
||||||
|
|
||||||
|
services.keycloak = {
|
||||||
|
enable = true;
|
||||||
|
database.passwordFile = config.age.secrets.keycloak-database-password.path;
|
||||||
|
settings = {
|
||||||
|
hostname = "auth.${pubsolarDomain}";
|
||||||
|
http-host = "0.0.0.0";
|
||||||
|
http-port = 8080;
|
||||||
|
proxy = "edge";
|
||||||
|
};
|
||||||
|
themes = {
|
||||||
|
"pub.solar" = inputs.keycloak-theme-pub-solar.legacyPackages.${pkgs.system}.keycloak-theme-pub-solar;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
29
hosts/nougat-2/nougat-2.nix
Normal file
29
hosts/nougat-2/nougat-2.nix
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
self,
|
||||||
|
profiles,
|
||||||
|
fix-atomic-container-restartsModulesPath,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
in {
|
||||||
|
imports = [
|
||||||
|
./configuration.nix
|
||||||
|
|
||||||
|
profiles.base-user
|
||||||
|
profiles.users.root # make sure to configure ssh keys
|
||||||
|
profiles.users.barkeeper
|
||||||
|
|
||||||
|
|
||||||
|
./acme.nix
|
||||||
|
./caddy.nix
|
||||||
|
./keycloak.nix
|
||||||
|
./gitea.nix
|
||||||
|
# ./concourse.nix
|
||||||
|
# "${fix-atomic-container-restartsModulesPath}/virtualisation/nixos-containers.nix"
|
||||||
|
];
|
||||||
|
}
|
1
hosts/nougat-2/pubsolar-domain.nix
Normal file
1
hosts/nougat-2/pubsolar-domain.nix
Normal file
|
@ -0,0 +1 @@
|
||||||
|
"pub.solar.b12f.io"
|
|
@ -14,7 +14,6 @@ in {
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
virtualisation.docker.enable = true;
|
virtualisation.docker.enable = true;
|
||||||
virtualisation.docker.package = pkgs.docker_24;
|
|
||||||
users.users = with pkgs;
|
users.users = with pkgs;
|
||||||
pkgs.lib.setAttrByPath [psCfg.user.name] {
|
pkgs.lib.setAttrByPath [psCfg.user.name] {
|
||||||
extraGroups = ["docker"];
|
extraGroups = ["docker"];
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
pkgs: {
|
pkgs: {
|
||||||
Unit = {
|
Unit = {
|
||||||
Description = "Network Manager applet";
|
Description = "Lightweight Wayland notification daemon";
|
||||||
BindsTo = ["sway-session.target"];
|
BindsTo = ["sway-session.target"];
|
||||||
After = ["sway-session.target"];
|
After = ["sway-session.target"];
|
||||||
# ConditionEnvironment requires systemd v247 to work correctly
|
# ConditionEnvironment requires systemd v247 to work correctly
|
||||||
|
|
|
@ -18,6 +18,9 @@ bindsym $mod+Shift+h exec psos help
|
||||||
|
|
||||||
bindsym $mod+F2 exec firefox
|
bindsym $mod+F2 exec firefox
|
||||||
|
|
||||||
|
bindsym $mod+F3 exec $term -e vifm
|
||||||
|
bindsym $mod+Shift+F3 exec gksu $term -e vifm
|
||||||
|
|
||||||
bindsym $mod+F4 exec nautilus -w
|
bindsym $mod+F4 exec nautilus -w
|
||||||
bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
|
bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon
|
||||||
|
|
||||||
|
|
|
@ -100,6 +100,8 @@ in {
|
||||||
mutt = "neomutt";
|
mutt = "neomutt";
|
||||||
ls = "exa";
|
ls = "exa";
|
||||||
la = "exa --group-directories-first -lag";
|
la = "exa --group-directories-first -lag";
|
||||||
|
fm = "vifm .";
|
||||||
|
vifm = "vifm .";
|
||||||
wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
|
wget = "wget --hsts-file=$XDG_CACHE_HOME/wget-hsts";
|
||||||
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
|
irssi = "irssi --config=$XDG_CONFIG_HOME/irssi/config --home=$XDG_DATA_HOME/irssi";
|
||||||
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
|
drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone";
|
||||||
|
@ -107,6 +109,5 @@ in {
|
||||||
# fix nixos-option
|
# fix nixos-option
|
||||||
nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
|
nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat";
|
||||||
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
|
myip = "dig +short myip.opendns.com @208.67.222.222 2>&1";
|
||||||
nnn = "nnn -d -e -H -r";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,6 +25,11 @@ in {
|
||||||
programs.command-not-found.enable = false;
|
programs.command-not-found.enable = false;
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
ack
|
||||||
|
bat
|
||||||
|
exa
|
||||||
|
fd
|
||||||
|
neovim
|
||||||
screen
|
screen
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -47,15 +52,10 @@ in {
|
||||||
gh
|
gh
|
||||||
glow
|
glow
|
||||||
jump
|
jump
|
||||||
(nnn.overrideAttrs (o: {
|
nnn
|
||||||
patches =
|
|
||||||
(o.patches or [])
|
|
||||||
++ [
|
|
||||||
./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch
|
|
||||||
];
|
|
||||||
}))
|
|
||||||
powerline
|
powerline
|
||||||
silver-searcher
|
silver-searcher
|
||||||
|
vifm
|
||||||
watson
|
watson
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
From a81ee68923412c0fb8fab46f2f918a7ec865b384 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <hello@benjaminbaedorf.eu>
|
|
||||||
Date: Sun, 9 Jul 2023 04:19:51 +0200
|
|
||||||
Subject: [PATCH] feat: use wasd keybindings for jkli
|
|
||||||
|
|
||||||
---
|
|
||||||
src/nnn.h | 6 +++---
|
|
||||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/nnn.h b/src/nnn.h
|
|
||||||
index d476ddd2..5f106987 100644
|
|
||||||
--- a/src/nnn.h
|
|
||||||
+++ b/src/nnn.h
|
|
||||||
@@ -131,7 +131,7 @@ struct key {
|
|
||||||
static struct key bindings[] = {
|
|
||||||
/* Back */
|
|
||||||
{ KEY_LEFT, SEL_BACK },
|
|
||||||
- { 'h', SEL_BACK },
|
|
||||||
+ { 'j', SEL_BACK },
|
|
||||||
/* Inside or select */
|
|
||||||
{ KEY_ENTER, SEL_OPEN },
|
|
||||||
{ '\r', SEL_OPEN },
|
|
||||||
@@ -139,10 +139,10 @@ static struct key bindings[] = {
|
|
||||||
{ KEY_RIGHT, SEL_NAV_IN },
|
|
||||||
{ 'l', SEL_NAV_IN },
|
|
||||||
/* Next */
|
|
||||||
- { 'j', SEL_NEXT },
|
|
||||||
+ { 'k', SEL_NEXT },
|
|
||||||
{ KEY_DOWN, SEL_NEXT },
|
|
||||||
/* Previous */
|
|
||||||
- { 'k', SEL_PREV },
|
|
||||||
+ { 'i', SEL_PREV },
|
|
||||||
{ KEY_UP, SEL_PREV },
|
|
||||||
/* Page down */
|
|
||||||
{ KEY_NPAGE, SEL_PGDN },
|
|
||||||
--
|
|
||||||
2.40.1
|
|
||||||
|
|
|
@ -47,130 +47,62 @@ in {
|
||||||
plugins = with pkgs.vimPlugins;
|
plugins = with pkgs.vimPlugins;
|
||||||
[]
|
[]
|
||||||
++ lib.optionals (!cfg.lite) [
|
++ lib.optionals (!cfg.lite) [
|
||||||
(pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [
|
|
||||||
p.ini
|
|
||||||
p.json
|
|
||||||
p.json5
|
|
||||||
p.markdown
|
|
||||||
p.nix
|
|
||||||
p.toml
|
|
||||||
p.yaml
|
|
||||||
|
|
||||||
p.css
|
|
||||||
p.graphql
|
|
||||||
p.html
|
|
||||||
p.javascript
|
|
||||||
p.scss
|
|
||||||
p.tsx
|
|
||||||
p.typescript
|
|
||||||
p.vue
|
|
||||||
|
|
||||||
p.c
|
|
||||||
p.cpp
|
|
||||||
p.go
|
|
||||||
p.gomod
|
|
||||||
p.gosum
|
|
||||||
p.haskell
|
|
||||||
p.lua
|
|
||||||
p.php
|
|
||||||
p.python
|
|
||||||
p.ruby
|
|
||||||
p.rust
|
|
||||||
|
|
||||||
p.vim
|
|
||||||
p.vimdoc
|
|
||||||
|
|
||||||
p.passwd
|
|
||||||
p.sql
|
|
||||||
|
|
||||||
p.diff
|
|
||||||
p.gitcommit
|
|
||||||
p.gitignore
|
|
||||||
p.git_config
|
|
||||||
p.gitattributes
|
|
||||||
p.git_rebase
|
|
||||||
|
|
||||||
p.bash
|
|
||||||
p.dockerfile
|
|
||||||
p.make
|
|
||||||
p.ninja
|
|
||||||
p.terraform
|
|
||||||
]))
|
|
||||||
|
|
||||||
# Dependencies for nvim-lspconfig
|
|
||||||
nvim-cmp
|
nvim-cmp
|
||||||
cmp-nvim-lsp
|
cmp-nvim-lsp
|
||||||
cmp_luasnip
|
cmp_luasnip
|
||||||
luasnip
|
luasnip
|
||||||
|
|
||||||
# Quickstart configs for neovim LSP
|
|
||||||
lsp_extensions-nvim
|
lsp_extensions-nvim
|
||||||
nvim-lspconfig
|
nvim-lspconfig
|
||||||
|
|
||||||
# Collaborative editing in Neovim using built-in capabilities
|
|
||||||
instant-nvim-nvfetcher
|
instant-nvim-nvfetcher
|
||||||
|
|
||||||
# Search functionality behind :Ack
|
|
||||||
ack-vim
|
ack-vim
|
||||||
|
|
||||||
# The status bar in the bottom of the screen with the mode indication and file location
|
|
||||||
vim-airline
|
vim-airline
|
||||||
|
|
||||||
# Automatically load editorconfig files in repos to configure nvim settings
|
|
||||||
editorconfig-vim
|
editorconfig-vim
|
||||||
|
|
||||||
# File browser. Use <leader>n to access
|
|
||||||
nnn-vim
|
nnn-vim
|
||||||
|
|
||||||
# Highlight characters when using f, F, t, and T
|
|
||||||
quick-scope
|
quick-scope
|
||||||
|
|
||||||
# Get sudo in vim; :SudaWrite <optional filename>
|
|
||||||
suda-vim
|
suda-vim
|
||||||
|
syntastic
|
||||||
# Undo history etc. per project
|
vim-gutentags
|
||||||
|
vim-vinegar
|
||||||
vim-workspace-nvfetcher
|
vim-workspace-nvfetcher
|
||||||
|
|
||||||
# JSON schemas
|
|
||||||
SchemaStore-nvim
|
|
||||||
|
|
||||||
# Work with tags files
|
|
||||||
vim-gutentags
|
|
||||||
|
|
||||||
# Neovim colorschemes / themes
|
|
||||||
sonokai
|
sonokai
|
||||||
vim-hybrid-material
|
vim-hybrid-material
|
||||||
vim-airline-themes
|
vim-airline-themes
|
||||||
vim-apprentice-nvfetcher
|
vim-apprentice-nvfetcher
|
||||||
|
|
||||||
# Git integrations
|
|
||||||
# A Git wrapper so awesome, it should be illegal
|
|
||||||
fugitive
|
fugitive
|
||||||
# Shows git diff markers in the sign column
|
|
||||||
vim-gitgutter
|
vim-gitgutter
|
||||||
# GitHub extension for fugitive
|
|
||||||
vim-rhubarb
|
vim-rhubarb
|
||||||
# Ease your git workflow within Vim
|
|
||||||
vimagit-nvfetcher
|
vimagit-nvfetcher
|
||||||
|
|
||||||
# FZF fuzzy finder
|
|
||||||
fzf-vim
|
fzf-vim
|
||||||
fzfWrapper
|
fzfWrapper
|
||||||
# Make the yanked region apparent
|
|
||||||
vim-highlightedyank
|
vim-highlightedyank
|
||||||
|
|
||||||
# :Beautify Code beautifier
|
|
||||||
vim-beautify-nvfetcher
|
vim-beautify-nvfetcher
|
||||||
|
vim-surround
|
||||||
|
|
||||||
# Unload, delete or wipe a buffer without closing the window
|
|
||||||
vim-bufkill
|
vim-bufkill
|
||||||
# Defaults everyone can agree on
|
|
||||||
vim-sensible
|
vim-sensible
|
||||||
|
|
||||||
# emmet for vim: http://emmet.io/
|
ansible-vim
|
||||||
emmet-vim
|
emmet-vim
|
||||||
# Caddyfile syntax support for Vim
|
rust-vim
|
||||||
vim-caddyfile-nvfetcher
|
vim-caddyfile-nvfetcher
|
||||||
|
vim-go
|
||||||
|
vim-javascript
|
||||||
|
vim-json
|
||||||
|
SchemaStore-nvim
|
||||||
|
vim-markdown
|
||||||
|
vim-nix
|
||||||
|
vim-nixhash
|
||||||
|
vim-ruby
|
||||||
|
vim-toml
|
||||||
|
vim-vue
|
||||||
|
yats-vim
|
||||||
];
|
];
|
||||||
|
|
||||||
extraConfig = builtins.concatStringsSep "\n" [
|
extraConfig = builtins.concatStringsSep "\n" [
|
||||||
|
|
|
@ -101,6 +101,3 @@ if has("autocmd")
|
||||||
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
|
au BufReadPost * if line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g'\"" | endif
|
||||||
endif
|
endif
|
||||||
|
|
||||||
nmap - :NnnPicker %<CR>
|
|
||||||
nmap <leader>n :NnnPicker %<CR>
|
|
||||||
nmap <leader>N :NnnPicker<CR>
|
|
||||||
|
|
|
@ -83,5 +83,3 @@ if executable('ag')
|
||||||
let g:ackprg = 'ag --vimgrep'
|
let g:ackprg = 'ag --vimgrep'
|
||||||
endif
|
endif
|
||||||
|
|
||||||
" nnn
|
|
||||||
let g:nnn#command = 'nnn -d -e -H -r'
|
|
||||||
|
|
|
@ -4,12 +4,6 @@ channels: final: prev: {
|
||||||
inherit
|
inherit
|
||||||
(channels.latest)
|
(channels.latest)
|
||||||
nixd
|
nixd
|
||||||
docker_24
|
|
||||||
;
|
|
||||||
|
|
||||||
inherit
|
|
||||||
(channels.fork)
|
|
||||||
nvfetcher
|
|
||||||
;
|
;
|
||||||
|
|
||||||
haskellPackages =
|
haskellPackages =
|
||||||
|
|
|
@ -3,17 +3,17 @@
|
||||||
{
|
{
|
||||||
blesh-nvfetcher = {
|
blesh-nvfetcher = {
|
||||||
pname = "blesh-nvfetcher";
|
pname = "blesh-nvfetcher";
|
||||||
version = "9d84b424daf31b192891c06275fff316fa5ddd35";
|
version = "4089c4e1cb411121472180189953664b978d8972";
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "akinomyoga";
|
owner = "akinomyoga";
|
||||||
repo = "ble.sh";
|
repo = "ble.sh";
|
||||||
rev = "9d84b424daf31b192891c06275fff316fa5ddd35";
|
rev = "4089c4e1cb411121472180189953664b978d8972";
|
||||||
fetchSubmodules = true;
|
fetchSubmodules = true;
|
||||||
deepClone = false;
|
deepClone = false;
|
||||||
leaveDotGit = true;
|
leaveDotGit = true;
|
||||||
sha256 = "sha256-7aX5UtDB9pUHHeOi9n+qWsM2KGenHVL6O18vG9W8tmQ=";
|
sha256 = "sha256-ZLkiBm3vsRe42crLffM9Z8F5yzKvNRV2/AqK9RkuU+8=";
|
||||||
};
|
};
|
||||||
date = "2023-10-02";
|
date = "2023-07-18";
|
||||||
};
|
};
|
||||||
instant-nvim-nvfetcher = {
|
instant-nvim-nvfetcher = {
|
||||||
pname = "instant-nvim-nvfetcher";
|
pname = "instant-nvim-nvfetcher";
|
||||||
|
|
|
@ -6,27 +6,19 @@
|
||||||
user = config.pub-solar.user;
|
user = config.pub-solar.user;
|
||||||
xdg = config.home-manager.users."${user.name}".xdg;
|
xdg = config.home-manager.users."${user.name}".xdg;
|
||||||
in ''
|
in ''
|
||||||
# What happened?
|
# Title: Summary, imperative, start upper case, don't end with a period
|
||||||
#
|
# No more than 50 chars. #### 50 chars is here: #
|
||||||
# fix feat build chore ci docs style refactor perf test
|
|
||||||
#
|
|
||||||
# type!(optional scope): <summary> --------------#
|
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
# ^\n
|
# ^ Remember ending with an extra blank line
|
||||||
# What exactly was done and why? --------------------------------------#
|
# Body: Explain *what* and *why* (not *how*). Include issue number.
|
||||||
|
# Wrap at 72 chars. ################################## which is here: #
|
||||||
#
|
#
|
||||||
|
|
||||||
|
|
||||||
# ^\n
|
# ^ Remember ending with an extra blank line
|
||||||
#
|
# At the end: Include Co-authored-by for all contributors.
|
||||||
# Any issue numbers or links?
|
|
||||||
#
|
|
||||||
# Ref: #123
|
|
||||||
|
|
||||||
|
|
||||||
# ^\n
|
|
||||||
#
|
#
|
||||||
# Co-authored-by: Example Name <email@example.com>
|
# Co-authored-by: Example Name <email@example.com>
|
||||||
''
|
''
|
||||||
|
|
26
profiles/base-user/.config/vifm/colors/base16.vifm
Normal file
26
profiles/base-user/.config/vifm/colors/base16.vifm
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
" Reset all styles first
|
||||||
|
highlight clear
|
||||||
|
|
||||||
|
highlight Border cterm=none ctermfg=235 ctermbg=0
|
||||||
|
|
||||||
|
highlight TopLine cterm=none ctermfg=20 ctermbg=18
|
||||||
|
highlight TopLineSel cterm=none ctermfg=1 ctermbg=18
|
||||||
|
|
||||||
|
highlight Win cterm=none ctermfg=188 ctermbg=0
|
||||||
|
highlight Directory cterm=bold ctermfg=4 ctermbg=0
|
||||||
|
highlight CurrLine cterm=none ctermfg=3 ctermbg=19
|
||||||
|
highlight OtherLine cterm=none ctermfg=3 ctermbg=19
|
||||||
|
highlight Selected cterm=none ctermfg=5 ctermbg=19
|
||||||
|
|
||||||
|
highlight JobLine cterm=bold ctermfg=0 ctermbg=18
|
||||||
|
highlight StatusLine cterm=bold ctermfg=0 ctermbg=18
|
||||||
|
highlight ErrorMsg cterm=bold ctermfg=0 ctermbg=18
|
||||||
|
highlight WildMenu cterm=bold ctermfg=0 ctermbg=18
|
||||||
|
highlight CmdLine cterm=none ctermfg=20 ctermbg=0
|
||||||
|
|
||||||
|
highlight Executable cterm=bold ctermfg=2 ctermbg=0
|
||||||
|
highlight Link cterm=none ctermfg=9 ctermbg=0
|
||||||
|
highlight BrokenLink cterm=none ctermfg=1 ctermbg=0
|
||||||
|
highlight Device cterm=none ctermfg=228 ctermbg=0
|
||||||
|
highlight Fifo cterm=none ctermfg=109 ctermbg=0
|
||||||
|
highlight Socket cterm=none ctermfg=110 ctermbg=0
|
495
profiles/base-user/.config/vifm/vifmrc
Normal file
495
profiles/base-user/.config/vifm/vifmrc
Normal file
|
@ -0,0 +1,495 @@
|
||||||
|
" vim: filetype=vifm :
|
||||||
|
" Sample configuration file for vifm (last updated: 2 June, 2019)
|
||||||
|
" You can edit this file by hand.
|
||||||
|
" The " character at the beginning of a line comments out the line.
|
||||||
|
" Blank lines are ignored.
|
||||||
|
" The basic format for each item is shown with an example.
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" Command used to edit files in various contexts. The default is vim.
|
||||||
|
" If you would like to use another vi clone such as Elvis or Vile
|
||||||
|
" you will need to change this setting.
|
||||||
|
|
||||||
|
set vicmd=nvim
|
||||||
|
" set vicmd=elvis\ -G\ termcap
|
||||||
|
" set vicmd=vile
|
||||||
|
|
||||||
|
" This makes vifm perform file operations on its own instead of relying on
|
||||||
|
" standard utilities like `cp`. While using `cp` and alike is a more universal
|
||||||
|
" solution, it's also much slower when processing large amounts of files and
|
||||||
|
" doesn't support progress measuring.
|
||||||
|
|
||||||
|
set syscalls
|
||||||
|
|
||||||
|
" Trash Directory
|
||||||
|
" The default is to move files that are deleted with dd or :d to
|
||||||
|
" the trash directory. If you change this you will not be able to move
|
||||||
|
" files by deleting them and then using p to put the file in the new location.
|
||||||
|
" I recommend not changing this until you are familiar with vifm.
|
||||||
|
" This probably shouldn't be an option.
|
||||||
|
|
||||||
|
set trash
|
||||||
|
|
||||||
|
" This is how many directories to store in the directory history.
|
||||||
|
|
||||||
|
set history=100
|
||||||
|
|
||||||
|
" Automatically resolve symbolic links on l or Enter.
|
||||||
|
|
||||||
|
set nofollowlinks
|
||||||
|
|
||||||
|
" With this option turned on you can run partially entered commands with
|
||||||
|
" unambiguous beginning using :! (e.g. :!Te instead of :!Terminal or :!Te<tab>).
|
||||||
|
|
||||||
|
" set fastrun
|
||||||
|
|
||||||
|
" Natural sort of (version) numbers within text.
|
||||||
|
|
||||||
|
set sortnumbers
|
||||||
|
|
||||||
|
" Maximum number of changes that can be undone.
|
||||||
|
|
||||||
|
set undolevels=100
|
||||||
|
|
||||||
|
" Use Vim's format of help file (has highlighting and "hyperlinks").
|
||||||
|
" If you would rather use a plain text help file set novimhelp.
|
||||||
|
|
||||||
|
set vimhelp
|
||||||
|
|
||||||
|
" If you would like to run an executable file when you
|
||||||
|
" press return on the file name set this.
|
||||||
|
|
||||||
|
set norunexec
|
||||||
|
|
||||||
|
" Selected color scheme
|
||||||
|
|
||||||
|
colorscheme base16
|
||||||
|
|
||||||
|
" Format for displaying time in file list. For example:
|
||||||
|
" TIME_STAMP_FORMAT=%m/%d-%H:%M
|
||||||
|
" See man date or man strftime for details.
|
||||||
|
|
||||||
|
set timefmt=%m/%d\ %H:%M
|
||||||
|
|
||||||
|
" Show list of matches on tab completion in command-line mode
|
||||||
|
|
||||||
|
set wildmenu
|
||||||
|
|
||||||
|
" Display completions in a form of popup with descriptions of the matches
|
||||||
|
|
||||||
|
set wildstyle=popup
|
||||||
|
|
||||||
|
" Display suggestions in normal, visual and view modes for keys, marks and
|
||||||
|
" registers (at most 5 files). In other view, when available.
|
||||||
|
|
||||||
|
set suggestoptions=normal,visual,view,otherpane,keys,marks,registers
|
||||||
|
|
||||||
|
" Ignore case in search patterns unless it contains at least one uppercase
|
||||||
|
" letter
|
||||||
|
|
||||||
|
set ignorecase
|
||||||
|
set smartcase
|
||||||
|
|
||||||
|
" Don't highlight search results automatically
|
||||||
|
|
||||||
|
set nohlsearch
|
||||||
|
|
||||||
|
" Use increment searching (search while typing)
|
||||||
|
set incsearch
|
||||||
|
|
||||||
|
" Try to leave some space from cursor to upper/lower border in lists
|
||||||
|
|
||||||
|
set scrolloff=4
|
||||||
|
|
||||||
|
" Don't do too many requests to slow file systems
|
||||||
|
|
||||||
|
if !has('win')
|
||||||
|
set slowfs=curlftpfs
|
||||||
|
endif
|
||||||
|
|
||||||
|
" Set custom status line look
|
||||||
|
|
||||||
|
set statusline=" Hint: %z%= %A %10u:%-7g %15s %20d "
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" :mark mark /full/directory/path [filename]
|
||||||
|
|
||||||
|
mark b ~/bin/
|
||||||
|
mark h ~/
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" :com[mand][!] command_name action
|
||||||
|
" The following macros can be used in a command
|
||||||
|
" %a is replaced with the user arguments.
|
||||||
|
" %c the current file under the cursor.
|
||||||
|
" %C the current file under the cursor in the other directory.
|
||||||
|
" %f the current selected file, or files.
|
||||||
|
" %F the current selected file, or files in the other directory.
|
||||||
|
" %b same as %f %F.
|
||||||
|
" %d the current directory name.
|
||||||
|
" %D the other window directory name.
|
||||||
|
" %m run the command in a menu window
|
||||||
|
|
||||||
|
command! df df -h %m 2> /dev/null
|
||||||
|
command! diff vim -d %f %F
|
||||||
|
command! zip zip -r %f.zip %f
|
||||||
|
command! unzip unzip %c %c.extracted
|
||||||
|
command! run !! ./%f
|
||||||
|
command! make !!make %a
|
||||||
|
command! mkcd :mkdir %a | cd %a
|
||||||
|
command! vgrep vim "+grep %a"
|
||||||
|
command! reload :write | restart
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" The file type is for the default programs to be used with
|
||||||
|
" a file extension.
|
||||||
|
" :filetype pattern1,pattern2 defaultprogram,program2
|
||||||
|
" :fileviewer pattern1,pattern2 consoleviewer
|
||||||
|
" The other programs for the file type can be accessed with the :file command
|
||||||
|
" The command macros %f, %F, %d, %F may be used in the commands.
|
||||||
|
" The %a macro is ignored. To use a % you must put %%.
|
||||||
|
|
||||||
|
" For automated FUSE mounts, you must register an extension with :file[x]type
|
||||||
|
" in one of following formats:
|
||||||
|
"
|
||||||
|
" :filetype extensions FUSE_MOUNT|some_mount_command using %SOURCE_FILE and %DESTINATION_DIR variables
|
||||||
|
" %SOURCE_FILE and %DESTINATION_DIR are filled in by vifm at runtime.
|
||||||
|
" A sample line might look like this:
|
||||||
|
" :filetype *.zip,*.jar,*.war,*.ear FUSE_MOUNT|fuse-zip %SOURCE_FILE %DESTINATION_DIR
|
||||||
|
"
|
||||||
|
" :filetype extensions FUSE_MOUNT2|some_mount_command using %PARAM and %DESTINATION_DIR variables
|
||||||
|
" %PARAM and %DESTINATION_DIR are filled in by vifm at runtime.
|
||||||
|
" A sample line might look like this:
|
||||||
|
" :filetype *.ssh FUSE_MOUNT2|sshfs %PARAM %DESTINATION_DIR
|
||||||
|
" %PARAM value is filled from the first line of file (whole line).
|
||||||
|
" Example first line for SshMount filetype: root@127.0.0.1:/
|
||||||
|
"
|
||||||
|
" You can also add %CLEAR if you want to clear screen before running FUSE
|
||||||
|
" program.
|
||||||
|
|
||||||
|
" Pdf
|
||||||
|
filextype *.pdf epdfview %c %i &, apvlv %c, xpdf %c
|
||||||
|
fileviewer *.pdf
|
||||||
|
\ vifmimg pdfpreview %px %py %pw %ph %c
|
||||||
|
\ %pc
|
||||||
|
\ vifmimg clear
|
||||||
|
" \ pdftotext -nopgbrk %c -
|
||||||
|
|
||||||
|
" PostScript
|
||||||
|
filextype *.ps,*.eps,*.ps.gz
|
||||||
|
\ {View in zathura}
|
||||||
|
\ zathura %f,
|
||||||
|
\ {View in gv}
|
||||||
|
\ gv %c %i &,
|
||||||
|
|
||||||
|
" Djvu
|
||||||
|
filextype *.djvu
|
||||||
|
\ {View in zathura}
|
||||||
|
\ zathura %f,
|
||||||
|
\ {View in apvlv}
|
||||||
|
\ apvlv %f,
|
||||||
|
|
||||||
|
" Audio
|
||||||
|
filetype *.wav,*.mp3,*.flac,*.m4a,*.wma,*.ape,*.ac3,*.og[agx],*.spx,*.opus
|
||||||
|
\ {Play using vlc}
|
||||||
|
\ vlc %c,
|
||||||
|
\ {Play using ffplay}
|
||||||
|
\ ffplay -nodisp -autoexit %c,
|
||||||
|
fileviewer *.mp3 mp3info
|
||||||
|
fileviewer *.flac soxi
|
||||||
|
|
||||||
|
" Video
|
||||||
|
filextype *.avi,*.mp4,*.wmv,*.dat,*.3gp,*.ogv,*.mkv,*.mpg,*.mpeg,*.vob,
|
||||||
|
\*.fl[icv],*.m2v,*.mov,*.webm,*.ts,*.mts,*.m4v,*.r[am],*.qt,*.divx,
|
||||||
|
\*.as[fx]
|
||||||
|
\ {View using vlc}
|
||||||
|
\ vlc %f,
|
||||||
|
\ {View using ffplay}
|
||||||
|
\ ffplay -fs -autoexit %f,
|
||||||
|
fileviewer *.avi,*.mp4,*.wmv,*.dat,*.3gp,*.ogv,*.mkv,*.mpg,*.mpeg,*.vob,
|
||||||
|
\*.fl[icv],*.m2v,*.mov,*.webm,*.ts,*.mts,*.m4v,*.r[am],*.qt,*.divx,
|
||||||
|
\*.as[fx]
|
||||||
|
\ vifmimg videopreview %px %py %pw %ph %c
|
||||||
|
\ %pc
|
||||||
|
\ vifmimg clear
|
||||||
|
" \ ffprobe -pretty %c 2>&1
|
||||||
|
|
||||||
|
" Web
|
||||||
|
filextype *.html,*.htm
|
||||||
|
\ {Open with vim}
|
||||||
|
\ nvim %f,
|
||||||
|
\ {Open with firefox}
|
||||||
|
\ firefox %f &,
|
||||||
|
filetype *.html,*.htm links, lynx
|
||||||
|
|
||||||
|
" Object
|
||||||
|
filetype *.o nm %f | less
|
||||||
|
|
||||||
|
" Man page
|
||||||
|
filetype *.[1-8] man ./%c
|
||||||
|
fileviewer *.[1-8] man ./%c | col -b
|
||||||
|
|
||||||
|
" Images
|
||||||
|
filextype *.bmp,*.jpg,*.jpeg,*.png,*.gif,*.xpm
|
||||||
|
\ {View in viewnior}
|
||||||
|
\ viewnior %f,
|
||||||
|
fileviewer *.bmp,*.jpg,*.jpeg,*.png,*.xpm
|
||||||
|
\ vifmimg draw %px %py %pw %ph %c
|
||||||
|
\ %pc
|
||||||
|
\ vifmimg clear
|
||||||
|
" Get w3m image previews inside vifm
|
||||||
|
" \ imgt %px %py %pw %ph %c
|
||||||
|
" \ %pc
|
||||||
|
" \ imgc %px %py %pw %ph NOT NEEDED IN XTERM
|
||||||
|
fileviewer *.gif
|
||||||
|
\ vifmimg gifpreview %px %py %pw %ph %c
|
||||||
|
\ %pc
|
||||||
|
\ vifmimg clear
|
||||||
|
|
||||||
|
" OpenRaster
|
||||||
|
filextype *.ora
|
||||||
|
\ {Edit in MyPaint}
|
||||||
|
\ mypaint %f,
|
||||||
|
|
||||||
|
" Mindmap
|
||||||
|
filextype *.vym
|
||||||
|
\ {Open with VYM}
|
||||||
|
\ vym %f &,
|
||||||
|
|
||||||
|
" MD5
|
||||||
|
filetype *.md5
|
||||||
|
\ {Check MD5 hash sum}
|
||||||
|
\ md5sum -c %f %S,
|
||||||
|
|
||||||
|
" SHA1
|
||||||
|
filetype *.sha1
|
||||||
|
\ {Check SHA1 hash sum}
|
||||||
|
\ sha1sum -c %f %S,
|
||||||
|
|
||||||
|
" SHA256
|
||||||
|
filetype *.sha256
|
||||||
|
\ {Check SHA256 hash sum}
|
||||||
|
\ sha256sum -c %f %S,
|
||||||
|
|
||||||
|
" SHA512
|
||||||
|
filetype *.sha512
|
||||||
|
\ {Check SHA512 hash sum}
|
||||||
|
\ sha512sum -c %f %S,
|
||||||
|
|
||||||
|
" GPG signature
|
||||||
|
filetype *.asc
|
||||||
|
\ {Check signature}
|
||||||
|
\ !!gpg --verify %c,
|
||||||
|
|
||||||
|
" Torrent
|
||||||
|
filetype *.torrent ktorrent %f &
|
||||||
|
fileviewer *.torrent dumptorrent -v %c
|
||||||
|
|
||||||
|
" FuseZipMount
|
||||||
|
filetype *.zip,*.jar,*.war,*.ear,*.oxt,*.apkg
|
||||||
|
\ {Mount with fuse-zip}
|
||||||
|
\ FUSE_MOUNT|fuse-zip %SOURCE_FILE %DESTINATION_DIR,
|
||||||
|
\ {View contents}
|
||||||
|
\ zip -sf %c | less,
|
||||||
|
\ {Extract here}
|
||||||
|
\ tar -xf %c,
|
||||||
|
fileviewer *.zip,*.jar,*.war,*.ear,*.oxt zip -sf %c
|
||||||
|
|
||||||
|
" ArchiveMount
|
||||||
|
filetype *.tar,*.tar.bz2,*.tbz2,*.tgz,*.tar.gz,*.tar.xz,*.txz
|
||||||
|
\ {Mount with archivemount}
|
||||||
|
\ FUSE_MOUNT|archivemount %SOURCE_FILE %DESTINATION_DIR,
|
||||||
|
fileviewer *.tgz,*.tar.gz tar -tzf %c
|
||||||
|
fileviewer *.tar.bz2,*.tbz2 tar -tjf %c
|
||||||
|
fileviewer *.tar.txz,*.txz xz --list %c
|
||||||
|
fileviewer *.tar tar -tf %c
|
||||||
|
|
||||||
|
" Rar2FsMount and rar archives
|
||||||
|
filetype *.rar
|
||||||
|
\ {Mount with rar2fs}
|
||||||
|
\ FUSE_MOUNT|rar2fs %SOURCE_FILE %DESTINATION_DIR,
|
||||||
|
fileviewer *.rar unrar v %c
|
||||||
|
|
||||||
|
" IsoMount
|
||||||
|
filetype *.iso
|
||||||
|
\ {Mount with fuseiso}
|
||||||
|
\ FUSE_MOUNT|fuseiso %SOURCE_FILE %DESTINATION_DIR,
|
||||||
|
|
||||||
|
" SshMount
|
||||||
|
filetype *.ssh
|
||||||
|
\ {Mount with sshfs}
|
||||||
|
\ FUSE_MOUNT2|sshfs %PARAM %DESTINATION_DIR %FOREGROUND,
|
||||||
|
|
||||||
|
" FtpMount
|
||||||
|
filetype *.ftp
|
||||||
|
\ {Mount with curlftpfs}
|
||||||
|
\ FUSE_MOUNT2|curlftpfs -o ftp_port=-,,disable_eprt %PARAM %DESTINATION_DIR %FOREGROUND,
|
||||||
|
|
||||||
|
" Fuse7z and 7z archives
|
||||||
|
filetype *.7z
|
||||||
|
\ {Mount with fuse-7z}
|
||||||
|
\ FUSE_MOUNT|fuse-7z %SOURCE_FILE %DESTINATION_DIR,
|
||||||
|
fileviewer *.7z 7z l %c
|
||||||
|
|
||||||
|
" Office files
|
||||||
|
filextype *.odt,*.doc,*.docx,*.xls,*.xlsx,*.odp,*.pptx libreoffice %f &
|
||||||
|
fileviewer *.doc catdoc %c
|
||||||
|
fileviewer *.docx docx2txt.pl %f -
|
||||||
|
|
||||||
|
" TuDu files
|
||||||
|
filetype *.tudu tudu -f %c
|
||||||
|
|
||||||
|
" Qt projects
|
||||||
|
filextype *.pro qtcreator %f &
|
||||||
|
|
||||||
|
" All others
|
||||||
|
filetype *.ts,*.js,*.css,*.sass,*.scss,*.go,*.rs,*.py,*.html,*.xhtml,*.json,*.jsx,*.tsx,*.vue,*.svelte,*.sql
|
||||||
|
\ {Open in editor}
|
||||||
|
\ nvim %c,
|
||||||
|
fileviewer *.ts,*.js,*.css,*.sass,*.scss,*.go,*.rs,*.py,*.html,*.xhtml,*.json,*.jsx,*.tsx,*.vue,*.svelte,*.sql bat %c
|
||||||
|
|
||||||
|
" Directories
|
||||||
|
filextype */
|
||||||
|
\ {View in thunar}
|
||||||
|
\ Thunar %f &,
|
||||||
|
|
||||||
|
" Syntax highlighting in preview
|
||||||
|
"
|
||||||
|
" Explicitly set highlight type for some extensions
|
||||||
|
"
|
||||||
|
" 256-color terminal
|
||||||
|
" fileviewer *.[ch],*.[ch]pp highlight -O xterm256 -s dante --syntax c %c
|
||||||
|
" fileviewer Makefile,Makefile.* highlight -O xterm256 -s dante --syntax make %c
|
||||||
|
"
|
||||||
|
" 16-color terminal
|
||||||
|
" fileviewer *.c,*.h highlight -O ansi -s dante %c
|
||||||
|
"
|
||||||
|
" Or leave it for automatic detection
|
||||||
|
"
|
||||||
|
" fileviewer *[^/] pygmentize -O style=monokai -f console256 -g
|
||||||
|
|
||||||
|
" Displaying pictures in terminal
|
||||||
|
"
|
||||||
|
" fileviewer *.jpg,*.png shellpic %c
|
||||||
|
|
||||||
|
" Open all other files with default system programs (you can also remove all
|
||||||
|
" :file[x]type commands above to ensure they don't interfere with system-wide
|
||||||
|
" settings). By default all unknown files are opened with 'vi[x]cmd'
|
||||||
|
" uncommenting one of lines below will result in ignoring 'vi[x]cmd' option
|
||||||
|
" for unknown file types.
|
||||||
|
" For *nix:
|
||||||
|
" filetype * xdg-open
|
||||||
|
" For OS X:
|
||||||
|
" filetype * open
|
||||||
|
" For Windows:
|
||||||
|
" filetype * start, explorer
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" What should be saved automatically between vifm sessions. Drop "savedirs"
|
||||||
|
" value if you don't want vifm to remember last visited directories for you.
|
||||||
|
set vifminfo=dhistory,savedirs,chistory,state,tui,shistory,
|
||||||
|
\phistory,fhistory,dirstack,registers,bookmarks,bmarks
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" Examples of configuring both panels
|
||||||
|
|
||||||
|
" Customize view columns a bit (enable ellipsis for truncated file names)
|
||||||
|
"
|
||||||
|
" set viewcolumns=-{name}..,6{}.
|
||||||
|
|
||||||
|
" Filter-out build and temporary files
|
||||||
|
"
|
||||||
|
" filter! /^.*\.(lo|o|d|class|py[co])$|.*~$/
|
||||||
|
|
||||||
|
" ------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
" Sample mappings
|
||||||
|
|
||||||
|
" Start shell in current directory
|
||||||
|
nnoremap s :shell<cr>
|
||||||
|
|
||||||
|
" Display sorting dialog
|
||||||
|
nnoremap S :sort<cr>
|
||||||
|
|
||||||
|
" Toggle visibility of preview window
|
||||||
|
nnoremap w :view<cr>
|
||||||
|
vnoremap w :view<cr>gv
|
||||||
|
|
||||||
|
" Open file in existing instance of nvim
|
||||||
|
nnoremap o :!vim %f<cr>
|
||||||
|
" Open file in new instance of vim
|
||||||
|
nnoremap O :!vim %f<cr>
|
||||||
|
|
||||||
|
" Open file in the background using its default program
|
||||||
|
nnoremap gb :file &<cr>l
|
||||||
|
|
||||||
|
" Interaction with system clipboard
|
||||||
|
if has('win')
|
||||||
|
" Yank current directory path to Windows clipboard with forward slashes
|
||||||
|
nnoremap yp :!echo %"d:gs!\!/! %i | clip<cr>
|
||||||
|
" Yank path to current file to Windows clipboard with forward slashes
|
||||||
|
nnoremap yf :!echo %"c:gs!\!/! %i | clip<cr>
|
||||||
|
elseif executable('xclip')
|
||||||
|
" Yank current directory path into the clipboard
|
||||||
|
nnoremap yd :!echo %d | xclip %i<cr>
|
||||||
|
" Yank current file path into the clipboard
|
||||||
|
nnoremap yf :!echo %c:p | xclip %i<cr>
|
||||||
|
elseif executable('xsel')
|
||||||
|
" Yank current directory path into primary and selection clipboards
|
||||||
|
nnoremap yd :!echo -n %d | xsel --input --primary %i &&
|
||||||
|
\ echo -n %d | xsel --clipboard --input %i<cr>
|
||||||
|
" Yank current file path into into primary and selection clipboards
|
||||||
|
nnoremap yf :!echo -n %c:p | xsel --input --primary %i &&
|
||||||
|
\ echo -n %c:p | xsel --clipboard --input %i<cr>
|
||||||
|
endif
|
||||||
|
|
||||||
|
" Mappings for faster renaming
|
||||||
|
nnoremap I cw<c-a>
|
||||||
|
nnoremap cc cw<c-u>
|
||||||
|
nnoremap A cw
|
||||||
|
|
||||||
|
" Open console in current directory
|
||||||
|
nnoremap ,t :!xterm &<cr>
|
||||||
|
|
||||||
|
" Open editor to edit vifmrc and apply settings after returning to vifm
|
||||||
|
nnoremap ,c :write | edit $MYVIFMRC | restart<cr>
|
||||||
|
" Open gvim to edit vifmrc
|
||||||
|
nnoremap ,C :!gvim --remote-tab-silent $MYVIFMRC &<cr>
|
||||||
|
|
||||||
|
" Toggle wrap setting on ,w key
|
||||||
|
nnoremap ,w :set wrap!<cr>
|
||||||
|
|
||||||
|
" Example of standard two-panel file managers mappings
|
||||||
|
nnoremap <f3> :!less %f<cr>
|
||||||
|
nnoremap <f4> :edit<cr>
|
||||||
|
nnoremap <f5> :copy<cr>
|
||||||
|
nnoremap <f6> :move<cr>
|
||||||
|
nnoremap <f7> :mkdir<space>
|
||||||
|
nnoremap <f8> :delete<cr>
|
||||||
|
|
||||||
|
" Arrow remapping
|
||||||
|
map i <Up>
|
||||||
|
map j <Left>
|
||||||
|
map k <Down>
|
||||||
|
noremap h i
|
||||||
|
|
||||||
|
vnoremap K L
|
||||||
|
vnoremap I H
|
||||||
|
vnoremap H I
|
||||||
|
|
||||||
|
nnoremap K L
|
||||||
|
nnoremap I H
|
||||||
|
nnoremap H I
|
||||||
|
|
||||||
|
" Escape overwrite
|
||||||
|
cmap jj <Esc>
|
||||||
|
|
||||||
|
" fzf
|
||||||
|
command! FZFfind :set noquickview | :execute 'goto "'.system('fd --hidden --exclude .git --exclude node_modules | fzf --preview "ls -lhA --group-directories-first --color=always {}" --preview-window wrap 2>/dev/tty ').'"%IU' | redraw
|
||||||
|
nnoremap <c-p> :FZFfind<cr>
|
|
@ -61,6 +61,8 @@ in {
|
||||||
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
|
xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale;
|
||||||
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
|
xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf;
|
||||||
xdg.configFile."mako/config".source = ./.config/mako/config;
|
xdg.configFile."mako/config".source = ./.config/mako/config;
|
||||||
|
xdg.configFile."vifm/vifmrc".source = ./.config/vifm/vifmrc;
|
||||||
|
xdg.configFile."vifm/colors/base16.vifm".source = ./.config/vifm/colors/base16.vifm;
|
||||||
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
|
xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf;
|
||||||
xdg.configFile."waybar/config".source = ./.config/waybar/config;
|
xdg.configFile."waybar/config".source = ./.config/waybar/config;
|
||||||
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
|
xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css;
|
||||||
|
|
|
@ -7,6 +7,13 @@
|
||||||
psCfg = config.pub-solar;
|
psCfg = config.pub-solar;
|
||||||
wlroots = psCfg.graphical.wayland;
|
wlroots = psCfg.graphical.wayland;
|
||||||
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
|
||||||
|
globalVariables = {
|
||||||
|
EDITOR = "/run/current-system/sw/bin/nvim";
|
||||||
|
VISUAL = "/run/current-system/sw/bin/nvim";
|
||||||
|
|
||||||
|
# Make sure virsh runs without root
|
||||||
|
LIBVIRT_DEFAULT_URI = "qemu:///system";
|
||||||
|
};
|
||||||
variables = {
|
variables = {
|
||||||
XDG_CONFIG_HOME = xdg.configHome;
|
XDG_CONFIG_HOME = xdg.configHome;
|
||||||
XDG_CACHE_HOME = xdg.cacheHome;
|
XDG_CACHE_HOME = xdg.cacheHome;
|
||||||
|
@ -25,11 +32,8 @@
|
||||||
then "pixman"
|
then "pixman"
|
||||||
else "gles2";
|
else "gles2";
|
||||||
|
|
||||||
EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
|
|
||||||
VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim";
|
|
||||||
|
|
||||||
# fix "xdg-open fork-bomb" your preferred browser from here
|
# fix "xdg-open fork-bomb" your preferred browser from here
|
||||||
BROWSER = "${pkgs.firefox-wayland}/bin/firefox";
|
BROWSER = "firefox";
|
||||||
|
|
||||||
# node
|
# node
|
||||||
NODE_REPL_HISTORY = "${xdg.dataHome}/node_repl_history";
|
NODE_REPL_HISTORY = "${xdg.dataHome}/node_repl_history";
|
||||||
|
@ -41,9 +45,6 @@
|
||||||
NPM_CONFIG_CACHE = "${xdg.configHome}/npm";
|
NPM_CONFIG_CACHE = "${xdg.configHome}/npm";
|
||||||
# TODO: used to be XDG_RUNTIME_DIR NPM_CONFIG_TMP = "/tmp/npm";
|
# TODO: used to be XDG_RUNTIME_DIR NPM_CONFIG_TMP = "/tmp/npm";
|
||||||
|
|
||||||
# Make sure virsh runs without root
|
|
||||||
LIBVIRT_DEFAULT_URI = "qemu:///system";
|
|
||||||
|
|
||||||
# wine
|
# wine
|
||||||
WINEPREFIX = "${xdg.dataHome}/wineprefixes/default";
|
WINEPREFIX = "${xdg.dataHome}/wineprefixes/default";
|
||||||
|
|
||||||
|
@ -86,23 +87,6 @@
|
||||||
|
|
||||||
# FZF shell history widget default colors
|
# FZF shell history widget default colors
|
||||||
FZF_DEFAULT_OPTS = lib.mkForce "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7 --color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062 --color=marker:#ef9062,fg+:#d3d1d4,prompt:#e5c463,hl+:#7accd7";
|
FZF_DEFAULT_OPTS = lib.mkForce "--color=bg+:#2d2a2e,bg:#1a181a,spinner:#ef9062,hl:#7accd7 --color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062 --color=marker:#ef9062,fg+:#d3d1d4,prompt:#e5c463,hl+:#7accd7";
|
||||||
|
|
||||||
# nnn theme colors
|
|
||||||
NNN_FCOLORS = let
|
|
||||||
BLK = "04";
|
|
||||||
CHR = "04";
|
|
||||||
DIR = "04";
|
|
||||||
EXE = "02";
|
|
||||||
REG = "00";
|
|
||||||
HARDLINK = "01";
|
|
||||||
SYMLINK = "01";
|
|
||||||
MISSING = "01";
|
|
||||||
ORPHAN = "07";
|
|
||||||
FIFO = "05";
|
|
||||||
SOCK = "05";
|
|
||||||
OTHER = "02";
|
|
||||||
in
|
|
||||||
BLK + CHR + DIR + EXE + REG + HARDLINK + SYMLINK + MISSING + ORPHAN + FIFO + SOCK + OTHER;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
envListNames = lib.attrsets.mapAttrsToList (name: value: name) variables;
|
envListNames = lib.attrsets.mapAttrsToList (name: value: name) variables;
|
||||||
|
@ -120,5 +104,5 @@ in {
|
||||||
systemd.user.sessionVariables = variablesWithMeta;
|
systemd.user.sessionVariables = variablesWithMeta;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.variables = variablesWithMeta;
|
environment.variables = globalVariables;
|
||||||
}
|
}
|
||||||
|
|
24
secrets/drone-db-secrets.age
Normal file
24
secrets/drone-db-secrets.age
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw 4IYDRUd6wQzWDLzyFLPzy/t8L1V1UT/KwgfMLvDn5GQ
|
||||||
|
4lKiqrafTVNtmcbbWdDsEkPSaN0/1Ud1k+rW1p0Wi0I
|
||||||
|
-> ssh-ed25519 BVsyTA 5kVXS829ZZONa7iqxXQXpcQ4eoKEH14Aah6Oo6plWjE
|
||||||
|
Rv06OqEOnVjrlwBy8JtfV+v+arbqrO2Cv6paIx0Bzf0
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
dvnz72ZtLpuBJfJEoXBb9TyQuEtNK1VZBXtSq9X7RL4fg4rbvGWRiGwl+IH1u8Tp
|
||||||
|
6TPephD603lGkxhglh9KlmVp7vqZ4ILRN9836b4Ic0kPttK7iCWoRQsLzHMpwQyD
|
||||||
|
Lb8ViRCIj+a2ZWfThaxjSXjXgDR5ZJGrnSwHhxsK9R3A4YUhT8jLvVRCfrUYhtPu
|
||||||
|
9AhhT3P9FceflBJzIrD0lozYyaFi5eV4dySAgGyuuBzPXmdWZiOoEbArV9M/N1ss
|
||||||
|
LJ/Nf23Ki39qe8w6YelcbhZTi6D2zfOA34Rd+QO8xzZFKKk0iZVSJ0ODk0I42itY
|
||||||
|
rxiOQFX3Mpv2/FoqOzJY9WeFHHw61pfZid5UkjFLaongel60a0QSrJvhNoz8J5Jp
|
||||||
|
k1GitKbBJl9V69XDY8RqQyDspImOkf7M7497C3OjdUtQkzC2cHzIfbDIi36Oifyp
|
||||||
|
254KLVyCtArCqKZClnwcXAl9KtP4d9FM1TL7vSsJM67wfSpWakm5gptSM3WyYsZy
|
||||||
|
Y2NkVU/Mk1AQLyrYKz+jtEwTmcrGo8zUFwKQZrXkytNV+vlWxwUAjZupNef5Ih7F
|
||||||
|
6okWpmRTjozIZzdJgAHSJ96nnbu5QZt0GmmJ+LtCfIZ+1W3M156hODwCaN9Qg6Ki
|
||||||
|
30MR/njAjWE7o5TB+gI6iV2OYxd0/Yqyy9lIdEEllFk
|
||||||
|
-> ssh-ed25519 cakP9w usfEkp11W/3dAIKp0EcTL0NJe8cMHLJamShjSEbc+EA
|
||||||
|
cVK/YSYLIvcXeZWpqEUHkwufHxOIR4uYOvZGi2eMNz4
|
||||||
|
-> ym-grease
|
||||||
|
INN4gag+EYKDUsKFd8N2CrLBWtRGC/BKP4IEfaAt4a5L1FFUAeEaRRAfuQ5ZWvnG
|
||||||
|
vV0T8ASMwsMJ07X2X2faghc
|
||||||
|
--- 7BrGKq+40E31/Jz0C6jg7Jequ0k4W+71wjLGLdR+9vg
|
||||||
|
†Ì" чdRY$†ñ œîŽÌÚZüä“w2« £AKà MŒÜ./ÀžÌàU!ûÐÖj'$¡û¥šâ 8n`<60>û5ÛDØñ0J<Û<>¸ßˆëÂ*¹YÎ>“†›³R¹fÍ•²Š|/ôlS‰ÄòJÚëÊ`2‘á[§ƒ í™ì
|
BIN
secrets/drone-secrets.age
Normal file
BIN
secrets/drone-secrets.age
Normal file
Binary file not shown.
BIN
secrets/gitea-database-password.age
Normal file
BIN
secrets/gitea-database-password.age
Normal file
Binary file not shown.
23
secrets/gitea-mailer-password.age
Normal file
23
secrets/gitea-mailer-password.age
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw KuyePsvWNh4rYXs8Eiq7JXZdVOUzewtQ9jEcOqTOTCs
|
||||||
|
69jfk3fZ9gTJyq1dIJmi9KGAhlZ307fQLSgPmDm7/yQ
|
||||||
|
-> ssh-ed25519 BVsyTA V9RtiFn2g/7PPL3ragEn51VIiRyKlW889Uc1fAqkc0I
|
||||||
|
IQv7b2Rei0rdp0MJEsSqwQmjUmWlNcUHjzvsEk/anro
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
RfWK33SKHaI2/gw3/1h76dhJq/0z1fgl8JVjsKmPgj/K+TPH05DoObBmKG2wAwcg
|
||||||
|
xA48ejVh4zIHhQkbTrnfOYUo32WJvtxEzDZcgwi2ZOJlhrZ8p8aIcoGVgcNiPI8V
|
||||||
|
S2hN52aCjKtnz6+zzBaEsbsNEyqlAD6hIvjnBDgQUNy9tVSWhPZbbkkLD7vZ24iH
|
||||||
|
MilVTDV6jUAxlgq+Yb3bxIyYhFlb0ACkc9D3XxmKp4Ukcag9HJ1dn0OPw2NEdEnO
|
||||||
|
KCydY9aHqcw8nbTpDLzwXPgh6HPKXa7aNrfvKRrM6B6nA4Cy8hr+QcxBCEYBsVdm
|
||||||
|
dzojEhJm/SccBhEbzPRyla1dUsdfM8tQzy4hg/4bAvmSb3sSqZX3LUhE8NhPML4c
|
||||||
|
Vb5+0GUOyQ8zPZfORoT6L7785d5eeWJ9SbKnr2rteEJfzOLeHdM/IdJNXgP0u6ee
|
||||||
|
BMaf/Jo3A6JPpYurHvUCWPulyEsic7LuVrEi6HnQmzeX342B7Gn/srL6YzsfGeV+
|
||||||
|
j1G1AIUv+QHdz4bX3oqGgqwVGaPbcRClZDnB/Gq+a3E+zJVEGnFagoBSDE2/jpC0
|
||||||
|
KXAzaS3CaZ4wqKRZJA/GGWu+KZXA7F87Gr1I84jwdhyn6Dr1l51z0s4NFx6gmYW2
|
||||||
|
Nz7QUZz15DNcIXLdpz3XJqSpJ1sinkcVkCdQykv+miI
|
||||||
|
-> ssh-ed25519 cakP9w Ghr10m5/sD5g4yyMtOrPiO3SEbmhrXMjtRVQf8c4I3E
|
||||||
|
hbb4UOdZ7E2u7ImAAkyr4FV/pACSEopucguPLjQYo98
|
||||||
|
-> 7=-grease <]_?g0s
|
||||||
|
|
||||||
|
--- 2SbSEW2lbLlhNC7fPB52ZLLfhV1kywGzsLKFhZHRZaE
|
||||||
|
ÔîæqX›yónÃ}øqÍ
¥ïzYv1tc¢nÚp¨v“Þ!ðλOÑ觃â>
|
24
secrets/hosting.de-api-key.age
Normal file
24
secrets/hosting.de-api-key.age
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw 20k6EMk3iFO98VaGMQVxAxLuCIKp8M8DN3SucCtNNlM
|
||||||
|
Za5+geQFA/CVkj/IADKmrj3EIsKcj4l9jETuvQbApCE
|
||||||
|
-> ssh-ed25519 BVsyTA vqpU3pzGierKMAKK0Gn/xvEkdebGgfahP5CmRE8tZTY
|
||||||
|
ZsmYvYgFzOL2PL1mLJ8vwoWiT1bngJq1Y4P3MBYcbbI
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
chQyiXGW3eND86nYKKZVX3Tr3MKVYJXoQccbYn5yGEmXw17U67z2YgbgXcKJGszE
|
||||||
|
FiOKe6fWCbrnCi/GkktM+bbnbJtfCOFK/J2VlVQrHScibel0z4+yd0aeH02EVHla
|
||||||
|
34vcv2Tdi09BVn5Me2Gh94/CKgzAiIIHmvDfYFsBZNQOalAbn0PvpHFJcVnf2DsR
|
||||||
|
bVgOKL8l4mHz/gihI5cCr5snz3ClhHv/aFbTR2QpHPKAfz5aRi0pe9phpqv9TDb9
|
||||||
|
3taeIDZ2dIVpASyqIBxzxzep6liJrupldmQQGpzleKpRfqPWrM5BAmMHr6/LiP24
|
||||||
|
caHaP7SOVTr1s1wo4Qh8x97LrXYe2AEmJogteoLJddYYgqYhJuoCS62dDbyry32D
|
||||||
|
3BHJTcxl2OsgFDP9Q9uABhwNExdu9z7ohbvyOwZ3ZkgEbpFOKPAOExKK0FV6C5R3
|
||||||
|
nKox0yPZGIsTP0wjjyWlZAwUkNIj1m5gXL6l3h4930EnPZFe7vg+lfC/4v2V21pE
|
||||||
|
l5U1a+LqBzOk7qCgVgtbAZZEIvK8s0kZYLmPmtMyjIm/mnl6yxY80Kwf6oTlb6KN
|
||||||
|
bFopzuBfmCZk3hVzkrVDmpxpWTcFclSG7H/R+1SSibHOL0RcLuULhrVHd4qOPYrQ
|
||||||
|
I4jDt3nmUKU1si1IhOQe20NKG3DokMGDQk3balKIMfU
|
||||||
|
-> ssh-ed25519 cakP9w zXYz3ME+JJqwpWGFlnHzTxNTvpGMXAZB00rrh0MN1wc
|
||||||
|
tgNVf1JJWPkU7TxYcakGE+omp1fNqwXVzyQBpPAdVCU
|
||||||
|
-> Sq|yWUT-grease N>}A9
|
||||||
|
TvMfldFuvLXmFvEmgZTd8zXY2iH9Sw
|
||||||
|
--- jyypo7T4RplBaZ94/suJgMliWbt4tQNMhrDUv/YMaYE
|
||||||
|
ž ÒS=Š8¶¨å¹Æ¸k®C¶³UÜŽ<C39C>2eõX}$G-oØžCÖl=ýÛQ¥û_§áÞ¡r)ädâyHûiÇ<69>[*aµÄ R®ã
|
||||||
|
X
|
BIN
secrets/keycloak-database-password.age
Normal file
BIN
secrets/keycloak-database-password.age
Normal file
Binary file not shown.
23
secrets/mailman-core-secrets.age
Normal file
23
secrets/mailman-core-secrets.age
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw gkhWIVF4XyeitN9y4jhIplrFAzkT+vUIXyyQKh/7IwU
|
||||||
|
DWi5ZfTdf9QzqTFLD++3ctckO9DiBOynHqWfhyc4InI
|
||||||
|
-> ssh-ed25519 BVsyTA afwxuuU7CZIzOZeN0aNDsPm3GQc1/pK1PJ9Yc6DnoHk
|
||||||
|
2wkHEvDZb8FoRygCn08arkh2GZh5nxMO2ag5y7nAdzA
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
KZRclxsJja35rXgVUlFqBe3tOEryUTePT748oNs5LJoAi/h9PnRwIW4K/pzgFqVL
|
||||||
|
ADcMb5T8WBqDJ/JvZKkOXOERIj9K2KGx2ETCYat0wgB/ojB8ER7NIsEaVmcbKyY0
|
||||||
|
5x7DP07DGdkdkzfPNaRhsFBL4xoF8LxrR3ZjKR++c0ICMQ6WKOuXB0J6spBv15rR
|
||||||
|
IE4yOpV+vhYoUh1X9tGKfNthxKnV40FtJX6ucSmIoGbRAzdZUACRDRVjWgNVJc+x
|
||||||
|
ucbOnJE1UA1T/ttxFRkjIFg7jPyv75YPAUO+/u+0xrxQfsDhXY4zuvz+2Ze9gwue
|
||||||
|
WQWHR2kKrv5udYCMLCug1f1QpgeBiysW+EzseR0sgLfSNGH/sssB8RNnXU2hruc0
|
||||||
|
oMvnsSNTfLCD+xzMbDhJbELI415sVfbJ9Lm29Sv60k03aW7HagTdNGwQJ8qJeeeX
|
||||||
|
XM+z089encgbej/iuruH4JVDAdiNzuEZMgCKWhmcX2VKQxunWTWCdUGpuotL4mL/
|
||||||
|
xHxjmz2eEKF3KuSSmEuvtqMkVVJYRbpIjj7p1cMGE2DsA/sTWEd49hSBkkfV12pt
|
||||||
|
lxyk1/0bPRI90qQb6slRm9R9DRwJp1v9Cht/ZEmNvOdXskTgBT3hyi6/8ykYZlvT
|
||||||
|
ogX3qz4OF7KftBA+5YHWvA99tvKmUKN6bcCWVbFwtDo
|
||||||
|
-> ssh-ed25519 cakP9w hMZotYYfld14w9/8QGj7D0iTeXJ3CZ6h08PF1mjrqmQ
|
||||||
|
9ZJMVHwwU/a0AJNmSXHf9q/4Ap1tJvhXCsga0nY2REw
|
||||||
|
-> ukh-grease
|
||||||
|
k5f1OA
|
||||||
|
--- qmDVJB1ai7/Ps+Wb2fXtyM5rIvH9e/2u6dDbf1/EefE
|
||||||
|
³lö—ƒj£C$ŽÁ”Î ý£ïð·X™¤ü—mË)(-bôIÙ1
pÀÊý&ˆI¶DºÞQ?cvŠ ’y‹\†¾>cAïãÞwJ)Ÿxme^,¿y±ÉÓÚÂænv\ÍE®º`…¹ô³3²â™LÑÍxŸ„úÁ%ü6rŒ).öx.¶Bü Ó|W£6ù½Àœóüä0%t.YyÆ4u½¯R±Ãe±Ó*‚ /Wi!PKj3‚½tG‘¬nôüüIoVÍ-ÂIᄤ<E2809E>6e‰€G6$Õ|(>]ißt½ÎÚ<C38E>k1ue»ª·,jómÆl,~Ïß×#fY>quÏz¤`íø4{ÙÜÝVj¢ÊÒï/ž’:3zºÜãj ?y˦€Aq!ʪÁ\N3žò.¡áïë ŽW•®¢œ« p˜9˜µ‘¼å®ŒÛ
|
23
secrets/mailman-db-secrets.age
Normal file
23
secrets/mailman-db-secrets.age
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 Y0ZZaw vcObihtzXJ3+hQDnNQ37nWiv6I+aSfX6u5U/KAxO+Rk
|
||||||
|
hrcPHjL0qMaFN6Rj0AqO73L0EpH6H1AjC6cHwoJiDa4
|
||||||
|
-> ssh-ed25519 BVsyTA O7ALAsno95CTjlrHpYeUhw5avBHYzVZLP/c8nPg+BCY
|
||||||
|
mx3H5mB6Q1WavsjIIuUIC6pe/YHTE45bRh6SDbTZEhQ
|
||||||
|
-> ssh-rsa kFDS0A
|
||||||
|
pj+13dL6H7gPkh/b3vZOztRM7VdSElkeB4SjsfZh2lZoMpjhuiQuUauxJl+pAAXZ
|
||||||
|
37evEIcAmDnrl2+tBXq/9krry4DbpYRL7Mz4TYjYmSn2sRDDd4q/Tv1bXdLwuZ8G
|
||||||
|
svq1qWhDkAsL6rxzpOV+EsE2EyZxtGx0Odgp7GMmAJq1Vrm8NUF/+Nh3V8LtDmtz
|
||||||
|
08tgebfKoWDRFnDbWN7Du+TN9TUp4MlpMPUqjJPDVmsVsVsKTRvck+M8iTaf9HPv
|
||||||
|
GJ9TNPwDN9ZvL+0jFd+v440MqXsejsrxIxPHQ/KsgnOciiW58Drn2vNyBL3FVYxG
|
||||||
|
C+JzKsRl3AQpP6qoXv5I1pwitI9yLXf+7aSyVUANUWU3ZG8M1KIGtIBTMHAh4w+B
|
||||||
|
yJl5qwY2Ty3FKbi3alT7SdWBlRK/m6Lqh6qFSa9kptpgIQ6D3nzWOhrs8tdRFuYm
|
||||||
|
6ilwarYuDXD+eLukBJ63l1OL1jVicLpMJXp40v2iQisDR3ifW7dHRXyadGIBvbHl
|
||||||
|
6c9ZQP6WritVR3CCZIHSBoxnUD5pGV+KbfbHh0Q1E2goV4SOGyivG4q9iXKIGk6A
|
||||||
|
S1Yl5/kwA+/gzc0VdgQmcr9dFe8jC4n5SsaFRAzr+2e+IjH2EhinJlERFwxDJ6+q
|
||||||
|
ADeLbCApDA2mKNBiZ2c1p12F+iL7Vk07xLV0owHvNOw
|
||||||
|
-> ssh-ed25519 cakP9w ay0pLMA3UdI/7XtF9GgftyKavJe89NqdpzYVP4+Trgk
|
||||||
|
ptOrYOEC7NgQPXF3EnuUaySQqJqP30Ez1lY+0RmXUTg
|
||||||
|
-> ma-grease (S#' ?5>*(YT
|
||||||
|
N6grE/WR7SJGCaVJcWYSVxeeiA
|
||||||
|
--- +u1sOmxTLHDiBiOFP0aI7VQvxQX3NYnq586q4LhJk1Q
|
||||||
|
»?S ÿ¿…¹aª“à_²ÑcÄY-ù Å®$¦{]s]<7F>…<EFBFBD>ª2µÎQbÁXˆ|Å^µÿ:Xþ"õðøã§rÐÅ݉p”w±I=WUúØdBȉÄC òž
2¿¹Ê„+àI\a¬ú¸ù5ì$TG[òè=ËÖ ?_¶ p™¢°‘â²™d^ó%Ô&èTΔ¥ÿàNÚ
|
BIN
secrets/mailman-web-secrets.age
Normal file
BIN
secrets/mailman-web-secrets.age
Normal file
Binary file not shown.
|
@ -1,8 +1,31 @@
|
||||||
let
|
let
|
||||||
# set ssh public keys here for your system and user
|
# set ssh public keys here for your system and user
|
||||||
system = "";
|
b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw==";
|
||||||
user = "";
|
teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
|
||||||
allKeys = [system user];
|
flora-6 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP1InpTBN4AlF/4V8HHumAMLJzeO8DpzjUv9Co/+J09 root@pub-solar-infra-vm-1";
|
||||||
|
nougat-2-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINELr5Bvr15GqCHevg9QP8oYFgmaRUUHcPFf4MZho9gI root@nougat-2";
|
||||||
|
|
||||||
|
allKeys = [
|
||||||
|
flora-6
|
||||||
|
teutat3s-dumpyourvms
|
||||||
|
b12f-bbcom
|
||||||
|
nougat-2-host
|
||||||
|
];
|
||||||
|
|
||||||
|
deployKeys = [
|
||||||
|
flora-6
|
||||||
|
teutat3s-dumpyourvms
|
||||||
|
b12f-bbcom
|
||||||
|
nougat-2-host
|
||||||
|
];
|
||||||
in {
|
in {
|
||||||
"secret.age".publicKeys = allKeys;
|
"gitea-database-password.age".publicKeys = deployKeys;
|
||||||
|
"gitea-mailer-password.age".publicKeys = deployKeys;
|
||||||
|
"keycloak-database-password.age".publicKeys = deployKeys;
|
||||||
|
"drone-secrets.age".publicKeys = deployKeys;
|
||||||
|
"drone-db-secrets.age".publicKeys = deployKeys;
|
||||||
|
"mailman-core-secrets.age".publicKeys = deployKeys;
|
||||||
|
"mailman-web-secrets.age".publicKeys = deployKeys;
|
||||||
|
"mailman-db-secrets.age".publicKeys = deployKeys;
|
||||||
|
"hosting.de-api-key.age".publicKeys = deployKeys;
|
||||||
}
|
}
|
||||||
|
|
42
users/barkeeper/default.nix
Normal file
42
users/barkeeper/default.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
hmUsers,
|
||||||
|
pkgs,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
psCfg = config.pub-solar;
|
||||||
|
in {
|
||||||
|
config = {
|
||||||
|
home-manager.users = {inherit (hmUsers) barkeeper;};
|
||||||
|
|
||||||
|
pub-solar = {
|
||||||
|
# These are your personal settings
|
||||||
|
# The only required settings are `name` and `password`,
|
||||||
|
# The rest is used for programs like git
|
||||||
|
user = {
|
||||||
|
name = "barkeeper";
|
||||||
|
description = "pub.solar infra user";
|
||||||
|
password = "$6$MCJ28kLwfNl9SNDq$Oh9eT6Sn6z4xGrQsLlIBI7cvJzX3P5As59OSZ.hoeBWc79Un2YdwH/hRIC.4ZDOuwQp0lHI82dNn/xeTaCn631";
|
||||||
|
fullName = "pub.solar infra barkeeper";
|
||||||
|
email = "admins@pub.solar";
|
||||||
|
gpgKeyId = "";
|
||||||
|
publicKeys = [
|
||||||
|
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
|
||||||
|
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
|
||||||
|
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
|
||||||
|
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
||||||
|
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU axeman@tuxnix"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue