diff --git a/.drone.yml b/.drone.yml
index b4d4bb92..4cf4b3b2 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,12 +1,11 @@
---
kind: pipeline
-type: exec
+type: docker
name: Check
-node:
- hosttype: baremetal
steps:
- name: "Check"
+ image: docker.nix-community.org/nixpkgs/nix-flakes:latest
when:
event:
- pull_request
@@ -21,8 +20,6 @@ steps:
kind: pipeline
type: exec
name: Tests
-node:
- hosttype: baremetal
steps:
- name: "Tests"
@@ -148,6 +145,6 @@ volumes:
---
kind: signature
-hmac: 291be33bbf2954d1f5e4bf569679e24a773e7d6f90db4765fb9dacb3686a825e
+hmac: 3e6a89e903e214f21d488eba82863683b130ef6dbc2dc352377d4fd94ab3cd0c
...
diff --git a/.editorconfig b/.editorconfig
index 96e5188b..0cce8f93 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -24,6 +24,14 @@ charset = unset
indent_style = unset
indent_size = unset
+[*.rom]
+end_of_line = unset
+insert_final_newline = unset
+trim_trailing_whitespace = unset
+charset = unset
+indent_style = unset
+indent_size = unset
+
[*.py]
indent_size = 4
diff --git a/.gitignore b/.gitignore
index 37acdb01..012da5d3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -7,7 +7,7 @@ vm
iso
doi
-pkgs/_sources/.shake*
-
+# PubSolarOS
tags
/owners
+pkgs/_sources/.shake*
diff --git a/flake.lock b/flake.lock
index 060a2aea..ba2292ac 100644
--- a/flake.lock
+++ b/flake.lock
@@ -42,11 +42,11 @@
]
},
"locked": {
- "lastModified": 1667419884,
- "narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=",
+ "lastModified": 1667294277,
+ "narHash": "sha256-YhVGYUpPZNpJZ8z3Sq9aT6n1/B8vKtfRfwaCtbsosxk=",
"owner": "LnL7",
"repo": "nix-darwin",
- "rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100",
+ "rev": "b7177030643374e698c29e993c2808efa7b85aaf",
"type": "github"
},
"original": {
@@ -205,22 +205,6 @@
"type": "github"
}
},
- "flake-compat_4": {
- "flake": false,
- "locked": {
- "lastModified": 1650374568,
- "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
- "owner": "edolstra",
- "repo": "flake-compat",
- "rev": "b4a34015c698c7793d592d66adbab377907a2be8",
- "type": "github"
- },
- "original": {
- "owner": "edolstra",
- "repo": "flake-compat",
- "type": "github"
- }
- },
"flake-utils": {
"locked": {
"lastModified": 1642700792,
@@ -272,11 +256,11 @@
},
"flake-utils_3": {
"locked": {
- "lastModified": 1667077288,
- "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=",
+ "lastModified": 1659877975,
+ "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
- "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817",
+ "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
@@ -292,11 +276,11 @@
]
},
"locked": {
- "lastModified": 1667677389,
- "narHash": "sha256-y9Zdq8vtsn0T5TO1iTvWA7JndYIAGjzCjbYVi/hOSmA=",
+ "lastModified": 1667299227,
+ "narHash": "sha256-vAJPFSDYUq3DdCL8OzTg4xObRNW+yA1Pt+NzbhGu1f8=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "87d55517f6f36aa1afbd7a4a064869d5a1d405b8",
+ "rev": "f0ecd4b1db5e15103e955b18cb94bea4296e5c45",
"type": "github"
},
"original": {
@@ -324,11 +308,11 @@
},
"latest_2": {
"locked": {
- "lastModified": 1667629849,
- "narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=",
+ "lastModified": 1667231093,
+ "narHash": "sha256-RERXruzBEBuf0c7OfZeX1hxEKB+PTCUNxWeB6C1jd8Y=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "3bacde6273b09a21a8ccfba15586fb165078fb62",
+ "rev": "d40fea9aeb8840fea0d377baa4b38e39b9582458",
"type": "github"
},
"original": {
@@ -338,6 +322,22 @@
"type": "github"
}
},
+ "master": {
+ "locked": {
+ "lastModified": 1667394072,
+ "narHash": "sha256-RFTHGjI46hg3ggVwSdssAsni5q5YRsQl2SENv5PPAnQ=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "07c0c2707bfc78e2b615eb69977ffc6e366c5ec6",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "ref": "master",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"naersk": {
"inputs": {
"nixpkgs": [
@@ -375,11 +375,11 @@
},
"nixos": {
"locked": {
- "lastModified": 1667653703,
- "narHash": "sha256-Xow4vx52/g5zkhlgZnMEm/TEXsj+13jTPCc2jIhW1xU=",
+ "lastModified": 1667318659,
+ "narHash": "sha256-mRXqCdlnxPgm3Wk7mNAOanl7B3Q3U5scYTEiyYmNEOE=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "f09ad462c5a121d0239fde645aacb2221553a217",
+ "rev": "b3a8f7ed267e0a7ed100eb7d716c9137ff120fe3",
"type": "github"
},
"original": {
@@ -410,11 +410,11 @@
},
"nixos-hardware": {
"locked": {
- "lastModified": 1667768008,
- "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=",
+ "lastModified": 1667283320,
+ "narHash": "sha256-qHvB/6XBKVjjJJCUM+z6/t9HzUC7J55wdY3KJ/ZWSHo=",
"owner": "nixos",
"repo": "nixos-hardware",
- "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34",
+ "rev": "18934557eeba8fa2e575b0fd4ab95186e2e3bde3",
"type": "github"
},
"original": {
@@ -469,18 +469,18 @@
},
"nvfetcher": {
"inputs": {
- "flake-compat": "flake-compat_4",
+ "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixos"
]
},
"locked": {
- "lastModified": 1667620329,
- "narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=",
+ "lastModified": 1667246446,
+ "narHash": "sha256-LTnDoH6B8cez7RAc7K/DJqFrnZr75OMtVsNqtIHIPBU=",
"owner": "berberman",
"repo": "nvfetcher",
- "rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116",
+ "rev": "d5d1289327f26e870991656b2c5598ce62693311",
"type": "github"
},
"original": {
@@ -489,21 +489,38 @@
"type": "github"
}
},
+ "pub-solar": {
+ "locked": {
+ "lastModified": 1654372286,
+ "narHash": "sha256-z1WrQkL67Sosz1VnuKQLpzEkEl4ianeLpWJX8Q6bVQY=",
+ "owner": "pub-solar",
+ "repo": "nixpkgs",
+ "rev": "4995a873a796c54cc49e5dca9e1d20350eceec7b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "pub-solar",
+ "ref": "fix/use-latest-unstable-yubikey-agent",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
"root": {
"inputs": {
"agenix": "agenix",
"darwin": "darwin",
"deploy": "deploy",
"digga": "digga",
- "flake-compat": "flake-compat_3",
"home": "home",
"latest": "latest_2",
+ "master": "master",
"naersk": "naersk",
"nixos": "nixos",
"nixos-generators": "nixos-generators",
"nixos-hardware": "nixos-hardware",
"nur": "nur",
- "nvfetcher": "nvfetcher"
+ "nvfetcher": "nvfetcher",
+ "pub-solar": "pub-solar"
}
},
"utils": {
diff --git a/flake.nix b/flake.nix
index cce3f8ee..d4c44813 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,9 +10,8 @@
# Track channels with commits tested and built by hydra
nixos.url = "github:nixos/nixpkgs/nixos-22.05";
latest.url = "github:nixos/nixpkgs/nixos-unstable";
-
- flake-compat.url = "github:edolstra/flake-compat";
- flake-compat.flake = false;
+ master.url = "github:nixos/nixpkgs/master";
+ pub-solar.url = "github:pub-solar/nixpkgs/fix/use-latest-unstable-yubikey-agent";
digga.url = "github:pub-solar/digga/fix/bootstrap-iso";
digga.inputs.nixpkgs.follows = "nixos";
@@ -60,7 +59,7 @@
inherit self inputs;
channelsConfig = {
- # allowUnfree = true;
+ allowUnfree = true;
};
supportedSystems = [ "x86_64-linux" "aarch64-linux" ];
@@ -71,6 +70,7 @@
overlays = [ ];
};
latest = { };
+ master = { };
};
lib = import ./lib { lib = digga.lib // nixos.lib; };
@@ -128,6 +128,13 @@
iso = base ++ [ base-user graphical pub-solar-iso ];
pubsolaros = [ full-install base-user users.root ];
anonymous = [ pubsolaros users.pub-solar ];
+
+ b12f = pubsolaros ++ [ users.ben social gaming mobile ];
+ biolimo = b12f ++ [ graphical ];
+ chocolatebar = b12f ++ [ graphical virtualisation ];
+
+ yule = pubsolaros ++ [ users.yule ];
+ droppie = yule ++ [ ];
};
};
};
@@ -138,11 +145,13 @@
importables = rec {
profiles = digga.lib.rakeLeaves ./users/profiles;
suites = with profiles; rec {
- base = [ direnv git ];
+ base = [ direnv ];
};
};
users = {
pub-solar = { suites, ... }: { imports = suites.base; };
+ ben = { suites, ... }: { imports = suites.base; };
+ yule = { suites, ... }: { imports = suites.base; };
}; # digga.lib.importers.rakeLeaves ./users/hm;
};
@@ -150,6 +159,10 @@
homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
- deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { };
+ deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
+ droppie = {
+ sshUser = "yule";
+ };
+ };
};
}
diff --git a/hosts/biolimo/.config/sway/config.d/autostart.conf b/hosts/biolimo/.config/sway/config.d/autostart.conf
new file mode 100644
index 00000000..173376b8
--- /dev/null
+++ b/hosts/biolimo/.config/sway/config.d/autostart.conf
@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc
diff --git a/hosts/biolimo/.config/sway/config.d/custom-keybindings.conf b/hosts/biolimo/.config/sway/config.d/custom-keybindings.conf
new file mode 100644
index 00000000..4a954313
--- /dev/null
+++ b/hosts/biolimo/.config/sway/config.d/custom-keybindings.conf
@@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
diff --git a/hosts/biolimo/.config/sway/config.d/input-defaults.conf b/hosts/biolimo/.config/sway/config.d/input-defaults.conf
new file mode 100644
index 00000000..426eb5b5
--- /dev/null
+++ b/hosts/biolimo/.config/sway/config.d/input-defaults.conf
@@ -0,0 +1,9 @@
+input "1739:0:Synaptics_TM3288-011" {
+ dwt enabled
+ tap enabled
+ middle_emulation enabled
+}
+input * {
+ xkb_layout us(intl),de
+ xkb_options ctrl:nocaps
+}
diff --git a/hosts/biolimo/.config/sway/config.d/screens.conf b/hosts/biolimo/.config/sway/config.d/screens.conf
new file mode 100644
index 00000000..f95c13c2
--- /dev/null
+++ b/hosts/biolimo/.config/sway/config.d/screens.conf
@@ -0,0 +1,20 @@
+set $internal eDP-1
+set $middle "Hewlett Packard HP E231 3CQ4290S5J"
+set $standup "Hewlett Packard HP E231 3CQ4251F33"
+
+output $internal {
+ scale 1
+ pos 1080 1080
+}
+
+output $middle {
+ scale 1
+
+ pos 1080 0
+}
+
+output $standup {
+ scale 1
+ transform 90
+ pos 0 0
+}
diff --git a/hosts/biolimo/biolimo.nix b/hosts/biolimo/biolimo.nix
new file mode 100644
index 00000000..b02053d1
--- /dev/null
+++ b/hosts/biolimo/biolimo.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./configuration.nix
+ ];
+
+ config = {
+ pub-solar.paranoia.enable = true;
+ pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+ pub-solar.core.hibernation.resumeOffset = 15296512;
+
+ hardware.cpu.intel.updateMicrocode = true;
+
+ networking.firewall.allowedTCPPorts = [ 5000 ];
+
+ networking.networkmanager.wifi.backend = mkForce "wpa_supplicant";
+
+ home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+ "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
+ };
+
+ home.packages = [
+ inkscape
+ ];
+ };
+ };
+}
diff --git a/hosts/biolimo/configuration.nix b/hosts/biolimo/configuration.nix
new file mode 100644
index 00000000..9f4a341a
--- /dev/null
+++ b/hosts/biolimo/configuration.nix
@@ -0,0 +1,26 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [
+ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "20.09"; # Did you read the comment?
+}
+
diff --git a/hosts/biolimo/default.nix b/hosts/biolimo/default.nix
new file mode 100644
index 00000000..26d7e453
--- /dev/null
+++ b/hosts/biolimo/default.nix
@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+ imports = [
+ ./biolimo.nix
+ ] ++ suites.biolimo;
+}
diff --git a/hosts/biolimo/hardware-configuration.nix b/hosts/biolimo/hardware-configuration.nix
new file mode 100644
index 00000000..309bb376
--- /dev/null
+++ b/hosts/biolimo/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports = [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+ boot.initrd.kernelModules = [ ];
+ boot.kernelModules = [ "kvm-intel" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" = {
+ device = "/dev/disk/by-uuid/abc3fe04-368e-46eb-8c7a-3a829bb2deab";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
+
+ fileSystems."/boot" = {
+ device = "/dev/disk/by-uuid/3B67-0CAB";
+ fsType = "vfat";
+ };
+
+ swapDevices = [
+ {
+ device = "/swapfile";
+ size = 18 * 1024; # 18 GB
+ }
+ ];
+
+ powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+ # high-resolution display
+ hardware.video.hidpi.enable = lib.mkDefault true;
+}
diff --git a/hosts/chocolatebar/.config/sway/config.d/autostart.conf b/hosts/chocolatebar/.config/sway/config.d/autostart.conf
new file mode 100644
index 00000000..173376b8
--- /dev/null
+++ b/hosts/chocolatebar/.config/sway/config.d/autostart.conf
@@ -0,0 +1,6 @@
+# Autostart applications
+#
+# Example:
+# exec swayidle
+
+exec keepassxc
diff --git a/hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf b/hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf
new file mode 100644
index 00000000..4a954313
--- /dev/null
+++ b/hosts/chocolatebar/.config/sway/config.d/custom-keybindings.conf
@@ -0,0 +1,19 @@
+# Touchpad controls
+#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
+
+# Screen brightness controls
+bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
+bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
+
+# Keyboard backlight brightness controls
+bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
+
+# Pulse Audio controls
+bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
+bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
+bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
+# Media player controls
+bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
+bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
+bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"
diff --git a/hosts/chocolatebar/.config/sway/config.d/input-defaults.conf b/hosts/chocolatebar/.config/sway/config.d/input-defaults.conf
new file mode 100644
index 00000000..24725e0a
--- /dev/null
+++ b/hosts/chocolatebar/.config/sway/config.d/input-defaults.conf
@@ -0,0 +1,4 @@
+input * {
+ xkb_layout us(intl),de
+ xkb_options ctrl:nocaps
+}
diff --git a/hosts/chocolatebar/.config/sway/config.d/screens.conf b/hosts/chocolatebar/.config/sway/config.d/screens.conf
new file mode 100644
index 00000000..25869c20
--- /dev/null
+++ b/hosts/chocolatebar/.config/sway/config.d/screens.conf
@@ -0,0 +1,18 @@
+set $left DP-3
+set $middle DP-1
+set $right HDMI-A-1
+
+output $left {
+ scale 1
+ pos 0 0
+}
+
+output $middle {
+ scale 1
+ pos 1920 0
+}
+
+output $right {
+ scale 1
+ pos 3840 0
+}
diff --git a/hosts/chocolatebar/chocolatebar.nix b/hosts/chocolatebar/chocolatebar.nix
new file mode 100644
index 00000000..bb13dce9
--- /dev/null
+++ b/hosts/chocolatebar/chocolatebar.nix
@@ -0,0 +1,64 @@
+{ config, pkgs, lib, self, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./configuration.nix
+ ./virtualisation
+ ./factorio
+ ];
+
+ config = {
+ hardware.cpu.amd.updateMicrocode = true;
+
+ hardware.opengl.extraPackages = with pkgs; [
+ rocm-opencl-icd
+ rocm-opencl-runtime
+ ];
+
+ pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
+ pub-solar.core.hibernation.resumeOffset = 115075072;
+
+ services.openssh.openFirewall = true;
+ networking.firewall.allowedTCPPorts = [ 443 ] ++ (if psCfg.sway.vnc.enable then [ 5901 ] else [ ]);
+
+ environment.systemPackages = with pkgs; [
+ wayvnc
+ drone-docker-runner
+ stdenv.cc.cc.lib
+ ];
+
+ age.secrets."vnc-key.pem" = {
+ file = "${self}/secrets/vnc-key-chocolatebar.pem";
+ mode = "400";
+ owner = psCfg.user.name;
+ };
+ age.secrets."vnc-cert.pem" = {
+ file = "${self}/secrets/vnc-cert-chocolatebar.pem";
+ mode = "400";
+ owner = psCfg.user.name;
+ };
+ pub-solar.sway.vnc.enable = true;
+ pub-solar.ci-runner.enable = true;
+
+ home-manager.users."${psCfg.user.name}" = {
+ xdg.configFile = mkIf psCfg.sway.enable {
+ "sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
+ "sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
+ "sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
+ };
+
+ home.sessionVariables = {
+ NIX_CC = "${pkgs.stdenv.cc}";
+ };
+ };
+
+ # For OpenProject development with https
+ security.pki.certificates = [
+ (builtins.readFile ./step-roots.pem)
+ ];
+ };
+}
diff --git a/hosts/chocolatebar/configuration.nix b/hosts/chocolatebar/configuration.nix
new file mode 100644
index 00000000..4cdd96fd
--- /dev/null
+++ b/hosts/chocolatebar/configuration.nix
@@ -0,0 +1,25 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+ imports =
+ [
+ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
+
+ # Use the systemd-boot EFI boot loader.
+ boot.loader.systemd-boot.enable = true;
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "20.09"; # Did you read the comment?
+}
diff --git a/hosts/chocolatebar/default.nix b/hosts/chocolatebar/default.nix
new file mode 100644
index 00000000..d7548796
--- /dev/null
+++ b/hosts/chocolatebar/default.nix
@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+ imports = [
+ ./chocolatebar.nix
+ ] ++ suites.chocolatebar;
+}
diff --git a/hosts/chocolatebar/factorio/default.nix b/hosts/chocolatebar/factorio/default.nix
new file mode 100644
index 00000000..4c818bec
--- /dev/null
+++ b/hosts/chocolatebar/factorio/default.nix
@@ -0,0 +1,38 @@
+{ config, pkgs, lib, self, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+
+ far-reach = pkgs.stdenv.mkDerivation rec {
+ pname = "factorio-far-reach";
+ version = "1.1.2";
+ src = ./far-reach_1.1.2.zip;
+ phases = [ "installPhase" ];
+ deps = [ ];
+ installPhase = ''
+ mkdir -p $out
+ cp $src far-reach_1.1.2.zip
+ '';
+ };
+in
+{
+ config = {
+ services.factorio = {
+ enable = true;
+ port = 34197; # The default, but make it explicit
+ lan = true;
+ admins = [
+ "doubtwriter"
+ "kattykat"
+ ];
+ openFirewall = true;
+ autosave-interval = 3;
+ game-name = "Babes plays v2";
+ requireUserVerification = false;
+ mods = [
+ far-reach
+ ];
+ };
+ };
+}
diff --git a/hosts/chocolatebar/factorio/far-reach_1.1.2.zip b/hosts/chocolatebar/factorio/far-reach_1.1.2.zip
new file mode 100644
index 00000000..4bae7ec8
Binary files /dev/null and b/hosts/chocolatebar/factorio/far-reach_1.1.2.zip differ
diff --git a/hosts/chocolatebar/hardware-configuration.nix b/hosts/chocolatebar/hardware-configuration.nix
new file mode 100644
index 00000000..7437b2dd
--- /dev/null
+++ b/hosts/chocolatebar/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbcore" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ {
+ device = "/dev/disk/by-uuid/a3a74208-b244-4268-b374-e58265810fce";
+ fsType = "ext4";
+ };
+
+ boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/afcde41f-9811-4ac8-bb7b-a683844acc5c";
+
+ fileSystems."/boot" =
+ {
+ device = "/dev/disk/by-uuid/12FD-62A8";
+ fsType = "vfat";
+ };
+
+ swapDevices = [
+ {
+ device = "/swapfile";
+ size = 68 * 1024; # 68 GB
+ }
+ ];
+
+}
diff --git a/hosts/chocolatebar/step-roots.pem b/hosts/chocolatebar/step-roots.pem
new file mode 100644
index 00000000..0e90e42d
--- /dev/null
+++ b/hosts/chocolatebar/step-roots.pem
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB6DCCAY2gAwIBAgIQD4Q4blCl/ZrTIRU2QpqEOTAKBggqhkjOPQQDAjBSMSMw
+IQYDVQQKExpPcGVuUHJvamVjdCBEZXZlbG9wbWVudCBDQTErMCkGA1UEAxMiT3Bl
+blByb2plY3QgRGV2ZWxvcG1lbnQgQ0EgUm9vdCBDQTAeFw0yMjEwMTgxMTE1NDBa
+Fw0zMjEwMTUxMTE1NDBaMFIxIzAhBgNVBAoTGk9wZW5Qcm9qZWN0IERldmVsb3Bt
+ZW50IENBMSswKQYDVQQDEyJPcGVuUHJvamVjdCBEZXZlbG9wbWVudCBDQSBSb290
+IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu4rN0lOtgxoC83UKONMy2Ns7
+tI0/u6qPp/Cw92xhaTdh/X9ZWKqIhp2VGj2HUJOOfQXrFew7jbLGOvvoXib0Y6NF
+MEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYE
+FPjV1zK2GZu8x4uR0QDotk5kNinEMAoGCCqGSM49BAMCA0kAMEYCIQDS2OpCnHM7
+RV7fFHT3KsG3q4lA3dJUKGighQaQ2qOwNwIhAOMmWGWd3EaD87q4RROyVt3h7vIN
+nMJRu7L9il84hFF2
+-----END CERTIFICATE-----
diff --git a/hosts/chocolatebar/virtualisation/create-service.nix b/hosts/chocolatebar/virtualisation/create-service.nix
new file mode 100644
index 00000000..b88c089b
--- /dev/null
+++ b/hosts/chocolatebar/virtualisation/create-service.nix
@@ -0,0 +1,97 @@
+{ config, pkgs, lib, vm, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
+ generateXML = import ./guest-xml.nix;
+in
+{
+ serviceConfig = {
+ Type = "oneshot";
+ RemainAfterExit = "yes";
+ Restart = "no";
+ };
+
+ script =
+ let
+ networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
+ machineXML = pkgs.writeText "${vm.name}.xml" (vm.generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
+ in
+ ''
+ echo "Checking if ${vm.name} is already running"
+ STATUS=$(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' )
+ if [[ $STATUS != "shut off" && $STATUS != "" ]]; then
+ echo "Domain ${vm.name} is already running or in an inconsistent state:"
+ ${pkgs.libvirt}/bin/virsh list --all
+ exit 0
+ fi
+
+ echo "Creating network XML"
+ NET_TMP_FILE="/tmp/network.xml"
+
+ NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
+ (sed "s/UUID/$NETUUID/" '${networkXML}') > "$NET_TMP_FILE"
+
+ echo "Defining and starting network"
+ ${pkgs.libvirt}/bin/virsh net-define "$NET_TMP_FILE"
+ ${pkgs.libvirt}/bin/virsh net-start 'default' || true
+
+ VARS_FILE=${varsFile}
+ if [ ! -f "$VARS_FILE" ]; then
+ echo "Copying vars filej"
+ cp /run/libvirt/nix-ovmf/OVMF_VARS.fd "$VARS_FILE"
+ fi
+
+ echo "Replacing USB device IDs in the XML"
+ # Load the template contents into a tmp file
+ TMP_FILE="/tmp/${vm.name}.xml"
+ cat "${machineXML}" > "$TMP_FILE"
+
+ # Set VM UUID
+ UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
+ sed -i "s/UUID/''${UUID}/" "$TMP_FILE"
+
+ ${if vm.handOverUSBDevices then ''
+ # Hand over mouse
+ USB_BUS=5
+ USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 005' | cut -b 18)
+ LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
+ sed -i "''${LINE_NUMBER}s/.*//" "$TMP_FILE"
+
+ # Hand over keyboard
+ USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
+ USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
+ LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
+ sed -i "''${LINE_NUMBER}s/.*//" "$TMP_FILE"
+ '' else ""}
+
+ # TODO: Set correct pci address for the GPU too
+
+ # Setup looking glass shm file
+ echo "Setting up looking glass shm file"
+ ${pkgs.coreutils-full}/bin/truncate -s 0 /dev/shm/looking-glass
+ ${pkgs.coreutils-full}/bin/dd if=/dev/zero of=/dev/shm/looking-glass bs=1M count=32
+
+ # Load and start the xml definition
+ echo "Loading and starting the VM XML definition"
+ ${pkgs.libvirt}/bin/virsh define "$TMP_FILE"
+ ${pkgs.libvirt}/bin/virsh start '${vm.name}'
+ '';
+
+ preStop =
+ ''
+ ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
+ let "timeout = $(date +%s) + 10"
+ while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
+ if [ "$(date +%s)" -ge "$timeout" ]; then
+ # Meh, we warned it...
+ ${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
+ else
+ # The machine is still running, let's give it some time to shut down
+ sleep 0.5
+ fi
+ done
+
+ ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
+ '';
+}
diff --git a/hosts/chocolatebar/virtualisation/default.nix b/hosts/chocolatebar/virtualisation/default.nix
new file mode 100644
index 00000000..043e3f23
--- /dev/null
+++ b/hosts/chocolatebar/virtualisation/default.nix
@@ -0,0 +1,78 @@
+{ config, pkgs, lib, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ createService = import ./create-service.nix;
+ generateXML = import ./guest-xml.nix;
+ generateTailsXML = import ./tails-xml.nix;
+
+ isolateGPU = "rx550x";
+ memory = 48; # in GB
+ handOverUSBDevices = true;
+
+ isolateAnyGPU = isolateGPU != null;
+in
+{
+ config = mkIf psCfg.virtualisation.enable {
+ boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
+ "softdep amdgpu pre: vfio vfio_pci"
+ (if isolateGPU == "rx5700xt"
+ then "options vfio-pci ids=1002:731f,1002:ab38"
+ else "options vfio-pci ids=1002:699f,1002:aae0"
+ )
+ ]);
+
+ systemd.user.services = {
+ vm-windows = createService {
+ inherit config;
+ inherit pkgs;
+ inherit lib;
+ vm = {
+ name = "windows";
+ disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
+ id = "http://microsoft.com/win/10";
+ gpu = true;
+ mountHome = false;
+ memory = memory;
+ isolateGPU = isolateGPU;
+ handOverUSBDevices = handOverUSBDevices;
+ generateXML = generateXML;
+ };
+ };
+ vm-manjaro = createService {
+ inherit config;
+ inherit pkgs;
+ inherit lib;
+ vm = {
+ name = "manjaro";
+ disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
+ id = "https://manjaro.org/download/#i3";
+ gpu = true;
+ mountHome = true;
+ memory = memory;
+ isolateGPU = isolateGPU;
+ handOverUSBDevices = handOverUSBDevices;
+ generateXML = generateXML;
+ };
+ };
+ vm-tails = createService {
+ inherit config;
+ inherit pkgs;
+ inherit lib;
+ vm = {
+ name = "tails";
+ disk = "/var/lib/vms/tails/tails-amd64-5.4.iso";
+ # disk = "/var/lib/vms/nixos/nixos-minimal.iso";
+ id = "https://tails.boum.org/install/index.en.html";
+ gpu = false;
+ mountHome = false;
+ memory = 16;
+ isolateGPU = isolateGPU;
+ handOverUSBDevices = false;
+ generateXML = generateTailsXML;
+ };
+ };
+ };
+ };
+}
diff --git a/hosts/chocolatebar/virtualisation/guest-xml.nix b/hosts/chocolatebar/virtualisation/guest-xml.nix
new file mode 100644
index 00000000..876c6714
--- /dev/null
+++ b/hosts/chocolatebar/virtualisation/guest-xml.nix
@@ -0,0 +1,246 @@
+{ config, pkgs, lib, vm, varsFile, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ home = config.home-manager.users."${psCfg.user.name}".home;
+in
+''
+
+ ${vm.name}
+ UUID
+
+
+
+
+
+ ${toString vm.memory}
+ ${toString vm.memory}
+ 12
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /machine
+
+
+ hvm
+ /run/libvirt/nix-ovmf/OVMF_CODE.fd
+ ${varsFile}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ EPYC-IBPB
+ AMD
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ destroy
+ restart
+ destroy
+
+
+
+
+
+ ${pkgs.qemu}/bin/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ${if vm.mountHome then ''
+
+
+
+
+
+ '' else ""}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ${if vm.handOverUSBDevices then ''
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ '' else ""}
+ ${if vm.gpu && vm.isolateGPU != null then ''
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ '' else ""}
+
+
+
+
+
+
+
+
+
+
+
+ 32
+
+
+
+
+
+
+
+
+
+
+
+''
diff --git a/hosts/chocolatebar/virtualisation/network-xml.nix b/hosts/chocolatebar/virtualisation/network-xml.nix
new file mode 100644
index 00000000..81882917
--- /dev/null
+++ b/hosts/chocolatebar/virtualisation/network-xml.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, lib, ... }:
+''
+
+ default
+ UUID
+
+
+
+
+
+
+
+
+
+
+
+
+
+''
diff --git a/hosts/chocolatebar/virtualisation/rx550x.rom b/hosts/chocolatebar/virtualisation/rx550x.rom
new file mode 100644
index 00000000..e5724915
Binary files /dev/null and b/hosts/chocolatebar/virtualisation/rx550x.rom differ
diff --git a/hosts/chocolatebar/virtualisation/rx5700xt.rom b/hosts/chocolatebar/virtualisation/rx5700xt.rom
new file mode 100644
index 00000000..cd94f2c1
Binary files /dev/null and b/hosts/chocolatebar/virtualisation/rx5700xt.rom differ
diff --git a/hosts/chocolatebar/virtualisation/tails-xml.nix b/hosts/chocolatebar/virtualisation/tails-xml.nix
new file mode 100644
index 00000000..5efefb22
--- /dev/null
+++ b/hosts/chocolatebar/virtualisation/tails-xml.nix
@@ -0,0 +1,183 @@
+{ config, pkgs, lib, vm, varsFile, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ home = config.home-manager.users."${psCfg.user.name}".home;
+in
+''
+
+ ${vm.name}
+ UUID
+
+
+
+
+
+ ${toString vm.memory}
+ ${toString vm.memory}
+ 8
+
+ hvm
+
+
+
+
+
+
+
+
+
+
+
+
+
+ destroy
+ restart
+ destroy
+
+
+
+
+
+ /run/libvirt/nix-emulators/qemu-system-x86_64
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ /dev/urandom
+
+
+
+ ''
diff --git a/hosts/droppie/configuration.nix b/hosts/droppie/configuration.nix
new file mode 100644
index 00000000..bf1d4873
--- /dev/null
+++ b/hosts/droppie/configuration.nix
@@ -0,0 +1,29 @@
+# Edit this configuration file to define what should be installed on
+# your system. Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+{
+ imports =
+ [
+ # Include the results of the hardware scan.
+ ./hardware-configuration.nix
+ ];
+
+ boot.loader.systemd-boot.enable = lib.mkForce false;
+ boot.loader.grub = {
+ enable = true;
+ efiSupport = true;
+ device = "nodev";
+ };
+ boot.loader.efi.canTouchEfiVariables = true;
+
+ # This value determines the NixOS release from which the default
+ # settings for stateful data, like file locations and database versions
+ # on your system were taken. It‘s perfectly fine and recommended to leave
+ # this value at the release version of the first install of this system.
+ # Before changing this value read the documentation for this option
+ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+ system.stateVersion = "21.11"; # Did you read the comment?
+}
+
diff --git a/hosts/droppie/default.nix b/hosts/droppie/default.nix
new file mode 100644
index 00000000..87c64f2f
--- /dev/null
+++ b/hosts/droppie/default.nix
@@ -0,0 +1,6 @@
+{ suites, ... }:
+{
+ imports = [
+ ./droppie.nix
+ ] ++ suites.droppie;
+}
diff --git a/hosts/droppie/droppie.nix b/hosts/droppie/droppie.nix
new file mode 100644
index 00000000..4e03b6c2
--- /dev/null
+++ b/hosts/droppie/droppie.nix
@@ -0,0 +1,66 @@
+{ config, pkgs, lib, self, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./configuration.nix
+ ];
+
+ config = {
+ hardware.cpu.intel.updateMicrocode = true;
+
+ pub-solar.core.disk-encryption-active = false;
+ pub-solar.core.lite = true;
+
+ security.sudo.extraRules = [
+ {
+ users = [ "${psCfg.user.name}" ];
+ commands = [
+ {
+ command = "ALL";
+ options = [ "NOPASSWD" ];
+ }
+ ];
+ }
+ ];
+
+ services.openssh.knownHosts = {
+ "cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
+ };
+
+ systemd.services.ssh-tunnel-cloud-pub-solar = {
+ unitConfig = {
+ Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
+ After = [ "network.target" ];
+ };
+ serviceConfig = {
+ Type = "simple";
+ ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
+ User = psCfg.user.name;
+ Group = "users";
+ Restart = "always";
+ RestartSec = "5s";
+ };
+ wantedBy = [ "default.target" ];
+ };
+
+ services.ddclient = {
+ enable = true;
+ ipv6 = true;
+ domains = [ "backup.b12f.io" ];
+ server = "ddns.hosting.de";
+ username = "b12f";
+ use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
+ passwordFile = "/run/agenix/dyndns-droppie.key";
+ };
+
+ age.secrets."dyndns-droppie.key" = {
+ file = "${self}/secrets/dyndns-droppie.key";
+ mode = "400";
+ owner = "root";
+ };
+ };
+}
diff --git a/hosts/droppie/hardware-configuration.nix b/hosts/droppie/hardware-configuration.nix
new file mode 100644
index 00000000..3c63750d
--- /dev/null
+++ b/hosts/droppie/hardware-configuration.nix
@@ -0,0 +1,54 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [
+ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "ahci" "usbhid" "uas" ];
+ boot.initrd.kernelModules = [ "dm-snapshot" ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ {
+ device = "/dev/disk/by-uuid/1dca9d02-555c-4b23-9450-8f3413fa7694";
+ fsType = "xfs";
+ };
+
+ fileSystems."/boot" =
+ {
+ device = "/dev/disk/by-uuid/A24C-F252";
+ fsType = "vfat";
+ };
+
+ fileSystems."/media/internal" =
+ {
+ device = "/dev/disk/by-uuid/5cf314a8-82f4-4037-a724-62d2ff226cff";
+ fsType = "ext4";
+ };
+
+ fileSystems."/home" =
+ {
+ device = "/dev/disk/by-uuid/2ef980f1-1f27-4d2a-9789-00f45e791fcc";
+ fsType = "xfs";
+ };
+
+ swapDevices =
+ [{ device = "/dev/disk/by-uuid/0203b641-280f-4a3d-971d-fd32a666c852"; }];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces..useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
+ networking.interfaces.enp2s0f1.useDHCP = lib.mkDefault true;
+
+ powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/lib/compat/default.nix b/lib/compat/default.nix
index ae3b4426..9d0c2837 100644
--- a/lib/compat/default.nix
+++ b/lib/compat/default.nix
@@ -1,14 +1,14 @@
let
- lock = builtins.fromJSON (builtins.readFile builtins.path { path = ../../flake.lock; name = "lockPath"; });
+ rev = "e7e5d481a0e15dcd459396e55327749989e04ce0";
flake = (import
(
fetchTarball {
- url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz";
- sha256 = lock.nodes.flake-compat.locked.narHash;
+ url = "https://github.com/edolstra/flake-compat/archive/${rev}.tar.gz";
+ sha256 = "0zd3x46fswh5n6faq4x2kkpy6p3c6j593xbdlbsl40ppkclwc80x";
}
)
{
- src = builtins.path { path = ../../.; name = "projectRoot"; };
+ src = ../../.;
});
in
flake
diff --git a/modules/audio/mopidy.nix b/modules/audio/mopidy.nix
index 9d37eaba..e0758681 100644
--- a/modules/audio/mopidy.nix
+++ b/modules/audio/mopidy.nix
@@ -5,7 +5,7 @@ pkgs: {
mopidy-soundcloud
mopidy-youtube
mopidy-local
- mopidy-jellyfin
+ # mopidy-jellyfin
];
configuration = ''
diff --git a/modules/core/boot.nix b/modules/core/boot.nix
index cb16865d..0d631251 100644
--- a/modules/core/boot.nix
+++ b/modules/core/boot.nix
@@ -1,8 +1,8 @@
{ config, pkgs, lib, ... }:
-with lib;
let
cfg = config.pub-solar.core;
in
+with lib;
{
options.pub-solar.core.iso-options.enable = mkOption {
type = types.bool;
diff --git a/modules/devops/default.nix b/modules/devops/default.nix
index 9c0d9a9e..e944bf2c 100644
--- a/modules/devops/default.nix
+++ b/modules/devops/default.nix
@@ -12,6 +12,7 @@ in
config = mkIf cfg.enable {
home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = [
+ croc
drone-cli
nmap
pgcli
@@ -20,6 +21,7 @@ in
restic
shellcheck
terraform_0_15
+ tea
];
};
};
diff --git a/modules/mobile/default.nix b/modules/mobile/default.nix
new file mode 100644
index 00000000..b02819a9
--- /dev/null
+++ b/modules/mobile/default.nix
@@ -0,0 +1,19 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ cfg = config.pub-solar.mobile;
+in
+{
+ options.pub-solar.mobile = {
+ enable = mkEnableOption "Add android adb and tooling";
+ };
+
+ config = mkIf cfg.enable {
+ programs.adb.enable = true;
+
+ users.users = with pkgs; lib.setAttrByPath [ psCfg.user.name ] {
+ extraGroups = [ "adbusers" ];
+ };
+ };
+}
diff --git a/modules/paperless/default.nix b/modules/paperless/default.nix
new file mode 100644
index 00000000..9fd22ab4
--- /dev/null
+++ b/modules/paperless/default.nix
@@ -0,0 +1,37 @@
+{ lib, config, pkgs, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ cfg = config.pub-solar.paperless;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ options.pub-solar.paperless = {
+ enable = mkEnableOption "All you need to go paperless";
+ ocrLanguage = mkOption {
+ description = "OCR language";
+ type = types.str;
+ example = "eng+deu";
+ default = "eng";
+ };
+ consumptionDir = mkOption {
+ description = "Directory to be watched";
+ type = types.str;
+ example = "/var/lib/paperless/consume";
+ default = "/home/${psCfg.user.name}/Documents";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.paperless-ng = {
+ enable = true;
+ consumptionDir = cfg.consumptionDir;
+ extraConfig = {
+ PAPERLESS_OCR_LANGUAGE = cfg.ocrLanguage;
+ };
+ };
+ environment.systemPackages = [
+ pkgs.hplip
+ ];
+ };
+}
diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix
index 2dc439cf..202d9f5a 100644
--- a/modules/paranoia/default.nix
+++ b/modules/paranoia/default.nix
@@ -22,6 +22,10 @@ in
pub-solar.core.hibernation.enable = true;
services.logind.lidSwitch = "hibernate";
+ services.tor.settings = {
+ UseBridges = true;
+ };
+
# The options below are directly taken from or inspired by
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
diff --git a/modules/printing/default.nix b/modules/printing/default.nix
index 4688c842..1e8fa9de 100644
--- a/modules/printing/default.nix
+++ b/modules/printing/default.nix
@@ -25,6 +25,7 @@ in
hardware.sane = {
enable = true;
brscan4.enable = true;
+ extraBackends = [ pkgs.hplipWithPlugin ];
};
};
}
diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf
index 1b851675..4c7f0614 100644
--- a/modules/sway/config/config.d/custom-keybindings.conf
+++ b/modules/sway/config/config.d/custom-keybindings.conf
@@ -36,3 +36,11 @@ bindsym $mod+Ctrl+r exec record-screen
# Launcher
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
bindsym $mod+Space exec $menu
+
+set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
+bindsym $mod+Num_Lock mode "$mode_vncclient"
+bindsym $mod+Shift+Escape mode "$mode_vncclient"
+mode "$mode_vncclient" {
+ bindsym $mod+Num_Lock mode "default"
+ bindsym $mod+Shift+Escape mode "default"
+}
diff --git a/modules/sway/config/wayvnc/config.nix b/modules/sway/config/wayvnc/config.nix
new file mode 100644
index 00000000..27a51188
--- /dev/null
+++ b/modules/sway/config/wayvnc/config.nix
@@ -0,0 +1,8 @@
+{ psCfg, pkgs }: "
+address=0.0.0.0
+enable_auth=true
+username=${psCfg.user.name}
+password=testtest
+private_key_file=/run/agenix/vnc-key.pem
+certificate_file=/run/agenix/vnc-cert.pem
+"
diff --git a/modules/sway/default.nix b/modules/sway/default.nix
index c173e9ce..e6c43b14 100644
--- a/modules/sway/default.nix
+++ b/modules/sway/default.nix
@@ -13,6 +13,8 @@ in
description = "Choose sway's default terminal";
};
+ vnc.enable = mkEnableOption "Enable vnc service";
+
v4l2loopback.enable = mkOption {
type = types.bool;
default = true;
@@ -93,6 +95,8 @@ in
systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
+ systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
+
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
@@ -101,6 +105,7 @@ in
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; };
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
+ xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };
};
})
]);
diff --git a/modules/sway/wayvnc.service.nix b/modules/sway/wayvnc.service.nix
new file mode 100644
index 00000000..863669d5
--- /dev/null
+++ b/modules/sway/wayvnc.service.nix
@@ -0,0 +1,19 @@
+pkgs:
+{
+ Unit = {
+ Description = "A VNC server for wlroots based Wayland compositors ";
+ Documentation = "https://github.com/any1/wayvnc";
+ BindsTo = [ "sway-session.target" ];
+ After = [ "graphical-session-pre.target" "network-online.target" ];
+ Wants = [ "graphical-session-pre.target" "network-online.target" ];
+ };
+
+ Service = {
+ Type = "simple";
+ ExecStart = "${pkgs.wayvnc}/bin/wayvnc -r -p 0.0.0.0 5901";
+ };
+
+ Install = {
+ WantedBy = [ "sway-session.target" ];
+ };
+}
diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix
index 4df1892a..6ca59da6 100644
--- a/modules/terminal-life/nvim/default.nix
+++ b/modules/terminal-life/nvim/default.nix
@@ -5,6 +5,76 @@ let
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs);
+
+ vimagit-master = pkgs.vimUtils.buildVimPlugin {
+ name = "vimagit-master";
+ src = pkgs.fetchFromGitHub {
+ owner = "jreybert";
+ repo = "vimagit";
+ rev = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4";
+ sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0=";
+ };
+ };
+
+ instant-nvim = pkgs.vimUtils.buildVimPlugin {
+ name = "instant";
+ src = pkgs.fetchFromGitHub {
+ owner = "jbyuki";
+ repo = "instant.nvim";
+ rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554";
+ sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI=";
+ };
+ };
+
+ vim-caddyfile = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-caddyfile";
+ src = pkgs.fetchFromGitHub {
+ owner = "isobit";
+ repo = "vim-caddyfile";
+ rev = "24fe0720551883e407cb70ae1d7c03f162d1d5a0";
+ sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o=";
+ };
+ };
+
+ workspace = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-workspace";
+ src = pkgs.fetchFromGitHub {
+ owner = "thaerkh";
+ repo = "vim-workspace";
+ rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62";
+ sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI=";
+ };
+ };
+
+ beautify = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-beautify";
+ src = pkgs.fetchFromGitHub {
+ owner = "zeekay";
+ repo = "vim-beautify";
+ rev = "e0691483927dc5a0c051433602397419f9628623";
+ sha256 = "QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ=";
+ };
+ };
+
+ vim-mdx-js = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-mdx-js";
+ src = pkgs.fetchFromGitHub {
+ owner = "jxnblk";
+ repo = "vim-mdx-js";
+ rev = "17179d7f2a73172af5f9a8d65b01a3acf12ddd50";
+ sha256 = "wfYCvw9JVGG8p8PQhRPT6CeGGf2OVz9SR2KQM0LjQhY=";
+ };
+ };
+
+ apprentice = pkgs.vimUtils.buildVimPlugin {
+ name = "vim-apprentice";
+ src = pkgs.fetchFromGitHub {
+ owner = "romainl";
+ repo = "Apprentice";
+ rev = "ecd41698037f15a58125b349be76dbd2595bfb6d";
+ sha256 = "sha256-9s7Yzn3IEJBjcyUq9NBIQ9wb45Xr7jOkEIoWf0lAYYg=";
+ };
+ };
in
{
enable = true;
@@ -30,13 +100,13 @@ in
nodePackages.vue-language-server
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
+ vscode-extensions.angular.ng-template
python39Packages.python-lsp-server
python3Full
solargraph
rnix-lsp
rust-analyzer
terraform-ls
- universal-ctags
];
plugins = with pkgs.vimPlugins; [
@@ -48,7 +118,7 @@ in
lsp_extensions-nvim
nvim-lspconfig
- instant-nvim-nvfetcher
+ instant-nvim
ack-vim
vim-airline
@@ -57,25 +127,24 @@ in
quick-scope
suda-vim
syntastic
- vim-gutentags
vim-vinegar
- vim-workspace-nvfetcher
+ workspace
sonokai
vim-hybrid-material
vim-airline-themes
- vim-apprentice-nvfetcher
+ apprentice
fugitive
vim-gitgutter
vim-rhubarb
- vimagit-nvfetcher
+ vimagit-master
fzf-vim
fzfWrapper
vim-highlightedyank
- vim-beautify-nvfetcher
+ beautify
vim-surround
vim-bufkill
@@ -84,7 +153,7 @@ in
ansible-vim
emmet-vim
rust-vim
- vim-caddyfile-nvfetcher
+ vim-caddyfile
vim-go
vim-javascript
vim-json
@@ -96,6 +165,7 @@ in
vim-toml
vim-vue
yats-vim
+ vim-mdx-js
];
extraConfig = builtins.concatStringsSep "\n" [
diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim
index 97e9e21a..ab67e01d 100644
--- a/modules/terminal-life/nvim/lsp.vim
+++ b/modules/terminal-life/nvim/lsp.vim
@@ -74,7 +74,8 @@ lua < ssh-rsa kFDS0A
+lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj
+3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm
+eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L
+jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv
+Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd
+enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY
+XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J
+fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f
+DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c
+8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4
+QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc
+-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg
+58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI
+-> ssh-rsa wVtlwQ
+RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ
+J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg
+bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP
+EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp
+KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0
+SJDLmHOos2RKTmx06aidDg
+-> Dz(k-grease ~FF p m)E{J3E
+7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP
+MzOYiM+PIQmn
+--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4
+l%�uE\���?2\&�wG&@�W~�9"^Ɔ�on^�xOI�uO21c*m%)#جe�I6A/i
\ No newline at end of file
diff --git a/secrets/hdd_keyfile-chocolatebar.bin b/secrets/hdd_keyfile-chocolatebar.bin
new file mode 100644
index 00000000..f48b953a
Binary files /dev/null and b/secrets/hdd_keyfile-chocolatebar.bin differ
diff --git a/secrets/keyfile-biolimo.bin b/secrets/keyfile-biolimo.bin
new file mode 100644
index 00000000..4fb69723
Binary files /dev/null and b/secrets/keyfile-biolimo.bin differ
diff --git a/secrets/keyfile-chocolatebar.bin b/secrets/keyfile-chocolatebar.bin
new file mode 100644
index 00000000..dec7a831
Binary files /dev/null and b/secrets/keyfile-chocolatebar.bin differ
diff --git a/secrets/mopidy.conf b/secrets/mopidy.conf
new file mode 100644
index 00000000..2edbacf9
--- /dev/null
+++ b/secrets/mopidy.conf
@@ -0,0 +1,44 @@
+age-encryption.org/v1
+-> ssh-rsa kFDS0A
+pgJUXnYT0UgB7h8dWOBCIO6OuXwpjmBuQpJBXnI2Zh5X2fiGQVyrrcrm8VSWLHOd
+za9SME+PxcGXDGgwaGpCl8tOh93WRUC0RtNTBmoiyzrfkbQtm9gfnt51JpHscuTc
+wzZ9cxMvtKSNGsCuK5oeX9ZxVgXH5QFomwvADXoy14HacgEOzLTPU6vrPrOonGAG
+kDqYDzf87V2BfPttzONoScsVsFV26EQntxDx5/8Hja4ceOvgBwm2GczUzpgfIRCA
+To+az2B1Y0h/BWMqzRAhobuN/UIQcZAKro4uf8SbpKqPQrON+k1tAE+lrMUFLx1A
+2ZayulT/Partcm6L8Yb0JAn24eXFla52XQ6JyukSbtoqZxEQIcjbM34+KFKMftIA
+M8taZIG2JWyFdHBPO4RAMyGbNpQN5hsDvJWGIJePj4bAxW7GX9JJiT7gg1iCKce3
+SINdaBt4O3RJ49wTGqJtMSJSlfzLf7s4zHx5oaozAEt84h97A2Yt/8Lg1Wmc2Aji
+Q4XG6w8OQ/Fk8E/EeSZ27udMHF94TfQ9mzbKdMJRclLDlKKlxeYA6gea4QYb6GLi
+8tY6qnDpF9jwV7ehehM9KYhJcCLw7MYNwGI6oPmTagZCRhXDYULbmK5gfkspcrZ1
+zZn5yOCwt+MA3U2NfpxNOMs0LvaGU7HOruzyD9DLp+4
+-> ssh-ed25519 TnSWKQ SWZZJeUCYeSkYwIKmrsMa/MUkNK7xIn+213hy6X51Uk
+FDzM+HzDh+5+9RI+gjTPKNT74DPSvxA+CKJpHXSMX5c
+-> ssh-rsa 8daibg
+XthUstyN7tDd/vAw3y6knQWNI1M2GEKGDzvmOXFMgwxUcBUNPZmPnZvTfmUXY81Z
+iF13Lruwid0/4Pb9dcYyyifzoqnNb6SvnzczoUSpqQc6m+6BLX4kSTIN1Pulwt8A
+kWrOekvKy9J7Z2QsW6QKfxB4xaAc+BA9kHOgWWpLTyx2GOm0ksLjUnsd3Zo/xXsc
+JpjuSNcsUM9mCP00RjamX1SwrAc/tRnoOSOD6jmED5M0Xfb7bE2AORUQ3Em8B4iG
+CgaTEXFppZN96+BHOumOP1wAbH7uI0EdQP/SvR+qelCH35C0pSWZ4AuyvT5kvoYL
+CyK6GQ8rVnDrBaWQIj4TPhpB1xVxKd01AZX9ITdhPdTATJFwCcVxoWgCTtjNGaIc
+4GldFh0+nXUUV9spzxFbAhiJwy+PHfNfuJ1gyYMrgLY4mQPhA6ntPeWqZOb20cYZ
+ABl7eHN9AAQnibw6EufkgH/U9v81HlWjbLWedAHNPGAldDF5uNrY+FRiqXWT2Ivb
+9CkU/pUFAAcZs7GwEHTVz2dWsuxthS/P/DhN1YshDmY17gTBEf+40SUATsD1wBV0
+tdmbU3i79djbfXXvazR+hi7qDtKo+zJKCDORSq66J70njl0pwN/QIKGQnKt5sYCm
+3kPTZHrR6ys82MhTFk/C1G4aJjQScTz4buA5UH+0hsE
+-> ssh-ed25519 2Ca8Kg eqyr8Yr3rrWlhCd+TmKsnywFdp1mwt3jZwuJzO0TwzM
+mcfYZGTAebrZY9Ool8sPn25wPiwe6StBUzdVAyEErAE
+-> ssh-rsa 2ggJWw
+h00c7evck2bHux9EhMjLQa1f3O3tReLd65LDJB28jH7SbpT6t8Gxfk9tamGFHg4Z
+lGxkzZjK9xnroBpZv5ikuP+tD7A6A2saDXDnnAw+wHUGv0UO5yzr0HPIvwE1bVR5
+GOW1iqPMHKB2v6NeTaBG1g5TohSYEDDINkQv+Q4NyPhdpX9bGd3biWiBAa1gy3Xp
+XmDwtUfBg9IN+EeQTpC/tc4C1pLd3k7E+5pZDQebfTlvXZ83SH05BpBnpakPWNty
+Pf3s/iMwWBiJ+8GiwQ7c6FjTrr9ImJe8nD6mknWGpsMEQ9wB4Bd9l5RTjpTW9wCo
+DNtN8Mo0SGgFXjj/5XO0kMDhDike/GLr6wfD0HVgRP9MtcatvEaezp4RY6NIknjy
+F49KFsZWhzqwU2c4VX3ayFGJHcn/TT6o2QL3qZoI6x23ZFHQlXtQjXfhTkXk2qJt
+565cgrWzLYV7y+DB5fwaG/+Twlnr8rMQOPwyEnrWylh+AY3H/2/M1qQz2b2UQapl
+
+-> }L0d&,o-grease QVMP gPkF4&,`
+YaavYxfymQIl4xRnz1AZxLAY7+r2R9Mftt9AIk11bEymVtCWhsWtSbnhsq9q+fjm
+yYwVUyIh4eeH4oOdz3ssnmB3gg
+--- 5VOiRneXGtTtik3m0OJY8zV8Sboh18DIB4eM07M+1Lo
+:��I{�z��)-tȫ�jT0rEYg4wFAS9R��Q5c{zjlRAH��L y�W6l>ߪ}mݿbѱ6*g"}X>Wǁ��Tޭ#
mi@i:�z愲jbc(Ʀ{�w(θyԧ`i_C-`PeCȻtS�5eZp%QB�h4y�CdYL.
}ɑ^h֮�͝.˿G~dEoZ=|�CO�
x7,N��P�%*I%k�[�|-Te~36!C"ai/�kDmì]J>n�^OڗM�S7�1P�\�?x\;B#u�B$hѵ:��
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index bac30e03..bf4a7c8e 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,60 @@
let
# set ssh public keys here for your system and user
- system = "";
- user = "";
- allKeys = [ system user ];
+ bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw== hello@benjaminbaedorf.com";
+
+ biolimo-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZzg8pfVtFonx/IvO2MKG5uVF/sMJAOt1Ifm9Vds2eA root@biolimo";
+ biolimo-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo";
+
+ chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
+ chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
+
+ droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos";
+ droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie";
+
+ allKeys = [
+ bbcom
+
+ biolimo-host
+ biolimo-user
+
+ chocolatebar-host
+ chocolatebar-user
+ ];
+
+ biolimoKeys = [
+ bbcom
+
+ biolimo-host
+ biolimo-user
+ ];
+
+ chocolatebarKeys = [
+ bbcom
+
+ chocolatebar-host
+ chocolatebar-user
+ ];
+
+ droppieKeys = [
+ bbcom
+
+ droppie-host
+ droppie-user
+ ];
in
{
- "secret.age".publicKeys = allKeys;
+ "keyfile-biolimo.bin".publicKeys = biolimoKeys;
+
+ "keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
+ "crypto_keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
+ "hdd_keyfile-chocolatebar.bin".publicKeys = chocolatebarKeys;
+
+ "vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
+ "vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
+
+ "drone-runner-exec-config".publicKeys = allKeys;
+
+ "dyndns-droppie.key".publicKeys = droppieKeys;
+
+ "mopidy.conf".publicKeys = allKeys;
}
diff --git a/secrets/vnc-cert-chocolatebar.pem b/secrets/vnc-cert-chocolatebar.pem
new file mode 100644
index 00000000..d7003993
Binary files /dev/null and b/secrets/vnc-cert-chocolatebar.pem differ
diff --git a/secrets/vnc-key-chocolatebar.pem b/secrets/vnc-key-chocolatebar.pem
new file mode 100644
index 00000000..d2853d11
Binary files /dev/null and b/secrets/vnc-key-chocolatebar.pem differ
diff --git a/shell/devos.nix b/shell/devos.nix
index 382a6d34..9aefcc6f 100644
--- a/shell/devos.nix
+++ b/shell/devos.nix
@@ -28,6 +28,21 @@ in
# override for our own welcome
devshell.name = pkgs.lib.mkForce "PubSolarOS";
+ # tempfix: remove when merged https://github.com/numtide/devshell/pull/123
+ devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry ''
+ # PATH is devshell's exorbitant privilige:
+ # fence against its pollution
+ _PATH=''${PATH}
+ # Load installed profiles
+ for file in "$DEVSHELL_DIR/etc/profile.d/"*.sh; do
+ # If that folder doesn't exist, bash loves to return the whole glob
+ [[ -f "$file" ]] && source "$file"
+ done
+ # Exert exorbitant privilige and leave no trace
+ export PATH=''${_PATH}
+ unset _PATH
+ '');
+
commands = with pkgs; [
(devos nix)
(devos agenix)
diff --git a/users/ben/.config/msmtp/config b/users/ben/.config/msmtp/config
new file mode 100644
index 00000000..d3fc920b
--- /dev/null
+++ b/users/ben/.config/msmtp/config
@@ -0,0 +1,72 @@
+account hello@benjaminbaedorf.eu
+ host mail.hosting.de
+ port 587
+ protocol smtp
+ auth on
+ from hello@benjaminbaedorf.eu
+ user hello@benjaminbaedorf.eu
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account benjamin.baedorf@rwth-aachen.de
+ host mail.rwth-aachen.de
+ port 587
+ protocol smtp
+ auth on
+ from benjamin.baedorf@rwth-aachen.de
+ user bb564306@rwth-aachen.de
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account b.baedorf@openproject.com
+ host smtp.mailbox.org
+ port 587
+ protocol smtp
+ auth on
+ from b.baedorf@openproject.com
+ user b.baedorf@openproject.com
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account byb@miom.space
+ host mail.hosting.de
+ port 587
+ protocol smtp
+ auth on
+ from byb@miom.space
+ user byb@miom.space
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account admins@pub.solar
+ host mail.greenbaum.cloud
+ port 587
+ protocol smtp
+ auth on
+ from admins@pub.solar
+ user admins@pub.solar
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account crew@pub.solar
+ host mail.greenbaum.cloud
+ port 587
+ protocol smtp
+ auth on
+ from crew@pub.solar
+ user crew@pub.solar
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+account mail@b12f.io
+ host mail.b12f.io
+ port 587
+ protocol smtp
+ auth on
+ from mail@b12f.io
+ user mail@b12f.io
+ tls on
+ tls_trust_file /etc/ssl/certs/ca-certificates.crt
+
+
+account default : hello@benjaminbaedorf.eu
diff --git a/users/ben/.config/mutt/admins@pub.solar.muttrc b/users/ben/.config/mutt/admins@pub.solar.muttrc
new file mode 100644
index 00000000..9e993f7f
--- /dev/null
+++ b/users/ben/.config/mutt/admins@pub.solar.muttrc
@@ -0,0 +1,19 @@
+# vim: filetype=muttrc
+
+set from = "pub.solar Admins "
+set sendmail = "msmtp -a admins@pub.solar"
+set signature = "~/.config/mutt/admins@pub.solar.signature"
+
+set mbox_type = Maildir
+set folder = ~/Mail
+set spoolfile = "+admins\@pub.solar/INBOX"
+set postponed = "+admins\@pub.solar/Drafts"
+set record = "+admins\@pub.solar/Sent"
+set trash = "+admins\@pub.solar/Trash"
+mbox-hook = "+admins\@pub.solar/Archive"
+unmailboxes *
+mailboxes +admins\@pub.solar/INBOX \
+ +admins\@pub.solar/Drafts \
+ +admins\@pub.solar/Sent \
+ +admins\@pub.solar/Archive \
+ +admins\@pub.solar/Trash
diff --git a/users/ben/.config/mutt/admins@pub.solar.signature b/users/ben/.config/mutt/admins@pub.solar.signature
new file mode 100644
index 00000000..d24a0c1f
--- /dev/null
+++ b/users/ben/.config/mutt/admins@pub.solar.signature
@@ -0,0 +1,7 @@
+
+pub.solar Admins (they/them)
+
+MAIL: admins@pub.solar
+GIT: git.b12f.io/pub-solar
+MATRIX: #general:pub.solar
+WEB: pub.solar
diff --git a/users/ben/.config/mutt/b.baedorf@openproject.com.muttrc b/users/ben/.config/mutt/b.baedorf@openproject.com.muttrc
new file mode 100644
index 00000000..c4cf9354
--- /dev/null
+++ b/users/ben/.config/mutt/b.baedorf@openproject.com.muttrc
@@ -0,0 +1,24 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf "
+set sendmail = "msmtp -a b.baedorf@openproject.com"
+set signature = "~/.config/mutt/b.baedorf@openproject.com.signature"
+
+set pgp_default_key="DB94333951EC9A362B33FBA5069CA2D117AB5CCF"
+
+set imap_user = b.baedorf@openproject.com
+set imap_pass = `secret-tool lookup service smtp host smtp.mailbox.org user b.baedorf@openproject.com`
+
+set folder = imaps://imap.mailbox.org:993
+
+set spoolfile = "+INBOX"
+set postponed = "+Drafts"
+set record = "+Sent"
+set trash = "+Trash"
+mbox-hook = "+Archive"
+unmailboxes *
+mailboxes +INBOX \
+ +Drafts \
+ +Sent \
+ +Archive \
+ +Trash
diff --git a/users/ben/.config/mutt/b.baedorf@openproject.com.signature b/users/ben/.config/mutt/b.baedorf@openproject.com.signature
new file mode 100644
index 00000000..78caad7b
--- /dev/null
+++ b/users/ben/.config/mutt/b.baedorf@openproject.com.signature
@@ -0,0 +1,18 @@
+
+Benjamin Bädorf
+Senior Frontend Engineer
+
+OpenProject GmbH
+Krausenstraße 9
+10117 Berlin
+
+E: b.baedorf@openproject.com
+GPG: DB94 3339 51EC 9A36 2B33 FBA5 069C A2D1 17AB 5CC
+
+T: +49 9599 899 22
+M: +49 151 2266 2777
+I: www.openproject.org
+
+Amtsgericht Berlin-Charlottenburg HRB 117935
+Geschäftsführer Niels Lindenthal
+UStID DE211309779
diff --git a/users/ben/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc b/users/ben/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
new file mode 100644
index 00000000..010d6c2d
--- /dev/null
+++ b/users/ben/.config/mutt/benjamin.baedorf@rwth-aachen.de.muttrc
@@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf "
+set sendmail = "msmtp -a benjamin.baedorf@rwth-aachen.de"
+set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type = Maildir
+set folder = ~/Mail
+set spoolfile = "+benjamin.baedorf\@rwth-aachen.de/INBOX"
+set postponed = "+benjamin.baedorf\@rwth-aachen.de/Drafts"
+set record = "+benjamin.baedorf\@rwth-aachen.de/Sent"
+set trash = "+benjamin.baedorf\@rwth-aachen.de/Trash"
+mbox-hook = "+benjamin.baedorf\@rwth-aachen.de/Journal"
+unmailboxes *
+mailboxes +benjamin.baedorf\@rwth-aachen.de/INBOX \
+ +benjamin.baedorf\@rwth-aachen.de/Drafts \
+ +benjamin.baedorf\@rwth-aachen.de/Sent \
+ +benjamin.baedorf\@rwth-aachen.de/Journal \
+ +benjamin.baedorf\@rwth-aachen.de/Trash
diff --git a/users/ben/.config/mutt/byb@miom.space.muttrc b/users/ben/.config/mutt/byb@miom.space.muttrc
new file mode 100644
index 00000000..afc15316
--- /dev/null
+++ b/users/ben/.config/mutt/byb@miom.space.muttrc
@@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf "
+set sendmail = "msmtp -a byb@miom.space"
+set signature = "~/.config/mutt/byb@miom.space.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type = Maildir
+set folder = ~/Mail
+set spoolfile = "+byb\@miom.space/INBOX"
+set postponed = "+byb\@miom.space/Drafts"
+set record = "+byb\@miom.space/Sent"
+set trash = "+byb\@miom.space/Trash"
+mbox-hook = "+byb\@miom.space/Archive"
+unmailboxes *
+mailboxes +byb\@miom.space/INBOX \
+ +byb\@miom.space/Drafts \
+ +byb\@miom.space/Sent \
+ +byb\@miom.space/Archive \
+ +byb\@miom.space/Trash
diff --git a/users/ben/.config/mutt/byb@miom.space.signature b/users/ben/.config/mutt/byb@miom.space.signature
new file mode 100644
index 00000000..adf5bed3
--- /dev/null
+++ b/users/ben/.config/mutt/byb@miom.space.signature
@@ -0,0 +1,10 @@
+
+Benjamin Yule Bädorf (they/them)
+Software Engineer at MiOM 202
+
+MAIL: byb@miom.space
+TEL: +49 15 778 959 877
+GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C
+GIT: git.b12f.io/b12f
+MATRIX: @b12f:pub.solar
+WEB: benjaminbaedorf.eu
diff --git a/users/ben/.config/mutt/crew@pub.solar.muttrc b/users/ben/.config/mutt/crew@pub.solar.muttrc
new file mode 100644
index 00000000..29d85931
--- /dev/null
+++ b/users/ben/.config/mutt/crew@pub.solar.muttrc
@@ -0,0 +1,19 @@
+# vim: filetype=muttrc
+
+set from = "pub.solar crew "
+set sendmail = "msmtp -a crew@pub.solar"
+set signature = "~/.config/mutt/crew@pub.solar.signature"
+
+set mbox_type = Maildir
+set folder = ~/Mail
+set spoolfile = "+crew\@pub.solar/INBOX"
+set postponed = "+crew\@pub.solar/Drafts"
+set record = "+crew\@pub.solar/Sent"
+set trash = "+crew\@pub.solar/Trash"
+mbox-hook = "+crew\@pub.solar/Archive"
+unmailboxes *
+mailboxes +crew\@pub.solar/INBOX \
+ +crew\@pub.solar/Drafts \
+ +crew\@pub.solar/Sent \
+ +crew\@pub.solar/Archive \
+ +crew\@pub.solar/Trash
diff --git a/users/ben/.config/mutt/crew@pub.solar.signature b/users/ben/.config/mutt/crew@pub.solar.signature
new file mode 100644
index 00000000..4755ed6a
--- /dev/null
+++ b/users/ben/.config/mutt/crew@pub.solar.signature
@@ -0,0 +1,8 @@
+
+pub.solar crew (they/them)
+
+MAIL: crew@pub.solar
+MASTODON: @crew@pub.solar
+GIT: git.b12f.io/pub-solar
+MATRIX: #general:pub.solar
+WEB: pub.solar
diff --git a/users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc b/users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc
new file mode 100644
index 00000000..7cc40ca5
--- /dev/null
+++ b/users/ben/.config/mutt/hello@benjaminbaedorf.eu.muttrc
@@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf "
+set sendmail = "msmtp -a hello@benjaminbaedorf.eu"
+set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type = Maildir
+set folder = ~/Mail
+set spoolfile = "+hello\@benjaminbaedorf.eu/INBOX"
+set postponed = "+hello\@benjaminbaedorf.eu/Drafts"
+set record = "+hello\@benjaminbaedorf.eu/Sent"
+set trash = "+hello\@benjaminbaedorf.eu/Trash"
+mbox-hook = "+hello\@benjaminbaedorf.eu/Archive"
+unmailboxes *
+mailboxes +hello\@benjaminbaedorf.eu/INBOX \
+ +hello\@benjaminbaedorf.eu/Drafts \
+ +hello\@benjaminbaedorf.eu/Sent \
+ +hello\@benjaminbaedorf.eu/Archive \
+ +hello\@benjaminbaedorf.eu/Trash
diff --git a/users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature b/users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature
new file mode 100644
index 00000000..149014c1
--- /dev/null
+++ b/users/ben/.config/mutt/hello@benjaminbaedorf.eu.signature
@@ -0,0 +1,10 @@
+
+Benjamin Yule Bädorf (they/them)
+Software Engineer
+
+MAIL: hello@benjaminbaedorf.eu
+TEL: +49 15 778 959 877
+GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C
+GIT: git.b12f.io/b12f
+MATRIX: @b12f:pub.solar
+WEB: benjaminbaedorf.eu
diff --git a/users/ben/.config/mutt/mail@b12f.io.muttrc b/users/ben/.config/mutt/mail@b12f.io.muttrc
new file mode 100644
index 00000000..ebe1d713
--- /dev/null
+++ b/users/ben/.config/mutt/mail@b12f.io.muttrc
@@ -0,0 +1,21 @@
+# vim: filetype=muttrc
+
+set from = "Benjamin Bädorf "
+set sendmail = "msmtp -a mail@b12f.io"
+set signature = "~/.config/mutt/mail@b12f.io.signature"
+
+set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
+
+set mbox_type = Maildir
+set folder = ~/Mail
+set spoolfile = "+mail\@b12f.io/INBOX"
+set postponed = "+mail\@b12f.io/Drafts"
+set record = "+mail\@b12f.io/Sent"
+set trash = "+mail\@b12f.io/Trash"
+mbox-hook = "+mail\@b12f.io/Archive"
+unmailboxes *
+mailboxes +mail\@b12f.io/INBOX \
+ +mail\@b12f.io/Drafts \
+ +mail\@b12f.io/Sent \
+ +mail\@b12f.io/Archive \
+ +mail\@b12f.io/Trash
diff --git a/users/ben/.config/mutt/mail@b12f.io.signature b/users/ben/.config/mutt/mail@b12f.io.signature
new file mode 100644
index 00000000..b12bc7e9
--- /dev/null
+++ b/users/ben/.config/mutt/mail@b12f.io.signature
@@ -0,0 +1,10 @@
+
+Benjamin Yule Bädorf (they/them)
+Software Engineer
+
+MAIL: mail@b12f.io
+TEL: +49 15 778 959 877
+GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C
+GIT: git.b12f.io/b12f
+MATRIX: @b12f:pub.solar
+WEB: benjaminbaedorf.eu
diff --git a/users/ben/.config/offlineimap/config b/users/ben/.config/offlineimap/config
new file mode 100644
index 00000000..0313206c
--- /dev/null
+++ b/users/ben/.config/offlineimap/config
@@ -0,0 +1,109 @@
+[general]
+pythonfile = $XDG_CONFIG_HOME/offlineimap/functions.py
+metadata = $XDG_DATA_HOME/offlineimap
+accounts = BBEU, MiOM, AdminsPubSolar, CrewPubSolar, b12f, RWTH
+
+[Account BBEU]
+localrepository = LocalBBEU
+remoterepository = RemoteBBEU
+
+[Repository LocalBBEU]
+type = Maildir
+localfolders = ~/Mail/hello@benjaminbaedorf.eu
+
+[Repository RemoteBBEU]
+type = IMAP
+remotehost = mail.hosting.de
+remoteuser = hello@benjaminbaedorf.eu
+remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "hello@benjaminbaedorf.eu")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account OPGmail]
+localrepository = LocalOPGmail
+remoterepository = RemoteOPGmail
+
+[Repository LocalOPGmail]
+type = Maildir
+localfolders = ~/Mail/b.baedorf@openproject.com
+
+[Repository RemoteOPGmail]
+type = IMAP
+remotehost = imap.gmail.com
+remoteuser = b.baedorf@openproject.com
+remotepasseval = get_secret("service", "smtp", "host", "smtp.gmail.com", "user", "b.baedorf@openproject.com")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account MiOM]
+localrepository = LocalMiOM
+remoterepository = RemoteMiOM
+
+[Repository LocalMiOM]
+type = Maildir
+localfolders = ~/Mail/byb@miom.space
+
+[Repository RemoteMiOM]
+type = IMAP
+remotehost = mail.hosting.de
+remoteuser = byb@miom.space
+remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "byb@miom.space")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account AdminsPubSolar]
+localrepository = LocalAdminsPubSolar
+remoterepository = RemoteAdminsPubSolar
+
+[Repository LocalAdminsPubSolar]
+type = Maildir
+localfolders = ~/Mail/admins@pub.solar
+
+[Repository RemoteAdminsPubSolar]
+type = IMAP
+remotehost = mail.greenbaum.cloud
+remoteuser = admins@pub.solar
+remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "admins@pub.solar")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account CrewPubSolar]
+localrepository = LocalCrewPubSolar
+remoterepository = RemoteCrewPubSolar
+
+[Repository LocalCrewPubSolar]
+type = Maildir
+localfolders = ~/Mail/crew@pub.solar
+
+[Repository RemoteCrewPubSolar]
+type = IMAP
+remotehost = mail.greenbaum.cloud
+remoteuser = crew@pub.solar
+remotepasseval = get_secret("service", "smtp", "host", "mail.greenbaum.cloud", "user", "crew@pub.solar")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account b12f]
+localrepository = Localb12f
+remoterepository = Remoteb12f
+
+[Repository Localb12f]
+type = Maildir
+localfolders = ~/Mail/mail@b12f.io
+
+[Repository Remoteb12f]
+type = IMAP
+remotehost = mail.b12f.io
+remoteuser = mail@b12f.io
+remotepasseval = get_secret("service", "smtp", "host", "mail.b12f.io", "user", "mail@b12f.io")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
+
+[Account RWTH]
+localrepository = LocalRWTH
+remoterepository = RemoteRWTH
+
+[Repository LocalRWTH]
+type = Maildir
+localfolders = ~/Mail/benjamin.baedorf@rwth-aachen.de
+
+[Repository RemoteRWTH]
+type = IMAP
+remotehost = mail.rwth-aachen.de
+remoteuser = bb564306@rwth-aachen.de
+remotepasseval = get_secret("service", "smtp", "host", "mail.rwth-aachen.de", "user", "bb564306@rwth-aachen.de")
+sslcacertfile = /etc/ssl/certs/ca-certificates.crt
diff --git a/users/ben/default.nix b/users/ben/default.nix
new file mode 100644
index 00000000..ce609813
--- /dev/null
+++ b/users/ben/default.nix
@@ -0,0 +1,59 @@
+{ config, hmUsers, pkgs, lib, ... }:
+let
+ psCfg = config.pub-solar;
+in
+{
+ imports = [
+ ./home.nix
+ ];
+
+ config = {
+ home-manager.users = { inherit (hmUsers) ben; };
+
+ services.yubikey-agent.enable = true;
+
+ pub-solar = {
+ # These are your personal settings
+ # The only required settings are `name` and `password`,
+ # The rest is used for programs like git
+ user = {
+ name = "ben";
+ description = "b12f";
+ password = "$6$LO2YoaHwuRQhUoSz$iHw9avM887eJg9cIty2nmG4Ibkol3YpviEhYpivVQP31VrnihFz/6LyugxD7X4VmXx9nxvcYIZnN90rlGxwjT.";
+ fullName = "Benjamin Bädorf";
+ email = "hello@benjaminbaedorf.eu";
+ gpgKeyId = "4406E80E13CD656C";
+ publicKeys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDoYNvXWunQYFORRjcYH1F98+zr20U79ROh+gmaC7AY/x3yf4y8uyMayF56VgQLVNwgEchT5t4dNb9qo2+1oUnjiKrKAVfQMN6WMMMEr4F4WT784uvBx5Uo6vmhgAa+xoo62c4TV2Uf49ZiPd+zAApBHW1F/whPtunPF28Wfr9g+ozSidhnAr+3nkfJh331tz9s+wgQ39AFzFWftQ60Guulpfj8SaVyxyv/yZZAuFpXNzN0Cz4fWBIWFOsib6Z8y+SlUCzSzOguZ7FygHjwlvOxoISsASAuf0OfUKHxVshiL5F5AX1ddmUgXbUKUTp/3Iunr74pfOQC8TXzZHqhrlFzYDmK5J9E6eADSpgx++bCCaHycl73BWeertCBZSHBXeb3Db9HX+mxwpfP3alVAt4ZqQb3YD/VB7XGDvHbmLn+wSfecO2qA9PxiA0yX7e2BZLN9r3G3bRNSk0GpnYM0i84FE9IipiKKnWVjj7J0UPQmz7rzAn2Lki1CnX9PDdxZneqTxgpBomHJt4H+vXMw13scA4xxEDBvfS5KkjbEJqWLbfklCoER6nV3NPLZ6CBl0Xe/VQBSkqEuUEIXih/oa8emDOGUODNF75ck5NJmKiGg6AFZoeiDa7PZMIxhhOq4vsR2Ty43rztUJ0CMX7iSIk3Eql7kqNdvrJaJ7z0GBsiw== ben@biolimo"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar"
+ ];
+ };
+
+ paperless.enable = true;
+ arduino.enable = true;
+ email.enable = true;
+ uhk.enable = true;
+ audio.spotify.enable = true;
+ audio.spotify.username = "spotify@benjaminbaedorf.eu";
+ };
+
+ # Needed for the udev rules for solaar
+ hardware.logitech.wireless.enable = true;
+ networking.hosts =
+ let
+ localDomains = [
+ "openproject.local"
+ "traefik.local"
+ "nextcloud.local"
+ "step.local"
+ "saas-1.openproject.local"
+ "transmission.local"
+ ];
+ in
+ {
+ "127.0.0.1" = localDomains;
+ "::1" = localDomains;
+ };
+ };
+}
diff --git a/users/ben/home.nix b/users/ben/home.nix
new file mode 100644
index 00000000..1e9388bc
--- /dev/null
+++ b/users/ben/home.nix
@@ -0,0 +1,115 @@
+{ config, pkgs, lib, self, ... }:
+with lib;
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in
+{
+ imports = [
+ ./session-variables.nix
+ ];
+
+ home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ home.packages = with pkgs; [
+ tigervnc
+ dogecoin
+ nodejs
+ itch
+ solaar
+ ];
+
+ programs.ssh = {
+ enable = true;
+ matchBlocks = {
+ "git.b12f.io" = {
+ hostname = "git.b12f.io";
+ user = "git";
+ port = 2222;
+ };
+
+ "aur.archlinux.org" = {
+ user = "aur";
+ };
+
+ "leavieler.art" = {
+ hostname = "web5svsvy.wh.hosting.zone";
+ user = "web5svsvy_cgzqa3";
+ port = 2244;
+ };
+
+ "benjaminbaedorf.eu" = {
+ hostname = "web5svsvy.wh.hosting.zone";
+ user = "web5svsvy_cgzqa3";
+ port = 2244;
+ };
+
+ "miom.space" = {
+ hostname = "web7dgkba.wh.hosting.zone";
+ user = "web7dgkba_c9em8f";
+ port = 2244;
+ };
+
+ "latenight.blue" = {
+ hostname = "latenight.blue";
+ user = "lnb";
+ extraOptions = {
+ MACs = "hmac-sha2-512-etm@openssh.com";
+ };
+ };
+
+ "blacktea.io" = {
+ hostname = "latenight.blue";
+ user = "lnb";
+ extraOptions = {
+ MACs = "hmac-sha2-512-etm@openssh.com";
+ };
+ };
+
+ "laurakirst.de" = {
+ hostname = "webj4bsux.wh.hosting.zone";
+ user = "webj4bsux_36qkrk";
+ port = 2244;
+ };
+ };
+ };
+
+ xdg.configFile."mutt/accounts.muttrc".text = ''
+ source ./hello@benjaminbaedorf.eu.muttrc
+
+ macro index 'source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc!'
+ macro index 'source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc!'
+ macro index 'source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc!'
+ macro index 'source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc!'
+ macro index 'source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc!'
+ macro index 'source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc!'
+ macro index 'source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc!'
+ '';
+ xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
+ xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
+ xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
+ xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
+ xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
+ xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc";
+ xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature";
+ xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc";
+ xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature";
+ xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc";
+ xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature";
+ xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc";
+ xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature";
+ xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
+ xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
+ # xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
+ };
+
+ age.secrets."mopidy.conf" = {
+ file = "${self}/secrets/mopidy.conf";
+ mode = "700";
+ owner = "mopidy";
+ };
+ services.mopidy.extraConfigFiles = [ "/run/agenix/mopidy.conf" ];
+
+ programs.ssh.extraConfig = "
+ PubkeyAcceptedKeyTypes +ssh-rsa
+ ";
+}
diff --git a/users/ben/session-variables.nix b/users/ben/session-variables.nix
new file mode 100644
index 00000000..b6c3894f
--- /dev/null
+++ b/users/ben/session-variables.nix
@@ -0,0 +1,19 @@
+{ config, pkgs, ... }:
+let
+ psCfg = config.pub-solar;
+ xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+ DRONE_RPC_PROTO = "https";
+ DRONE_RPC_HOST = "ci.b12f.io";
+in
+{
+ home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
+ home.sessionVariables = {
+ inherit DRONE_RPC_HOST;
+ inherit DRONE_RPC_PROTO;
+ DRONE_SERVER = DRONE_RPC_PROTO + "://" + DRONE_RPC_HOST;
+
+ RESTIC_REPOSITORY = "sftp:root@backup.b12f.io:/media/internal/backups";
+ RESTIC_PASSWORD_COMMAND = "secret-tool lookup restic repository-password";
+ };
+ };
+}
diff --git a/users/yule/default.nix b/users/yule/default.nix
new file mode 100644
index 00000000..960f85b3
--- /dev/null
+++ b/users/yule/default.nix
@@ -0,0 +1,35 @@
+{ config, hmUsers, pkgs, lib, ... }:
+let
+ psCfg = config.pub-solar;
+in
+{
+ config = {
+ home-manager.users = { inherit (hmUsers) yule; };
+
+ pub-solar = {
+ # These are your personal settings
+ # The only required settings are `name` and `password`,
+ # The rest is used for programs like git
+ user = {
+ name = "yule";
+ description = "b12f";
+ password = "$6$pHMaL9DfxhvnLGy5$ka9bRU5p1lPTF0YHPZDM9Miq79iXuaXb6GLeALM1eX5djdsHYnpvVWjrmImWmcghGXsrDwpmXZPSJUU.gFpuA1";
+ fullName = "Benjamin Bädorf";
+ email = "hello@benjaminbaedorf.eu";
+ gpgKeyId = "4406E80E13CD656C";
+ publicKeys = [
+ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
+
+ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main"
+ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
+
+ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
+
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
+ ];
+ };
+ };
+ };
+}