b12f restructure #1

Merged
teutat3s merged 218 commits from b12f into main 2020-11-24 18:27:01 +00:00
27 changed files with 213 additions and 71 deletions
Showing only changes of commit b2daa8d2db - Show all commits

View file

@ -10,6 +10,10 @@ in
];
config = {
pub-solar.paranoia.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/dm-0";
pub-solar.core.hibernation.resumeOffset = 15296512;
hardware.cpu.intel.updateMicrocode = true;
networking.firewall.allowedTCPPorts = [ 5000 ];

View file

@ -28,12 +28,12 @@ in
age.secrets."vnc-key.pem" = {
file = "${self}/secrets/vnc-key-chocolatebar.pem";
mode = "700";
mode = "400";
owner = psCfg.user.name;
};
age.secrets."vnc-cert.pem" = {
file = "${self}/secrets/vnc-cert-chocolatebar.pem";
mode = "700";
mode = "400";
owner = psCfg.user.name;
};
pub-solar.sway.vnc.enable = true;

View file

@ -6,7 +6,7 @@ let
createService = import ./create-service.nix;
isolateGPU = "rx550x";
handOverUSBDevices = true;
handOverUSBDevices = false;
isolateAnyGPU = isolateGPU != null;
in

View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ config, pkgs, lib, self, ... }:
with lib;
let
psCfg = config.pub-solar;
@ -26,6 +26,10 @@ in
}
];
services.openssh.knownHosts = {
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
};
systemd.user.services.ssh-tunnel-cloud-pub-solar = {
unitConfig = {
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
@ -33,10 +37,27 @@ in
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 cloud.pub.solar";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
Restart = "always";
RestartSec = "5s";
};
wantedBy = [ "default.target" ];
};
services.ddclient = {
enable = true;
ipv6 = true;
domains = [ "backup.b12f.io" ];
server = "ddns.hosting.de";
username = "b12f";
use = "web, web=http://checkip6.spdyn.de/, web-skip=''";
passwordFile = "/run/agenix/dyndns-droppie.key";
};
age.secrets."dyndns-droppie.key" = {
file = "${self}/secrets/dyndns-droppie.key";
mode = "400";
owner = psCfg.user.name;
};
};
}

View file

@ -17,24 +17,26 @@ with lib;
};
config = {
# Enable plymouth for better experience of booting
boot.plymouth.enable = true;
boot = {
# Enable plymouth for better experience of booting
plymouth.enable = true;
# Mount / luks device in initrd
# Allow fstrim to work on it.
# The ! makes this enabled by default
boot.initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
luks.devices."cryptroot" = {
allowDiscards = true;
# Mount / luks device in initrd
# Allow fstrim to work on it.
# The ! makes this enabled by default
initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) {
luks.devices."cryptroot" = {
allowDiscards = true;
};
};
loader.systemd-boot.enable = true;
# Use latest LTS linux kernel by default
kernelPackages = pkgs.linuxPackages_5_15;
# Support ntfs drives
supportedFilesystems = [ "ntfs" ];
};
boot.loader.systemd-boot.enable = true;
# Use latest LTS linux kernel by default
boot.kernelPackages = pkgs.linuxPackages_5_15;
# Support ntfs drives
boot.supportedFilesystems = [ "ntfs" ];
};
}

View file

@ -8,6 +8,7 @@ in
{
imports = [
./boot.nix
./hibernation.nix
./fonts.nix
./i18n.nix
./networking.nix

View file

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.pub-solar.core.hibernation;
in
{
options.pub-solar.core.hibernation = {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether the device can hibernate. This creates a swapfile at /swapfile.";
};
resumeDevice = mkOption {
type = types.str;
default = "/dev/sda1";
description = "The location of the hibernation resume swap file.";
};
resumeOffset = mkOption {
type = types.nullOr types.int;
default = null;
description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file";
};
};
config = {
boot = mkIf cfg.enable {
resumeDevice = cfg.resumeDevice;
kernelParams =
if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true."
else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ];
};
};
}

View file

@ -2,6 +2,8 @@
{
nix = {
# Use default version alias for nix package
package = pkgs.nix;
# Improve nix store disk usage
autoOptimiseStore = true;
gc.automatic = true;

View file

@ -0,0 +1,24 @@
{ config, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.paranoia;
in
{
options.pub-solar.paranoia = {
enable = mkOption {
description = ''
Only offer hibernation instead of screen locking and sleeping. This only makes sense
if your hard drive is encrypted, and ensures that the contents of your drive are
encrypted if you are not actively using the device.
'';
default = false;
type = types.bool;
};
};
config = mkIf cfg.enable {
pub-solar.core.hibernation.enable = true;
};
}

View file

@ -37,22 +37,6 @@ bindsym $mod+Ctrl+r exec record-screen
set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher
bindsym $mod+Space exec $menu
# Set shut down, restart and locking features
set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym l exec swaylock-bg, mode "default"
bindsym e exec systemctl --user stop graphical-session.target, mode "default"
bindsym s exec systemctl suspend, mode "default"
bindsym h exec systemctl hibernate, mode "default"
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return.
bindsym $mod+Num_Lock mode "$mode_vncclient"
bindsym $mod+Shift+Escape mode "$mode_vncclient"

View file

@ -0,0 +1,21 @@
{ psCfg, ... }: ''
# Set shut down, restart and locking features
set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown
bindsym $mod+0 mode "$mode_system"
mode "$mode_system" {
bindsym e exec swaymsg exit, mode "default"
'' + (if psCfg.core.hibernation.enable then ''
bindsym h exec systemctl hibernate, mode "default"
'' else "")
+ (if !psCfg.paranoia.enable then ''
bindsym l exec swaylock-bg, mode "default"
bindsym s exec systemctl suspend, mode "default"
'' else "") + ''
bindsym r exec systemctl reboot, mode "default"
bindsym Shift+s exec systemctl poweroff, mode "default"
# exit system mode: "Enter" or "Escape"
bindsym Return mode "default"
bindsym Escape mode "default"
}
''

View file

@ -2,7 +2,6 @@
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.sway;
in
{
options.pub-solar.sway = {
@ -23,8 +22,8 @@ in
};
};
config = mkIf cfg.enable (mkMerge [
(mkIf (cfg.v4l2loopback.enable) {
config = mkIf psCfg.sway.enable (mkMerge [
(mkIf (psCfg.sway.v4l2loopback.enable) {
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.kernelModules = [ "v4l2loopback" ];
boot.extraModprobeConfig = ''
@ -79,7 +78,6 @@ in
xsettingsd
ydotool
swaylock-bg
sway-launcher
record-screen
import-gtk-settings
@ -90,20 +88,21 @@ in
programs.waybar.enable = true;
#programs.waybar.systemd.enable = true;
systemd.user.services.mako = import ./mako.service.nix pkgs;
systemd.user.services.sway = import ./sway.service.nix pkgs;
systemd.user.services.swayidle = import ./swayidle.service.nix pkgs;
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs;
systemd.user.services.waybar = import ./waybar.service.nix pkgs;
systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs;
systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; };
systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; };
systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; };
systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; };
systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; };
systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; };
systemd.user.services.wayvnc = mkIf cfg.vnc.enable (import ./wayvnc.service.nix pkgs);
systemd.user.services.wayvnc = mkIf psCfg.sway.vnc.enable (import ./wayvnc.service.nix pkgs);
xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; };
xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf;
xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf;
xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf;
xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf;
xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; };
xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf;
xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf;
xdg.configFile."wayvnc/config".text = import ./config/wayvnc/config.nix { inherit psCfg; inherit pkgs; };

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "set color temperature of display according to time of day";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "Actions gestures on your touchpad using libinput";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "Lightweight Wayland notification daemon";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "sway compositor session";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "sway - SirCmpwn's Wayland window manager";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, psCfg, ... }:
{
Unit = {
Description = "Idle manager for Wayland";
@ -9,13 +9,19 @@ pkgs:
};
Service = {
Type = "simple";
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin";
ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \
timeout 600 'swaylock-bg' \
timeout 900 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock-bg'
'';
Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin";
ExecStart =
if psCfg.paranoia.enable then ''
${pkgs.swayidle}/bin/swayidle -w \
timeout 120 'swaymsg "output * dpms off"' \
timeout 150 'systemctl hibernate' \
'' else ''
${pkgs.swayidle}/bin/swayidle -w \
timeout 600 'swaylock-bg' \
timeout 900 'swaymsg "output * dpms off"' \
resume 'swaymsg "output * dpms on"' \
before-sleep 'swaylock-bg'
'';
};
Install = {
WantedBy = [ "sway-session.target" ];

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors.";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "X Settings Daemon";

View file

@ -1,4 +1,4 @@
pkgs:
{ pkgs, ... }:
{
Unit = {
Description = "ydotool - Generic command-line automation tool (no X!)";

View file

@ -13,15 +13,11 @@ with final; {
s = writeShellScriptBin "s" (import ./s.nix final);
sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final);
sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final);
swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final);
toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final);
uhk-agent = import ./uhk-agent.nix final;
wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final);
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final);
# ps-fixes
scan2paperless = writeShellScriptBin "scan2paperless" (import ./scan2paperless.nix final);
drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final);
}

View file

@ -0,0 +1,27 @@
age-encryption.org/v1
-> ssh-rsa kFDS0A
lbrJzpCXpf3BJYL80d2vD/b4raoPnUKV0D9Ka9yKb72W3ATfA/Cqq7vpisHRnwyj
3pt1TfrPzti/8ZKDqY/Zw171jQbOF6zW45z4m8yJu4J1LYXh8yYrTR3YPwhPoGYm
eZJWWj2YghqCFC7vdL/wZFjkStxwBGgrJfNOxJBcXOpUX2TOzfdNAgJ/pEkvdd/L
jktiU5ITt7KXruwSEXRzHVfmntl4SaqDqYfeb0Y0q2a1oMpxTnBKcYXj6dYcZIHv
Lm8HX0JsIiThz/DXB4sP2O5GlGeYyibj2iMSCsCqadwDpUndVtJnzFgjSQD5A0gd
enNTYly3GSmC9TWt/r2VHHyneAnJ3HQKB5hUEqxPz9peemnvfTA89SIGHddmkXfY
XSeN5WJnSG0+WAOwrpJjzl9CgUg9xJS7dDqVob3CwL9oVEQP8FcuuyqCg72ppd4J
fdseq5/R+HuVnh6sEUHoaHEDidHtTrpE2Rd49Tesj/BT+YrJyQ/kQqHmy9RiLU2f
DSRwLO4/qHF6W8UfuF2N08aMxRpxqXPWTjI/vHxoSJRcSqaofF42x50OQU8lY96c
8bPlDPB7HOBg+7bVvOQCaR3+KRuOx+HYpeMwEokQTwCke+frPfXorilNbAcaFUp4
QiU1sUZia/FOZ+j47+6pkfC2DfLpiNL2TLWYcNtIzUc
-> ssh-ed25519 7Wns0A aKiZ8iw+Ub5rByBef0apOn6lG5Bv6tzFCiBu3DN6sSg
58+9kySg3ajO7E5V87b/qRu9axpu2hQUuY/cVTt2YdI
-> ssh-rsa wVtlwQ
RbrfuwS5zQzL9yMWFDSnWj9cQFLirTH37Xf79Dis2CJIDd83vmlmGNY5x1aPpZoZ
J6XDhibGTJc02DYuNVIE1IXm0x9tc6Z9PTT+WiAFt1JuKHguXTWLRMM9HmyvWWDg
bFsRDAcYup+SK5d+ME+XooDGueC822rAjkGIRHNSCimGwuLpDRKqyyVfYA+dcfiP
EoYH7x4S09jYRr1C5EkbraLbm1vijc5ikJw3b42KKbyo3wDwKga+Vk2nl2AtgjZp
KipZlyjs+IjMRXX5IBpgoRtXcvHuidsOSc+guRo0ihF9MbzRc/Tt2g0V7t3KjeT0
SJDLmHOos2RKTmx06aidDg
-> Dz(k-grease ~FF p m)E{J3E
7Igp3pclCAzAmeky5cPqlIzcITT+0jvieQe7ruSxRYRYqpYU7tMQFmHuNUahp+BP
MzOYiM+PIQmn
--- IC9SI76EjaFZxQ5odEeIv49n/O8uOdpM6LE1Z7dtHg4
l%Àu¯¯ÃE„\ÎüÔ ?2\&ÚwG&@¡­W£~9"úŠ^ÊƆý¼Á<>oån^šë<C5A1>㻳xšèOI‡¢uOíò‡21c*ãm¸%ô)ý#”جeõIÙ6îA/i

View file

@ -8,6 +8,9 @@ let
chocolatebar-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINZT3QrKugNTWNOwYziQnxrT5zFqWQDafWjScDuIpMhN root@chocolatebar";
chocolatebar-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= ben@chocolatebar";
droppie-host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDuXuPPDXTyJgy4JRwbKcPbawvVB1Il2neyRWb4O5sJ root@nixos";
droppie-user = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnYTlTmHCl6LOkexqRR9LqjOoFgt9TQ4VzHQGRHJMzF/AGcDRoqC+pBLFSTzRb5/ikAOsb32XHyKVg4nNdJeQshO11QtDmkCB02D/XcIXxnNQ5A8CztT2az5xJtbbWSdamMnHBLcqLiwoLmXbERpdlt8jNqMHrz+bjCUGYVAFSfc/WdIs6EATJ1eF0VFxv7nUh4qhgStABSwhNsnoYOC/DOBSA9aBP1f5Fz9QHUioPTGi2hRwbTbtFUvTrymPpWVFRApa1zvGXcr4YUCm7ia1ZlZKzRpsPkwLxb8Omm4bGmR0cAVwVhVRySnhpCTwbIBLyw+H8PvKWBBba1NAKyMij root@droppie";
allKeys = [
bbcom
@ -31,6 +34,13 @@ let
chocolatebar-host
chocolatebar-user
];
droppieKeys = [
bbcom
droppie-host
droppie-user
];
in
{
"keyfile-biolimo.bin".publicKeys = biolimoKeys;
@ -42,7 +52,9 @@ in
"vnc-cert-chocolatebar.pem".publicKeys = chocolatebarKeys;
"vnc-key-chocolatebar.pem".publicKeys = chocolatebarKeys;
"drone-runner-exec-config".publicKeys = allKeys;
"drone-runner-exec-config".publicKeys = allKeys;
"dyndns-droppie.key".publicKeys = droppieKeys;
"mopidy.conf".publicKeys = allKeys;
}

View file

@ -6,7 +6,7 @@ let
cachix
editorconfig-checker
mdbook
nixUnstable
nix
nixpkgs-fmt
nvfetcher
;

View file

@ -63,6 +63,12 @@ in
MACs = "hmac-sha2-512-etm@openssh.com";
};
};
"laurakirst.de" = {
hostname = "webj4bsux.wh.hosting.zone";
user = "webj4bsux_36qkrk";
port = 2244;
};
};
};

View file

@ -24,6 +24,8 @@ in
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= b12f Yubi Backup"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a teutat3s"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar"
];
};
};